person Tute World Team

Quantum Cryptography

Quantum mechanics gives us two gifts for cryptography: one worrying (Shor's algorithm can break current encryption), one extraordinary (quantum physics enables unbreakable key distribution). Understanding both is essential for anyone working in security in the quantum era.

Quantum Key Distribution (QKD)

Quantum Key Distribution allows two parties to establish a shared secret key with security guaranteed by the laws of physics — not mathematical hardness. Any eavesdropper is guaranteed to be detected.

The key insight: Measuring a quantum state disturbs it (the measurement problem). An eavesdropper can't read quantum-encoded information without altering it — and that alteration is detectable.

How QKD works conceptually

Alice sends Bob a stream of qubits, each encoding a random bit using a randomly chosen basis (think: polarization angle). Bob measures each qubit using a randomly chosen basis. About half the time, Alice and Bob chose the same basis — these measurements are correlated and form the raw key.

If an eavesdropper (Eve) intercepts the qubits, she must measure them — and her measurements disturb the qubits. When Alice and Bob later compare a sample of their key over a classical channel, they see statistically more errors than expected. This reveals Eve's presence. They discard the compromised key and try again.

The BB84 Protocol

BB84 (Bennett and Brassard, 1984) was the first and is still the most important QKD protocol. It uses single photons with four possible polarization states in two conjugate bases.

StepRectilinear basis (+)Diagonal basis (×)
Bit 0 → (horizontal) ↗ (diagonal +45°)
Bit 1 ↑ (vertical) ↘ (diagonal −45°)

The protocol steps:

  1. Alice randomly chooses a basis (+ or ×) for each bit and sends a photon in the corresponding state.
  2. Bob randomly measures each photon in a basis (+ or ×).
  3. Over a classical channel, Alice and Bob compare which bases they used (not the values).
  4. They keep only the bits where they used the same basis — about 50%.
  5. They sacrifice a sample to check for eavesdropping. If the error rate is too high, Eve was there; abort and restart.
  6. Apply privacy amplification and error correction to get a final shared secret key.

Real-World QKD Deployments

China's quantum satellite (Micius, 2017)

China demonstrated QKD over 1,200 km using a satellite, setting a world distance record for quantum-secure key distribution. This showed QKD can work intercontinentally.

Fiber QKD networks

Tokyo, Geneva, and other cities have running QKD networks over fiber optic cable. Banks and government agencies in these cities already use QKD for some high-security communications.

Limitations of QKD

QKD only solves key distribution — you still need classical encryption (AES) to encrypt the actual data. It's also expensive, distance-limited (~100 km without repeaters), and requires dedicated fiber infrastructure. It's not a replacement for post-quantum cryptography in most scenarios.

Post-Quantum Cryptography (PQC)

For most of the internet, the practical defense against quantum attacks is not QKD but post-quantum cryptography — classical algorithms designed to be secure against both classical and quantum computers.

CRYSTALS-Kyber

Key encapsulation mechanism (replaces RSA key exchange). Based on the hardness of learning with errors (LWE) over lattices. NIST standard as of 2024.

CRYSTALS-Dilithium

Digital signature scheme (replaces RSA signatures and ECDSA). Also lattice-based. NIST standard as of 2024.

SPHINCS+

Hash-based digital signatures. Extremely conservative security — relies only on hash function security, which is well-understood. Larger signatures than Dilithium.

FALCON

Fast lattice-based signature scheme. More efficient than Dilithium for some use cases. Also NIST-standardized.

Migration underway: Google Chrome, Apple Safari, and major cloud providers have already begun rolling out CRYSTALS-Kyber for TLS connections. The migration to post-quantum cryptography is happening now — even though large-scale quantum computers don't exist yet. "Harvest now, decrypt later" makes it urgent.

Frequently Asked Questions

Is quantum cryptography the same as post-quantum cryptography?

No — they're completely different approaches. Quantum cryptography (like QKD) uses quantum physics to secure communication. Post-quantum cryptography uses classical math (lattices, hash functions) designed to resist quantum attacks. Post-quantum cryptography runs on ordinary computers; quantum cryptography requires quantum hardware.

When will Shor's algorithm break current encryption?

Most experts estimate 10–20 years before quantum computers large enough to run Shor's on real RSA keys exist. But "harvest now, decrypt later" attacks mean data collected today could be decrypted in the future. The migration to post-quantum cryptography should start now for sensitive long-lived data.

Will TLS (HTTPS) change?

Yes. TLS 1.3 will be extended to support post-quantum key exchange and signatures. Many browsers and servers already support hybrid key exchange (classical + post-quantum in parallel). Full migration will take years but is underway.

Is quantum cryptography used commercially?

Yes, in limited contexts. Companies like Toshiba, ID Quantique, and Chinese companies sell QKD hardware for high-security applications: government communications, financial transactions, and critical infrastructure in certain countries. It's a niche, high-cost technology — not mass-market yet.

← Applications Overview Next: Quantum ML →

Frequently Asked Questions

What will I learn here?

This page covers the core concepts and techniques you need to understand the topic and progress confidently to the next lesson.

How should I use this page?

Start with the overview, then follow the section links to deepen your understanding. Use the table of contents on the right to jump to specific sections.

What should I read next?

Use the navigation below to continue to the next lesson or explore related topics.