[SAI_Peregrinus]

1. Nothing. Quantum Key Distribution is what they're talking about, and it still requires P!=NP because there's a classical cryptographic step involved (several, actually). It just allows you to exchange symmetric keys with a party you've used classical cryptography to authenticate, it's vulnerable to MITM attacks otherwise. So you're dependent on classical signatures and PKI to authenticate the endpoints. And you're exchanging classical symmetric keys, so still dependent on the security of classical encryption like AES-GCM.

2. Because they're not 100% secure. Only the key exchange step with an authenticated endpoint is 100% secure.

3. Eavesdropping acts like a denial of service and breaks all communications on the channel.

4. It makes the information useless to everyone, both the eavesdropper and the recipients. Attempting to eavesdrop on a QKD channel randomizes the transmitted data. It's a DOS attack. The easier DOS attack is to break the fiber-optic cable transmitting the light pulses, since every endpoint needs a dedicated fiber to connect to every other endpoint.

[staunton]

> Only the key exchange step with an authenticated endpoint is 100% secure.

It's 100% secure in theory, assuming a model of the hardware (which is impossible to verify even if you could build it to "perfectly" satisfy all model assumptions, which of course you also can't).

[SAI_Peregrinus]

Yeah, the key exchange portion is secure. The resulting shared secret in RAM, on the other hand, is only as secure as the computer it's on. The moment you're out of the quantum realm by measuring the exchanged quanta, you lose the 100% security guarantee of the quantum portion of the key exchange. The Q part of QKD is actually secure, it's just that it's also useless and QKD as a whole exists mostly to fleece investors. It's a nerdy party trick, not a serious security mechanism.

[staunton]

There is no such thing as a magical "quantum realm". Devices performing quantum state preparation or measurements are just devices. They aren't perfect and can never be made to "100%" satisfy any assumptions.

The Q part is secure in theory, assuming your devices satisfy a specific theoretical model. That's not a 100% guarantee. In fact, it's just the same kind of guarantee as we get for any other security system: "We carefully examined the system and it seems like it satisfies the assumptions of our theoretical model, thus promising security".

Not that this is a bad thing, it's just that "quantum" doesn't make anything "magically 100% secure". There's no such thing as "100% security".

[SAI_Peregrinus]

Yeah, I should have specified "the photon packet in the fiber" instead of generic "quantum", but there isn't always actually a photon packet even when light is the medium, and there isn't always a fiber, and just mashing it all up as "quantum" was faster. Any interference with the actual stuff that's doing the information exchange will cause the communication to fail, so that one part of the system can't be eavesdropped on passively.