Integrated QKD & Encryption System for R&D Applications
The post-quantum era has begun, where cryptographic methods must be resilient to attacks by a quantum computer. Data with long-term sensitivity is at risk of being intercepted now, stored for future use, and decrypted in a few years when multi-purpose quantum computers will be implemented and able to easily break existing public-key cryptography.
A solution to this threat is Quantum Key Distribution (QKD), a technology that exploits a fundamental principle of quantum physics – observation causes perturbation – to exchange cryptographic keys over optical fibre networks with provable security. QKD is safe against both conventional and future quantum computer-based attacks. It is the cornerstone of a true quantum-safe solution today. The Clavis300 is an integrated QKD system for investigating and testing quantum cryptography in a real network environment.
The Clavis300 is a complete modular cryptographic solution that performs QKD in a point-to-point configuration as well as key relay to allow distribution over longer distances. Keys can be supplied to up to 80 separate encryptors, which are either external encryptors or integrated optional high-speed encryption blades.
The Clavis300 generates and distributes keys, providing more than 10 kb/s secure key bit generation rate at 10 dB link loss. For a standard system, the maximum link loss is 18 dB, which corresponds to about 70 km in distance depending on fibre quality. A premium system offers up to 24 dB loss (depending on availability). The key refresh rate can be adjusted by an administrator.
Clavis300 can distribute keys to up to 80 encryptors. It can interface with external encryption appliances from major vendors, notably leading OTN vendors. IDQ is actively taking part in the standardisation of the interface between QKD systems and link encryptors, currently under finalisation at the European Telecommunications Standards Institute (ETSI) and other standard bodies.
As an option, Clavis300 can also be provided with high-speed encryptor blades integrated in the chassis. A single chassis with 6 slots can therefore include both a QKD system and state-of-the-art link encryptors. If needed, additional chassis can be paired with Clavis300 to host additional encryption blades. Currently the encryptor is based on Korean LEA (Light Encryption Algorithm) ciphers, and allows 4×10 Gbps encryption rate. The encryption processing latency is less than 10 microseconds.