In principle quantum communication has no side channels because side channels act like measurements, and measurements make it not a functioning quantum channel in the first place. So you need to have already solved side channel issues for basic function.

That said, wherever you convert the quantum data into classical data there will be potential side channels. For example, there have been attacks based on using a laser down the communication line to track the orientation of the measurement device at the receiver.

In general, the more you can do while the data stays quantum the better. For example, if you transduce the photon into a qubit inside a quantum computer, then the measurement can be hidden away inside the computer, instead of exposed to the communication line. And the measurement basis can be chosen after transmission arrival, instead of before.

The larger issue for most quantum key exchange setups is the transition from classical to quantum: you want not to accidentally generate two unentangled photons in the same secret polarization.

Isn't the entire security of Quantum Communication predicated on its complete lack of side-channels due to the fact that measuring quantum systems collapses their wave function?

Yes, in theory. In practice, photon generators won't behave perfectly. There are lots of possible attacks, like photon splitting [1].

[1] https://onlinelibrary.wiley.com/doi/full/10.1002/qute.202300...

Once you put error correction, doenn't you lose all the nice properties of the non cloning theorem? If the protocol tolerates 30% of errors, doesn't it tolerate 30% of MITM? (60%??)

You don't need error correction for some crypto primitives. There are QKD networks deployed that don't have that kind of error correction, as far as I know.

How can QKD repeaters store and forward or just forward without collapsing phase state?

How does photonic phase state collapse due to fiber mitm compare to a heartbeat on a classical fiber?

There is quantum counterfactual communication without entanglement FWIU? And there's a difference between QND "Quantum Non-Demolition" and "Interaction-free measurement"

From https://news.ycombinator.com/item?id=41480957#41533965 :

>> IIRC I read on Wikipedia one day that Bell's actually says there's like a 60% error rate?(!)

> That was probably the "Bell test" article, which - IIUC - does indeed indicate that if you can read 62% of the photons you are likely to find a loophole-free violation

> [ "Violation of Bell inequality by photon scattering on a two-level emitter", ]

Bell test > Detection loophole: https://en.wikipedia.org/wiki/Bell_test#Detection_loophole :

> when using a maximally entangled state and the CHSH inequality an efficiency of η>2sqrt(2)−2≈0.83 is required for a loophole-free violation.[51] Later Philippe H. Eberhard showed that when using a partially entangled state a loophole-free violation is possible for

η>2/3≈0.67,[52] which is the optimal bound for the CHSH inequality. [53] Other Bell inequalities allow for even lower bounds. For example, there exists a four-setting inequality which is violated for η>(5−1)/2≈0.62 [54]

Isn't modern error detection and classical PQ sufficient to work with those odds?

> Historically, only experiments with non-optical systems have been able to reach high enough efficiencies to close this loophole, such as trapped ions, [55] superconducting qubits, [56] and nitrogen-vacancy centers. [57] These experiments were not able to close the locality loophole, which is easy to do with photons. More recently, however, optical setups have managed to reach sufficiently high detection efficiencies by using superconducting photodetectors, [30][31] and hybrid setups have managed to combine the high detection efficiency typical of matter systems with the ease of distributing entanglement at a distance typical of photonic systems. [10]

No-cloning theorem applies to logical qubits too! That "30% of errors" doesn't allow you to read out the logical state. Information is physical.

Security is never about absolutes. It’s about relative costs vs the attacker. It seems like this system adds a strong enough layer of security over the transport that the attacker would switch to going after the endpoints instead.

With quantum tokens, law enforcement have to crack your physical devices, so they at least have to good-old-fashion bug your devices. With classical schemes, they can intercept on the way.

I wouldn't say that current side-channels, most certainly enabled by hardware, not software, are easier to audit.

I don't think that's true. If you're paranoid you can build a very simple and easy to audit device that lets packets through exactly every x microseconds, with a short buffer to prevent timing via dropouts.

Works fine for digital, doesn't work for quantum stuff.

“lawful intercept” can be mandated to be built into anything

Yes, but it's much easier to see it in hardware than in software.

Hybrids?