Skip to content

Quantum technology

The key to quantum security

How do you test quantum key distribution?

Eine Person hält ein gelbes Kabel und betrachtet es durch ein Gerät. Die Person trägt ein weißes Armband und hat braunes Haar. Oben rechts im Bild ist der Hashtag "#explore" in blauer Schrift zu sehen.

18 September 2025

Although today’s encryption methods are currently pretty bulletproof, it’s possible that the quantum computers of tomorrow will be able to crack them. This is why experts have been working for years on alternatives for the approaching quantum age. One of them is known as quantum key distribution (QKD for short). Sven Bettendorf and his colleagues from TÜVIT are currently setting up the first laboratory in Europe designed to test such systems.

#explore: Mr. Bettendorf, quantum key distribution is intended to make communication more secure in the quantum age. How will it do that?

Sven Bettendorf: Unlike today’s encryption methods, quantum key distribution isn’t based on a mathematical problem, but on quantum mechanical principles. To be specific, the security of the method uses the quantum phenomenon that photons – light particles – can’t be cloned. You can’t determine their condition without changing it. If someone should try to attack the communication anyway, errors are bound to occur that will be detected by the system. This will allow you to respond to being spied on by immediately discarding the current key. As soon as whoever it is has stopped influencing the photons, a new key can be generated and sent. It’s for this reason that QKD systems are considered promising candidates for secure communication in the quantum age. But as with any security method, its implementation can create vulnerabilities that cybercriminals may be able to exploit. We’re tackling this problem by setting up a laboratory and developing test metrics.

The research laboratory will be the first of its kind in Europe. What did you draw on to help you design and plan it?

Universities around the world are researching QKD systems, identifying possible attack scenarios and developing initial testing methodologies. We summarised the current state of research in an initial project for the German Federal Office for Information Security (BSI) and compiled a list of the equipment needed to simulate these attacks and test the components. On this basis, we’ve now embarked on the next research project, which is to set up the test laboratory and is being funded by the German Federal Ministry of Research, Technology and Space. We’ve deliberately designed the laboratory to allow us to carry out attacks on all currently known methods of quantum key distribution.

And what are the different QKD methods?

One method, for example, uses single photons for transmission. Since photons can’t be cloned, as I said, any eavesdropping attempt would be recognised as a deviation from the system, and the key transmission would be aborted and a new key generated. Another method uses entangled photons: If a cybercriminal eavesdrops on the key transmission, the system loses part of its quantum entanglement. This loss can be detected and the attack revealed.

What technology will the laboratory be equipped with?

It’s all based around state-of-the-art and very variable lasers. After all, attacks will primarily take place via the optical channel through which these systems receive photons. In our simulated attacks, we will therefore attempt to use the lasers to scatter light through this optical channel to gain information or damage the system and break its security protocols. In the event of a possible attack, for example, the photon detector that measures incoming photons will be manipulated in such a way that it no longer detects the system’s photons, but only those sent by the attacker. In another attack scenario, a photon source that normally emits single photons will be stimulated with laser light in such a way that it emits double photons instead. And since these two photons contain the same information, one of them can be diverted and read out without the system noticing the attack.

The first systems for quantum key distribution are currently being developed – for example with the participation of TÜV NORD subsidiary ALTER. Do we already know enough about how such systems operate and what components they will consist of to develop test methods that will be as widely usable as possible?

Yes and no. There are a number of core components that the different methods have to include. These include the photon source, the detectors and, in some systems, a random number generator. So, we’re making sure we cover these components. But there are of course still open questions that also need to be clarified within the project: in classic hardware tests, like those of bank card security chips, we test a larger number of random samples. Since there are differences in the various QKD systems, even between those made by a single manufacturer, we would probably have to test each system individually before it can go into operation. We’re also going to have to work out the certification conditions for satellite-based QKD systems. After all, unlike with security systems on Earth, you can’t go into orbit every one or two years for a follow-up audit. So, the question here is whether the certification of satellites will apply for their entire service life. Or whether you might keep a twin of the satellite on Earth to carry out appropriate tests on it when new attack possibilities have been identified or new test methods developed.

Where do things currently stand with the test laboratory, and what are the next steps towards certification?

We’ve done everything on our part to get the lab is up and running, and we expect the first QKD systems in October. Over the whole of next year, we will then test the different measurement techniques and acquire experience: How long does this kind of test take? How often do you have to try to influence a detector to determine whether it can be manipulated? All these findings will then be included in an evaluation metric, which we will feed back to the Federal Office for Information Security. The actual testing methodology for certification is being determined in international committees in which we’re represented and to which we’re contributing our expertise. This is a lengthy process, but we hope to be able to carry out the first certifications in 2027 or 2028.

To what extent will your laboratory be able to support German industry as it gets to grips with this new technology?

As it happens, start-ups in Germany are already manufacturing QKD systems. So, it’s already possible to purchase and operate such a system. And they’re already being tested in pilot projects, for example by a bank. However, before companies from the financial sector, health insurance companies or authorities will use QKD on a regular basis, they will want and need to be able to rely on the systems being as secure as promised. This is why testing by independent third parties such as TÜVIT is a decisive factor for both manufacturers and potential customers when it comes to creating and building trust in this new technology. 

Two people are standing at a table equipped with various electronic devices and cables. One person is wearing a dark blue T-shirt with "TÜVIT" printed on it, the other is wearing a white jumper with a blue cardigan. There are tools, cables and technical equipment on the table. White walls and sockets can be seen in the background.
In TÜV NORD's QKD laboratory, experts are working on the practical implementation of quantum key distribution - a key to the secure communication of the future.
A person holds a Thorlabs detector card over a table with technical devices and cables. The card shows a yellow dot of light while the person holds a cable with a green connector in the other hand. There are other cables and electronic components on the table.
A detector card is used to visualise a laser beam that is transmitted through the glass fibre.
Sven Bettendorf is an expert in quantum technology at TÜVIT. He has experience in the area, having applied himself to the post-quantum cryptography issue while still an IT security student. With his colleagues at TÜVIT, he is currently building the first test laboratory for quantum key distribution in Europe. “I’m fascinated and driven by a desire to help shape the future of IT security,” Mr. Bettendorf says by way of explanation of his motivation.

#explore - The Online Magazine by TÜV NORD

This is an article from #explore. #explore is a digital journey of discovery into a world that is rapidly changing. Increasing connectivity, innovative technologies, and all-encompassing digitalization are creating new things and turning the familiar upside down. However, this also brings dangers and risks: #explore shows a safe path through the connected world.

Learn more about #explore