Methods, systems, and devices for quantum key distribution (QKD) in passive optical networks (PONs) are described. A PON may be a point-to-multipoint system and may include a central node in communication with multiple remote nodes. In some cases, each remote node may include a QKD transmitter configured to generate a quantum pulse indicating a quantum key, a synchronization pulse generator configured to generate a timing indication of the quantum pulse, and filter configured to output the quantum pulse and the timing indication to the central node via an optical component (e.g., an optical splitter, a cyclic arrayed waveguide grating (AWG) router). The central node may receive the timing indications and quantum pulses from multiple remote nodes. Thus, the central node and remote nodes may be configured to communicate data encrypted using quantum keys.

A method provisions keys in a network of connected objects, including a plurality of such objects as well as a programming station. The nodes of the network could communicate over a main channel and over a secure auxiliary channel, distinct from the main channel. After a first phase of authentication and mutual identification with the nodes of the network, a terminal including a secure hardware element, broadcasts, in a second phase, a set of secret keys to each node, via the auxiliary channel, the set of secret keys including a first secret key intended to authenticate the nodes belonging to the network and a second secret key, intended to encrypt the exchanges over the main channel. In a third phase, the programming station performs a discovery of the nodes of the network.

Method(s), system(s), apparatus are provided for storing one or more data item(s) in a quantum-safe (QS) network. The QS network comprising one or more QS server(s) and a repository for storing and accessing said data item(s). Each QS server comprising a hardware security module (HSM) for storing an identical set of quantum distributed (QD) keys. The identical set of QD keys having been distributed to each of said QS server(s) in a quantum-safe manner. The QS server(s) are configured to communicate securely with each other and the repository using one or more available QD keys from the identical set of QD keys. A QS server performs generating a quantum reference (QREF) locator based on input data associated with a data item for storage and an available QD key selected from the set of QD keys, and sending the QREF locator along with the data item encrypted with the available QD key to the repository for storage.

A method and system for performing a secure key relay of an encryption key, K.sub.enc, provided by an initial node, KN.sub.0, and used by an encoding unit (ENC) of a first data transceiver for encoding plain data, P.sub.data, to provide encrypted cipher data, C.sub.data, transported via a data transport link, DTL, to a decoding unit (DEC) of a second data transceiver which decodes the transported cipher data, C.sub.data, using the relayed encryption key, K.sub.enc, provided by a terminal node, KN.sub.N, as a decoding key to retrieve the plain data, P.sub.data, wherein the relay of the encryption key, K.sub.enc, from the initial node, KN.sub.0, to the terminal node, KN.sub.N, is performed by means of intermediate relay nodes, KN.sub.1, KN.sub.2 . . . KN.sub.N−1, and comprises the steps of sharing (S1) QKD-keys, K, between the nodes via secure quantum channels, QCH, of a quantum key distribution network, QKDN; performing (S2) encryption of shared QKD-KEYS, K, at the initial node, KN.sub.0, and at each intermediate relay node, KN.sub.1, KN.sub.2 . . . KN.sub.N−1, and blinding them with a blinding value, S.sub.i, of the respective node to provide an encrypted cipher key, CK.sub.i, by the initial node, KN.sub.0, and by each intermediate relay node, KN.sub.1, KN.sub.2 . . . KN.sub.N−1; distributing (S3) or pre-distributing the blinding values, S.sub.i, of the initial node, KN.sub.0, and of each intermediate relay node, KN.sub.1, KN.sub.2 . . . KN.sub.N−1; transmitting (S4) the encrypted cipher keys, CK.sub.i, of the initial node, KN.sub.0, and of each of the intermediate relay nodes, KN.sub.1, KN.sub.2 . . . KN.sub.N−1, to the terminal node, KN.sub.N; performing (S6) by the terminal node, KN.sub.N, logic operations on reconstructed or pre-distributed blinding values, S.sub.i, on the basis of the encrypted cipher keys, CK.sub.i, received by the terminal node, KN.sub.N, from the initial node, KN.sub.0, and received from each of the intermediate relay nodes, KN.sub.1, KN.sub.2 . . . KN.sub.N−1, to provide the encryption key, K.sub.enc, used by the decoding unit (DEC) of the second data transceiver as a decoding key to retrieve the plain data, P.sub.data.

A system with methods to enhance key strength for a quantum shared key which is derived by a conventional quantum key distribution protocol and the system provides a single optical communication channel with security protection mechanism for key distribution without relying on an authenticated public classical channel. The system is implemented with technology in combination of key-strength enhancement, re-encoding operation, density-matrix verification, and grating control for a single optical communication channel where the system can be integrated with a conventional Quantum-Key-Distribution protocol such as BB84 or B92, but excluding GHz-clocked QKD system. Thereby, the system can help a known QKD system to overcome current drawbacks of an apparatus implemented over a conventional QKD protocol so as to derive an enhanced quantum shared key.

A method of exchanging a combined cryptographic key between a first node and a second node, the first node and the second node being connected through a first communication and a second communication network, wherein the first communication network is a quantum communication network wherein information is encoded on weak light pulses; and the first node and the second node being configured to: exchange one or more first cryptographic keys on the first communication network; exchange one or more second cryptographic keys using the second communication network; and form the combined cryptographic key by combining the one or more first cryptographic keys and the one or more second cryptographic keys, such that the first node and the second node share knowledge of the combined cryptographic key.

Methods, apparatus, and systems are provided for performing a quantum key distribution (QKD) protocol between a first device, a second device, and an intermediary device. The intermediary device transmitting: a first secret symbol string over a first quantum channel to the first device; a first basis set over a first communication channel to the first device. The intermediary device; a second secret symbol string over a second quantum channel to the second device; a second basis set over a second communication channel to the second device. The intermediary device generating a third symbol string based on combining the first and second secret symbol strings and transmitting to the second device, via the second communication channel, data representative of the third symbol string. The first device and second device perform a quantum key exchange and sifting based on the corresponding received first and second secret symbol strings and first and second basis sets, and a fourth set of symbols generated by the second device generates a fourth set of symbols based on combining the second received secret symbols with the received third symbol string.

A method of scheduling and managing key data in a satellite quantum key distribution system comprising a constellation of one or more satellites and a plurality of user ground stations. The method comprises: using a satellite of the constellation of satellites to deliver key data to a user ground station using a quantum communication link; at the user ground station, storing the delivered key data and reporting the amount of delivered key data; using the satellite to deliver key data to at least one other user ground station requiring common encryption keys with the user ground station using a respective quantum communication link; at each other user ground station, storing the delivered key data and reporting the amount of delivered key data; based upon the reports, determining an amount of the delivered key data which is commonly stored at all of the user ground station and the at least one other user ground station; and instructing the user ground station and the at least one other user ground station to release the commonly stored delivered key data

A method of scheduling encryption key delivery communication sessions in a satellite quantum key distribution system comprising a constellation of one or more satellites and a plurality of user ground stations comprises producing a list of user ground stations requiring encryption keys. For each satellite of the constellation of satellites, determining a region of the earths surface within which the satellite can carry out encryption key delivery communication sessions to user ground stations using a quantum optical communications link during a scheduling period. Obtaining a cloud cover map. Comparing the locations of the listed user ground stations, the determined regions of the earths surface for the constellation of satellites, and the cloud cover map, to identify listed user ground stations to which encryption key delivery can be carried out by the constellation of satellites during the scheduling period. Determining which of the identified user ground stations each satellite of the constellation of satellites will carry out encryption key delivery communication sessions with at different times in the scheduling period based upon one or more of: an amount of unused encryption keys at each identified user ground station; and an expected time duration before each identified user ground station runs out of encryption keys.

A method for generating digital quantum chaotic orthonormal wavepacket signals includes the following steps: construct a N-dimensional Hermitian matrix Ĥ; calculate N eigen-wavefunctions φ.sub.j of a quantum Hamiltonian system with the Hamiltonian Ĥ by some numerical calculation methods, wherein the Hamiltonian is the Hermitian matrix Ĥ; extract some or all of the eigen-functions φ.sub.j with obvious chaos features as quantum chaotic eigen-wavefunctions according to a chaos criterion; generate some semi-classical digital quantum chaotic wavepacket signals φ.sub.j(n) with the same mathematical form as the quantum chaotic eigen-wavefunctions and length N from the selected quantum chaotic eigen-wavefunctions according to the mathematical correspondence between the classical signal and the wavefunction in quantum mechanics. By combining the quantum state chaotic transition theory and the classical time-frequency analysis, some semi-classical quantum chaotic wavepacket digital signals are generated according to the mathematical correspondence between the classical time-frequency signal and the wavefunction in quantum mechanics.