Quantinuum: Quantum Key Distribution and Certified Randomness for Enterprise Security

The Problem

Modern network security rests on RSA and ECC, which derive their strength from the computational hardness of factoring large integers and solving discrete logarithm problems. A sufficiently large fault-tolerant quantum computer running Shor’s algorithm would break both.

That threat is not immediate, but the timeline is shortening. Organizations in finance, defense, and critical infrastructure face a more pressing problem today: the quality of their cryptographic randomness. Classical pseudo-random number generators (PRNGs), even cryptographically secure ones, are deterministic. Their output is bounded by the entropy of their seed sources: OS-level entropy pools, hardware noise, and timing jitter. Under adversarial conditions, seed quality is attackable.

Quantinuum’s response was to build a commercially deployable quantum randomness service before large-scale quantum computing exists. Their argument: you do not need a million qubits to generate certified randomness. You need a few trapped-ion qubits in superposition.

Quantum Origin: Architecture

Quantum Origin generates randomness by executing quantum circuits on Quantinuum’s H-series trapped-ion hardware. A qubit placed in an equal superposition with a Hadamard gate and then measured produces a genuinely random bit; the outcome is not determined until measurement, and cannot be predicted even in principle.

The service adds a certification layer. Each output block comes with a cryptographic proof that the randomness was generated by a specific quantum circuit on verified hardware, not by a classical simulation. Customers receive entropy that can be audited and attested.

import hashlib
import hmac
import os

# Simulate Quantum Origin entropy generation using pytket
# In production, this calls the Quantum Origin API which returns
# quantum-certified random bytes from H-series hardware

from pytket import Circuit
from pytket.extensions.quantinuum import QuantinuumBackend

def generate_quantum_entropy(n_bits: int = 256) -> bytes:
    """
    Generate certified quantum random bits using H-series hardware.
    Each qubit in superposition yields one random bit on measurement.
    """
    backend = QuantinuumBackend(device_name="H1-1")
    backend.login()

    n_qubits = n_bits
    circ = Circuit(n_qubits, n_qubits)

    # Place all qubits in equal superposition
    for i in range(n_qubits):
        circ.H(i)

    # Measure all qubits
    circ.measure_all()

    compiled = backend.get_compiled_circuit(circ, optimisation_level=0)
    handle = backend.process_circuit(compiled, n_shots=1)
    result = backend.get_result(handle)

    shots = result.get_shots()
    bits = shots[0].tolist()

    # Pack bits into bytes
    byte_array = bytearray()
    for i in range(0, len(bits), 8):
        byte_chunk = bits[i:i+8]
        byte_val = sum(b << (7 - j) for j, b in enumerate(byte_chunk))
        byte_array.append(byte_val)

    return bytes(byte_array)


def generate_quantum_entropy_simulated(n_bytes: int = 32) -> bytes:
    """
    Fallback simulation for testing without H-series access.
    In production, replace with Quantum Origin API call.
    """
    import numpy as np
    # Simulate Hadamard + measure: each qubit is 50/50
    bits = np.random.randint(0, 2, size=n_bytes * 8)
    byte_array = bytearray()
    for i in range(0, len(bits), 8):
        val = sum(int(bits[i + j]) << (7 - j) for j in range(8))
        byte_array.append(val)
    return bytes(byte_array)

Key Derivation with Quantum Entropy

Once quantum entropy is retrieved, it seeds a key derivation function (KDF) to produce symmetric keys for use in TLS sessions, storage encryption, or certificate signing.

import hashlib
import hmac
import struct

def derive_key_from_quantum_entropy(
    quantum_entropy: bytes,
    context: str,
    key_length: int = 32
) -> bytes:
    """
    Derive a symmetric key from quantum entropy using HKDF-SHA256.
    context labels the key purpose (e.g. 'tls-session', 'storage-key').
    """
    context_bytes = context.encode("utf-8")

    # HKDF extract: combine entropy with a fixed salt
    salt = b"quantinuum-quantum-origin-v1"
    prk = hmac.new(salt, quantum_entropy, hashlib.sha256).digest()

    # HKDF expand
    t = b""
    okm = b""
    counter = 1
    while len(okm) < key_length:
        t = hmac.new(
            prk,
            t + context_bytes + struct.pack("B", counter),
            hashlib.sha256
        ).digest()
        okm += t
        counter += 1

    return okm[:key_length]


# Example: generate a TLS session key seeded by quantum entropy
quantum_entropy = generate_quantum_entropy_simulated(n_bytes=64)
session_key = derive_key_from_quantum_entropy(
    quantum_entropy, context="tls-session-2023"
)
print(f"Session key (hex): {session_key.hex()}")
print(f"Key length: {len(session_key)} bytes")

QKD Research: Entangled Photon Pairs

Separately from Quantum Origin, Quantinuum has used trapped-ion hardware for QKD research. The H-series can generate entangled photon pairs via ion-photon entanglement, enabling BB84 and E91 protocols where key material is established over a quantum channel and eavesdropping is detectable by disturbing the quantum state.

This is distinct from Quantum Origin, which uses quantum randomness to strengthen classical key infrastructure rather than replacing it with a fully quantum channel.

Outcomes and Deployment

Quantum Origin was launched commercially in 2022. JPMorgan integrated it into their cryptographic infrastructure, using certified quantum entropy to seed their internal key management systems. Additional financial and defense partners followed through 2023.

The key commercial insight: quantum randomness is deployable today on existing classical networks. It does not require a quantum internet or fiber links between sites. Enterprises install a software client, call the Quantum Origin API, and receive quantum-certified entropy that strengthens their existing PKI.

QKD at commercial scale remains a harder problem, requiring dedicated fiber or free-space optical links and is still in the research and pilot phase.

What This Means for Enterprise Security

Quantum Origin sits between two timelines. Classical cryptography is not broken today, but the “harvest now, decrypt later” attack is real: adversaries can record encrypted traffic now and decrypt it once quantum computers exist. Upgrading randomness quality and beginning post-quantum algorithm migrations today reduces that exposure.

The NIST post-quantum standards (CRYSTALS-Kyber, CRYSTALS-Dilithium, finalized 2024) address the algorithm side. Quantum Origin addresses the entropy side. Together they represent a practical migration path that does not require waiting for a quantum internet.

Learn more: Quantinuum Reference