Cisco UK & Ireland Blog

Bringing post-quantum cryptography to communications networks

4 min read



The step change in computing power that quantum computing promises to deliver has immense potential for innovation. Yet with all progress in technology, there is space for disruption that challenges the status quo and pushes us to solve new and unmatched issues. Cybersecurity is one of them. 

The way we encrypt our online data hasn’t changed much since the 1970s. Public key encryption uses math that is simple to implement if you’re the end user, but practically impossible to break if you’re an eavesdropper without the corresponding key. This solution has worked well for us – until now, with the anticipation of ‘Q-day’. 

It’s widely recognised that once they reach viability, quantum computers will be powerful enough to break the algorithms that power public key encryption. Criminals are already wise to the problem, known in some instances to steal long-lived data, such as government records, health records, and military data, waiting to decrypt once they have the quantum-level power to do so. It’s a ticking time bomb, and it’s imperative we’re prepared. Our national infrastructure depends on it. 

That’s why there’s so much attention and investment in finding new, quantum-resistant methods of encrypting data, so it can be safe for the eventual arrival of quantum computers. 

No one truly knows when that day will come, but it means that action needs to be taken now, to protect data as it travels across networks. 

The combined expertise of leading academia and network specialists 

Over five billion people around the world use the internet today – equivalent to almost 64% of the global population. And with this proportion only set to grow, that means more data being produced and in time, potentially accessible, however we try to secure it today. It’s therefore imperative we take action to move to a post-quantum future for cryptography. 

Already today there are a range of technologies available that can help us future-proof our networks. Quantum key distribution (QKD) uses the principles of quantum mechanics to secure communications, in a way that assumes no one can intercept information, even with the most powerful quantum computer. Quantum-resistant cryptography meanwhile uses a range of new mathematical algorithms that are believed to be secure against quantum computers. 

At Cisco we’re proud to be among the 12 companies the US National Institute of Standards and Technology (NIST) has selected to guide the world’s migration to cryptographic standards that are resistant to the computational power of a quantum computer. 

But the challenge of relying solely on quantum-resistant algorithms is that they rely on mathematical complexity for their security. These might be broken in the future (as have other mathematical encryption algorithms), or future quantum computing algorithms might be found to break them. There is therefore no way of knowing for certain these NIST-approved algorithms are fully quantum computing-proof. We can however mitigate this potential weakness by deploying these well-developed quantum-resistant mathematical algorithms together with quantum key distribution, which produces secure keys that are truly random, derived from quantum mechanics.  

It’s a huge task, and one that no one organisation can do alone. At Cisco we’re proud to be partnering with the University of Cambridge, the University of York within the UK Quantum Communications Hub, and BT, with the aim of building a quantum secure network. 

This is an ambitious project, linking point-to-point physical QKD-secured links with quantum-resistant cryptographic systems to enable security across interconnected communications networks.  

While these work as proofs of concept, in today’s interconnected world, networks are complex. This problem, of making QKD and quantum resistant cryptography work on a more true-to-life multi-point network, is what we’re trying to solve, and who else to do so than the organisation securely connecting over 80% of the world’s Internet traffic. 

What’s next 

As our research continues to advance, we look forward to implementing our Secure Key Integration Protocol (SKIP) on larger, more complex networks. SKIP allows any Cisco router capable of encryption to use keys from a quantum distribution system. This means traditional, router-based solutions such as MacSEC or IPSec, or any cryptographic security protocol, can use secure methods like QKD, preshared keys, or other post-quantum secure techniques.  

We’re already using QKD-protected networks at metropolitan scales within Cambridge, and longer distances connecting London and further afield. We can therefore integrate these with Cisco routers which encapsulate the SKIP protocol, ultimately enabling our routers to use cryptographic keys in a more flexible and sophisticated way, and ultimately offer end users more secure networking. 

We’re proud to be working with some of the UK’s brightest minds in post-quantum cryptography to bring us closer to a safe and secure post-quantum future, and one where we can have peace of mind that our most important data remains protected.  

Cisco has an incredible heritage in networking, and we work with businesses of all shapes and sizes to evolve their business models and adopt new digital approaches to deal with rapid change. Across cloud, AI, 5G, IoT, Cisco has deep expertise in helping businesses integrate the latest technologies into their networks. We’re excited to continue this work with cutting-edge research into how we can help our customers secure their network for the post-quantum future. 

What organisations do today to prepare matters. So that when we make the quantum leap, we’re not compromised, we’re ready. 

 

About the University of Cambridge 

The University of Cambridge is one of the world’s leading universities, with a rich history of radical thinking dating back to 1209. Its mission is to contribute to society through the pursuit of education, learning and research at the highest international levels of excellence.  

Our Cambridge collaborators, within the Electrical Division of the Engineering Dept. have extensive experience in both classical optical communications and quantum communications. They have deployed the UK quantum network, securing classical communications with QKD coexisting within the same optical fibres, at campus, metropolitan and long haul scales. 

 

Authors

Chintan Patel

Chief Technology Officer

Cisco UK & Ireland

Leave a comment


1 Comments

  1. Quantum key distribution (QKD) is secure from attacks on the communication channel but not from attacks or alterations of the devices themselves.