|
|
|
|
|
|
by grobclaw
1554 days ago
|
|
|
Correctly implemented QKD gives you key distribution without assumptions about how difficult certain mathematical problems are in relation to how much compute your adversary has. Key distribution is nowadays done with assymetric cryptography, so QKD can replace some assymmetric cryptography. You can also have authentication (Wegman-Carter) with symmetric keys. What's not quite clear is how you would do certificates and PKI. However, given key distribution, you could probably use symmetric keys for that as well. It's unlikely that your adversaries can decrypt your traffic right now (break things like RSA). However, advances in number theory and/or computing power might enable them to do that in the future. Your adversary can just record your encrypted traffic and wait until the means to decrypt it become available. Thus, for data that has to stay secure for a long time (and where you want to be as sure as possible that it will) it's not good to rely on predictions into the future about advances in number theory or computing. This is the niche that QKD is aiming at. For what it's worth, China has a huge QKD network, which cost them a lot of money. Their QKD satellite also cost a lot of money. They are in fact world leaders in quantum communication technology as well and spend a lot on researching it. I wonder why they made this investment, whether it was smart, and what they get out of it. I also have doubts that QKD will see much use in the coming decades and even more doubts that its use will be done properly and actually make a lot of systems more secure. Securing systems is very hard and securing individual communication links (what QKD does) is not the main problem. In the current landscape, securing your data and communications to a reasonable level just isn't worth it for the vast majority of buisnesses, since they can offload most of the damages of being breached to their customers. There is a danger that QKD will be seen as "magic fairy dust" that you sprinkle over your systems just to claim you're trying very hard to secure them (this image is still widespread about standard cryptography as well). |
|
|
Messages sent using classical crypto should be viewed as being public after an unknown delay. They can be decoded at your adversary's leisure with techniques and equipment invented in the future.
Quantum cyrpto must be broken immediately to be broken at all.
If what you are encrypting is, for example, credit card information, it's perfectly fine if that becomes public in a decade. Your information will have changed.
If what you are encrypting needs to remain secret for the next fifty years, do not use classical encyrption and a public channel. It may well be made public while the information is still sensitive. This is why QKD has some early adopters. It's the only long-term secure alternative to having people carry one time pad's back and forth in suitcases full of hard drives, which has its own security issues.