Source: cirosantilli/quantum-key-distribution

= Quantum key distribution
{tag=Cryptography}
{wiki}

= QKD
{c}
{synonym}
{title2}

Man-in-the-middle attack

https://quantumcomputing.stackexchange.com/questions/142/advantage-of-quantum-key-distribution-over-post-quantum-cryptography/25727#25727 Advantage of quantum key distribution over post-quantum cryptography has <Ciro Santilli>'s comparison to classical encryption.

<BB84> is a good first algorithm to look into.

Long story short:
* QKD allows you to generate shared keys without <public-key cryptography>. You can then use thses shared keys
* QKD requires authentication on a classical channel, exactly like a classical <public-key cryptography> <forward secrecy> would. The simplest way to do this is a with a <pre-shared key>, just like in classical public key cryptography. If that key is compromised at any point, your future messages can get <man-in-the-middle>'d, exactly like in classical cryptography.

QKD uses <quantum mechanics> stuff to allow sharing unsnoopable keys: you can detect any snooping and abort communication. Unsnoopability is guaranteed by the known <laws of physics>, up only to engineering imperfections.

Furthermore, it allows this <key (cryptography)> distribution without having to physically take a box by car somewhere: once the channel is established, e.g. <optical fiber>, you can just keep generating perfect keys from it. Otherwise it would be pointless, as you could just drive your <one-time pad> key every time.

However, the keys likely have a limited rate of generation, so you can't just <one-time pad> the entire message, except for small text messages. What you would then do is to use the shared key with <symmetric encryption>.

Therefore, this setup usually ultimately relies on the idea that we believe that <symmetric encryption> is safer than , even though there aren't mathematical safety proofs of either as of 2020.