Security Teams · Free Tool
Seven questions across five scored dimensions produce a Qualification Index for your organisation's QKD network readiness. No account required. All processing happens in your browser. Results appear on this page when the assessment is complete.
Quantum Key Distribution (QKD) distributes symmetric cryptographic keys using quantum optical principles. The security guarantee QKD provides is information-theoretic: it does not depend on the computational difficulty of a mathematical problem, and it therefore remains valid regardless of future advances in classical or quantum computing. This guarantee is genuinely distinct from what post-quantum cryptography (PQC) provides, and it comes at a significant cost in infrastructure, scale, and capital expenditure.
That cost-benefit equation resolves in QKD's favour only for a narrow category of use case. The technology is designed for fixed-point high-value links where an adversary with nation-state capabilities is actively conducting Harvest Now, Decrypt Later (HNDL) collection against classified or near-classified data. For the overwhelming majority of enterprise applications, PQC migration to NIST FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), and FIPS 205 (SLH-DSA) is the correct and economically rational approach. The NCSC, BSI, and ANSSI all state this position explicitly.
This tool calculates a Qualification Index (QI) for a prospective QKD deployment. The five scored dimensions are threat model, data classification, network topology, existing infrastructure, and capital budget. Sector and cryptographic posture apply modifiers and disqualifying flags. The QI runs from 0 to 85. Four classification tiers map to QI ranges: Strong Prospect Fit (70+), Conditional Fit (50 to 69), Hybrid Recommended (30 to 49), and PQC Recommended (below 30).
The model is calibrated to return PQC Recommended for the majority of assessments. Strong Prospect Fit requires a genuine nation-state HNDL threat model, classified or near-classified data sensitivity, a point-to-point or simple star topology with available dark fibre, and committed budget at enterprise scale.
Quantum Security Defence does not collect, associate, or retain your name or your company name when you use these tools. All information is stored only for the duration of the browser session.
We collect only country, industry, and results data. This information is anonymised and cannot be associated with you or your company. Such anonymised data may be used for industry-level reporting, shared with members, incorporated into our research, and provided to government departments to support lobbying activity and the communication of industry readiness.
By using this tool, you consent to the provision of results data on a strictly anonymised basis. No personal name, email address, or company name is stored.
Country is recorded anonymously for industry-level reporting only.
Required to calculate your score, recorded anonymously.
Industry selection is required and recorded anonymously. It does not affect the qualification score directly.
Not recorded. Only used to create your PDF report in the browser session.
Not recorded. Only used to create your PDF report in the browser session.
Name and organisation are used only within your browser session. They are not stored or transmitted.
QKD has genuine operational use cases in a small number of sectors. This determines whether the organisation is in a category where QKD deployments are occurring, and tailors the result and objection responses accordingly. Sector context does not alter the scored dimensions directly; it activates the defence/classified floor and shapes the analysis the tool returns.
Nothing is transmitted from your browser.
QKD addresses a specific threat: a well-resourced adversary intercepting data in transit for retrospective decryption once a cryptographically relevant quantum computer (CRQC) becomes available. This is the Harvest Now, Decrypt Later (HNDL) threat model. Understanding the actual driver is essential before any technology recommendation. An interest driven by regulation, competitive positioning, or general awareness of quantum risk points toward PQC migration rather than QKD deployment.
Nothing is transmitted from your browser.
QKD is a point-to-point physical technology. A direct optical fibre path between two endpoints is the optimal configuration: one QKD transmitter, one receiver, no intermediate relay. Each additional hop requires a trusted node, which is a physically secured relay that terminates and re-initiates the quantum channel. Trusted nodes introduce a different threat model and significant operational complexity. Mesh networks, cloud-first architectures, and wide-area networks with many endpoints are not compatible with current QKD infrastructure. The practical deployment pattern is two specific high-value fixed sites.
Nothing is transmitted from your browser.
QKD requires a dedicated quantum channel, typically a dark fibre strand carrying no active traffic. Co-propagating classical signals on the same fibre introduce noise that degrades key generation rates; wavelength-division multiplexing (WDM) mitigates this at some performance cost, and ETSI GS QKD 009 specifies the wavelength allocation requirements for co-propagation deployments. Organisations without any fibre connection may consider satellite or terrestrial free-space optical alternatives, both of which carry significant additional constraints. Dark fibre availability is the primary practical constraint that prevents QKD deployment for most organisations that would otherwise qualify.
Nothing is transmitted from your browser.
A complete QKD system ranges from approximately £150,000 to £500,000 for a basic point-to-point link, rising substantially for multi-site deployments. Ongoing costs including dark fibre lease, maintenance, key management infrastructure, and hardware support contracts should be included in the assessment. Budget figures in the analysis are indicative: vendor pricing varies and project-specific infrastructure costs will depend on distance, topology, and whether dark fibre is procured or already owned.
Nothing is transmitted from your browser.
Key exchange is only one element of a cryptographic architecture. Links protected by QKD also require quantum-resistant authentication and PQC or symmetric encryption for data at rest. An organisation that has not assessed its cryptographic posture needs PQC migration planning before QKD procurement is meaningful. This question applies a modifier to the QI and, in the case of an organisation that believes QKD replaces PQC, triggers an educational clarification that must be addressed before the assessment result is valid.
Nothing is transmitted from your browser.
Expert Advisory
This tool produces a directional qualification index. For a full assessment of physical infrastructure constraints, vendor selection, site survey requirements, and integration with your existing cryptographic architecture, engage directly.
Discuss your situation