Gruppo TIM
Gruppo TIM

Quantum Key Distribution (QKD): a disruptive technology

The quantum computing development and the prospect of its widespread diffusion are challenging the existing classical cryptography protocols security.

At the same time, the advent of quantum computers has given impetus to the search for innovative solutions to face the threats that derive from; among them one technology in particular emerges: Quantum Key Distribution.

For some years there has been a lot of talk about Quantum Key Distribution systems as unassailable or unbreakable encryption systems.

QKD took nearly 40 years to evolve, however, it is now one of the main technological competition areas between the various countries.


The current state of cryptography

Public key cryptography is vital to online security and is used in a variety of everyday systems, from banking to the mobile applications we use every day.

When two or more parties want to communicate, in the current state of technology, public key cryptography ensures that the information is confidential and accurate and that the correct parties are communicating.

At the base of every public key scheme there is a “complex” mathematical problem, that is of hard (but not impossible) resolution, or with a high “numerical complexity”.

If a person or a computer can effectively solve this problem, they can bypass the cryptographic system.

Not all complex mathematical problems are suitable for use in cryptography; the key feature is that the problem must be hard to solve in one direction, but easy in the opposite direction.

For example, it is easy to multiply two large prime numbers, but it is very difficult to factor a large number into the prime numbers that constitute it (in particular as the size and quantity of prime numbers that factor the chosen number increase).

Public key cryptography currently in use relies on problems involving prime number factorization (RSA), discrete logarithms (Diffie-Hellman), and elliptic curves (ECC).

Even if these seem different problems, in reality they are all cases of a general problem called the problem of the “abelian hidden subgroup”, substantially linked to the difficulty of factoring in prime numbers.

This problem is difficult to solve, especially with classical algorithms that have a so-called (sub)exponential complexity.

It would take years to break current public key cryptography with even the most powerful of computers, assuming the system is implemented correctly.


The danger exposed by the quantum computer

The symmetric (or private key) cryptography in use today has not been immune to the advent of quantum algorithms: in 1996 the computer scientist Lov Grover theorized an algorithm (Grover’s algorithm) capable of finding the private cryptographic key shared between the communicating parties, quadratically faster than the classical techniques.

The threat remained at a purely theoretical level at least until the first decade of the new millennium, when several technological giants such as IBM, Google and D-Wave began investing in the construction of a quantum computer.

The efforts of these companies led to the development of some limited capacity and size prototypes, in terms of computing power and memory.

Although, at the moment, the prototype models still have essentially no impact on real applications, these represent an encouraging starting point for future developments and allow the main companies to hypothesize more concrete technological paths that lead to the realization of a quantum computer with such potential, as to decode traditional cryptographic protocols.

It is not yet clear if and when this goal will be achieved and the most optimistic estimates speak of at least ten years.

With this in mind, the cryptographic community cannot be caught unprepared by the possibility that in the medium to long term the Shor algorithm can be successfully implemented to break the public key schemes in use today.

Furthermore, these implications represent a criticality that cannot be ignored even in relation to today’s information protection, especially if it needs to remain confidential for long periods of time.

More concretely, an attacker interested in obtaining information inaccessible today could limit himself to intercepting it encrypted and one day, with the technological evolution of the quantum computer, decrypt it following that strategy often described as “store now, decrypt later”.


The role of Quantum Key Distribution (QKD)

Quantum Key Distribution is a method for solving the problem of distributing secret keys between Alice (A) and Bob (B) – two communicating nodes – over an insecure channel, enabling the two parties to produce and share a random secret key only between of them, which can then be used by a classic encryption system to encrypt and decrypt their messages, regardless of the attacker’s computing capacity.

It is a bypass of the threat exposed by quantum computers, as it does not act at a mathematical level, like Post-Quantum Cryptography (PQC), but exploits the principles of quantum mechanics, allowing to distribute symmetric keys in an uninterceptible way.

QKD uses the quantum properties of photons (such as poor interaction with matter and the ability to maintain their quantum state in a suitable medium, such as an optical fiber, for a few microseconds, in the form of phase or angular momentum) to effect the exchange of a symmetric cryptographic key, which can be used to encrypt messages subsequently exchanged through a “traditional” channel.

The QKD security is based on fundamental laws of physics, which are therefore insensitive to increasing computing power, new attack algorithms or quantum computers.

It is based on a fundamental feature of quantum mechanics: Heisenberg’s uncertainty principle, according to which a physical quantity cannot be measured without interfering with it: the act of measuring the state of a light quantum destroys it.

With this type of systems, security derives precisely from the fact that any malicious actor, who tries to intercept an exchange of information, will inevitably leave detectable traces in the form of errors in the transmitted key.

At this point, the two parties Alice and Bob can decide to use a new symmetric key or stop the transmission.

The QKD formally also has a second advantage given by its security, wich derives exclusively from information theory (information-theoretically secure).

This, in fact, is not based on the alleged difficulty of the mathematical problems used, remaining preserved even when the opponent has an unlimited, or enormous, computing power, such as that offered by a quantum computer.

Another important operational QKD feature, when used in sequence to produce successive encryption keys, is the property called “forward-secrecy” of the keys: the keys subsequently exchanged on a QKD Link are independent of each other.

Therefore, the potential compromise of one of them cannot lead to the compromise of the others.

This is a particularly valuable feature both for high security networks and for long-term data storage (everlasting security).

A QKD implementation (a QKD Link) typically includes the following components:

  • A optical fiber transmission channel to send qubits of information between the transmitter (Alice) and the receiver (Bob).
  • A traditional and public but authenticated communication link between the two parties to carry out the key-post-exchange phases.
  • A key exchange protocol that leverages quantum properties to ensure security by detecting eavesdropping or errors, and calculating the amount of information that has been intercepted or lost.


Telsy and the QKD

Recently, Telsy join the share capital of QTI srl, an Italian leading company in the QKD field, which allowed the development of an end-to-end encryption system compatible with the current telecommunications infrastructure for civil and military applications, based on the integration between QTI’s QKD system and Telsy’s classical cryptography solutions.

Quell-X is the solution proposed by QTI and Telsy, a QKD system consisting of an Alice unit and a Bob unit capable of generating quantum keys for ultra-secure communications.

The security of the keys is guaranteed by the laws of quantum physics, which make it possible to identify any eavesdropper in the communication channel.

The great versatility of Quell-X allows its implementation on any network configuration: point-to-point links, trusted note configuration, more advanced network types (i.e., ring or star networks).

QTI systems can be fully integrated into existing Telecom networks thanks to the devices flexibility, which operate in C-band and O-band configurations.

The Quell-X product family consists of three main versions:


The core product of the range: ensures reliable and high performance in quantum key generation. The product includes a standardized key management unit and is compatible with third-party ciphers.


Quell-X based end-to-end encryption system. This version includes, in a fully integrated solution, Telsy’s cipher units and quantum keys generated by QTI’s QKD system.


The Quell-X version for academic and research activities. This product generates raw key data for customized post-processing protocols open to future developments. Quell-XR is a customizable platform and can interface with third party detectors.



Here are some of the practical applications and uses of Quantum Key Distribution:

  • Cryptographic key distribution infrastructures
  • Data center security
  • Protection of medical data
  • National and transnational backbones
  • Long distance key distribution based on trusted nodes
  • Distribution of keys on reconfigurable networks (star, ring, software defined networks)
  • Governmental and financial data security
  • Safety of critical infrastructures: airports, ports, gas-distribution and power-grids distribution

Learn more about our Quantum solutions.