Performance and Security Evaluation of Quantum-Secure Symmetric Key Agreement

Quantum computing leverages the principles of quantum mechanics to process information. Unlike classical computers, which use bits (0s and 1s) to perform calculations, quantum computers use quantum bits or qubits. Qubits can exist in multiple states simultaneously, thanks to two key quantum phenomena: superposition and entanglement. The combination of qubits’ massive parallel processing capabilities with Shor’s quantum algorithm has raised significant concerns, as it has the potential to compromise the security of current classical public key cryptographic systems. In addition, as mentioned in our paper [1], "existing quantum-safe public key exchange protocols still face significant challenges both in hardware and software-based approaches. Quantum key distribution, which relies on specialized quantum hardware, presents a significant barrier to widespread adoption due to its high cost and limited scalability. Conversely, software-based solutions using post-quantum algorithms introduce complications, such as increased resource demands and larger ciphertexts. Furthermore, the security of these post-quantum algorithms remains relatively untested, which has led to the emerging trend of hybrid deployment, combining classical and quantum-resistant techniques to hedge against potential vulnerabilities". Recently, Arqit proposed a quantum-secure symmetric key agreement (SKA) protocol, claiming that it is lightweight and scalable [2] to address these problems. As summarized from their whitepaper [3], the proposed protocol operates by initially sharing random secret parts encrypted using multiple post-quantum key exchange mechanisms. These encrypted parts are then sent to and processed by their proprietary cloud-based SKA server platform, which employs an undisclosed hashing technique to combine the secrets and derive quantum-safe symmetric keys. These lightweight symmetric keys are subsequently used to enable secure communication between entities. However, their proprietary solution is not available for independent analysis. To evaluate the performance and scalability of quantum-secure SKA solutions, we develop variations of the SKA protocol using open-source and accessible components in this work. As mentioned in our paper [1], "these SKA schemes involve a hybrid mechanism, leveraging secret strings distributed through a combination of existing classical and quantum public key pairs during the initial key exchange. This hybrid approach enhances security by utilizing both quantum-resistant algorithms and classical methods, mitigating the risks associated with the developing nature of post-quantum cryptography. After the initial key exchange, the protocol completes the process using a quantum-safe AES symmetric key, ensuring security and efficiency. All communications are securely authenticated over classical TLS, making this solution compatible with existing infrastructure". As also mentioned in our paper [1], "the contributions of this work are threefold. First, we demonstrate that this protocol incurs minimal performance overhead, with only 99ms for purely quantum SKA and 199ms for the hybrid version, compared to the classical SKA protocol. Second, this SKA protocol remains robust under various network conditions, including network delays, packet losses, and bandwidth variations, maintaining small and consistent overheads. Third, we show that this solution is highly scalable, with an overhead of only one second for every additional five concurrent users. That performance improves significantly with increased computational resources—achieving a 50-60% improvement when scaling from two to four CPUs. Additionally, our security evaluations confirm that the protocol provides consistent and sufficient randomness throughout the key agreement process, ensuring quantum-resistance at every stage".<p></p>