7.28.22

Going Beyond the Limitations of Quantum Key Distribution (QKD) with Qrypt

Contributors:
Denis Mandich
Category:
Blog Post

QKD origins and how it works

The concept of Quantum Key Distribution (QKD) originated in the late 1960s, but it wasn’t until the 1980s when various scientists and researchers started exploring the protocol as a potential secure communication method for exchanging encryption keys. The idea is that one party (Alice) uses quantum states of light (photons) to send a series of 1’s and 0’s over a quantum communication channel, polarizing each bit using one of two bases randomly selected, such as vertical or horizontal, or 45 or 135 degrees. Since the receiving party (Bob) doesn’t know the choice of basis in advance, he must guess and perform a measurement, also at random. Bob and Alice’s choices will agree 50 percent of the time. Afterwards, Bob tells Alice over a classical channel (i.e., the internet) the different bases he chose for measurements and Alice lets him know the bases she chose to send.

 

Both Alice and Bob only keep the results of where Bob’s measurements match Alice’s choices, resulting in a random string of saved bits that can then be used as cryptographic keys at both endpoints in a way that is independent of data to be encrypted. If Eve attempts to eavesdrop on this quantum channel, she will have to perform a measurement on each bit sent. This is immediately statistically detectable by Bob and Alice.

 

However, to avoid detectable patterns and bias an eavesdropper might use to exploit the communications, both Alice and Bob need to use a quantum random number generator (QRNG).* Alice needs one to generate the arbitrary state of her choices for how she polarizes each bit and Bob needs one to generate the bases for how he measures each bit he receives. When Alice and Bob’s QRNGs make the same choice for a bit of transmitted information, their numbers will match perfectly. The bits that don’t match are discarded since they’ll disagree 50% of the time and are therefore useless.

 

Challenges of QKD

In essence, QKD simply distributes point-to-point information from QRNGs using the quantum physics of light. Its security is guaranteed by the laws of physics. However, it has strict limitations on distance and other restricting factors making it extremely difficult, if not impractical, to successfully implement.

 

Having been envisioned as a trusted node network before the internet and cloud achieved today’s scale, QKD was never intended to be the basis for a quantum internet. It relies on dedicated runs of unshared, unspliced, and unrepeatered fiber that is basically limited to less than 50km for reasonable rates. This becomes a very expensive requirement, even if high speed quantum memory and quantum repeaters can ever be built.

 

To address the limitations of fiber, some propose implementing QKD via satellite. However, this too has a significantly high expense, as well as being subject to weather and various environmental factors that can negatively impact free-space optical communication.

 

The bottom line is that for QKD to be a viable option, the classical channel required by QKD needs to be able to use standard low-cost communications infrastructure without the requirement of dedicated fiber or satellites.

 

Moving beyond the limitations of QKD

Recognizing the significant limitations and barriers to successful QKD implementation, Qrypt has developed an alternative solution based on the work of highly renowned cryptographer, Yevgeniy Dodis. Where QKD is really only focused on one subset of the quantum security challenge—trying to solve for key distribution that mitigates man-in-the-middle risks—Qrypt delivers a larger piece of the puzzle by providing a complete quantum encryption solution.

 

First, Qrypt enables multiple parties to achieve quantum key agreement at multiple nodes in a quantum secure and viable way by completely eliminating the need to even transmit keys. Since no encryption keys are transmitted, there’s no risk of interception or man-in-the-middle attacks. The Qrypt BLAST protocol enables parties to independently and securely generate identical symmetric keys and one-time pads at multiple endpoints, eliminating cost, distance limitations, and other difficulties associated with QKD solutions.

 

Our BLAST protocol achieves this in concert with Qrypt’s Entropy technology, powered by multiple high-rate QRNG appliances in the cloud that leverage multiple, diverse sets of high-quality quantum phenomena sources to extract truly random numbers. Not only does it guarantee true random numbers required for quantum cryptography, but it makes them securely accessible from anywhere with an internet connection at speeds many orders of magnitude higher than QKD.

 

In essence, the Qrypt technologies work together to securely orchestrate key agreement between two parties by letting them initiate a session to agree on a set of cloud-based QRNG appliances they want to use and then sample (download) the same set of unique random strings from each server, which they identically combine at their endpoint. Finally, the parties exchange cryptographic extractor parameters to bring the sampled pools of random down to a much smaller key.

 

In this process, the cloud provider has no knowledge of the final key and eavesdroppers can’t intercept any keys because they were never distributed. And because we use different channels for each step, the key is completely decoupled from the data it encrypts, providing a trust-no-one model, eliminating single points of failure, and cost effectively defeating harvest now and decrypt later attacks.

 

Of course, Qrypt implicitly assumes the monitoring, collection and compromise of multiple channels. But that doesn’t matter. Qrypt enables parties to achieve a level of quantum security not previously possible, while leveraging an always-on internet. Even in the extreme example of all inputs and outputs of a device being captured, Qrypt successfully meets the standards of post-quantum cryptography (PQC) security in a trusted and viable manner that can be implemented today.

 

 

*A deterministic process, whether a mathematical function or software algorithm, cannot produce a random number. Quantum security cannot be achieved without a physical source of entropy and cannot be measured by statistical analysis. Historically, the term itself is borrowed from a description of physical phenomena, not a property of number sequences.

 


 

To learn how Qrypt quantum security goes beyond the limitations of QKD to deliver cost-effective, scalable, and everlasting quantum security that’s available today, click here to get started.