Man-in-the-middle attack
quantumcomputing.stackexchange.com/questions/142/advantage-of-quantum-key-distribution-over-post-quantum-cryptography/25727#25727 Advantage of quantum key distribution over post-quantum cryptography has Ciro Santilli's comparison to classical encryption.
BB84 is a good first algorithm to look into.
Long story short:
  • QKD allows you to generate shared keys without public-key cryptography. You can then use thses shared keys
  • QKD requires authentication on a classical channel, exactly like a classical public-key cryptography forward secrecy would. The simplest way to do this is a with a pre-shared key, just like in classical public key cryptography. If that key is compromised at any point, your future messages can get man-in-the-middle'd, exactly like in classical cryptography.
QKD uses quantum mechanics stuff to allow sharing unsnoopable keys: you can detect any snooping and abort communication. Unsnoopability is guaranteed by the known laws of physics, up only to engineering imperfections.
Furthermore, it allows this key distribution without having to physically take a box by car somewhere: once the channel is established, e.g. optical fiber, you can just keep generating perfect keys from it. Otherwise it would be pointless, as you could just drive your one-time pad key every time.
However, the keys likely have a limited rate of generation, so you can't just one-time pad the entire message, except for small text messages. What you would then do is to use the shared key with symmetric encryption.
Therefore, this setup usually ultimately relies on the idea that we believe that symmetric encryption is safer than , even though there aren't mathematical safety proofs of either as of 2020.
Does not require entangled particles, unlike E91 which does.
en.wikipedia.org/w/index.php?title=Quantum_key_distribution&oldid=1079513227#BB84_protocol:_Charles_H._Bennett_and_Gilles_Brassard_(1984) explains it well. Basically:
  • Alice and Bob randomly select a measurement basis of either 90 degrees and 45 degrees for each photon
  • Alice measures each photon. There are two possible results to either measurement basis: parallel or perpendicular, representing values 0 or 1. TODO understand better: weren't the possible results supposed to be pass or non-pass? She writes down the results, and sends the (now collapsed) photons forward to Bob.
  • Bob measures the photons and writes down the results
  • Alice and Bob communicate to one another their randomly chosen measurement bases over the unencrypted classic channel.
    This channel must be authenticated to prevent man-in-the-middle. The only way to do this authentication that makes sense is to use a pre-shared key to create message authentication codes. Using public-key cryptography for a digital signature would be pointless, since the only advantage of QKD is to avoid using public-key cryptography in the first place.
  • they drop all photons for which they picked different basis. The measurements of those which were in the same basis are the key. Because they are in the same basis, their results must always be the same in an ideal system.
  • if there is an eavesdropper on the line, the results of measurements on the same basis can differ.
    Unfortunately, this can also happen due to imperfections in the system.
    Alice and Bob must decide what level of error is above the system's imperfections and implies that an attacker is listening.
Requires entangled particles, unlike BB84 which does not.