I don't believe Quantum Computing will ever threaten Bitcoin

[Voland.V]

In my opinion, post quantum cryptography should not be confused with cryptography based on the mutual relation of quantum states of photons.
Post-quantum cryptography uses mathematical coding methods.
Physical laws of the quantum world are used in quantum cryptography.

Post quantum systems, most of them, were developed 10-20 years ago. Some of them are new, developed recently. But they're all based on mathematics.

They should not be confused with related quantum states, it's a completely different approach to the problem.

I agree, and I'm well aware of the distinction. Post-quantum cryptography and quantum cryptography are completely different things. It's unfortunate that they have such similar names!

We are not interested in quantum cryptography, it is not our level, it is not intended for ordinary users.
And it's not even planned for us.

It's post quantum mathematical cryptography that we are planning.

Not sure I agree with this point. I would contend, as I have previously, that work in quantum cryptography is progressing at pace and whilst there are technical issues to overcome, it does potentially offer a fundamentally unhackable solution to quantum attacks, and one which can be used in the mainstream. Having said that, of course post-quantum cryptography is hugely important as well, and work is progressing there, too. There's no need to focus on just the one approach, though, and dismiss the other.

You are very mistaken about the length of the key if you think that a quantum computer can solve the problem of a complete search for a key only 256 bits long. No quantum computer can do that. That's why the AES-256 remains a post quantum system.

I think we agree, but are coming at this from different angles. An increase in key length is trivial to overcome if we're talking about asymmetric cryptography, where a quantum computer can apply Shor's algorithm. But as you state below, AES-256 is symmetric.

AES-256 with only 256 bits of key is definitely left (it's a symmetric system), but all our asymmetric systems (including RSA and ECC) are not.

AES-256 security may be fine currently, it may be resistant to the best current attack (Grover search), but that's my point. Quantum cryptography uses the laws of quantum mechanics to make a system absolutely unhackable for all time, whereas post-quantum cryptography makes a system secure against current attacks, with no guarantee of security against future technology or future algorithms.

If AES-256 can beat Grover, what about other approaches? Quantum Square Attacks? Biclique Attacks? How about all mathematical attacks that haven't yet been devised?

I'm being flippant, and I do agree that there is certainly a chance that a post-quantum cryptography solution will remain forever secure, but we can't know for certain. My point is merely that we should investigate both quantum cryptography and post-quantum cryptography. It seems wasteful to focus solely on one approach.

I value the discussion immensely, by the way - thank you

---------------------
Dear opponent!
This is the first qualitative version of the discussion with my participation.  I am very pleased that there are interesting interlocutors on this business cryptographic platform.

When I wrote my posts on this topic, I thought that superficial knowledge was more successful than deeper knowledge.

But after reading your post, I realized that I was wrong.

But you know, I read a lot of opinions on "what cryptography we will need".

Of course, quantum cryptography is a technical, scientific, technological step forward. Although, in fact, nothing new is observed from the knowledge that we had 40 years ago.

Let me tell you something else.  Quantum cryptography, not only in my opinion, is it a big, powerful mechanism that needs to lift a big load. Simple, not tricky, the engineer's reasoning is this:
- if the load is 10 times heavier, then you need a crane 10 times more powerful. Scrap against scrap. It works. It's convincing. But it's not exactly an engineering approach, I think. It's force versus force.

I'm a supporter of beautiful engineering, I'm a supporter of ingenuity and cunning, intelligence and innovation - and against brute force.

For this reason, I don't like the solution of the problem with quantum cryptography, but I'd really like the solution with post quantum mathematical, logical, unusual solutions.

No matter how actively quantum encryption methods are developed, if a solution is found in the direction of post quantum (mathematical) cryptography, this solution will be cheaper, simpler, more elegant, more attractive, and will have a much greater commercial success than physical quantum cryptography.

Especially since quantum methods (actually old photonic systems, but words are always ahead of the curve, it's the golden law of advertising) plan to be used as a transport protocol, not as encryption itself.
Or as an encryption key exchange system for reliable mathematical symmetric encryption systems.
As a replacement for cryptography with a pair of open and private keys.
No more than that.
Especially since quantum cryptography is ABSOLUTELY not protected from information theft. It simply informs the recipient how much information is lost, but does not protect against theft!!!

Unlike some post quantum (mathematical) encryption systems.

Weighing all of the above, I am in favor of a future dominated by post quantum cryptographic systems, not quantum cryptography.
 
Otherwise, it is the surrender of progressive human thought to brute physical force.

And if you look even deeper, I am a supporter of new geometric principles of encryption, without a key, and principles of new authentication without a password.
It's my theme:
https://bitcointalk.org/index.php?topic=5204368.0.
и
https://bitcointalk.org/index.php?topic=5209297.0   

[1715279859]

1715279859

[1715279859]

1715279859

[1715279859]

1715279859

[1715279859]

1715279859

[1715279859]

1715279859

[1715279859]

1715279859

[Cnut237]

23 December: The first demonstration of chip-to-chip quantum teleportation has been achieved.

A team at Bristol University have been able to use quantum entanglement to transmit information (4 qubits) between two silicon computer chips, and they have achieved fidelity of 91%, which is very encouraging. Even more encouraging, the functionality that was demonstrated included entanglement swapping and four-photon Greenberger-Horne-Zeilinger entanglement, which are important requirements for the establishment of future quantum networks.

This is the instant, fundamentally unhackable data transfer that I've mentioned in previous posts (see here for a very simple overview of how entanglement works). There is no reliance on the esoteric cryptographic protocols of PQC that may or may not be broken in future, but rather a simpler dependency on the basic laws of quantum mechanics.

Admittedly the experiment was done with expensive specialised equipment, but it is early days, and there is no reason in theory why in future quantum cryptography using entanglement can't become a secure communications standard used by everyday users on cheap, mass-produced hardware.

[Voland.V]

23 December: The first demonstration of chip-to-chip quantum teleportation has been achieved.

A team at Bristol University have been able to use quantum entanglement to transmit information (4 qubits) between two silicon computer chips, and they have achieved fidelity of 91%, which is very encouraging. Even more encouraging, the functionality that was demonstrated included entanglement swapping and four-photon Greenberger-Horne-Zeilinger entanglement, which are important requirements for the establishment of future quantum networks.

This is the instant, fundamentally unhackable data transfer that I've mentioned in previous posts (see here for a very simple overview of how entanglement works). There is no reliance on the esoteric cryptographic protocols of PQC that may or may not be broken in future, but rather a simpler dependency on the basic laws of quantum mechanics.

Admittedly the experiment was done with expensive specialised equipment, but it is early days, and there is no reason in theory why in future quantum cryptography using entanglement can't become a secure communications standard used by everyday users on cheap, mass-produced hardware.

----------------------
Transmission from one chip to another is quantum entanglement, it's always the transmission of photons.
They transfer photons between chips.
At a very, very short distance, it seems to be within a centimeter. It's a normal waveguide. That's it.
 
It's a path to the photonic Internet, not quantum networks. No one's dealing with quanta networks. It's a mix-up.
They're dealing with quantum states of photons. It's technology of the future, but not ours.
Hardly anyone would make you give up your favorite smartphone with a wi-fi or 3.4.5.6G internet and sit behind a stationary device.

Without post quantum mathematical (not quantum) cryptography, which encrypts on an ordinary smartphone, computer (not a quantum computer), no one will do. No ordinary user, no VIP.

It's just science. It won't make the world safe, even if it works tomorrow.
We're being given another illusion.
These successful experiments are needed for secure communication between government and large corporations.

What do you and I need it for?
A network based on ordinary light rays, photons of light?

It's a mistaken and commercial distortion of reality to call it "quantum networks". It sounds beautiful, but it's not true, it's expensive and stupid.

[tromp]

> I know how to calculate the genesis private key

Sign the message "i no money" with said key as proof of knowledge, or take your scam elsewhere.

[Cnut237]

It's a path to the photonic Internet, not quantum networks. No one's dealing with quanta networks. It's a mix-up.
They're dealing with quantum states of photons. It's technology of the future, but not ours.
Hardly anyone would make you give up your favorite smartphone with a wi-fi or 3.4.5.6G internet and sit behind a stationary device.

What do you and I need it for?
A network based on ordinary light rays, photons of light?

It's a mistaken and commercial distortion of reality to call it "quantum networks". It sounds beautiful, but it's not true, it's expensive and stupid.

A quantum internet (with its unhackable absolute security) isn't a complete replacement for the internet we have now, in the same way that quantum computers aren't a replacement for classical computers.

The team at Delft whom I've referenced before have devised a six-stage roadmap (below). A quantum internet can be built incrementally on top of what we already have, with different levels of functionality at each stage.

SIX STEPS TO A QUANTUM INTERNET

0 Trusted-node network: Users can receive quantum-generated codes but cannot send or receive quantum states. Any two end users can share an encryption key (but the service provider will know it, too).

1 Prepare and measure: End users receive and measure quantum states (but the quantum phenomenon of entanglement is not necessarily involved). Two end users can share a private key only they know. Also, users can have their password verified without revealing it.

2 Entanglement distribution networks: Any two end users can obtain entangled states (but not to store them). These provide the strongest quantum encryption possible.

3 Quantum memory networks: Any two end users to obtain and store entangled qubits (the quantum unit of information), and can teleport quantum information to each other. The networks enable cloud quantum computing.

4 & 5 Quantum computing networks: The devices on the network are full-fledged quantum computers (able to do error correction on data transfers). These stages would enable various degrees of distributed quantum computing and quantum sensors, with applications to science experiments.

So stage 0 is kind of a pre-cursor to a quantum internet, where the only quantum activity is undertaken by the ISP. The quantum cryptographic key is created, but the ISP is like a trusted node. This stage is already live in parts of China.

In stage 1 the quantum key is generated by the sender, so it is truly encrypted, with no middle-man. This has already been tested successfully as I mentioned above with Micius (China again).

I am happy to concede that there is a huge amount of work required to progress to the end of the roadmap, quantum repeaters being just one example, but the direction of travel is encouraging.

A functioning and useful quantum internet won't need a massive expensive multi-qubit quantum computer in every home at all, but simply a means of transmitting and receiving quantum information. IBM has already had a simple quantum computer in the cloud since 2016.

[2020quantumdecade]

Hello, i know how to calculate..
https://b.radikal.ru/b24/2001/08/12c85c1e3d36.jpg

We also know how to calculate it
https://en.wikipedia.org/wiki/Shor's_algorithm
but we don't have the device. Not yet, but soon, this decade.

[Voland.V]

SIX STEPS TO A QUANTUM INTERNET

0 Trusted-node network: Users can receive quantum-generated codes but cannot send or receive quantum states. Any two end users can share an encryption key (but the service provider will know it, too).

1 Prepare and measure: End users receive and measure quantum states (but the quantum phenomenon of entanglement is not necessarily involved). Two end users can share a private key only they know. Also, users can have their password verified without revealing it.

2 Entanglement distribution networks: Any two end users can obtain entangled states (but not to store them). These provide the strongest quantum encryption possible.

3 Quantum memory networks: Any two end users to obtain and store entangled qubits (the quantum unit of information), and can teleport quantum information to each other. The networks enable cloud quantum computing.

4 & 5 Quantum computing networks: The devices on the network are full-fledged quantum computers (able to do error correction on data transfers). These stages would enable various degrees of distributed quantum computing and quantum sensors, with applications to science experiments.

So stage 0 is kind of a pre-cursor to a quantum internet, where the only quantum activity is undertaken by the ISP. The quantum cryptographic key is created, but the ISP is like a trusted node. This stage is already live in parts of China.

In stage 1 the quantum key is generated by the sender, so it is truly encrypted, with no middle-man. This has already been tested successfully as I mentioned above with Micius (China again).

I am happy to concede that there is a huge amount of work required to progress to the end of the roadmap, quantum repeaters being just one example, but the direction of travel is encouraging.

A functioning and useful quantum internet won't need a massive expensive multi-qubit quantum computer in every home at all, but simply a means of transmitting and receiving quantum information. IBM has already had a simple quantum computer in the cloud since 2016.


[/quote]
----------------------
Yes, I agree with your conclusions, it's all true.
But this is good for the part of the network that is far from the end user, the backbone part of the network.
In this part of the network, indeed, any change in information will be impossible.

I am for progress, for everything technological, especially when the laws of physics are the basis of these innovations.
But I draw conclusions, I watch intentions diverge from reality.
How loud promises actually turn into advertising tricks.

Let's find out where we are most often attacked? As of today.  Among other things, I am talking about the most dangerous attack - the "man in the middle" technology. 
Most often it is not carried out on a segment of the network remote from us.
I think that from what I have learned, the most common places to attack are those that are close to the user: routers, other network access points, the end devices themselves.

None of these threats aimed at the end user, at the specified attack points, the quantum (photon) Internet offered to us - does not solve anything.

Modern protocols, based on modern cryptography, provide everything you expect from the "quantum Internet", except one thing - discreet copying of information, eavesdropping on your channel.

But this danger is solved by reliable cryptography, methods that are simpler and smarter than the mass of new equipment for the transmission of linked photons (quantum Internet).

If you are subject to a competent attack, information, any, before the Internet, before encryption, will be stolen invisibly directly from your devices, not from the backbone networks of the Internet.
All scammers and criminals working for governments are looking for easy ways to get information.

For example, fresh information, all Samsung devices are secretly spying on their users, on the government of China, not the government of South Korea. You see what a serious approach to espionage is. How will the quantum internet save you?

I think that all such technologies, except the quantum computer, are of scientific interest and will only be prepared for commercial success.

We need a good secret communication channel, which should be protected by post quantum cryptography. Cheap, reliable, affordable way.

[Voland.V]

Hello, i know how to calculate..

We also know how to calculate it
https://en.wikipedia.org/wiki/Shor's_algorithm
but we don't have the device. Not yet, but soon, this decade.

----------------------
How cryptanalysis works, especially against asymmetric encryption systems, will not be written to you on the Internet, let alone on Wikipedia.  It's a mystery that cryptanalysis is all about.

The life and work of cryptoanalysts is classified. Even their family doesn't know what they do, the results of their work are so important.

If they did not work well, asymmetric cryptography would be solved for serious questions. But it's not allowed.

Why is that?

Because it's used by those in power, and it's not written on public bulletin boards.

[Cnut237]

There has been a potentially important advance in qubit stability, published yesterday in Nature.

Anyone with a passing interest knows that maintaining the qubit state is a big problem in quantum computing. The quantum system is quite fragile, and any interaction with the wider environment can cause the state to decohere (decoherence meaning not actual wave function collapse, but rather the leaking of information across the boundary between the quantum system and its surroundings).

There have been various attempts in the past to increase stability, some (such as magnetic containment) being more successful than others.

The new experiment from the University of New South Wales uses quantum dots rather than normal silicon atoms, and they've built artificial atoms around these quantum dots - it's this approach that has increased the stability hugely.

The problem with 'traditional' (I say traditional, but really QC is all quite new!) devices built on silicon atoms is that there are always atomic imperfections, which disrupt the qubits and lead to a high chance of decoherence. This new experiment removes the atomic nucleus entirely, and instead applies a voltage to pull in spare electrons to orbit the dot. This is then repeated until the inner electron shells have formed. So instead of a normal atom, with a nucleus surrounded by spherical electron shells, you end up with a quantum dot surrounded by flat 2D circular electron shells. So they are mimicking the atomic structure but doing away with the messy nuclear stuff so it's essentially just clean shells around the dot.

This done, the key step is to build up the complete inner shells and then add one more electron to the next outer shell. This is a bit like painting multiple coats on a wall, you build up the thickness to smooth everything out. Complete shells always sum to zero, but the added electron in the incomplete outer shell can be used for the spin measurement for the qubit.

Basically it's a variant of the standard approach that removes the problem of atomic imperfections, and then improves stability further by building complete orbital electron shells beneath the final electron.

Apologies if this is either too technical or not technical enough, it's difficult to strike a balance, and as always with QC it can be a challenge to make sure you've understood everything correctly - I think I have, but please let me know if I've made some false connections here.

Anyway, it's an interesting approach and could end up being quite an important marker on the road towards stable large-scale QC production.

[2ndGENQC]

And for the "second generation quantum computers" people are already developing post SHA-hash signature systems. So we would then change to post SHA-hash signature systems before "second generation quantum computers" exist.

The development of "second generation quantum computers" will bring the most exciting times, hashing will be history. We will make all "lost" coins active.

[Cnut237]

the most exciting times, hashing will be history. We will make all "lost" coins active.

"Exciting times" brings to mind the Chinese curse of living in interesting times.

Lost coins on the chain will indeed be vulnerable to QCs as these are the ones that won't be moved to quantum-safe addresses following a bitcoin upgrade. Making these coins available for theft by QCs could be terrible for bitcoin's price, but more so for faith in crypto as a whole, similarly if anything not moved was burned to prevent theft by QCs. There's no easy answer here.

[qubitasic]

Re: I don't believe Quantum Computing will ever threaten Bitcoin

McAfee’s chief technology officer: Start protecting against quantum computing hacks now
https://venturebeat.com/2020/02/25/mcafee-start-protecting-against-quantum-computing-hacks-now/
McAfee’s chief technology officer warned that it’s time for companies to start worrying about quantum computing attacks that can break common forms of encryption available today, even if quantum computing isn’t going to be practical for a while.
Grobman said. “Now I know what you are thinking: Quantum is not coming anytime soon. But we can’t think of quantum in terms of eventually or tomorrow."
“We need quantum-resistant algorithms as soon as possible,” Grobman said.

[Voland.V]

Re: I don't believe Quantum Computing will ever threaten Bitcoin

McAfee’s chief technology officer: Start protecting against quantum computing hacks now
https://venturebeat.com/2020/02/25/mcafee-start-protecting-against-quantum-computing-hacks-now/
McAfee’s chief technology officer warned that it’s time for companies to start worrying about quantum computing attacks that can break common forms of encryption available today, even if quantum computing isn’t going to be practical for a while.
Grobman said. “Now I know what you are thinking: Quantum is not coming anytime soon. But we can’t think of quantum in terms of eventually or tomorrow."
“We need quantum-resistant algorithms as soon as possible,” Grobman said.

-------------------------------------
What exactly are the dangers of quantum computing?
It's very simple.
I'm talking about the global, the danger to a lot of people, not to private cases.

All protection protocols, I'm talking about cryptographic methods of protection, built on a principle:
1. Asymmetric cryptography is the first step in any protocol to agree on a common session key for symmetric cryptography.
2. The second step is symmetric cryptography encryption, where secrets are encrypted securely (AES).

Why is a quantum computer dangerous today that will work far tomorrow?

Because all of our encrypted messages are stored.
Details:
- those encryptions that are very interesting - stored many times, it's communication between interesting and big people of our time;
- all other messages are also stored, just in case, they can be interesting, probably.

Now how quantum cheaters will work:
1) they will only crack the first stage of the encryption protocol - only asymmetric cryptography, where the shared session encryption key was encrypted. That's it.
2) They use the resulting key to quietly read the AES cipher, the second step of the encryption protocol.

And now, everything falls into place: AES-256, the symmetric system, is not cracked, and RSA (with any length of key) or ECC (with any length of key), the asymmetric system is cracked without a doubt, even by very weak, first quantum computers.

That's why everyone is so concerned, that's why post quantum asymmetric encryption systems are already needed.

Yes, not all people encrypt good messages, there are so many that lead two lives at once and one of those lives is very bad.
But the bad thing is to read and decide what's bad and what's good will be guys with the same questionable reputation as the first ones.

Here is the real vulnerability of all the key encryption methods: everything secret, sooner or later, becomes known and not secret.

This vulnerability is completely devoid of new keyless encryption systems.

[fabiorem]

I don't believe anymore that quantum computing exists. It looks more like a fancy showdown to scare people.

[Ryutaro]

I don't believe anymore that quantum computing exists. It looks more like a fancy showdown to scare people.

there already exist several working ones ( google sycamore, D-wave, IBM Q...) and they are continuously being improved. Companies like D-wave succeeded in using quantum computing to solves real-world problems such as minimizing error in a voice recognition system, controlling risk in a financial portfolio, or reducing energy loss in an electrical grid. source

also, leading countries from all over the world are investing insane amounts of money in quantum computing research for obvious reasons to get their hands on this new monster.

IBM is already offering free limited access to their systems, you can now create an account and try your quantum circuits and run them on their quantum computers plus they are offering step by step guides and tutorials.

[Cnut237]

I don't believe anymore that quantum computing exists. It looks more like a fancy showdown to scare people.

there already exist several working ones ( google sycamore, D-wave, IBM Q...) and they are continuously being improved. Companies like D-wave succeeded in using quantum computing to solves real-world problems such as minimizing error in a voice recognition system, controlling risk in a financial portfolio, or reducing energy loss in an electrical grid.

You are absolutely correct that QCs exist and that they are being improved all the time.

However, you mentioned D-Wave, so we do need to be mindful of the distinction between quantum annealers (such as D-Wave) and universal gate quantum computers (true quantum computers). Annealers are more like quantum simulators than actual quantum computers, and they will never be a threat to bitcoin because they can't run Shor's algorithm, which is what a QC would use to break elliptic curve cryptography.

The annealing approach exploits the phenomenon of quantum tunnelling - this is a low-energy shortcut, analagous to moving between adjacent valleys by cutting straight through the hill rather than going up one side and down the other. Annealing is more for problems where there are a huge number of possible solutions, and we're just looking for one that is sufficient out of that multitude of possibilities, a 'local minimum'. So annealers are good for problems that fit into the 'travelling salesman' category, or materials science where we just want to develop a material that has sufficient strength or malleability or heat-resistance.

Universal gate quantum computers on the other hand are the ones that can threaten bitcoin. News reports often focus on the number of qubits these machines have, as if this is the only important criterion. It's not. As (universal gate) QCs scale up, the main problem is decoherence - the difficulty of maintaining that entangled quantum state (and its information) by preventing variables from the outside environment leaking in (e.g., physical vibrations, EM radiation, temperature changes).

There is work underway on a variety of solutions to the decoherence problem, but it remains very much the primary obstacle - you can have a QC with a million qubits, but it would be useless without sufficient coherence.

[Voland.V]

I don't believe anymore that quantum computing exists. It looks more like a fancy showdown to scare people.

------------------
It is possible not to believe, it is possible to close eyes and to bury all head deep in sand - it is a way of an ostrich.
On the contrary, you can open your eyes and explore the world around you. Then there is a chance, if you have enough intelligence, to come to the conclusion that quantum computing is a reality to accept.
That's why post quantum encryption methods and new Blockchain technology have already been developed.   

[Cnut237]

I don't believe anymore that quantum computing exists. It looks more like a fancy showdown to scare people.

It certainly exists, and work is progressing rapidly on a number of fronts. There has been a recent discovery that may pave the way for standard computer chips to perform quantum operations...

We have talked at length about what a qubit 'is' in an informational sense, but comparatively little about what it is in a physical sense. There are a huge variety of approaches, from miniature superconducting circuits (as in Google's 53-qubit machine last year) to optical lattices and Bose-Einstein condensates. But the holy grail is to be able to use magnetically-controllable nuclei embedded in silicon, a combination of magnetic resonance and quantum dot... a Kane quantum computer.

A Kane QC as theorised uses precisely-spaced phosphorous atoms beneath the surface. As well as being manipulable through magnetic control, there is a benefit of a huge decoherence time (at low temperatures), estimated at 10¹⁸ seconds - decoherence is one of the biggest problems in QC.



The theory is over 20 years old, and has not so far been properly implemented in practice because it is hugely difficult to control a single nucleus magnetically without the field affecting neighbouring nuclei too.

... which brings me to the new paper. They have used antimony rather than phosphorous - antimony crucially has a non-uniform charge distribution, and they have demonstrated that because of this it can be moved comparatively easily between spin states through the application of an oscillating electric field. This is kind of a big deal, as this possibility was first predicted more than 60 years ago, but has not been observed until now. Antimony is bigger than phosphorous, and has 8 spin states rather than the 2 of phosphorous, but this isn't a problem as it just means that each antimony nucleus is analagous to a 3-qubit system.

There is still a lot of work to be done, it's very early on, but if in the end a QC can be built in silicon, then this really is a huge advancement.

[Voland.V]

Who can explain how spin bound photons are controlled in quantum cryptography?
2 bonded photons.
One photon is transmitted through an optical communication channel and received at the second end of the communication channel.
That's understandable.
And how is the associated photon controlled and held?
Or is it not needed?
How can this moment of technology be explained in a simple and clear way?   

[Cnut237]

Who can explain how spin bound photons are controlled in quantum cryptography?
2 bonded photons.
One photon is transmitted through an optical communication channel and received at the second end of the communication channel.
That's understandable.
And how is the associated photon controlled and held?
Or is it not needed?
How can this moment of technology be explained in a simple and clear way?   

I'll have a go. I assume you're talking about Quantum Key Distribution, - please correct me if not!

The process is that an interferometer generates the entangled photon pair, then the photons are sent one to each party. So 'Alice' receives one photon and 'Bob' receives the other. As for the mechanism of transfer, it can be optical cable or (as in China's QUESS) a satellite signal (as attenuation through vacuum and thin atmosphere is negligible) - anything really so long as the mechanism can keep signal loss to a minimum - or quantum repeaters can be used to maintain the signal.

The result then is that Alice and Bob each have the secure information received from the photon. Once the photon has been received, its data has been received too, and there is then no need to actually hold the photon itself. The point is that due to the fact that each photon is part of an entangled pair, they each contain the same information, which can then be used as a shared key.

That's the process, anyway. For information about security, probably first have a look at the BB84 protocol, and then go on from there to later developments such as Kak's 3 Stage Protocol (quantum double-lock)... but I think we covered security a few months ago in this thread.