Quantum Key Distribution
What Is Quantum Key Distribution?
Quantum key distribution (QKD) is a cryptographic method that uses quantum mechanical properties to allow two parties to generate and share a secret key whose security is guaranteed by the laws of physics rather than by the assumed hardness of a mathematical problem. The key is generated by transmitting quantum states, typically individual photons, between a sender and a receiver over an optical channel. Any eavesdropper attempting to intercept the transmission necessarily disturbs the quantum states in a detectable way, alerting the communicating parties before any secret information is compromised. This property distinguishes QKD from conventional key-exchange protocols such as Diffie-Hellman, whose security can be broken by a sufficiently powerful quantum computer running Shor's algorithm.
The field traces to the BB84 protocol, introduced by Charles Bennett and Gilles Brassard in 1984, which encodes key bits in the polarization states of individual photons using two non-orthogonal bases. A complementary approach, the E91 protocol, introduced by Artur Ekert in 1991, uses pairs of entangled photons and Bell inequality tests to certify security. Both protocols have been implemented in deployed fiber-optic networks and free-space links, including satellite-based demonstrations spanning more than 1,000 kilometers. NIST provides an accessible introduction to the distinction between QKD and post-quantum cryptography in What Is Quantum Cryptography?
Protocol Classes
QKD protocols fall into two broad families: prepare-and-measure protocols and entanglement-based protocols. In prepare-and-measure schemes such as BB84, the sender encodes bits into individual quantum states and sends them; the receiver measures in a randomly chosen basis and later reconciles with the sender to discard mismatched basis choices, a step called sifting. In entanglement-based protocols derived from E91, a source generates entangled pairs and distributes one particle to each party; security can in principle be verified through Bell tests without trusting the source. A third class, continuous-variable QKD, encodes information in the quadratures of a coherent optical state rather than in discrete single-photon polarization, offering compatibility with standard telecom hardware.
Security Proofs and Practical Limitations
The security of QKD rests on information-theoretic proofs showing that the information available to any eavesdropper can be bounded, provided the underlying quantum channel model holds. Key results include composable security proofs that quantify the residual information leakage in finite-length key exchanges. Practical implementations face several challenges not captured in ideal proofs: detector side-channel attacks exploit imperfections in real photon detectors, multi-photon pulses from weak laser sources leak information, and the maximum distance for fiber-based QKD is limited to roughly 100 to 200 kilometers before loss overwhelms the secure key rate. An overview of the protocol landscape and its limitations is given in the arXiv review of quantum key distribution.
Integration with Classical Cryptography
QKD is not a complete cryptographic system by itself: it delivers symmetric key material but still relies on classical authentication to prevent man-in-the-middle attacks during the reconciliation phase. Deployed QKD networks typically combine the quantum channel with authenticated classical channels and use the resulting symmetric keys to supply one-time-pad or AES-based encryption. Research on hybrid QKD and post-quantum cryptography schemes combines QKD-generated keys with NIST-standardized post-quantum algorithms, such as ML-KEM, to provide a layered defense in which breaking one layer does not compromise the full system. These considerations reflect the growing recognition that QKD and post-quantum cryptography are complementary rather than competing technologies.
Applications
Quantum key distribution has applications in a range of fields, including:
- Secure financial transaction networks requiring long-term forward secrecy
- Government and defense communication links with information-theoretic security guarantees
- Metropolitan optical fiber networks integrating QKD with existing telecom infrastructure
- Satellite-based QKD for global-scale secure key exchange