Quantum key distribution (QKD), establishes highly secure keys between distant parties by using single photons to transmit each bit of the key. A unique aspect of quantum cryptography is that Heisenberg’s uncertainty principle ensures that any attempts to intercept and measure quantum transmissions, will introduce an anomalously high error rate in the transmissions between Alice and Bob, allowing them to detect the attempted eavesdropping. QKD is suitable for use in any key distribution application that has high security requirements including financial transactions, electoral communications, law enforcement, government, and military applications.
Currently Most Quantum Communication links are direct point-to-point links through telecom optical fibers and, ultimately limited to about 300-500 km due to losses in the fiber. Other factors are high background noise of practical single-photon detectors, BER rates caused by microscopic impurities in the fiber and inefficient finite-key security analysis.
Most of the effort on QKD system design and experimental demonstrations have however so far been realized on dark fiber. This restricts the deployability of QKD to a limited number of scenarios where the barriers associated with dark fiber availability and price can both be overcome.
However, most QKD systems are based on a point-to-point link, where the transmitter (Alice), and the receiver (Bob), generate a quantum key between two specific parties. In a future scenario, where QCs become standard technology, and where infrastructures, like banks and government buildings, will be connected through a quantum network, new principles in terms of key generation are required. The concept of a QKD network where customers need parallel independent keys, connecting multiple end-users and different nodes, will be highly useful.
Thus, further research is needed to develop large-scale QKD networks. The ability to support both classical and quantum communication channels on a shared, reconfigurable, transparent wide-area optical network infrastructure is the ultimate condition for the commercial success of QKD systems, but it requires the coexistence of quantum and classical optical channels on the same fiber infrastructure.
Wavelength division multiplexing (WDM)
One of the technology required for integration of classical and quantum networks is Wavelength division multiplexing (WDM) that allows sharing a single optical fiber to transport multiple optical channels using different wavelengths.
Wavelength division multiplexing (WDM) allows sharing a single optical fiber to transport multiple optical channels using different wavelengths. WDM compatibility of quantum and classical communications would allow to deploy QKD on lit fiber. This would boost the compatibility of quantum communications with existing optical infrastructures and lead to a significant improvement in terms of cost-effectiveness and addressable market for QKD.
Wavelength division multiplexing (WDM) has been demonstrated as an important technology to overcome the inefﬁciency of splitter QKD networks. Previous research has proposed a multi-user QKD network that transmits optical pulses with different wavelengths to different users (Brassard et al. 2003). The keyrate per user decreased as 1/N, where N is the total number of users. Though researchers tried to modify the plug-and-play set-up to keep the key generation rate per user independent of the number of users, the possibility of signal crosstalk between different users still arose. Recently, more and more WDM-QKD systems and networks have been studied
A QKD network is a sub-network within a standard communication network. A QKD network only exchanges secure keys, it does not send secure messages. Secure messages are sent over the standard communication network, using the secure keys established by the QKD network. The first step is to extend the current point-to-point QKD systems into a QKD network.
QKD links integration into Networks
Networks are commonly divided into three categories, (i) local area networks (LAN); (ii) metropolitan area networks (MAN) and (iii) wide area networks (WAN). The LAN, sometimes referred to as a campus area network, is a short distance network (usually <5 km) typically using a star/hub topology. For this type of network, mass produced hardware is deployed since low-cost is a significant consideration. MANs are geographically larger than LANs and usually cover a city area (<50 km). MANs are usually based on a ring or mesh network topology implemented with Wavelength Division Multiplexing (WDM) technology. A WAN, sometimes called a core network or long-haul network, covers a broad area linking metropolitan areas and crossing national boundaries (e.g., several hundreds km or longer). This type of network usually uses a mesh network topology and Dense WDM (DWDM) technology. Long distance and high throughput are the main requirements for this kind of network.
For LANs, QKD systems at 850-nm are a good choice, since silicon avalanche photo diodes (Si-APDs) operate well at this wavelength and the attenuation in optical fiber is acceptable over such short distances. Si-APDs can operate in free-running mode and the jitter response is about several hundred ps, which allows the 850-nm QKD system to operate at clock rates in excess of 1 Gb/s.
For QKD over a MAN, the wavelength of the quantum signal should be in the 1310-nm or 1550-nm bands, where telecom fibers experience the lowest loss. WDM and erbium-doped fiber amplifier (EDFA) technologies, widely used in MANs, result in noise over single photon level throughout the 1550-nm band caused by the Raman scattering of strong optical communication signals and the amplified spontaneous emission (ASE) of EDFAs. Hence the best choice of wavelength for WDM of QKD systems in a MAN is in the 1310-nm band to co-exist with standard telecom using the 1550-nm band.
The available detectors that operate in this wavelength are InGaAs avalanche photodiodes (APD) and superconducting single-photon detectors. InGaAs APDs must be operated in a gated mode (Geiger mode) and the system clock rate is limited by the available gating frequency of the device, typically several MHz. As a result, the sifted-key rate is also limited. Superconducting single-photon detectors (SSPDs) can be operated in a free-running mode and their time response is usually less than 100 ps. However, SSPDs are expensive and complicated to use because they need to be operated at a very low temperature (4 K). By contrast silicon APDs are low cost, operate un-gated at relatively high data rates and don’t require cooling. The peak detection efficiency of silicon APDs is around 70% near 650 nm, which is the highest among these single-photon detectors. The limitation of the Si-APD is that its detection efficiency decreases rapidly at wavelengths longer than 1000-nm.
There are two schemes for a QKD network, passive and active. The passive scheme is based on the optical node, which can be an optical splitter, optical switch, multiplexer or other optical passive devices for example, the optical coupler, to implement multi-user connectivity , that is “broadcast” from one node to multiple nodes.. Optical node devices are easy to install, and the QKD networks can be applied widely in metropolitan area networks (MANs). Several groups have successfully demonstrated a QKD network based on this scheme.
However, in passive communication networks, the photons (and hence the bits that they represent) are split by couplers according to their coupling ratio and distributed proportionally to each node, resulting in a greatly reduced key rate between each node. Because the splitter cannot route each photon to each user deterministically and the path choice therefore is made randomly, photons inevitably are wasted as soon as one or more paths are not used. Therefore the single-user key generation rate drops many fold with increasing number of users.
The other is the repeater paradigm, usually called the ‘hop-by-hop’. The second scheme adopts active optical components such as optical switches, to dynamically control the communication path. This scheme is similar to and compatible with current optical networks, and establishes a reconfigurable QKD network. The system switching time and the influence of the active optical devices on the QKD system are the main factors used to evaluate this type of network.
However, the safety of the latter is relatively difﬁcult to guarantee, because it depends on absolute trust of the intermediate sites. This implies the deployment of key-regenerated meshed networks, where quantum traffic is inefficiently regenerated at every node, leading to wasted energy and bandwidth resources and negatively impacting on security. Moreover, a separate classical network is still necessary, as required by practical QKD systems not using one-time pad encryption. In contrast, the former is no need for trusted intermediate sites; this guarantees its unconditional security.
Challenges and Requirements
Considering that the transmitted optical power in classical optical networks is orders of magnitude higher than for quantum communication, multiplexing classical and quantum signals on the same fiber can result in significant performance impairment for the quantum channel, due to insufficient isolation of optical filters or non-linear propagation effects.
The first issue is the link distance: optical fiber loss and photodetection noise limit the distance of the current generation of QKD systems to about 200 km, one order of magnitude less than the distance achieved by classical long-haul systems, which appears to be a challenging goal for QKD systems, even when considering the progress single-photon source, low-noise single-photon detector, and low-loss optical fiber technologies.
Besides the distance challenge, in a mixed quantum–classical network, quantum information must be dynamically routed from the transmitter of any node to the receiver of any other node, as currently happens in classical optical networks, which use tunable lasers and reconfigurable optical add drop multiplexers (ROADMs) for this purpose. ROADMs are based on photonic devices, such as wavelength selective switches (WSSs) and arrayed waveguide gratings (AWGs), which in principle preserve the quantum information.
However, their current performance is not specified for quantum channels. For example, the residual crosstalk among different wavelengths could be an issue for the highly sensitive quantum channel, as well as requiring the use of noisy optical amplifiers to compensate for the device loss. The principle operation of a ROADM-based quantum–classical dense wavelength division multiplexing (DWDM) network operating at 1550 nm has been reported, where a quantum channel coexists with two simultaneous 200 GHz spaced classical telecom channels. However, as reported in the same paper, Raman and four-wave mixing impairments severally limit the application space of such systems, operating entirely in the 1550 nm window.
A list of high-level design features to ensure the coexistence of quantum and classical optical channels on the same network infrastructure is provided below:
– High-isolation (>100 dB) wavelength division multiplexing (WDM) of quantum and classical channels to remove crosstalk generated by classical channels and spontaneous emission noise generated by optical amplifiers from the quantum channel band.
– A proper wavelength plan to minimize the transfer of linear and non-linear noise from classical channels into quantum channels.
– Optical bypass of quantum channels in optical amplifiers and other non-quantum compatible devices.
– Signal-format transparent and independent optical switching for quantum and classical channels.
In systems where quantum and classical signals coexist in the same fiber, the noise due to the classical channels must be measured with high accuracy. As a rule of thumb, any in-band noise contribution should be less than the quantum system detector dark noise. For Indium Gallium Arsenide Phosphide (InGaAsP) avalanche photo-diodes (APDs) in Geiger mode, the dark count probability can be as low as 10−7 over one nanosecond. In order to avoid a negative impact on the performance of a QKD system, the average noise optical power in the quantum band should be less than −138 dBm, corresponding to 1.24 × 107 photons/ns in the 1550 nm band.
This rule does not apply to future single-photon detectors, designed to have almost no intrinsic dark counts: in this case, detectors
themselves can also be used to measure the noise level with high accuracy.
The noise level must be much lower than the level considered in classical optical communications. Spontaneous emission noise from lasers and optical amplifiers are two examples of noise sources from a classical system. Its typical values, in the order of hundreds of photons/ns at 1550 nm, are incompatible with single-photon quantum communication systems, but they decrease to 10–2–10−3 photons/ns in the 1300 nm region, making quantum–classical coexistence possible using high–isolation optical filters. Deep notch filters used to suppress the noise before the quantum channel insertion, having an adjacent channel isolation of about 75 dB, are an alternative to band duplexers to allow the coexistence of quantum and classical channels in the same 1550 nm band, having the advantage of lower fiber attenuation. However, they need an active control of the central frequency to compensate for any offset from the channel frequency (e.g., due to thermal drift). The filter specifications are even more stringent at the optical demultiplexer, placed before the receiver, where an isolation of about 120 dB is required.
Optical filters cannot remove in-band noise, such as that generated by light scattering of classical optical channels, as they propagate in the fiber. Rayleigh and Brillouin scattering add a significant noise contribution only when the quantum channel is very near to the conventional channel and can be mitigated by allocating a frequency gap of at least 100 GHz. Raman scattering noise, which is approximately 200 nm wide, can lead instead to a severe performance impairment and requires a proper wavelength allocation plan and channel optical power control. Coexistence of a quantum channel in the 1300 nm band with four classical DWDM channels with an aggregate power of 2 dBm
in the 1550 nm band was demonstrated for a system with a dark count level of 10−3 photons/ns over 25 km of standard single mode fiber (SSMF).
Another experiment showed that at least 170 nm of separation are required between the QKD signal and a single 6 dBm conventional channel. System feasibility with a lower separation between quantum and classical channels was experimentally demonstrated with a CV-QKD system. In the experiment, a classical channel at 1550.12 nm was multiplexed with a CV-QD channel at 1530.12 nm. A positive key rate was obtained at 25, 50, and 75 km for classical channel power of 11.5 dBm, 5.5 dBm, and −0.5 dBm, respectively. With a single 0 dBm classical channel at a distance of 25 km, the key rate was 24.11 kbit/s, dropping to 3.16 kbit/s at 50 km. Reducing the classical channel power to −3 dBm, 0.49 kbit/s was obtained over 75 km.
The impact of noise sources differing from Raman scattering was analyzed in, such as imperfect demultiplexer isolation, Rayleigh scattering, Brillouin backscattering, Brillouin-guided acoustic wave scattering, four-wave mixing, amplified spontaneous emission, sideband photons, and cross-phase modulation. The analysis showed a negligible cumulative contribution to the measured excess noise compared to the Raman scattering noise.
QKD Network Implementations
Examples of experiments running quantum and classical channels on the same fiber are reported in Table
Toshiba, ADVA Optical Networking and BT create world record 200 GB/s data transmission wavelength division multiplexing (WDM) over a 100km length of fibre
Toshiba, ADVA Optical Networking and BT have announced a breakthrough in Quantum based encryption technology, successfully securing 200GB/s of data over a 100km length of fibre using quantum cryptography. For the record-breaking trial, which broke the Lab’s own 40Gbit/s record, Toshiba’s Cambridge Research Lab worked with ADVA Optical Networking (which provided the data transmission system) and BT’s R&D hub at Adastral Park near Ipswich where the demonstration took place.
The system, which encodes encryption keys onto single photons, is able to transmit data five times faster than the previous record for quantum-encrypted data of 40GB/s. This latest breakthrough is another step on the road to “unhackable” networks as, with this type of quantum encryption, if a person tries to compromise the network and read the data they will change the encoding and alert the system that a breach has been attempted.
Wavelength filtering for multiplexing classical and quantum channels in WDM
For this experiment, researchers used Wavelength Division Multiplexing to multiplex six wavelength channels in total, two each at 100Gbit/s for the data and four including data and clock channels for the quantum keys.
However, coexistence with intense classical channels raises new challenges for QKD. The optical power used on optical classical channels is orders of magnitude higher than for quantum communication. Multiplexing classical and quantum signals on a single fiber can result in very important additional noise for the quantum communication, due to insufficient isolation or to optical nonlinear effects . Raman scattering spills data photons into the key channel.
Coping with such noise is in general a major problem for QKD systems and filtering techniques are needed to improve the ratio between quantum signal and WDM-induced noise. The implementation of this filtering can result in additional losses and severely impact the performance of QKD.
“Lots of scattered light makes detecting key photons difficult,” Dr Andrew Shields, assistant MD of Toshiba Research Europe, told Electronics Weekly. “We filter the arriving key channel light in wavelength and time.”
Wavelength filtering is through a optical bandpass filter – narrower than those used in normal WDM (wavelength division multiplexed) fibre networks, and time filtering is based opening the receiver only when a key photon might be expected – a key photon is sent every nanosecond, signalled by the clock channel, and is around ~100ps long at the receiver.
Regional QKD Network
Due to the fact that it requires a direct optical link, QKD technology is inherently limited to point-to-point. Another important milestone is, quantum network, or more precisely QKD network to extend QKD from point-to-point configuration to multi-user and large-scale scenario.
The next step in Cambridge is to build a network and demonstrate end-to-end quantum cryptography through that. According to Shields, his team has already demonstrated it working through an optical switch. “If the network is all-optical, we are able to form quantum keys end-to-end,” he said. “If it has electrical switching, the intermediate nodes have to be placed in a physically-secure area, for example at a telco or company office. There are ways to the possibility of attack against intermediate nodes: using secret sharing schemes, for example.”
The Cambridge team is also collaborating in an EPSRC-funded long-term trial involving building a Cambridge-London-Bristol quantum cryptography network with metro networks at the Cambridge and Bristol nodes. Potential users will be able to use it for application development.
The distribution of quantum states over long distances is essential for future applications such as Regional, National or global scale quantum networks based on Quantum Key Distribution. Such quantum internet will be useful for distributed quantum computing, distributed cryptographic protocols and dramatically lowering communication complexity,
Toshiba is also involved in a system to secure genome data using quantum cryptography in Sendai, Japan. This kind of data is unique in that it might have to stay secure for many human generations. “If it is encrypted using today’s technology, someone might save it [snooped data] and decrypt it when computers are more powerful,” said Shields. “You can’t do this with quantum encrypted data, even with quantum computers.” Governments and banks are other potential users.
Most of current quantum communication testbeds and early commercial systems rely on DV-QKD, which was extensively investigated and compared to its competitor, CV-QKD. However, DV-QKD requires dedicated devices, which may forever limit its application to niche markets, which are not too sensitive to costs. CV-QKD potentially overcomes this issue reusing device already developed for classical communication systems.
However, while for DV-QKD many security proofs exist, the guaranteed security level of CV-QKD is more uncertain, making it questionable if it is worthwhile to introduce a further encryption layer besides the ones already existing (ranging from physical to packet layers) in classical communications networks.
However, the most serious concern about QKD systems, regardless of whether they are based on discrete or continuous variables, is that they are conceived for short-distance, low-capacity point-to-point links. The ability to support high data rates over long distances remains unsolved.
Optical networks where classical and quantum channels coexist are a possible answer, but the achievable performance is far from acceptable, as the experiments discussed in the previous sections show. Spatial division multiplexing (SDM) is another possibility to increase the capacity, splitting and sending the key over parallel multiple fibers or spatial modes. In , a 33.6 Mbit/s key rate was achieved over 9.8 km, using a 7-core multicore fiber. SDM may be an interesting technique for data center interconnection, characterized by relatively short point-to-point links and ultra-short chip-to-chip interconnection