What is this "quantum cryptography" you keep hearing about?
Spoiler alert - it doesn't exist!
I started off writing about “quantum myths”, but once I got into the subject I realised there are a lot of them - several articles’ worth! However, to get started I thought I’d look at something that actually isn’t even quantum.
Recently I’ve heard various organisations talk about their plans to implement “quantum cryptography”. This appears to refer to plans to roll out “Post-Quantum Cryptography” (PQC). For the uninitiated, PQC1 is a set of new encryption algorithms, expected to be resistant to attack by a quantum computer - which can therefore be used to replace those algorithms we currently use that are expected to be broken by a quantum computer.
However, there’s actually nothing quantum about PQC (except the middle word) - it simply consists of different maths that can be run on today’s classical computers. This is a good thing, because it means that organisations can get on and implement it today. It doesn’t depend on any fancy quantum hardware that might be still at an early development stage, expensive and/or scarce. Although we don’t when the quantum threat to some current encryption algorithms will actually materialise, now is the time for organisations to start planning where they need PQC and starting to implement it on the highest priority use cases.
It’s therefore great that these organisations are getting started with PQC, but claiming this is somehow “quantum cryptography” is wrong. Implementing PQC won’t turn their networks into “quantum networks”, and the companies that are providing PQC products aren’t actually quantum technology companies2.
There are some quantum technologies that have been proposed to help in implementing post-quantum encryption solutions. One is quantum random number generators to generate encryption keys, and the other is quantum key distribution as a way of distributing encryption keys in a way that can guarantee no-one other than the intended recipient has see them. However, in such schemes the actual cryptography itself s still classical - using these keys as part of traditional encryption schemes on a classical computer.
If we did really have quantum cryptography, I think this would involve converting the classical data to be encrypted to some quantum states, probably using a quantum computer to perform some operations on these states to encrypt them, before transferring them to somewhere that reverses these operations. I have seen a couple of very early stage research papers discussing the concept, but I can’t really see a rationale for it, it would require a lot of specialised hardware that probably doesn’t exist yet, and would probably be slow and expensive.
So next time you hear someone talking about quantum cryptography, feel free to correct them and point them to this article for an explanation!
Some people use the term “Quantum Resistant Cryptography” (QRC) to mean the same thing; technically QRC might be more accurate as we are not waiting until after quantum computers arrive, but PQC seems to have gained much more usage generally, so I’ll use that here.
Although I might have some sympathy with anyone using such “quantum-washing” of their terminology in order to get executive buy-in and funding.
Didn't expect this clarity on the PQC distinction, it realy makes me wonder what other similar misconceptions are out there, and I appreciate your insightful breakdown of the topic.