Quantum key distribution (QKD) was conceived by Charles Bennett and Gilles Brassard in December of 1984. In the ensuing 39 years QKD systems have been deployed around the world to provide secure encryption for terrestrial as well as satellite communication. In 2016 the National Institute of Standards and Technology (NIST) began a program to standardize a series of quantum resistant algorithms to replace our current encryption standards thereby protecting against future quantum computers breaking public key cryptography. This program is known as post quantum cryptography or PQC. One of the tenets of cybersecurity is to use an approach that simultaneously provides multiple protections known as defense-in-depth. This approach seeks to avoid single points of failure. The goal of this paper is to examine the suitability of a hybrid QKD / PQC defense-in-depth strategy. A focus of the paper will be to examine the sufficiency of initial QKD hardware authentication (entity source authentication) which is necessary to guard against man-in-the-middle attacks.

翻译：量子密钥分发（QKD）由查尔斯·贝内特与吉勒·布拉萨于1984年12月提出。在其后的39年间，QKD系统已部署至全球各地，为地面及卫星通信提供安全加密。2016年，美国国家标准与技术研究院（NIST）启动了一项标准化进程，旨在建立一系列抗量子算法以取代现有加密标准，从而防范未来量子计算机破解公钥密码学。该计划被称为后量子密码学（PQC）。网络安全的基本原则之一是采用同时提供多重防护的深度防御策略，其核心在于避免单点故障。本文旨在探讨QKD/PQC混合深度防御策略的适用性，重点分析初始QKD硬件认证（实体源认证）的充分性——该认证机制是抵御中间人攻击的必要手段。