An optical transmitter for quantum key distribution includes a plurality of spatially separated light sources configured to emit a light signal with the same wavelength. Each light source emits a light signal with a unique encoding. A beam combiner receives the light signals from the plurality of light sources and combines the received light signals into a combined light signal. A spatial filter is optically coupled to the beam combiner and includes an aperture that receives the combined light signal and emits a filtered light signal. The aperture has an aperture diameter less than or equal to the specified wavelength. A collimator is optically coupled to the spatial filter and receives the filtered light signal and emits a collimated light signal. An output aperture receives the collimated light signal and outputs the collimated light signal as an output light signal towards an optical receiver.

The performance of quantum key distribution by systems and methods that use wavelength division multiplexing and encode information using both wavelength and polarization of photons of two or more wavelengths. Multi-wavelength polarization state encoding schemes allow ternary-coded digits, quaternary-coded digits and higher-radix digits to be represented by single photons. Information expressed in a first radix can be encoded in a higher radix and combined with a string of key values to produce a datastream having all allowed digit values of that radix in a manner that allows eavesdropping to be detected without requiring the sender and receiver to exchange additional information after transmission of the information.

In one embodiment, a secure computing system comprises a key generation sub-system configured to generate cryptographic keys and corresponding key labels for distribution to computer clusters, each computer cluster including a plurality of respective endpoints, a plurality of quantum key distribution (QKD) devices connected via respective optical fiber connections, and configured to securely distribute the generated cryptographic keys among the computer clusters, and a key orchestration sub-system configured to manage caching of the cryptographic keys in advance of receiving key requests from applications running on ones of the endpoints, and provide respective ones of the cryptographic keys to the applications to enable secure communication among the applications.

A quantum-attack resistant operating system for use in a key management mechanism which is a full solution of cyber-security for quantum transmission via optical paths, in order to detect and bypass quantum computing attacks, or to perform quantum counterattacks, during various procedures of quantum key managements; wherein the system avoids the attacks of key tampering, destroying, detecting, and blocking, from other quantum systems in a quantum key storage phase; meanwhile, it also avoids the sniffing from other quantum systems on key entangled properties, in a quantum key clearing phase; in addition, in a quantum key recycling phase, facing quantum computing attacks, it not only can disrupt the judgement of other systems on key verification, but also consumes the computing resources on the attacker side; thereby the present invention provides a protection mechanism which cannot be achieved by a conventional PQC (Post-quantum cryptography) solution.

Aspects and embodiments of the present invention relate to a method and system for generating a private cryptographic key for use in a secure cryptogram for transmission between a first entity and a second entity. The method may comprise: selecting a random vector defined in an n-dimensional vector space shared between the first entity and the second entity, the vector comprising one or more component coordinates defined in the n-dimensional vector space, each component coordinate being associated with one or more bits; determining the one or more bits associated with each component coordinate comprised in the random vector; and generating the private key in dependence on the one or more bits associated with each component coordinate comprised in the random vector.

A random-number generation unit (301) generates a random bit string. A light-source control unit (302) generates as transmission signal, using a light source, light pulses each of which corresponds to each bit value in the random bit string generated by the random-number generation unit, and emits the light pulses to a reception apparatus. A transmission-side information acquisition unit (305) acquires from a light-source measurement apparatus which has measured the light pulses and has estimated a physical characteristic, the physical characteristic, and acquires from the reception apparatus, a signal reception result of the transmission signal. A transmission-side information generation unit (303) generates a secret key, using the random bit string, the physical characteristic, and the signal reception result.

An optical transmitter for quantum key distribution includes a plurality of spatially separated light sources configured to emit a light signal with the same wavelength. Each light source emits a light signal with a unique encoding. A beam combiner receives the light signals from the plurality of light sources and combines the received light signals into a combined light signal. A spatial filter is optically coupled to the beam combiner and includes an aperture that receives the combined light signal and emits a filtered light signal. The aperture has an aperture diameter less than or equal to the specified wavelength. A collimator is optically coupled to the spatial filter and receives the filtered light signal and emits a collimated light signal. An output aperture receives the collimated light signal and outputs the collimated light signal as an output light signal towards an optical receiver.

A system with methods to enhance key strength for a quantum shared key which is derived by a conventional quantum key distribution protocol and the system provides a single optical communication channel with security protection mechanism for key distribution without relying on an authenticated public classical channel. The system is implemented with technology in combination of key-strength enhancement, re-encoding operation, density-matrix verification, and grating control for a single optical communication channel where the system can be integrated with a conventional Quantum-Key-Distribution protocol such as BB84 or B92, but excluding GHz-clocked QKD system. Thereby, the system can help a known QKD system to overcome current drawbacks of an apparatus implemented over a conventional QKD protocol so as to derive an enhanced quantum shared key.

Methods of quantum key distribution include receiving a frequency bin photon at a location, selecting a frequency bin photon quantum key distribution measurement basis, with a quantum frequency processor, performing a measurement basis transformation on the received frequency bin photon so that the frequency bin photon is measurable in the selected frequency bin photon quantum key distribution measurement basis, and detecting the frequency bin photon in the selected quantum key distribution measurement basis and assigning a quantum key distribution key value based on the detection to a portion of a quantum key distribution key. Apparatus and methods for encoding, decoding, transmitting, and receiving frequency bin photons are disclosed.

In an approach to improve the field of multi-cloud environments by detecting data corruption between storage systems. Embodiments perform information tunneling on data transferring between a source storage system and a target storage system. Further, embodiments determine a checksum data of a data payload does not match an Internet Protocol (IP) packet extracted checksum and a blockchain based checksum and compare the checksum data at the target storage system with the IP packet extracted checksum and the blockchain based checksum to identify one or more checksum mismatches. Additionally, embodiments identify a corruption in a data payload based on the comparison between the checksum data at the target storage system and the IP packet extracted checksum and the blockchain based checksum, validate the corruption in the data payload, and update respective entities of identified corruption in the data payload.