of quantum computers. We assume
there exist quantum computation devices that offer advantages in many
useful applications compared with
the best classical computers. At that
time, there will be tasks that involve
quantum computers and communication and processing of quantum information, where the parties involved
want to maintain the privacy of their
data and have guarantees on the security of the tasks achieved. This period
may not be too far, since quantum devices being developed now are already
crossing the limit of quantum computations that can be simulated by classical supercomputers.
These categories, in general, in-
clude all aspects of cyber security. We
will focus on the effects that quantum
technologies have for cryptographic
attacks and attacks that exploit vulner-
abilities of the new quantum hardware
when such hardware is used. As far as
exploits of other vulnerabilities of ex-
isting classical hardware is concerned
(for example, timing attacks), we do
not expect they will significantly ben-
efit from quantum technologies and
thus we do not expand further.a
This review. First of all we clarify
what this review is not. It is not an ex-
haustive list of all research in quan-
tum cyber security, neither a his-
torical exposition on how quantum
cryptography developed, nor a proper
introduction to the field including the
background required. Excellent such
reviews have been written (for exam-
ple, Broadbent13).
Our aim in this article is twofold. On
the one hand, we want to clarify misconceptions and organize/categorize
the research landscape in quantum
cyber security in a comprehensible and
approachable way to the non-experts.
On the other hand, we want to focus on
specific aspects, for each of the quantum cyber security research categories
given here that we believe have been
underrepresented in research and exposure to the public, despite being very
important. We clarify some facts about
quantum computers and quantum
adversaries, setting the stage to ana-
a One could imagine that enhanced quantum
sensing and quantum metrology could improve certain side-channel attacks, but this is
beyond the scope of this article.
are (see Figure 1). In the first category
we ensure that currently possible tasks
remain secure, while in the other two
categories we explore the new possibilities that quantum technologies bring.
As is typical in cryptography, we
first assume the worst-case scenario
in terms of resources, where the honest parties are fully classical (no quantum abilities), while the adversaries
have access to any quantum technology (whether this technology exists currently or not). In particular we assume
they have a large quantum computer.
Ensuring the security and privacy guarantees of a classical protocol remain
intact is known as post-quantum (or
“quantum-safe”) security.
In the second category we allow
honest parties to have access to quan-
tum technologies in order to achieve
enhanced properties, but we restrict
this access to those quantum technolo-
gies that are currently available (or that
can be built in near-term). Requesting
this level of quantum abilities comes
from the practical demand to be able
to construct now, small quantum
devices/gadgets that implement the
“quantum” steps of (the honest) pro-
tocols. The adversaries, again, can use
any quantum technology. In this cat-
egory we focus on achieving classical
functionalities but we are able to en-
hance the security or efficiency of the
protocols beyond what is possible clas-
sically by using current state-of-the-art
quantum gadgets.
Finally, the third category looks further in the future and examines the security and privacy of protocols that are
possible (are enabled) by the existence
Figure 1. Schematic representation of the quantum cyber security research landscape.
Red boxes are the three categories of research. Dotted lines indicate the resources (computation and
communication) required from the honest parties. Green boxes represent issues on which we focus
in this review. For the post-quantum category, we consider the changes required: which are the hard
problems used, security definitions and proof techniques. For the quantumly enhanced category
we consider the types of enhancements we may get in different protocols: information theoretic
security (from computational), increased efficiency, functionalities impossible classically (even with
computational assumptions). For the quantumly enabled category we consider separately the different
communication infrastructures available (classical/quantum).
Honest
Parties
Classical Computation
Classical Communication
Small Qauntum Device
Quantum Communication
Large Quantum Computer
Classical or Quantum
Communication
Adversaries
(Full Quantum)
Post-Quantum
Quantumly Enhanced
Quantumly Enabled
Hard
Problem
Security
Definitions
Proof
Techniques
Info. Theor.
Security Efficiency Novel Functionalities
Quantum
Infrastructure
Infrastructure