Q-Crit Austria

The transition to a gigabit society is driven not only by many technical innovations, but above all by a high level of service quality and security in the underlying digital infrastructure. However, it is already apparent today that this foundation is fragile, especially as cyberattacks are increasingly targeting communications infrastructures and causing massive economic damage. In Austria alone, there was a 201% increase in cyberattacks within just one year (KPMG Digital Economy Security Forum, 2023). This damage is a stumbling block for innovation in the digitization process, which in turn underscores the importance of cybersecurity.
Most cyberattacks exploit either humans as weak points in computer networks (CEO fraud, phishing, etc.) or vulnerabilities in the implementation of hardware or software (zero days). Implementation vulnerabilities can usually be remedied by means of updates or component replacement and can thus be contained. Cyberattacks based on a fundamental vulnerability in procedures, such as cryptographic algorithms, are extremely dangerous. Such a vulnerability could be, for example, that the assumptions made at the time of specifying a cryptographic algorithm turn out to be incorrect. If cryptographic procedures become fundamentally vulnerable, the digital society in its current form can no longer be maintained, especially since any communication, such as money transfers, power plant control signals, or switch settings in the rail network, can be falsified. Such vulnerabilities are profound and cannot usually be remedied by simple updates to the communications infrastructure, leading to far-reaching economic and social upheaval. It is precisely this form of cyberattack that threatens our communications networks at the end of this decade. It is made possible by a cryptographically relevant quantum computer, which can break common asymmetric cryptosystems such as RSA or ECC using Shor's algorithm. Increasing the key length, such as switching from common RSA 2048 to RSA 4069 encryption, will then have no effect on the security of the cryptographic process, especially since the Shor algorithm is fundamentally more powerful than any classical algorithm.
 

The point in time at which a quantum computer becomes powerful enough to be “cryptographically relevant,” i.e., capable of breaking common cryptographic methods, is referred to as “Q day.” The Cloud Security Alliance predicts that this “Q day” will occur in April 2030 (Cloud Security Alliance, 2022). According to this forecast, the first supposedly encrypted messages will be accessible to an attacker in just over six years. The impact on our society will be profound, disrupting not only economic activity but also fundamental social functions. Since such cyberattacks will initially mainly affect companies with critical infrastructure (Institute for Technology Assessment of the Austrian Academy of Sciences, Austrian Institute of Technology Center for Innovation Systems and Policy, 2021), these are particularly worthy of protection, as are the users in this submission. To ensure the quantum resilience of critical infrastructure, quantum key distribution (QKD) is considered an essential component of cybersecurity strategy. QKD uses physical principles for a cryptographic process that cannot be attacked by computer-based attacks, neither by those known today nor by future attacks. As part of this flagship project, QKD is to be tested in a practical environment. This includes the trouble-free long-term operation of a QKD system prototype in the wide area networks of a critical infrastructure company. The operation of a QKD system developed by an Austrian deep tech company in the wide area networks of an Austrian infrastructure company is a novelty that, in addition to its economic and social implications and the expansion of the leading role of the companies involved in this field, also has a high symbolic character for the Austrian research and innovation landscape.