Quantum Cryptography

Quantum cryptography uses properties of quantum mechanics, primarily the no-cloning theorem and the disturbance caused by measurement, to secure communication in ways that are impossible with classical methods. The most mature and deployed form is quantum key distribution (QKD), which allows two parties to establish a shared secret key with security guaranteed by physics rather than computational hardness.

This is a fundamentally different security model from classical cryptography. Classical cryptographic security rests on the assumption that certain mathematical problems (factoring large primes, computing discrete logarithms) are hard to solve. Quantum cryptographic security rests on physical laws: you cannot measure a quantum state without disturbing it, and you cannot copy an unknown quantum state.

The details

The two foundational QKD protocols are:

BB84 (Bennett and Brassard, 1984): Alice prepares photons in one of four polarization states encoding 0 or 1 in two different bases (rectilinear: $|0\rangle, |1\rangle$; diagonal: $|+\rangle, |-\rangle$). She sends them to Bob, who measures each in a randomly chosen basis. They then compare bases over a public classical channel and discard measurements where they used different bases. The remaining bits form the raw key. Any eavesdropper (Eve) must measure the photons in transit, necessarily using the wrong basis half the time, introducing errors detectable by Alice and Bob.

The error rate introduced by a perfect eavesdropper in BB84 is $25\%$ on the sifted key. Alice and Bob measure the error rate on a randomly selected sample; if it exceeds a threshold (typically around $11\%$ for the optimal attack), they abort and assume the channel is compromised.

E91 (Ekert, 1991): Uses entangled Bell pairs distributed between Alice and Bob. Security is verified by testing Bell inequalities: a violation proves no eavesdropper has measured the qubits, because eavesdropping would reduce the observed violation. This protocol connects QKD security directly to the foundations of quantum mechanics rather than practical measurement disturbance.

The security of QKD is information-theoretic: even an adversary with unlimited computational power cannot break it. This contrasts with RSA, which is computationally secure (safe against current computational resources) but not information-theoretically secure.

Why it matters for learners

Quantum cryptography bridges quantum physics and real-world security. Understanding it requires knowing three quantum concepts: superposition (quantum states can be in multiple states until measured), the no-cloning theorem (unknown quantum states cannot be copied), and measurement disturbance (measuring a quantum state changes it).

The distinction between quantum cryptography and post-quantum cryptography (PQC) is critical and often confused:

• QKD uses quantum hardware (photon sources, single-photon detectors, quantum channels). Security is physical.
• PQC runs on classical hardware over standard networks. Security is computational (based on hard math problems that quantum computers cannot efficiently solve).

QKD is deployed today in high-security links: government networks, financial institutions, and research networks in China, Europe, Japan, and the US. Satellite-based QKD has been demonstrated over distances exceeding 1,200 km. But QKD requires dedicated infrastructure and cannot simply be layered onto the existing internet.

Common misconceptions

Misconception 1: Quantum cryptography and quantum key distribution are the same thing. QKD is the most important application of quantum cryptography, but quantum cryptography also includes quantum digital signatures, quantum secret sharing, quantum oblivious transfer, and other protocols. QKD is the only one widely deployed.

Misconception 2: QKD is unconditionally secure in practice. The theoretical security proofs assume perfect quantum devices. Real implementations have side channels: detectors can be blinded by bright light pulses, lasers can emit multi-photon pulses that leak information, and classical processing can have vulnerabilities. Device-independent QKD (which makes no assumptions about device behavior) closes most of these gaps but is technically demanding.

Misconception 3: Post-quantum cryptography makes QKD obsolete. They solve different problems for different use cases. PQC is more practical for most organizations today; QKD provides stronger physical guarantees for high-value long-term secrets. The two are complementary, not competing.

See also

• Quantum Key Distribution
• Post-Quantum Cryptography
• No-Cloning Theorem
• Entanglement
• Bell State