A quantum key distributed (QKD) apparatus for use with at least two endpoint devices, the apparatus including QKD links each having a communication medium with a quantum channel and a classical channel, wherein each endpoint has a QKD link connected to the QKD apparatus; transmitters to transmit quantum transmissions over a quantum channel of one of the QKD links; a classical transceiver component to transmit/receive classical data over a classical channel of one of the QKD links; and a controller to route data for quantum transmission to an endpoint via a transmitter assigned to the endpoint over a quantum channel of the QKD link of the endpoint, route classical data to an endpoint via a classical transceiver assigned to the endpoint over a classical channel of the QKD link of the endpoint, and route classical data over the classical channel of the QKD link of an endpoint.

A method includes a preparation step and a key agreement step. In the preparation step, a first quantum key distribution (QKD) device at a first location and a second QKD device at a second location distant from the first location together create a quantum secured key according to a QKD protocol, and a first encryption device at the first location and a second encryption device at the second location together create a symmetrically encrypted channel between the first location and the second location using the quantum secured key. In the key agreement step, a first key agreement device at the first location and a second key agreement device at the second location together create an encryption key via the symmetrically encrypted channel.

Systems, apparatuses, methods, and computer program products are disclosed for session authentication. In an exemplary embodiment, a session authentication system encodes and decodes a set of quantum bits using different quantum bases in order to generate a random number used to generate a session key or a random seed (e.g., a set of bits that is randomized due to quantum effects such as the principle of quantum uncertainty) for pseudorandom number generation used to establish a secure session. An example system includes decoding circuitry configured to receive, over a quantum line, a set of qbits generated based on a first set of quantum bases not received by the decoding circuitry, and decode, based on a second set of quantum bases, the set of qbits to generate a decoded set of bits; and session authentication circuitry configured to generate a session key based on the decoded set of bits.

A network node configured to operate in an optical fiber network can comprise a quantum key distribution (QKD) communication unit adapted to communicate with another QKD communication unit of at least one other network node of the optical fiber network according to a CV-QKD mode and/or a DV-QKD mode. A control unit can be configured to control the QKD communication unit to operate in at least one of the CV-QKD mode and the DV-QKD mode. The control unit can be configured to switch operation of the QKD communication unit between the CV-QKD mode and the DV-QKD mode.

Methods, systems, and devices for quantum key distribution (QKD) in passive optical networks (PONs) are described. A PON may be a point-to-multipoint system and may include a central node in communication with multiple remote nodes. In some cases, each remote node may include a QKD transmitter configured to generate a quantum pulse indicating a quantum key, a synchronization pulse generator configured to generate a timing indication of the quantum pulse, and filter configured to output the quantum pulse and the timing indication to the central node via an optical component (e.g., an optical splitter, a cyclic arrayed waveguide grating (AWG) router). The central node may receive the timing indications and quantum pulses from multiple remote nodes. Thus, the central node and remote nodes may be configured to communicate data encrypted using quantum keys.

The present application provides a secure repeater-based quantum communication method and communication network. Said method comprises a transmitter encrypting plaintext information to be sent, to obtain ciphertext; the transmitter sending the ciphertext to a repeater node by means of a quantum communication protocol, so as to send the ciphertext to a receiver by means of at least one repeater node; and after receiving the ciphertext, the receiver decrypting the ciphertext to obtain the plaintext information. The ciphertext is transmitted step by step by means of the at least one repeater node, which is not limited to the distance between the transmitter and the receiver, so that the ciphertext can be transmitted over a long distance. Furthermore, before arriving at the receiver, the plaintext information is transmitted in the form of a ciphertext and is decrypted on the fly, thereby reducing the risk of information being eavesdropped, improving the security.

According to one embodiment, a quantum key delivery service platform includes a plurality of quantum key delivery devices and a management server. The server monitors a storage amount of the encryption keys in the plurality of quantum key delivery devices, records a consumption record of the encryption keys for each of the plurality of cryptographic communication devices, predicts a consumption amount of the encryption keys based on the consumption record of the encryption keys, and detects a sign of shortage of the encryption keys based on the storage amount of the encryption keys and a prediction result of the consumption amount of the cryptographic keys.

A node may receive, from a quantum key-distribution (QKD) device, a first message that includes an identifier associated with a key. The node may send, to another node, a second message that includes the identifier and a request to perform at least one task. A node may receive, from the other node, a third message that includes information associated with performance of the at least one task by the other node and information indicating a time of performance. The node may receive, from the QKD device, a fourth message that includes the key and information indicating a time window associated with the quantum key; wherein the fourth message is received after expiration of the time window. The node may process, based on the fourth message, the third message to determine whether the third message is valid and thereby cause one or more actions to be performed.

A node for a quantum communication network, said node comprising: a quantum transmitter, said quantum transmitter being adapted to encode information on weak light pulses; a quantum receiver, said quantum receiver being adapted to decode information from weak light pulses; at least three ports adapted to communicate with at least one other node; and an optical switch, said optical switch being configured to selectively connect the quantum transmitter and receiver to the ports such that the switch controls which of the ports is in communication with the quantum transmitter and quantum receiver.

A method for performing a key exchange using a quantum key distribution protocol between a first device (D1), a second device (D2), and an intermediary device (ID), wherein: ID receives first symbol set (SS1) over first quantum channel (QC1) transmitted from D1 and sends first receiving basis information (RBI1) to D1 which withholds from ID first transmitting basis information (TBI1); ID transmits second symbol set (SS2) over second quantum channel (QC2) and second transmitting basis information (TBI2) to D2 which withholds from ID second receiving basis information (RBI2); ID generates first (IS1) and second intermediate symbol (IS2) sets based on valid SS1 and SS2; wherein ID generates third intermediate symbol (IS3) set by combining IS1 and IS2 and sends IS3 set to D1 and/or D2; wherein D1 and D2 exchange TBI1 and RBI2 and/or RBI1 and TBI2 to determine a final shared key based on SS1, SS2, and IS3 sets.