Using quantum key distribution for cryptographic purposes: a survey

The appealing feature of quantum key distribution (QKD), from a cryptographic viewpoint, is the ability to prove the information-theoretic security (ITS) of the established keys. As a key establishment primitive, QKD however does not provide a standalone security service in its own: the secret keys established by QKD are in general then used by a subsequent cryptographic applications for which the requirements, the context of use and the security properties can vary. It is therefore important, in the perspective of integrating QKD in security infrastructures, to analyze how QKD can be combined with other cryptographic primitives. The purpose of this survey article, which is mostly centered on European research results, is to contribute to such an analysis. We first review and compare the properties of the existing key establishment techniques, QKD being one of them. We then study more specifically two generic scenarios related to the practical use of QKD in cryptographic infrastructures: 1) using QKD as a key renewal technique for a symmetric cipher over a point-to-point link; 2) using QKD in a network containing many users with the objective of offering any-to-any key establishment service. We discuss the constraints as well as the potential interest of using QKD in these contexts. We finally give an overview of challenges relative to the development of QKD technology that also constitute potential avenues for cryptographic research.Comment: Revised version of the SECOQC White Paper. Published in the special issue on QKD of TCS, Theoretical Computer Science (2014), pp. 62-8

A Novel approach to quality-of-service provisioning in trusted relay quantum key distribution networks

In recent years, noticeable progress has been made in the development of quantum equipment, reflected through the number of successful demonstrations of Quantum Key Distribution (QKD) technology. Although they showcase the great achievements of QKD, many practical difficulties still need to be resolved. Inspired by the significant similarity between mobile ad-hoc networks and QKD technology, we propose a novel quality of service (QoS) model including new metrics for determining the states of public and quantum channels as well as a comprehensive metric of the QKD link. We also propose a novel routing protocol to achieve high-level scalability and minimize consumption of cryptographic keys. Given the limited mobility of nodes in QKD networks, our routing protocol uses the geographical distance and calculated link states to determine the optimal route. It also benefits from a caching mechanism and detection of returning loops to provide effective forwarding while minimizing key consumption and achieving the desired utilization of network links. Simulation results are presented to demonstrate the validity and accuracy of the proposed solutions

Field test of a continuous-variable quantum key distribution prototype

We have designed and realized a prototype that implements a continuous-variable quantum key distribution protocol based on coherent states and reverse reconciliation. The system uses time and polarization multiplexing for optimal transmission and detection of the signal and phase reference, and employs sophisticated error-correction codes for reconciliation. The security of the system is guaranteed against general coherent eavesdropping attacks. The performance of the prototype was tested over preinstalled optical fibres as part of a quantum cryptography network combining different quantum key distribution technologies. The stable and automatic operation of the prototype over 57 hours yielded an average secret key distribution rate of 8 kbit/s over a 3 dB loss optical fibre, including the key extraction process and all quantum and classical communication. This system is therefore ideal for securing communications in metropolitan size networks with high speed requirements.Comment: 15 pages, 6 figures, submitted to New Journal of Physics (Special issue on Quantum Cryptography

Field test of quantum key distribution in the Tokyo QKD Network

A novel secure communication network with quantum key distribution in a metropolitan area is reported. Different QKD schemes are integrated to demonstrate secure TV conferencing over a distance of 45km, stable long-term operation, and application to secure mobile phones.Comment: 21 pages, 19 figure

Controlling passively-quenched single photon detectors by bright light

Single photon detectors based on passively-quenched avalanche photodiodes can be temporarily blinded by relatively bright light, of intensity less than a nanowatt. I describe a bright-light regime suitable for attacking a quantum key distribution system containing such detectors. In this regime, all single photon detectors in the receiver Bob are uniformly blinded by continuous illumination coming from the eavesdropper Eve. When Eve needs a certain detector in Bob to produce a click, she modifies polarization (or other parameter used to encode quantum states) of the light she sends to Bob such that the target detector stops receiving light while the other detector(s) continue to be illuminated. The target detector regains single photon sensitivity and, when Eve modifies the polarization again, produces a single click. Thus, Eve has full control of Bob and can do a successful intercept-resend attack. To check the feasibility of the attack, 3 different models of passively-quenched detectors have been tested. In the experiment, I have simulated the intensity diagrams the detectors would receive in a real quantum key distribution system under attack. Control parameters and side effects are considered. It appears that the attack could be practically possible.Comment: Experimental results from a third detector model added. Minor corrections and edits made. 11 pages, 10 figure

Topological optimization of quantum key distribution networks

A Quantum Key Distribution (QKD) network is an infrastructure that allows the realization of the key distribution cryptographic primitive over long distances and at high rates with information-theoretic security. In this work, we consider QKD networks based on trusted repeaters from a topology viewpoint, and present a set of analytical models that can be used to optimize the spatial distribution of QKD devices and nodes in specific network configurations in order to guarantee a certain level of service to network users, at a minimum cost. We give details on new methods and original results regarding such cost minimization arguments applied to QKD networks. These results are likely to become of high importance when the deployment of QKD networks will be addressed by future quantum telecommunication operators. They will therefore have a strong impact on the design and requirements of the next generation of QKD devices.Comment: 25 pages, 4 figure

Feasibility of quantum key distribution through dense wavelength division multiplexing network

In this paper, we study the feasibility of conducting quantum key distribution (QKD) together with classical communication through the same optical fiber by employing dense-wavelength-division-multiplexing (DWDM) technology at telecom wavelength. The impact of the classical channels to the quantum channel has been investigated for both QKD based on single photon detection and QKD based on homodyne detection. Our studies show that the latter can tolerate a much higher level of contamination from the classical channels than the former. This is because the local oscillator used in the homodyne detector acts as a "mode selector" which can suppress noise photons effectively. We have performed simulations based on both the decoy BB84 QKD protocol and the Gaussian modulated coherent state (GMCS) QKD protocol. While the former cannot tolerate even one classical channel (with a power of 0dBm), the latter can be multiplexed with 38 classical channels (0dBm power each channel) and still has a secure distance around 10km. Preliminary experiment has been conducted based on a 100MHz bandwidth homodyne detector.Comment: 18 pages, 5 figure

The Security of Practical Quantum Key Distribution

Quantum key distribution (QKD) is the first quantum information task to reach the level of mature technology, already fit for commercialization. It aims at the creation of a secret key between authorized partners connected by a quantum channel and a classical authenticated channel. The security of the key can in principle be guaranteed without putting any restriction on the eavesdropper's power. The first two sections provide a concise up-to-date review of QKD, biased toward the practical side. The rest of the paper presents the essential theoretical tools that have been developed to assess the security of the main experimental platforms (discrete variables, continuous variables and distributed-phase-reference protocols).Comment: Identical to the published version, up to cosmetic editorial change

Path Selection for Quantum Repeater Networks

Quantum networks will support long-distance quantum key distribution (QKD) and distributed quantum computation, and are an active area of both experimental and theoretical research. Here, we present an analysis of topologically complex networks of quantum repeaters composed of heterogeneous links. Quantum networks have fundamental behavioral differences from classical networks; the delicacy of quantum states makes a practical path selection algorithm imperative, but classical notions of resource utilization are not directly applicable, rendering known path selection mechanisms inadequate. To adapt Dijkstra's algorithm for quantum repeater networks that generate entangled Bell pairs, we quantify the key differences and define a link cost metric, seconds per Bell pair of a particular fidelity, where a single Bell pair is the resource consumed to perform one quantum teleportation. Simulations that include both the physical interactions and the extensive classical messaging confirm that Dijkstra's algorithm works well in a quantum context. Simulating about three hundred heterogeneous paths, comparing our path cost and the total work along the path gives a coefficient of determination of 0.88 or better.Comment: 12 pages, 8 figure