What is a secure quantum key?
In quantum key systems, two trusted parties establish a secret key using an optical link, and it is generated based on the quantum states of photons transmitted from the key sender to the recipient. The security of this key is based on the inability to eavesdrop on the key during transmission and generation. If the key is partially or fully eavesdropped, it will be distorted in such a way that the unaltered version cannot be received by the other party. Thus, the recipient will receive a corrupted key, resulting in it not being confirmed by the sender and both parties will detect the fact of the eavesdropping attempt.
What is QKD?
Systems with quantum key distribution (QKD) work in such a way that a secure one-time key is generated in a quantum channel between transmission parties, while the distribution of the key itself to distant nodes in the network, as well as metadata about the key and encrypted useful communication with the distant node are carried out in another channel, which can be e.g. a public telecommunication network.
Indeed, for practical reasons, we assume that we do not have quantum channels between any two nodes in the network, but only between some of them.
The system should enable the most secure communication between nodes that do not directly have connectivity secured by quantum technologies, but do have such connectivity with other nodes in the network.
Interoperability, or in compliance with standards
A technical problem may be the fact that the generated keys and metadata may be incompatible between devices and interfaces of different providers. The key management system should ensure communication with the devices, receive keys in a standardized form, and distribute such keys among specific nodes in the network.
The running demonstration complied with the currently discussed and current ETSI (European Telecommunications Standards Institute) international standards. Direct communication between test system nodes was performed using an interface compliant with the ETSI GS QKD 014 standard, while the key management scheme was compliant with the ITU-T Y.3803 (International Telecommunication Union) standard. In order to achieve interoperability between QKD devices from different suppliers, a key management agent based on ADVA FSP150 network devices was proposed.
What was successfully demonstrated?
During the demonstration, a key transfer mechanism using multiple trusted nodes in a high-speed and secure optical communication network was shown. A key management system was also launched between devices in the network. The network of QKD devices consisted of multiple point-to-point connections. Keys were securely transmitted and shared between the transmission parties, and the devices in the QKD network themselves did not need to be directly connected, although it was possible to transmit keys to them (Figure 1).
Fig. 1, Simplified diagram of the demonstration system
In the demonstration, each trusted node was equipped with a so-called agent, a process that could interact with other devices in the QKD network and receive keys from them. These keys were encrypted and delivered to the destination node. A secure key exchange interface was implemented relying on HTTPS, according to the ETSI standard, and was used to exchange information between trusted nodes. The trusted network nodes had key databases and optionally cached the keys to reduce the transfer latency.
Conclusions
The demonstration achieved proper device interoperability through a standards-compliant key exchange interface, which means that the system can be integrated with existing telecommunications networks. The demonstration system can also be used in wide QKD networks and extended to any number of trusted nodes. Therefore, the next step will be to deploy a long-distance QKD link and perform high-speed optical communication tests based on GÉANT/NREN networks.
Information about the project
The described research is co-funded by the OpenQKD project from the European Union Horizon 2020 Framework Programme, grant number: 857156. The project coordinator at PSNC is Piotr Rydlichowski, e:mail: prydlich@man.poznan.pl
References: Marcin Dąbrowski