Quantum key distribution (QKD) allows Alice and Bob to agree on a shared secret key, while communicating over a public (untrusted) quantum channel. Compared to classical key exchange, it has two main advantages: (i) The key is unconditionally hidden to the eyes of any attacker, and (ii) its security assumes only the existence of authenticated classical channels which, in practice, can be realized using Minicrypt assumptions, such as the existence of digital signatures. On the flip side, QKD protocols typically require multiple rounds of interactions, whereas classical key exchange can be realized with the minimal amount of two messages. A long-standing open question is whether QKD requires more rounds of interaction than classical key exchange. In this work, we propose a two-message QKD protocol that satisfies everlasting security, assuming only the existence of quantum-secure one-way functions. That is, the shared key is unconditionally hidden, provided computational assumptions hold during the protocol execution. Our result follows from a new quantum cryptographic primitive that we introduce in this work: the quantum-public-key one-time pad, a public-key analogue of the well-known one-time pad.

翻译：摘要：量子密钥分发（QKD）允许Alice和Bob在通过公共（不可信）量子信道通信时商定共享密钥。与经典密钥交换相比，它有两个主要优势：（i）密钥对任何攻击者无条件隐藏；（ii）其安全性仅假设存在认证的经典信道——而此类信道在实践中可利用Minicrypt假设（如数字签名存在性）实现。然而，QKD协议通常需要多轮交互，而经典密钥交换可通过最少两轮消息实现。一个长期悬而未决的问题是：QKD是否比经典密钥交换需要更多交互轮次？本研究提出一种两轮消息的QKD协议，在仅假设存在量子安全单向函数的条件下满足永续安全性。即：只要协议执行期间计算假设成立，共享密钥便无条件隐藏。该成果源于我们引入的新型量子密码原语——量子公钥一次性密码本，这是经典一次性密码本的公钥类比物。