As the competitive rulebook plays out there are often two or more new technologies competing for their futures, that emerge from the crowd that have the potential to win-to become the de-facto standard. And sometimes the best technology doesn’t always win. Much of the equation comes down to market penetration, share and brand association as we saw with VHS battling with Betamax in the 1980’s, previously IBM Mainframes competing with distributed mini computing DEC (Digital Equipment Company).
In few cases one or more brands impose their preferred technology model, their stack, their standard as with IOS and Android, who after all squeezed out Blackberry and other brands, creating the big two. However these days it is likely the winners will be the technologies that can be easily implemented and delivers a decent cost/benefit.
The videotape format battle was brutal, that saw SONY use its global reach to muscle JVC who were behind Betamax, which for me was a better proposition and delivered smaller tapes and higher quality, albeit was more expensive. In a consumer world of electrical goods — price became pivatol. Another deciding factor was SONY invested in winning hearts and minds of the then content makers — the recording studios and production companies and encouraged them down the SONY path.
Let the new battle commence…
So here we are again as we enter the Quantum realms — where there are already multiple approaches to Quantum Computing in terms of generating and controlling the sub atomic particles that deliver the compute brute force, but also across the Quantum Information Sciences spectrum there are similar battles taking place. Although in Quantum Computing it has not really entered battle stations as much of Quantum activities remains in research and experimentation.
A key area where battle has commenced is in Quantum Communications or to be more specific between Quantum Key Distribution technologies (QKD) and Post Quantum Cryptography (PQC). The protagonists have emerged.
The challenge how best to secure our communications that is the piping for handling our transactions and protecting our information assets that hang on the ends of networks in cloud datacentres, which has to me it seems been a backward step. Relying on someone else’s centralised facility feels odd to me.
In other words how secure are the underlying encryption models that are used in our increasingly fragile ‘digital world’ that rely on open public networks — the Internet. A service layer that many take for granted and naively believe has a level of intrinsic securities. And of course one can by-pass the Internet and other networks altogether or attempt to secure their communications using software solutions or using hardware device at each end (on premises nodes). The essential difference between QKD and QPC.
Whilst everyone seems to be obsessed to moving to ‘digital’ or shelling out millions on ‘digital transformation’ the businesses have become more vulnerable not less. I also want to set the baseline by mentioning everything is already digital in terms of it is no-longer analogue. For me there is no such thing as moving to digital, and certainly ‘digital transformation’ is at best a myth and at worst invented by consultants to make money from naive clients because it sounds like a step forward.
The exchanging digital messages was developed by Dr Donald Davies — the creator of the ‘packet switching’ concepts of the 1960’s on which the principles of the Internet was created. Signals or packets of information (we call transactions or messages) have always been digital, so Idont see what all the fuss is about.
The challenge is the exchange of keys, or ciphers that allows the parties at either end to share information privately. To send and receive messages securely. There are two primary choices, either the Keys are pre-set before hand or sent separately to the massage e.g. asymmetric cryptography. This is the primary challenge…for securing all communications, at every level from consumers, companies and government.
And of course the choice of algorithms that support encryption is key, the two most common communication algorithms are RSA (created by GCHQ in the UK), Elliptic Curve used in Crypto Networks (Bitcoin) or Diffie-Hellman with several others that are based upon solving a mathematical problem that involves multiplying together two large prime numbers — ‘integer factorisation’. It is unsurprising that when people find out the only protection against the ‘dark arts’ is the inability of the current generation to factorise large numbers (key strings). Simple multiplications…to find the integers.
It gets worse.
In 1994 Peter Shor a professor at MIT created a new algorithm that can be used by Quantum Machines that can crack these algorithms in a matter of seconds, instead of millions of years that a classical computer would take. Although today Quantum Computers are not yet powerful enough or stable their immediate potential will be that they WILL crack all encryption at some point in the not to distant future, 3 to 5 or 10 years.
So what can be done to protect information assets, today?
There are two primary approaches that have emerged, and you guessed it, they are QKD or PQC. Both different and not compatible with one another. Quantum Key Distribution (QKD) uses fundamental quantum mechanics principles such as the No Cloning Theorem to ensure that a communication cannot be intercepted without detection. This essentially involves using sub atomic particles — a proton at each end of the communications that become ‘entangled’ forming a relationship. The primary function of this approach based on the primary princes of Quantum Mechanics is that any attempt to intercept, listen in (eavesdrop) or tamper, the special relationship the protons have simply stops, the coherance is lost and the line of communications drops. Often expensive hardware devices at each end (nodes), then moves the communications to a new pathway (similar to channel) and things continue.
The second iscalled Post Quantum Cryptography (PQC) is software based and uses different types of encryption techniques such as lattice-based and code-based algorithms that do not rely on factoring large numbers and do not offer pathways for the Quantum Computer to to find the ciphers (keys) that will unlock secure communications.
So here we go again as a new battle lines are drawn we have in 2021 a new tech standards battle, a new Betamax versus VHS. The race for market share as each path is very different. One reliant on mathematics in software code and the other the properties of sub atomic particles defined by the rules of Quantum Mechanics.
And the winner is?
For me it comes down to practical usability and cost vs complexity of implementation of each solution. But also the option to overlay each approach onto the underlying infrastructures we already have.
I also do not believe one approach will win over the other. There is a need for both as the practical user solutions cover very different applications, with early QKD implementations in satellite comms, government funded comms super highways and specific banking requirements where billion/trillions are transacted. QKD is an optical link between two points and has distance limitations as with all networks. Leading QKD suppliers include Toshiba.
PQC is more likely to be mass adopted by businesses as another overlay solutions so that older vulnerable security systems can be turned off and retired. PQC can also be used within exiting communication systems — radio, electrical circuits, and is easy to deploy into live customer facing environments. Being more compatible, lower cost and much much easier to implement. Leading PQC providers include the Uk’s Post-Quantum Ltd, who many refer to as the real James Bond “Q branch’.
The only question remains with PQC is the arrival of another algorithm with compute power can unlock its properties, although unlikely, who knows what lies ahead in the Quantum realm.
It certainly looks like the Intelligence community favours PQC over QKD, as PQC offers a range of quantum resistant algorithms and this approaches.
It is thus likely PQC will prevail and gain bigger market share based on practical truths. Lower cost, easier to implement and a wide array of variable solutions…and why all businesses should be looking to add a PQC strategy to the protection of they infrastructure and most important information assets.
The next battle will centre on the Quantum Computer standards as today there are a plethora of diffrent aprpoaches and once again I can see room for more than one approach, as the opportunity remains vast.
Author Nick Ayton