The double-edged sword in the fight against cybercrime

This global challenge is anticipated to worsen as the volume and value of data transmitted rises. The impact on society could be catastrophic, with the average cost of a data-breach already surpassing millions of dollars.

Quantum technology is emerging as a revolutionary new threat to data security, but ironically also a solution to better protect it. In this article IDTechEx explores key trends in the quantum communication market, and how physics is offering a truly a double-edged sword in the fight against cybercrime.

The threat of quantum computing

Multiple methods of encrypting data depend on the complexity of factorising large prime numbers. This includes those used for messenger apps and emails, as well as bank accounts, medical records and even government intelligence. Yet prime number factorisation is anticipated to become an exponentially quicker problem to solve using quantum computing. Therefore, as quantum computer capabilities advance, concern is growing on their ability to fundamentally undermine data security.

The day on which quantum computers are shown capable of cracking incumbent encryption is informally referred to as ‘Q-Day’ or ‘Y2Q’. Opinion is split onto the anticipated time left until Q-Day – typically ranging from years to decades. Some headlines even suggest it may already have passed. One on hand this uncertainty is related to the unclear scale up time of quantum computer hardware. Yet there is potentially another relating to national security, with one country potentially unwilling to admit to the other their true progress.

However, consensus is growing that ignoring the quantum threat entirely poses a significant risk. This is driving investment and interest in ‘quantum ready’ cybersecurity solutions – both hardware and software. Beyond the threat from quantum computing, the applications of these ‘quantum ready solution’ are now also being targeted at end-users with long pre-existing data security vulnerabilities. The first wave of resulting disruption has already begun, as we are entering an era of ‘post-quantum cryptography’ (PQC) algorithm adoption. Yet staying entirely safe long-term is anticipated to depend on quantum hardware, including quantum random number generators and quantum key distribution.

The totally random solution

Exchanging virtual secrets depends on the production and exchange of keys. Once two parties have shared a key, it can be used to encode messages which only they can decrypt. In the modern era, random number generators are used to create these keys – whether they be for private or public use. The challenge, however, is that if a key is generated to predictably then the security they offer is compromised.

Classical random number generators fundamentally depend on deterministic processes. For example, whilst a dice roll may offer statistical randomness – the more known about the dice, throw and environment the more predictable the outcome. Quantum physics, however, is full of non-deterministic and truly random phenomena. For example, the number of photons emitted, detected, or deflected by a beam-splitter. Quantum random number generators (QRNG) can harness this property to increase the quality of keys generated for cyber security.

Optical approaches to QRNG on the chip-scape have already been commercialised – and even adopted into the consumer market – with IDQuantique seeing their hardware integrated into a Korean specific model of a Samsung smartphone. However, competition for market share is increasing, with multiple start-ups entering the industry. These players are not only finding success outside of the security industry, for example with gambling and gaming, but are also expecting cryptography market demands to rise as industry standards become clearer.

Going forward, innovation to improve entropy, generation rates and power consumption are set to continue, with these differentiators already prompting some significant stake holder partnerships in 2024, such as Quantum Dice and BT. However, QRNG alone doesn’t offer complete protection from data-hackers, and for this a more complex solution for key distribution may be required.

Quantum key distribution – friend or foe?

It is well understood that quantum states cannot be ‘cloned’, and that the simple act of observation causes quantum properties to change. Therefore, if two parties transmit a quantum state between one another, eavesdropping can instantaneously be detected.

This is the principle behind quantum key distribution (QKD). As with QRNG, quantum states are encoded within photons. QKD transmitter and receiver pairs connected with optical fiber can use combinations of specialist detectors, filters, and algorithms to convert quantum states to an entirely secret key.

QKD has already begun to see some commercial success, with products from IDQuantique and Toshiba used within pilot schemes and metropolitan scale networks. Multiple challenges for this technology do remain. Significant limitations on network scalability to date largely limits the end-users interested to governments and some financial institutions. Cost also remains a barrier to adoption, with installation of transmitter–receiver pairs easily costing more than a million dollars. Yet as global innovation to expand scalability continue, including chip-scale QKD, the addressable markets could expand, particularly in light of trends such as V2X and autonomy in the automotive sector.

In the near term, however, concern is also rising as to the limitations of QKD compared with PQC, at least for near-term protection. The time to transition between cryptography schemes is a multi-year process, and most experts agree that relying purely on QKD now would pose significant risks.

Moreover, outside of the quantum industry, ethical debate about encryption is ongoing; for example, regarding how rights to data access should vary between law-enforcement, government, and social media companies.