Quantum Cryptography
What Is Quantum Cryptography?
Quantum cryptography uses quantum mechanical properties to achieve cryptographic goals. The most mature application is Quantum Key Distribution (QKD), which enables two parties to share a secret key with security guaranteed by the laws of physics. Any eavesdropping attempt inevitably disturbs the quantum states and can be detected.
BB84 Protocol
Developed by Bennett and Brassard in 1984, BB84 remains the most widely implemented QKD protocol. Alice sends qubits encoded in one of two bases. Bob randomly chooses measurement bases. After transmission, they compare bases over a classical channel and keep only bits where bases matched. Eavesdropping introduces errors that are detected during the basis reconciliation phase.
The BB84 protocol consists of four phases: preparation (Alice encodes bits), transmission (qubits sent over quantum channel), measurement (Bob measures in random bases), and sifting (public discussion to filter matching bases). A subset of the sifted key is used for error rate estimation — if the quantum bit error rate (QBER) exceeds a threshold, the key is discarded due to suspected eavesdropping.
E91 Protocol
The Ekert 1991 protocol uses entangled Bell pairs. Alice and Bob each measure their half of each pair in random bases. Bell’s inequality tests confirm the absence of eavesdropping. E91 offers stronger security proofs based on non-locality.
QKD Implementations
Commercial QKD systems operate over dedicated optical fibers up to ~100 km. Satellite-based QKD (Micius satellite) has demonstrated entanglement distribution over 1,200 km. Current bit rates are modest (~kbps over 100 km), sufficient for key exchange rather than bulk encryption.
MDI-QKD
Measurement-Device-Independent QKD eliminates all detector side-channel attacks. Alice and Bob send qubits to an untrusted third party who performs a Bell state measurement. Even if the third party is malicious, the protocol remains secure.
Quantum Key Distribution Protocols
Quantum cryptography’s most mature application is quantum key distribution (QKD). The BB84 protocol, invented by Charles Bennett and Gilles Brassard in 1984, uses four polarization states of photons to establish a shared secret key. Any eavesdropping attempt disturbs the quantum states and is detectable. The protocol achieves information-theoretic security — not just computational security — meaning even a quantum computer cannot break it. Commercial QKD systems operate in several cities, and satellite-based QKD (like China’s Micius satellite) enables intercontinental quantum-secured communication.
Post-Quantum Cryptography
While QKD solves the key distribution problem, post-quantum cryptography (PQC) develops classical cryptographic algorithms resistant to quantum attacks. The NIST Post-Quantum Cryptography Standardization process selected CRYSTALS-Kyber for encryption and CRYSTALS-Dilithium for signatures. These lattice-based algorithms are designed to resist Shor’s algorithm and Grover’s algorithm. Organizations should begin planning migration to PQC now, as “harvest now, decrypt later” attacks pose a real threat to currently encrypted data.
Post-Quantum Cryptography
While QKD addresses key distribution, post-quantum cryptography (PQC) refers to classical cryptographic algorithms resistant to quantum attack. NIST standardized CRYSTALS-Kyber (key encapsulation) and CRYSTALS-Dilithium (signatures) in 2024.
The Quantum Internet
Long-term vision: a quantum internet where quantum states are distributed globally via entanglement. Applications include secure communication, distributed quantum computing, and quantum sensor networks.
Quantum Digital Signatures
Quantum digital signatures (QDS) use quantum states to sign messages with information-theoretic security. Unlike classical signatures, QDS security does not rely on computational assumptions (like factoring). The protocol distributes quantum signature states to recipients who verify messages without needing a trusted third party.
Device-Independent QKD
The ultimate QKD protocol: device-independent QKD (DIQKD) requires no trust in the quantum devices. Security relies only on the violation of Bell’s inequality. DIQKD is theoretically secure against any device imperfection but requires loophole-free Bell tests, making it extremely challenging to implement practically.
Mathematical Foundations
Quantum computing relies heavily on linear algebra: vectors (state vectors in Hilbert space), matrices (quantum gates as unitary operators), tensor products (combining qubit spaces), eigenvalues and eigenvectors (measurement outcomes and stabilizer states), and inner products (probability amplitudes and fidelity). Understanding complex numbers, matrix multiplication, and diagonalization is essential. The Pauli matrices (σx, σy, σz) form a basis for single-qubit operations and appear throughout quantum information theory.
Numerical Simulation
For small systems (up to 30-40 qubits), classical simulation using state vector or tensor network methods is feasible. Qiskit Aer and Cirq simulators use optimized C++ backends with GPU acceleration. Matrix product state (MPS) simulators handle higher qubit counts for shallow circuits. These simulators are essential for algorithm development, debugging, and verification before running on real hardware.
Current Research Frontiers
Active research areas: quantum error correction (improving thresholds, reducing overhead), quantum algorithms for optimization and machine learning, quantum advantage demonstrations on real hardware, fault-tolerant quantum computing architectures, quantum networking and repeaters, quantum sensing and metrology, and hybrid quantum-classical algorithms for near-term devices. The field is advancing rapidly with new results appearing weekly on arXiv.
Common Misconceptions
Quantum computers will not replace classical computers — they are specialized devices for specific problems. Most computing tasks will remain classical. Quantum computers do not “try all possibilities at once” in the naive sense — quantum parallelism is subtle and extracting results requires careful algorithm design. Error correction is not optional — without it, quantum computations are limited to very shallow circuits. Building a useful quantum computer is harder than building a classical one by many orders of magnitude.
Future Outlook
The next 5-10 years will see: fault-tolerant quantum computing demonstrations at small scale, quantum advantage in specific applications (chemistry, optimization), hybrid classical-quantum workflows becoming standard, and the first commercial quantum applications delivering ROI. The field needs more engineers, scientists, and developers — making this an excellent time to build quantum computing skills.
Related: Shor’s Algorithm | Quantum Supremacy
Hybrid Cryptography Approaches
During the transition to post-quantum cryptography, hybrid schemes combine classical and quantum-resistant algorithms so that security holds even if one system is broken. TLS 1.3 supports hybrid key exchange where both X25519 and Kyber-768 are used together — an attacker must break both to decrypt the session. NIST’s hybrid approach uses Kyber with ECDH in the same key agreement. Cloudflare, Google, and other major providers already deploy hybrid Kyber+X25519 in production TLS connections. This pragmatic approach protects against future quantum attacks while maintaining backward compatibility with existing infrastructure.
Quantum-Safe TLS Implementation
Integrating post-quantum cryptography into TLS requires both key exchange and signature algorithm changes. For key exchange, replace ECDHE with Kyber or a hybrid ECDHE+Kyber key agreement. For certificates, use Dilithium or Falcon signatures instead of ECDSA or RSA. OpenSSL 3.x supports these algorithms through providers. Nginx and Apache can be configured with quantum-safe TLS by compiling against liboqs and openssl-oqs-provider. Performance benchmarks show Kyber-768 key exchange is comparable to X25519, while Dilithium signatures are larger but verification is fast.
Post-Quantum Cryptography Standards
NIST selected four algorithms for standardization in 2024: CRYSTALS-Kyber (key encapsulation), CRYSTALS-Dilithium (digital signatures), FALCON (digital signatures), and SPHINCS+ (stateless signatures). Kyber replaces RSA and ECDH for key exchange. Dilithium and FALCON replace ECDSA and RSA for signatures. SPHINCS+ provides an alternative based on hash functions with different performance trade-offs. These algorithms are now available in libraries like liboqs, OpenSSL (via provider), and BoringSSL for integration into existing applications.
FAQ
Can quantum cryptography break existing encryption?
No — quantum cryptography (QKD) is about secure key exchange, not breaking encryption. Shor’s algorithm running on a large-scale quantum computer could break RSA and ECC, but QKD provides security based on physics rather than computational assumptions. QKD and post-quantum cryptography are complementary defenses.
Is quantum cryptography commercially available today?
Yes — several companies offer commercial QKD systems including ID Quantique, Toshiba, and QuantumCTek. These systems operate over dedicated fiber links up to 100 km. Metro-scale QKD networks exist in several cities including Beijing, London, and Geneva. Costs remain high but are decreasing as the technology matures.
How does QKD detect eavesdropping?
Any measurement of a quantum system disturbs it irreversibly (no-cloning theorem). If an eavesdropper intercepts and resends qubits, the error rate in the sifted key increases measurably. Alice and Bob compare a random sample of their bits — if the error rate exceeds a threshold (typically 11% for BB84), they abort the protocol and try again.
E91 Protocol: Entanglement-Based QKD
The E91 protocol, proposed by Artur Ekert in 1991, uses entangled photon pairs instead of prepared single photons. Alice and Bob each measure their half of each entangled pair using randomly chosen measurement bases. After transmission, they compare a subset of their measurement settings to verify entanglement correlations — a violation of Bell’s inequality confirms no eavesdropping occurred. The remaining bits form the shared key. E91 is conceptually elegant because security depends on fundamental quantum mechanics rather than specific implementation details. Practical implementations are more complex than BB84 but offer additional security guarantees against photon-number-splitting attacks.
When should my organization start planning for post-quantum cryptography?
Now — the “harvest now, decrypt later” threat means encrypted data captured today could be decrypted once a quantum computer becomes available. NIST recommends starting inventory of cryptographic assets and planning migration. The US Government’s CNSA 2.0 mandates PQC migration by 2030 for federal systems.