*This article originally appeared on Inside Quantum Technology.*

Quantum technology has the potential to revolutionize our approach to the most difficult problems of our time: from drug discovery, to broad impacts in defense and intelligence systems, and even in areas we haven’t yet imagined. However, the same computing power unlocked by quantum technology also poses potentially catastrophic cybersecurity vulnerabilities.

**Securing your data in the Quantum Age**It’s not a matter of

*when*advanced quantum computation will break our existing security protocols, but how we can best prepare ourselves to meet the challenges of this technology as it reaches its full potential and beyond. Given the complexity and scale of upgrading these types of cyber systems, organizations in need of secure network communication solutions should begin taking steps toward quantum-readiness now. Transformations of this magnitude require years of steady, focused implementation, but it’s hard to know what steps to take while the technology is still emerging.

**Public Key Encryption **Our current networked systems and the applications they enable (from online banking to protecting sensitive medical data to water and electricity management) rely heavily on what's called public key cryptography or public key infrastructure. Broadly speaking, there are two types of public key encryption in use every day: symmetric encryption and asymmetric encryption. Many of these public key protocols are rendered unsecure by a cryptographically-relevant quantum computer.

**Symmetric Encryption**In symmetric encryption, when two parties on a network want to communicate, they do so using a pre-shared secret key. This key is only known to the two parties that want to communicate. As an example, Alice wants to send a message to Bob. In a symmetric encryption scheme, Alice will encrypt her message using the secret key into some ciphertext. That ciphertext is then sent over to Bob. When Bob receives this ciphertext from Alice, he can decrypt it back into plaintext using that same pre-shared secret key. In this scenario using symmetric encryption, there's only one key involved, but it is pre-shared. It’s kept secret for the two parties that want to communicate.

Symmetric encryption is used for what's sometimes called “bulk” encryption or decryption - it can be used to send large amounts of data. The ciphertext is quite small relative to the data size. We can do this very quickly. The key lengths are comparatively small at 128 bits or 256 bits. There's a single key for encryption and decryption.

**Asymmetric Encryption**In asymmetric encryption, there are two keys. Each party on the network has what's called a public key. This public key is advertised to the world. Anyone can see it. Each party also has their own private, secret key. Using asymmetric encryption in our example, Alice will use Bob's public key to encrypt her message into the ciphertext. That ciphertext is then sent over to Bob, and Bob can decrypt that data using Bob's secret key. There is no pre-shared key between Alice and Bob, and only Bob is able to decrypt the data. Anyone else who has access to that ciphertext will not be able to read it or decrypt it, unless they have Bob's secret key. The security of asymmetric encryption relies on the assumption that no adversary can decipher Bob’s private key from his public key in a practical timeframe. Today, this assumption is based on the hardness of particular mathematical problems.

In asymmetric encryption, the ciphertext is quite large compared to the data size. It takes more compute resources, it's slower, and the key lengths are much longer - in the range of 1000s of bits. The most common asymmetric encryption is the 2048-bit RSA key. In this setup, two keys are used for encryption and decryption.

**Hybrid Cryptosystems**Symmetric encryption and asymmetric encryption can also be used together in what's called hybrid cryptosystems. The way that many modern networks operate today is through using asymmetric encryption, like RSA or Diffie Hellman, to perform secret key exchange. That shared secret key can then be turned around and used as the symmetric key for the bulk encryptions. Some examples of these hybrid cryptosystems are PGP, SSH, SSL, and TLS.

**Critical security vulnerabilities **Symmetric encryption protocols and some hash functions are susceptible to quantum attack, but they’re not completely broken. Some of these are presumed secure to quantum attacks.

Asymmetric encryption protocols, which are the most popular and integrated into most of our systems today, will be fully broken by the advent of a cryptographically-relevant quantum computer. Protocols such as RSA, Diffie Hellman, and elliptic curve cryptography are all vulnerable.

Documents, messages, web certificates, software, financial transactions can all be forged with the advent of a cryptographically-relevant quantum computer. Because of the implications of Shor's algorithm and Grover's algorithm, secret keys are exposed in the clear and adversaries will be able to read whatever you're receiving. Internet traffic will no longer be secure.

This has implications right now, due to what's called Harvest Now Decrypt Later attacks. With HNDL attacks, an adversary today can harvest and collect encrypted data. This data can't be accessed today, but as soon as a sufficiently powerful quantum computer comes into play, they'll be able to recover and decrypt all of that data. Any sensitive data that's being encrypted right now is vulnerable to quantum attack at a later date.

**Methods being deployed today to mitigate security risks from classical and advanced computation threats**

**Post Quantum Cryptography (PQC)**PQC replaces the currently in-use classical security algorithms that will be broken by quantum computers, with classical security algorithms that are designed to be resistant to quantum computation. These new security algorithms are based on math problems that are believed to be difficult for both classical and quantum computers to solve. PQC is a purely classical solution, and it can be deployed over the classical internet. That means it’s comparatively quick and easy to implement, and for this reason is thought of as a good short-term solution. However, PQC algorithms are not proven to be information-theoretically secure. PQC algorithms could be broken in the future by quantum or even classical computers. This isn't just a theoretical issue with PQC. Two promising PQC algorithm candidates, RAINBOW and SIKE, were broken by regular classical computers – not even supercomputers were required to crack them. RAINBOW was cracked in less than a weekend and SIKE was cracked basically in a single hour. Lack of provable security makes PQC a risky long-term solution.

**Quantum Key Distribution (QKD)**Quantum Key Distribution, or QKD, typically refers to prepare-and-measure quantum key distribution protocols that run on and are enabled by prepare-and-measure networks known as QKD networks. This is a physics-based solution, relying on the properties of superposition and measurement. You can use these quantum properties to always detect the presence of an eavesdropper. Because of this, you can use quantum information to establish a key that you're sure has not been intercepted. In theory, or at the protocol level, this is fully information-theoretically secure regardless of the computational power of any adversary. However, there are implementation vulnerabilities such as with using trusted relay nodes, which make this less secure in practice. To use QKD to distribute a key between distant nodes, you'll need to use trusted relay nodes. The “trusted” part of this term is misleading. Trusted relay nodes are not nodes that are proven trustworthy, but rather nodes that presumed to be trustworthy. If they are compromised, your key will be compromised as well. QKD networks also require the deployment of additional resources, such as QKD devices, and potentially additional optical fiber. QKD networks only support the single purpose of key distribution. An ideal solution would not have implementation vulnerabilities, and would have multi-purpose applications that enable more than just key distribution.

**Advanced Secure Communication**Advanced Secure Communication is used to refer to the entanglement-based security protocols that run over and are enabled by entanglement-based networks. This is a physics-based solution, relying on the property of entanglement. Similar to QKD protocols, these quantum properties can be used to detect the presence of an eavesdropper. You can use this information to establish a key that you're sure has not been intercepted. Not only does this work great in theory, or at the protocol level, it also addresses many of the vulnerabilities of QKD networks at the implementation level. The use of entanglement in Advanced Secure Networking allows us to overcome many of such issues that plague QKD, such as trusted relay nodes. In Advanced Secure Communication, entanglement-based teleportation is used to distribute information to endpoints on the network, and this information is never exposed on the network itself. Advanced Secure Communication runs over entanglement-based networks, which are multi-purpose networks. Advanced Secure Networking security schemes have been around for many decades, just waiting for the hardware technology to develop to the level they can actually be used. The technology is developing fast, entanglement-based networks are popping up all around North America and the world. Some of these networks have actually been able to test and run Advanced Secure Communication.

**Hybrid methodology**One popular proposed solution is to use PQC and Advanced Secure Communication together. PQC is a good short-term solution with fewer constraints to global implementation, and we're going to need the provable security and value of QSC long-term. Using a hybrid PQC / QSC solution together will be at least as strong as each solution on its own. A hybrid solution can only be compromised if both the PQC and QSC algorithms involved are compromised

**Benefits of entanglement-based secure networks **Advanced Secure Communication, enabled by entanglement-based Advanced Secure Networks, is an important and effective countermeasure to the looming quantum computation threat, as well as classical threats. The implementation of Advanced Secure Communication is secure in part because of quantum teleportation, which allows us to communicate quantum information between users of a network without that quantum information ever being exposed on the network. This means that even if a midpoint of the network is compromised, the quantum data will not be compromised.

Advanced Secure Communication is an excellent value. With Advanced Secure Communication, the same entanglement-based networks that enable this solution will enable advancements in quantum computing, sensing, and future distributed quantum applications. Advanced Secure Communication, using entanglement-based Advanced Secure Networks, is implementable near-term. The security schemes exist and have been verified; entanglement-based networks capable of running these schemes exist and are being built today. For more details about the examples explored here, see the on-demand webinar Real World Quantum Network Deployments.