Quantum Encryption / Quantum Cryptography

This article is part of the Quantum Snake Oil Dictionary — a series examining terms used in quantum technology marketing. The series is divided into Red Flag Terms (terms with no established technical meaning that almost always signal hype or fraud) and Misused Terms (legitimate concepts routinely stripped of context in marketing). This entry is a Misused Term.

“Quantum Encryption” and “Quantum Cryptography”

What these terms actually mean. In the academic literature, “quantum cryptography” refers to cryptographic techniques that use quantum mechanical properties (superposition, entanglement, the no-cloning theorem) to achieve security goals. The primary example is quantum key distribution (QKD), which uses quantum states of photons to distribute cryptographic keys with security guaranteed by the laws of physics.

“Quantum encryption” is less precisely defined even in academic usage, but when used by physicists it generally refers to the same family of protocols: encryption systems that rely on quantum states for their security properties.

What these terms have become in marketing. Three fundamentally different things are sold under the “quantum encryption” and “quantum cryptography” labels, and the conflation between them is one of the most persistent sources of confusion in the quantum security market.

The Three-Way Conflation

Category 1: Physics-based quantum cryptography (QKD). This is the legitimate use of the term. QKD systems use quantum states (typically single photons or entangled photon pairs) to distribute keys. The security guarantee comes from quantum mechanics: measuring a quantum state disturbs it, which means eavesdropping is detectable. Real QKD requires specialized hardware (photon sources, single-photon detectors, quantum channels) and operates under specific constraints (distance limitations, line-of-sight or dedicated fiber, relatively low key rates). Companies like ID Quantique, Toshiba, and Quantinuum build real QKD systems.

Category 2: Post-quantum cryptography (PQC). This is classical mathematics designed to resist attack by quantum computers. ML-KEM, ML-DSA, and SLH-DSA are post-quantum algorithms. They run on existing classical hardware with no quantum components whatsoever. Their security comes from mathematical problems (lattice problems, hash functions) believed to be hard for both classical and quantum computers. PQC is “quantum” only in the sense that it is designed to resist quantum attack. It does not use quantum physics in its operation.

Category 3: Classical products with quantum branding. These are conventional security products (VPNs, firewalls, messaging apps, encryption software) marketed with “quantum” in the name or description. They may implement PQC (which would be legitimate and useful), or they may implement nothing quantum-related at all and simply use the word for marketing purposes.

Why the Conflation Matters

These three categories have fundamentally different security models, deployment requirements, and threat profiles. A buyer who conflates them may:

Purchase a “quantum encryption” product expecting QKD-level physics-based security and receive a classical VPN with AES-256 (useful, but not what the buyer expected).

Believe that deploying QKD eliminates the need for PQC migration, when in fact QKD addresses key distribution and PQC addresses algorithmic resistance across the entire cryptographic stack.

Dismiss PQC as insufficient because it is “only” classical mathematics, not “real” quantum security, when in fact PQC is the solution that NIST, NSA, and every major standards body recommends for the vast majority of use cases.

Accept a classical product with “quantum” branding as equivalent to either of the two legitimate categories.

IETF RFC 9794 (June 2025) was published specifically to address terminological confusion in this space. The NCSC authored it in partnership with the Naval Postgraduate School to provide consistent vocabulary for post-quantum and traditional hybrid schemes. The fact that an RFC was necessary tells you how bad the problem had become.

The One Question That Disambiguates

When a vendor says “quantum encryption” or “quantum cryptography,” ask:

“Does your product use quantum hardware (photon sources, quantum channels, single-photon detectors), or does it run entirely on classical hardware?”

If quantum hardware: you are likely looking at a QKD or QRNG product. Evaluate it on QKD terms (key rate, distance, side-channel countermeasures, authentication mechanism).

If classical hardware implementing NIST PQC algorithms: you are looking at a post-quantum product. Evaluate it on PQC terms (which algorithm, which parameter set, FIPS validation status).

If classical hardware with no NIST PQC algorithms: you are looking at a classical product with quantum branding. Evaluate it as you would any conventional security product, and disregard the “quantum” in the name.

The Bottom Line

“Quantum encryption” and “quantum cryptography” have legitimate meanings in physics. In the commercial market, they have been stretched to cover three categories that share nothing except the word “quantum.” Asking whether the product uses quantum hardware or classical hardware will disambiguate most claims in under a minute. For the precise terminology that standards bodies have agreed on, see Quantum Security: Understanding the Terminology and Context and Quantum-Safe vs Quantum-Secure.