The use of quantum technologies in computing offers powerful solutions. Such devices range from quantum key distribution systems that provide transmission of information in a way, which, according to our current understanding of physics, cannot in principle be intercepted by third party eavesdroppers, to more basic devices, such as quantum random number generators that can provide significant security strengthening both to the commonly used cryptographic solutions as well as to the new post-quantum algorithms that are currently being developed and their suitability for standardization is being assessed.
The goal of the IMCS UL is the introduction of such emerging quantum cryptography solutions and the development and adaptation of software tools that are best suited for the computing infrastructure as well as the existing practice of use of cryptographic techniques in Latvia.
The research and development will be centred around two application areas:
1) the practical usage and exploitation of devices that provide purely quantum communication channels that are in principle secure to any third party eavesdroppers;
2) the practical applications based on quantum random number generators, which are currently becoming available on the market, can provide additional strengthening to communication-based on both the classical asymmetric cryptographic algorithms (such as RSA, DSA or DH) as well as their "post-quantum" replacements that currently are being actively developed (such as advanced McEliece scheme variations, lattice-based and multivariate cryptography).
Quantum Technology Research IMCS UL began in 2019, establishing a collaboration with the Swiss-ASV-China-South Korean co-firms ID Quantique and installing the QKD research platform Clavis ID3200 QKDS, which provides a clean quantum communications channel between the two devices.
Regarding the first area, the planned developments will take advantage of the availability at IMCS UL of Clavis ID3200 QKDS which provides a purely quantum communication channel between two devices. With the available communication speed, however, being quite limited (only up to 1.4 kb/s), the devices are configured only for secure encryption key exchanges (that can then be used by communication using symmetric encryption algorithms), or, alternatively, can be used as very fast and high entropy random number generators. Such QKDS devices, however, are still quite expensive (around 0.25M euro for a pair of devices) and the requirement of availability of a dedicated optical transmission channel between any pair of such devices makes the development of a larger communication network secured by purely quantum, encryptions impractical. As a potentially practical solution, IMCS UL plans the development of methods and application prototypes that uses such QKDS devices as a shared resource.
For the first of the use cases, the plans are to develop a secure (even against eavesdropping from the transmission site, apart from active cheating attacks – e.g. replacement quantum random generator by another source) remote access functionality to QKDS as very fast and high entropy random number generation source. Although in principle the available pseudorandom number generation methods can be considered secure, with deficient implementations or inappropriate usage, the errors (e.g. repeated or predictable numbers) in pseudorandom number generation can easily lead to very critical vulnerabilities. Due to this reason for increased security, a number of applications rely on higher entropy sources (such as /dev/random buffer on Linux systems) for key generation, however, such a process can be very slow for a generation even of a single set of keys. The dependence of very high entropy random number generation for "post-quantum" asymmetric schemes is still difficult to assess (with any concrete standards still lacking), however, the need for keys of a larger length quite likely will require even faster and higher entropy random number sources, and QRNG currently seems to be the most promising candidate for such sources.
For the second of the use cases, the plans are to develop secure remote access functionality to QKDS as shared key exchange centers. The planned communication protocol envisages connection to a local "trusted" QKDS (with communication secured by symmetric encryption using shared secret keys) as well as to a remote (and less trusted) QKDS connected to a local QKDS with a purely quantum encryption channel. The security of this connection will be provided by symmetric encryption using session keys generated by communication with a local QKDS. The roles of local and remote QKDS will be reversed for the other communication partner. The communication will be based on the use of a purely quantum channel (in principle secure against eavesdropping) and symmetric encryption algorithms, thus being secure from potential analysis by quantum computing methods. The secret symmetric key distribution will be restricted to local "trusted" environments, and the communication will be secure against any single point vulnerability (for a successful attack either both QKDS servers or one of the end user’s devices will need to be compromised).
Regarding the second area, the plan is to develop application prototypes for communication between computing devices that are equipped with built-in QRNG chips. Such chips are currently becoming available on the market and can be used by either PCIe (Quantis-PCIe-4M) or USB interfaces Quantis- USB-4M). The chips provide a bit rate up to 4Mb/s (higher rates are available, but are not needed for prototype development) and are comparatively inexpensive.