Quantum technologies—including quantum computing, ultra-sensitive quantum detectors, and quantum random number generators—are at the vanguard of many engineering fields today. Yet one of the earliest quantum applications, which dates back to the 1980s, still appears very far indeed from any kind of widespread, commercial rollout.
Despite decades of research, there’s no viable roadmap for how to scale quantum cryptography to secure real-world data and communications for the masses.
That’s not to say that quantum cryptography lacks commercial applications. Quantum crypto, which uses delicate quantum states of individual photons to transmit information that cannot be accessed without detection, is a niche industry today. A handful of companies now operate or pay for access to networks secured using quantum cryptography in the United States, China, Austria, and Japan.
According to a recent industry report, six startups plus Toshiba are leading efforts to provide quantum cryptography to governments, large companies (including banks and financial institutions), and small to medium enterprises. But these early customers may never provide enough demand for these services to scale.
“There are very high security players… but there are so few of them,” says Prem Kumar, professor of physics and electrical and computer engineering at Northwestern University. “The vast majority of people… don’t really want to pay anything [for their cryptography]. So it’s one of those Catch-22s. You can’t bring the cost down by heavy-duty engineering, when the user set is so small.”
From a practical standpoint, then, it doesn’t appear that quantum cryptography will be anything more than a physically elaborate and costly—and, for many applications, largely ignorable—method of securely delivering cryptographic keys anytime soon.
This is in part because traditional cryptography, relying as it does on existing computer networks and hardware, costs very little to implement. Whereas quantum crypto requires an entirely new infrastructure of delicate single-photon detectors and sources, and dedicated fiber optic lines. So its high price tag must be offset by a proven security benefit it could somehow deliver—a benefit that has remained theoretical at best.
This is not how the story was expected to play out.
“To me (quantum cryptography) seems like a solution to a problem that we don’t really have.”
—Ben Perez, Trail of Bits
In the 1980s and ‘90s, quantum physics appeared poised to deliver the ultimate punch and counterpunch to conventional, math-based cryptography. Quantum computers were on the road to defeating conventional, public-key crypto algorithms like RSA.
But, quantum physics would also, it was thought, come to the rescue. Quantum cryptography offered a physics-based crypto system that might replace mathematical cryptography, which otherwise would be in deep trouble in a world of crypto-defeating quantum computers.
Math may get the last laugh, though. An emerging subfield of mathematics with the somewhat misleading name “post-quantum cryptography” now appears better situated to deliver robust and broadly scalable cryptosystems that could withstand attacks from quantum computers. (Post-quantum crypto, in fact, has nothing to do with quantum cryptography. It’s about developing conventional, mathematical cryptography that cannot be solved by quantum computers.)
“To me [quantum cryptography] seems like a solution to a problem that we don’t really have,” says Ben Perez, security engineer at Trail of Bits, a New York City-based cybersecurity firm. “I don’t see quantum cryptography being a game changer going forward.” (Perez has written a post-quantum crypto explainer that engineers interested in the future of cybersecurity may want to peruse.)
That said, Trail of Bits CEO Dan Guido says even speculative post-quantum crypto implementations are far ahead of where many commercial clients are today.
“I don’t think this is on a lot of people’s radars, and I don’t think it needs to be,” Guido says. “I think they’re correct in kind of ignoring it. It’s really the domain of a group of specialized experts right now. Most of our clients come to us, and they have trouble tying their shoes. There’s very few of them that are ready to run a Ninja Warrior race—and are in such good condition as to worry about threats that may or may not become apparent on a 30-year time horizon.”
Even if companies were ready to adopt it today, quantum cryptography is nowhere near capable of scaling to supplant traditional crypto’s essential role in commerce, finance, banking, government, business, and Internet operations, says Lee Bassett, assistant professor of electrical and systems engineering at the University of Pennsylvania.
“Quantum cryptography is not going to replace classical cryptography anytime soon,” Bassett says. “There just so far to go technologically until we can even provide the sort of networking backbone that’s needed.”
However, he adds, the same quantum cryptography systems under a different name may well be crucial to some of the next steps needed to roll out future quantum computers.
“The same technologies that will allow you to do [quantum crypto] will also allow you to build networked quantum computers,” Bassett says. “Or allow you to have modular quantum computers that have different small quantum processors that all talk to each other. The way they talk to each other is through a quantum network, and that uses the same hardware that a quantum cryptography system would use.”
So ironically, the innards of quantum “cryptography” may one day help string smaller quantum computers together to make the kind of large-scale quantum information processor that could defeat… you guessed it… classical cryptography.
In which case, “post-quantum cryptography” had better be ready. Because this time, the physicists may really mean it.
An abridged version of this post appears in the October 2019 print issue.