Quantum Communication Engineer

[Code block moved to code-block-1.md]

§ 10 · Common Pitfalls & Anti-Patterns

Anti-Pattern 1: Using Asymptotic SKR Formula for Real Deployment Planning

Why it matters: Asymptotic secret key rate (N → infinity) can be 10-100x higher than finite-key rates achievable in practice. Deploying based on asymptotic calculations produces systems that fail to generate secure keys at the required rate.

❌ BAD:

# Asymptotic BB84 SKR — incorrect for real deployment sizing
SKR_asymptotic = detection_rate * (1 - h(QBER) - h(e_phase))
print(f"Planned key rate: {SKR_asymptotic:.0f} bps")
# Overestimates by 10-50x for realistic block sizes

✅ GOOD:

[Code block moved to code-block-2.md]

Anti-Pattern 2: Claiming QKD Security Without Authenticated Classical Channel

Why it matters: QKD without authenticated classical post-processing is completely insecure against man-in-the-middle attacks. The classical channel authentication is not optional — it is a fundamental security requirement.

❌ BAD:

# QKD post-processing over unauthenticated TCP socket
import socket
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((bob_ip, 8443))
sock.send(basis_announcement.encode())  # No authentication!
# Eve can intercept, modify basis announcements -> complete key compromise

✅ GOOD:

[Code block moved to code-block-1.md]

Anti-Pattern 3: Ignoring Detector Side-Channel Vulnerabilities

Why it matters: Detector blinding attacks (Lydersen et al., Nature Photonics 2010) allow an eavesdropper to control InGaAs APD detectors using bright continuous-wave light, enabling full key recovery while QBER remains at normal levels.

❌ BAD:

Claim: "Our BB84 system is information-theoretically secure because we use standard QKD protocol."
Reality: InGaAs APD detectors are vulnerable to bright-light blinding attacks.
         QBER remains <3% during the attack; security is completely compromised.

✅ GOOD:

Mitigation options (in order of security strength):
1. MDI-QKD: measurement-device-independent protocol eliminates all detector
   side channels by design — Eve cannot exploit what she doesn't control.
   Cost: requires relay node; SKR ~10x lower than BB84 at same distance.

2. SNSPD detectors: superconducting nanowire detectors are intrinsically
   resistant to blinding attacks (different physical mechanism from APDs).
   Cost: cryogenic cooling (0.8-1.5 K) required; higher system cost.

3. Detector monitoring: continuous optical power monitoring at detector input;
   alarm if CW power > 1 nW (100x above single-photon level).
   Limitation: does not protect against sophisticated gated attacks.

4. Randomized gate timing: randomize detector gate timing to prevent
   eavesdropper synchronization. Partial mitigation only.

For production deployment: use SNSPD or MDI-QKD. Do not deploy InGaAs APD
without MDI-QKD or comprehensive side-channel testing per ETSI GS QKD 011.

Anti-Pattern 4: Confusing QKD Key Rate with Encryption Throughput

Why it matters: QKD generates keys at kilobits-per-second rates; one-time pad encryption requires key material equal to the plaintext. Conflating key rate with encrypted data throughput leads to wildly incorrect system design.

❌ BAD:

"Our QKD system generates 5 kbps, so we can encrypt 5 kbps of traffic with
 perfect forward secrecy." — Correct.
"Our QKD system generates 5 kbps, so we can encrypt 1 Gbps of network traffic." — WRONG.

✅ GOOD:

QKD key rate:          5 kbps = 5,000 bits per second of secret key material

Use case A — One-time pad for low-rate secure channel:
  5 kbps key allows encrypting 5 kbps plaintext (voice, telemetry).
  This achieves information-theoretic security. Appropriate for high-security links.

Use case B — Key refresh for AES-256-GCM:
  5 kbps key allows refreshing 256-bit AES key every 256/5000 = 0.05 seconds.
  AES-256-GCM with 50 ms key refresh provides 1 Gbps encryption with
  computational security (not information-theoretic) but extremely high key freshness.
  Resistant to harvest-now-decrypt-later attacks if session keys are refreshed rapidly.

Correct claim: "QKD provides quantum-safe key material for AES-256 session key
refresh at 19 refreshes/second, protecting 1 Gbps of encrypted traffic against
both classical and quantum adversaries."

Anti-Pattern 5: Treating QBER as the Only Security Indicator

Why it matters: Some eavesdropping strategies (photon-number-splitting attack without decoy states, time-shift attacks) can extract key information while maintaining QBER below the threshold. QBER monitoring is necessary but not sufficient.

❌ BAD:

# Only monitoring QBER — incomplete security monitoring
if qber < 0.11:
    print("System secure — QBER within threshold")
    generate_key()

✅ GOOD:

[Code block moved to code-block-3.md]

§ 11 · Integration with Other Skills

§ 12 · Scope & Limitations

Use when:

• Designing QKD systems (point-to-point, metropolitan network, long-haul)
• Evaluating QKD vendor claims and protocol security
• Planning post-quantum cryptography migration with QKD hybrid strategy
• Assessing ETSI/ISO/ITU-T compliance requirements for quantum communication
• Diagnosing QBER anomalies, hardware faults, or potential eavesdropping events
• Designing quantum repeater chains or satellite QKD architectures

Do NOT use when:

• Designing physical qubit hardware or cryogenic superconducting circuits — use Quantum Physicist skill
• Implementing quantum algorithms for classical optimization — use Quantum Algorithm Engineer skill
• Quantum sensing and metrology applications — use Quantum Sensor Researcher skill
• Implementing post-quantum cryptography algorithms in software without QKD context — use standard cryptography engineering resources

Limitations:

• This skill provides design guidance and feasibility analysis; final security proofs for novel protocols require formal cryptographic review by specialized security researchers
• Hardware performance specifications change rapidly; always verify against current vendor datasheets and published experimental results
• Regulatory requirements for QKD deployment vary by country; consult local telecommunications regulatory authority and national cryptography standards body

§ 14 · Quality Verification

→ See references/standards.md §7.10 for full checklist

§ 16 · Domain Deep Dive

Specialized Knowledge Areas

Knowledge Maturity Model

§ 17 · Risk Management Deep Dive

🔴 Critical Risk Register

🟠 Risk Response Strategies

🟡 Early Warning Indicators

• Stakeholder engagement dropping
• Requirement changes increasing
• Team velocity declining
• Defect rates rising

§ 18 · Excellence Framework

World-Class Execution Standards

Excellence Cycle

ASSESS → PLAN → EXECUTE → REVIEW → IMPROVE
   ↑                              ↓
   └────────── MEASURE ←──────────┘

§ 19 · Best Practices Library

Industry Best Practices

§ 21 · Resources & References

Quality Checklist

• Requirements met
• Standards compliant
• Reviewed by peers

Performance Metrics

Additional Resources

• Industry standards
• Best practice guides
• Training materials

References

Detailed content:

• ## § 2 · What This Skill Does
• ## § 3 · Risk Disclaimer
• ## § 4 · Core Philosophy
• ## § 6 · Professional Toolkit
• ## § 7 · Standards & Reference
• ## § 8 · Standard Workflow
• ## § 9 · Scenario Examples
• ## § 20 · Case Studies

Examples

Example 1: Standard Scenario

Input: Design and implement a quantum communication engineer solution for a production system Output: Requirements Analysis → Architecture Design → Implementation → Testing → Deployment → Monitoring

Key considerations for quantum-communication-engineer:

• Scalability requirements
• Performance benchmarks
• Error handling and recovery
• Security considerations

Example 2: Edge Case

Input: Optimize existing quantum communication engineer implementation to improve performance by 40% Output: Current State Analysis:

• Profiling results identifying bottlenecks
• Baseline metrics documented

Optimization Plan:

1. Algorithm improvement
2. Caching strategy
3. Parallelization

Expected improvement: 40-60% performance gain

Workflow

Phase 1: Requirements

• Gather functional and non-functional requirements
• Clarify acceptance criteria
• Document technical constraints

Done: Requirements doc approved, team alignment achieved Fail: Ambiguous requirements, scope creep, missing constraints

Phase 2: Design

• Create system architecture and design docs
• Review with stakeholders
• Finalize technical approach

Done: Design approved, technical decisions documented Fail: Design flaws, stakeholder objections, technical blockers

Phase 3: Implementation

• Write code following standards
• Perform code review
• Write unit tests

Done: Code complete, reviewed, tests passing Fail: Code review failures, test failures, standard violations

Phase 4: Testing & Deploy

• Execute integration and system testing
• Deploy to staging environment
• Deploy to production with monitoring

Done: All tests passing, successful deployment, monitoring active Fail: Test failures, deployment issues, production incidents

Error Handling

Common Failure Modes

Recovery Strategies

• Retry with Budget overrun for transient failures
• Fallback to default values when primary approach fails
• Vendor non-performance: 3 failures → 60s cooldown
• Compliance violation for non-critical issues
• Timeout handling: 30s default, 300s max