Adversaries can harvest encrypted traffic today and decrypt later once advanced computing resources (including quantum computers) are made available. A quantum network that enables Quantum Secure Communications is an effective way to eliminate this exposure, now and into the future. This method keeps today’s secure communications foundations, but fundamentally changes how keys are made.
Keep Your Network Infrastructure, Change How You Deliver Keys
TLS, MACsec, IPsec, and encryptors / decryptors are common building blocks in today’s communications networks. Certain cryptographic methods, such as RSA and Diffie-Hellman, have served us for decades with minor changes. However, with more advanced threats on the horizon, the time to retire these increasingly vulnerable protocols is near. The National Institute of Standards and Technology (NIST) has set deadlines for deprecating these and other legacy encryption algorithms by 2030, with full phase-out by 2035.
Entanglement-based quantum networks secure your network communications by changing how symmetric keys are generated: by using quantum entanglement and relying on the fundamental nature of physics for security, rather than how difficult a math problem is to crack.
Pictured above is the classical network (blue), with an underlying quantum network (red) integrated into the classical network. At a high level, the process for generating these secret keys using a quantum network has several steps:
- Entangled photons are generated and distributed between Site A and Site B by the quantum network over optical fiber and/or free space / satellites
- Site A and B do local measurements of the entanglements to produce a secure secret key
- Keys are delivered to classical network devices (e.g. routers, switches, transceivers) via a SKIP/ ETSI 014/ SNMP interface at Site A and Site B with integration at multiple layers and are ready to be used.
Much of the classical network operation is the same, but the key generation is much more robust and secure. For example, instead of using Diffie-Hellman (DH) to agree on a secret key, an entanglement-based quantum network generates a truly random key at both ends simultaneously, then hands it up to the encryptor. No secret key ever traverses the network. Even if entangled photons are intercepted by an adversary in an attempt to steal the key or hijack the key establishment, this can be detected almost immediately before any sensitive data is sent using the compromised channel or key.
Building and Running Entanglement-based Quantum Networks
To deliver commercial applications (top of the chart pictured below) such as quantum secure key generation at scale, organizations need quantum hardware (at the base of the chart shown below) to generate and detect quantum states and full-stack quantum network software to manage and control the hardware, and to coordinate services. 
Modern quantum network deployments use software to drive quantum network operations and ensure smooth, vendor-agnostic operations between hardware components. There are three core software elements that help organizations design, build, run, and manage their quantum networks:
#1 A physics-accurate quantum network simulator.
A quantum network simulator is essential for testing and iterating on your network design. A quantum network simulator can help you identify which components will be best suited to your specific network needs. A capable quantum network simulator should model protocols as well the underlying physics (eg - fiber loss/dispersion, laser characteristics, detector behavior) so performance can be accurately predicted well in advance of procuring any expensive hardware. The quantum network will be able to operate largely on your existing network fiber. Given the distances and fiber properties you already know, you can predict the key rate that a variety of hardware configurations would provide. Predicting the key performance metrics accurately de-risks your quantum network deployment before you build. As you expand and upgrade your network, a quantum network simulator can help you achieve the best outcomes.
#2 An SDN-style orchestrator.
An orchestrator is the part of the quantum networking stack that manages the hardware. It establishes any APIs that the applications layer can connect through, enabling secure communication between defined endpoints, with a defined key rate over a specified amount of time. An orchestrator maintains a queue of these requests. An SDN-style orchestrator provides a unified application to leverage automated network operations. It allows a network operator to manage services, route entanglement, coordinate hardware across the network, and also to track the health of the network (QBER, secret key rates, entanglement fidelity, etc).
#3 A real-time operating system (OS).
A real-time operating system operates on each node of the network, acting as the low-level control brain for the quantum hardware stack. The OS controls and monitors the individual hardware components, executes adaptive protocols, and enables sub-nanosecond messaging that quantum hardware requires to function.
Entanglement-based quantum networks can be integrated with existing network infrastructure. Keep your existing routers, firewalls, VPNs, and encryptors, change how secret keys are generated and delivered. An entanglement-based quantum network provides secret keys to the gear you already use, over standard interfaces so you can harden MACsec, IPsec, and TLS links across VPNs, firewalls, and routers.
For more details on this topic please see our on-demand webinar, Building Unhackable Communications with Quantum Networks.
