Quantum Key Distribution as a Mainstay in Quantum-Safe Security: A Fine Balance

BT Group, Toshiba, and Equinix have announced a new partnership, collaborating to bring point-to-point, quantum-secure connectivity to data services in the United Kingdom and protect critical information against future quantum attacks. Relying on Quantum Key Distribution (QKD), the parties will provide Quantum Keys-as-a-Service, securing user data in transit along BT Group and Toshiba’s quantum-safe metro network, first launched in 2022. This network connects Equinix’s data centers in Slough and London’s central business district, Canary Wharf, via optical fibers. As part of the as-a-Service model, users of Equinix data centers will be able to avail of equipment, space, and bandwidth to trial the quantum-secure network. The partnership follows post-quantum initiatives in Asia where SK Telecom has deployed QKD systems at Korea-based Equinix data centers in November 2023 and is the latest installment of a growing QKD trend that is expected to accelerate over the next few years.

BT Group, Toshiba, and Equinix’s announcement is consistent with the ongoing commercialization of QKD solutions within post-quantum markets, both within the United Kingdom and on a global scale. The Quantum Keys-as-a-Service model offered by BT Group, Toshiba, and Equinix is aligned with solutions from vendors like Terra Quantum, ID Quantique, QuintessenceLabs, QuantumCTek, and SK Telecom, which offer Platform-as-a-Service, Quantum Keys-as-a-Service, and QKD management products. BT Group and Toshiba’s announcement demonstrates the increasing democratization of QKD solutions through as-a-Service offerings. These offerings promise more accessible data protection for businesses across verticals, allowing for the diversification of QKD solutions and refinement of possible use cases. Developments in QKD are being postured as a more robust alternative to Public Key Infrastructure (PKI), as well as Post-Quantum Cryptography (PQC). PQC’s security is grounded in the mathematical complexity of its algorithms. While these algorithms are currently secure against quantum attacks, further computational breakthroughs have the potential to break them. Alternatively, through its reliance on the laws of quantum mechanics and physical properties of subatomic particles, QKD is impervious to potential quantum advancements. QKD-based security involves exchanging cryptographic keys and data by transmitting photons of light along optical fibers. Each single photon of light cannot be accessed, monitored, or disrupted without causing a fundamental change in the quantum state of the photon. Any eavesdropping on the quantum system is thus detectable, halting key transmission and protecting confidential information. With a QKD-based system, attackers also cannot rely on the “harvest now, decrypt later” surveillance strategy that can be exploited within regular PQC systems. Any attempt to access data encrypted via QKD must be conducted in real time, as the data are being transmitted. The intrinsic security offered by QKD solutions is poised to revolutionize the protection of confidential information, driving market interest in QKD-powered solutions across industry verticals and presenting a significant opportunity for vendors to expand their presence into the QKD market.

Yet, QKD solutions usher in their own concerns that must be balanced with their security benefits. Finding this balance is necessary to ensure the commercial viability, cross-vertical applicability, and effectiveness of QKD solutions in securing user data. Switching to quantum technology, particularly QKD, is costly. The optical fiber often used is expensive, and solutions require specialized hardware, amplifying installation costs. Given their cost implications, vendors may struggle to prove the value proposition of QKD solutions, limiting adoption across verticals. Distance limitations on the transmission of photons across optical fibers pose further issues for securing a reliable customer base. To limit cost and maximize QKD’s applicability across verticals, vendors should:  

• Consider as-a-Service Models: These offer reduced operational and deployment costs for customers, lowering the barriers to QKD adoption across verticals. Incorporating subscription-based or pay-as-you-go pricing will ensure price predictability and keep costs low for customers, enabling vendors to maintain a high market share in the QKD sub-segment.
• Prioritize Installation in Areas with Established Customer Bases: Given the high costs of QKD deployment, usage is likely to be limited to business-critical domains, including financial services, health, governmental and defense applications, and core telecommunications networks. Deploying QKD solutions and optical fibers in areas with a pre-established customer base, such as primary business districts and dense industrial zones, provides a solid foundation for targeting high-value verticals. Market testing can delineate business cases for offering QKD solutions and boost revenue generation prospects.
• Explore Free Space Transmission: Free space transmission of photons via satellite is being postured to bolster the markets’ expansion to previously unreachable customer bases, providing increased flexibility, mobility, and expandability compared to optical fiber. This enhanced flexibility must, however, be balanced with the associated engineering costs.

QKD hardware remains vulnerable to side channel attacks and its sensitivity exposes it to Distributed Denial of Service (DDoS) attacks, as well as inadvertent disruptions of the quantum signal. To minimize the risk of potential attacks and optimize the revolutionary security potential of QKD solutions, vendors should consider the following recommendations:

• Focus on Implementation Security: Real-time monitoring of all specialized hardware and testing of users’ devices should be prioritized, including watchdog detectors with various response times. Introducing alternate channels in the quantum network for routing quantum key material will limit the impact of a potential DDoS attack.
• Combine QKD with PQC: PQC does not require specialized hardware and can be integrated into existing systems, posing fewer interoperability issues compared to QKD. Combining QKD with PQC ensures a comprehensive, multi-layered defense strategy, boosting customer trust in security solutions and driving competitive positioning.