Is manually provisioned Pre-shared key for symmetric encryption quantum-safe? What benefits would QKD solution have over using manual configured PSK?

Question

RFC 8784 introduces a straightforward mechanism to use a pre-shared key to make modified IKEv2 key agreement resistant to a quantum computer Shor algorithm attack- thus providing a "quantum-safe" information channel. One use of this information channel could be to share keys.

QKD authentication requires a PSK in order to be quantum safe. And then can provide a quantum safe channel to share keys.

Both RFC 8784 and a QKD solution depend on a pre-shared key that has not been compromised. What tangible benefits of using QKD solution versus using RFC 8784 if the objective is key sharing over the channel?

Answer 1

The French cybersecurity organization, ANSSI, has seemed to address this comparison of purely symmetric-cryptography-based solution compared to QKD solutions. Should quantum key distribution be used for secure communications?

A second, less-known fact is that a purely symmetric-cryptography-based solution compares favorably with practical $QKD$, that is, $QKD$ paired with symmetric cryptography: it is much easier to deploy than $QKD$ because it only requires standard network infrastructure; and offers comparable security, because it uses the same computational cryptography primitives.

Secure communications based only on symmetric cryptography may by appealing when users sets are fixed or can be managed centrally, and when one sees a value in avoiding the use of asymmetric cryptography altogether, for instance as an extra measure of caution against unknown cryptanalysis algorithms, quantum or otherwise. Publication [4] provides an example of a protocol that could be used in such a case.