International Defense Security & Technology Your trusted Source for News, Research and Analysis
Related Articles
The emergence of quantum computers capable of breaking traditional encryption has spurred a global effort to secure data through quantum-safe technologies. Chief among these is Quantum Key Distribution (QKD), a technique that harnesses quantum mechanics to enable the secure exchange of encryption keys. QKD offers theoretically unbreakable security, but integrating it into today’s high-speed optical networks presents a complex technical challenge. To achieve global-scale deployment, QKD must coexist with classical data on commercial networks without compromising performance or security. Initially limited to direct, point-to-point links, QKD is now undergoing a dramatic shift toward global, multi-node infrastructures thanks to advances in satellite-based QKD, wavelength multiplexing, and software-defined network control. This article explores the networking technologies that are making this integration possible, laying the foundation for a scalable, quantum-secure internet.
The Quantum Security Imperative
Quantum cryptography has rapidly progressed from academic experimentation to becoming a foundational pillar of next-generation cybersecurity. The increasing threat posed by quantum computing—exemplified by Google’s “Willow” chip performing calculations in minutes that would otherwise take classical supercomputers 10 septillion years—underscores the vulnerability of traditional public-key encryption. At the forefront of countermeasures is Quantum Key Distribution (QKD), which uses the principles of quantum mechanics to ensure secure communication.
Quantum cryptography is an emerging technology in which two parties may simultaneously generate shared, secret cryptographic key material using the transmission of quantum states of light. A unique aspect of quantum cryptography is that Heisenberg’s uncertainty principle ensures that if Eve attempts to intercept and measure Alice’s quantum transmissions, her activities must produce an irreversible change in the quantum states that are retransmitted to Bob. These changes will introduce an anomalously high error rate in the transmissions between Alice and Bob, allowing them to detect the attempted eavesdropping.
QKD is suitable for use in any key distribution application that has high security requirements including financial transactions, electoral communications, law enforcement, government, and military applications. Military is also transitioning to Quantum cryptography to takes advantage of the properties of matter in addition to the principles of mathematics to create a cryptosystem that cannot be broken with unlimited computing power (even with a quantum computer).
Currently Most Quantum Communication links are direct point-to-point links through telecom optical fibers and, ultimately limited to about 300-500 km due to losses in the fiber. Other factors are high background noise of practical single-photon detectors, BER rates caused by microscopic impurities in the fiber and inefficient finite-key security analysis. In addition most of the effort on QKD system design and experimental demonstrations have however so far been realized on dark fiber. This restricts the deployability of QKD to a limited number of scenarios where the barriers associated with dark fiber availability and price can both be overcome.
QKD Networks
The next important milestone is development of large scale QKD network to extend QKD from point-to-point configuration to multi-user and large-scale scenario. A QKD network is a sub-network within a standard communication network. A QKD network only exchanges secure keys, it does not send secure messages. Secure messages are sent over the standard communication network, using the secure keys established by the QKD network.
However, most QKD systems are based on a point-to-point link, where the transmitter (Alice), and the receiver (Bob), generate a quantum key between two specific parties. In a future scenario, where QCs become standard technology, and where infrastructures, like banks and government buildings, will be connected through a quantum network, new principles in terms of key generation are required. The concept of a QKD network where customers need parallel independent keys, connecting multiple end-users and different nodes, will be highly useful.
Overcoming this limit is a grand challenge; it will require quantum repeaters, entanglement swapping, and multimode quantum memories. The latter, namely storing and retrieving single-photons on demand in quantum memories with long quantum coherence times, is the most challenging step in this endeavor.
Although fiber is a good and commonly used medium for transmitting qubits, the installation of a dedicated optical channel for QKD purposes is not practical in all circumstances. A free space link is sometimes convenient, although it has its drawbacks, since it needs suitable atmospheric conditions, a visible light path, and an acceptable signal-to-noise ratio (SNR) that strictly limits usage time.
Creating the infrastructure for QKD is challenging but it is just the first step. Once transmitted, encryption keys must be kept and used. Secure Encryption Key management across all protocol layers will require the integration of QKD with classical cryptography including the actual libraries and procedures implemented at the diverse layers of the communiction protocols.
Essential Attributes of Quantum Key Distribution Networks
At the core of every QKD network lies the key rate—a critical metric that determines how fast secure keys are generated and made available for cryptographic operations. Since QKD networks don’t transmit data but only the secret keys that protect it, the balance between key generation and consumption directly influences network performance and reliability. As secure communication requires a steady supply of fresh key material, the ability to sustain high key rates becomes crucial, especially under high-traffic conditions. Over the past two decades, remarkable progress has been made: from modest rates of ~400 bps over 10 km in the 2002 DARPA network, to over 304 kbps across 45 km in Tokyo (2009), and up to 250 kbps in China’s 2,000-km Beijing–Shanghai backbone network (2017). More recently, optimizations in FPGA-based digital signal processing and quantum signal encoding have pushed key rates beyond 10 Mbps—especially over shorter metropolitan links—enabling practical encryption for high-throughput applications.
Link length is another fundamental constraint, dictated by the fragile nature of quantum states, which suffer degradation due to absorption, scattering, and channel noise in optical fibers. Historically, QKD deployments pushed link distances incrementally—from 29 km in the DARPA network to 90 km in Tokyo’s field testbed. In the Beijing–Shanghai backbone network, link spans of nearly 90 km were achieved without sacrificing key integrity. However, the range remains inherently limited without trusted repeaters or satellite-based quantum relays, since quantum states cannot be amplified like classical signals. As a result, advanced deployment strategies—such as hybrid topologies using quantum repeaters, satellites, or trusted nodes—are required to bridge long-distance links while preserving end-to-end quantum security.
Security in QKD networks is not only about key generation but also about key protection throughout the lifecycle—from generation to storage and application. The intrinsic privacy of quantum key material stems from the laws of quantum physics, but it is equally critical to ensure the physical and software security of network nodes, where key management and authentication occur. This means implementing hardened cryptographic modules, tamper-proof storage, and rigorous identity verification protocols. Furthermore, since QKD often employs hop-by-hop relaying, every intermediate node must be trusted, making node security a top priority for maintaining overall network integrity.
Finally, key usage efficiency and network robustness are pivotal for large-scale deployment. Because key material is a limited and precious resource, especially over low-rate or long-distance links, QKD protocols must minimize unnecessary retransmissions and choose the shortest routing paths to reduce key consumption and exposure. During congestion or attacks, previously used keys are discarded, and fresh ones are issued to maintain confidentiality. For long-term resilience, QKD networks must support seamless node integration, dynamic rerouting, and fault tolerance. They should be equipped to respond to fiber cuts, signal disruptions, or cyber-physical attacks—ensuring continuity of quantum-secure communication even under adverse conditions. The future of QKD lies in building such adaptive, efficient, and scalable architectures that can coexist with classical networks while guaranteeing security rooted in the very fabric of quantum mechanics
QKD Network Architectures: From Trusted Nodes to Quantum Internet
At their core, QKD networks are generally structured into three functional layers: the quantum layer, responsible for generating secure symmetric keys; the key management layer, which handles routing, synchronization, and secure key storage; and the communication layer, where classical data traffic is encrypted using quantum-derived keys. This layered architecture is foundational to many national and international quantum communication projects, such as the Tokyo QKD Network and Europe’s OpenQKD initiative, ensuring modular integration and future scalability.
To maintain uninterrupted secure communication, the quantum layer must continuously generate key material, even as upper layers consume keys at varying rates. This necessity drives efforts to monitor and optimize quantum resource allocation in real time. Meanwhile, the key management layer plays a critical role in handling quality-of-service policies, routing protocols, and trust management—particularly in multi-domain, multi-vendor environments. The communication layer often leverages standardized encryption protocols such as IPsec or TLS, utilizing QKD-generated keys without altering existing data transmission frameworks. Together, this layered design distributes responsibility across the stack, making QKD more adaptable to classical networking paradigms.
Overlay networks have become a strategic enabler of scalable QKD deployment. By encapsulating QKD over IP, they allow peer-to-peer node connections across domains and bypass untrusted nodes or congested routes. This hop-by-hop, multipath approach supports rapid rerouting and resilience in case of link degradation or compromise, increasing both security and performance. Studies suggest that overlay architectures can leverage existing ISP routes while providing at least four disjoint paths in most cases—enhancing redundancy and flexibility, essential for mission-critical sectors.
One prominent design is the switched QKD network, which uses an optical switching fabric to dynamically establish point-to-point quantum channels between any two nodes. These networks require dedicated optical infrastructure, which restricts scalability and affordability, especially in wide-area deployments. While switches offer flexibility and reduce reliance on intermediate nodes, they also introduce optical losses—several decibels per switch—which can severely degrade signal quality and limit range. Moreover, this architecture struggles to accommodate hybrid QKD schemes (e.g., free-space and fiber QKD), as there are currently no practical devices capable of translating quantum signals across different media within the same path. Nonetheless, the ability to connect endpoints without involving the entire network makes switched QKD attractive for high-performance, low-latency applications in metropolitan areas.
In contrast, trusted repeater QKD networks extend reach by connecting nodes in a chain, where each link independently performs QKD to generate symmetric keys. Keys are relayed through secure nodes that store and forward them, requiring strict node-level trust and security policies. While this model is vulnerable to node compromise, it has the advantage of being technology-agnostic—allowing integration of different QKD systems across the network. Trusted repeater networks also scale more easily in terms of distance and number of nodes, making them suitable for large-scale national or cross-border deployments, such as China’s 2,000-km quantum backbone. As quantum repeaters and entanglement swapping remain technologically immature, trusted repeater architectures currently provide the most practical framework for building global QKD infrastructure—albeit with trade-offs in trust and centralization.
Scalable Topologies
| Network Type | Range | Key Innovation | Limitation |
|---|---|---|---|
| Switched LAN/MAN | <50 km | Optical switches for direct node links | Dedicated fiber required |
| Trusted Repeater | Global | Hop-by-hop key relaying | Security depends on node trust |
| Satellite Mesh | Intercontinental | Low-Earth orbit (LEO) key distribution | Weather/visibility constraints |
Table: Evolving QKD network paradigms. Trusted repeaters dominate long-haul, while satellite gains traction
The Role of Optical Multiplexing in QKD Integration
A fundamental barrier to early QKD adoption was the need for dedicated fiber optic cables, often referred to as “dark fiber,” which significantly increased deployment costs. The advent of advanced optical multiplexing techniques has revolutionized this aspect by allowing quantum and classical signals to share the same fiber infrastructure.
Wavelength Division Multiplexing (WDM) has emerged as one of the most effective approaches. By assigning quantum key traffic to a specific wavelength band—typically the C-band between 1530 and 1565 nm—and classical data to another, such as the O-band between 1260 and 1360 nm, interference is minimized and signal integrity is maintained. This spectral separation enables robust key distribution without degrading data throughput. In fact, Toshiba and KDDI’s 2025 demonstration successfully transmitted 33.4 terabits per second of data along with QKD keys over an 80-kilometer fiber link, showcasing the feasibility of multiplexed QKD on commercial infrastructure.
Time-division and polarization multiplexing techniques are also contributing to this progress by using distinct temporal or polarization characteristics to separate quantum signals from classical ones. These innovations are vital for metro and long-haul networks where physical infrastructure is often shared among multiple services.
Breaking the Fiber Barrier
Recent achievements in fiber-based QKD show significant potential for mainstream adoption. Toshiba and KDDI, for example, demonstrated a breakthrough by combining QKD with classical communication over the same fiber using multiplexing. By separating quantum keys into the C-band (1530–1565 nm) and classical data into the O-band (1260–1360 nm), they achieved a 3× increase in throughput over an 80 km fiber span. This development removes the need for dedicated quantum fibers, dramatically lowering the cost for commercial and data center deployments. Meanwhile, researchers at the University of Chicago enhanced atom-photon entanglement processes to deliver QKD rates up to 50 Mbps—an essential threshold for real-time, high-security applications like battlefield communications and secure voting.
Hybrid Transmission: Bridging Classical and Quantum Domains Without Multiplexing
A major milestone in unifying the quantum and conventional internets has recently been achieved by researchers at Leibniz University Hannover. Traditionally, integrating quantum and classical signals over a single optical fiber required spectral multiplexing—assigning different wavelengths to different types of data to avoid interference. However, the Hannover team has pioneered a more resource-efficient method by transmitting quantum-entangled photons and classical laser pulses of the same wavelength through a single fiber without relying on wavelength-division multiplexing. This breakthrough eliminates the need to allocate separate color channels for quantum signals, vastly improving the spectral efficiency of quantum networks.
The team achieved this feat using a novel transmitter-receiver architecture that employs the serrodyne technique, which uses high-speed electro-optical modulation to apply a linear phase ramp to laser pulses. This causes the classical signal to undergo a frequency shift, while the entangled photons remain unaffected—effectively allowing temporal separation of quantum and classical data streams sharing the same color. Remarkably, the integrity of quantum entanglement was preserved even as photons traveled alongside high-intensity classical pulses. The result is a new method that allows full color-channel utilization in optical fibers, making room for both secure quantum key distribution and conventional high-speed data traffic in a hybrid network.
This advancement represents a critical step toward the realization of a global quantum internet that coexists seamlessly with today’s classical infrastructure. By enabling shared-spectrum coexistence within optical fibers, the method not only conserves bandwidth but also simplifies the deployment of future-ready quantum-secure networks without overhauling current telecom infrastructure. As researcher Michael Kues noted, this work brings us closer to integrating quantum and classical communication technologies in a unified framework—heralding a new era of hybrid internet architecture that is both secure and scalable.
Software-Defined Networking: Dynamic Control for Quantum Communications
While multiplexing solves the physical layer challenge, the management of QKD at scale requires a sophisticated control plane. This is where Software-Defined Networking (SDN) enters the equation. SDN decouples the control plane from the data plane, enabling centralized network intelligence, programmability, and real-time optimization. Applying SDN principles to QKD allows for streamlined integration, management, and dynamic reconfiguration of both classical and quantum resources.
In the context of QKD, SDN enables real-time orchestration of quantum key exchanges. Network controllers can route quantum keys based on link conditions, buffer availability, and application requirements. They can also reroute keys when a link degrades or fails, ensuring uninterrupted service. Telefónica’s QKD deployment in Madrid exemplifies this approach. Their SDN-based architecture allowed QKD devices to integrate seamlessly into the existing optical transport network, much like traditional routers or switches. This model not only streamlines operations but also paves the way for automated, scalable quantum networks.
In a typical SDN-enabled QKD architecture, the system is abstracted into several coordinated layers: an optical layer for classical switching, a QKD layer for secure key generation via trusted nodes, a control layer governed by an SDN controller, and an application layer representing end-user services. The SDN controller acts as the brain of the network, collecting real-time data on network conditions, quantum channel parameters, and application requirements via standardized southbound (device-level) and northbound (application-level) interfaces. This allows QKD devices to export their requirements—such as maximum tolerable loss or noise thresholds—so the controller can allocate optimal paths with desired optical characteristics. The concept of a unified Path Computation Engine (PCE) ensures that classical and quantum channels are jointly optimized, accounting for constraints like channel crosstalk, attenuation, and spectral efficiency.
Field trials continue to validate the practicality of these architectures in real-world telecom settings. A notable demonstration by Telefónica, Huawei, and UPM showcased the integration of software-defined networking (SDN) and continuous-variable (CV) QKD over a live commercial optical network in Madrid. These trials emphasized not only the potential of deploying quantum communication incrementally—without overhauling infrastructure—but also the utility of SDN/NFV for dynamic path control and automated key management. CV-QKD, which avoids the need for bulky cryogenic detectors, further illustrates the push toward compatibility with classical coherent optical technologies and reduced operational complexity. As network programmability becomes the norm, the convergence of quantum and classical domains promises scalable, secure, and cost-effective communication infrastructures fit for the post-quantum era.
Moreover, recent advances show how machine learning (ML) can augment SDN by enhancing the automation and intelligence of QKD network operations. ML algorithms have been used to predict optimal configurations for hybrid quantum-classical channels based on traffic patterns, channel spacing, and power levels. In QKD systems, ML-based parameter tuning—such as optimal intensity levels and transmission probabilities—can substantially improve key rates while minimizing the need for manual intervention. These capabilities significantly reduce operational complexity and cost, accelerating commercial readiness of QKD deployments, including for emerging applications in 5G, IoT, and critical infrastructure.
Further reinforcing this approach is the Network-Centric Quantum Communications (NQC) model, developed by Los Alamos National Laboratory. NQC leverages centralized BB84-type links between a server and client nodes to manage quantum keys across the network. A robust Quantum Key Management (QKM) layer is then constructed atop the physical quantum links, providing secure services—such as authentication, non-repudiation, and confidentiality—at the application level. Similarly, projects like SwissQuantum aim to implement layered QKD frameworks, where intelligent SDN controllers and key management entities coordinate quantum key routing across mesh topologies. Together, these advances mark a decisive shift from static, point-to-point QKD to dynamic, scalable, and intelligent quantum-secure networks—a prerequisite for a true global quantum internet.
Transport Protocols for Quantum-Classical Compatibility
Traditional internet protocols were not designed to handle quantum traffic. Quantum key exchanges are sensitive to packet loss, delay, and jitter, and they rely on probabilistic principles that differ fundamentally from classical data transmission. To bridge this gap, researchers are developing new transport protocols that are compatible with both quantum and classical networks.
Quantum network layers are being tailored to support key negotiation, relay authentication, and error correction in real-time. These protocols allow the seamless transmission of quantum keys while coordinating with higher-layer encryption services like IPsec and TLS. Equally important is the emergence of key management systems (KMS) capable of authenticating and allocating quantum keys to end-user applications. Toshiba’s FPGA-accelerated key reconciliation system is one such solution, reducing key processing latency by 40% and improving network responsiveness.
Extending Reach Through Trusted Nodes and Quantum Repeaters
QKD is fundamentally limited by transmission loss in optical fiber, typically restricting direct quantum communication to distances under 150 kilometers. To extend beyond this range, two architectural solutions are being explored: trusted node relays and quantum repeaters.
Trusted nodes act as intermediaries, decrypting and re-encrypting quantum keys before forwarding them to the next hop. While this approach enables long-distance key distribution, it requires that each intermediate node be physically secure and trusted—creating a potential vulnerability.
The more secure alternative is the quantum repeater. These devices enable entanglement swapping and quantum memory storage to extend quantum communication distances without breaking the end-to-end quantum link. Current research at institutions like Fermilab is advancing spin-qubit memory technologies that may overcome the fiber barrier by 2027, setting the stage for truly secure, global QKD networks without reliance on trusted nodes.
Satellite QKD: Bridging Global Distances
Fiber networks, even with repeaters, cannot cross oceans or reach remote regions economically. This is where satellite-based QKD provides a compelling solution. Low Earth Orbit (LEO) satellites can establish line-of-sight quantum links with ground stations across continents, enabling key distribution over thousands of kilometers.
China’s Micius satellite has already demonstrated successful quantum transmissions over 1,200 kilometers. More recently, researchers at Heriot-Watt University developed techniques such as time-phase encoding and polarization filtering to overcome the limitations of daytime operation—expanding satellite QKD availability by several hours per day. Future missions, including Canada’s QEYSSat and the European Union’s SPOQC, aim to provide 24/7 global quantum key coverage through constellations of QKD satellites.
Now, the space-based QKD race is expanding to commercial and intergovernmental efforts. Companies like SealSQ plan to deploy a six-satellite constellation by the end of 2025 to enable quantum-secure intercontinental key exchanges. Europe is also stepping forward through the European Space Agency’s EAGLE-1 mission, which will demonstrate intra-European QKD via satellite. Driven by defense and finance, the space-based QKD market is expected to double—from $500 million in 2025 to $1.1 billion by 2030.
Quantum-Secured Networks to Safeguard Global Fiber-Optic Infrastructure
The global economy hinges on a vast network of undersea and terrestrial fiber-optic cables that form the backbone of modern communication. Yet these cables, while physically robust, are increasingly vulnerable to covert surveillance and cyber exploitation. Adversaries—ranging from cybercriminals to state-sponsored actors—can siphon data from optical fibers by bending the cable and extracting a minuscule portion of the transmitted light, often without triggering any alarms. As Jonathan Legh-Smith of BT Group notes, even extracting just 1% of the signal typically remains undetectable using conventional security tools. However, quantum key distribution (QKD) offers a transformative capability: the ability to detect even the most subtle disturbances in quantum-encrypted transmissions, thereby flagging unauthorized access attempts with unprecedented precision.
The vulnerabilities of optical communication infrastructure are not hypothetical—they’ve shaped history. From the U.S. Navy’s Cold War-era Operation Ivy Bells, which tapped Soviet submarine cables, to more recent revelations by Edward Snowden about large-scale fiber-optic surveillance under programs like MUSCULAR, the strategic value of tapping into global data streams is well established. To counter such threats in the quantum age, telecom operators like BT are pioneering QKD deployments. In collaboration with Toshiba, BT conducted successful field trials as early as 2015, demonstrating real-time encryption using quantum keys over standard fiber-optic lines. The challenge now lies in scaling down the hardware and making QKD cost-effective and compact enough to integrate across existing networks.
The initial commercial rollout of quantum-secure infrastructure is likely to focus on high-stakes sectors such as finance and healthcare, where data confidentiality is paramount. These early adopters are well positioned to benefit from QKD’s core promise: continuous, real-time intrusion detection and key refresh mechanisms that leverage quantum mechanics to ensure absolute secrecy. As Legh-Smith emphasizes, the long-term goal is not merely to demonstrate the science but to integrate quantum encryption seamlessly into everyday telecommunications services—thereby fortifying national infrastructure against both current and future cyber threats.
The Road to 2030: Critical Milestones
Several disruptive developments will define the trajectory of quantum-secured communications by the end of the decade. Argonne National Laboratory’s terahertz spintronic spectroscopy is enabling ultra-sensitive mapping of quantum materials, advancing quantum repeater design for error-corrected, long-distance relays.
Telefónica’s early trials of QKD-5G integration point toward quantum-secured Internet of Things (IoT) applications, essential for smart grid infrastructure. First, quantum repeaters will be key to overcoming the 500 km fiber limit. Fermilab’s research into spin-qubit quantum memories may enable entanglement swapping between distant nodes without requiring trusted intermediaries. This development is expected by 2027.
Third, hybrid cryptography is becoming the default strategy. While QKD handles key exchange, post-quantum cryptographic algorithms like ML-KEM—recently standardized by NIST—will secure the actual data payload. Financial giants like JPMorgan Chase have already adopted this dual approach in production environments.
Fourth, affordability remains a challenge. Current satellite QKD missions cost upwards of $50 million each. For mass-market adoption, these costs must drop below $5 million—a target that private aerospace and photonics firms are actively pursuing.
Meanwhile, NIST’s 2028 deadline for enterprise-wide PQC migration will drive the adoption of crypto-agile hardware security modules (HSMs) and resilient public key infrastructure (PKI) platforms.
Achieving Interoperability Through Standards
Lastly, global standardization is critical. ETSI and IEEE are finalizing API and interoperability protocols to ensure that QKD devices from different vendors can communicate, paving the way for truly global, quantum-secure networks by 2026.
As with any large-scale network deployment, interoperability across devices and vendors is critical. Standardization efforts led by organizations like the European Telecommunications Standards Institute (ETSI), the International Telecommunication Union (ITU), and the IEEE are ensuring that QKD systems can function cohesively across a global infrastructure.
These bodies are developing comprehensive guidelines for QKD interface specifications, device authentication, and network API design. This standardization enables modular upgrades, simplifies network integration, and guarantees security performance across hybrid quantum-classical systems.
Conclusion: Laying the Foundations of a Quantum-Safe Internet
The integration of quantum cryptography into commercial optical networks marks a turning point in digital security. Innovations in optical multiplexing have eliminated the need for dedicated fibers, while SDN and quantum-aware protocols provide the flexibility and scalability required for modern communications. Architectures employing trusted nodes and, eventually, quantum repeaters, will enable end-to-end quantum security across continents. Satellite QKD complements terrestrial networks by extending secure coverage to remote or underserved regions.
These developments are not theoretical. They are being actively demonstrated and deployed today, with real-world trials showing that QKD can be integrated into existing telecom infrastructure without disrupting service quality or reliability. As quantum computers become more capable, the networks that form the backbone of our digital lives must evolve in parallel. The fusion of classical networking technologies with quantum cryptography is not just a response to a looming threat—it is the beginning of a new era of secure, global communications.
References and Resources also include:
http://www.italtel.com/focus-integration-of-classic-cryptography-with-qkd/
