Does this have anything resembling details? The press release is here:

https://www.nec.com/en/press/202411/global_20241118_01.html

And it has goodies like:

> Token: A digital certificate indicating certain rights and values, such as digital assets, user information, and access rights.

That is not much detail.

> Quantum key distribution (QKD) systems use quantum mechanics to share random secret keys between two communicating parties in order to guarantee secure communication, and then encrypt and decrypt information based on those keys. (Patented (as of November 18, 2024))

This sounds like rather old technology. What exactly is novel here?

In any case, the article’s drawing makes it look like the customer’s “token” is some classical information. This cannot work.

I am worried about the future of quantum tokens...

Whilst theoretically they are secure, I worry about potential huge side-channels allowing leaking of the key...

All it takes is a few extra photons emitted at some harmonic frequency for the key to be leaked...

I would much prefer dumb hardware and clever digital software, because at least software is much easier to secure against side channels, and much easier to audit.

In principle quantum communication has no side channels because side channels act like measurements, and measurements make it not a functioning quantum channel in the first place. So you need to have already solved side channel issues for basic function.

That said, wherever you convert the quantum data into classical data there will be potential side channels. For example, there have been attacks based on using a laser down the communication line to track the orientation of the measurement device at the receiver.

In general, the more you can do while the data stays quantum the better. For example, if you transduce the photon into a qubit inside a quantum computer, then the measurement can be hidden away inside the computer, instead of exposed to the communication line. And the measurement basis can be chosen after transmission arrival, instead of before.

The larger issue for most quantum key exchange setups is the transition from classical to quantum: you want not to accidentally generate two unentangled photons in the same secret polarization.

Isn't the entire security of Quantum Communication predicated on its complete lack of side-channels due to the fact that measuring quantum systems collapses their wave function?

Yes, in theory. In practice, photon generators won't behave perfectly. There are lots of possible attacks, like photon splitting [1].

[1] https://onlinelibrary.wiley.com/doi/full/10.1002/qute.202300...

Once you put error correction, doenn't you lose all the nice properties of the non cloning theorem? If the protocol tolerates 30% of errors, doesn't it tolerate 30% of MITM? (60%??)

You don't need error correction for some crypto primitives. There are QKD networks deployed that don't have that kind of error correction, as far as I know.

Security is never about absolutes. It’s about relative costs vs the attacker. It seems like this system adds a strong enough layer of security over the transport that the attacker would switch to going after the endpoints instead.

With quantum tokens, law enforcement have to crack your physical devices, so they at least have to good-old-fashion bug your devices. With classical schemes, they can intercept on the way.

I wouldn't say that current side-channels, most certainly enabled by hardware, not software, are easier to audit.

I don't think that's true. If you're paranoid you can build a very simple and easy to audit device that lets packets through exactly every x microseconds, with a short buffer to prevent timing via dropouts.

Works fine for digital, doesn't work for quantum stuff.

“lawful intercept” can be mandated to be built into anything

Hybrids?