A Qubit of Solace: How QKD Systems Defend Against Future Cyberattacks
Every industry is on high alert when it comes to cyberattacks, and rightly so. A cyberattack can halt business, add unexpected costs to mitigate, damage a company’s reputation and more.
Cybercriminals can take many forms: They may steal your credentials; they may pilfer personally identifiable information, or they will cut to the chase and directly threaten your bank and investment accounts. And no sector or individual is immune to the threat of a cyberattack, but it seems recently that the focus has been geared toward the financial sector and, in particular, on obtaining cryptocurrency.
Permanently securing the blockchain has, to date, proven to be unattainable. A recent report from Chainalysis on cryptocurrency crime trends found that $14 billion in cryptocurrency was sent to illicit addresses in 2021, nearly double the figure seen in 2020. Today, securing networks and customer data traversing those networks, which increasingly includes blockchain networks, is top of mind. However, organizations concurrently focus on tomorrow’s threats as well; prime among those future threats is the concept of quantum computing attacks.
Qubits Versus Binary: Quantum Computing at a Glance
Quantum computing leverages the principles of quantum mechanics–a world in which particles can exist in more than one state at a time–to solve the most complex problems quickly. Futurist Bernard Marr sums it up best for the layperson:
“Instead of bits, which conventional computers use, a quantum computer uses quantum bits—known as qubits. To illustrate the difference, imagine a sphere. A bit can be at either of the two poles of the sphere, but a qubit can exist at any point on the sphere. So, this means that a computer using qubits can store an enormous amount of information and uses less energy doing so than a classical computer. By entering into this quantum area of computing where the traditional laws of physics no longer apply, we will be able to create processors that are significantly faster (a million or more times) than the ones we use today.”
The financial industry will greatly benefit from quantum computing. There is an abundance of high-complexity financial use cases that can be solved more efficiently and accurately with quantum computing. JP Morgan Chase, for instance, has produced new quantum algorithms for use cases such as portfolio optimization, option pricing, risk analysis and numerous applications in the realm of machine learning, ranging from fraud detection to natural language processing.
On the flip side, quantum computing can also be used to try to break through the most robust of defenses, repeatedly testing a defense in an effort to break through. While full-scale quantum computing is not here yet, it is at least on the foreseeable horizon, and, with it comes the concurrent threat of quantum computing attacks. However, with regard to the latter, quantum techniques can also be applied to help defend against such attacks.
The Emergence of QKD
Quantum key distribution (QKD) is a technique for secure communication that enables two parties to produce a shared random key known only to them, which can then be used to encrypt and decrypt messages. QKD is provably secure against an eavesdropper attempting to copy the secret key, and since it does not rely on public-key techniques, removes many attack threats posed by quantum computers against the key exchange. The QKD security benefits are rooted in the laws of quantum physics.
The principle behind a QKD system involves using the measurement of individual photons transmitted through a fiber optic channel to generate shared secret keys that are exchanged and synchronized by a pair of QKD servers. These keys are then used by cryptographic algorithms to encrypt and decrypt the information. The main security benefit behind QKD is the ability of the two communicating parties to detect any attempt to read the quantum state of a photon while it is in the fiber via eavesdropping techniques. Immediately knowing that security has been compromised enables the QKD servers to take appropriate action, including aborting the information exchange, creating a new secure key, routing the information over a different secure link or purposely spoofing the eavesdropper with faulty information.
From a financial services perspective, QKD can be used to securely exchange information in a wide variety of use cases including portfolio optimization, option pricing, risk analysis and numerous applications in the realm of machine learning, ranging from fraud detection to natural language processing. It may also prove to be the answer the cryptocurrency world has been looking for to help improve the security of blockchain applications.
Preparing for Tomorrow’s Attacks Today
Now, we should couch this by acknowledging that the world is many years away from seeing mass-scale quantum computing attacks. As of today, quantum computers still have relatively high error rates, and their computational power is generally limited to niche applications. But the trend line is certainly traveling in the upward direction with regard to more widespread use. For instance, IBM has recently made quantum computing available in the cloud and the Japanese government is looking to accelerate development of quantum computing by pushing for additional domestic quantum computers to be up-and-running by March 2023 with plans to establish four quantum research centers across the country.
However, the technology needed to enable a QKD network resistant to attacks that can secure mission-critical applications is actually in trials today. What’s required? You’ll need a QKD system that can be combined with a high-capacity optical encryption solution.
Thus, the technology to enable QKD exists as we speak, even though we aren’t quite ready to welcome quantum computing into the mainstream just yet.
When quantum computing does inevitably become more commonplace, a new wave of cyberattackers keen to leverage its incredible problem-solving speed and accuracy will come along with it. QKD is one of the more promising techniques that may play a vital role in defending infrastructure against this next generation of quantum-enabled hackers.
