The Quantum Key Distribution (QKD) market will grow to over $980 million by 2024 compared to around $85 million this year. So says the industry analyst firm, Inside Quantum Technology, in its latest report “Quantum Key Distribution (QKD) Markets: 2019 to 2028.”
Quantum Key Distribution (QKD) is a major encryption technology designed to protect critical data in the quantum computing era. When Inside Quantum Technology published its first report on QKD in 2016, QKD was still mostly experimental and aimed at government/military markets. Today, the addressable market for QKD is expanding to business users and infrastructure providers, such as telephone companies.
A world-wide effort to develop standards for QKD systems has been formed through ETSI, the QKD Industry Specification Group (ISG). Its focus is to combine the QKD security analysis with details of practical implementations to develop standards that could be used by companies developing QKD products. The ultimate goal is to develop a certification framework that bridges the gap between theoretical security proofs and practical implementations with imperfect devices. In some cases, this has stimulated further theoretical research, in order to make the theoretical assumptions easier to meet in practice.
Another important aspect of the QKD technology is its integration into existing optical networks. An increasing number of QKD quantum networks and field trials from all over the world have been reported recently showing the feasibility of QKD architectures that are far more complex than the original point-to-point dark fiber connection. The QKD ISG aims to assist the integration process by defining relevant standards for such efforts.
Standardization is fundamental to promoting broad commercialization of QKD by building trust and consistency leading to certification. The standardization process is also highlighting areas of QKD research needed to support the development of these standards. A well-established set of standards would be beneficial both to potential QKD users, as it provides definition to what they might consider buying, and to QKD vendors, as it provides a framework for requirements and how to specify them.
Standardization Framework
The main advantage of QKD is that it is information theoretically secure rather than based on computational complexity assumptions, as are existing key distribution algorithms employing public-key cryptography methods. The security of QKD is based on the laws of quantum physics and specifically on a model of the physical layer of the system.
In this framework it is proven that the quantum bit error rate (QBER) bounds the information attainable over the quantum channel by an eavesdropper, even though the errors are normally caused by the non-ideal behavior of system components. Security risks connected to real-world implementations can be present in all key distribution systems. In QKD security can be breached if the model used to prove security deviates from the actual implementation of the physical layer, opening so called “side channels”
It is natural to try to extend the ideal of bounding risks to such imperfections that may be present in an implementation. The specification of how this should be done for particular implementation issues and the practical requirements that are necessary to enable the underlying security are some of the current challenges in the field.
For QKD, information theoretic security proofs exist for a number of different protocols. However a standardization and certification framework for QKD needs to consider aspects of the system beyond the underlying protocol and to look more widely at the implementation of complete systems. In order to evolve a solid set of standards for QKD it is necessary to examine the assumptions that are made in such protocol security proofs and to study the manner in which they may vary in the implementation.
It should also consider the engineering requirements necessary to ensure that best-practice is followed in terms of the design and operation of systems. Some design requirements may be imposed to eliminate potential risks while others may be introduced to simplify the security models that may be necessary
In other cases, it consists of defining the best engineering practice to approach existing theoretical assumptions. This framework is considered a “forward looking standard”. Most standards are based on a number of existing methods already in commercial use. Forward looking standards anticipate the emerging technology and attempt to provide the needed operational guidance, testing methods and verification to help advance new technology towards broad commercial adoption.
Quantum Alliance Initiative and ID Quantique aim for QRNG and QKD standardisation
The Hudson Institute and Bright Apps LLC are proud to announce the creation of the first-ever standards for both Quantum Key Distribution (QKD) and Quantum Random Number Generator (QRNG). Today marks the submission of the first global QKD and QRNG recommendations to the International Telecommunications Union (ITU) — meetings in Geneva are scheduled for Jan. 22-30, 2019.
These recommendations were reviewed and agreed to by a consortium of 18 companies and entities from eight countries at a two-day conference held at Hudson Institute on Dec. 6-7, 2018. They will be adopted voluntarily as industry standards by the participating organizations and will now be presented to the ITU-T’s Study Group 17, which coordinates security-related work across all of the ITU-T.
In addition to Bright Apps LLC, the signatories include representatives from Hudson Institute, Armafex Partners LLC, Bra-Ket Science, Cambridge Quantum Computing, Ciena, Florida Atlantic University, Harris Corporation, IDQuantique, Institute for National Defense & Security Research, MagiQ Technologies, Qubitekk, Quantum Xchange, Quintessence Labs, Rivada Networks, SK Telecom, SPAWAR Systems Center Pacific and the University of Warsaw.
Submission of the standards was agreed to as approved work items at the last meeting of the SG17 in September 2018, and participants and organisers of the December conference are optimistic about the standards’ chances for final approval.
This work in quantum technology stems from the inevitable impact that achievements in quantum computing will have on national security and the economy. As such, quantum computing and quantum security must be viewed holistically and through a strategic security lens.
“In an era where more data flows than ever before and where everything in the real world is interconnected, quantum communications technologies will play a significant role in securing our data and communications. This is an excellent step towards wide scale adoption of these critical technologies.” says Grégoire Ribordy, CEO and co-founder at ID Quantique. “In order to achieve the strongest security solutions possible, the QKD and QRNG standards will be crucial to the future of quantum and security solutions,” said Greg McGregor, CEO, Bright Apps LLC.
“This has been a big success for the Quantum Alliance Initiative and its members and a big advance for quantum information technology,” says Dr. Arthur Herman, New York Times bestselling author, Pulitzer Prize finalist, historian and director of the QAI. “The goal of these standards is not to preclude or compete with standards being completed by other standards bodies, like ETSI or IEEE, but to complement those standards with a foundational 1.0 version that current users can adopt while waiting for future standards development.”
“We are happy to be part of this standards group and are looking forward to using our vast knowledge and world-class professional services to bring Quantum technology to market and integrate it as the world standard in security. Our unique skill set has allowed us to be at the forefront of Quantum technology and to be among the first to integrate Quantum into existing security systems,” said McGregor.
“We are excited to have a leader like Bright Apps be a charter signatory to the Global Industry Quantum-Safe Communications standards for QKD and QRNG at the Quantum Alliance Initiative headquartered at the Hudson Institute in Washington, D.C.,” said Charles Harvey, head of strategic quantum initiatives, U.S., IDQuantique SA.
Need for Quantum technologies Standardization
Workshop ‘Making Quantum Technology ready for Industry’ , was held in Brussels on 28-29 March 2019 and organised by CEN and CENELEC together with the Joint Research Center (JRC), the European Commission’s Directorate General Communications Networks, Content and Technology (DG CNECT), and the German Institute of Standardisation (DIN).
The workshop is part of the Putting Science Into Standards (PSIS) initiative, that brings together researchers, industry and standardisers with the purpose of facilitating the identification and screening of emerging science and technology areas that can be introduced early into the process of standardization to enable innovation. In line with this objective, the ‘Making Quantum Technology ready for Industry’ workshop was the basis for identifying potential fields where standardisation could add value to the deployment of Quantum Technologies in industrial applications, including security, sensing, imaging and measurement, and build a roadmap for standardization activities.
In particular, the workshop participants identified three main areas: (i) Quantum Key Distribution and quantum-safe security, (ii) Quantum metrology, sensing and imaging, (iii) and Quantum computing and internet. Several existing standardization activities on quantum enabled security techniques, quantum computing and communication were also mapped. As concrete actions for standardisation, the workshop suggested to focus on the standardization of a quantum technology terminology and on the development of an EU standardisation roadmap for Quantum Technologies.
A Joint Symposium on Standards for Quantum Technologies was organized at the end of March 2021 to bring together stakeholders from the major standards development organizations (SDOs) that are dealing both with quantum and other mainstream areas, which would be affected by commercial adoption of quantum technologies. It was important to have a structured discussion on where standards would be useful – if at all – in quantum.
Participants explored what form the possible standards would take and how we could work together to avoid some of the usual pitfalls when different SDOs diverge, for example by harmonizing quantum terminology. The meeting was extremely interesting and general audience feedback was excellent. We will therefore be organizing a follow-up joint symposium later in the year to continue the discussion. One of our hopes is that we can pave the way for IEC, ISO, ITU and other SDOs to come together to collaborate on a roadmap for the standardization of quantum technologies.
Quantum technologies have already had a significant impact on the work of IEC technical committees in areas such as lasers and semiconductors. More recently, quantum computing has emerged as a new and very exciting frontier for standardization. I am a member of a working group on quantum computing set up by IEC and ISO in their joint technical committee on information technology (JTC 1). At the IEC, I chair Subcommittee 86B on fibre optic interconnecting devices and passive components. The benefits to society are potentially huge, allowing impossible world-scale simulations to be carried out in reasonable times. As always, though, the dangers are proportional to the benefits when a powerful technology is abused by “bad actors”.
Quantum computers could and will inevitably be used also for nefarious purposes, such as cracking powerful ciphers and hacking highly secure installations. Therefore, quantum technologies need to be part of the encryption process. That is why, for example, ISO/IEC JTC 1/ Subcommittee 27, which is best known for the ISO/IEC 27000 series of IT cyber security standards, is already looking at ways to develop quantum resilient cryptography.
Quantum computing is still very much in its infancy, with new methods of quantum computation emerging now on a frequent basis. That is why it needs total freedom to innovate, to breathe and to proliferate. There are some areas, however, in which standards would be helpful, including raising the performance benchmarks for the equipment and infrastructure required to support quantum computing, quantum measurement and quantum communication.
Quantum technologies Standardization initiatives
ITU standardization work is addressing network and security aspects of quantum information technologies with an initial focus on Quantum Key Distribution (QKD), a means of enabling quantum-secure encryption and authentication. This work is led by ITU-T Study Group 13 (Future networks and cloud) and ITU-T Study Group 17 (Security).
New ITU standards for QKD networks provide foundational concepts (ITU Y.3800) and address functional requirements (ITU Y.3801) and architecture (ITU Y.3802), key management (ITU Y.3803), and control and management (ITU Y.3804). New ITU standards also provide a security framework for QKD networks (ITU X.1710), key combination methods (ITU X.1714), and the architecture of a quantum noise noise random number generator (ITU X.1702). These ITU standards for QKD networks will enable the integration of QKD technology into large-scale ICT networks and provide for the security of these QKD networks.
ETSI is working on quantum-safe cryptography and QKD. ISO/IEC JTC 1 (Information technology) is working on QKD testing and evaluation, and both ISO/IEC JTC 1 and IEEE are working on quantum computing. The IRTF Quantum Internet Research Group is studying the realization of quantum internet, and exploratory studies on quantum technologies are also underway at CEN-CENELEC.
References and Resources also include:
http://www.gcc.fi.upm.es/publications/GLOCOMW.2014.7063507.pdf