Quantum Key Distribution vs. Post Quantum Cryptography: What’s the better way to achieve quantum security?
In the second half of this decade, the cryptographic world will undergo a major transformation. Why is this? Because quantum computers threaten to break classical cryptography such as RSA or ECC - which is used in billions of applications worldwide and is essentially the backbone of today's security.
Cybersecurity teams need to act now to quantum-harden their systems before a cryptanalytically relevant quantum computer becomes a reality. Fortunately, strategies to achieve quantum security already exist: Quantum Key Distribution (QKD) and Post Quantum Cryptography (PQC).
In this blog post, we'll take a look at both and determine which one is the safer bet for quantum security.
What is Quantum Key Distribution (QKD)?
Quantum Key Distribution is a technique for securely exchanging keys using quantum mechanics.
The unique advantage of QKD lies in its “built-in eavesdropping detection”. By utilizing entangled quantum states, any interception attempt is immediately detectable, making the compromised key invalid.
Unlike traditional methods, QKD's security does not depend on the computational difficulty of mathematical problems, making it resistant to attacks by both classical and quantum computers. For this reason, QKD is often promoted as a secure alternative to Post Quantum Cryptography.
What is Post Quantum Cryptography?
Post Quantum Cryptography refers to cryptographic algorithms designed to withstand cryptanalytic attacks by quantum computers. These algorithms rely on “hard mathematical problems” that are believed to be resistant against quantum attacks. Since public key cryptography is particularly vulnerable, PQC algorithms primarily focus on use cases like key agreement and digital signatures.
PQC schemes rely on several approaches, including hash-based, lattice-based, code-based, multivariate-based, and isogeny-based cryptography. You can explore these schemes and algorithm examples in detail here: Types of Post Quantum Cryptography Public Key Schemes.
While the lack of (potential) algorithms is not a problem, building trust and achieving maturity in these algorithms is a key challenge. To address this, the U.S. National Institute of Standards and Technology (NIST) is leading a PQC Standardization Process to evaluate and standardize these algorithms.
As of now, three algorithms have achieved standardization:
- ML-KEM (FIPS-203)
- ML-DSA (FIPS-204)
- SLH-DSA (FIPS-205)
QKD vs. PQC – What’s the better strategy to achieve quantum security?
While both PQC and QKD have their strengths, PQC currently stands out as the more practical and reliable option.
Post Quantum Cryptography serves as an all-around solution designed to replace quantum-vulnerable cryptography in systems we already use today. The algorithms have been rigorously tested through an open standardization process led by NIST, ensuring they are ready for real-world deployment.
On the other hand, QKD has a much narrower scope, focusing solely on key distribution and has other limitations to consider:
- Solutions have not been evaluated in a formal standardization process
- It is not yet 100%-proven to be secure
- It has distance limitations
- Requires significant infrastructure investments
While research into improving QKD is ongoing, most experts agree that it is not yet mature enough to meet today’s security needs. So, for now, PQC is the safer bet.
Still, QKD remains an interesting and promising research field and may eventually overcome its limitations as technological research progresses.
If you want to learn more about strategies for quantum security, we highly recommend “The PQC Migration Handbook” published by AIVD, CWI, and TNO.
Conclusion
From today’s standpoint, Post Quantum Cryptography is the more mature, flexible and practical solution. The first algorithms have been standardized and evaluated and are now being implemented in real word scenarios for a variety of use cases, from digital signatures to key encapsulation.
It is also important to mention, that security agencies from different countries do not recommend QKD as a sole solution against the quantum threat, including ANSSI (France), BSI (Germany), NLNCSA (The Netherlands), NSA (USA) and UK-NCSC (UK).
Learn more about effective strategies to achieve quantum security in our webinar: Fortifying Against Quantum Threats - Proven Defense Mechanisms
