Frequently Asked Questions

QUANTUM DEFEN5E (QD5): Quantum Threat FAQ

Via these Frequently Asked Questions (FAQs), our team unveils the unique approach employed in the development of QD5’s global unified cybersecurity platform. By providing a cost-effective and scalable platform that offers secure encryption and reduces cyber risks to the absolute minimum, QD5 helps enterprises, governments, and critical infrastructure organizations focus on boosting creativity and innovation instead of hedging against unpredictable and uninsurable threats.

The quantum computing era has not yet arrived and could still be years away, yet the USA, many other nations, and companies such as QD5 believe there is already a quantum risk today. Why is this?

Cybersecurity experts and national leaders are preparing for Q-Day, the day when sufficiently powerful quantum computers will finally render conventional cyber protections obsolete. There is a global race to Q-Day with IBM at the forefront in hardware development, but Japanese companies like Fujitsu and Chinese companies like Alibaba are investing heavily in this area as well. As developments accelerate, the time to Q-Day is shortening and may now occur within a matter of years.

Why is the issue important now, rather than after Q-Day? Many secrets have a lifetime measured in decades. This applies to personal information such as private health and financial data, enterprise information such as personnel records and customer data, and government data across a whole range of areas, from civil government to the military.

Many nations are already strategically harvesting encrypted data, and have been for decades, to be decrypted once suitably powerful quantum computers become available. This is commonly known as the Harvest Now Decrypt Later (HNDL) attack. This attack will expose the untold number of records already harvested and those that continue to be harvested in anticipation of Q-Day.

Just as concerning, experts fear the day when quantum computing will enable the real-time decryption of sensitive data, a major tactical threat to enterprises that rely on secrecy and privacy to operate effectively.

We can take sensible steps now to avoid the strategic risks of today and the tactical threats post Q-Day. We can’t protect what’s already been harvested, but we can prevent future losses.

You believe that One-Time Pad (OTP) is the only known cryptographic method that is 100% quantum-secure, compared to many of the current approaches that say they are either quantum-safe or quantum-resistant. What does all this terminology really mean? What’s the difference?

Apart from OTP, which is quantum-secure, all other encryption algorithms represent incredibly hard to solve mathematical problems, where those with longer key lengths and more complex algorithms are more difficult, but not impossible to break.

The National Institute of Standards and Technology (NIST) challenge for PQC (post-quantum cryptography) is designed to leverage conventional PKI (public key infrastructure) methodologies to quickly and cost effectively make it more difficult for advanced AI and sufficiently powerful quantum computers running Shor’s Algorithm to break them.

These PQC algorithms are considered quantum-safe or resistant, but may eventually be broken and therefore not quantum-secure. The expectation is that they will be broken in time and, when this happens, enterprises will rely on crypto agility to quickly and cost effectively replace broken algorithms with new encryption methodologies. These replacement PQC algorithms will theoretically be readied and on standby for this purpose.

The concept behind crypto agility is that organizations will be able to pivot to new, stronger encryption methodologies once the initial PQC algorithms are broken. This strategy protects against tactical threats that happen in real-time, but provides no protection against strategic HNDL attacks.

OTP is known within the cybersecurity field as an encryption technique that cannot be broken, with mathematical proofs established over 70 years ago that remain unchallenged. This technique requires a single-use, truly random, pre-shared key that is not smaller than the message being sent, cannot be reused, and must be kept secret. In this technique, a plaintext is paired with a random secret key. OTP is considered quantum-secure and therefore its users do not need to fall back on crypto agility.

Is this why you consider post-quantum cryptography (PQC) from the US Government a stop gap measure?

The NIST initiatives are important, as they demonstrate that the US Government recognizes that securing data in the quantum era is something that must be addressed immediately. Unfortunately, the current approach does indeed look like a stop gap measure from our perspective due to the crypto agility requirement. PQC plays an important role at the application layer as it’s a quick and efficient replacement of PKI, but it needs to be further supported by a quantum-secure infrastructure.

Quantum key distribution (QKD) could provide a quantum-secure infrastructure as it also makes use of OTP. QKD relies on quantum entanglement to securely share OTP keys between endpoints. However, despite the benefits of QKD, the US National Security Agency, and similar agencies in other countries, state that it is only a partial solution; it is prohibitively expensive and would require a complete upgrade to existing IT infrastructures to implement, a huge task.

QKD is a future solution that cannot be built with existing components, but the technology behind QKD has an important role to play to interconnect quantum computers. We don’t see it as viable to protect general communications.

What makes the QD5 approach a long-term answer to the quantum computing threat?

QD5’s implementation of OTP allows organizations to achieve perfect secrecy at a similar cost to conventional cybersecurity, while employing existing IT infrastructure. We refer to this as quantum security without the entanglements of QKD. OTP has long been used by diplomatic, military, and intelligence communities to safeguard sensitive information. Our team has worked on such projects for decades.

The QD5 approach is a critical long-term solution to the quantum computing threat, and to conventional threats such as advanced AI.

This platform offers the same protections as QKD but without the entanglements; the complexity, high cost, and delay in implementation associated with QKD. The QD5 approach is commercially viable. It can be scaled to accommodate enterprises of every size and seamlessly deployed into existing information technology (IT) and operational technology (OT) systems.

If you have a team that has developed OTP over many decades, why hasn’t it already become the dominant approach to cryptography until now?

There are very real technical and human challenges that have delayed the transition to OTP until now. Conventional encryption systems providing ad hoc protections have been in use since the 1970s. They’re relatively easy to implement over most network architectures, require minimal data storage since the keys are small, and we’re accustomed to using them.

Every time you login to a new website you’re connected through a secure link that provides basic protections. It’s seamless to the user. Access to most banking, medical, and government services require these standard security solutions.

OTP was first used over a century ago, and it worked. It provided perfect secrecy. But, it was difficult to implement, required tremendous data storage, which up until a decade ago was in short supply, and you needed to carefully plan your intended connections and network architecture.

A present-day analog is the electric car. Over a century ago electric cars outnumbered gas powered cars. But they required a more complex network of charging stations, versus the quick and convenient refueling stations for petrol. Convenience won out and until a decade ago there were very few electric vehicle options on the market. There was also a very limited talent pool that could design, manufacture, and maintain these electric vehicles.

What factors make OTP poised to become a dominant approach in cryptography today?

We’ve reached the turning point for OTP; as with EV technologies, it’s now proving to be the superior option. QD5 designed an architecture that overcomes the technical limitations of OTP and we’re now building on the human factor. The talent pool required to work with OTP is currently very small, but we’re hiring and training staff that are committing themselves to something better—to something that can protect all of us against the cyber threats that are now overwhelming our current defenses.

The complacency of users, all of us, is finally being challenged by these growing cyber threats. We don’t really have a choice anymore. We need to replace what we’ve been accustomed to with something that can protect us against new, emerging threats.

QD5 realizes that convenience, although it’s the enemy of security, is vital for adoption. We’ve developed an architecture that provides the security of OTP along with the convenience and ubiquity of conventional systems. This is the first point in time when the choice between convenience and security has begun to blur, and true privacy is being matched with the convenience that we’ve grown accustomed to.

You mention the cost of deployment of QKD. But some argue that the issue with commercialization of OTP is that the key has to be as long as the actual text, meaning the computation and bandwidth requirements are just too high for OTP to become a mass market solution. What is QD5’s view on this?

Storage is no longer an issue; it’s cheap and plentiful. And the computation argument is simply wrong. OTP requires less than 3% of the computational power of conventional systems and even less in comparison to PQC. Bandwidth is completely unaffected by OTP as it’s a one-to-one replacement of cleartext for ciphertext. QD5 operates over existing IT and OT infrastructures. QD5 establishes its protection through its Quantum Secure Operations Centers and their overlay connections to secured devices. Economically, the QD5 implementation of OTP is a wash for capital expenditures (CAPEX), but we do offer tremendous operating expenses (OPEX) savings, including carbon offsets, due to the lower power consumption of our solutions.

What is the difference between your approach to OTP and that of other firms in the market?

For OTP to be properly implemented 4 conditions must be met:

  1. Randomness – the key must contain no identifiable patterns
  2. Key Size – the OTP key must be of equal size or longer to the data it’s protecting
  3. Uniqueness – the OTP key must only be used one time
  4. Secrecy – the OTP key must be kept secret

Any company that follows these conditions can effectively implement OTP. Any implementations that don’t follow these conditions will fail to provide perfect secrecy and, in the current era, this means that such systems would not be quantum-secure.

Our staff have previously built many small-scale systems with the proper implementations of OTP, but to replace conventional security systems we must scale to meet global needs. This has never been done before and represented our greatest challenge. Together, with help from experts in related fields, we’ve achieved this goal and can now scale to meet global needs with pure implementations of OTP, without compromise, while offering the convenience that we all desire.

Contact us at info@qd5.com for more information.