About [3]:

Isn't this realizable with quantum state teleportation? Entanglement networks are definitely being worked on heavily, and after entanglement distillation you just need to send a few bits to effectively have sent a quantum state. Not sure what "chosen-quantum-cyphertext" attacks are though, so maybe my idea fails one of it's assumptions?

About [5]: why not? Because of information leakage, or because they only send from a small set of states?

Re [3]: sure, if you have two quantum computers, and you’ve built an entanglement network that can get them into a controlled entangled state, and they both have useful amounts of coherent memory that lasts long enough to be interesting (days? weeks? years? depends on the application), then you can teleport qubits from one to another. This does not currently exist.

I see papers describing a “vision” for entanglement networks. Maybe something will work for real in a decade. And then maybe someone will implement AES as a quantum circuit and will send the outputs (where the input is not a classical state!) to a remote node. That would be nifty indeed.

Re [5]: The gadgets I’ve looked into use lasers to very very poorly approximate single-entangled-photon-pair sources and use detectors that are fairly poor approximations of single photon detectors to implement QKD. But the whole thing really (IMO) implements a real mess where a particular subspace of the mess resembles the secure QKD algorithms. And then people break it by sending unexpected input.

If I’m making a cryptographic system, I want to receive classical input that is definitely 0 or 1, and I want to receive quantum input that is definitely in the computational basis. No one hacks a major website by sending something that isn’t a string of bits to one of its API, but people have broken “QKD” by doing just that.