The HNDL threat crypto agility can’t address
HNDL attacks pose existential threats to long-lived sensitive data. Adversaries intercept and store encrypted communications today, then decrypt them when quantum computers or cryptanalytic breakthroughs emerge years later. This isn’t theoretical—intelligence agencies have long pursued bulk data collection with precisely this strategy.
PQC advocates invoke “crypto agility”—swapping cryptographic algorithms as needed—as the solution. But crypto agility offers no protection for already-harvested data. Algorithm upgrades cannot retroactively secure intercepted traffic. QKD disrupts HNDL by making interception detectable in real time to enable an immediate response rather than silent compromise. For organizations handling multidecade sensitive information—government communications, medical records, financial data—this orthogonal protection has tangible value that purely computational security cannot provide.
Three strategic paths: Global testbed evidence
The theoretical debate takes concrete form in divergent national strategies. At least 50 active or announced quantum networking testbeds span the whole globe (see Fig. 3). These deployments reflect three distinct roadmaps:
Current-generation QKD deployment. China has built more than 3,000 kilometers of operational QKD infrastructure, including the Beijing-Shanghai backbone and multiple metro networks. Europe’s EuroQCI initiative pursues similar deployment across 14 member states through OpenQKD. This strategy builds commercial momentum immediately and generates practical scaling experience. The tradeoff: Current-generation QKD requires trusted nodes at repeater points, which creates vulnerabilities critics highlight.
Next-generation MDI-QKD. Measurement-device-independent QKD eliminates trusted node vulnerabilities through sophisticated protocols. This path couples tightly with distributed quantum computing technology—itself a scaling priority. Japan’s Tokyo QKD Network and advanced European testbeds explore this direction. But current MDI-QKD capabilities remain limited in range and key generation rates.
Full entanglement distribution. Quantum repeaters enabling true end-to-end entanglement show promise for the most powerful applications—distributed quantum computing and quantum sensor networks. U.S. Department of Energy quantum internet initiatives and Europe’s Quantum Internet Alliance are focusing on this endgame. The challenge: It requires sustained sovereign funding through an extended development timeline before commercial viability.
The question isn’t which path is “correct”—it’s which combination balances near-term capability, risk mitigation, and long-term strategic positioning?