Unraveling the confusion around Quantum-Safe Encryption

Rapid advances in Quantum Computing (QC) raise big expectations and some concerns. We observe this dichotomy between hype and doomsday scenarios with the introduction of many innovations (see also the discussion on opportunities and threats of AI). Since risks of quantum computing for traditional encryption have entered experts’ awareness, a discussion is going on whether either a new kind of software-based mathematical cryptography, like Post-Quantum Cryptography (PQC) or Quantum Key Distribution (QKD) based on the laws of physics are the solution for quantum secure encryption. My answer is clear: there is no “either-or” here; both approaches have their merits and play an essential role in a quantum-safe future!

From a holistic view, I expect Post-Quantum Cryptography (PQC) to find its place for the majority of “everyday” applications and equipment. At the same time, Quantum Key Distribution (QKD), as the “gold standard” of quantum cryptography, is the method of choice for adequate protection of critical infrastructure, such as data-center links, telecom networks, energy grids, and traffic networks. The advantage of PQC is that it is relatively easy to implement. Still, the disadvantage is that, like all mathematical methods, it relies on the unproven assumption that no algorithm exists to break the encryption. On the other hand, QKD requires investment in infrastructure with new quantum equipment, but the laws of physics make it impossible to outsmart.

Not every device can host QKD protocols, especially for consumer products like smartphones. Therefore, implementing PQC is the solution of choice for most “everyday” applications and devices, as it will serve as a necessary complement to current encryption methods. PQC will be important for most end-users. 

QKD is the gold standard for securing critical infrastructures to avoid societal disruption and enormous consequential damage in the finance industry, power generation and distribution, transportation systems, and the communications industry. Since QKD is based on the laws of physics, it is resistant to all possible quantum attacks, no matter what knowledge, tools, or computing power a hacker may possess.

In the quantum era, physical security through QKD will play an indispensable role in safeguarding critical networks and data.