The 120-Kilometer Quantum Key Demo That Landed Right as Post-Quantum Crypto Started Shipping

The press release headline writes itself: unhackable quantum keys, 120 kilometers, no eavesdropping possible. Scroll past the banner and you find something more interesting. A team from the University of Stuttgart, Leibniz University Hannover, and collaborators in China has built the first working quantum key distribution system that combines two things the field has wanted together for years — a deterministic single-photon source operating at telecom wavelengths, and time-bin encoding to keep those photons stable in standard optical fiber. The paper appears in Light: Science & Applications.

The 120-kilometer distance is real. So is the six-hour uninterrupted run that required no human adjustment. The quantum bit error rate stayed below 11% across the link, and the secure key rate held at roughly 15 bits per second — enough to refresh encryption keys on a classified government link or a financial settlement channel, if anyone ever builds the infrastructure to use it.

Here is what actually matters for the people reading this: the real problem with quantum key distribution has never been whether physics allows it. The physics has always allowed it. The problem is that every practical deployment to date has required either specialized fiber, constant recalibration, or both. Polarization-based QKD systems — the kind most quantum-dot hardware has used until now — are hypersensitive to temperature changes, mechanical stress, and fiber birefringence. A system that works in a lab at one temperature will watch its error rate climb as the seasons change. This is why QKD has produced an impressive catalog of laboratory demonstrations and almost no deployed infrastructure.

Time-bin encoding solves the polarization drift problem by encoding quantum information in the arrival time of a photon rather than its polarization orientation. The timing is immune to the kind of environmental disturbances that ruin polarization states in fiber. The researchers' Sagnac interferometer setup with active feedback control kept the system stable across six hours of continuous operation — a window that matters not because six hours is long, but because it suggests the system didn't require a graduate student to babysit it.

This matters for a specific reason that the press release undersells: it is the first demonstration of time-bin QKD with a deterministic quantum-dot single-photon source at telecom wavelength. Deterministic means the source produces exactly one photon on demand, not a probabilistic mixture that sometimes yields two photons and sometimes none. Telecom wavelength means the system operates at the C-band around 1550 nanometers — the same frequency that carries most of the world's internet traffic, meaning it can ride existing fiber infrastructure rather than requiring dedicated quantum channels.

The quantum dot source, operating at about 76 megahertz with photon purity gated by the Purcell effect, is the kind of hardware that could eventually be manufactured rather than assembled by hand. That is the long game: a semiconductor fabrication platform for quantum cryptographic hardware, integrable with existing telecom equipment.

But here is the part that should give builders and investors pause. While this lab result was being prepared for publication, post-quantum cryptography was already shipping.

Hybrid ML-KEM — the NIST-finalized post-quantum key encapsulation standard derived from CRYSTALS-Kyber — has been enabled by default in Chrome since April 2024. Firefox shipped it in November 2024. Microsoft's CNG cryptographic APIs went generally available in November 2025, bringing ML-KEM and ML-DSA to Windows and, via .NET 10, to Linux. Apple's iOS 26 and macOS 26 implementations landed in late 2025. As of early 2026, over half of Cloudflare's web traffic uses hybrid post-quantum key exchange, according to Cloudflare's post-quantum deployment report. Microsoft's PQC APIs went GA in November 2025. Apple integrated PQC into iOS and macOS in late 2025.

None of this requires dedicated fiber. None of it requires single-photon detectors or cryogenic cooling. It runs on hardware that already exists, over the internet that already exists, and it is getting faster as implementations optimize.

The 15 bits per second this system produces is not a direct comparison to the megabits per second available through post-quantum TLS handshakes. QKD generates symmetric keys for one-time-pad-style encryption — the keys themselves are the product. PQC preserves existing public-key infrastructure while adding quantum resistance. For government classified communications where physics-based security is legally mandated, QKD may always have a role. For commercial security, the economic and logistical calculus has already shifted.

What this paper actually demonstrates is a genuine step in solid-state quantum photonic hardware: a stable, long-distance QKD link that could theoretically be deployed without the polarization-compensation overhead that has made every previous field trial a custom engineering project. The gap between that and a deployed network is not a physics problem anymore. It is a cost, manufacturing, and infrastructure problem — and the people best positioned to solve it are not the researchers who wrote this paper. They are the semiconductor foundries, the network equipment vendors, and the government procurement programs that might someday specify quantum-dot QKD modules as standard interface cards in telecom racks.

Whether that day comes before post-quantum cryptography renders the question moot for most commercial applications is the only genuinely uncertain part. The physics is sorted. The market is not.