The Future of Cybersecurity
In the field of cybersecurity, Quantum Key Distribution (QKD) is often touted as a “100% secure by the laws of physics” alternative to addressing quantum future threats. QKD allows two remote parties to agree on a shared secret key using an insecure quantum channel and an authenticated classical communication channel.
The theoretical security of QKD protocols is based on quantum-physical principles, which means they are theoretically secure even against attackers with unlimited computational power or future algorithmic advances. Furthermore, QKD can detect the presence of eavesdroppers, since any non-trivial interaction with a quantum state changes it, which can be detected by the involved parties.
Limitations of QKD
However, QKD faces its own limitations, which are rarely discussed by vendors and which seriously compromise its applicability. Many experts agree that this technology has not yet reached the maturity necessary to offer the security levels required in most applications.
Recently, cybersecurity agencies in the Netherlands (NLNCSA), France (ANSSI), Germany (BSI) and Sweden (Swedish NCSA) published his position regarding Quantum Key Distribution in a paper highlighting the main limitations of QKD:
- Limited functionalityWhile post-quantum cryptography (PQC) can address multiple cryptographic purposes such as encryption, digital signatures, and key agreement, QKD is limited exclusively to key distribution. Furthermore, to ensure its security, it requires additional cryptographic authentication mechanisms based on classical systems, which complicates its implementation and operation.
- Lack of standardizationQKD has not undergone a rigorous standardization process, such as that carried out by NIST for PQC. This creates uncertainty regarding its interoperability and reliability in practical applications, since without technical consensus, the evaluation and widespread adoption of this technology is difficult.
- Insufficient safety testingThe mathematical models currently used to test the security of QKD are theoretical and do not adequately reflect real-world conditions. Furthermore, comprehensive security tests that comprehensively address practical vulnerabilities have not yet been developed, leaving significant gaps in their implementation.
- Distance limitationsQKD communication relies on quantum channels such as optical fiber or free-space channels, which are subject to exponential signal loss as distance increases. Currently, commercial implementations reach maximum distances of a few hundred kilometers. Although quantum repeaters represent a potential solution, they are still in the research stages and, in their current form, act as trusted nodes, introducing risks to the access of sensitive information.
- High costs and complexityQKD requires specialized quantum infrastructure, such as single-photon sources and detectors, which are very expensive to acquire and maintain. This makes its adoption impractical for mass applications and increases the risks associated with hardware-specific attack vectors. Furthermore, detecting eavesdropping attempts can trigger denial-of-service attacks that have not been fully studied.

The immediate future lies with the PQC
Post-quantum cryptography (PQC), for its part, comprises a set of cryptographic mechanisms designed to be secure against classical and quantum computer attacks.
Unlike QKD, PQC is based on complex mathematical problems whose resolution is beyond the reach of known quantum algorithms. Furthermore, it can be implemented on classical hardware, allowing its integration into existing communication infrastructures. In fact, has undergone rigorous standardization processes, which reinforces its reliability and facilitates its widespread adoption.
In summary, Post-quantum cryptography is more mature, flexible and accessible than QKDPQC can be easily integrated into existing technologies without requiring massive investments in infrastructure. Although research into QKD is advancing rapidly, according to these four security agencies, the time has not yet come to rely on this technology to ensure the security of our communications.
In this context, according to their recommendation, organizations should prioritize migration to post-quantum cryptography to mitigate future risks.
What do you think about this perspective? Is your organization already considering transitioning to PQC? Share your thoughts in the comments!
Find out everything in our Blog and train in Cybersecurity with our Professional Master's Degree in Cybersecurity Management, Ethical Hacking, and Offensive Security.