Security CEO and founder of Safe Quantum Inc. is advocating for the adoption of quantum key distribution (QKD) as a secure method for encrypting data communications. QKD generates secure keys to encrypt and decrypt data between secure endpoints, offering a promising solution to safeguard sensitive information in the face of potential quantum computing threats. Despite the global interest in QKD, the U.S. National Institute for Standards and Technology (NIST) has not certified it for Federal Information Processing Standards (FIPS) compliance, unlike other cryptographic protocols.
NIST’s reluctance to certify QKD is puzzling, considering its role in certifying products involved in encrypting sensitive information. The organization, along with the National Security Agency, has instead focused on post-quantum cryptology (PQC) based on mathematical algorithms, which could pose a single point of failure in the event of a quantum attack. This departure from traditional security practices of defense in depth raises concerns about the resilience of current encryption methods against future quantum threats.
Advocates for QKD argue that the technology is based on unalterable properties of quantum physics, making it a more secure and reliable option compared to algorithmic-based solutions. Major organizations in telecommunications, finance, and government sectors are exploring the potential benefits of QKD, prompting calls for NIST to establish protection profiles for certifying QKD as a secure encryption method. By collaborating with QKD providers, NIST could ensure the security of sensitive data in both public and private sectors.
The European Telecommunications Standards Institute (ETSI) and Cordis in Europe have already begun setting QKD standards, signaling a shift towards adopting this technology globally. Without NIST’s endorsement, other organizations may follow European standards for QKD certification, potentially leaving the U.S. behind in the quantum security landscape. Advocates urge NIST to reconsider its stance on QKD and collaborate with industry experts to establish security protocols for certifying QKD as a valid encryption method.
Amid growing interest and investment in quantum technologies, the need for resilient and secure encryption methods like QKD is more critical than ever. By certifying QKD as an acceptable security program alongside PQC, NIST could provide a defense-in-depth strategy against quantum threats. The push for NIST to prioritize QKD certification underscores the importance of incorporating cutting-edge security technologies into existing frameworks to ensure data protection in an evolving threat landscape.