Editing Quantum key distribution (section)

{{short description|Secure communication method}}
{{Use dmy dates|date=August 2020}}
'''Quantum key distribution''' ('''QKD''') is a [[secure communication]] method that implements a [[cryptographic protocol]] involving components of [[quantum mechanics]]. It enables two parties to produce a shared [[randomness|random]] secret [[key (cryptography)|key]] known only to them, which then can be used to encrypt and decrypt [[messages]]. The process of quantum key distribution is not to be confused with [[quantum cryptography]], as it is the best-known example of a quantum-cryptographic task.

An important and unique property of quantum key distribution is the ability of the two communicating users to detect the presence of any third party trying to gain [[information theory|knowledge]] of the key. This results from a fundamental aspect of quantum mechanics: the process of measuring a [[Physical system|quantum system]] in general disturbs the system. A third party trying to eavesdrop on the key must in some way measure it, thus introducing detectable anomalies. By using [[quantum superposition]]s or [[quantum entanglement]] and transmitting information in [[quantum state]]s, a communication system can be implemented that detects eavesdropping. If the level of eavesdropping is below a certain threshold, a key can be produced that is guaranteed to be secure (i.e., the eavesdropper has no information about it). Otherwise no secure key is possible, and communication is aborted.

The security of encryption that uses quantum key distribution relies on the foundations of quantum mechanics, in contrast to traditional [[public key cryptography]], which relies on the computational difficulty of [[One-way function|certain mathematical functions]], and cannot provide any mathematical proof as to the actual complexity of reversing the one-way functions used. QKD has provable security based on [[information theory]], and [[forward secrecy]].

The main drawback of quantum-key distribution is that it usually relies on having an [[Message authentication|authenticated classical channel]] of communication.{{Citation needed|date=February 2023}} In modern cryptography, having an authenticated classical channel means that one already has exchanged either a [[symmetric key]] of sufficient length or public keys of sufficient security level. With such information already available, in practice one can achieve authenticated and sufficiently secure communication without using QKD, such as by using the [[Galois/Counter Mode]] of the [[Advanced Encryption Standard]]. Thus QKD does the work of a [[stream cipher]] at many times the cost.

Quantum key distribution is used to produce and distribute only a key, not to transmit any message data. This key can then be used with any chosen [[encryption algorithm]] to encrypt (and decrypt) a message, which can then be transmitted over a standard [[communication channel]]. The algorithm most commonly associated with QKD is the [[one-time pad]], as it is [[provably secure]] when used with a secret, random key.<ref>{{cite journal | last=Shannon | first=C. E. | title=Communication Theory of Secrecy Systems* | journal=Bell System Technical Journal | publisher=Institute of Electrical and Electronics Engineers (IEEE) | volume=28 | issue=4 | year=1949 | issn=0005-8580 | doi=10.1002/j.1538-7305.1949.tb00928.x | pages=656–715| hdl=10338.dmlcz/119717 | hdl-access=free }}</ref> In real-world situations, it is often also used with encryption using [[symmetric key algorithms]] like the [[Advanced Encryption Standard]] algorithm.