I don’t know about you, but the rising quantum computing security threat is something that’s been playing on my mind lately. Every day seems to spew out a news story on what companies can do to encrypt their data now to keep them safe from the quantum cybercriminals of the future, why banks need to take the quantum cyber threat seriously sooner rather than later, or how quantum networking will change the face of the internet forever.
And whilst the quantum computing security threat is very much real, and we DO need to be worrying about it now, all of this scaremongering has been a ripe breeding ground for quantum woo-woo. So many companies are releasing new “quantum secure solutions” when they have no business doing so. It’s clear that some companies are wishing to profit off people’s fear of the quantum cyber threat by providing solutions that aren’t up to par. If you’re not well versed in the world of quantum computing then you could very well fall victim to one of the many bogus solutions out there. Not only will you waste money, but you will also be in a dangerous and unprotected position when the crypto security threat does arise.
To give you a helping hand, in this blog I’m going to share a couple of examples of quantum security solutions that, unfortunately, are not the knights in shining armor they claim to be. I encourage you to take the examples I share and use them as a learning opportunity so when it comes to choosing a quantum/crypto security solution, you can make sure you find the right one for you.
Without further ado, the first paper I came across is from Cambridge Quantum Computing, a world-leading independent quantum computing software company that builds tools with the aim to make quantum technologies commercial in the long term.
According to their website “CQC designs solutions that benefit from quantum computing even in its earliest forms and allow the most effective access to these solutions for the widest variety of corporate and government users.” – Sounds like they know what they’re doing, right?
When I first read the paper, I was intrigued if not impressed. How did they manage to defend the blockchain against the threat of quantum computing? It turns out when you look at it technically, they didn’t. Whilst CQC seems to have a track record for churning out good quantum computing algorithms, they fall short when it comes to dabbling in cryptography and security.
The initial issue I found with CQ’s solution is that it uses a mathematical algorithm described as “Post Quantum Algorithms” as “Quantum-Safe” which is misleading. A mathematical algorithm cannot maintain any integrity in its security against the unlimited computational power of quantum. The only cryptosystems that can meet that standard are AES-256, One Time Pad, and Hashes.
Then we come onto the use of x.509 certificates as a part of the solution making the whole system more vulnerable since they need to be securely maintained which eliminates any notion of privacy. Let’s not forget that compromised x.509 certificates were a factor in many of the recent cyber attacks like Kaseya and Solar Winds! Presently, the primary attack vector is to derive a private key from the public key using Shor’s algorithm in the unprocessed transactions which is then used to unlock and steal money or a digital asset before it’s locked into a block on the Blockchain or DLT system. But adding Post Quantum Algorithms into the mix will not eliminate this risk because they are capable of similar compromise.
And whilst we’re on the subject of PQAs, let’s explore why any crypto security solution that uses PQAs for signatures is something that you’re better off avoiding.
- PQA’s will take a decade to implement. Historically, it has taken us about two decades to deploy our modern public key cryptography infrastructure, and according to NIST, the process of testing and adopting a new algorithm, like PQAs, could take 10+ years! This is just not a rational timeframe for enterprise users to get comfortable with Blockchain.
- PQA’s are not secure. As I’ve already discussed, any algorithm that relies on mathematical systems will eventually be compromised by a quantum attack. It’s inevitable. Government and banking users know that the only way to be secure is to use the globally standardized AES-256 algorithm to find a way to securely distribute their keys.
- PQAs will have huge key sizes. For example, CQC’s paper uses Falcon with level 1 NIST security (which is AES-128 equivalent), however, this is not sufficient for a Blockchain that requires level 5 NIST security (which is AES-256 equivalent). The problem here, however, is that using level 5 NIST security doubles the size of the keys and signatures presented.
- PQAs require a massive amount of processing. The additional processing power required to properly execute a Post Quantum signature algorithm has been demonstrated in several papers as being very significant. To create a PQA key with the equivalent (claimed) key strength of AES-256, for example, would consume 1,732,000 cycles!
It’s worth noting that NIST finalists are predominately lattice-based cryptography which has had a number of successful attacks over many years. The main consequence of lattices is that they are particularly sensitive to the parameters used (think NTRU, which Falcon is based on), which leads us to the conclusion that combining a Blockchain or DLT system with PQA signatures makes it obsolete. What CQC’s paper is proposing by using PQAs as signatures is just not currently supported.
Now that we’ve covered PQAs, what about solving the issue of Quantum Key Distribution over long distances?
Well, it seems that a company called Terra Quantum has figured out a technology that allows quantum cryptography keys to be transmitted over a distance of more than 40,000km through standard optical fiber lines that are already used in today’s telecoms networks. The proposed 40,000km is the circumference of the Earth, which sounds too good to be true, right? I’ll give you a second to let that sink in…
Whilst it is true that currently, quantum cryptography is secure enough to protect against quantum computers, the issue is how quickly the signal decays over long distances. For it to be possible, you need to boost the signal with multiple amplifiers down the entire fiber line – but each one of these amplifiers becomes a weak target where the signal could be intercepted. However, Terra Quantum is claiming that they’ve solved this problem thanks to “long-distance high secrecy optical cryptography,” with the “key element of the proposed protocol being the physical control over the transmission line.”
I’ve got to say, the claims are certainly bold, but when it boils down to it, they are also false.
First off, the need for amplifiers in Terra Quantums’ proposal renders it not QKD, since technically it’s not transmitted in a quantum form, but is actually a very weak pulse of photons. Anyone working or who has an interest in quantum technology will know that quantum information does not survive being transmitted through electronic switches or routers. All it can do is communicate along with a clean piece of fiber between the A end and B end – and that’s assuming the line is clean.
The proposal assumes that through measuring the attenuation of signals that it’s possible to detect an eavesdropper ready to intercept. But, this is all assuming that the fiber cables are in absolute mint condition and will encounter zero variables (of which there could be many) that could prompt a physical reason for attenuation. From cable pressure, changes in temperature-damaged fiber, there are so many variables that could affect the attenuation measurement.
Not only do we have these physical matters to contend with, you’ve also got to consider how impractical the proposed basic physics is. Keeping the QBER stable over short fiber distances is extremely tricky, especially when the errors depend on physical interferences to the fiber such as traffic flows on the roads above the ducts, etc. Trying to separate environmentally-generated noise from n interceptor-generated noise is like trying to pick out one grain of salt from a bowl full of sugar.
Also, we can’t assume that the architecture is quantum-safe. There is no effort made to encode the information in a quantum protocol. The proposed system simply sends pulses of identically encoded photos (like ordinary fiber telecoms), calculates the losses on that fiber, and then sends a signal which is barely detectable. Any losses in the transmission above what’s already been calculated are assumed to be from an eavesdropper which triggers a privacy amplification. There is no security proof here.
Finally, an interesting thing to note is that none of Terra Quantum’s papers have been peer-reviewed, which to me is a big red flag. And it’s telling that the crypto community has already dismissed Terra Quantum as a company that pushes out “a lot of press releases that make exaggerated claims about quantum computers and totally misunderstands post-quantum cryptography.” Yikes.
But, how can you tell if a quantum solution isn’t actually secure? Well, the easy answer is: if it sounds too good to be true, then it probably is. But, the better answer is to dig deep into what the company is offering and see if it is logically possible. Are they making wild unsubstantiated claims? Have they been vetted by a third party? Have they been peer-reviewed?
Ask yourself these questions, be vigilant and continue to educate yourself so you don’t get scammed by bogus quantum security solutions!