Experiment QKD in your lab

Webinar details:

Discover 5 scientific use cases based on IDQ’s open-QKD platform and external detectors

Previously broadcasted on May 21, 2024, 3:00 PM, Zurich

---

About this webinar

Quantum Key Distribution (QKD) is a hot topic in research for its security, performance, integration into optical networks and satellite systems, and integration into security architectures in combination with other cryptographic primitives. Many scientists and engineers want to work with an industrialized, yet accessible and open QKD system to save time and effort in setting up their labs.

In this webinar, we discuss several potential lab setups consisting of QKD systems with external single photon detectors (SPDs).

Access to the raw and intermediate data of the QKD protocol and control over the optical and electronic parameters of the QKD system allow research in several directions, such as:

• Gray box testing according to some international (draft) standards
• High performance testing with superconducting nanowire SPDs
• Integration in optical networks with WDM
• Hybridization with post-quantum cryptography
• Hands-on teaching and training of QKD post-processing and protocols

Learn more by visiting the Clavis XGR QKD system product page.

---

Q&A

You say that QKD is provably secure, yet it is not recommended by government agencies, could you elaborate on what you mean by “provably secure”?

Provably secure means that for every QKD protocol, there is a complete security proof, based only on the principles of Quantum Mechanics. This security proof does not rely on any computational assumptions on the difficulty of solving certain mathematical problems or on the computational power of an adversary.

With regards to the position of the national security agencies, NIST has publicly clarified (ETSI conference, 2023) that organizations can use alternative key exchange mechanisms, such as QKD, whenever there they have a use case. This has been since reinforced at other public events attended by US government agencies, contractors, and ID Quantique. One of the main hurdles for the security agencies is that quantum physics-based security is a completely new area of expertise for them.

However, with the largest of the global financial institutions recently announcing their “Dual Strategy” for mitigating the quantum threat, we expect that the security agencies will significantly increase their effort on the standardization and evaluation of QKD products. Such defense-in-depth approach with both PQC and QKD used at different network layers has already adopted by government agencies in countries such as Singapore (see the Monetary Authority of Singapore’s advisory on addressing quantum cybersecurity threats).

 

Which countries are known to have built or are building a national QKD grid apart from South Korea and China?

Many countries worldwide have various QKD network programs, which differ in scope, size, and ambition. The 27 EU countries are currently working on a test infrastructure as part of the European Quantum Communication Infrastructure (EuroQCI) program. We see promising projects in Poland, Greece and Spain, and several more to come. Singapore is also developing its Nationwide Quantum-Safe Network Plus (NQSN+), for which IDQ’s partner Singtel was appointed by the Infocomm Media Development Authority (IMDA) as part of the nation’s Digital Connectivity Blueprint. Private initiatives also exist, but they are less communicated.

 

Why should we use QKD instead of the post-quantum algorithms proposed by NIST?

We believe that this question is not properly phrased. You should not use QKD instead of post-quantum cryptography, but in addition to it. This is known as defense-in-depth. Post-quantum cryptography carries certain risks and uncertainties. The security assumptions of QKD are complementary to PQC. Wherever possible, we recommend hybrid solutions composed of QKD and PQC to secure backbones and backup data lines.

 

Is there a way to see how the Clavis XGR secures communications?

Yes, we frequently demonstrate the robustness of our XG and XGR QKD series to attacks. For this particular demonstration purpose, we have developed a sophisticated device capable to simulate an attack on the quantum channel which can be designed, as opposed to a classical fiber tapping, to have negligible effect on the attenuation but cannot avoid to introduce phase noise on the quantum channel. The tool can be used to verify that the attack is detected and no key has been compromised. Feel free to contact us for a demo.

 

We are performing research on different behaviours on the QKD KMS levels (pending publication), in terms of key forwarding (for example high throughput between two nodes, balanced key generation, broadcast from one node to all others etc). Is there a similar initiative at IDQ for your KMS software?

Yes, our Q-KMS (Clarion KX) provides capability to secure the exchange of QRNG keys using QKD key either in ITS mode or in AES mode (user configurable). AES mode leverages QKD security for providing higher throughput of keys to consuming applications or encryptors. The throughput of QRNG/QKD secured keys vary depending on the underlying hardware platform. Clarion KX is embedded both in our Cerberis XG and Clavis XG product lines, as well as in Solteris XG, our standalone Q-KMS hardware platform.

 

Could you tell us what is the main drawback of using QKD protocols and how to solve it?

All QKD protocols have a various degree of point-to-point distance limitation. In large deployments we overcome this with, so called, Trusted Node architecture. While it preserves a very high level of security across long distances and complex topologies, Trusted Node architecture requires additional attention to the physical security of appliances.

 

Is it correct that to achieve long distance you must implement trusted relay nodes using Clarion KX? In Korean and Singapore examples, who manages the “trusted nodes” and their security?

For covering large distances or complex topologies, we leverage our Clarion KX Q-KMS platform. One of its core features is ensuring secure key routing over Trusted Relays between any locations in a QKD network. Clarion KX leverages sophisticated physical and logical security controls and measures bult into our Cerbers XG and Clavis XG products. Moreover, the Clarion KX framework allows for the management and operation of the overall network infrastructure and the key consumer nodes to be done either by one entity or to be segregated between the end user and the network operator. In large telecom deployments, the physical access to the QKD equipment is managed by the telecom infrastructure owner. However, our Clarion KX framework allows the end users to control and configure their key services.

 

How close are we to the possibility of reliably extending QKD beyond 150 km or incorporating repeaters for that communication?

In real-world deployments, we leverage Trusted Relays to overcome the distance limitation. For point-to-point deployments beyond 150 km (currently recommended for experimental work only), we use our single photon detectors (SNSPDs), such as IDQ’s ID281 series. Academic demonstrations with SNSPDs have reached more than 500 kms. In the future, satellite QKD will open ways to achieve almost “unlimited” distances. Furthermore, Quantum repeaters will also allow extended distance range.

 

Is the ID281 SNSPD system ready for a Quantum Network based in land and in space-based applications?
Yes, the ID281 Pro is absolutely ready for deployment in quantum networks, and many of our customers are using it for precisely this. The most common use case is in fiber-based networks, but our SNSPD systems are also used by some customers as optical ground stations for satellite communications.

---

Speaker profiles