Arqit and Sparkle Bring Quantum‑Safe Encryption Directly to the Optical Layer

Key Takeaways

  • Arqit and Sparkle demonstrated quantum‑resilient encryption running natively inside an optical network without slowing traffic
  • The proof of concept showed multi‑100G links protected at line rate across Sparkle’s Athens metropolitan ring
  • The approach avoids new optical hardware, relying instead on software‑driven key injection and orchestration
  • The project offers telecom operators a practical path to quantum‑safe protection for high‑capacity transport networks

The telecom industry has discussed securing transport networks against future quantum attacks for years, yet most real deployments stall where theory meets hardware. The latest work from Arqit Quantum Inc. and Sparkle cuts through that bottleneck. Instead of redesigning the physical network or bolting on bulky cryptographic appliances, the two companies proved that quantum‑resistant protection can run directly inside existing optical transponders at full speed.

Operators rely on optical transport for their most sensitive, high‑volume data flows, yet that physical layer remains one of the least modernized parts of the security stack. IP and application‑layer encryption have evolved quickly, but optical links often depend on legacy approaches that may not withstand the arrival of large‑scale quantum computing. Sparkle’s trial with Arqit shows that the gap can be closed without tearing up decades of infrastructure.

The demonstration took place on Sparkle’s metropolitan optical ring in Athens, a live environment where the team validated end‑to‑end protection across multi‑100G channels. Arqit embedded its SKA‑Platform encryption into Sparkle’s Quantum‑Safe over Internet setup, which operates directly on optical transponders at Layer 1. Because the encryption engine sits inside the optical layer, data is protected before it ever enters higher‑level protocols or services. Sparkle reported no throughput penalties, no latency concerns, and no need to replace optical hardware.

The architecture for feeding keys into the system distinguishes this approach. Rather than requiring proprietary modules, the trial relied on virtual machines and universal CPE appliances connected through an ETSI‑compliant interface. Keys were managed through Sparkle’s orchestration environment and injected into the optical layer as needed. That makes the whole scheme software‑driven and operationally familiar for network engineering teams.

Arqit has spent several years developing a symmetric key agreement system that avoids the heavy processing requirements common in traditional post‑quantum cryptography. The platform distributes key material that endpoints use to generate their own symmetric keys locally. Because the algorithm avoids the large public‑key operations associated with post‑quantum protocols, it fits comfortably inside lightweight agents and embedded environments. According to Arqit’s documentation, the approach is compatible with NSA CSfC components and aligns with the requirements outlined in RFC 8784.

For carriers, the business case is straightforward. Optical infrastructure is expensive, and upgrade cycles typically span decades. Introducing new inline security hardware for every link in a multi‑country footprint is rarely feasible. Sparkle positions this project as a way to apply quantum‑resistant security without that hardware burden. The company operates more than 600,000 kilometers of fiber globally, including major subsea systems. A software‑based approach that scales across such a footprint is inherently more attractive than one requiring specialized modules.

The trial aligns with a broader industry pattern: as transport networks become more disaggregated and software‑defined, operators want security elements that blend into their orchestration frameworks rather than sitting outside them. Integrating encryption into the optical layer via software allows automated provisioning, monitoring, and lifecycle management. It lines up with how carriers already operate SD‑WAN, backhaul, and cloud interconnect services.

The timing is important. Telecom operators are already deciding how to prepare for the transition to quantum‑safe cryptography, prompted in part by government guidance and early‑stage regulation. The US National Institute of Standards and Technology has been finalizing its post‑quantum cryptography suite, and the first approvals are feeding into security standards worldwide.

Operators are also contending with “harvest‑now, decrypt‑later” threats. Sensitive traffic captured today could be decrypted years from now when quantum computing matures. That includes payments traffic, identity systems, industrial telemetry, and inter‑data‑center replication flows. Transport networks carry all of it.

Arqit's own market positioning has been shaped by this environment. The company has been recognized for its approach to post‑quantum cryptography, and its technology has been incorporated into several government and commercial pilots. Its model relies on the idea that symmetric keys generated locally offer strong protection without the computational overhead of post‑quantum asymmetric algorithms. Symmetric cryptography is widely considered quantum‑resistant when keys are sufficiently large, which is why national cybersecurity agencies recommend scaling symmetric key sizes as part of quantum‑readiness initiatives. Documentation from ENISA supports this point in its cryptographic guidance.

Sparkle’s involvement adds a real‑world dimension. As a Tier 1 international carrier with a global fiber footprint and a long history in subsea cable operations, Sparkle’s networks carry enterprise, carrier, and content‑provider traffic across multiple regions. For organizations evaluating quantum‑safe upgrades, a POC on that scale signals that the technology isn’t limited to lab conditions.

Operational realities determine deployment success. Telecom engineering teams already juggle wavelength provisioning, optical power management, multi‑vendor equipment, and complex routing policies. Any security layer that disrupts those processes tends to stall. Sparkle reported that the deployment required no changes to the optical hardware itself, which suggests that carriers could adopt this method through software updates and orchestration‑driven provisioning. That reduces integration friction—often the hidden killer of ambitious network‑security projects.

If quantum‑safe encryption can be delivered at optical line rate, operators can rethink where and how they protect their traffic. Instead of applying encryption at the IP layer using heavy, sometimes expensive appliances, they can embed protection at the earliest possible point. That shifts the security boundary outward and simplifies the stack above it.

The Arqit–Sparkle project gives the industry a concrete example of optical‑layer quantum‑safe encryption running under realistic conditions. For carriers evaluating their long‑term cryptographic strategy, this kind of early validation helps clarify what can be deployed now versus what may still require years of research or standardization. The work in Athens suggests that quantum‑resistant protection at the speed of light is no longer theoretical—it is already running across production‑grade optical links, using equipment operators have in place today.