Experts: Esther Hänggi (HSLU), Bernhard Tellenbach (ArmaSuisse), Christoph Wildfeuer (FHNW)
Quantum cryptography uses the laws of quantum physics to encrypt and securely transmit information (cryptography). From this research field, the best-known applications already in use are quantum key distribution and quantum random number generation. Quantum computing poses a major challenge for the security of data traffic worldwide. Therefore, new encryption systems are needed that cannot even be cracked by quantum computers. Such quantum-proof encryption is precisely what post-quantum cryptography addresses.
Picture: Giovanni V. Resta and Matthieu Perrenoud
Quantum cryptography uses the laws of quantum physics to encrypt and securely transmit information (cryptography). From this research field, the best-known applications already in use are quantum key distribution and quantum random number generation. Switzerland has excellent research groups in this area; however, as a third country, it is excluded from EU projects on quantum cryptography, as this research field is considered security-relevant by the EU.
Quantum cryptography is based on the findings of quantum physics. This is the branch of physics that deals with the smallest particles, such as photons or individual electrons. In contrast to conventional cryptographic procedures and post-quantum cryptography, quantum cryptography uses the quantum physical properties of photons for the secure transmission of information.
The best-known applications in the field of quantum cryptography are quantum key distribution (QKD) and the quantum random number generator (QRNG).
As electronic data traffic has grown and become more widespread, procedures to improve IT security have become much more important. Without encryption, all data exchange over the internet is publicly viewable. As confidentiality and tap-proof communication channels are a key requirement for people, organisations and government agencies, research is also being conducted on new ways to increase the security of IT and data.
Quantum key exchange is used to establish secure network connections. This is achieved by utilising photons’ states as means of transmitting a key. The fact that the states of photons change each time they are measured can be used to reliably detect eavesdropping attacks. Even though the first commercial products are on the market, these procedures are utilised primarily in experimental networks in the critical infrastructure field.
Quantum random number generators constitute an application that is already somewhat more widespread. While random numbers play an important role in many areas, for instance in casinos and statistics, they are also used for encryption. Most random numbers used today are not generated randomly, but behave as if they are. Hence, they are also called ‘pseudo-random’ numbers. Pseudo-random number generators also need a small quantity of random numbers. Moreover, it cannot be ruled out that they will be cracked in the future – especially when better computers with more computing power become available. As measurement results in quantum physics are random, they can be used to produce genuine random numbers. Such random number generators, which are based on quantum mechanics effects, are already being used by issuers of certificates and by online casinos.
The major technical challenges in quantum cryptography are the limited ranges and low transmission rates. To improve these, better technical components are needed, especially photon sources and detectors, as well as repeaters that ensure greater ranges. Widespread use of quantum cryptography in the commercial IT sector will also not be possible without appropriate infrastructure, such as fibre-optic cables or satellite networks, and simple ways to integrate such components and infrastructure into existing infrastructure. Other countries already have large infrastructure projects promoting the transfer of knowledge from universities to demonstration and experimental projects, but this is not yet the case in Switzerland.
There are still no specific standards that users can rely on for quantum cryptographic devices and components, such as photon sources, photon detectors or repeaters.
Switzerland is home to the global market leader in the field of quantum cryptography: ID Quantique, a spin-off from the University of Geneva. The country’s university research groups have a very strong skill set – both in research into the theoretical foundations and in experimental quantum cryptography. The players are well networked, not only with each other, but also with foreign colleagues.
As the EU has declared quantum cryptography to be security-relevant though, Switzerland, as a non-associated third country, cannot participate in Horizon projects (see current status of Horizon Europe).
Widespread commercial use of quantum cryptography also depends on future regulatory requirements. Many industry-specific standards require the use of a specific IT security infrastructure, which does not currently take quantum cryptography into account, so companies wishing to use quantum cryptography have to fall back on previous cryptographic procedures. That greatly reduces the incentive to implement projects in this field. In the future, this inhibiting tendency could change though. For Switzerland, one decisive factor will be whether future regulatory requirements are technically compatible with the rest of the world. Developing separate devices for just the Swiss market would hardly be worthwhile.
The National Centre of Competence in Research (NCCR) ‘QSIT – Quantum Science and Technology’ ended in 2022. The Federal Council has launched the Swiss Quantum Initiative as a successor scheme. This complementary measure to strengthen research is intended to fund the development of attractive study programmes, knowledge transfer, technology transfer, and national and international cooperation. A total of 10 million Swiss francs have been allocated for 2024 and 2025. As quantum technologies receive much more funding abroad than in Switzerland, this could lead to Switzerland falling behind internationally, despite extensive funding. A study by Qureca calculates that 30 billion US dollars had been invested worldwide by 2022.
If the transfer from science to practice were better funded in Switzerland, this could provide incentives and impetus for early adopters.
Quantum computing poses a major challenge for the security of data traffic worldwide. Therefore, new encryption systems are needed that cannot even be cracked by quantum computers. Such quantum-proof encryption is precisely what post-quantum cryptography addresses. Switzerland is traditionally well positioned in cryptography research, which is why post-quantum cryptography represents an opportunity for the country.
The term ‘post-quantum cryptography’ refers to a set of encryption procedures that protect against potential attacks from both conventional and quantum computers. Although today’s quantum computers are not yet capable of circumventing current encryption procedures, it was already theoretically proven in 1994 that quantum computers could make many of today’s common encryption procedures obsolete. Post-quantum cryptography thus defuses the potential risk posed by quantum computers in relation to today’s encryption procedures.
If we are to have secure data transfer in the future, it is essential that new procedures, which also safeguard data transfer against quantum computers, already be developed and standardised today. As the entire internet infrastructure will be affected by the changeover to post-quantum cryptography, such an innovation will probably take many years. To put this into perspective, the cryptographic procedures currently in use, on which the internet is based, took almost twenty years to go from conception to widespread application.
Post-quantum cryptography is not to be confused with quantum cryptography. While post-quantum cryptography deals with cryptographic procedures in light of quantum computing, quantum cryptography uses quantum states to generate and exchange keys and encrypted messages, or to generate random numbers.
Cryptographic procedures are omnipresent on the internet. Without them, any exchange of data would be as easily readable as a postcard on its way for delivery. Cryptographic procedures thus not only enable the protection of personal data, but are also the basis for all applications that require a minimum of security. These include e-commerce, business transactions and cloud computing, but also communications conducted by emergency services, governments and military organisations.
Already today, some of the large hardware and software manufacturers have implemented quantum-proof encryption procedures. These include Cisco, IBM, Microsoft and others, while the Amazon subsidiary AWS is also experimenting with such new encryption procedures.
In a de facto sense, the USA’s National Institute of Standards and Technology (NIST), a federal authority, is in charge of globally valid standardisation regarding many aspects of cryptography. Its efforts to develop quantum-proof encryption algorithms began as early as 2016. According to its roadmap, a draft standard should be ready by 2024. Precisely because such encryption procedures constitute a fundamentally important technology, the establishment of standards is important to ensure the compatibility and interoperability different systems need to communicate with each other.
Ensuring such new encryption procedures are widely accepted, implemented and used will require not only the aforementioned standardisation, but also integration of the procedures into existing systems.
Furthermore, it is necessary to raise awareness of post-quantum cryptography. Only when individuals and organisations are aware of the need for a changeover will they carry out appropriate updates and use these new encryption procedures.
Switzerland has long been heavily involved in cryptography research. It is a field where it has a large number of experts and has produced several innovations in recent years. For instance, the end-to-end encrypted email service Proton Mail was developed at CERN. The development of quantum-proof cryptographic procedures offers Swiss researchers an opportunity to continue to play a leading role in cryptography. In ID Quantique, a spin-off from the University of Geneva, Switzerland has a global market leader in quantum cryptography, which has primarily excelled in so-called ‘quantum key distribution’.
Like most other research fields, research on post-quantum cryptographyis funded by mechanisms within SNSF and Innosuisse. However, a National Centre of Competence in Research could certainly provide stimulus, because the conditions are good, both academically and industrially.
