Author: Marcin Bała, MSc Eng., Chief Technology Officer
Published: May 2026 | Updated: May 2026 | Reading time: 12 minutes
How QKD Works at the Physical Level
The most widespread QKD protocol is BB84, proposed by Bennett and Brassard in 1984. It is the foundation of most commercial systems available today.
The sending party randomly encodes key bits in one of two photon polarisation bases: rectilinear or diagonal. The receiver randomly chooses a measurement basis for each photon. After transmission, over a classical authenticated channel, they compare only which bases they chose - not the values themselves. Photons measured in the matching basis form the raw key. Photons in the mismatched basis are discarded.
The security of QKD is not based on computational difficulty. It is based on the fact that you cannot measure the quantum state of a photon without disturbing it. No quantum computer will change that.
Any eavesdropping attempt introduces errors detectable through QBER (Quantum Bit Error Rate) verification. The security threshold is a QBER above approximately 11% - that level of errors signals the presence of an eavesdropper. The key is discarded and regenerated.
Three QKD Protocols - How They Differ and When Each Makes Sense
Not all QKD systems work the same way. The choice of protocol determines range, operational costs, and hardware requirements.
Protocol
DV-QKD
Most mature
Rangeup to 100 km commercially
Key ratea few to tens of kbps (up to 80 km)
DetectorSPAD or SNSPD (cryogenics)
Best forfirst deployments, short DCI
Protocol
CV-QKD
No cryogenics
Rangeup to 100 km on active fiber
Key ratecomparable to DV-QKD
Detectorstandard telecom detector
Best forlower CAPEX and OPEX, metro
Protocol
TF-QKD
Range record
Rangeup to 254 km without intermediate nodes
Key ratea few hundred bps to a few kbps
Detectorcentral node (Charlie)
Best forinter-city connections
Deployment on Existing Infrastructure - WDM Multiplexing
The biggest myth about QKD is that it requires dedicated "dark fiber" - separate, unused fibers. That was true 10 years ago. Today it is not.
QKD and classical data can share the same fiber through WDM multiplexing, provided proper spectral separation. The main challenge is Raman noise - scattering of photons by the strong classical laser signal generates background noise that interferes with weak quantum signals.
The solution:
QKD on the O-band (1260–1360 nm) with classical traffic on the C-band (1530–1565 nm). The natural physical separation means Raman noise does not transfer effectively across such a large frequency gap. Alternatively: a dedicated channel on the C-band with filtering providing at least 30 dB isolation from adjacent classical channels.
Real Range Limitations
Key generation rate drops exponentially with distance. This is a law of physics, not a sign of technological immaturity. No algorithm will change it.
up to 50 km
a few to tens of kbps
80–100 km
1–10 kbps
150–254 km
a few hundred bps (TF-QKD)
300+ km
out of range
For context: AES-256 with hourly key rotation requires 256 bits per hour — a fraction of kbps. Every commercial QKD system delivers keys with a large margin at distances up to 80 km. The problem arises only with links above 200 km or sub-second rotation requirements.
Trusted Intermediate Nodes
For networks exceeding 100–150 km without TF-QKD, trusted relay nodes are used - physically secured intermediate points where keys are decrypted for one segment and re-encrypted for the next. The security of the entire system is only as strong as the physical security of the weakest node.
Satellite QKD
For ranges beyond fiber capabilities - satellite QKD. China’s Micius satellite demonstrated QKD over 7,600 km. Europe is planning Eagle-1, an experimental satellite targeting late 2026 or 2027. Broader commercial deployments: a perspective for after 2030.
Integration with Existing Cryptographic Infrastructure
QKD does not replace the entire cryptographic infrastructure. It integrates with it through a Key Management System (KMS), which retrieves keys generated by the QKD system and distributes them to existing encryption devices: HSMs, Ethernet line encryptors, VPN gateways.
What to Check Before Ordering Hardware
01
Fiber quality and attenuation
Measure OTDR on every planned segment. O-band (1310 nm): attenuation 0.3–0.4 dB/km (average 0.35 dB/km). C-band (1550 nm): 0.2–0.3 dB/km (average 0.25 dB/km). Do not estimate from geographic distance — measure.
Critical
02
Spectral separation from classical signals
The issue is not limited to channel isolation (minimum 30 dB). Equally important is the bandwidth required for the Q-channel — it can be transmitted on the 1310 nm or 1550 nm band, each configuration requiring its own coexistence analysis with classical traffic. Ask the vendor for tested WDM schemes for your spectral layout.
Critical
03
Physical security of nodes
Certified cabinet or room with access control and entry logging. Important: simply disconnecting a patch cord does not compromise the keys — keys are exchanged using dedicated certificates generated by the QKD system. Disconnecting the quantum path triggers an alarm state and the operator is immediately notified.
04
KMS compatibility with existing encryptors
Verify support for ETSI GS QKD 014 before purchasing QKD hardware. The target standard is ETSI GS QKD 020, which will enable interoperability between devices from different vendors — however its market implementation is still in progress. No support = an additional integration project.
QKD 020 standard in progress
05
Classical channel authentication
QKD requires an authenticated classical channel for reconciliation and key verification. Typically implemented via TLS with a PQC algorithm — verify the implementation with the specific vendor before purchase.
Technical Questions Before a Deployment Decision?
If you already know which protocol interests you - DV-QKD, CV-QKD, or TF-QKD - or you have a specific link to secure and want to check whether the infrastructure can handle it, contact us.
We will go through your fiber, attenuation, spectral separation, and KMS requirements. We will tell you straight what to deploy, in what order, and what to avoid.
FAQ — QKD IN OPTICAL NETWORKS
How does QKD differ from post-quantum cryptography (PQC)?
PQC is an update of mathematical algorithms — fast, cheap, and scalable, but its security still rests on the computational difficulty of mathematical problems. QKD bases its security on the laws of quantum physics — measuring a photon irreversibly changes its state, which guarantees detection of any eavesdropping attempt. The security of QKD is mathematically proven, not estimated. No algorithm or quantum computer will change that.
Which QKD protocol to choose — DV-QKD, CV-QKD, or TF-QKD?
It depends on distance and budget. DV-QKD is the most mature technology, commercially available up to 100 km, but some systems require cryogenics. CV-QKD uses standard telecom detectors without cryogenics — lower CAPEX and OPEX, a good choice for first metro deployments. TF-QKD is the choice for links above 100 km — in 2025 it was demonstrated over 254 km without intermediate nodes, without cryogenics, on commercial fiber in Germany.
Does QKD require separate "dark fiber" or does it work on existing infrastructure?
No separate cables are required. QKD and classical data can share the same fiber through WDM multiplexing, provided proper spectral separation. Typical solution: QKD on the O-band (1260–1360 nm) with classical traffic on the C-band (1530–1565 nm). Alternatively, a dedicated channel on the C-band with at least 30 dB isolation. Important: the issue is not limited to channel isolation — the bandwidth required for the Q-channel is equally important. Always verify the configuration with the QKD vendor.
How far can QKD reach without intermediate nodes?
For commercial DV-QKD and CV-QKD systems — typically up to 80–100 km. For TF-QKD — up to 254 km (demonstration record from 2025). Beyond 300 km without intermediate nodes, current commercial systems do not reach. For longer routes, trusted intermediate nodes or satellite QKD are used. Key generation rate drops exponentially with distance — this is a law of physics, not a technology limitation.
How many keys per second does a QKD system generate and is that enough?
At distances up to 80 km, commercial systems generate keys in the range of a few to tens of kbps. For context: AES-256 with hourly key rotation requires only 256 bits per hour. Performance issues arise only with links above 200 km or extreme sub-second rotation requirements.
What happens if someone physically disconnects the QKD cable?
Simply disconnecting a patch cord does not compromise the keys — keys are exchanged between devices using dedicated certificates generated by the QKD system. Disconnecting the quantum path stops key generation and triggers an alarm state — the operator is immediately notified.
How does QKD integrate with existing encryption systems?
QKD integrates with existing infrastructure through a Key Management System (KMS). The critical step is verifying support for ETSI GS QKD 014. The target standard QKD 020, enabling interoperability between devices from different vendors — market implementation still in progress.
What to check before purchasing QKD hardware?
Five things before placing an order: (1) Measure fiber attenuation with OTDR. (2) Check spectral separation and Q-channel bandwidth in your WDM layout. (3) Verify the physical security of node locations. (4) Check KMS compatibility with existing encryptors — support for ETSI GS QKD 014. (5) Ensure the classical authentication channel is implemented via TLS with a PQC algorithm.
Sources:
Toshiba Europe TF-QKD 254 km, Nature 2025
KDDI/Toshiba multiplexing demonstration, March 2025
Orange France ParisRegionQCI project
LuxQuanta NOVA LQ launch, MWC March 2025
KEEQuant chip-scale QKD announcement, March 2026
Retelit/ThinkQuantum trial, December 2024
Cyprus multi-node QKD network, arxiv December 2025
IonQ/ID Quantique acquisition, February 2025
Toshiba/Orange Business commercial agreement, June 2025
NTT Communications crypto-agile demo, January 2025
GBC Photonics S100 to aktywna platforma DWDM. Umożliwia pełny monitoring warstwy optycznej, automatyczne przełączanie tras, intuicyjne zarządzanie przez WEB GUI i SNMP oraz elastyczną rozbudowę bez wymiany infrastruktury.
