Quantum Key Distribution Networks

Updated 11 March 2026

Quantum Key Distribution (QKD) networks are engineered infrastructures that use quantum mechanics to securely distribute keys across metropolitan, long-haul, and satellite links.
They integrate various architectures such as trusted-repeater chains, MDI designs, and hybrid fiber/FSO systems to meet diverse user demands and physical constraints.
Robust physical-layer technologies, dynamic key management, and advanced routing protocols ensure scalable, high-rate secure communications in complex network topologies.

Quantum Key Distribution (QKD) networks are engineered infrastructures that extend the information-theoretic security of quantum key distribution beyond point-to-point links, enabling long-distance, high-rate, multi-user, and application-integrated secure key agreement across diverse topologies and physical substrates. QKD networks encompass a hierarchy of architectures—from trusted-repeater chains on terrestrial fiber to satellite-based global backbones, and from metropolitan hybrid fiber/FSO testbeds to advanced star-type and measurement-device-independent constructions—all governed by rigorous physical-layer security, advanced key management, optimized routing, and resource-constrained system design.

1. Network Architectures and Topological Models

QKD networks are structured according to deployment scale, user demands, and physical constraints. Four canonical segments are typically recognized: access (<100 km, P2MP tree/star), metro (100–1000 km, ring/mesh), long-haul (1000–5000 km, chain/P2P with trusted relays), and transoceanic (>5000 km, satellite-enabled) (Wang et al., 2020).

Trusted-repeater networks dominate current practical deployments, where QKD links of span ℓ (max ≈100 km per hop on standard SMF) are concatenated via secure, physically protected "trusted nodes" that relay keys using hop-by-hop OTP encryption and information-theoretic (ITS) authentication (&&&1&&&). The SECOQC and Tokyo Ring prototypes exemplify this approach, using multi-hop, mesh, or ring fiber overlays with multi-path key combining, and distributed key management agents (KMAs) at each node (0904.4072, Sasaki et al., 2011).

Metropolitan mesh and ad-hoc topologies blend permanently installed fiber backbones, portable FSO nodes, and hybrid trusted/untrusted intermediate switches. In such settings, forward error correction, privacy amplification, buffer management, and dynamic routing are incorporated to guarantee key delivery regardless of link state or topology changes (Goy et al., 2024).

Quantum access networks leverage point-to-multipoint upstream architectures, where multiple user-side transmitters (Alices) share a central detector (Bob) via TDM/WDM, enabling scalable multi-user QKD with minimized per-user hardware (Fröhlich et al., 2013). These architectures underpin last-mile deployments within PON/GPON infrastructures.

Measurement-device-independent (MDI) and Twin-Field (TF) QKD networks introduce untrusted centralized nodes, allowing full mesh or star-type topologies with simultaneous secure key sharing for arbitrary user pairs without trust assumptions on measurement sites (Yan et al., 17 Feb 2025, Huang et al., 21 Apr 2025). Recent demonstrations using optical frequency combs as channel sources have realized secure key rates three orders of magnitude higher than entanglement-based QNs at similar link loss (Yan et al., 17 Feb 2025).

Global QKD overlays terrestrial trusted-relay and star/ring metro meshes with satellite QKD downlinks for seamless long-haul and transoceanic coverage. The deployment of LEO satellites equipped with high-rate SPDC sources and adaptive optics enables key distribution at national scale (e.g., over the Iberian Peninsula) with multi-site ground stations and application layer integration (Tubío et al., 14 Oct 2025).

2. Physical-Layer Technologies and Performance Modeling

QKD networks leverage fiber, free-space optics, and satellite channels, each characterized by distinct loss mechanics and noise sources:

Fiber QKD: Channel loss follows η(L) = 10^–αL/10, typically α ≈ 0.2 dB/km. Practical links are limited to ≲100 km per hop without relays, with secure key rates R(d) ∝ η(d), decaying exponentially with distance (Wang et al., 2020). Co-propagation with classical Tb/s traffic requires wide quantum–classical spectral separation (e.g., ≥150 nm), aggressive filtering (e.g., 20 GHz FBG), and large-Aeff fibers to mitigate spontaneous Raman scattering and preserve QBER<4% even at +21 dBm classical launch power in backbone settings (Mao et al., 2017).
Free-space and FSO QKD: Geometrical losses, atmospheric absorption (η_atm = e^{–βL/ cos θ}), and pointing errors dominate; link availability is ≈92% in urban deployments, limited primarily by weather (Goy et al., 2024).
Satellite QKD: Downlink path loss is typically 20–30 dB (LEO at 400–800 km), with performance governed by Gaussian beam propagation, pointing jitter, atmospheric attenuation, and AO coupling. Key rates are maximized by optimizing transmitter beam waist for jitter and truncation, and can meet real-world use cases such as hospital VPN key renewal (Tubío et al., 14 Oct 2025).

QKD protocol choice (decoy-state BB84, SARG04, DPS-QKD, TF-QKD, MDI-QKD) dictates signal format, intensities, error bounds, and post-processing algorithms. Core key-rate expressions take the unified form:

$R_{\text{sec}} \ge Q_1[1 - H_2(e_1)] - Q_\mu f(E_\mu) H_2(E_\mu)$

with quantities defined for the given channel and protocol (Mao et al., 2017, Fröhlich et al., 2013, Huang et al., 21 Apr 2025). For high-loss settings, rate decay is quadratic (R ∝ η), and advanced schemes (TF-QKD, MDI-QKD) surpass the repeaterless PLOB bound (Huang et al., 21 Apr 2025).

3. Key Management, Life Cycle, and Routing

Key management in QKD networks serves to buffer, format, authenticate, distribute, and replenish quantum keys between generation and cryptographic application layers (Dervisevic et al., 2024). The core stages include:

Generation and Pooling: Raw detection events are sifted, error-corrected, privacy-amplified, and accumulated in per-link or session FIFO buffers.
Reformatting and Distribution: Keys may be split/merged to match app-layer demands; hop-by-hop relay, XOR-tree, or central-XOR strategies are used for multi-path privacy (0904.4072).
Routing: Secure key delivery is modeled as a multi-commodity flow problem with per-link capacities; SDN control and real-time reservation maximize service-level compliance (Wang et al., 2020, Dervisevic et al., 2024).
Key-Usage Policies: On-demand (GET_KEY) and reservation-based (OPEN_CONNECT) models are supported; session-based vs. shared storage tradeoff underutilization for availability.

End-to-end security is enforced via universal-hash-based MACs, multi-path parity checks, and deterministic privacy amplification, bounding information leakage by explicit composability theorems (e.g., ε_total ≤ 2^{–m} + 2ℓ·p_im + 2ε) (0904.4072). Key refresh and disposal mechanisms maintain forward secrecy and limit buffer exposure.

Routing algorithms in QKD networks must be key-aware: QOLSR uses a path metric based on key-recovery capability,

$\gamma_P(i) = \min_{(u,v) \in P} \frac{C_{(u,v)} - \text{consumption}}{MAX - \text{Cur}_{(u,v)}(i)}$

where $C_{(u,v)}$ is key-generation rate and $MAX$ is buffer size, to maximize quantum key utilization and minimize route flapping (Yao et al., 2022).

4. Security Frameworks and Trust Models

QKD networks rely on explicit trust models:

Fully Trusted Repeaters: All intermediate nodes are physically secured; compromise of one grants access to all relayed keys. End-to-end privacy is guaranteed if at least one path is honest, formally analyzed by multi-path XOR combining and authentication protocols (0904.4072).
Partially/Weakly Trusted Repeaters (WTRs): Security is enforced by network coding; a secret is split across $ℓ+1$ independent paths, so an adversary must compromise all $ℓ+1$ repeaters to recover it (Elkouss et al., 2013). Linear coding (e.g., $X_1 = M + K$ , $X_2 = K$ ) guarantees that each individual repeater sees zero information; decoding requires all shares.
Untrusted Relays/MDI Networks: Fully measurement-device-independent architectures allow central nodes to be completely untrusted. Security derives from the structure of the protocol (e.g., Bell-state measurements in MDI-QKD, twin-field interference in TF-QKD), with no trusted devices aside from the users’ own transmitters (Huang et al., 21 Apr 2025, Yan et al., 17 Feb 2025).

Security proofs universally accommodate quantum and classical channel adversaries, up to bounded collusion among nodes, and invoke the full composability machinery (trace distance, ε-privacy). For metropolitan mesh networks, worst-case adversarial models include collective attacks on quantum channels, malicious switch control, and full-access to classical post-processing infrastructure (Goy et al., 2024).

5. Resource Efficiency, Cost Optimization, and Scalability

Scaling QKD networks requires explicit tradeoffs among reach, cost, throughput, and hardware complexity:

Trusted-repeater deployment: Analytical models optimize node density, link span, and backbone topology to minimize per-bit cost. For fiber-based hardware, the optimal hop length is $\ell_{\text{opt}} \approx \lambda_{\text{QKD}}$ ( $\sim$ 20 km for SMF systems), with node density $\sim1/(20 \text{ km})^2$ and hierarchical backbone preferred at high user density (0903.0839).
Switch-based and detector-sharing architectures: Optical switches and multiplexed detection strategies lower CAPEX by up to 28% with negligible throughput loss, especially when some links are bottlenecked (Tayduganov et al., 2021, Fröhlich et al., 2013). WDM/TDM enables shared detection among up to 64 users with only a minor penalty in QBER and key rate.
Component innovation: Integrated photonics (PICs, EICs) allow rack-scale, stable, multi-day operation in metro networks, with key rates >5 kbps over 5–10 km, and viable extension to >100 km given improved detector cooling (Pereira et al., 19 Feb 2026).
Metropolitan and backbone coexistence with classical data: In backbone fiber, decoy-state BB84 at 1310 nm, deep notch filtering (20 GHz), and large-Aeff fibers enable 3.6 Tbps classical data coexistence with QKD at 4–5 kbps over 66 km, marking the practical route to QKD-classical integration (Mao et al., 2017).
Full-mesh, MDI, and TF-QKD networks: Hardware overhead is minimal (O(1) comb source, O(N) BSM modules), and parallel key-sharing is possible with per-pair rates >250 bps at 30 dB (MDI, (Yan et al., 17 Feb 2025)) or 208.9 bps at 20 dB (TF-QKD, 32-user, (Huang et al., 21 Apr 2025)).

Cost optimization further requires real-time key-pool monitoring, integration with KMS/QKD APIs (ETSI, ITU-T Y.3803), and automatic resource allocation to guarantee service for mission-critical flows (Dervisevic et al., 2024).

6. Multiparty and Advanced Quantum Networking

Moving beyond pairwise QKD, multiparty entanglement and dynamic network strategies are being developed:

Efficient multiparty QKD employs network subgraph packing (stars or Steiner trees) for N users, optimizing key rates under physical and fusion constraints. The per-GHZ-state asymptotic key rate is

$r = 1 - H(Q_X) - \max_{i=1,\ldots,N-1} H(Q_{A,B_i}),$

with explicit formulas for QBER as functions of underlying Bell-state fidelities and fusion probabilities (Oslovich et al., 2024). Dynamic rerouting and multi-tree packing yield up to 200% throughput gains over static scheduling, with scalability demonstrated in grids and random networks.

Hybrid repeater/trusted-node architectures use short-lived quantum memories at repeaters with optimal placement of a limited number of trusted nodes. Dynamic routing, segmenting, and advantage distillation significantly enhance key rates, especially in asymmetric or high-noise settings (Amer et al., 2022).
Key management and service integration: Next-generation networks require fast, reliable, and secure interfaces between quantum hardware, network buffer management, and cryptographic service endpoints, often in tandem with PQC components for hybrid security (Dervisevic et al., 2024).

7. Real-World Deployments and Practical Guidelines

Field demonstrations validate QKD networks under operational and environmental constraints:

Coexistence in underground, commercial fibers: Multi-node QKD rings using bidirectional dark fiber, wavelength-multiplexed classical channels, and trusted-node relaying have achieved stable 2.4 kbps secure key rates over 40 km, demonstrating compatibility with live adjacent traffic and 100% uptime over 5-day trials (Minder et al., 2 Dec 2025).
Metropolitan hybrid networks: Fiber + FSO ad-hoc networks enable link reconfiguration within minutes and key rates >1 Mbps over FSO in urban LOS links, resilient to fiber outages (Goy et al., 2024).
Broadband WDM QKD: Simultaneous O- and C-band operation with shared, low-complexity receivers supports up to 66% reduction in hardware at the central node, meeting QBER targets <2% over deployed fiber (Scalcon et al., 15 Jul 2025).
Backbone integration: Key deployment guidelines include allocation of quantum channels outside the C-band, strict filtering, large-Aeff fibers where possible, real-time QBER monitoring and launch-power adaptation, as well as integrated KMS and network control (Mao et al., 2017).

Designers are advised to:

Favor short QKD hops (~20 km), high node density, and backbone hierarchies for urban/metropolitan applications;
Use hybrid, key-aware routing for efficient key utilization and rapid recovery from link depletion;
Employ advanced hardware (integrated photonics, SNSPDs, frequency combs) for high throughput and reliability;
Ensure complete decoupling of quantum and classical channels where high-power data is carried;
Transition to untrusted-node/MDI or multipath-WTR architectures for security beyond the trusted-relay model as technology matures.

Field deployments have proven technical feasibility, stability, and reliability, underpinning the emergence of QKD networks as viable information-theoretic security infrastructures for modern telecommunication and critical national applications.