Quantum Communication
Quantum communication leverages the principles of quantum mechanics—superposition, entanglement, and the no-cloning theorem—to achieve fundamentally secure information exchange. Quantum Key Distribution (QKD) and emerging quantum networks promise information-theoretic security that no computational advance can break.
Explore Topics
Quantum Key Distribution
Protocols that use quantum mechanics to establish shared secret keys with provable security.
No-Cloning Theorem
Why quantum states cannot be copied and why interception is fundamentally detectable.
QKD Implementation
Real-world hardware and techniques that make quantum key distribution practical.
Quantum Repeaters
Extending QKD range beyond direct fiber links through quantum entanglement distribution.
Post-Quantum Cryptography
Classical algorithms resistant to quantum computer attacks on RSA and ECC.
Current Deployments
Real-world quantum communication networks operating today.
Quantum Key Distribution (QKD)
Quantum Key Distribution allows two parties (Alice and Bob) to establish a shared random secret key with security guaranteed by the laws of physics rather than computational assumptions. Unlike RSA or ECC, whose security rests on the difficulty of factoring or discrete logarithms—problems a quantum computer could solve—QKD offers information-theoretic security.
BB84 Protocol (1984)
The first and most widely deployed QKD protocol, proposed by Charles Bennett and Gilles Brassard. Alice sends single photons prepared in one of four polarization states across two conjugate bases:
- Rectilinear basis (+): 0° (horizontal, |0⟩) and 90° (vertical, |1⟩)
- Diagonal basis (×): 45° and 135° (anti-diagonal)
- Encoding: Each bit value (0 or 1) is mapped to a polarization in one of the two bases
- Sifting: Alice and Bob publicly compare measurement bases (not results); they keep only bits where bases match
- Error estimation: A subset of sifted bits is compared; if the Quantum Bit Error Rate (QBER) exceeds ~11%, an eavesdropper is detected
The key insight: if Eve intercepts and measures a photon, she has a 50% chance of choosing the wrong basis. When she resends the photon, Bob gets the wrong result 25% of the time on average. This 25% error rate is the telltale signature of eavesdropping that cannot be eliminated without Alice and Bob detecting it.
E91 Protocol (1991)
Artur Ekert's protocol uses entangled photon pairs instead of single photons. A source produces pairs of photons in the Bell state:
|Ψ⁻⟩ = (1/√2)(|01⟩ − |10⟩)
Alice and Bob each receive one photon from the pair. They measure in randomly chosen bases. Security is verified through Bell's inequality violations: if the correlations between their measurements violate the CHSH inequality (S > 2), the photons are genuinely entangled and no eavesdropper has disturbed the state. E91 has the elegant property that the security proof relies directly on the foundational test of quantum mechanics—Bell inequality violations—rather than specific assumptions about the source or channel.
B92 Protocol (1992)
Bennett's simplified protocol uses only two non-orthogonal states (one for bit 0, one for bit 1) in a single basis. Security relies on the impossibility of perfectly distinguishing non-orthogonal quantum states. While simpler in concept, B92 is more vulnerable to certain attacks and is less practical than BB84 for real deployments.
Key Generation Rate
The achievable key rate depends on several factors:
- Loss budget: Fiber attenuation (~0.2 dB/km at 1550 nm) limits the maximum distance
- Detector efficiency: Modern SPADs achieve 10-25% system detection efficiency
- Dark count rate: False detections from thermal noise in detectors (~100 Hz typical)
- Pulse repetition rate: GHz clock rates with attenuated laser sources
- QBER: Higher error rates require more intense error correction and privacy amplification, reducing the final key rate
Typical rates: ~1 kbps at 100 km, ~10 kbps at 50 km, ~100 kbps at 10 km in deployed fiber systems. For comparison, classical fiber systems achieve Tbps. QKD is designed for key distribution, not bulk data transfer—the key is then used with a one-time pad or AES for data encryption.
The No-Cloning Theorem
The no-cloning theorem, proven by Wootters, Zurek, and Dieks in 1982, states that it is impossible to create an identical copy of an arbitrary unknown quantum state. This is not a technological limitation—it is a fundamental law of quantum mechanics with no known workaround.
Why Quantum Interception Is Detectable
Classical communication can be copied without detection: an eavesdropper can duplicate a fiber-optic signal using a beam splitter and forward the original to the intended recipient. The no-cloning theorem makes this impossible in quantum communication. Any attempt to measure a quantum state disturbs it irreversibly (Heisenberg uncertainty principle), introducing detectable errors.
Information-Theoretic Security
QKD security is "information-theoretic"—it holds against adversaries with unlimited computational power, including quantum computers. Classical cryptography (RSA, ECC, Diffie-Hellman) provides only "computational security": it is secure only because we believe certain mathematical problems are hard. A breakthrough in mathematics or a quantum computer could break these systems overnight. QKD's security rests on physics, not assumptions.
Heisenberg Uncertainty Limit
The uncertainty principle states that certain pairs of observables (like position/momentum or photon polarization in conjugate bases) cannot be simultaneously measured with arbitrary precision. In QKD, Eve cannot know both the polarization basis and the polarization value of a photon she intercepts. This fundamental limit guarantees that eavesdropping leaves traces in the quantum channel.
QKD Implementation
Moving from theory to practice requires specialized hardware that can generate, transmit, and detect individual photons. Modern QKD systems balance security, key rate, and practical deployment constraints.
Single-Photon Detectors (SPAD)
Avalanche photodiodes (APDs) operated in Geiger mode detect individual photons. When a photon strikes the detector, it triggers an avalanche of electrons, producing a measurable current pulse. Two main types exist:
- InGaAs APDs: Operate at telecom wavelengths (1550 nm); require cooling to -40°C to -60°C; dark count rates of ~1 kHz
- Si SPADs: Better performance at visible wavelengths (400-900 nm); operate near room temperature; used in free-space QKD
- Superconducting Nanowire Detectors (SNSPD): Near-unity detection efficiency, ultra-low dark counts (~1 Hz); require cryogenic cooling to ~1-3 K; emerging technology
Attenuated Laser Pulses & Decoy States
True single-photon sources (quantum dots) are impractical for most deployments. Instead, QKD systems use highly attenuated laser pulses. The mean photon number per pulse is typically μ = 0.1-0.5, meaning most pulses contain 0 or 1 photon, with occasional multi-photon pulses. Multi-photon pulses are vulnerable to photon number splitting (PNS) attacks.
Decoy-state protocol: Alice randomly varies the mean photon number between signal and decoy levels. An eavesdropper cannot distinguish which pulses contain multiple photons without introducing errors, so PNS attacks are detected. This technique, proposed by Hwang (2003) and refined by Lo, Ma, and Chen (2005), dramatically extends the secure distance of practical QKD systems.
Fiber Optic vs. Free-Space Links
Fiber optic QKD: Most deployed systems use standard telecom fiber at 1550 nm. Fiber provides a guided channel with low loss (~0.2 dB/km) and immunity to atmospheric conditions. However, fiber absorption ultimately limits range to ~200-300 km even with the best detectors. Polarization drift in fiber requires active compensation or time-bin encoding.
Free-space QKD: Photons travel through the atmosphere or vacuum. Used for satellite-to-ground links where fiber loss is prohibitive. Typically operates at 800 nm (matching Si SPAD sensitivity). Atmospheric turbulence causes beam wander and scintillation, requiring adaptive optics and tracking systems. Loss follows a square-law (1/R²), making it suitable for vertical paths through thin atmosphere layers.
Fiber Loss and Maximum Distance
In deployed fiber at 1550 nm:
- 50 km: ~10 dB loss; key rate ~10 kbps (with decoy states)
- 100 km: ~20 dB loss; key rate ~1 kbps
- 150 km: ~30 dB loss; key rate ~100 bps
- 200 km: ~40 dB loss; approaching single-photon sensitivity limits
- 300 km: ~60 dB loss; requires quantum repeaters or satellite relay
These numbers assume standard detector efficiency (~25%) and dark count rates. Superconducting nanowire detectors extend practical ranges by reducing dark counts to ~1 Hz, pushing fiber QKD beyond 300 km in laboratory settings.
Quantum Repeaters
Classical repeaters amplify signals by copying and regenerating them—impossible in quantum mechanics due to the no-cloning theorem. Quantum repeaters solve the distance problem through entanglement swapping and quantum memory, enabling long-distance quantum communication without direct photon transmission.
Entanglement Swapping
If Alice shares an entangled pair with an intermediate node Charlie, and Charlie shares another entangled pair with Bob, Charlie can perform a joint Bell-state measurement on his two photons. This "swaps" entanglement so that Alice and Bob become entangled, even though they never interacted directly. By chaining multiple swapping operations, entanglement can be distributed across arbitrary distances.
This process is probabilistic—swapping succeeds only when both pairs survive channel losses and the Bell measurement succeeds. With N repeater segments, the key rate scales polynomially with N rather than exponentially, which is the fundamental limitation of direct transmission.
Quantum Memory
Entanglement swapping requires that one photon from each pair is held in memory while the other is transmitted. Quantum memories store quantum states with high fidelity and long coherence times. Current technologies include:
- Atomic ensembles: Cold atomic gases (Rb, Cs) store photon states in collective excitations; coherence times ~1 second
- Rare-earth ion-doped crystals: Er:YSO or Eu:YSO; hours-long coherence times demonstrated in laboratories
- Solid-state spin memories: Nitrogen-vacancy centers in diamond; room-temperature operation with millisecond coherence
- Trapped ions: Individual ions as memory nodes; highest fidelity but most complex to implement
The quantum memory bottleneck is the key challenge for practical repeaters. Memories need high efficiency (coupling > 50%), low noise (error rates < 1%), long storage times (> 1 second), and compatibility with telecom wavelengths. No current technology meets all requirements simultaneously.
The Distance Scaling Problem
Without repeaters, the key rate of QKD scales exponentially with distance: R ~ 10^(-αL/10), where α is fiber loss in dB/km and L is distance. This makes direct QKD impractical beyond ~300 km in fiber.
With quantum repeaters (assuming perfect memories and gates), the rate scales as R ~ 1/L^β where β depends on the protocol and memory quality. For the simplest repeater protocol with imperfect memories, β ≈ 1-2. Even with realistic imperfections, repeaters dramatically outperform direct transmission at long distances.
Three generations of repeater protocols are studied:
- First generation: Uses entanglement distillation and quantum error correction; requires quantum memories; slow but robust
- Second generation: Uses quantum error correction on physical qubits; reduces memory coherence time requirements
- Third generation: Full quantum error correction with logical qubits; most demanding but potentially fastest
Post-Quantum Cryptography
While QKD provides information-theoretic security, it requires specialized hardware and has distance limitations. Post-quantum cryptography (PQC) offers a complementary approach: classical algorithms that run on existing hardware but are believed to be resistant to quantum computer attacks. In 2022, NIST selected its first set of PQC standards.
Why Quantum Computers Threaten Current Crypto
Shor's algorithm (1994) shows that a sufficiently large quantum computer could factor large integers and compute discrete logarithms in polynomial time. This breaks RSA, DSA, ECDSA, and Diffie-Hellman—the backbone of internet security. Grover's algorithm (1996) provides a quadratic speedup for brute-force search, effectively halving the security of symmetric ciphers like AES (AES-256 provides 128-bit security against a quantum adversary).
Lattice-Based Cryptography
Lattice problems (Learning With Errors, Shortest Vector Problem) are believed to be hard even for quantum computers. NIST standardized CRYSTALS-Kyber (key encapsulation) and CRYSTALS-Dilithium (digital signatures) in 2024. Lattice schemes offer:
- Small key sizes (Kyber public key: ~800 bytes vs RSA-2048: 256 bytes)
- Fast operations (encryption/decryption in microseconds)
- Strong security reductions to well-studied lattice problems
- Flexibility for advanced constructions (homomorphic encryption, attribute-based encryption)
Hash-Based Signatures
SPHINCS+ (now SLH-DSA) provides digital signatures based solely on the security of hash functions. Security is minimal-assumption: it relies only on hash function collision resistance and preimage resistance, properties well-understood for decades. The trade-off is larger signature sizes (~7-50 KB) and slower signing compared to lattice schemes. Ideal for firmware updates, code signing, and other applications where signatures are created infrequently.
Code-Based Cryptography
Based on the hardness of decoding random linear codes (McEliece, 1978). NIST selected Classic McEliece as an additional KEM standard. Advantages include decades of cryptanalysis and very fast decryption. The main drawback is large public keys (~260 KB for the recommended parameters), limiting its use in constrained environments. Code-based schemes are considered one of the most conservative PQC choices.
Hybrid Approach: PQC + QKD
Many organizations deploy both PQC and QKD in a layered defense:
- PQC provides software-only quantum resistance on existing infrastructure
- QKD provides physics-based security for the most sensitive channels
- If either system is broken, the other still protects the data
- The Chinese 2,000 km QKD backbone already uses PQC for classical authentication
Current Deployments
Quantum communication has moved from laboratory demonstrations to operational networks spanning thousands of kilometers. Here are the major deployments worldwide.
China's Micius Satellite (2016)
Launched by the Chinese Academy of Sciences, Micius (墨子号) was the first dedicated quantum communication satellite. Key achievements:
- 2017: Satellite-to-ground QKD over 1,200 km between Micius and stations in China
- 2017: Intercontinental quantum key exchange between Beijing and Vienna (7,600 km) via satellite relay
- 2018: Ground-to-satellite quantum teleportation over 1,400 km
- 2020: Entanglement distribution over 1,200 km, testing Bell inequality violations at cosmic distances
Micius demonstrated that satellite-based QKD is feasible, but key rates remain low (~1 kbps) and links are available only during satellite passes (limited hours per day). Future constellations aim for continuous global coverage.
Beijing-Shanghai Quantum Backbone
China operates a 2,000 km fiber-optic quantum communication link between Beijing and Shanghai, with 32 trusted relay nodes. Each node receives quantum keys from adjacent nodes via fiber QKD, then forwards them classically to the next node. While "trusted" nodes sacrifice end-to-end quantum security, they enable practical long-distance deployment. The backbone supports financial transactions for the Industrial and Commercial Bank of China and government communication.
European Quantum Communication Infrastructure (EuroQCI)
The European Union launched EuroQCI in 2021 to build a pan-European quantum communication network. Key aspects:
- Scope: All 27 EU member states plus associated countries
- Architecture: Fiber-optic backbone for terrestrial links, satellite links for inter-country connections
- Timeline: Initial operational capability by 2027, full deployment by 2030
- Goal: Secure EU governmental communication against quantum threats
- Industry: Partners include Thales, Toshiba Europe, and multiple telecom operators
ID Quantique & Commercial Deployments
ID Quantique (Geneva, Switzerland) is the leading commercial QKD vendor. Products and deployments include:
- Cerba: QKD system for metropolitan networks; up to 100 km fiber range
- Quintessent: Enterprise key management integrating QKD with classical key infrastructure
- SK Telecom partnership: Deployed QKD across Seoul metropolitan area (2020)
- Korean government network: 2,000 km QKD network across South Korea
- Swiss elections: Secured ballot transmission for Geneva cantonal elections
Other commercial players include Toshiba (QKD over 600 km fiber demonstrated), QuantumCTek (China), MagiQ Technologies (US), and SeQureNet (France). The global QKD market is projected to reach $2.3 billion by 2030.
Japan and South Korea
Both countries have invested heavily in quantum networks. Japan's National Institute of Information and Communications Technology (NICT) operates a multi-node QKD testbed in Tokyo. South Korea deployed a national QKD network for government and financial communications, achieving key rates of ~100 kbps at 50 km.
United States
The US approach emphasizes post-quantum cryptography over QKD for most applications, but the Department of Energy operates a quantum network testbed at Argonne National Laboratory. The DARPA Quantum Network (2003-2007) was the first continuously operating QKD network. Companies like Qubitekk and Quantum Xchange offer commercial QKD solutions for government and financial clients.
The Quantum Communication Landscape
Quantum communication stands at an inflection point. The physics is proven, commercial systems are deployed, and major governments are building national infrastructure. Three trends will shape the next decade:
- Scale: From point-to-point links to continental quantum networks with repeaters
- Integration: QKD and post-quantum cryptography deployed together in layered defense
- Standardization: ETSI, ITU-T, and ISO developing quantum-safe communication standards
The convergence of quantum computing threats and quantum communication solutions will fundamentally reshape how we think about secure communication. Whether through the physics of entanglement or the mathematics of lattices, the post-quantum future is being built today.