Quantum key distribution (QKD) is a task that enables two parties, Alice and Bob, to establish a classical secret key by using quantum systems. A classical secret key is a random string of bits known to only Alice and Bob, and completely unknown to any third party, namely an eavesdropper. Such a secret key can for example be used to encrypt a classical message sent over a public channel.

• QKD can replace Diffie-Hellman key agreement protocols. For example in TLS, SSL, IPsec, etc.
• If secure key rate is sufficiently high, one can use QKD to generate a secure key that will be used for information theoretically secure authenticated encryption scheme, e.g. using one-time pad together with an authentication scheme like those presented in [1].
• Cross-platform finance. acheck
• Toward regulation for security and privacy. acheck

A quantum key distribution protocol is secure if it is correct and secret. Correctness is the statement that Alice and Bob share the same string of bits, namely the secret key, at the end of the protocol. Secrecy is the statement that the eavesdropper is (nearly) ignorant about the final key.

• Correctness: A QKD protocol is $\epsilon _{\rm{corr}}$-correct if the probability that the final key of Alice differs from the final key of Bob, is smaller than $\epsilon _{\rm {corr}}$.
• Secrecy: A QKD protocol is $\epsilon _{\rm {sec}}$-secret if for every input state it holds that
  $$ {\frac {1}{2}}{\|{\rho _{K_{A}E}}-{\tau _{K_{A}}\otimes \rho _{E}}\|}_{1}\leq \epsilon _{\rm {sec}},$$ where $\tau _{K_{A}}={\frac {1}{|K_{A}|}}\sum _{k}|{k}\rangle \langle {k}|_{A}$ is the maximally mixed state in the space of strings $K_{A}$, and  ${\|\cdot \|}_{1}$ is the trace norm.
• A protocol implements a $(n,\epsilon _{\rm {corr}},\epsilon _{\rm {sec}},\ell )$-QKD if with $n$ rounds it generates an $\epsilon _{\rm {corr}}$-correct and $\epsilon _{\rm {sec}}$-secret key of size $\ell$ bits.

The security definition presented here, are proven to be sufficient to guarantee universal composability for standard QKD in [2] . For device-independent quantum key distribution, attacks presented in [3] show that security can be compromised if the same devices are used to implement another instance of the protocol.

1. Gemmell, Pete, and Moni Naor. “Codes for interactive authentication.” In Annual International Cryptology Conference, pp. 355-367. Berlin, Heidelberg: Springer Berlin Heidelberg, 1993.
2. Portmann, Christopher, and Renato Renner. “Cryptographic security of quantum key distribution.” arXiv preprint arXiv:1409.3525 (2014).
3. Barrett, Jonathan, Roger Colbeck, and Adrian Kent. “Memory attacks on device-independent quantum cryptography.” Physical review letters 110, no. 1 (2013): 010503.