Back to products

Cerberis3 QKD System

Quantum Key Distribution for enterprise, government and telco production environments

  • Complex network topologies (ring, hub and spoke)
  • Interoperability with major Ethernet and OTN encryptors
  • Easy integration in any data centre
  • Centrally monitored solution
  • Multiplexing of all channels on single fibre for metropolitan area
Companies have a growing need to exchange data over multiple networks, and to provide information-based services or applications for partners and clients in order to uphold a competitive position. Maintaining the confidentiality, integrity and availability of data without impacting network performance is a pre-requisite for today’s information technology systems. However, optical fibre links and other data transport infrastructures constitute a potentially dangerous vulnerability in the IT infrastructure of an organisation. Mission critical data must be protected through encryption when travelling outside the secure perimeter of the company.

Simultaneously, in the next decade or so, the massive processing power of quantum computers will render much of the current encryption unsafe – and specifically the public key cryptography used for key exchange. The threat today is that hackers, ranging from powerful states to criminals, can already download data in transit, and then decrypt it offline – either by brute force attacks today, or by using known algorithms on a quantum computer tomorrow. This means that governments or enterprises, which must protect some classifications of data for over five or even ten years, have a limited time frame to move to quantum-safe crypto solutions. In order to ensure continued confidentiality, they need to deploy such quantum-safe solutions already today.

QKD and quantum computing

Quantum Key Distribution (QKD) is a technology that exploits a principle of quantum physics – observation causes perturbation – to exchange cryptographic keys over optical fibre networks with provable security.

The principle of QKD is quite straightforward. According to quantum physics, the mere fact of observing a quantum object perturbs it in an irreparable way. Therefore, if one encodes the value of a digital bit on a single quantum object, a qubit, its interception will necessarily translate into a perturbation. This perturbation causes errors in the sequence of bits exchanged by the sender and recipient. By checking for the presence of such errors, the two parties can verify whether an eavesdropper was able to gain information on their key. QKD is used to generate two identical secure keys on the two ends of the channel. A Quantum Random Number Generator (QRNG) embedded in the QKD system guarantees that keys are produced in an absolute random way. Once the key exchange is validated, the keys can be used to encrypt data.

QKD – Also known as quantum cryptography – is the only known cryptographic technique, which can ensure quantum-safe security today. With QKD, encrypted messages will remain confidential against the power of a quantum computer. The design and realisation of a multipurpose quantum computer, which will be able to break existing public-key cryptography, remains a challenge. However, recent progress in this field means that governments, standards bodies and industries are starting to mandate quantum-safe encryption methods. The era of post-quantum cryptography, where cryptographic methods will have to be resilient to quantum computer, has already begun.

System description

The Cerberis3 QKD System is a modular QKD system, which comprises the following components:

  • An ATCA chassis, where various ATCA format blades will be inserted. One chassis is needed at each QKD node;
  • One or several QKD Blades, either a transmitter (Alice) or a receiver (Bob), which distribute the keys over the quantum channel;
  • A Quantum Node Controller (QNC) distributes the keys to the link encryptors or to various key user entities in the node. For QKD backbones, the QNC is also used as a Trusted Node Controller, which allows keys to be forwarded securely over the full backbone;
  • A switch for network connection

The Cerberis3 QKD System can accommodate different key distribution architectures and topologies, including: backbone for long-distance key distribution with trusted nodes; ring for redundant local distribution, star for distribution from a central location to local branches. The size of the ATCA chassis at each quantum node can be adapted to the needs, to deliver the required functionalities.

QKD administrators can configure QKD network via an Element Management System (EMS) web console by setting consumers, providers at each QKD network node, QKD links between nodes and key distribution routes between key consumers. QKD administration can continuously monitor centrally via SNMP critical parameters such as temperature, fan and power supply, CPU load, Quantum key rate and Quantum Bit Error Rate (QBER). Syslog alerts are also generated in case some thresholds are reached: in particular, an alarm is sent when QBER becomes too high showing there is an intruder on the QKD quantum channel.

The Cerberis3 is the latest generation of QKD systems at IDQ, based on 16 years of experience in the development and commercialisation of quantum-based products.

  • Data center interconnections / disaster recovery
  • Metropolitan backbone optical networks
  • Long distance distribution using relay nodes
  • Crypto keys as-a-service
  • Validation of QKD pilot networks
  • Key distribution across a complex network (ring, hub and spoke)
Home