Scalable QKD Network Design and Integration

with Classical Cryptography

Zhangchao MaCAS Quantum Network Co., Ltd.

Email: mazhangchao@casquantumnet.com

November 8, 2018ETSI / IQC Quantum Safe WorkshopBeijing, China

Two key issues for QKD to "take off"

1. How to build scalable, service-oriented and cost-efficient QKD network?

2. How to extend QKD service to various devices and applications?

CAS Quantum Network 2018 2

[C. H. Bennett & G. Brassard, BB84 protocol (1984) ]

QKD State-of-the-art: Networks

CAS Quantum Network 2018 3

2002~2007：USA

DRAPA Network[1]

2004~2008：EU

SECOQC Network [2]

2011~：Japan

Tokyo Network [3]

2013~：China

Satellite-ground integrated

wide-area network

[1] Elliott C: The DARPA quantum network, Quantum Communications and cryptography: CRC Press, 2005: 91-110.

[2] Alleaume R, et al. SECOQC white paper on quantum key distribution and cryptography[R]. 2007.

[3] Sasaki M, et al. Field test of quantum key distribution in the Tokyo QKD Network[J]. Optics express, 2011, 19(11): 10387-10409.

QKD State-of-the-art: Challenges

⚫ No available quantum repeater technique

⚫ No effective support for wireless terminal

⚫ No mature standards and certification

⚫ High device cost and low efficiency

CAS Quantum Network 2018 4

High level requirements for QKD network

CAS Quantum Network 2018 5

• Support MP-to-MP ITS Key transport

• Flexible and economic network expansion according to service growth

• Support flexible network topology for wide-area coverage

• Support efficient one-to-many QKD for access network

R1 Scalability

• Support efficient key supply and relay node routing schemes

• Provide high secret-key throughput and low latency to satisfy various application requirements

R2 Efficiency

• Fast fault detection and recovery when some nodes or links fail to ensure service continuity

R5 Robustness

• Provide developer-friendly APIs for QKD network capabilities

• Facilitate integration with various ICT protocols and applications

R4 Application-oriented

• Provide per-secret-key-flow QoS and Charging policy control and enforcement

R7 Policy control

• Strict QKD protocol security proof and certification

• Effective countermeasures against known quantum layer threats

• Support effective security enhancements for trusted relay

R3 Security

• Support multi-vendor interoperability for both QKD and network management devices

R6 Interoperability

QKD Network | Data-plane functions

CAS Quantum Network 2018 6

QKD data plane functions

• Deliver key material to APP according to requested

parameters

• Relay key material to the peer APP via one-time pad

encrypted tunnel

CAS Quantum Network 2018 7

QKD Control plane functions

• Q-AuC: Node Register and Authentication

• Q-PCRF: QoS Policy and Charging Rules control

• Q-MN: Routing and Resource

Management, e.g., load balancing

QKD Network | Control-plane functions

CAS Quantum Network 2018 8

InternetQKD-based SSL, IPSEC, …

A2

QKD Network | Network Elements and Interfaces

QKD Application layer

QKD Physical layer

QKD Network Management layer

• Offsite Backup/Business Continuity

• Enterprise Metropolitan Area Network

• Critical Infrastructure Control and Data

Acquisition

• Backbone Protection

• High Security Access Network

• Satellite Long-Haul Service

QKD-integrated security applications

CAS Quantum Network 2018 9

ETSI specified use cases（*GS QKD 002） China demonstrated series of applications

QKD-based VideoConference

QKD-based Enterprise VPN

QKD-basedBank data transfer and DC backup

Restricted to fiber or satellite-reached scenarios

QKD-based secure communication solution

CAS Quantum Network 2018 10

QKD Pros Cons

① Root key Pre-share Pre-distribute user-specific

symmetric root key

Complex

management

② Identity Authentication APP and QKD node use symmetric

root key for initial authentication

Quantum-resistance

③ Session key agreement Use QKD network to produce and

distribute session key via OTP

ITS，Quantum-resistant ,

forward security, high speed

Limited scenario,

Trusted relay

④ Encrypted comm. Use symmetric session key for

AES encrypt/decrypt

3GPP LTE architecture

Comparison with classical cryptography I

CAS Quantum Network 2018 11

Symmetric Cryptography

Asymmetric Cryptography

• Mobile network including 2G/3G/4G/5G

• Kerberos based enterprise systems

• Part of Bank systems, e.g., PBOC …

• Internet apps usually based on PKI,

including https, software update, VPN,

secure email, Blockchain, …

TLS procedure

Comparison with classical cryptography II

CAS Quantum Network 2018 12

KDC Pros Cons

① Root key

Pre-share

Pre-distribute user-specific

symmetric root key

Complex

management

② Identity

Authentication

Use symmetric root key for

authentication

Quantum-

resistance

③ Session key

agreement

Use symmetric root key to

derive session keys via KDC

Quantum-

resistance

No forward

security

④ Encrypted

comm.

Use symmetric session key

for AES encrypt/decrypt

Symmetric Cryptography

PKI Pros Cons

① Root key

Pre-share

Pre-distribute CA-specific

certificates and public keys

Easy to

Manage

② Identity

Authentication

CA issues certificate to B, A

verifies B’s certificate via CA

Not Q-safe

③ Session key

agreement

Use public key to negotiate

symmetric session keys

Not Q-safe;

Long latency

④ Encrypted

comm.

Use symmetric session key

for AES encrypt/decrypt

QKD can be

used to ensure

secure root

Key/Certificate

distribution

Asymmetric Cryptography

QKD solution extended to mobile use cases

CAS Quantum Network 2018 13

Utilizing terminal’s

secure storage

to cache secret-keys

Electricity

Enhanced QKD solution with PKI and KDC

CAS Quantum Network 2018 14

QKD enhanced with PQC and KDC Vs. KDC Vs. PKI

① Root key Pre-share Pre-distribute PQC certificates to QKD node and terminal secure storage Easy

management

② Identity

Authentication

2-1: Use PQC certificates for QKD node and terminal initial authentication

2-2: Use symmetric Q-keys for authentication in following sessions

QC-safe

③ Session key

agreement

3-1: Use QKD network to distribute temporary session keys via OTP;

then store symmetric key-pool to the terminal and KDC

3-2: Use KDC to negotiate real-time session key

Forward security QC-safe;

Fast

④ Encrypted comm. Use symmetric session keys for encrypt & decrypt via AES algorithm Vs. KDC

Summary

• The success of QKD network requires multi-disciplinary collaboration between quantum physics, cryptography, network engineering and IT development, etc.

• Based on today’s technique, QKD can basically work with well-design network architecture and the help of classical cryptography.

• QKD is still limited by quantum layer characteristics, e.g., rate, distance, cost, channel. The real long-distance, mobile, miniaturized and chip-scale QKD devices are always in pursuit.

CAS Quantum Network 2018 15

Thanks!Q&A

CAS Quantum Network 2018