Towards an ultra-secure communication network for the EU

Words: Prof. André Xuereb, Merqury Cybersecurity Limited

Secure communication over the Internet depends on the use of asymmetric cryptography. Much like multiplying two numbers (61 × 89 = 5,429) is exponentially easier than prime factorisation (5,429 is the product of which two prime numbers?), asymmetric encryption is easy to perform but seems fiendishly hard to reverse without knowing the right key.

However, this difficulty is a mirage. Sufficiently sophisticated quantum computers are known to have the capability to efficiently decrypt algorithms such as the ubiquitous RSA[1] or elliptic curve cryptography. Disconcertingly, the “intercept now, decrypt later”[2] attack means that data transmitted today is vulnerable, even though no such computer exists yet. Quantum key distribution (QKD)[3] was developed to counter this threat by exploiting the laws of the universe to create information theoretically secure communication links. The need to adopt this technology is apparent and urgent.

In 2019, the EU launched the European Quantum Communication Infrastructure[4] (EuroQCI) initiative, which aims at creating a continent-wide ultra-secure communication network built on QKD². Several EuroQCI projects[5] are currently in progress to help demonstrate the feasibility of this vision. The Maltese project Physical Security for Public Infrastructure in Malta[6] (PRISM), in which we[7] participate, is building a country wide QKD network for servicing the public sector.

PRISM is deploying technology that can retrofit QKD into existing communication networks without requiring any software updates, and which goes beyond point-to-point QKD links. This advance is key to creating a new generation of communication networks that are resilient to this unprecedented class of cybersecurity threat.

PRISM is co-funded by the European Union under the Digital Europe Programme grant agreement number 101111875. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or the European Commission. Neither the European Union nor the granting authority can be held responsible for them.