Back
About RSIS
Introduction
Building the Foundations
Welcome Message
Board of Governors
Staff Profiles
Executive Deputy Chairman’s Office
Dean’s Office
Management
Distinguished Fellows
Faculty and Research
Associate Research Fellows, Senior Analysts and Research Analysts
Visiting Fellows
Adjunct Fellows
Administrative Staff
Honours and Awards for RSIS Staff and Students
RSIS Endowment Fund
Endowed Professorships
Career Opportunities
Getting to RSIS
Research
Research Centres
Centre for Multilateralism Studies (CMS)
Centre for Non-Traditional Security Studies (NTS Centre)
Centre of Excellence for National Security
Institute of Defence and Strategic Studies (IDSS)
International Centre for Political Violence and Terrorism Research (ICPVTR)
Research Programmes
National Security Studies Programme (NSSP)
Social Cohesion Research Programme (SCRP)
Studies in Inter-Religious Relations in Plural Societies (SRP) Programme
Other Research
Future Issues and Technology Cluster
Research@RSIS
Science and Technology Studies Programme (STSP) (2017-2020)
Graduate Education
Graduate Programmes Office
Exchange Partners and Programmes
How to Apply
Financial Assistance
Meet the Admissions Team: Information Sessions and other events
RSIS Alumni
Outreach
Global Networks
About Global Networks
RSIS Alumni
Executive Education
About Executive Education
SRP Executive Programme
Terrorism Analyst Training Course (TATC)
International Programmes
About International Programmes
Asia-Pacific Programme for Senior Military Officers (APPSMO)
Asia-Pacific Programme for Senior National Security Officers (APPSNO)
International Conference on Cohesive Societies (ICCS)
International Strategy Forum-Asia (ISF-Asia)
Publications
RSIS Publications
Annual Reviews
Books
Bulletins and Newsletters
RSIS Commentary Series
Counter Terrorist Trends and Analyses
Commemorative / Event Reports
Future Issues
IDSS Papers
Interreligious Relations
Monographs
NTS Insight
Policy Reports
Working Papers
External Publications
Authored Books
Journal Articles
Edited Books
Chapters in Edited Books
Policy Reports
Working Papers
Op-Eds
Glossary of Abbreviations
Policy-relevant Articles Given RSIS Award
RSIS Publications for the Year
External Publications for the Year
Media
Cohesive Societies
Sustainable Security
Other Resource Pages
News Releases
Speeches
Video/Audio Channel
External Podcasts
Events
Contact Us
S. Rajaratnam School of International Studies Think Tank and Graduate School Ponder The Improbable Since 1966
Nanyang Technological University Nanyang Technological University
  • About RSIS
      IntroductionBuilding the FoundationsWelcome MessageBoard of GovernorsHonours and Awards for RSIS Staff and StudentsRSIS Endowment FundEndowed ProfessorshipsCareer OpportunitiesGetting to RSIS
      Staff ProfilesExecutive Deputy Chairman’s OfficeDean’s OfficeManagementDistinguished FellowsFaculty and ResearchAssociate Research Fellows, Senior Analysts and Research AnalystsVisiting FellowsAdjunct FellowsAdministrative Staff
  • Research
      Research CentresCentre for Multilateralism Studies (CMS)Centre for Non-Traditional Security Studies (NTS Centre)Centre of Excellence for National SecurityInstitute of Defence and Strategic Studies (IDSS)International Centre for Political Violence and Terrorism Research (ICPVTR)
      Research ProgrammesNational Security Studies Programme (NSSP)Social Cohesion Research Programme (SCRP)Studies in Inter-Religious Relations in Plural Societies (SRP) Programme
      Other ResearchFuture Issues and Technology ClusterResearch@RSISScience and Technology Studies Programme (STSP) (2017-2020)
  • Graduate Education
      Graduate Programmes OfficeExchange Partners and ProgrammesHow to ApplyFinancial AssistanceMeet the Admissions Team: Information Sessions and other eventsRSIS Alumni
  • Outreach
      Global NetworksAbout Global NetworksRSIS Alumni
      Executive EducationAbout Executive EducationSRP Executive ProgrammeTerrorism Analyst Training Course (TATC)
      International ProgrammesAbout International ProgrammesAsia-Pacific Programme for Senior Military Officers (APPSMO)Asia-Pacific Programme for Senior National Security Officers (APPSNO)International Conference on Cohesive Societies (ICCS)International Strategy Forum-Asia (ISF-Asia)
  • Publications
      RSIS PublicationsAnnual ReviewsBooksBulletins and NewslettersRSIS Commentary SeriesCounter Terrorist Trends and AnalysesCommemorative / Event ReportsFuture IssuesIDSS PapersInterreligious RelationsMonographsNTS InsightPolicy ReportsWorking Papers
      External PublicationsAuthored BooksJournal ArticlesEdited BooksChapters in Edited BooksPolicy ReportsWorking PapersOp-Eds
      Glossary of AbbreviationsPolicy-relevant Articles Given RSIS AwardRSIS Publications for the YearExternal Publications for the Year
  • Media
      Cohesive SocietiesSustainable SecurityOther Resource PagesNews ReleasesSpeechesVideo/Audio ChannelExternal Podcasts
  • Events
  • Contact Us
    • Connect with Us

      rsis.ntu
      rsis_ntu
      rsisntu
      rsisvideocast
      school/rsis-ntu
      rsis.sg
      rsissg
      RSIS
      RSS
      Subscribe to RSIS Publications
      Subscribe to RSIS Events

      Getting to RSIS

      Nanyang Technological University
      Block S4, Level B3,
      50 Nanyang Avenue,
      Singapore 639798

      Click here for direction to RSIS

      Get in Touch

    Connect
    Search
    • RSIS
    • Publication
    • RSIS Publications
    • IP23089 | “Unhackable” Quantum Communication is a Myth
    • Annual Reviews
    • Books
    • Bulletins and Newsletters
    • RSIS Commentary Series
    • Counter Terrorist Trends and Analyses
    • Commemorative / Event Reports
    • Future Issues
    • IDSS Papers
    • Interreligious Relations
    • Monographs
    • NTS Insight
    • Policy Reports
    • Working Papers

    IP23089 | “Unhackable” Quantum Communication is a Myth
    Michal Krelina, Manoj Harjani

    15 December 2023

    download pdf


    The threat posed by quantum computers to current encryption methods has motivated countries to find alternative ways to secure their communication networks. One method involves using quantum technologies itself, based on the common – but flawed – assumption that quantum communication is “unhackable” and therefore a superior approach to using new encryption methods that do not use quantum technologies. This view is driven by some properties of quantum information that give it a theoretical advantage against surveillance. MICHAL KRELINA and MANOJ HARJANI point out that in practice there are several limitations that policymakers should consider when recommending quantum communication for use in networks supporting critical functions. They also highlight the countermeasures that could be taken to overcome those limitations.

       

     

     

    COMMENTARY

    In recent years, countries have been working towards securing their communication networks using quantum technologies. A prominent example is China, which was the first country to launch a satellite for quantum communication in 2016. More recently in October 2023, researchers in the United Kingdom and Ireland successfully tested a quantum communication link via an underwater cable. Earlier this year, Singapore launched the National Quantum-Safe Network Plus initiative to partner local telcos in developing quantum communication infrastructure for critical sectors such as banking.

    These efforts are motivated by the threat posed by quantum computers to current encryption methods that secure communication on the basis that certain mathematical problems cannot be easily solved by even the fastest “classical” supercomputers. Due to the different way they perform calculations compared to classical computers, quantum computers are theoretically capable of easily solving the mathematical problems that current encryption methods rely on. Although quantum computers with the capability to do this are nowhere close to being developed, this reality has not prevented hype building around the possibility of a “quantum apocalypse.”

    Quantum communication is one of two ways to guard against the threat to encryption from quantum computers. The other is post-quantum cryptography (PQC), which uses new classical methods for encrypting data that can withstand potential attacks from quantum computers. However, PQC is not foolproof and faces a number of challenges for implementation. The main advantage that quantum communication is believed to have over PQC is that it is “unhackable”, but this is a flawed assumption. In fact, quantum communication has several limitations that should give policymakers cause for pause.

    IP23089
    Though quantum communication can theoretically transmit information in a manner that is believed to be unconditionally secure, there are several limitations that policymakers should consider when recommending its use in networks supporting critical functions. Image by Unsplash.

    What is Quantum Communication?

    In classical communication, a binary bit is used to represent information using either 0s or 1s. Quantum communication harnesses the principles of quantum mechanics to represent information, using quantum bits or qubits. Unlike classical bits, which can only be either 0 or 1, qubits can be in a “superposition” of 0 and 1 simultaneously. This allows qubits to store more information than classical bits. Furthermore, when qubits are measured, their superposition is disturbed irrevocably, which is a helpful property to detect eavesdropping. It is also impossible to create an exact copy of a qubit, which is a further advantage against surveillance. Quantum communication protocols such as quantum key distribution (QKD) make use of these advantageous properties of qubits to transmit information in a manner that is believed to be unconditionally secure.

    Limitations

    Nevertheless, when we move from theory to practice, the apparently unconditional security of quantum communication comes up against significant limitations. Foremost is the fact that it requires purpose-built equipment and infrastructure. Not only is this costly, but it also reduces the ability of quantum communication networks to be upgraded easily to counter evolving security threats. Furthermore, it introduces the risk of insider threats as the basis for security is provided by hardware which can be manipulated.

    Free-space quantum communication using satellites and drones aims to overcome this limitation related to physical infrastructure while facilitating long-distance quantum communication. Other than China, the European Union has emerged as a player in this field, with a quantum communication satellite launch planned for 2024 as part of the broader EuroQCI initiative to build a regional infrastructure for quantum communication. Singapore-based startup SpeQtral is also aiming to launch a quantum communication satellite in 2024, the first by a private company.

    However, free-space quantum communication infrastructure is vulnerable to denial-of-service (DoS) attacks, which pose a significant challenge due to the ease with which such attacks can be carried out. One type of DoS attack involves using a laser to “dazzle” a receiver for quantum communication, overwhelming it in the same way that jamming would for a radio receiver. If a malign actor can trace the position of a quantum communication satellite, a successful DoS attack can be executed with a relatively low-powered laser.

    Both terrestrial and free-space quantum communication are also vulnerable when the density of the network is low and the options for rerouting network traffic are either costly or infeasible. In such a scenario, a DoS attack targeting a single element of a network can have an outsized impact, potentially causing a significant reduction in functionality. This would be untenable if the network infrastructure is supporting time-sensitive operations or critical decision-making processes. DoS attacks involving dazzling would also be difficult to attribute, which makes it harder to respond effectively to them. Without clear identification of the responsible party, retaliatory or deterrent measures become riskier, which potentially leaves the targeted quantum communication network vulnerable to further attacks.

    Countermeasures

    Assessing risks and vulnerabilities is an important first step. The vulnerability of a quantum communication receiver to DoS attacks hinges on its specific design, so it is critical to gauge this experimentally during the security certification process and develop mitigation measures. Such measures often focus on hardening the security of the quantum communication receiver, but they are not a silver bullet. A more advanced mitigation measure would be to increase the density of the quantum communication network itself, thereby enabling rerouting of information. The alternative routes in the network can use classical communication secured with PQC to increase the overall resilience to DoS attacks tailored specifically for a quantum communication network.

    To support a security certification process, countries will need to invest in infrastructure for testing and verification. As part of the EuroQCI initiative, the European Union called for a tender in July 2023 worth €16 million (~S$23.4 million) to develop such infrastructure. But it is not yet clear how this will be operationalised and whether there will be capabilities to also discover new vulnerabilities. How the certification process connects with the larger effort on standardisation for quantum communication will be critical to ensure interoperability. The International Standards Organisation (ISO) released standards for QKD security in August 2023, but the extent of their adoption is unclear.

    The main takeaway for all countries considering the implementation of quantum communication networks is that they should proceed with caution, particularly where the technology is intended to be deployed to support critical functions, including in the military domain. Alongside investments in testing and verification, more attention will be needed for R&D to discover future vulnerabilities and potential mitigation measures. Nevertheless, as with traditional cybersecurity, humans remain the weakest link. “Unhackable” networks therefore remain a pipe dream, and countries should continue to be circumspect in their assessments of how secure their communication networks will be even as quantum communication is increasingly adopted.

    Michal KRELINA is a research scientist at the Czech Technical University in Prague and a quantum security consultant at the European Union Agency for the Space Programme; Manoj HARJANI is a Research Fellow with the Military Transformations Programme at the S. Rajaratnam School of International Studies.

     

    This piece was issued to subscribers on 21 December 2023.

    Categories: IDSS Papers / General / Cybersecurity, Biosecurity and Nuclear Safety / Global


    The threat posed by quantum computers to current encryption methods has motivated countries to find alternative ways to secure their communication networks. One method involves using quantum technologies itself, based on the common – but flawed – assumption that quantum communication is “unhackable” and therefore a superior approach to using new encryption methods that do not use quantum technologies. This view is driven by some properties of quantum information that give it a theoretical advantage against surveillance. MICHAL KRELINA and MANOJ HARJANI point out that in practice there are several limitations that policymakers should consider when recommending quantum communication for use in networks supporting critical functions. They also highlight the countermeasures that could be taken to overcome those limitations.

       

     

     

    COMMENTARY

    In recent years, countries have been working towards securing their communication networks using quantum technologies. A prominent example is China, which was the first country to launch a satellite for quantum communication in 2016. More recently in October 2023, researchers in the United Kingdom and Ireland successfully tested a quantum communication link via an underwater cable. Earlier this year, Singapore launched the National Quantum-Safe Network Plus initiative to partner local telcos in developing quantum communication infrastructure for critical sectors such as banking.

    These efforts are motivated by the threat posed by quantum computers to current encryption methods that secure communication on the basis that certain mathematical problems cannot be easily solved by even the fastest “classical” supercomputers. Due to the different way they perform calculations compared to classical computers, quantum computers are theoretically capable of easily solving the mathematical problems that current encryption methods rely on. Although quantum computers with the capability to do this are nowhere close to being developed, this reality has not prevented hype building around the possibility of a “quantum apocalypse.”

    Quantum communication is one of two ways to guard against the threat to encryption from quantum computers. The other is post-quantum cryptography (PQC), which uses new classical methods for encrypting data that can withstand potential attacks from quantum computers. However, PQC is not foolproof and faces a number of challenges for implementation. The main advantage that quantum communication is believed to have over PQC is that it is “unhackable”, but this is a flawed assumption. In fact, quantum communication has several limitations that should give policymakers cause for pause.

    IP23089
    Though quantum communication can theoretically transmit information in a manner that is believed to be unconditionally secure, there are several limitations that policymakers should consider when recommending its use in networks supporting critical functions. Image by Unsplash.

    What is Quantum Communication?

    In classical communication, a binary bit is used to represent information using either 0s or 1s. Quantum communication harnesses the principles of quantum mechanics to represent information, using quantum bits or qubits. Unlike classical bits, which can only be either 0 or 1, qubits can be in a “superposition” of 0 and 1 simultaneously. This allows qubits to store more information than classical bits. Furthermore, when qubits are measured, their superposition is disturbed irrevocably, which is a helpful property to detect eavesdropping. It is also impossible to create an exact copy of a qubit, which is a further advantage against surveillance. Quantum communication protocols such as quantum key distribution (QKD) make use of these advantageous properties of qubits to transmit information in a manner that is believed to be unconditionally secure.

    Limitations

    Nevertheless, when we move from theory to practice, the apparently unconditional security of quantum communication comes up against significant limitations. Foremost is the fact that it requires purpose-built equipment and infrastructure. Not only is this costly, but it also reduces the ability of quantum communication networks to be upgraded easily to counter evolving security threats. Furthermore, it introduces the risk of insider threats as the basis for security is provided by hardware which can be manipulated.

    Free-space quantum communication using satellites and drones aims to overcome this limitation related to physical infrastructure while facilitating long-distance quantum communication. Other than China, the European Union has emerged as a player in this field, with a quantum communication satellite launch planned for 2024 as part of the broader EuroQCI initiative to build a regional infrastructure for quantum communication. Singapore-based startup SpeQtral is also aiming to launch a quantum communication satellite in 2024, the first by a private company.

    However, free-space quantum communication infrastructure is vulnerable to denial-of-service (DoS) attacks, which pose a significant challenge due to the ease with which such attacks can be carried out. One type of DoS attack involves using a laser to “dazzle” a receiver for quantum communication, overwhelming it in the same way that jamming would for a radio receiver. If a malign actor can trace the position of a quantum communication satellite, a successful DoS attack can be executed with a relatively low-powered laser.

    Both terrestrial and free-space quantum communication are also vulnerable when the density of the network is low and the options for rerouting network traffic are either costly or infeasible. In such a scenario, a DoS attack targeting a single element of a network can have an outsized impact, potentially causing a significant reduction in functionality. This would be untenable if the network infrastructure is supporting time-sensitive operations or critical decision-making processes. DoS attacks involving dazzling would also be difficult to attribute, which makes it harder to respond effectively to them. Without clear identification of the responsible party, retaliatory or deterrent measures become riskier, which potentially leaves the targeted quantum communication network vulnerable to further attacks.

    Countermeasures

    Assessing risks and vulnerabilities is an important first step. The vulnerability of a quantum communication receiver to DoS attacks hinges on its specific design, so it is critical to gauge this experimentally during the security certification process and develop mitigation measures. Such measures often focus on hardening the security of the quantum communication receiver, but they are not a silver bullet. A more advanced mitigation measure would be to increase the density of the quantum communication network itself, thereby enabling rerouting of information. The alternative routes in the network can use classical communication secured with PQC to increase the overall resilience to DoS attacks tailored specifically for a quantum communication network.

    To support a security certification process, countries will need to invest in infrastructure for testing and verification. As part of the EuroQCI initiative, the European Union called for a tender in July 2023 worth €16 million (~S$23.4 million) to develop such infrastructure. But it is not yet clear how this will be operationalised and whether there will be capabilities to also discover new vulnerabilities. How the certification process connects with the larger effort on standardisation for quantum communication will be critical to ensure interoperability. The International Standards Organisation (ISO) released standards for QKD security in August 2023, but the extent of their adoption is unclear.

    The main takeaway for all countries considering the implementation of quantum communication networks is that they should proceed with caution, particularly where the technology is intended to be deployed to support critical functions, including in the military domain. Alongside investments in testing and verification, more attention will be needed for R&D to discover future vulnerabilities and potential mitigation measures. Nevertheless, as with traditional cybersecurity, humans remain the weakest link. “Unhackable” networks therefore remain a pipe dream, and countries should continue to be circumspect in their assessments of how secure their communication networks will be even as quantum communication is increasingly adopted.

    Michal KRELINA is a research scientist at the Czech Technical University in Prague and a quantum security consultant at the European Union Agency for the Space Programme; Manoj HARJANI is a Research Fellow with the Military Transformations Programme at the S. Rajaratnam School of International Studies.

     

    This piece was issued to subscribers on 21 December 2023.

    Categories: IDSS Papers / General / Cybersecurity, Biosecurity and Nuclear Safety

    Popular Links

    About RSISResearch ProgrammesGraduate EducationPublicationsEventsAdmissionsCareersVideo/Audio ChannelRSIS Intranet

    Connect with Us

    rsis.ntu
    rsis_ntu
    rsisntu
    rsisvideocast
    school/rsis-ntu
    rsis.sg
    rsissg
    RSIS
    RSS
    Subscribe to RSIS Publications
    Subscribe to RSIS Events

    Getting to RSIS

    Nanyang Technological University
    Block S4, Level B3,
    50 Nanyang Avenue,
    Singapore 639798

    Click here for direction to RSIS

    Get in Touch

      Copyright © S. Rajaratnam School of International Studies. All rights reserved.
      Privacy Statement / Terms of Use
      Help us improve

        Rate your experience with this website
        123456
        Not satisfiedVery satisfied
        What did you like?
        0/255 characters
        What can be improved?
        0/255 characters
        Your email
        Please enter a valid email.
        Thank you for your feedback.
        This site uses cookies to offer you a better browsing experience. By continuing, you are agreeing to the use of cookies on your device as described in our privacy policy. Learn more
        OK
        Latest Book
        more info