it can't, that's why you need a trusted hub

clients can only tell that the message they received from the hub was actually from the hub and was not observed by anyone but the hub. there's no way to tell a message from client A to client B wasn't tampered with or observed before the hub delivered it

So if you're supposed to trust all hops on your message, quantum cryptography has no real appreciable improvement over standard digital communications (where the same problem exists).

Well, you don't have to worry about anyone hijacking a cable. Rather big improvement there. Although not without cost...