Cerberis QKD Server
- Provides quantum-safe key exchange: robust against attacks from quantum computers
- Future-proof security: quantum keys ensure long-term data protection and forward secrecy
- Integrated with Centauris link encryptors and widely deployed in the market since 2007
- Versatile: may provide secured quantum keys for any encryption device
- Scalable: one quantum key server can distribute keys to several encryptors for up to 100Gbps of data
- Fully automated key exchange with continuous key renewal
- Integrated entropy source based on a Quantum Random Number Generator
- Adaptable: Works on dark fibre and WDM networks
Cerberis QKD servers are used to provide highly secure quantum encryption keys to Centauris network encryptors for long term data security in point-to-point data center interconnect and metropolitan backbone optical networks.
ID Quantique’s Cerberis solution is the ultimate in quantum-safe cryptography.
Combined with IDQ’s Centauris high-speed layer 2 encryptors, it guarantees long-term protection of data into the quantum era, when the massive processing power of quantum computers will break today’s public key exchange mechanisms.
The Cerberis quantum key distribution (QKD) platform guarantees provable forward secrecy of data, as well as providing an anti-eavesdropping mechanism to ensure secure key exchange on point-to-point backbone and storage networks.
An Overview of Quantum Key Distribution
IDQ’s Cerberis Quantum Key Distribution (QKD) server may be added as an upgrade to the Centauris solution to provide an additional layer of security for long term protection of highly sensitive information.
In the next decade or so, the massive processing power of quantum computers will render much of the current encryption unsafe – and specifically the public key cryptography used for key exchange. The threat today is that criminals can already download data in transit, and then decrypt it offline by brute force attacks or using known algorithms on a quantum computer. This means that governments or enterprises, which must protect some classifications of data for over five or even ten years, have a limited time frame to move to “quantum-safe” crypto solutions. They need to deploy such quantum-safe solutions already today.
IDQ’s quantum-safe cryptography solutions are designed and built for such quantum-era security, with the goal to protect mission-critical data which has long-term sensitivity and value.
Current conventional cryptographic techniques rely on mathematical approaches (public key) to secure initial exchange of the symmetric AES master key. However the security that public key cryptography offers is based on unproven assumptions and depends on the amount of processing power available to an eavesdropper.
Quantum Key Distribution (also known as Quantum Cryptography) is a breakthrough technology exploiting the strengths of quantum physics. A fundamental principle of quantum physics – observation causes perturbation – is exploited to exchange secret keys between two remote parties over an optical fiber. This means that any eavesdropper can be detected, and passive interception becomes impossible, providing unprecedented security.
The QKD server autonomously generates, manages and distributes quantum keys to one or more Centauris encryption appliances through a secure dedicated channel. A quantum random number generator embedded in the QKD server guarantees that the encryption keys are produced in an absolute random way with high-quality entropy. Different QKD protocols are supported. In practice, QKD is combined with conventional key distribution techniques (dual key agreement) to produce a key that is as secure as the strongest of the two original keys. This approach offers the best of the classical and quantum worlds.
In summary, QKD provides quantum-safe long-term protection for data in transit which is not vulnerable to mathematical progress, increases in computing power for brute force attacks or quantum computers. On the contrary, classical cryptography provides secrecy only for a limited period of time.
QKD is a point to point technology and the two servers must be linked by a dark fiber with maximum length of approximately 80km. IDQ’s Cerberis QKD server can also be deployed on WDM links over shorter distances. Future implementations of QKD are under development for longer distances.