NSA officially rejects QKD and QC for National Security Systems, endorsing post-quantum cryptography as cheaper and more practical.
Key Takeaways
QKD only handles key distribution, not authentication; asymmetric crypto or pre-shared keys are still required for source authentication.
Security is implementation-dependent, not physics-guaranteed; multiple published attacks on commercial QKD systems (faked states, time-shift, large pulse) confirm real-world gaps.
QKD requires dedicated fiber or free-space links, hardware-only deployment, no software path, and no easy patch/upgrade cycle.
Trusted relay nodes in QKD networks add cost, require secure facilities, and expand insider threat surface.
NIST post-quantum algorithm standardization is NSA’s preferred path; guidance update expected via CNSSP-15 after NIST completes selection.
