Key Generation Architecture

Key distribution based on asymmetric algorithms is a weak link for cryptography.

Qrypt is the only company that enables encryption without distributing encryption keys – also basing them on trusted quantum random numbers.

  • The BLAST architecture enables generation of identical keys at multiple endpoints, so they are never distributed.
  • Caches of random allow for sampling by multiple clients – with time and usage controls that trigger cache shredding.
  • Client locally extracts keys from returned random – not even Qrypt can determine the keys.
  • No dedicated channels or infrastructure required – unlike quantum key distribution (QKD).


  1. Client A determines the key generation requirements: BLAST servers to be used, the sampling seeds, and extraction parameters​.
  2. Clients share the key generation requirements – seeds, extraction parameters​.
  3. Each client independently samples BLAST APIs, assembling identical blocks of random on each client.​
  4. Clients locally extracts keys - resulting in identical encryption keys which were never distributed​

​Attack scenarios required to compromise keys are extreme​

  • Attacker compromises the A to B channel and decrypts the key generation requirements before the server caches are shredded and can no longer be sampled. Even with a quantum computer the time to decrypt is too long.​
  • Attacker compromises ALL aspects of the BLAST protocol, including TLS crypto​
    • Compromises ALL channels between a client and the N BLAST servers​
    • Compromises the A to B channel​
    • Defeat TLS cryptography used in A to B channel​
  • Full control of Client A or Client B​