Cerberis³ QKD System

State-of-the-art Quantum Key Distribution

Provably secure key exchange based on Quantum Key Distribution
Quantum keys ensure long-term protection and forward secrecy
Fully automated key exchange with continuous key renewal
Integrated entropy source based on a Quantum Random Number Generator

Companies have a growing need to exchange data over multiple networks, and to provide information-based services or applications for partners and clients in order to uphold a competitive position. Maintaining the confidentiality, integrity and availability of data without impacting network performance is a pre-requisite for today’s information technology systems. However, optical fibre links and other data transport infrastructures constitute a potentially dangerous vulnerability in the IT infrastructure of an organisation. Mission critical data must be protected through encryption when travelling outside the secure perimeter of the company.

Simultaneously, in the next decade or so, the massive processing power of quantum computers will render much of the current encryption unsafe – and specifically the public key cryptography used for key exchange. The threat today is that hackers, ranging from powerful states to criminals, can already download data in transit, and then decrypt it offline – either by brute force attacks today, or by using known algorithms on a quantum computer tomorrow. This means that governments or enterprises, which must protect some classifications of data for over five or even ten years, have a limited time frame to move to quantum-safe crypto solutions. In order to ensure continued confidentiality, they need to deploy such quantum-safe solutions already today.

QKD and quantum computing

Quantum Key Distribution (QKD) is a technology that exploits a principle of quantum physics – observation causes perturbation – to exchange cryptographic keys over optical fibre networks with provable security.

The principle of QKD is quite straightforward. According to quantum physics, the mere fact of observing a quantum object perturbs it in an irreparable way. Therefore, if one encodes the value of a digital bit on a single quantum object, a qubit, its interception will necessarily translate into a perturbation. This perturbation causes errors in the sequence of bits exchanged by the sender and recipient. By checking for the presence of such errors, the two parties can verify whether an eavesdropper was able to gain information on their key. QKD is used to generate two identical secure keys on the two ends of the channel. A Quantum Random Number Generator (QRNG) embedded in the QKD system guarantees that keys are produced in an absolute random way. Once the key exchange is validated, the keys can be used to encrypt data.

QKD – Also known as quantum cryptography – is the only known cryptographic technique, which can ensure quantum-safe security today. With QKD, encrypted messages will remain confidential against the power of a quantum computer. The design and realisation of a multipurpose quantum computer, which will be able to break existing public-key cryptography, remains a challenge. However, recent progress in this field means that governments, standards bodies and industries are starting to mandate quantum-safe encryption methods. The era of post-quantum cryptography, where cryptographic methods will have to be resilient to quantum computer, has already begun.

System description

The Cerberis³ QKD System is a modular QKD system, which comprises the following components:

An ATCA chassis, where various ATCA format blades will be inserted. One chassis is needed at each QKD node;
One or several QKD Blades, either a transmitter (Alice) or a receiver (Bob), which distribute the keys over the quantum channel;
A Quantum Node Controller (QNC) distributes the keys to the link encryptors or to various key user entities in the node. For QKD backbones, the QNC is also used as a Trusted Node Controller, which allows keys to be forwarded securely over the full backbone;
A switch for network connection

The Cerberis³ QKD System can accommodate different key distribution architectures and topologies, including: backbone for long-distance key distribution with trusted nodes; ring for redundant local distribution, star for distribution from a central location to local branches. The size of the ATCA chassis at each quantum node can be adapted to the needs, to deliver the required functionalities.

The Cerberis³ is the latest generation of QKD systems at IDQ, based on 16 years of experience in the development and commercialisation of quantum-based products.

Point-to-point data center interconnections
Metropolitan backbone optical networks
Multipoint architectures
Building block for extended quantum backbones (in conjunction with Trusted Node technology).