For most security leaders, the "quantum readiness" conversation still reads like a fork in the road: post-quantum cryptography (PQC) or quantum key distribution (QKD). In the white paper "Entangled Migrations: PQC, QKD, and US–PRC Risk Postures for Critical Infrastructure," Dr. David Mussington argues that framing is analytically incomplete, and increasingly operationally risky.The paper is a successor to ICIT's February 2026 Quantum-Resilient Convergence work, which treated PQC migration and modernization of AI/Low Earth Orbit (LEO) infrastructure as a single coupled program with a closing window in the early 2030s."Entangled Migrations" extends that convergence logic into a second dimension: QKD is emerging as a real infrastructure investment on the same 2026–2035 horizon, and the United States and the People's Republic of China (PRC) are making structurally different risk choices across both PQC and QKD for their most consequential critical-infrastructure links.Read the full Entangled Migrations white paper/report here.In other words, the divergence is not best understood as who has "more kilometers of fiber." It is better understood as a difference in posture: defense-in-depth hedging versus concentration on a single assumption.To note in both the PRC and European cases, QKD deployment appears tied to categories of especially sensitive communications, which creates a "tagging" paradox: The very act of hardening those links can also help identify them as exceptionally high-value targets.Read the full Entangled Migrations white paper/report here.
The core strategic question for quantum-era risk posture
The United States routinely applies defense-in-depth in nuclear deterrence, missile defense, and cyber architecture, but quantum-era cryptographic resilience is a conspicuous exception.Current U.S. posture largely concentrates critical-infrastructure protection on one class of mathematical assumption (PQC), executed on a migration timeline already under strain. China has made a different bet: It is building continental-scale QKD infrastructure while also pursuing a domestic PQC stack, effectively "buying" layered resilience against the possibility that either approach alone proves insufficient.This is not an argument that the U.S. should replicate PRC-scale QKD deployment. It's a sharper question: Is it an acceptable risk posture to concentrate all quantum-era cryptographic resilience on PQC, without any physics-based fallback, for a small number of Tier-1 critical-infrastructure links?The paper defines Tier-1 links as the communications paths in which (a) confidentiality horizons are permanent or multi-decadal, (b) compromise can enable physical consequences or systemic financial disruption, and (c) failure is not recoverable through patching after the fact, specifically including nuclear-command segments, financial-settlement backbones, and bulk power-control networks.The thesis is that the answer might be "yes," - but the question must be asked with the rigor the U.S. applies everywhere else it relies on layered defense.Why PQC and QKD must be evaluated as a coupled system
A core contribution of the paper is to show why PQC and QKD should not be evaluated as independent "alternatives." They are structurally coupled, and a risk framework that evaluates one without the other will systematically misestimate quantum-era exposure.The paper highlights five coupling mechanisms (summarized here at a high level):- Authentication dependency (QKD depends on PQC): QKD can generate highly secure key material over a quantum channel, but deployed QKD systems also rely on a classical channel for endpoint authentication and protocol operations. If that classical authentication layer isn't quantum-resistant, a future cryptographically relevant quantum computer might enable endpoint impersonation (a person-in-the-middle attack) that could defeat the supposed quantum security. The practical implication: QKD cannot "outrun" PQC migration, and deploying QKD without PQC-hardened authentication can create dangerous false confidence.
- Partial-deployment downgrade (both layers can fall back): The transition to PQC creates "dual stack" conditions where systems may silently fall back to classical cryptography under heavy load or misconfiguration. QKD has an analogous problem: when a quantum link degrades (through loss, saturation, or interference), systems can fall back to classical key establishment. The paper's point is that dual migration creates downgrade opportunities at two layers, expanding the exploitable surface during the very period operators will treat these behaviors as transitional "noise."
- Hardware maturity gaps on overlapping timelines: PQC has a well-known "valley of death" period (mid-2020s) during which standards will stabilize more quickly than deployed hardware refresh cycles. QKD has its own maturity constraints: Fiber QKD distance limits drive reliance on trusted nodes, while quantum repeaters remain pre-commercial. In short, neither approach is a "drop-in" fix for every Tier-1 link within the same planning horizon.
- Concentrated-node vulnerability: QKD backbones that rely on trusted nodes create innumerable chokepoints — classical systems at fixed locations that store or process key material. Compromise of a single node can have outsized impact on all traffic transiting that node. These nodes become high-value targets in the same way centralized key infrastructure and lawful-access mediation points can be.
- Interaction effects during simultaneous migration (complexity is the vulnerability): The paper emphasizes that these mechanisms compound during the transition. The "maximum compound exposure" period is the same period in which states and critical-infrastructure operators will lock in infrastructure decisions for the early 2030s.
Divergent national approaches to quantum cryptographic resilience
Where the paper becomes especially relevant for U.S. critical infrastructure is its empirical comparison of deployments and policy posture.- PRC: The China Quantum Communication Network (CN-QCN) is described as operational infrastructure, not a lab project, spanning 10,000+ km of backbone with 145 nodes, linking multiple metropolitan networks across provinces and cities, and integrated into use cases including banking and grid control. China is also pursuing a domestic PQC stack on a comparable timeline. The takeaway is not simply "scale," but risk allocation: The PRC is explicitly paying for both a mathematical and physics-based layer on Tier-1 links.
- EU: The paper highlights Europe's sovereignty-infrastructure trajectory (EuroQCI, IRIS²) and its explicit posture of deploying PQC and QKD as complementary layers for high-value institutions and sectors.
- U.S.: The US picture is structurally different: no national QKD deployment program, federal skepticism toward QKD for national security systems, and a mix of research testbeds plus sector-led experimentation (including notable financial-sector pilots). This matters because QKD is still likely to enter U.S, critical-infrastructure environments through commercial and allied pathways, even without being embraced as a federal "program of record."
Implications for Tier-1 critical-infrastructure decision-makers
The paper's practical value is that it reframes the next steps for critical-infrastructure risk owners:- Stop treating QKD as a futurist side quest. Even if your organization never deploys it, QKD is increasingly part of the global critical-infrastructure ecosystem and may appear in supply chains, alliances, and sector peers.
- Evaluate Tier-1 links explicitly, not generically. The central question is not "Should we do QKD?" It's: Which links are so high-consequence and long-horizon that a single-assumption PQC posture deserves defense-in-depth scrutiny?
- If the answer is "PQC-only is acceptable," make it a deliberate decision. That means hardening against known transition failure modes: downgrade conditions, telemetry gaps, hardware bottlenecks, and governance realities.
- If the answer is "some links require layered hedging," be precise about what that means. The paper stresses that QKD's value as a hedge is real but conditional, especially because QKD's classical authentication layer still depends on quantum-resistant cryptography and disciplined operations.
