Definition
Quantum cryptography is any cryptographic technique whose security rests on the physics of quantum systems rather than the difficulty of a mathematical problem. The best-known example is quantum key distribution (QKD), which uses the measurement properties of single photons to let two parties agree on a shared secret with a guarantee that eavesdropping is detectable.
In everyday conversation "quantum cryptography" is often used loosely to mean anything to do with quantum computers and security. The precise meaning matters, because it changes what you should actually deploy.
Quantum vs post-quantum
- Quantum cryptography uses quantum physics as its primitive. It needs specialised hardware and dedicated links, and it typically solves key agreement — not authentication or signing.
- Post-quantum cryptography is classical mathematics running on ordinary computers, chosen because the underlying problem is believed to be hard for both classical and quantum machines.
- Almost every "quantum-safe" migration in wallets, browsers, VPNs, cloud KMS and blockchain protocols is post-quantum. See Post-Quantum Cryptography.
Quantum key distribution
QKD is the mature, deployable branch of quantum cryptography. It requires optical fibre or free-space links, dedicated endpoint hardware, and typically a trusted-node network to extend beyond a few tens of kilometres. It is used today by a handful of banks, telecom operators, and government-adjacent networks.
QKD does not authenticate the parties; it needs a classical authenticated channel to bootstrap. That is one of several reasons NSA, NCSC-UK and BSI recommend post-quantum cryptography over QKD for national-security workloads. Links to those advisories live on the Sources page.
When it's relevant
Quantum cryptography, specifically QKD, is worth investigating if you meet all of these:
- You control both endpoints of a dedicated physical link (fibre or free-space).
- You have a very long confidentiality horizon (decades, not years) for data on that link.
- You accept the operational cost of specialised hardware and the fact that authentication is still classical.
What you actually need
For every other case — TLS on the public internet, VPN tunnels, code signing, blockchain signatures, disk encryption at rest — the answer is post-quantum cryptography. Start with Business Readiness for an organisational baseline, or Wallet Scanner if you hold crypto directly.
Frequently asked questions
What is quantum cryptography?
Quantum cryptography is a family of techniques that use the physics of quantum systems — most famously quantum key distribution — to provide communication guarantees that are impossible under classical cryptography. In popular usage the term is often confused with post-quantum cryptography, which is very different and unrelated in mechanism.
Is quantum cryptography the same as post-quantum cryptography?
No. Quantum cryptography uses quantum physics (for example single-photon key exchange) as its primitive. Post-quantum cryptography uses classical mathematics believed to be hard for both classical and quantum computers. Post-quantum cryptography is what NIST is standardising and what almost every internet-scale migration is actually about.
Do I need quantum cryptography today?
Almost certainly not. Quantum key distribution requires purpose-built hardware and dedicated fibre or free-space links, and it does not solve authentication. For nearly every organisation and every crypto user, the practical concern is post-quantum cryptography — replacing today's RSA and elliptic-curve algorithms with quantum-resistant ones.
Will quantum computers break current cryptography?
A sufficiently large fault-tolerant quantum computer would break RSA, elliptic-curve Diffie-Hellman, and ECDSA using Shor's algorithm. No such machine exists today and public estimates place the earliest plausible date years to decades away. The realistic risk today is 'harvest now, decrypt later': data recorded now that must stay confidential past that horizon.