Lattice based cryptography vs BB84


Am I correct in thinking that post-quantum cryptography such as lattice-based solutions run on classical computers are resistant to quantum attacks (as opposed to RMS), whereas quantum key distribution schemes such as the BB84 are designed to run on quantum computers to communicate between them?

Matthew Giles

Posted 2018-10-07T14:25:43.680

Reputation: 103

2"Am I correct"-type questions are not well suited for here. I mean, what would be an answer: "Yes"? – Norbert Schuch – 2018-10-07T14:29:28.370

Short answer: 1. Yes, you are right. 2. You don't need a full QC to run BB84, just some quantum device (which, I guess, is what you mean). – Norbert Schuch – 2018-10-07T14:29:58.670



Post-quantum crypto schemes run on classical computers and are hoped to be secure against quantum attacks. Quantum key distribution such as bb84 or e91 run on quantum hardware (although does not require the full power of a quantum computer) and is provably secure (subject to certain underlying assumptions about lab security etc) against quantum attack.


Posted 2018-10-07T14:25:43.680

Reputation: 35 722

It is important to note that all QKD algorithms involve a significant classical components for authentication, information reconciliation, and privacy enhancement. While these may be provably resistant against quantum attack they are quite complex. Hence there may be vulnarabilities in specific implementations. – Bruno Rijsman – 2019-12-15T16:41:29.657