# Talk:Quantum key distribution

 To-do list for Quantum key distribution: Enlarge and correct the E91 section: The "S" in the E91 section is not defined. Further, the section has ${\displaystyle |S|=-2{\sqrt {2}}}$ which is not possible as it has a nonnegative equal to a negative. Add other protocol descriptions (CV, B92, DPS, SARG04 etc.) Illustrate with diagrams [1], [2] and maybe photos of a QC setup

Quantum key distribution has been linked from multiple high-traffic websites.

 13 May 2010 Slashdot Link See visitor traffic 17 May 2010 Slashdot Link See visitor traffic

## Kish cipher

I removed the reference to Kish cypher as a "competing classical technique" because I don't see how it can be said to compete with quantum cryptography, notwithstanding Kish's claims. People are interested in quantum cryptography only because there's a proof from basic physical principles of security against certain attacks. Classical ciphers are orders of magnitude faster, cheaper, and more versatile, but we have no security proof for them (though they seem to be secure). The Kish cipher is comparable to quantum cryptography in speed and versatility, and I can't find any evidence that Kish or anyone else has proved its security. So it seems to combine the disadvantages of classical cryptography with the disadvantages of quantum cryptography, and I don't understand why anyone is interested in it at all. -- BenRG (talk) 11:25, 27 September 2008 (UTC)

While agreeing with the removal of the KLJN ("Kish cypher") because of its irrelevance for quantum physics, one should note that there are general security proofs for it. The most recent and most general one is actually published in a quantum security journal: "On the security of the Kirchhoff-law-Johnson-noise (KLJN) communicator", Quantum Information Processing (2014), see it pre-published on the website of Quantum Information Processing , or DOI 10.1007/s11128-014-0729-7 . The general security proof is based on the continuity of functions in stable classical physical systems, which is the foundation of classical physics. On the other hand, recent cracks and debates of quantum key distribution indicate that the security proof of QKD have been incomplete, thus a general quantum security proof is yet to come. About this and some other issues, see the extensive criticism of quantum informatics founder Charles Bennett's claims about KLN: Critical Analysis of the Bennett–Riedel Attack on Secure Cryptographic Key Distributions via the Kirchhoff-Law–Johnson-Noise Scheme , PLoS ONE 8(12): e81810 . The most recent public debate video on the security of QKD can be seen here, where leading experts of quantum security challenge the security of QKD.

165.91.12.244 (talk) 18:09, 6 February 2014 (UTC)

## Quantum Key Distribution

Quantum Key Distribution (QKD) is NOT synonymous with Quantum Cryptography. Using the terms as such is extremely misleading. In the past 7 or so years many Quantum Secure Direct Communication (QSDC) protocols have been proposed which claim to be provably secure. If they are, then QSDC is probably superior to QKD. Some also claim to have solved the authenticated line problem. Google Quantum Secure Direct Communication for some examples. Redsecure (talk) 23:52, 21 March 2009 (UTC)

I've created the page Quantum Secure Direct Communication redirecting to Quantum cryptography. Feel free to add a section in Quantum cryptography or give it it's own article and we can add a note at the top of Quantum cryptography. Skippydo (talk) 03:41, 23 March 2009 (UTC)

## FPB attack

(Moved from User talk:BenRG)

I recognized that you roll-backed the contents about FPB attack on Quantum Cryptography. But FPB attack is experimentally prooved on 2006. For more information, please see this(paper about the FPB attack experiment). Or what about to describe like this? "Quantum Cryptography is vulnerable to attacks using QND"
Modamoda (talk) 07:40, 19 July 2009 (UTC)

This attack is just the most general form of eavesdropping on the communication channel. QKD protocols are designed to protect against it. It's an attack on QKD in the same way that chosen-plaintext is an attack on ordinary cryptosystems: it's something the designers know about and protect against so that the attack doesn't work in practice. This experimental test doesn't add much because it just verifies the quantum mechanical prediction, which everybody believed anyway. Quantum mechanics is far too well tested to fail in a simple experiment like this. I have nothing against the paper, but if we added a paragraph about every paper like this to the article it would grow ridiculously long. This attack isn't really using Quantum Nondemolition measurement. Saying that QKD is vulnerable to QND measurement is the same as saying that classical cryptography is vulnerable to someone who guesses the key by sheer luck. It's technically true, but we don't worry about it. -- BenRG (talk) 12:06, 19 July 2009 (UTC)
Modamoda (talk) 15:21, 19 July 2009 (UTC)

I have never suggested anything on Wikipedia before, and I am certainly not an expert on cryptography or quantum cryptography. However, I do not undestand this: "The algorithm most commonly associated with QKD is the one-time pad, as it is provably secure when used with a secret, random key." My understanding of the one-time pad is that it must be (at least) the same length (number of bits) as the plaintext, never re-used, and certainly not computable from any shorter "secret, random key". Unless I am misinformed, the quoted statement is incorrect and should be removed. —Preceding unsigned comment added by 24.78.1.239 (talk) 17:41, 13 September 2009 (UTC)

My knowledge about OTP(One-time pad) is not like that. I think OTPs don't have to have(or generate) same length with the Plaintext.
- Modamoda (talk) 09:52, 14 September 2009 (UTC)

" Perfect data secrecy may not seem possible, particularly if potential attackers are given absurd amounts of time (and can run brute force searches in parallel). But, oddly enough, there is an encryption algorithm that can't be broken if used properly: the one-time pad. What is even stranger is that the algorithm is incredibly simple.

The basic idea behind a one-time pad is that there's as much key material as there is text. The encryption operation can be simple modular addition. In computer-based uses, it is often XOR.

"Here's the simple algorithm for one-time pads: For each plain text message, generate a random secret key. The key should be exactly the same length as the plain text message. The cipher text is created by simply XOR-ing the plain text with the key." (from http://www.ibm.com/developerworks/library/s-pads.html ) —Preceding unsigned comment added by 24.78.1.239 (talk) 22:21, 14 September 2009 (UTC)

Using a one-time pad with QKD is indeed meaningful. And as you point out, a one-time pad isn't computed from a shorter secret key -- basically, you'd use just whatever you got from the QKD. And of course, you'd use each bit of quantum-arranged key exactly once. Asrabkin (talk) 22:03, 8 October 2009 (UTC)

## Quantum Cryptography vs QKD

(moved from TODO list)

This page should really be called "Quantum Key Distribution" NOT "quantum cryptography" since the latter refers to a much wider range of tasks (e.g. Quantum bit commitment) —Preceding unsigned comment added by 192.33.98.48 (talk) 26 January 2019 (UTC)

I think this has been mentioned before, and the "quantum key distribution" page does redirect to here. However as there's very few non-qkd quantum cryptography pages (there is no quanutm bit commitment page for example) on wikipedia, a general quantum crytography page would probably just link to this page currently. If anyone can find enough non-qkd pages to make a quantum cryptography article viable, this page could be moved to "quantum key distribution". We'd have to make sure we avoid confusion though, as almost everyone looking up "quantum cryptography" is looking for information on qkd, and probably arn't aware of the technical difference. centie (talk) 13:13, 23 March 2010 (UTC)

NO, i think the name of this page is correct, because mainly quantum cryptography consist in distribution of the key in a secure proofed way, then after key distribution classical cryptographic system (one time pad) are used to exchange messages. I have many references articles about this and i am surprised that any one of them is not in this page. -Undestading Quantum cryptography - idquantique -Talking on quantum cryptography- Samuel J.Lomonaco -Experimental Quatum cryptography- Bennet, Bessete, Brassard (actually i am studing quatum authentication) —Preceding unsigned comment added by Albanx (talkcontribs) 20:19, 31 May 2010 (UTC)

It is certainly not correct that quantum cryptography is the same as QKD. In fact, a lot of today's quantum papers in the crypto community deal with other quantum cryptographical problems. For example, in this year's Crypto and Eurocrypt (arguably the most important cryptography conferences), there are five quantum papers, and only one of them deals with QKD. And if you would prefer the opinion of a recognized authority, I talked to Charles Bennett, and he agreed that the fact that Wikipedia considers quantum crypto as a synonym for QKD is misleading. I agree with Centie's comment that most people are not aware of the difference between QKD and quantum cryptography, but I believe that this is even more of a reason to make the difference clear (Wikipedia should educate, not reinforce preconceptions). But of course, the intro of a quantum crypto article should make it quite clear that QKD is a main application, and prominently link to it (to avoid any confusion). My suggestion is the following structure:

• Move the current quantum crypto article to a QKD article
• Write a quantum crypto article with the following content
• Intro: What is quantum crypto ("any crypto that uses or is secure against quantum") + prominent link to QKD
• (Very short) sections on different quantum crypto topics:
• Quantum OT from commitment (following Crepeau, Kilian, FOCS 88)
• Impossibility of unconditionally secure quantum commitment
• Bounded quantum storage model
• Quantum zero-knowledge
• Post-quantum cryptography
• Quantum multi-party computation

I would be willing to do all this, assuming there are no good arguments against this. Dominique Unruh (talk) 07:37, 13 July 2010 (UTC)

## Serna

I've never heard of Serna or his protocol. The only documentation at all is one three-page brief on the arXiv that has apparently never been refereed or published. With only an IP address (and the same IP address) having put in the edits for Serna, seems likely to be a self-insertion. Should be deleted? Rdv (talk) 13:28, 22 October 2011 (UTC)

The article is unpublished, unreferenced (save 1 survey), and I can find no evidence Serna is a scientist. I'm sure we can find some wiki policies to support removal on that basis.
As for the science, the article is poorly written and lacks prior plausibility, claiming to be immune to man-in-the-middle attacks. I don't think the article is worth reading carefully. Skippydo (talk) 18:23, 22 October 2011 (UTC)
Personally, I agree as to the quality of the paper, but that's not the right basis for editing Wikipedia. It's more the matter of the scientific community's judgment, which seems to be clearly on the side of the paper being below the threshold for attention. Rdv (talk) 22:31, 22 October 2011 (UTC)

## BB84 protocol

I think that the sentence "the protocol is designed with the assumption that an eavesdropper (referred to as Eve) can interfere in any way with both [channels]" is a too strong statement. I think it's okay for Eve to do anything with the quantum channel and to eavesdrop classical channel but if she could intercept and resend the classical channel when they comapre they measurements she could ruin everything. Panina-manina (talk) 12:28, 15 December 2012 (UTC)

Maybe cite at section Implementations/Experimental? recent (2013) "Experimental quasi-single-photon transmission from satellite to earth", Juan Yin et all.

NOTE: there are significant conclusions, "These results are sufficient to set up an unconditionally secure QKD link between satellite and earth, technically (...) results represent an crucial step towards the final implementation of high-speed QKD between the satellite and the ground stations, which will also serve as a test bed for secure intercontinental quantum communication".

--Krauss (talk) 00:42, 14 December 2014 (UTC)

Hello fellow Wikipedians,

I have just modified 11 external links on Quantum key distribution. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{Sourcecheck}}).

You may set the |checked=, on this template, to true or failed to let other editors know you reviewed the change. If you find any errors, please use the tools below to fix them or call an editor by setting |needhelp= to your help request.

• If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
• If you found an error with any archives or the URLs themselves, you can fix them with this tool.

If you are unable to use these tools, you may set |needhelp=<your help request> on this template to request help from an experienced user. Please include details about your problem, to help other editors.

Cheers.—InternetArchiveBot 16:33, 16 July 2016 (UTC)

Hello fellow Wikipedians,

I have just modified 8 external links on Quantum key distribution. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{Sourcecheck}}).

You may set the |checked=, on this template, to true or failed to let other editors know you reviewed the change. If you find any errors, please use the tools below to fix them or call an editor by setting |needhelp= to your help request.

• If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
• If you found an error with any archives or the URLs themselves, you can fix them with this tool.

If you are unable to use these tools, you may set |needhelp=<your help request> on this template to request help from an experienced user. Please include details about your problem, to help other editors.

Cheers.—InternetArchiveBot 12:46, 21 July 2016 (UTC)

## Intercept & Resend

I believe the chance of being noticed is 1-(1/2)^n as Alice & Bob will only be comparing bits where their bases match, therefore Eve had a 50% chance of guessing the right basis in this situation. — Preceding unsigned comment added by 195.176.3.122 (talk) 14:34, 9 May 2017 (UTC)