How QKD Detects Eavesdropping
Most QKD systems are based on the BB84 protocol, developed in 1984, which uses quantum states to exchange encryption keys and reveal potential interception attempts.
Because measuring a quantum state alters it, any attempt to intercept the key exchange introduces detectable errors. In theory, that allows communicating parties to determine whether a transmission has been compromised.
The concept has made QKD attractive to organizations concerned about long-term data confidentiality and the possibility of future quantum-enabled attacks.
Why Some Federal Agencies Are Interested in QKD
Much of the federal discussion around quantum security centers on , in which adversaries collect encrypted information today with the expectation that future quantum computers may eventually break existing encryption schemes.
Andrew Benhase, principal cyber architect at Cisco, says organizations are looking for ways to reduce that risk even before full post-quantum deployments become available.
“The concept of operations is that we want to reset the mathematical problem for an adversary on a consistent basis,” Benhase says. “If there is a harvest now, decrypt later scenario, we reset the math problem every 48 hours.”
For certain highly sensitive communications links, QKD’s ability to securely distribute encryption keys can be appealing.
“I could imagine it would be of interest if you had two high-security data centers with a single pipe between them,” Carielli says.
Those types of point-to-point environments align closely with the use cases QKD was originally designed to address.
DISCOVER: Get zero-trust architecture right for security and governance.
Why PQC Remains the Primary Federal Path
Although QKD generates considerable interest, federal guidance continues to point overwhelmingly toward the transition to PQC.
Britta Hale, director of post-quantum cryptography at the Department of Defense Chief Information Office, explains that the department does not currently allow the use QKD or similar technologies for key distribution, confidentiality, authenticity or integrity purposes.
“QKD is a physics-based technology used to transport short data strings — like cryptographic keys — but does not meet our security requirements as a stand-alone technology for key distribution,” Hale says.
She adds that as a technology, QKD may have other transport uses outside of key distribution that are still being explored.
“To safeguard Department of War systems against both current and future quantum threats, we are focused entirely on PQC for key distribution, confidentiality, authenticity and integrity,” she says.
Hale points to the department’s recently released Post-Quantum Cryptography Strategy, which outlines its five-pillar roadmap to establish PQC as a secure foundation for the quantum era.
Benhase says he has encountered similar signals from federal officials.
“Their position is that they would like to move wholesale to post-quantum cryptography,” he says, referring to the NSA’s approach.
The preference is largely driven by practicality. Post-quantum cryptography can be implemented across internet traffic, cloud environments, enterprise applications and countless other systems without requiring specialized communications infrastructure.
“QKD is a very specific use case,” Carielli says. “It’s fairly limited, and it has cost to it, and it is to some extent unproven except for some smaller proofs of concept.”
By contrast, NIST-approved post-quantum algorithms have undergone years of public review and cryptographic analysis.
“The post-quantum algorithms have been through a pretty rigorous review,” Carielli says. “It doesn’t require special equipment.”
