• US debuts the world’s first post-quantum cryptography (PQC) standards but alternative, and complementary, quantum-key distribution (QKD) developments abound 
• China has long focused on QKD and now plans worldwide quantum network coverage via satellite
• India is following China’s lead – an agreement on a global post-quantum comms standard is as far away as ever
• Best possible and most likely solution is a hybrid system compromise that uses the best of QKD and PQC

Last week’s post-quantum cryptography (PQC) standards announcement by the US Department of Commerce’s National Institute of Standards and Technology (NIST) has shone a much needed spotlight on next-generation network security requirements, but while the NIST approach is one that has already attracted significant support from the likes of BT, IBM and Nokia, alternative approaches are also well advanced. 

The application of NIST’s three PQC standards will enable any organisation to repel attacks made by quantum computers against digital security defences: They are designed to run on standard IT systems but are claimed to be of such immense complexity as to be practically unbreakable, even by a future quantum computer – see NIST issues first three quantum-secure encryption standards.

However, there is more than one way to skin a Schrödinger's cat, and the development of other quantum-secure cryptographic algorithms and systems continues apace, particularly in the field of quantum key distribution (QKD).

QKD is a secure communication methodology of producing and exchanging encryption keys that are known only to two shared parties: It is based on a fundamental property of quantum physics whereby entangled qubits – a qubit, or quantum bit, is the basic unit of quantum information – store information with such a guaranteed level of security that any attempt by a third party to breach it is instantly detected. It is an immutable fact that any interference affecting a quantum system results in instantaneous, irreparable anomalies that de-cohere the quantum state and thus a communication is immediately aborted. Furthermore, it is impossible to copy or clone an unknown quantum state.

A photon is the ‘quantum’ or fundamental, massless particle of electromagnetic radiation that always moves at the speed of light as measured in a vacuum. In QKD, photons are transmitted over fibre optic cables. Because it has not been measured, each photon is in a random quantum state and arrives at a destination as a stream of ones and zeros (or qubits). On arrival at the receiving endpoint of the transmission, a photon is passed through a beam splitter that forces it to take one path or another into a photon collector: The receiver then responds to the original sender with data showing the sequence in which the photons were sent, and the sender compares that data with the emitter which sent each photon. Photons in the ‘wrong’ beam collector are ignored but the remaining bit sequence can then be used as a data encryption key.

China and Russia collaborating on experimental, international ‘full cycle’ quantum comms system

The concept of QKD was first outlined in 1977 by scientists at Colombia University in New York and the notion of basing QKD around quantum entanglement emerged in 1990. Since then, development work on the technology has been underway in various parts of the world and, unsurprisingly given the geographical spread of the research and the strategic importance of QKD to the governments and agencies of different nation states, diverse solutions are being pursued and different standards proposed: This does not augur well for the emergence of an internationally agreed global standard for digital communications any time soon.

Indeed, QKD is being developed and refined in Europe, North America and India, as well as in Southeast Asia, Russia and other countries. However, to date, the runaway leader of the QKD pack is the People's Republic of China (PRC). With its long-term, and very well funded, ambitions in all digital communications technologies and computing, China has been investing in the development of QKD (and quantum computing) from their very beginnings.

It is no coincidence that China decided to go its own way with QKD as the foundation of its quantum technology strategy when it became apparent that the US was putting a tight focus on PQC and less attention to QKD. It is claimed that QKD is, and will continue to be, uncrackable, but some scientists say that, theoretically, it might be breached at some time in the future, though it is not known how or when that might happen.

The PRC is striving to gain unique technological ascendance in all things quantum and its determination to do so with QKD is characterised by plans to enable global quantum-safe network coverage using QKD systems loaded onto MEO (medium-earth orbit) and HEO (high-earth orbit) satellites. According to the China National Space Administration, the first MEO quantum satellite of what will eventually become a constellation, will be launched in 2026.

China also has an experimental 2,000km-long QKD-secured terrestrial network that stretches between Beijing and Shanghai but it is not robust enough to carry commercial traffic in guaranteed security. The technology works, but every 100km or so the signals have to pass through more than 30 “trusted nodes” on their way to the recipient. The trusted nodes actually measure the signal, agree its parameters with the previous node and then regenerate the signal and pass it on. What’s more, the trusted nodes are housed in ultra-secure sites including army and air bases and deep within government communications labs – fine for experimentation but hardly ideal for public networks.

In January this year it was announced that Chinese and Russian scientists had successfully collaborated to establish ‘full cycle’ quantum communications over 3,800km between a ground station on the outskirts of Moscow to another in Urumqui in the Xinjiang autonomous region of northwestern China via one of the PRC’s QKD-enabled satellites, dubbed Moxi, which has been in orbit since 2016.

India plans to overtake China on QKD and lead in the development of the global quantum internet

Meanwhile, India, which is now the world’s most populous country and is rapidly emerging as a direct rival to China both economically and technologically, has its own ambitions in QKD and is whittling away at the PRC’s lead in the quantum field. 

India’s National Quantum Mission, as specified in 2023 by the Indian government’s Department of Science and Technology, is dedicated to the development of ‘Digital India’. The current programme runs until 2031 and its immediate focus is on the development of indigenous quantum computing algorithms “to ensure that India does not rely solely on imported technologies and develops a robust internal ecosystem,” but also includes R&D efforts related to quantum-secure networking as well as other developments. 

Speaking as India’s representative on World Quantum Day, 2024, which was held in April this year, Professor Urbasi Sinha, head of the Quantum Information and Computing Laboratory at the Raman Research Institute, which is located in the tech-centric city of Bengaluru, stated: “We are aiming to have a country-wide free space quantum key distribution (QKD) network by using a satellite as a trusted node as well as a fibre-based QKD network. We will also make advances towards multi-node quantum repeater networks for entanglement distribution-based quantum communication. Going forward, India envisages being a lead player in the quest towards the global quantum internet, which would involve connecting India with other countries through quantum communication links.”

India already has an experimental 200km QKD network and plans to extend that to 1,000 km with the eventual intent to link far-flung cities across the sub-continent. Currently, though, as with China, the prototype Indian network is based on “trusted node” repeaters. In addition to official agencies, such as the Indian Space Research Organisation, the government is also encouraging private enterprise to undertake R&D into QKD. One such company, QuNu Labs (also based in Bengaluru), is developing the radically different ChaQra hub-and-spoke QKD networking solution.

Elsewhere, European technology specifications giant ETSI, the ISO (International Organisation for Standardisation), the IEC (International Electrotechnical Commission) and the New York City-based Institute of Electrical and Electronics Engineers (IEEE) are all developing specifications or blueprints/models, or undertaking research, into QKD.   

Meanwhile, in the US, a recent report, Quantum Key Distribution (QKD) and Quantum Cryptography (QC) from the National Security Agency (NSA), concludes: “Quantum key distribution is only a partial solution” to the problem of post-quantum cryptography and enumerates the reasons why the US continues to keep QKD on the back-burner. The first is that QKD does not provide a means to authenticate the source of a QKD transmission while “the confidentiality services QKD offers can be provided by quantum-resistant cryptography, which is typically less expensive with a better understood risk profile.” 

Furthermore, QKD “requires special purpose equipment because it is based on physical properties, and its security derives from unique physical layer communications. This requires users to lease dedicated fibre connections or physically manage free-space transmitters. It cannot be implemented in software or as a service on a network, and cannot be easily integrated into existing network equipment. Since QKD is hardware-based it also lacks flexibility for upgrades or security patches,” added the NSA.

According to the report, other drawbacks of QKD are that it “increases infrastructure costs and insider threat risks because of the current need for trusted nodes and relays which entail additional cost for secure facilities and higher security risk from insider threats. Securing and validating quantum key distribution is a significant challenge” and “the specific hardware used to perform QKD can introduce vulnerabilities that increase the risk of denial of service attacks.” Apparently, there have been several such attacks on commercial QKD systems, hence the historical US preference for PQC solutions. 

Of course, over the years many communications technologies have had their development and uptake delayed and skewed by rival technical standards that have emerged in different parts of the world, such as the television standards that pertained in Europe, in France, the UK and Russia and, more recently by the standards battles that marred the early days on mobile telephony.

With PQC and QKD there is a growing groundswell of scientific opinion that the best future solution for truly secure quantum-safe networking will be a compromise hybrid model where QKD will be the source of the security of data whilst PQC will provide the necessary scalability: You know it makes sense.