{"id":100425,"date":"2025-01-10T09:22:11","date_gmt":"2025-01-10T08:22:11","guid":{"rendered":"https:\/\/eiposgrados.com\/?p=100425"},"modified":"2024-12-26T17:54:51","modified_gmt":"2024-12-26T16:54:51","slug":"future-cybersecurity-qkd-vs-pqc","status":"publish","type":"post","link":"https:\/\/eiposgrados.com\/eng\/dpo-blog\/future-cybersecurity-qkd-vs-pqc\/","title":{"rendered":"Post-Quantum Cryptography vs. QKD: Which is the best option for the future of cybersecurity?"},"content":{"rendered":"

The Future of Cybersecurity<\/strong><\/h2>\n\n\n\n

In the field of cybersecurity, Quantum Key Distribution (QKD) is often touted as a \u201c100% secure by the laws of physics\u201d alternative to addressing quantum future threats. QKD allows two remote parties to agree on a shared secret key using an insecure quantum channel and an authenticated classical communication channel. <\/p>\n\n\n\n

The theoretical security of QKD protocols is based on quantum-physical principles, which means they are theoretically secure even against attackers with unlimited computational power or future algorithmic advances. Furthermore, QKD can detect the presence of eavesdroppers, since any non-trivial interaction with a quantum state changes it, which can be detected by the involved parties.<\/p>\n\n\n\n

Limitations of QKD<\/strong><\/h2>\n\n\n\n

However, QKD faces its own limitations, which are rarely discussed by vendors and which seriously compromise its applicability. Many experts agree that this technology has not yet reached the maturity necessary to offer the security levels required in most applications.<\/p>\n\n\n\n

Recently, cybersecurity agencies in the Netherlands (NLNCSA<\/a>), France (ANSSI), Germany (BSI<\/a>) and Sweden (Swedish NCSA) published his position regarding Quantum Key Distribution<\/a> in a paper highlighting the main limitations of QKD:<\/p>\n\n\n\n

    \n
  1. Limited functionality<\/strong>While post-quantum cryptography (PQC) can address multiple cryptographic purposes such as encryption, digital signatures, and key agreement, QKD is limited exclusively to key distribution. Furthermore, to ensure its security, it requires additional cryptographic authentication mechanisms based on classical systems, which complicates its implementation and operation.<\/li>\n\n\n\n
  2. Lack of standardization<\/strong>QKD has not undergone a rigorous standardization process, such as that carried out by NIST for PQC. This creates uncertainty regarding its interoperability and reliability in practical applications, since without technical consensus, the evaluation and widespread adoption of this technology is difficult.<\/li>\n\n\n\n
  3. Insufficient safety testing<\/strong>The mathematical models currently used to test the security of QKD are theoretical and do not adequately reflect real-world conditions. Furthermore, comprehensive security tests that comprehensively address practical vulnerabilities have not yet been developed, leaving significant gaps in their implementation.<\/li>\n\n\n\n
  4. Distance limitations<\/strong>QKD communication relies on quantum channels such as optical fiber or free-space channels, which are subject to exponential signal loss as distance increases. Currently, commercial implementations reach maximum distances of a few hundred kilometers. Although quantum repeaters represent a potential solution, they are still in the research stages and, in their current form, act as trusted nodes, introducing risks to the access of sensitive information.<\/li>\n\n\n\n
  5. High costs and complexity<\/strong>QKD requires specialized quantum infrastructure, such as single-photon sources and detectors, which are very expensive to acquire and maintain. This makes its adoption impractical for mass applications and increases the risks associated with hardware-specific attack vectors. Furthermore, detecting eavesdropping attempts can trigger denial-of-service attacks that have not been fully studied.<\/li>\n<\/ol>\n\n\n\n
    \"Cybersecurity\"<\/figure>\n\n\n\n

    The immediate future lies with the PQC<\/strong><\/strong><\/h2>\n\n\n\n

    Post-quantum cryptography (PQC), for its part, comprises a set of cryptographic mechanisms designed to be secure against classical and quantum computer attacks. <\/p>\n\n\n\n

    Unlike QKD, PQC is based on complex mathematical problems whose resolution is beyond the reach of known quantum algorithms. Furthermore, it can be implemented on classical hardware, allowing its integration into existing communication infrastructures. In fact, has undergone rigorous standardization processes<\/a>, which reinforces its reliability and facilitates its widespread adoption.<\/p>\n\n\n\n

    In summary, Post-quantum cryptography is more mature, flexible and accessible than QKD<\/strong>PQC can be easily integrated into existing technologies without requiring massive investments in infrastructure. Although research into QKD is advancing rapidly, according to these four security agencies, the time has not yet come to rely on this technology to ensure the security of our communications.

    In this context, according to their recommendation, organizations should prioritize migration to post-quantum cryptography to mitigate future risks.

    What do you think about this perspective? Is your organization already considering transitioning to PQC? Share your thoughts in the comments!<\/p>\n\n\n\n

    Find out everything in our\u00a0Blog<\/strong><\/a>\u00a0and train in Cybersecurity with our\u00a0Professional Master's Degree in Cybersecurity Management, Ethical Hacking, and Offensive Security.<\/a><\/strong><\/p>","protected":false},"excerpt":{"rendered":"

    The Future of Cybersecurity In the cybersecurity space, Quantum Key Distribution (QKD) is often touted as a \u201c100% secure alternative\u201d \u2026 Read more<\/a><\/p>","protected":false},"author":4227,"featured_media":100448,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[330,368,367,332],"tags":[1525],"class_list":["post-100425","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-dpo","category-compliance","category-proteccion-de-datos","category-blog-ciberseguridad","tag-ciberseguridad"],"acf":[],"_links":{"self":[{"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/posts\/100425","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/users\/4227"}],"replies":[{"embeddable":true,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/comments?post=100425"}],"version-history":[{"count":0,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/posts\/100425\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/media\/100448"}],"wp:attachment":[{"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/media?parent=100425"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/categories?post=100425"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/tags?post=100425"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}