A key management device according to an embodiment is a key management device managing an application key for encrypting a communication in an application network including a plurality of applications. The key management device includes a hardware processor configured to function as a collection unit, a calculation unit, a determination unit, and a communication unit. The collection unit collects, using quantum key distribution (QKD), resource information indicating a resource of a link for which a link key is generated. The calculation unit calculates metric for a key relay route including the link on the basis of the resource information. The determination unit determines a key relay route from among a plurality of key relay routes on the basis of the metric. The communication unit uses the key relay route determined by the determination unit to send, to a destination, an application key encrypted with the link key.

According to an embodiment, a quantum cryptographic communication system includes a first quantum key distribution (QKD) device, and a first key management device. The first QKD device that shares a quantum encryption key with a second QKD device through QKD. The first key management device includes a reception unit and a first hardware security module (HSM). The reception unit receives the quantum encryption key from the first QKD device. The first HSM includes a storage unit, a generation unit, and a first encryption unit. The storage unit stores a first encryption key therein. The generation unit generates an application key used in an encryption process by a cryptographic application. The first encryption unit that encrypts, with the first encryption key, the application key transmitted to a second key management device connected to the second QKD device.

The invention provides a resource allocation method and system in a quantum key distribution optical network. The method includes steps of: setting a topological structure of a quantum key distribution optical network, and initializing parameters in the topological structure; generating a service request, and categorizing a security level of a service according to a security requirement degree of the service, where the security level corresponds to a security score; establishing an optimization objective function to maximize a security score of the quantum key distribution optical network and minimize an occupancy of wavelength and timeslot resources; and establishing a constraint satisfying the optimization objective function, and allocating corresponding wavelength and timeslot resources to the service request under the constraint. The invention implements a joint optimization objective of maximizing a security score of a network and minimizing the occupation of wavelengths and timeslots.

An imaging and quantum cryptography apparatus comprising alight-refracting optical setup (101), a light-directing optical setup (102), an imaging sensor (103) capturing light refracted from the light-refracting optical setup and directed to the imaging sensor by the light-directing optical setup and at least one of a quantum key distribution (QKD) transmitter (104) generating a QKD light signal and transmitting the QKD light signal via the light-directing optical setup and through the light-refracting optical setup and a QKD receiver (105) acquiring and decoding light signals refracted from the light-refracting optical setup and directed to the QKD receiver by the light-directing optical setup. The imaging sensor, the at least one of QKD transmitter and QKD receiver, and the alignment unit, all use the same light-directing optical setup and the same light-refracting optical setup.

A system and method for securely distributing quantum keys in a network are disclosed. The method includes receiving request for generating pair of quantum keys between source quantum node and target quantum node. Further, the method includes generating first pair of quantum keys based on the request. The method includes transmitting the first pair of quantum keys to the intermediate quantum node using a first quantum link. The method further includes generating intermediate pair of quantum key based on events detected at the intermediate quantum node. The method further includes interleaving the intermediate pair of quantum key with the first pair of quantum keys. Also, the method includes generating a second pair of quantum keys comprising interleaved intermediate pair of quantum key and first pair of quantum keys. Further, the method includes encoding and transmitting the second pair of quantum keys to target quantum node using second quantum link.

A system and method for quantum key distribution includes determining an intrinsic loss along a quantum channel; generating a pulse sequence; transmitting the pulse sequence via the quantum channel; receiving the pulse sequence; determining invalid signal positions and providing the invalid signal positions; determining a first reconciled signal from the first signal and the invalid signal positions, and determining a second reconciled signal from the second signal and the invalid signal positions; determining a total loss along the quantum channel from the at least one test pulse received, determining a signal loss from the total loss and the intrinsic loss, and providing the signal loss; determining a shared by error correcting the first reconciled signal and the second reconciled signal; and determining an amplified key from the shared key by shortening the shared key by a shortening amount that is determined from the signal loss.

The concepts and technologies disclosed herein are directed to quantum key distribution (“QKD”) networking as a service. According to one aspect disclosed herein, a microservices controller can establish a plurality of quantum connections with a plurality of virtual quantum connection managers (“vQCMs”) deployed in association with a set of quantum user nodes (“QUNs”) in a QKD network. The microservices controller can receive a request to initialize the QKD network. The microservices controller can coordinate with the plurality of vQCMs to handle initialization of the QKD network. The microservices controller can receive a QKD service request from a QKD network operator. The microservices controller can invoke a plurality of microservices to handle the QKD service request.

A system with methods to enhance key strength for a quantum shared key which is derived by a conventional quantum key distribution protocol and the system provides a single optical communication channel with security protection mechanism for key distribution without relying on an authenticated public classical channel. The system is implemented with technology in combination of key-strength enhancement, re-encoding operation, density-matrix verification, and grating control for a single optical communication channel where the system can be integrated with a conventional Quantum-Key-Distribution protocol such as BB84 or B92, but excluding GHz-clocked QKD system. Thereby, the system can help a known QKD system to overcome current drawbacks of an apparatus implemented over a conventional QKD protocol so as to derive an enhanced quantum shared key.

Techniques regarding routing qubit data are provided. For example, one or more embodiments described herein can comprise a computer-implemented method for training a quantum controller fast path interface that can control the qubit data routing. The computer-implemented method can comprise training, by a system operatively coupled to a processor, the quantum controller fast path interface for routing qubit data bits between a quantum controller and conditional engine by adjusting a delay value such that a mesochronous clock domain is characterized by a direct register-to-register transfer pattern.

There is herein disclosed a method of performing Quantum Key Distribution for generating a shared secret key, the method including, at a first node, preparing or measuring a plurality of non-orthogonal quantum states, each of the plurality of non-orthogonal quantum states being prepared or measured using a respective one of a first set of basis states, and, at a second node, preparing or measuring the plurality of non-orthogonal quantum states each, of the plurality of non-orthogonal quantum states being prepared or measured using a respective one of a second set of basis states, and, at a third node, obtaining an indication of the first set of basis states from the first node and performing a key agreement stage with a fourth node to agree the shared secret key, the key agreement stage involving the first and second sets of basis states.