Abstract: Systems and methods for conducting composable quantum oblivious transfer over noisy quantum channels are disclosed. Embodiments provide a method for constructing a quantum oblivious transfer (QOT) protocol using noisy quantum channels and devices through the use of a quantum-hard one-way function. This construction allows the construction of QOT protocols that achieve simulator security, allowing them to be used in a black-box fashion as part of other cryptographic constructions, including arbitrary secure multiparty computations.

Abstract: Systems and methods for high-performance quantum-safe key management are disclosed. A method may include: (1) receiving, by a client service router, a client request for an operation involving a key from a client computer program; (2) authenticating, by the client service router and using a credentials operations service, the client request; (3) verifying, by the client service router and using a credentials operating service, permission for the client request; (4) routing, by the client service router, the request to a cryptoprocessor, wherein the cryptoprocessor is configured to execute the operation; (5) receiving, by the client service router, a result of the execution of the operation from the cryptoprocessor; and (6) returning, by the client service router, the result to the client computer program.

Abstract: A first verifier and second verifier may share a secret string, a first and second random input; may generate a challenge according to a certified randomness protocol and may encrypt the challenge using a keyed cryptographic hash function. The first verifier may send the encrypted challenge, the first random input, and the random hash key to a prover. The second verifier may send second random input to the prover. The prover may decrypt the encrypted challenge and may execute a random quantum computation based on the certified randomness protocol and the challenge and may send a result of the random quantum computation to both the first verifier and the second verifier. The first and second verifiers may determine the results were received within a time threshold, may compare the results to ensure that they match, and may determine the result passes the certified randomness protocol.

Abstract: Systems and methods for bridging gaps in cryptographic secret distribution using line-of-sight-secured networks are disclosed. In one embodiment, a system may include: a first physical location providing a cryptographic secret; a second physical location comprising a space-based vehicle transceiver that receives the cryptographic secret from the first physical location over a secure communication channel; a space-based vehicle that receives the cryptographic secret from the second physical location over a first line-of-sight communication channel; and a third physical location that receives the cryptographic secret from the space-based vehicle over a second line-of-sight communication channel, encrypts data with the cryptographic secret, and communicates the encrypted data to the first physical location over a communication network; wherein the first physical location receives the encrypted data and decrypts the encrypted data using the cryptographic secret.

Abstract: A method may include: receiving, by a webserver computer program, shared key material shared with a client application; receiving from a browser, a request for a secure connection; establishing a session with the browser over a first secure connection; establishing a shared secret key with the browser, wherein the browser creates a browser secret key encrypted with the shared secret key, encrypts the browser secret key with the shared secret key, and provides the browser secret key encrypted with the shared secret key and session information the client application over a second secure connection that is protected with the shared key material; decrypting the browser secret key encrypted with the shared secret key using the shared secret key; identifying the session with the browser from the session information; and establishing, end-to-end encryption on top of the second secure connection using the browser secret key or a derivation thereof.

Abstract: A method may include: (1) receiving, at a quantum key distribution node in a network of a plurality of quantum key distribution nodes, a quantum key; (2) distributing, by the quantum key distribution node, the quantum key to the other quantum key distribution nodes over a subset of the direct connections; (3) communicating, by one of the plurality of quantum key distribution nodes, the quantum key to a central key management service node, wherein the central key management service node is hardwired to the quantum key distribution node; (4) communicating, by the central key management service node, the quantum key to a secondary key management service node; (5) communicating, by the secondary key management service node, the quantum key to a last mile device; and (6) using, by the last mile device, the quantum key to encrypt or decrypt data.

Abstract: A method may include: receiving, by a smart contract, a request for a random number and a randomness seed from a user; deploying the request as a transaction that is written on a first block in the decentralized ledger; generating, by an oracle, a plurality of pseudorandom quantum circuits using the randomness seed; providing the plurality of pseudorandom quantum circuits to a quantum randomness source, wherein the quantum randomness source executes the quantum circuits and returns a sequence of random bits to the oracle; writing the sequence of random bits to a new block in the decentralized ledger; hashing the sequence of random bits and a block hash for the new block; and returning the hash of the sequence of random bits and the block hash to the user computer program, wherein the user consumes hash of the sequence of random bits and the block hash.

Abstract: A method may include: generating, by a plurality of auditor computer programs and a data curator computer program, a first random string using a first distributed randomness protocol; sending the first random string to a quantum party computer program; executing, by the quantum party computer program, a certified randomness protocol with a quantum randomness source using the first random string; receiving, from the quantum randomness source, a first quantum randomness; generating, by the auditor computer programs and the data curator computer program, a second random string using a second distributed randomness protocol; extracting, by the data curator computer program and using a randomness extractor, a second quantum randomness from the first quantum randomness using the second random string, wherein the second quantum randomness comprises a near-uniformly random string; and executing, by the data curator computer program, a differential privacy protocol using the second quantum randomness as additive noise

Abstract: A method may include: selecting, by a plurality of classical parties, each of the classical parties using a classical party computer program, a distributed randomness protocol; generating, by the plurality of classical parties, a random string using the selected distributed randomness protocol; providing, by one of the classical parties, the random string to a quantum party, wherein the quantum party executes a quantum party computer program in communication with a quantum randomness source; executing, by the quantum party, a certified randomness protocol with the quantum randomness source using the random string as an input; receiving, by the quantum party, quantum randomness comprising a sequence of random bits from the quantum randomness source; and verifying, by the classical parties, that the random string was randomly selected, and that the quantum randomness is a valid output of the certified randomness protocol using the random string as input.

Abstract: A method may include: generating, by a plurality of auditor computer programs and a data curator computer program, a first random string using a first distributed randomness protocol; sending the first random string to a quantum party computer program; executing, by the quantum party computer program, a certified randomness protocol with a quantum randomness source using the first random string; receiving, from the quantum randomness source, a first quantum randomness; generating, by the auditor computer programs and the data curator computer program, a second random string using a second distributed randomness protocol; extracting, by the data curator computer program and using a randomness extractor, a second quantum randomness from the first quantum randomness using the second random string, wherein the second quantum randomness comprises a near-uniformly random string; and executing, by the data curator computer program, a differential privacy protocol using the second quantum randomness as additive noise

Abstract: Systems and methods for conducting composable quantum oblivious transfer over noisy quantum channels are disclosed. Embodiments provide a method for constructing a quantum oblivious transfer (QOT) protocol using noisy quantum channels and devices through the use of a quantum-hard one-way function. This construction allows the construction of QOT protocols that achieve simulator security, allowing them to be used in a black-box fashion as part of other cryptographic constructions, including arbitrary secure multiparty computations.

Abstract: Systems and methods for secure cryptographic secret distribution are disclosed. In one embodiment, a method for secure cryptographic secret distribution may include: (1) receiving, at a key relay station, a cryptographic secret from a webserver over a first communication network; (2) storing, by the key relay station, the cryptographic secret; (3) authenticating, by the key relay station, an end user via an end user electronic device; and (4) securely communicating, by the key relay station, the cryptographic secret to the end user electronic device. The end user electronic device is configured to store the cryptographic secret in secure storage on the end user electronic device, to encrypt data with the cryptographic secret, and to communicate the encrypted data to the webserver over a second communication network.

Abstract: A method may include: (1) querying, by a randomness computer program executed by a randomness electronic device, a quantum randomness source for a plurality of sequences of random bits; (2) receiving, by the randomness computer program, the plurality of sequences of random bits; (3) saving, by the randomness computer program, the plurality of sequences of random bits in a randomness pool; (4) receiving, by the randomness computer program, a request for randomness from a client randomness computer program executed by a client electronic device; (5) drawing, by the randomness computer program, a subset of the plurality of sequences of random bits from the randomness pool; (6) marking, by the randomness computer program, the subset of the plurality of sequences of random bits as used; and (7) communicating, by the randomness computer program, the subset of the plurality of sequences of random bits to the client randomness computer program.

Abstract: A method may include: sharing, by a client computer program and a server computer program, a set of identification keys, each identification key associated with a key label, and an authentication key; selecting, by the client computer program and the server computer program, one of the key labels; preparing, by the client computer program, quantum systems using a basis, randomly chosen bit values, and intensities; sending, by the client computer program, the quantum systems to the server computer program over a quantum communication channel, wherein the server computer program may be configured to measure the quantum systems using the basis and to announce quantum systems with photon detection; and generating, by the client computer program, a client tag using a shared keyed hash function executed on the authentication key and chosen bit values from the quantum systems with photon detection, and forwarding the client tag to the server computer program.

Abstract: A method may include: sharing, by a client computer program and a server computer program, a set of identification keys, each identification key associated with a key label, and an authentication key; selecting, by the client computer program and the server computer program, one of the key labels; preparing, by the client computer program, quantum systems using a basis, randomly chosen bit values, and intensities; sending, by the client computer program, the quantum systems to the server computer program over a quantum communication channel, wherein the server computer program may be configured to measure the quantum systems using the basis and to announce quantum systems with photon detection; and generating, by the client computer program, a client tag using a shared keyed hash function executed on the authentication key and chosen bit values from the quantum systems with photon detection, and forwarding the client tag to the server computer program.

Abstract: A method may include: receiving, by a webserver computer program, shared key material shared with a client application; receiving from a browser, a request for a secure connection; establishing a session with the browser over a first secure connection; establishing a shared secret key with the browser, wherein the browser creates a browser secret key encrypted with the shared secret key, encrypts the browser secret key with the shared secret key, and provides the browser secret key encrypted with the shared secret key and session information the client application over a second secure connection that is protected with the shared key material; decrypting the browser secret key encrypted with the shared secret key using the shared secret key; identifying the session with the browser from the session information; and establishing, end-to-end encryption on top of the second secure connection using the browser secret key or a derivation thereof.

Abstract: Systems and methods for bridging gaps in cryptographic secret distribution using line-of-sight-secured networks are disclosed. In one embodiment, a system may include: a first physical location providing a cryptographic secret; a second physical location comprising a space-based vehicle transceiver that receives the cryptographic secret from the first physical location over a secure communication channel; a space-based vehicle that receives the cryptographic secret from the second physical location over a first line-of-sight communication channel; and a third physical location that receives the cryptographic secret from the space-based vehicle over a second line-of-sight communication channel, encrypts data with the cryptographic secret, and communicates the encrypted data to the first physical location over a communication network; wherein the first physical location receives the encrypted data and decrypts the encrypted data using the cryptographic secret.

Abstract: Systems and methods for secure cryptographic secret distribution are disclosed. In one embodiment, a method for secure cryptographic secret distribution may include: (1) receiving, at a key relay station, a cryptographic secret from a webserver over a first communication network; (2) storing, by the key relay station, the cryptographic secret; (3) authenticating, by the key relay station, an end user via an end user electronic device; and (4) securely communicating, by the key relay station, the cryptographic secret to the end user electronic device. The end user electronic device is configured to store the cryptographic secret in secure storage on the end user electronic device, to encrypt data with the cryptographic secret, and to communicate the encrypted data to the webserver over a second communication network.

Abstract: Systems and methods for quantum key distribution (QKD) secured vault-based application-to-application communication are disclosed. A method may include: receiving, at a vault application at a first facility, a request for a shared quantum key for communication of a secret in a vault at the first facility to an application at a second facility; distilling, by quantum devices at the first and the second facility and over a quantum communication channel, a shared quantum key using a QKD protocol; receiving, by an encryptor at the first facility, the secret; encrypting, by the encryptor at the first facility, the secret with the shared quantum key, communicating, the encrypted secret to the second facility over a communication network; decrypting, by an encryptor at the second facility, the encrypted secret with the shared quantum key; and receiving, by the application at the second facility, the secret from the encryptor at the second facility.