• Telecommunications

Bharti Airtel: Quantum Key Distribution for Enterprise Networks

Bharti Airtel

Bharti Airtel deployed quantum key distribution across its metro fiber network in Mumbai and Delhi, securing enterprise customer data and financial institution links against future quantum threats.

Key Outcome
India's first commercial QKD deployment at scale, protecting 200+ enterprise customers across 680 km of secured metropolitan fiber.

The Challenge

India’s financial sector and critical infrastructure face a rapidly evolving threat landscape. The anticipated arrival of cryptographically relevant quantum computers within the coming decade poses an existential risk to RSA and ECC encryption, which protects the majority of enterprise data in transit today. “Harvest now, decrypt later” attacks (where adversaries collect encrypted traffic today to decrypt once quantum computers are available) mean the threat is not hypothetical: it is already active.

Bharti Airtel, India’s largest telecommunications operator, identified its metro fiber network as the ideal delivery vehicle for quantum-secured enterprise links. Banks, government agencies, and healthcare institutions were already purchasing high-bandwidth private fiber connectivity from Airtel; adding quantum key distribution to that infrastructure would allow Airtel to offer provably secure data transport without requiring customers to replace their existing network equipment.

The challenge was operational as much as technical. QKD systems require dedicated dark fiber pairs, precise optical alignment, low-loss connections, and active stabilization against thermal and vibration-induced phase drift. Deploying this reliably across hundreds of kilometers of metropolitan fiber in two of India’s most congested cities demanded significant systems integration work.

The Quantum Approach

Airtel deployed ID Quantique Clavis XG QKD appliances at enterprise customer premises and at Airtel metropolitan exchange nodes. The Clavis XG implements the BB84 protocol with decoy-state extensions, which closes photon-number-splitting attacks and allows key generation over longer fiber spans. A custom network management stack coordinates key generation, key synchronization between nodes, and integration with Airtel’s existing optical transport network.

The QKD-generated keys are used to continuously refresh AES-256 encryption sessions on Airtel’s Layer 2 enterprise services. Customers see no change to their network interfaces; the quantum key material is fed transparently into the encryption layer by Airtel’s network equipment.

# Simplified simulation of BB84 QKD key sifting and error estimation
import numpy as np

def bb84_simulation(n_bits: int, error_rate: float = 0.02) -> dict:
    """Simulate BB84 protocol through key sifting and error rate check."""
    rng = np.random.default_rng(seed=42)

    # Alice prepares random bits and random bases (0=Z, 1=X)
    alice_bits = rng.integers(0, 2, n_bits)
    alice_bases = rng.integers(0, 2, n_bits)

    # Bob measures in random bases
    bob_bases = rng.integers(0, 2, n_bits)

    # Channel introduces errors at given rate
    noise = rng.random(n_bits) < error_rate
    bob_bits = np.where(noise, 1 - alice_bits, alice_bits)

    # Sifting: keep only positions where bases match
    matching = alice_bases == bob_bases
    sifted_alice = alice_bits[matching]
    sifted_bob = bob_bits[matching]

    # Estimate QBER on a random sample (25% of sifted key)
    sample_size = max(1, len(sifted_alice) // 4)
    sample_idx = rng.choice(len(sifted_alice), sample_size, replace=False)
    qber = np.mean(sifted_alice[sample_idx] != sifted_bob[sample_idx])

    # Remaining bits after QBER check (not used in QBER estimation)
    remaining_idx = np.setdiff1d(np.arange(len(sifted_alice)), sample_idx)
    raw_key_length = len(remaining_idx)

    # Privacy amplification reduces key by security parameter
    security_reduction = 2 * sample_size  # simplified
    final_key_length = max(0, raw_key_length - security_reduction)

    return {
        "n_bits_sent": n_bits,
        "sifted_key_length": len(sifted_alice),
        "qber": round(float(qber), 4),
        "secure": qber < 0.11,  # BB84 security threshold
        "final_key_bits": final_key_length,
    }

result = bb84_simulation(n_bits=10_000, error_rate=0.02)
print(f"QBER: {result['qber']:.2%}")
print(f"Secure key generated: {result['secure']}")
print(f"Final key length: {result['final_key_bits']} bits")

Results and Implications

Airtel’s deployment became India’s first commercial QKD network operating at metropolitan scale. By the end of 2024, the network covered 680 km of secured fiber across Mumbai and Delhi, protecting connections for more than 200 enterprise customers including four major private-sector banks and two government ministries.

Key generation rates on the deployed links averaged 2-8 kbps of secure key material per fiber pair at distances up to 80 km, sufficient to continuously refresh AES-256 session keys for high-value enterprise traffic. Longer spans used trusted-node repeater architecture, where security is maintained by Airtel as the trusted intermediary at intermediate exchange points.

The deployment positions Airtel as the anchor provider for post-quantum secure enterprise connectivity in India and creates a commercial model that other national carriers can replicate as QKD hardware costs continue to fall. Airtel has announced plans to extend the network to Bangalore and Hyderabad by 2026.