Major body of work says focus on PQC

An alternative to post-quantum cryptography is the idea of using the quantum effects of photons (or other subatomic particles) to generate a secret key between two parties. This concept, Quantum Key Distribution (QKD) is thought to be a reliable way to detect any interception or eavesdropping on a channel, and it’s true to say it’s gained some significant attention in the media.

In response, ANSSI, BSI, NLNCSA and the Swedish Armed Forces recently published a joint position paper, outlining their insights into QKD and its relevance to the threat of a quantum computer.

Position Paper on Quantum Key Distribution, 26.01.24
The paper, aimed at a general audience, describes the basic physics behind Quantum Key Distribution. It explains some of the potential use-cases, and points to the theoretical possibility for QKD as a secure defence against a computational attack. However, the position paper also draws the conclusion that QKD is both inherently limited, and incapable of providing rigorous end-to-end security at present. There are a number of reasons why, including distance limitations, physical and practical constraints, the need for a classically shared key, and the lack of comprehensive security proofs that would be necessary to establish a secure QKD protocol.

In summary, the position paper suggests that outside niche cases, QKD is not suitable as a replacement for classical key agreement schemes, as opposed to the mathematical approach of post-quantum cryptography. This confirms our view that the primary focus for quantum security should remain on PQC.