Key insight

PQC is new mathematics that runs on the hardware you already own — a software update makes you quantum-safe. QKD is new physics that needs special hardware, dedicated fibre, distance-limited links, and only addresses key distribution (not signatures). Security agencies (NSA, UK NCSC) recommend PQC as the mainstream path; QKD is a niche add-on for rare high-value links.

In one sentence

When someone offers you a “quantum-safe” solution, ask whether it’s maths or hardware — almost always, maths (PQC) is the answer you want.

Two different animals

Post-quantum cryptography (PQC) is everything this series is about: new algorithms (ML-KEM, ML-DSA) designed to resist quantum attack that run perfectly on the ordinary computers, phones and servers you already own. No new hardware — update software and you’re protected.

Quantum key distribution (QKD) is a completely different thing: not maths, but physics.

What QKD actually is

QKD uses the quantum properties of individual particles of light (photons) to share a secret key between two locations, so that the laws of physics themselves guarantee any eavesdropper would disturb the photons and be detected. It’s genuinely elegant — measuring a quantum state changes it (recall measurement collapse), so snooping leaves fingerprints.

The strings attached to QKD

PQC vs QKD PQC is software on existing hardware; QKD needs special hardware and dedicated fibre and only does key distribution. PQC · new maths runs on hardware you own software update keys AND signatures standards-backed, deployable now QKD · new physics needs special hardware + fibre distance-limited, costly key distribution ONLY niche high-value links
New maths you roll out in software beats new physics you must build in fibre — for almost everyone.

Side by side

 PQCQKD
Based onMathematics (hard problems)Physics (quantum photons)
HardwareExisting computersSpecial devices + fibre
Deploy bySoftware updateBuilding infrastructure
DistanceAnywhere the internet reachesLimited; needs relays
SolvesKey exchange and signaturesKey distribution only
Agency stanceRecommended mainstreamNot a general replacement

The verdict from the agencies

The UK’s NCSC, the US NSA and others have published guidance recommending PQC as the mainstream answer and cautioning that QKD is not a suitable general replacement today — because of cost, hardware demands, and its silence on authentication. The “niche” where QKD is sometimes considered is a short list of fixed, ultra-high-value point-to-point links where a dedicated fibre already exists — for example a government or defence link between two secure sites, or a backbone hop between two data centres of the same bank — and even there it complements, rather than replaces, PQC (which still does the authentication QKD can’t).

Myth: “QKD is the ultimate quantum-safe upgrade.” QKD is a niche point-to-point tool. It doesn’t sign anything, can’t reach your laptop over the public internet, and needs dedicated fibre. For the overwhelming majority of systems, PQC is the practical, deployable, standards-backed path.
PQC
Post-quantum cryptography — quantum-resistant algorithms running on ordinary hardware.
QKD
Quantum key distribution — sharing keys via quantum physics over special hardware.
ML-KEM / ML-DSA
The two lattice-based PQC standards named here: ML-KEM (Module-Lattice Key-Encapsulation Mechanism, key exchange) and ML-DSA (Module-Lattice Digital Signature Algorithm, signatures).
Photon
A single particle of light; QKD encodes key bits into photon states.
Trusted relay
An intermediate QKD node needed to extend range — a re-introduced trust point.
NCSC (National Cyber Security Centre) / NSA (National Security Agency)
The UK and US cyber-security agencies that recommend PQC over QKD for general use.
ETSI (European Telecommunications Standards Institute)
The standards body that publishes QKD industry specifications for the niche point-to-point cases.

What to carry forward

That completes The New Rulebook. You now know the threat and the replacements. Next — The Readiness Assessment: turning knowledge into a readiness assessment — discovery, crypto-agility, risk classification, and a maturity model. See the series catalogue.

Understand it in your own words

Paste into any AI assistant to check yourself:

I'm learning the difference between PQC and QKD. Quiz me one question at a
time, correcting me gently:

1. In one line each, what is PQC and what is QKD? Which is maths and which
   is physics?
2. Why can PQC be deployed as a software update while QKD cannot?
3. Name three practical limitations of QKD.
4. What crucial security job does QKD NOT do that PQC does?
5. What do agencies like the NSA and UK NCSC recommend, and why?

References & further reading

  1. UK NCSC, Quantum security technologies — guidance recommending PQC over QKD for general use. ncsc.gov.uk
  2. NSA, Quantum Key Distribution (QKD) and Quantum Cryptography FAQ. nsa.gov/cybersecurity
  3. NIST, Post-Quantum Cryptography project — the mathematics-based standards path. csrc.nist.gov
  4. ETSI, Quantum Key Distribution industry specifications (for the niche cases). etsi.org