Kristiaan De Greve is Programme Director of quantum computing at IMEC, Associate Professor at the Faculty of Engineering Science at KU Leuven and visiting researcher at Harvard University. He obtained his engineering degree in electrical engineering from KU Leuven and earned his PhD on quantum bits and quantum repeaters at Stanford University. His scientific interests cover a broad spectrum, from advanced materials research, quantum mechanics and cryptography to artificial intelligence. Belnet spoke with him about the future of quantum computing, QKD and cryptography.
There is a lot of talk about the possibilities of quantum computers, but what are the risks?
It's important to remember that there is no operational quantum computer yet. But once these arrive - likely within the next 15 to 20 years - the current cryptographic systems we use to exchange keys with each other could be compromised. These keys are the basis for encrypting, and therefore securing, our Internet traffic.
Indeed, a quantum computer will be able to crack systems such as RSA (a commonly used encryption algorithm for data transmission). This is a fundamental weakness in the cryptographic chain. Cryptographers are aware of this and have been working for some time to standardise new encryption techniques that can be implemented by standard computers, which we know a quantum computer cannot actually do anything with. This is what we call post-quantum cryptography.
What the cryptographers are doing is defining a mathematical problem that can be transformed in such a way that it is unsolvable even for a quantum computer, and then using this as the basis for encryption. Post-quantum cryptography therefore has nothing to do with quantum, but with clever mathematics. Of course, there are no guarantees that this mathematical problem could not be attacked if anything more powerful than a quantum computer ever came along.
This is where quantum key distribution (QKD) comes into play. What are the principles behind this and is it 100% safe?
If you want to move away from mathematics and base cryptography on the fundamental forces of nature, you end up with quantum key distribution. For more than 40 years now, the research community has been looking into how we can also use the laws of quantum mechanics for secure communications and thus for cryptography.
QKD uses certain fundamental properties of quantum mechanics, such as the fact that certain measurements cannot be combined with each other. If you apply them properly and build them into your systems, no-one can ever intercept or crack your system. Specifically, this means that you can make the chain between a sender (Alice) and a receiver (Bob) 100% secure.
In theory, this is the perfect security, but in practice there are still drawbacks and limitations. To start with, QKD requires a specific network with dedicated fibres to which special systems are connected. These are currently still extremely expensive and limited in distance. To ensure secure communication over longer distances, you still need to rely on other systems such as quantum repeaters, which do not currently exist.
Conventional cryptography also does more than just transmit keys, it also checks, for example, whether the sender and receiver are indeed who they claim to be, and you can't do that with QKD. So you only solve part of the problem. But in a way that solves it permanently, via quantum mechanics.
You can compare it to a house you want to secure against burglars. You can either secure the entire home reasonably securely or you can make the front door out of a type of reinforced steel that is 100% burglar-resistant. That is exactly the difference between post-quantum cryptography and QKD. In my view, the best protection is a combination of both. To claim that QKD is the solution to protect cryptography from a quantum computer purely by itself is therefore too simplistic.
Are there already many use cases for QKD networks?
Not at the moment. Certain industries, such as banking, are looking at it pragmatically and taking a wait-and-see approach for the time being. They first want to know what they can gain from it, and whether it is worth the investment. For specific environments, such as governments that want to exchange highly confidential information, it is definitely worthwhile.
Once miniaturisation arrives and the price of QKD systems comes down, I expect there will be more take-up. Incidentally, that is also something we are looking at in the BeQCI project: part of the research we are conducting pertains to the integration and miniaturisation of components.
The applications of quantum are, of course, much broader than QKD. For research institutions, for example, quantum chemistry offers a lot of possibilities in the long run, e.g. for developing molecules or medication. Quantum computers will be ideal for solving specific problems that we will find difficult or impossible to solve with an "ordinary" computer, such as quantum chemistry.
Whether R&D institutions will eventually use QKD systems I think will partly depend on what they see as the biggest threat in terms of security: are they more afraid that the information they exchange between different sites will be hacked than the information they store locally?
What is the focus of the BeQCI project?
On the one hand, we are building an infrastructure that is as future-proof as possible. In other words, we are not using technologies that will be incompatible in the near or distant future with a veritable quantum internet, which will connect quantum computers and quantum sensors. The latter is also the reason why we opted to partly set up a separate test-bed within the project instead of fully implementing the lines on the existing, and thus shared with normal Internet traffic, Belnet fibres.
In this respect, we are strongly aligned with our Dutch colleagues. Together with them, I think we are among the most cutting-edge in Europe. We are working towards a long-term vision that is already looking beyond what the EU is calling for.
At the same time, we are working with experts to build conventional solutions for cryptography. Within the European project, we are the ones who have pushed through the synergy between post-quantum cryptography and QKD the furthest, from a security perspective.
In addition, research within the project is also focusing on making chips that can make QKD systems cheaper and therefore facilitate their take-up. These discussions are not purely academic; they are also about money. Indeed, the cost of QKD is still a serious stumbling block.
In what areas do you expect the biggest breakthroughs in the coming years?
I expect the development of quantum computers to accelerate significantly over the coming five years or so. Researchers are now focusing on what is called a logical (stable) qubit. If we manage to produce one logical qubit, the problem becomes much more scalable than with the current unstable qubits.
On the communication side, quantum repeaters are still extremely difficult. These are crucial for transmitting quantum signals and increasing the distances of QKD networks. There have been a few experiments, but really getting them to scale is a challenge. I predict that by the end of the decade there will be some serious progress, at least at the lab level.
After that, all the ingredients are available to develop a veritable quantum internet and it is 'just' a question of investment.