|
|
|
|
|
|
by SAI_Peregrinus
50 days ago
|
|
|
The big hardware issue is that QKD requires point-to-point links between the endpoints that authenticate to one another. That doesn't scale well to more than a handful of endpoints. Even if the endpoint hardware is free. The big logical issue is that QKD requires a classically-authenticated channel, so you either need a post-quantum signature scheme (at which point why bother with QKD since you can usually use the same computational hardness assumptions to construct a post-quantum key exchange scheme & use AES-GCM or ChaCha20-Poly1305), or you need pre-shared symmetric key material & a Wegman-Carter MAC a la Poly1305 (at which point why bother since you can just use AES-GCM or ChaCha20-Poly1305). |
|
|