Quantum Key Distribution for enterprise, government and telco production environments
Simultaneously, in the next decade or so, the massive processing power of quantum computers will render much of the current encryption unsafe – and specifically the public key cryptography used for key exchange. The threat today is that hackers, ranging from powerful states to criminals, can already download data in transit, and then decrypt it offline – either by brute force attacks today, or by using known algorithms on a quantum computer tomorrow. This means that governments or enterprises, which must protect some classifications of data for over five or even ten years, have a limited time frame to move to quantum-safe crypto solutions. In order to ensure continued confidentiality, they need to deploy such quantum-safe solutions already today.
Quantum Key Distribution (QKD) is a technology that exploits a principle of quantum physics – observation causes perturbation – to exchange cryptographic keys over optical fibre networks with provable security.
The principle of QKD is quite straightforward. According to quantum physics, the mere fact of observing a quantum object perturbs it in an irreparable way. Therefore, if one encodes the value of a digital bit on a single quantum object, a qubit, its interception will necessarily translate into a perturbation. This perturbation causes errors in the sequence of bits exchanged by the sender and recipient. By checking for the presence of such errors, the two parties can verify whether an eavesdropper was able to gain information on their key. QKD is used to generate two identical secure keys on the two ends of the channel. A Quantum Random Number Generator (QRNG) embedded in the QKD system guarantees that keys are produced in an absolute random way. Once the key exchange is validated, the keys can be used to encrypt data.
The Cerberis3 QKD System is a modular QKD system, which comprises the following components:
The Cerberis3 QKD System can accommodate different key distribution architectures and topologies, including: backbone for long-distance key distribution with trusted nodes; ring for redundant local distribution, star for distribution from a central location to local branches. The size of the ATCA chassis at each quantum node can be adapted to the needs, to deliver the required functionalities.
QKD administrators can configure QKD network via an Element Management System (EMS) web console by setting consumers, providers at each QKD network node, QKD links between nodes and key distribution routes between key consumers. QKD administration can continuously monitor centrally via SNMP critical parameters such as temperature, fan and power supply, CPU load, Quantum key rate and Quantum Bit Error Rate (QBER). Syslog alerts are also generated in case some thresholds are reached: in particular, an alarm is sent when QBER becomes too high showing there is an intruder on the QKD quantum channel.
The Cerberis3 is the latest generation of QKD systems at IDQ, based on 16 years of experience in the development and commercialisation of quantum-based products.