Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Quantum key distribution
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Deprecation from governmental institutions == {{See also|Post-quantum cryptography}} Because of the practical problems with quantum key distribution, some governmental organizations recommend the use of post-quantum cryptography (quantum resistant cryptography) instead. For example, the US [[National Security Agency]],<ref name="NSA">{{cite web |title=Quantum Key Distribution (QKD) and Quantum Cryptography (QC) |url=https://www.nsa.gov/Cybersecurity/Quantum-Key-Distribution-QKD-and-Quantum-Cryptography-QC/ |publisher=[[National Security Agency]] |access-date=16 July 2022}} {{PD-notice}}</ref> [[European Union Agency for Cybersecurity]] of EU (ENISA),<ref>Post-Quantum Cryptography: Current state and quantum mitigation, Section 6 "Conclusion" [https://www.enisa.europa.eu/publications/post-quantum-cryptography-current-state-and-quantum-mitigation]</ref> UK's [[National Cyber Security Centre (United Kingdom)|National Cyber Security Centre]],<ref>{{Cite web|url=https://www.ncsc.gov.uk/whitepaper/quantum-security-technologies|title=Quantum security technologies|website=www.ncsc.gov.uk}}</ref> French Secretariat for Defense and Security (ANSSI),<ref>{{Cite web|url=https://cyber.gouv.fr/en/publications/should-quantum-key-distribution-be-used-secure-communications|title=Should Quantum Key Distribution be Used for Secure Communications? | ANSSI|website=cyber.gouv.fr}}</ref> and German Federal Office for Information Security (BSI)<ref>{{cite web | url=https://www.bsi.bund.de/EN/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Quantentechnologien-und-Post-Quanten-Kryptografie/Quantenkryptografie/quantenkryptografie.html | title=Quantum Cryptography }}</ref> recommend post-quantum cryptography. For example, the US National Security Agency addresses five issues:<ref name="NSA" /> # Quantum key distribution is only a partial solution. QKD generates keying material for an encryption algorithm that provides confidentiality. Such keying material could also be used in symmetric key cryptographic algorithms to provide integrity and authentication if one has the cryptographic assurance that the original QKD transmission comes from the desired entity (i.e. entity source authentication). QKD does not provide a means to authenticate the QKD transmission source. Therefore, source authentication requires the use of asymmetric cryptography or preplaced keys to provide that authentication. Moreover, the confidentiality services QKD offers can be provided by quantum-resistant cryptography, which is typically less expensive with a better understood risk profile. # Quantum key distribution requires special purpose equipment. QKD is based on physical properties, and its security derives from unique physical layer communications. This requires users to lease dedicated fiber connections or physically manage free-space transmitters. It cannot be implemented in software or as a service on a network, and cannot be easily integrated into existing network equipment. Since QKD is hardware-based it also lacks flexibility for upgrades or security patches. # Quantum key distribution increases infrastructure costs and insider threat risks. QKD networks frequently necessitate the use of trusted relays, entailing additional cost for secure facilities and additional security risk from insider threats. This eliminates many use cases from consideration. # Securing and validating quantum key distribution is a significant challenge. The actual security provided by a QKD system is not the theoretical unconditional security from the laws of physics (as modeled and often suggested), but rather the more limited security that can be achieved by hardware and engineering designs. The tolerance for error in cryptographic security, however, is many orders of magnitude smaller than in most physical engineering scenarios making it very difficult to validate. The specific hardware used to perform QKD can introduce vulnerabilities, resulting in several well-publicized attacks on commercial QKD systems.<ref>{{Cite journal|last1= Scarani|first1=Valerio|last2=Kurtsiefer|first2=Christian|date=2014-12-04|title=The black paper of quantum cryptography: Real implementation problems|journal=Theoretical Computer Science |volume=560 |pages=27β32 |doi=10.1016/j.tcs.2014.09.015 |s2cid=44504715 |doi-access=free|arxiv=0906.4547}}</ref> # Quantum key distribution increases the risk of denial of service. The sensitivity to an eavesdropper as the theoretical basis for QKD security claims also shows that denial of service is a significant risk for QKD. In response to problem 1 above, attempts to deliver authentication keys using post-quantum cryptography (or quantum-resistant cryptography) have been proposed worldwide. On the other hand, quantum-resistant cryptography is cryptography belonging to the class of computational security. In 2015, a research result was already published that "sufficient care must be taken in implementation to achieve information-theoretic security for the system as a whole when authentication keys that are not information-theoretic secure are used" (if the authentication key is not information-theoretically secure, an attacker can break it to bring all classical and quantum communications under control and relay them to launch a [[man-in-the-middle attack]]).<ref>{{Cite journal|last1=Pacher|first1=Christoph|last2=et|first2=al.|date=January 2016|title=Attacks on quantum key distribution protocols that employ non-ITS authentication|journal=Quantum Information Processing |volume=15 |issue=1 |pages=327β362 |doi=10.1007/s11128-015-1160-4 |arxiv=1209.0365 |bibcode=2016QuIP...15..327P |s2cid=7779977 |url=https://doi.org/10.1007/s11128-015-1160-4}}</ref> Ericsson, a private company, also cites and points out the above problems and then presents a report that it may not be able to support the [[zero trust security model]], which is a recent trend in network security technology.<ref>{{Cite arXiv|last1=Mattsson|first1=J. P.|display-authors=etal|date=December 2021|title=Quantum-Resistant Cryptography|class=cs.CR |eprint=2112.00399 }}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)