[NoKnowledge]

The article suggests that quantum key distribution (QKD) is a replacement for a courier, but that is not true. Distributing an initial small secret key (which allows authenticity of the post-processing of the quantum measurements) is still required.

Also I think the added value of device-independence is overstated. While it does indeed prevent loss of security by faulty quantum hardware (even if constructed maliciously), there is still a lot of classical post-processing required. That device still needs to be trusted. For example, when the device is outputting the shared key, it still needs to be trusted that it isn't also delivering that key back to Eve.

[mikeiz404]

> The article suggests that quantum key distribution (QKD) is a replacement for a courier, but that is not true. Distributing an initial small secret key (which allows authenticity of the post-processing of the quantum measurements) is still required.

Is checking authenticity needed if you’re communicating with just one party?

From what I understood from the article the data received can be assumed to be random and private between two parties if a high enough win rate is achieved.

Or is checking authenticity to guard against another party taking the entangled particles but not the key used for authenticating?

FYI I don’t have very strong knowledge in this area.

[NoKnowledge]

Yes, otherwise how would you know you are indeed communicating with that party?

Otherwise the standard Person-in-the-Middle attack would apply: Eve (claiming to be Bob) first runs a full protocol session (quantum + classical communication) with Alice, resulting in a shared key X. Then she does the same to Bob, resulting in a key Y. When Alice wants to encrypt a message to Bob, she encrypts with X. Eve can decrypt (and optionally re-encrypt with Y and forward the message to Bob).

[mikeiz404]

So the part I’m getting hung up on is if Eve attempts to MitM the quantum key exchange wouldn’t the probability of winning drop below the acceptable threshold since Eve does not posses the entangled particles? If that’s the case then wouldn’t Alice invalidate the exchange and same for Bob?

[fsh]

Without authentication, any form of communication is susceptible to a man-in-the-middle attack. You simply don't know who you are communicating with.

This makes using QKD very hard to justify in practice. If you have exchanged a pre-shared key (which is required for authentication anyway), you can just use a symmetric stream cipher like AES for encrypting the communication. This is many orders of magnitude cheaper and faster than QKD and works independently of the communication medium. Also it doesn't look like AES is going to be broken anytime soon.

[mikeiz404]

I made a reply to a similar sibling comment over here https://news.ycombinator.com/item?id=30561845