Quantum cryptography refers to the set of cryptographic techniques that exploit the laws of quantum mechanics to secure the transmission of information. It does not rely on the mathematical complexity of classical algorithms, but on the fundamental physical properties of matter at the quantum scale.
Definition
Quantum cryptography is a communications security technology that leverages the laws of quantum physics. Unlike classical cryptographic systems, where security rests on the computational difficulty of solving certain mathematical problems, quantum cryptography guarantees confidentiality through physical principles considered impossible to circumvent.
The best-known protocol is Quantum Key Distribution, referred to by the acronym QKD. This protocol allows two parties, traditionally named “Alice and Bob” in the scientific literature, to exchange a secret key over a communication channel in such a way that any interception attempt by a third party, “Eve”, physically alters the state of the transmitted photons and becomes detectable.
The founding principle: observing a quantum system disturbs it. Any interception leaves a measurable trace. It is this law of physics, not an algorithm, that guarantees the security of the transmission.
How does quantum key distribution work?
The BB84 protocol, the first QKD protocol formalized in 1984 by Charles Bennett and Gilles Brassard, illustrates the basic mechanism. Alice encodes bits of information in the polarization of individual photons, sent individually to Bob via optical fibre or a free-space channel. Bob measures the state of each received photon using a randomly chosen basis.
If Eve attempts to intercept the photons to learn their value, she must measure them, which irreversibly disturbs their quantum state. Alice and Bob can detect this disturbance by comparing, over a public classical channel, a subset of their measurements. If the error rate exceeds an expected threshold, the key is discarded and the session restarted.
What QKD systems transmit is not encrypted data, but encryption keys used to protect it. Once a key has been securely shared, it can feed symmetric encryption algorithms such as AES to protect the actual data exchanged between Alice and Bob.
Founding protocol: BB84
The first QKD protocol. Uses photon polarisation across two orthogonal bases to encode bits.
Protocol: E91
Based on quantum entanglement of photon pairs. Proposed by Artur Ekert in 1991.
Infrastructure: QKD networks
Deployments under way in Europe, China, and the United States for governmental and banking communications.
Quantum cryptography and post-quantum cryptography: two distinct realities
The two terms are frequently confused. They refer to radically different approaches.
Quantum cryptography (QKD in particular) uses physical quantum properties to secure communication channels. It requires specialised hardware: photon emitters, quantum detectors, dedicated optical fibres. Its deployment remains costly and limited to specialised infrastructures. Currently considered insufficiently mature, it is not recommended by security agencies in the vast majority of use cases.
Post-quantum cryptography (PQC), by contrast, refers to classical mathematical algorithms designed to resist attacks from a quantum computer. These algorithms run on conventional computers. They represent the most directly deployable response to the threat posed by quantum computers, and are widely recommended by security agencies.
Why quantum cryptography is now an operational priority
Quantum computing is advancing. Quantum computers from IBM, Google, and other research players are not yet capable of breaking current asymmetric algorithms, but timelines are shortening. The so-called “harvest now, decrypt later” threat is already present: adversaries are today collecting data encrypted with classical techniques, ready to decrypt it tomorrow once sufficient quantum capabilities are available.
Long-lifecycle systems, in energy, defense, transport, or finance, cannot be migrated in a matter of months. Sensitive data whose confidentiality must be preserved for a minimum of ten years is already exposed. It is in this context that quantum technologies, whether physical like QKD or algorithmic like PQC, are entering the scope of digital security decisions.