1Since breaking the authentication is only detrimental during the execution of the protocol, and not after, there areproposals to consider classical digital signatures that are safe for a certain duration to still gain an advantage by usingQKD, see [37] for instance.