Secure communication

Secure communication

Confidential communication rests on symmetric encryption: Alice and Bob hold a shared secret key K and use a fast cipher such as AES to encrypt and decrypt with it. That part is settled; the open problem is key distribution — getting the same K to both parties over a public network without an eavesdropper, Eve, obtaining a copy. Quantum key distribution is one answer to that problem; understanding where it fits means first seeing the alternatives.

The quantum threat falls on key distribution, not on the cipher itself. Against a symmetric cipher, Grover's algorithm only speeds up brute-force key search quadratically — halving the effective key length — and it parallelises poorly, so that speed-up is hard to realise at scale. Grassl et al. 2016 AES-128 therefore drops to roughly 64-bit effective strength but is assessed likely to stay secure for years; AES-256 keeps a 128-bit margin and is the recommendation for long-lived data, the most NIST asks of symmetric encryption being a doubling of key size. Chen et al. 2016

Three ways to distribute a shared key

How Alice and Bob get a shared key — and where QKD fits 1 Symmetric encryption — fast, once Alice and Bob share a key K Alice Bob Eve encrypt decrypt · · ciphertext · · public channel shared secret key K 2 Key distribution — the hard part Get that same key K to both sides over a public network — without Eve obtaining a copy. 3 Three ways to distribute that key CLASSICAL PUBLIC-KEY RSA · ECDH Both sides agree a key by exchanging public values over the same public channel. secures on ▸ computational hardness — factoring, discrete log Broken by a cryptographically- relevant quantum computer (Shor) POST-QUANTUM CRYPTO ML-KEM (FIPS 203) Same public-channel key agreement, rebuilt on a lattice problem. secures on ▸ computational hardness — module lattices (MLWE) No known quantum attack; a software upgrade QUANTUM KEY DISTRIBUTION QKD — BB84 Key bits carried on single photons over a quantum channel; sifted over a public channel. secures on ▸ physics — no-cloning, measurement disturbs Eavesdropping raises the error rate → it is detected msg
Symmetric encryption needs a shared key K. Classical public-key agreement (RSA, ECDH) is broken by Shor's algorithm on a cryptographically-relevant quantum computer; ML-KEM and QKD are the two responses — one keeps the computational model and changes the mathematics, the other moves the security onto physical law.

Three ways deliver that key, and they differ in what their security rests on:

  • Classical public-key agreement (RSA, ECDH). Both sides derive a shared key from public values exchanged over the open channel. Security rests on the computational hardness of factoring or the discrete logarithm — both of which a cryptographically-relevant quantum computer (CRQC) solves in polynomial time with Shor's algorithm, breaking them. Shor 1997
  • Post-quantum cryptography (ML-KEM, NIST FIPS 203). The same public-channel key agreement, rebuilt on a lattice problem with no known efficient quantum attack — a software upgrade to the existing model. Technology 2024
  • Quantum key distribution (BB84). Carries key material on single quantum states, Bennett et al. 1984 so its security rests on physics — the no-cloning theorem Wootters et al. 1982 and the disturbance any measurement imposes on a quantum state — rather than on an assumption about an adversary's computing power. An eavesdropper who intercepts the photons raises the error rate and is detected. Pirandola et al. 2020

ML-KEM and QKD are the two responses to the quantum threat against classical public-key cryptography: one changes the mathematics, the other changes the trust basis to physical law. QKD is the response that needs a quantum network — a quantum channel between the endpoints and, over distance, trusted nodes or repeaters.

Quantum key distribution (QKD)

QKD is the only application of quantum networking with commercial deployment today. Two paradigm families: prepare-and-measure protocols (BB84 and its variants, with decoy states for security against photon-number-splitting attacks) where Alice prepares states and Bob measures; and entanglement-based protocols (BBM92, Ekert91) where a shared Bell pair is the resource. Variants address specific operational constraints: Measurement-Device-Independent QKD (MDI-QKD) puts the trust in the source and removes detector side-channel attacks; Twin-Field QKD (TF-QKD) scales the key rate as √η rather than η, doubling effective reach, and now holds the fibre-distance record at 1002 km Liu et al. 2023 . A separate research thread, High-Dimensional QKD (HD-QKD), encodes each photon in a qudit (d > 2, via time-bin or orbital-angular-momentum modes) to raise bits-per-photon and noise tolerance Islam et al. 2017 — still academic; no commercial deployments.

QKD requires the lowest fidelity threshold of any quantum-network application — ~0.85 raw is workable after error correction and privacy amplification, and field-deployed systems run reliably between metropolitan-scale endpoints. The bulk of vendor activity in quantum networking is QKD Kumar et al. 2025 .

For the broader set of network-consuming applications — distributed and blind quantum computing, networked sensing, position verification, multiparty consensus — see the applications subject.