Cerberis³ QKD System

State-of-the-art Quantum Key Distribution

Instantaneous and Systematic intrusion detection
Highly stable solution, oblivious of mechanical vibrations in fiber optics
Single core through multiplexing of all channels on single fibre
Interoperability major Ethernet and OTN encryptors
Easy set and forget

Companies have a growing need to exchange data over multiple networks, and to provide information-based services or applications for partners and clients in order to uphold a competitive position. Maintaining the confidentiality, integrity and availability of data without impacting network performance is a pre-requisite for today’s information technology systems. However, optical fibre links and other data transport infrastructures constitute a potentially dangerous vulnerability in the IT infrastructure of an organisation. Mission critical data must be protected through encryption when travelling outside the secure perimeter of the company.

Simultaneously, in the next decade or so, the massive processing power of quantum computers will render much of the current encryption unsafe – and specifically the public key cryptography used for key exchange. The threat today is that hackers, ranging from powerful states to criminals, can already download data in transit, and then decrypt it offline – either by brute force attacks today, or by using known algorithms on a quantum computer tomorrow. This means that governments or enterprises, which must protect some classifications of data for over five or even ten years, have a limited time frame to move to quantum-safe crypto solutions. In order to ensure continued confidentiality, they need to deploy such quantum-safe solutions already today.

QKD and quantum computing

Quantum Key Distribution (QKD) is a technology that exploits a principle of quantum physics – observation causes perturbation – to exchange cryptographic keys over optical fibre networks with provable security.

The principle of QKD is quite straightforward. According to quantum physics, the mere fact of observing a quantum object perturbs it in an irreparable way. Therefore, if one encodes the value of a digital bit on a single quantum object, a qubit, its interception will necessarily translate into a perturbation. This perturbation causes errors in the sequence of bits exchanged by the sender and recipient. By checking for the presence of such errors, the two parties can verify whether an eavesdropper was able to gain information on their key. QKD is used to generate two identical secure keys on the two ends of the channel. A Quantum Random Number Generator (QRNG) embedded in the QKD system guarantees that keys are produced in an absolute random way. Once the key exchange is validated, the keys can be used to encrypt data.

QKD – Also known as quantum cryptography – is the only known cryptographic technique, which can ensure quantum-safe security today. With QKD, encrypted messages will remain confidential against the power of a quantum computer. The design and realisation of a multipurpose quantum computer, which will be able to break existing public-key cryptography, remains a challenge. However, recent progress in this field means that governments, standards bodies and industries are starting to mandate quantum-safe encryption methods. The era of post-quantum cryptography, where cryptographic methods will have to be resilient to quantum computer, has already begun.

System description

The Cerberis³ QKD System is a modular QKD system, which comprises the following components:

An ATCA chassis, where various ATCA format blades will be inserted. One chassis is needed at each QKD node;
One or several QKD Blades, either a transmitter (Alice) or a receiver (Bob), which distribute the keys over the quantum channel;
A Quantum Node Controller (QNC) distributes the keys to the link encryptors or to various key user entities in the node. For QKD backbones, the QNC is also used as a Trusted Node Controller, which allows keys to be forwarded securely over the full backbone;
A switch for network connection

The Cerberis³ QKD System can accommodate different key distribution architectures and topologies, including: backbone for long-distance key distribution with trusted nodes; ring for redundant local distribution, star for distribution from a central location to local branches. The size of the ATCA chassis at each quantum node can be adapted to the needs, to deliver the required functionalities.

The Cerberis³ is the latest generation of QKD systems at IDQ, based on 16 years of experience in the development and commercialisation of quantum-based products.