Quantum cryptography is an emerging technology in which two parties may simultaneously generate shared, secret cryptographic key material using the transmission of quantum states of light. A unique aspect of quantum cryptography is that Heisenberg’s uncertainty principle ensures that if Eve attempts to intercept and measure Alice’s quantum transmissions, her activities must produce an irreversible change in the quantum states that are retransmitted to Bob. These changes will introduce an anomalously high error rate in the transmissions between Alice and Bob, allowing them to detect the attempted eavesdropping.
QKD is suitable for use in any key distribution application that has high security requirements including financial transactions, electoral communications, law enforcement, government, and military applications. Military is also transitioning to Quantum cryptography to takes advantage of the properties of matter in addition to the principles of mathematics to create a cryptosystem that cannot be broken with unlimited computing power (even with a quantum computer).
Currently Most Quantum Communication links are direct point-to-point links through telecom optical fibers and, ultimately limited to about 300-500 km due to losses in the fiber. Other factors are high background noise of practical single-photon detectors, BER rates caused by microscopic impurities in the fiber and inefficient finite-key security analysis. In addition most of the effort on QKD system design and experimental demonstrations have however so far been realized on dark fiber. This restricts the deployability of QKD to a limited number of scenarios where the barriers associated with dark fiber availability and price can both be overcome.
However, most QKD systems are based on a point-to-point link, where the transmitter (Alice), and the receiver (Bob), generate a quantum key between two specific parties. In a future scenario, where QCs become standard technology, and where infrastructures, like banks and government buildings, will be connected through a quantum network, new principles in terms of key generation are required. The concept of a QKD network where customers need parallel independent keys, connecting multiple end-users and different nodes, will be highly useful.
Lively activity and rapid progress of quantum physics applied to Cyber Security during recent years is accelerating the Introduction of QKD in existing infrastructures. On the other hand, in order to make it possible in a short time, it is useless to apply the quantum technologies to all the elements of the cryptography. QKD shall be used only to transmit a key, not any message data. It is important to underline that this key can then be used with any chosen encryption algorithm to encrypt (and decrypt) a message, which will be transmitted over a standard communication channel.
The next important milestone is development of large scale QKD network to extend QKD from point-to-point configuration to multi-user and large-scale scenario. However, most QKD systems are based on a point-to-point link, where the transmitter (Alice), and the receiver (Bob), generate a quantum key between two specific parties. In a future scenario, where QCs become standard technology, and where infrastructures, like banks and government buildings, will be connected through a quantum network, new principles in terms of key generation are required. The concept of a QKD network where customers need parallel independent keys, connecting multiple end-users and different nodes, will be highly useful
Up to now, QKD feasibility was demonstrated in laboratories and restricted field trials, but the actual deployment on commercial infrastructures and the integration with their operational procedures was still a pending issue. The installation in production facilities and using standard telecommunication systems is a first of its kind demonstration, which shows the capacity of the technology to reach real-world level of usability.
Creating the infrastructure for QKD is challenging but it is just the first step. Once transmitted, encryption keys must be kept and used. Secure Encryption Key management across all protocol layers will require the integration of QKD with classical cryptography including the actual libraries and procedures implemented at the diverse layers of the communiction protocols.
A QKD network is a sub-network within a standard communication network. A QKD network only exchanges secure keys, it does not send secure messages. Secure messages are sent over the standard communication network, using the secure keys established by the QKD network. The first step is to extend the current point-to-point QKD systems into a QKD network.
Networks are commonly divided into three categories, (i) local area networks (LAN); (ii) metropolitan area networks (MAN) and (iii) wide area networks (WAN). The LAN, sometimes referred to as a campus area network, is a short distance network (usually <5 km) typically using a star/hub topology. For this type of network, mass produced hardware is deployed since low-cost is a significant consideration. MANs are geographically larger than LANs and usually cover a city area (<50 km). MANs are usually based on a ring or mesh network topology implemented with Wavelength Division Multiplexing (WDM) technology. A WAN, sometimes called a core network or long-haul network, covers a broad area linking metropolitan areas and crossing national boundaries (e.g., several hundreds km or longer). This type of network usually uses a mesh network topology and Dense WDM (DWDM) technology. Long distance and high throughput are the main requirements for this kind of network.
The next important milestone, is development of large scale QKD network to extend QKD from point-to-point configuration to multi-user and large-scale scenario. Based on the passive beam splitter, Townsend et al. presented and realized the first QKD network. Overcoming this limit is a grand challenge; it will require quantum repeaters, entanglement swapping, and multimode quantum memories. The latter, namely storing and retrieving single-photons on demand in quantum memories with long quantum coherence times, is the most challenging step in this endeavor.
Although fiber is a good and commonly used medium for transmitting qubits, the installation of a dedicated optical channel for QKD purposes is not practical in all circumstances. A free space link is sometimes convenient, although it has its drawbacks, since it needs suitable atmospheric conditions, a visible light path, and an acceptable signal-to-noise ratio (SNR) that strictly limits usage time.
Nevertheless, many implementations have been demonstrated, the results obtained from experiments in Los Alamos and Munich in which a link between the ground and an aircraft flying at 290 km/h was established demonstrated promise with satellite connections. After performing a sequence of free space QKD experiments on the ground, China successfully launched the quantum satellite “Micius,” which demonstrated a satellite-to-ground QKD over a distance of 645 to 1200 kilometers
QKD Network Attributes
Key Rate. One of the vital parameters describing a QKD network is the average key rate of a QKD link. Since encryption and decryption operations cannot be performed without sufficient key material, the competition between the rate at which key material is stored in the key storage and the rate at which it is consumed for encryption and decryption operations has a major influence on network performance.
Comparing previously deployed QKD networks and testbeds chronologically, a rapid improvement in the development of quantum equipment is evident. QKD systems implemented in 2002 in the DARPA QKD network could achieve a key rate of approx. 400 bps over 10 km. In 2007, in SECOQC, the maximum key rate was 3.1 kbps over 33 km. The best performed solutions presented in Tokyo in 2009 achieved a key rate of 304 kbps over 45 km. In 2017, China built the 2,000-km Beijing-Shanghai backbone QKD network with devices typically achieving key rates of 250 kbps over 43 km.
For the latest jump to achieve record-high rates of around 10 Mbps, digital signal processing in FPGA was optimized. The throughput of measured qubits to enhance key rates has also been enhanced, especially for shorter links, by removing limitations without FPGA.
Link Length. The fundamental constraint of a QKD link is the length over which secure key material can be generated (due to scattering and absorption of polarized photons and other factors), which limits the ability of quantum channels (direct optical links or free line-of-sight) to a certain distance. It is interesting to compare the lengths of links in previously built QKD networks. The maximum length in the DARPA QKD network was a 29 km connection through the optical switch between Harvard and Boston Universities. In SECOQC, the maximum length of the link was 82 km between the BREIT and St. Pölten nodes, while in Tokyo, the maximum connection between the nodes was a record 90 km between the Koganei-1 and Koganei-2 nodes. In the Beijing-Shanghai Backbone QKD network, the maximum link length is 89.3 km between Hefei and Wuwei.
Protection of Key Material. The main reason for interest in QKD is the privacy of the established key material. This means that the nodes of a QKD network must be secured with a strong probability that the established key material is unique and inaccessible to third parties. The security of key material is evaluated not only when it is established but also when it is managed, stored, and eventually used. It is therefore important to secure each level of the QKD network architecture.
Key Usage. Because of scarce resources (generation key rate), communication in a network is reduced to a minimum, since each additional packet means spending an additional amount of previously established key material. Since communication is usually performed on a hop-by-hop basis that requires the trustworthiness of all nodes in the path, selecting the shortest routing path is necessary to minimize the number of nodes that can potentially be abducted or attacked by an eavesdropper. Also, involving longer paths requires a higher consumption of key material. During network congestion or problems in communication, used key material is deliberately discarded and new key material for retransmission is applied to reduce the risk of leaks. Therefore, minimizing the number of hops is preferable.
Robustness. Because of the cost and manner of implementation, QKD networks will slowly integrate into traditional and everyday telecommunication environments. It is important then to ensure robustness, which is reflected in the gradual and seamless addition of new nodes and establishment of new links. A QKD network needs to provide adequate replacement paths to avoid defective nodes or nodes under severe attack. Regardless of the security techniques, remembering that attackers can easily find ways of terminating optical links and breaking QKD connections is important. A QKD network must have an adequate response to such situations.
QKD Network types
QKD networks are used to extend the range of QKD systems and consist of static nodes that represent secure access points considered to have unlimited processing power and power supply. Because of the point-to-point behavior of the links connecting nodes, previously deployed testbeds have shown that secure keys in QKD networks can be transmitted from node to node in a hop-by-hop manner or through a key repeater concept. Common to both networks is the assumption that all nodes in a network should be trusted.
Switched QKD Networks
Switched QKD networks consist of nodes connected to a dedicated, fully optical network. This network contains a switching mechanism used to establish a direct optical point-to-point QKD connection between any two nodes in the QKD network. The limitations on distance in point-to-point QKD links restrict these networks to a metropolitan or regional scale . Since every optical switch adds at least several dB of loss to the photonic path, optical switches can significantly reduce a network’s range.
The main drawback of switched QKD networks is the requirement of dedicated optical infrastructure for quantum channels, which is often not economically feasible. By contrast, the major advantage of this class of networks is the reliance on an optical switch that allows establishing a connection between two nodes without the active participation of other network nodes.
Another drawback of switched QKD networks is the consistency of the applied QKD technique. Combining different QKD techniques such as free-space QKD and QKD over fiber is not possible, since no suitable devices that could perform this transformation in the path are available.
Trusted Repeater QKD Networks
In trusted repeater QKD networks, the security of each node along the transmission path is essential for securely transmitting information (hence the name). Point-to-point communication between two nodes provides identical keys to the nodes and thus enables secure communication. Taking into account the lack of a quantum repeater, nodes are also responsible for routing and forwarding mechanisms. Organizing a network in this manner is its greatest drawback, because the security of transfer depends on the security of all the nodes in the path. However, trusted repeater networks are not limited by distance or node numbers and can be made up of different QKD devices implementing different QKD technologies.
QKD Network Architecture
QKD network has often been described using several layers:
- A quantum layer where a secure symmetrical key is established.
- A key management layer used to verify and manage the previously established key.
- A communication layer where the established key is used to secure data traffic.
Three-layer architecture of the Tokyo QKD Network. It consists of the quantum, the key management, and the communication layer.
QKD is a key agreement primitive and as such is located in the lowest (basic) layer of the QKD network architecture. Taking into account different rates of key material consumption by different applications, a situation in which not enough key material is available to meet the needs of higher layers is not desirable. The quantum layer therefore needs to continuously establish key material. To provide a guaranteed level of service, the QKD network should have a detailed view in its resources and capacities.
The two upper layers can have different and independent network organization, as communication between nodes is achieved through existing standard connections, such as the Internet, where an arbitrary number of intermediate devices can be included. The key management layer is in charge of managing the key storage resources, routing protocols, quality of service (QoS), and so on. The topmost communication layer uses previously established key material to encrypt data traffic by using an existing security protocol suite, such as Internet Protocol Security (IPSec). However, the described hierarchy distributes the responsibility for security across all three layers.
While the previously described QKD network types relate to the organization of quantum channels, the QKD overlay network type refers to public channel realization. The primary goal of the overlay network is achieving the higher hierarchy network with the aim of providing a better QoS and utilizing the resources of lower-level networks.
In doing so, the overlay network aims to be independent of the defined paths from Internet Service Providers (ISP). Finding alternative routes that can provide a service with a higher degree of quality and quick rerouting in the case of interrupt detection or using multipath communications are key features of the overlay network approach. The use of multipath connections is an often suggested solution for improving network workloads through protecting against network failures, network load balancing, large bandwidth implementation, low-delay time selection, and more. Studies have shown that at least four link-disjoint paths between large ISPs are present in 90% of point-of-presence pairs.
The overlay network can help overcome these challenges by establishing the network with a peer-to-peer approach. The overlay network connects nodes in different domains and allows the use of alternative paths by encapsulating traffic to the traffic in the lower network. When an intermediate node in the path received the packet, the node will unpack the packet, analyze the IP address of the recipient, re-encapsulate packet again, and forward it further to network nodes that may be in other domains. Simply, it is a hop-by-hop approach popularly applied in QKD networking . Considering the encapsulation principle, overlay nodes independently perform link state measurements and can respond more quickly to link congestion by redirecting traffic to other less-congested links. Overlay networks can offer new functionality that is difficult to perform in lower-layer networks. The overlay QKD approach is attractive, since it can be used to bypass “untrusted” nodes and perform quick rerouting when trust in nodes is no longer valid or multipath communication is required
Software-defined network (SDN) paradigm to QKD networks
Mitigating the physical impairments is not the only challenge towards an integrated quantum–classical network. Automated network operation is a necessary feature to lower the total cost of ownership to enable the adoption of QKD on a large scale. One proposal is to extend the software-defined network (SDN) paradigm to QKD networks. Software-defined networking (SDN) allows the control (management) and data (forwarding) planes to be separated. SDN allows the integration of new technologies and services at a faster pace while enabling centralized management and optimization based on network programmability and configurability principles.
An SDN network is conceptually organized into three layers. The control and management layer knows the status of the entire network and can optimize its behavior through a centralized entity known as the SDN controller. The controller identifies the capabilities of the devices installed in the infrastructure layer through a set of standard mechanisms (southbound interface). It also knows the requirements of the different applications running in a network through standard interfaces (northbound interface). Its role is to optimize resources and provide the means for devices and services to fulfill their tasks.
A QKD system installed in infrastructure can export its requirements to the controller so it can create a specific path with the required optical characteristics (i.e., maximum tolerated noise, attenuation, etc.) to connect the emitter to the receiver (either on a single or multi-hop path) and satisfy an application’s requirements. This allows an unprecedented means of creating a fully integrated classic/quantum network and genuinely zero-configuration QKD devices that can be directly plugged into a standard telecommunications network.
One of the proposed architecture consists of four layers: an optical layer, where classical channels are switched into optical cross-connects; a separate QKD layer, consisting of interconnected QKD trusted nodes; a control layer, in charge of the concurrent control of classical and quantum channels; and the application layer. A common path computation engine (PCE) for classical and quantum channels takes into account mutually induced penalties and common constraints, such as the total number of wavelengths. The segmentation of a single wavelength channel in multiple time slots to gain spectral efficiency and exploit bandwidth resources across the entire network is also envisaged.
It is assumed that the secret keys for a service request with specific security demands are exchanged between the source and destination
nodes at fixed time intervals. Each time interval consists of the channel estimation and calibration time, qubit exchange time, key sifting time, and key distillation time.
Other examples of how the SDN and network function virtualization (NFV) paradigms—widely adopted in classical networks—can be extended to quantum networks, including internet of Things (IoT) and 5G applications, are also reported , further proving the importance of moving from current point-to-point setups to more complex topologies. Furthermore, recent advances in machine learning (ML) can greatly help to improve the automation of QKD systems, whose performance depends of many parameters that must be finely tuned, thereby significantly decreasing operational and maintenance costs.
In one implementation, ML is used in a hybrid classical–quantum network to estimate the channel performance versus various spectrum allocations, launch powers, and channels spacings, and predict the optimal configuration. Similarly, ML-based parameter optimization, such as the choice of intensities and probabilities, has also been performed.
Richard J. Hughes, and other researchers from Los Alamos National Laboratory, USA have demonstrated a new, scalable approach to quantum information assurance called Network-Centric Quantum communications (NQC), and have shown that it can solve new network security challenges in the critical infrastructure control sector, in particular.
In NQC, BB84-type quantum communications (QC) between each of N client nodes and a central server node at the physical layer support a quantum key management (QKM) layer, which in turn enables secure communications functions (confidentiality, authentication and nonrepudiation) at the application layer between client pairs. Swiss Quantum project also plans to build a key management layer on top of QKD equipment to route and relay keys securely across meshed networks.
Researchers have devised and developed an impressive collection of network architectures for QKD. Combined with increasingly mature QKD devices, these developments enabled QKD networks to be deployed over real-world telecommunication networks.
Telefónica, Huawei and UPM perform a groundbreaking field trial applying quantum cryptography on commercial optical networks to provide secure communication services
Telefónica, Huawei, and UPM (Universidad Politécnica de Madrid) have performed a groundbreaking field trial, the first one worldwide, demonstrating the application of quantum cryptography on commercial optical networks, and their operational integration by means of Software Defined Networking (SDN) technologies. As Juan-Ignacio Cirac, distinguished physicist specialized in quantum computing and member of the Telefónica Board, says: “We can make a random bit sequence to appear at one place and simultaneously at another one, without making it pass in between.
“The ability to use new network technologies like SDN, designed to increase the flexibility of the network, together with new QKD technology is what allows us to really converge quantum and classical networks on the existing optical fiber infrastructure. Now we have, for the first time, the capability to deploy quantum communications in an incremental way, avoiding large upfront costs, and using the same infrastructure”, remarks Vicente Martin, Head of the Center for Computational Simulation who leads the team at UPM.
The field trial relies on a novel “Continuous Variables” (CV) QKD technology. A particular feature of the tested devices is that they are flexible, software-controlled ones. The systems are optimally adapted to a seamless integration in the dynamical environment of SDN and Network Function Virtualization (NFV) networks, where the creation and modification of the optical fiber paths and required encryption, follows commands received over software-based control interfaces. The latter functionality is ensured by integrating the CV-QKD devices with standard Optical Transport Network ones. The full scale QKD and SDN-NFV integration opens the way of providing high level security of novel flexible but critical infrastructures.
“The test CV-QKD devices that we present here have the inherent CV advantages: they do not need (ultra) low-temperature (bulky) Single Photon Avalanche Detectors and can (potentially) reuse classical optical coherent communication technology. Moreover instead of addressing performance records alone we have chosen a flexible design focusing on control and key delivery interfaces, showing the feasibility of more seamless future integration into modern networks”.
The field trial employs the optical infrastructure provided by Telefónica Spain, connecting three different sites within the Madrid metropolitan area where software-controlled CV-QKD devices, developed by the Huawei Research Lab in Munich in collaboration with UPM are installed, together with SDN-based management modules developed by Telefónica’s
However, QKD requires a high-quality optical fiber physical infrastructure, and Telefónica is very well positioned to provide services based on this technology.
BT planning QKD To Root Out Fiber-Optic Hacks
The entire global economy runs on the backbone of a undersea network of fiber-optic cables, that keeps our internet running. There is growing cyber threat challenge for infrastructure and telecommunications operators, cyber criminals and other state adversaries may tap into them leaking out or stealing the data. “Take an optical fiber, the thickness of your hair,” says Jonathan Legh-Smith, who heads up partnerships and strategic research at BT Group. “If you bend it, light will start to leak out. If light is coming out, you can detect it, you can tap into it.” Tapping into a fiber-optic cable to steal around 1% of the light passing through is “usually not detectable,” he added. But harnessing quantum physics can help detect even minor infractions in the data flow, says Legh-Smith.
The secret tapping of undersea cables is said to have helped end the Cold War. In October 1971, U.S. submarines installed devices that wrapped around a copper communications cable used by the Soviet Union and picked up the vibrations of information passing through them. The devices were part of a program known as Operation Ivy Bells. More recently, whistleblower Edward Snowden revealed that the NSA had also sought to gather some of the data flowing through fiber-optic cables, in a program known as Muscular.
BT conducted field trials for quantum key distribution back in 2015 together with Toshiba, in which it was able to use the laws of quantum physics to decrypt data over a fiber-optic line in real time. Legh-Smith describes it as a world first. But the challenge now is to get the technology small and cost-effective enough to work across the company’s network. “It needs to be a solution we can integrate into our services,” he says.
Some of BT’s higher-end customers are financial firms and those healthcare companies that send and receive highly sensitive data, and these would be some of the early users of a quantum-based system that could detect hacks on a fiber-optic line, he added.