Key insight
PQC is new mathematics that runs on the hardware you already own — a software update makes you quantum-safe. QKD is new physics that needs special hardware, dedicated fibre, distance-limited links, and only addresses key distribution (not signatures). Security agencies (NSA, UK NCSC) recommend PQC as the mainstream path; QKD is a niche add-on for rare high-value links.
When someone offers you a “quantum-safe” solution, ask whether it’s maths or hardware — almost always, maths (PQC) is the answer you want.
Two different animals
Post-quantum cryptography (PQC) is everything this series is about: new algorithms (ML-KEM, ML-DSA) designed to resist quantum attack that run perfectly on the ordinary computers, phones and servers you already own. No new hardware — update software and you’re protected.
Quantum key distribution (QKD) is a completely different thing: not maths, but physics.
What QKD actually is
QKD uses the quantum properties of individual particles of light (photons) to share a secret key between two locations, so that the laws of physics themselves guarantee any eavesdropper would disturb the photons and be detected. It’s genuinely elegant — measuring a quantum state changes it (recall measurement collapse), so snooping leaves fingerprints.
The strings attached to QKD
- Special hardware at both ends — not a software update.
- Dedicated physical link, typically dedicated optical fibre.
- Distance-limited — signal degrades; long links need trusted relay stations (which reintroduce trust problems). At each relay the key is decrypted and re-encrypted in the clear inside the box, so the physics guarantee stops at the relay: you have to fully trust every relay operator and site, and a single compromised relay can read the key. That’s the very trust assumption QKD was supposed to remove.
- Key distribution only — does nothing for signatures/authenticity, which is half the threat.
- Cost — heavy capital expense per link.
Side by side
| PQC | QKD | |
|---|---|---|
| Based on | Mathematics (hard problems) | Physics (quantum photons) |
| Hardware | Existing computers | Special devices + fibre |
| Deploy by | Software update | Building infrastructure |
| Distance | Anywhere the internet reaches | Limited; needs relays |
| Solves | Key exchange and signatures | Key distribution only |
| Agency stance | Recommended mainstream | Not a general replacement |
The verdict from the agencies
The UK’s NCSC, the US NSA and others have published guidance recommending PQC as the mainstream answer and cautioning that QKD is not a suitable general replacement today — because of cost, hardware demands, and its silence on authentication. The “niche” where QKD is sometimes considered is a short list of fixed, ultra-high-value point-to-point links where a dedicated fibre already exists — for example a government or defence link between two secure sites, or a backbone hop between two data centres of the same bank — and even there it complements, rather than replaces, PQC (which still does the authentication QKD can’t).
- PQC
- Post-quantum cryptography — quantum-resistant algorithms running on ordinary hardware.
- QKD
- Quantum key distribution — sharing keys via quantum physics over special hardware.
- ML-KEM / ML-DSA
- The two lattice-based PQC standards named here: ML-KEM (Module-Lattice Key-Encapsulation Mechanism, key exchange) and ML-DSA (Module-Lattice Digital Signature Algorithm, signatures).
- Photon
- A single particle of light; QKD encodes key bits into photon states.
- Trusted relay
- An intermediate QKD node needed to extend range — a re-introduced trust point.
- NCSC (National Cyber Security Centre) / NSA (National Security Agency)
- The UK and US cyber-security agencies that recommend PQC over QKD for general use.
- ETSI (European Telecommunications Standards Institute)
- The standards body that publishes QKD industry specifications for the niche point-to-point cases.
What to carry forward
- PQC = new maths, software update, does keys and signatures. QKD = new physics, special hardware, keys only.
- QKD is distance-limited, costly, and needs trusted relays — niche, not mainstream.
- Agencies (NSA, NCSC) recommend PQC as the path; QKD is an optional layer for rare high-value links.
- Litmus test: maths or hardware? For being quantum-safe, choose the maths.
That completes The New Rulebook. You now know the threat and the replacements. Next — The Readiness Assessment: turning knowledge into a readiness assessment — discovery, crypto-agility, risk classification, and a maturity model. See the series catalogue.
Understand it in your own words
Paste into any AI assistant to check yourself:
I'm learning the difference between PQC and QKD. Quiz me one question at a
time, correcting me gently:
1. In one line each, what is PQC and what is QKD? Which is maths and which
is physics?
2. Why can PQC be deployed as a software update while QKD cannot?
3. Name three practical limitations of QKD.
4. What crucial security job does QKD NOT do that PQC does?
5. What do agencies like the NSA and UK NCSC recommend, and why?
References & further reading
- UK NCSC, Quantum security technologies — guidance recommending PQC over QKD for general use. ncsc.gov.uk
- NSA, Quantum Key Distribution (QKD) and Quantum Cryptography FAQ. nsa.gov/cybersecurity
- NIST, Post-Quantum Cryptography project — the mathematics-based standards path. csrc.nist.gov
- ETSI, Quantum Key Distribution industry specifications (for the niche cases). etsi.org