Attack, counterattack, counter-counterattack. Both cybercrime and their countermeasures evolve in equal pace, as developments in one force a proportionate response in the other.
This tit-for-tat can be enormously frustrating for companies that rely on robust cybersecurity measures—banks, public utilities, law offices, governments, and the like. They’re seeing the “Red Queen effect” in action: “it takes all the running you can do,” the Red Queen says to Alice in Wonderland, “to keep in the same place!”
According to international police coordination agency INTERPOL, the exponential increase of cybercrime requires organisations to upgrade their methods for managing sensitive information. And as with Alice in Wonderland, you need to run even faster to make even the slightest difference.
“Cybercrime is constantly evolving,” explained Craig Jones, INTERPOL’s Director of Cybercrime. “The COVID-19 pandemic has accelerated digital transformation, which has opened new opportunities for cybercriminals.”
To break the Red Queen Effect in cybersecurity, experts need a solution that can decisively counter cyberattacks, not by increments but comprehensively. Hope in this area lies in Quantum Key Distribution (QKD): a technique that uses quantum physics to generate a cryptographic key, working in conjunction with encryption techniques like a one-time pad to secure the transmission and retrieval of data.
Figure 1 - Cryptography depends on the use of encryption keys
QKD is only the latest chapter in the 4,000-year history of cryptography, or the use of code to protect information and communications from unauthorised readers.
Cryptography uses encryption keys: a piece of information (usually a string of numbers or letters) that passes through a cryptographic algorithm to turn plaintext into unreadable ciphertext, and vice-versa. (See Figure 1.)
Encryption techniques depend on the security of the key being used. Public-key cryptography methods (Diffie-Helman, RSA, Elliptic Curve etc.), for example, use extremely difficult mathematical operations to create ultra-secure encryption keys. In RSA, this is applied using the division of large prime numbers.
Unfortunately, such methods are not impossible to crack; within decades, quantum computers may develop the computing power to break even hard-to-crack 2048-bit RSA encryption in a matter of hours.
QKD avoids this problem by depending on quantum physics, not maths, to generate and share an encryption key. Quantum physics works on an ultra-tiny, sub-atomic scale where normal physics doesn't apply.
Consider a key principle in quantum physics: Heisenberg's uncertainty principle. “Uncertainty” refers to how a quantum particle’s momentum and its position in space cannot both be known at the same time—because any attempt to measure one will unavoidably disturb the other!
To generate a cryptographic key in QKD, polarised light particles (photons) are encoded into quantum bits, or qubits—a coherent superposition of 1 and 0 that can encode more information than ordinary, binary-based bits, and are then transmitted over a fiber-optic cable, or through free space,
The information in each qubit is determined by photon states like polarisation or phase; in the simplest QKD implementation, a laser generates a series of single photons with different polarisations, and at the receiver’s end, the polarisation will be measured to determine the cryptographic key.
This is where Heisenberg’s uncertainty principle kicks in. Any unauthorised interception of the photon stream will disturb the signal; when this is detected, users are alerted that the key has been compromised and must be discarded—forcing them to generate a new key.
But if the session is secure, the unperturbed photons can generate the cryptographic key that both the sender and receiver will use to encrypt and decrypt the plaintext. Because the randomness of the keys are generated by quantum physics, they are completely secure from hacking attempts.
The first commercial applications for QKD appeared in early 2000s; a QKD-protected bank transfer was demonstrated in Vienna in 2004, and quantum cryptography was used to safeguard the results of the 2007 Swiss national elections.
As the technology improves, QKD can be applied wherever there’s a need to protect high-value data communication from interception or cyberattacks.
Banks, for instance, might use QKD to generate keys for security applications like digital signatures, authentication, and access control. This will prevent the “skimming” of credit cards, or ensure the integrity of online banking and/or shopping transactions.
QKD helps banks heighten the protection of sensitive client and proprietary information, while also ensuring that data remains available for transactions on a real-time basis.
Government, on the other hand, can use QKD to protect installations or operations essential to national security. Malicious attacks on power grids, for instance, can be prevented by using QKD to secure and sync communication channels. And as we saw in an earlier example, election integrity can be guaranteed with the use of QKD-enabled uncrackable encryption techniques.
Current technology limitations may hold back the adoption of QKD. Right now, QKD is expensive to implement, with the cost of its delicate transmitters and receivers not quite able to justify the relatively low key rate.
And because quantum signals degrade after traveling a certain distance (sometimes only as far as 100 km), the current state-of-the-art requires trusted nodes to forward QKD keys for longer distances. These nodes, however, may be vulnerable to attack.
These challenges are not insurmountable. Quantum scientists worldwide are finding elegant solutions to these formerly intractable problems. For instance, a team in China completed a quantum network with over 700 optical fibers on the ground with two ground-to-satellite links—transmitting quantum keys for a total of 4,600 km!
Singapore is a critical global node for telecommunications, data centers, and cloud connectivity—a natural result of its role as a global hub for financial applications. Just as naturally, Singaporean research labs have become world leaders in QKD research.
Singaporean scientists are also cooperating with international standards organisations, like the International Organization for Standardisation (ISO) and the International Telecommunication Union (ITU), to establish QKD standards that ensure future interoperability of quantum communication networks.
Some QKD achievements by Singapore researchers include testing QKD over increasing distances on fibre networks; developing nanosatellites that transmit quantum entangled signals through space; and building a QKD protocol that achieves a record speed of 26.2 megabits per second over 20 km of optical fibre.
Building on this expertise, the Quantum Engineering Programme (QEP) hosted by the National University of Singapore (NUS) is engaged in research that solves QKD’s technical challenges, helping to bring it closer to the mainstream. QEP was launched in September 2018 to translate quantum science into industry-ready solutions.
T-Systems has become a trusted partner of the NUS and QEP in its ongoing mission. The company is involved in certification activities that help facilitate the approval and deployment of QKD systems.
As QEP and other quantum research institutions worldwide make headway on QKD’s technical issues, a point will be reached where QKD will be both powerful and cost-effective—spurring widespread adoption wherever data needs to be secured.
Estimates vary on the future value of the global quantum cryptography market, ranging from Markets and Markets’ estimated value of $214 million by 2025; to Toshiba’s estimate of $12 billion by 2031. Gartner predicts that by 2023, 20% of all organisations will budget for quantum projects as a matter of course.
What’s certain is this: through its partnership with QEP, T-Systems will continue to push the boundaries of quantum communications, helping broaden the use of QKD across industries, and securing critical data in Singapore and the rest of the world.