Today’s encryption relies on computational difficulty: RSA is secure because factoring large numbers is hard — for now. Shor’s algorithm, running on a sufficiently large quantum computer, would break RSA in polynomial time. Quantum cryptography offers a different foundation for security: one grounded in the laws of physics rather than mathematical assumptions.
## How Quantum Key Distribution Works
The most widely studied QKD protocol is [BB84](https://en.wikipedia.org/wiki/BB84), proposed by Bennett and Brassard in 1984. The protocol works in four steps:
1. Alice sends Bob a stream of photons, each encoded with a random bit using one of two randomly chosen polarization bases.
2. Bob measures each photon using a randomly chosen basis.
3. Alice and Bob publicly compare which bases they used (but not the measured values). They keep only the bits where they chose the same basis.
4. They check a random subset of the remaining bits for errors. High error rates indicate eavesdropping.
The security guarantee is fundamental. The no-cloning theorem means an eavesdropper cannot copy a photon without disturbing it. Any interception attempt introduces detectable errors. If the channel is clean, Alice and Bob share a provably secret key.
## Micius: Quantum Keys from Space
In 2016, China launched Micius, the world’s first quantum communication satellite. By 2017, Micius had demonstrated QKD between the satellite and two ground stations separated by more than 1,200 km — a distance impossible over fiber without quantum repeaters.
In 2020, Micius enabled a quantum-encrypted video call between Beijing and Vienna, the first intercontinental quantum-secured communication. China has also built the Beijing–Shanghai quantum backbone network, covering roughly 2,000 km with dozens of trusted relay nodes.
## Limitations of QKD
QKD’s security is real, but so are its engineering constraints.
**Distance**: photons are absorbed by fiber over long distances. Practical fiber-based QKD systems top out around 100–200 km per link. Satellite-based QKD overcomes this but requires clear skies and line-of-sight geometry.
**Quantum repeaters**: scaling QKD to a global network requires quantum repeaters — devices that extend entanglement across multiple links. Building reliable quantum repeaters requires quantum memory, which remains an open research problem. See [recent repeater work on arxiv](https://arxiv.org/abs/2312.04767).
**Implementation attacks**: theoretical BB84 is unconditionally secure, but real devices (lasers, detectors) have imperfections that can be exploited. Measurement-device-independent QKD (MDI-QKD) eliminates detector-side attacks; twin-field QKD (TF-QKD) extends range to 500+ km.
## Post-Quantum Cryptography: The Parallel Track
NIST finalized its first post-quantum cryptography (PQC) standards in 2024, including CRYSTALS-Kyber for key exchange and CRYSTALS-Dilithium for digital signatures — both based on lattice problems believed to resist quantum attacks. See [NIST PQC](https://csrc.nist.gov/projects/post-quantum-cryptography).
QKD provides information-theoretic security (no computational assumption required); PQC provides computational security against known quantum algorithms. Both will likely be needed: QKD for high-value, point-to-point links; PQC for the broader internet. For more, see [Quantum Networks Overview](https://sunqi.org/quantum-network-en/).
—
