Quantum key distribution, or QKD, is a method of creating encryption keys between two parties using the physics of light particles rather than mathematical equations. Its core advantage: any attempt to intercept the key disturbs the quantum states carrying it, alerting both sides that someone is listening. This makes it fundamentally different from traditional encryption, which assumes that certain math problems are too hard for attackers to solve.
How Quantum Physics Protects the Key
QKD’s security rests on a principle called the no-cloning theorem. In quantum mechanics, it is impossible to perfectly copy an unknown quantum state without altering it. If someone tries to intercept and measure the photons carrying key information, they inevitably change those photons in detectable ways. The sender and receiver can then check a sample of their data and spot the disturbance. This isn’t a software feature or a clever algorithm. It’s a constraint built into the laws of physics.
Traditional encryption works differently. It relies on math problems that would take current computers an impractical amount of time to solve, like factoring extremely large numbers. A powerful enough quantum computer could, in theory, crack those problems quickly. QKD sidesteps this entirely because its security doesn’t depend on computational difficulty.
The BB84 Protocol, Step by Step
The most well-known QKD method is called BB84, developed in 1984. It uses individual photons polarized in specific directions to encode bits of information. Here’s how it works in practice between a sender (traditionally called Alice) and a receiver (Bob).
Alice generates a random string of bits (ones and zeros) and encodes each one by polarizing a photon. She randomly picks one of two “bases” for each photon: either a rectilinear basis (polarizing at 0° or 90°) or a diagonal basis (polarizing at 45° or 135°). She sends these photons to Bob one at a time over a fiber-optic cable or free-space optical link.
Bob doesn’t know which basis Alice used for each photon, so he randomly picks a basis for each measurement. About half the time, he’ll guess the same basis Alice chose, and his measurement will correctly read the bit she encoded. The other half, he’ll use the wrong basis and get a random result.
After all the photons have been sent, Alice and Bob compare their basis choices over a normal, public communication channel. They don’t reveal the actual bit values, only which basis they used for each one. They throw away every bit where their bases didn’t match. The remaining bits, called the “sifted key,” should be identical on both sides.
To check for eavesdropping, they publicly compare a small random subset of the sifted key. If someone intercepted photons mid-transmission, those measurements would have introduced errors. An error rate above a certain threshold means the channel has been compromised, and they discard the key entirely. If the error rate is low enough, they apply error correction and a technique called privacy amplification to distill a shorter, fully secure shared key.
What the Hardware Looks Like
QKD can’t be done in software. It requires specialized physical equipment on both ends. The sender needs a source that can emit single photons with precise polarization. The receiver needs detectors sensitive enough to register individual photons. These single-photon detectors are among the most demanding components: NIST has developed superconducting nanowire detectors that must be cooled to near absolute zero to function with the speed and efficiency QKD demands.
The connection between sender and receiver also has specific requirements. Over fiber optics, QKD typically needs dedicated “dark fiber,” meaning fiber not shared with other traffic. Over open air, it requires direct line-of-sight transmitters. You can’t run QKD over existing internet infrastructure the way you’d deploy a software update, and this is one of its biggest practical limitations.
Distance Limits and How to Extend Them
Photons get absorbed as they travel through fiber-optic cable, which puts a hard ceiling on how far a QKD signal can travel. NIST and collaborators demonstrated QKD over a 200 km fiber-optic link, which pushed the boundaries of what’s possible with ground-based systems. China has built the most extensive terrestrial QKD network in the world: a 2,000 km fiber backbone connecting 32 trusted relay nodes from Beijing to Shanghai.
Satellites dramatically extend the range. China’s Micius satellite demonstrated a 7,600 km quantum link between China and Austria in 2017. In 2025, researchers established a record-breaking 12,900 km intercontinental quantum satellite link, the longest ever achieved.
For fiber networks, “quantum repeaters” are being developed to act as relay points that extend range without collapsing the quantum states. These work differently from classical signal boosters because they can’t simply amplify a quantum signal (that would require copying it, which the no-cloning theorem forbids). Instead, they use a process called entanglement swapping to pass quantum correlations along a chain of shorter links. Practical, large-scale quantum repeaters remain an active area of engineering.
Known Security Weaknesses
While QKD’s theoretical security comes from physics, real-world systems are built from real-world components, and those components have vulnerabilities. Researchers have demonstrated several types of attacks that target the hardware rather than the quantum principles.
One well-studied example is the Trojan-horse attack. An eavesdropper sends a bright pulse of light into the receiver’s equipment and analyzes what bounces back. By reading the reflected light, the attacker can figure out which measurement basis the receiver is using, which is enough to compromise the key. Early versions of this attack were detectable because the bright pulses caused noticeable aftereffects in the photon detectors. But researchers showed that by shifting to a longer wavelength (around 1924 nm instead of the standard 1536 nm), the probe light passes through the detector material largely unabsorbed, making the attack effectively invisible. This type of exploit could apply to most QKD systems that use discrete photon measurements.
These aren’t theoretical concerns. They illustrate a broader point: QKD security is highly implementation-dependent. The physics is sound, but the engineering has to be airtight.
QKD vs. Post-Quantum Cryptography
QKD isn’t the only approach to protecting communications against quantum computers. The main alternative is post-quantum cryptography (PQC), which uses new mathematical algorithms designed to resist attacks from both classical and quantum computers. These algorithms run on existing hardware and can be deployed as software updates.
The two approaches differ in fundamental ways. QKD provides only key distribution. It generates a shared secret key, but you still need a separate encryption algorithm to actually protect your data. It also can’t authenticate who you’re communicating with on its own, meaning you need conventional cryptographic methods alongside it. PQC, by contrast, handles confidentiality, authentication, and data integrity in a single framework.
The NSA has been notably direct on this comparison, stating that post-quantum cryptography is “a more cost effective and easily maintained solution” than QKD. Their reasoning: QKD requires dedicated fiber or free-space transmitters, can’t be integrated into existing network equipment, and is difficult to upgrade or patch since it’s hardware-based. Trusted relay nodes also introduce insider threat risks and add cost.
That said, QKD offers something PQC cannot: security that doesn’t depend on any mathematical assumption. If a future breakthrough makes a PQC algorithm solvable, that protection disappears. QKD’s guarantees, when properly implemented, hold regardless of advances in computing.
Where QKD Is Being Used Today
China leads global QKD deployment by a wide margin. Its national network combines the 2,000 km Beijing-to-Shanghai fiber backbone with two QKD communication satellites, and the system has been used to encrypt communications with Russia and South Africa.
South Korea has connected 48 government departments over an 800 km QKD network, with its national quantum strategy pushing for broader adoption across government ministries and public institutions. In Europe, the DISCRETION Consortium (co-funded by the European Defence Industrial Development Programme) is deploying QKD systems in Austria, Italy, Portugal, and Spain. The consortium has already provided services to Portuguese military clients.
These deployments are still concentrated in government and military applications where the cost of specialized hardware is justified by the sensitivity of the communications being protected. Commercial adoption in sectors like finance remains limited, largely because PQC offers a cheaper path to quantum-resistant security for most organizations.