Quantum Key Distribution (QKD)
The Physics of Provable Security
Beyond Prime Numbers: The RSA Vulnerability
Most modern encryption — RSA, Diffie-Hellman, and Elliptic Curve Cryptography — derives its security from the computational hardness assumption. They rely on the fact that factoring large integers (or computing discrete logs) is infeasible for classical computers within any practical timeframe. A 2048-bit RSA key would take classical hardware millions of years to crack.
However, Peter Shor demonstrated in 1994 that a sufficiently large quantum computer running Shor's Algorithm could factor a 2048-bit integer in hours. While large-scale fault-tolerant quantum computers remain years away, the threat is taken seriously — adversaries are already harvesting encrypted traffic today under a "harvest now, decrypt later" strategy, meaning data encrypted today could be broken when quantum computers mature.
QKD does not merely raise the computational bar; it changes the game entirely. It moves security from algorithmic complexity to fundamental physical laws.
The BB84 Protocol: Step-by-Step Mechanics
The BB84 protocol (Bennett & Brassard, 1984) uses four different polarizations of photons organized into two complementary bases:
- Rectilinear Basis (+): Horizontal (0┬░) encodes bit "0"; Vertical (90┬░) encodes bit "1".
- Diagonal Basis (×): +45° encodes bit "0"; -45° encodes bit "1".
The protocol proceeds through four stages:
- Stage 1 — Raw Transmission: Alice sends a stream of photons, randomly choosing a basis and a bit value for each. Bob measures each photon using a randomly chosen basis.
- Stage 2 — Basis Reconciliation (Sifting): Over a classical public channel, Alice and Bob announce which basis they used for each photon (not the bit values). They discard all photons where their choices did not match. This yields the "sifted key," which is statistically ~50% of the raw transmission.
- Stage 3 — Error Rate Estimation (QBER): They compare a random sample of sifted key bits over the public channel. If the Quantum Bit Error Rate (QBER) exceeds a threshold (typically 11%), they abort — because this level of errors implies eavesdropping.
- Stage 4 — Privacy Amplification: They apply hash functions to compress the sifted key, eliminating any partial information Eve may have gathered, yielding a shorter but provably secure final key.
BB84 Protocol Simulator
Quantum Key Distribution & Eavesdropping Detection
| Basis (A) | Bit (A) | EVE | Basis (B) | Bit (B) | Sift? | Result |
|---|---|---|---|---|---|---|
| No photons transmitted. Press "TX PHOTON" to start. | ||||||
Protocol Tip: In BB84, if Alice and Bob agree on the basis, they MUST agree on the bit. If Eve measures in the wrong basis (50% chance), she randomizes the photon. This leads to a 25% error rate in matched bits, which is physically impossible without interference.
Conclusion: Physics as the Ultimate Firewall
While still in early deployment (mainly for government backbones, financial settlement networks, and critical infrastructure), QKD represents the final frontier for network security. It is the only known method of key exchange providing Information-Theoretic Security — security that cannot be broken by any amount of computing power, classical or quantum. For engineers building infrastructure that must remain secure beyond a 10-20 year horizon, understanding QKD is no longer optional.