Quantum key distribution (QKD) implements a cryptographic protocol involving components of quantum mechanics. It enables two parties to produce a shared random secret key known only to them, which can then be used to encrypt and decrypt messages.

It is often incorrectly called quantum cryptography, as it is the best-known example of a quantum cryptographic task.

An important and unique property of quantum key distribution is the ability of the two communicating users to detect the presence of any third party trying to gain knowledge of the key.

This results from a fundamental aspect of quantum mechanics: the process of measuring a quantum system in general disturbs the system. A third party trying to eavesdrop on the key must in some way measure it, thus introducing detectable anomalies.

By using quantum superpositions or quantum entanglement and transmitting information in quantum states, a communication system can be implemented that detects eavesdropping.

If the level of eavesdropping is below a certain threshold, a key can be produced that is guaranteed to be secure (i.e., the eavesdropper has no information about it), otherwise no secure key is possible and communication is aborted.

The security of encryption that uses quantum key distribution relies on the foundations of quantum mechanics, in contrast to traditional public key cryptography, which relies on the computational difficulty of certain mathematical functions, and cannot provide any mathematical proof as to the actual complexity of reversing the one-way functions used.

QKD has provable security based on information theory, and forward secrecy.

The main drawback of quantum key distribution is that it usually relies on having an authenticated classical channel of communications.

In modern cryptography, having an authenticated classical channel means that one has either already exchanged a symmetric key of sufficient length or public keys of sufficient security level.

With such information already available, in practice one can achieve authenticated and sufficiently secure communications without using QKD, such as by using the Galois/Counter Mode of the Advanced Encryption Standard.

Thus QKD does the work of a stream cipher at many times the cost. Noted security expert Bruce Schneier remarked that quantum key distribution is “as useless as it is expensive”.

Quantum key distribution is only used to produce and distribute a key, not to transmit any message data.

This key can then be used with any chosen encryption algorithm to encrypt (and decrypt) a message, which can then be transmitted over a standard communication channel. The algorithm most commonly associated with QKD is the one-time pad, as it is provably secure when used with a secret, random key.

In real-world situations, it is often also used with encryption using symmetric key algorithms like the Advanced Encryption Standard algorithm.