Are agencies like Energy funding quantum technology wisely?
Some technologists are questioning the government’s priorities as agencies like the Department of Energy invest tens of millions of dollars in additional funding in quantum computing.
The National Quantum Initiative Act of 2018 allocated $1.2 billion to three areas: research at the National Science Foundation, standardization at the National Institute of Standards and Technology, and critical infrastructure protection at DOE.
But of the $30 million DOE’s Office of Cybersecurity, Energy Security, and Emergency Response awarded during the last research call, only $3 million went toward quantum key distribution (QKD) — a controversial, 30-year-old technology rooted in the laws of physics.
John Prisco, CEO of QKD company Quantum Xchange, would like to see more of those funds put toward a QKD proof of concept at DOE.
“You could protect critical infrastructure and their [supervisory control and data acquisition] systems using quantum keys,” Prisco told FedScoop.
QKD is arguably the most mature quantum technology to date, sharing secret keys made of light — photon by photon — across optical fiber networks. Each photon is encoded with a one or a zero and, taken as a bit sequence, used in cryptographic protocols.
More importantly from a security perspective, if a hacker attempts to intercept the key, they will disrupt its quantum state. This introduces errors, rendering the key useless and revealing the intrusion.
If quantum computers are an offensive weapon against cryptography, then quantum keys are a defensive weapon and currently “the only actionable system available” to protect communications channels like the one belonging to the FBI that Russia breached in 2010, Prisco said.
Meanwhile, the National Institute of Standards and Technology continues to evaluate 26 candidate algorithms in the second round of its post-quantum cryptography standardization project.
Post-quantum cryptography — the creation of algorithms designed to resist cracking by quantum computing — was hailed as a “more practical and cost-effective” way to secure communications systems from quantum computer attacks in a 2016 white paper from the U.K.’s National Cyber Security Centre.
“QKD might be appropriate for certain high-security applications, but it is very unlikely to ever be widely deployed,” said Dustin Moody, a mathematician at NIST. “The type of crypto that will be deployed is exactly the field of post-quantum cryptography, which is what NIST is focusing on.”
For one thing, modern services typically rely on authentication mechanisms, like digital signatures, that QKD can’t replace. And QKD systems are short-range, point-to-point protocols that don’t integrate easily with the internet or mobile technologies, according to the paper.
NCSC also found QKD hardware “relatively expensive” to obtain and maintain.
“A number of attacks have been proposed and demonstrated on deployed QKD systems that subvert one or more of these hardware components, enabling the secret shared key to be recovered without triggering an alarm,” reads the paper. “Denial of service attacks that interfere with the paths carrying the QKD transmissions also seem potentially easier with QKD than with contemporary internet or mobile network technologies.”
Quantum Xchange boasts the first commercial QKD system, a 1,000-kilometer fiber network from Washington, D.C., to Boston and New York City into New Jersey, activated earlier this year. Clients range from large financial service providers and telecom companies to federal agencies, civilian and intelligence, who are in pilots, Prisco said.
Dark fiber — unused fiber laid by earlier projects to cut costs — has actually been easy to acquire, and Quantum Xchange has patents pending for technology that would reamplify the keys across unlimited distances, he added.
NIST’s plan is to release draft post-quantum cryptography standards in 2022, and no later than 2024, identifying algorithms that will provide security from quantum computers for at least several decades, Moody said.
“We think there needs to be something done right now,” Prisco said.
A classical encryption key is the product of two large prime numbers. To crack it, you have to factor a large number into those two primes. The largest key ever cracked was 768 digits, and 2,048 digits are used now — which would take today’s computers a billion years to break, Prisco said. Quantum computers, like the two the U.S. is building, will speed that process up once they’re powerful enough.
That’s why NIST is basing its forthcoming standards off the estimated availability of large-scale quantum computers, so if data needs to be kept confidential for five years, it will be protected with post-quantum cryptography five years before those computers are available.
Assuming the data China exfiltrated in the 2015 Office of Personnel Management breach was encrypted with public-key crypto, those files will be vulnerable to quantum computer attacks once the nation-state has the technology, Moody said.
“I don’t think they’ve read those yet because they were encrypted, and I don’t think they’ve broken the key yet,” Prisco said.
Instead, nefarious actors steal encrypted data and store it until they can crack it, he added.
But public-key crypto is usually only used to establish a shared key, after which the data is protected with a symmetric-key based algorithm using that key — which quantum computers will have a tougher time with, Moody said.
With China set to outspend the U.S. on quantum technologies, Prisco envisions quantum keys future-proofing data with a long shelf life and post-quantum cryptography’s software-based algorithms protecting classical computers.
“I would say the U.S. is ahead of China in the area of quantum computers. China is definitely ahead of the U.S. in quantum keys,” Prisco said. “This is a lot like the space race in the 1960s. The U.S. cannot afford to come in second on quantum keys.”