Experimental authentication of quantum key distribution with post-quantum cryptography

Liu-Jun Wang,Qiang Zhang,Jia-Yong Wang,Yong-Hua Yang,Shi-Biao Tang,Yan-Lin Tang,Zhen Liu,Di Yan,Jie Cheng,Jian-Wei Pan,Kai-Yi Zhang,Yu Yu

doi:10.1038/s41534-021-00400-7

Abstract

Quantum key distribution (QKD) can provide information theoretically secure key exchange even in the era of quantum computers. However, QKD requires the classical channel to be authenticated, the current method for which is pre-sharing symmetric keys. For a QKD network of n users, this method requires {C}_{n}^{2}=n(n-1)/2 pairs of symmetric keys to realize pairwise interconnection. In contrast, with the help of a mature public key infrastructure (PKI) and post-quantum cryptography (PQC) with quantum-resistant security, each user only needs to apply for one digital certificate from a certificate authority (CA) to achieve efficient and secure authentication for QKD. We need to assume only the short-term security of the PQC algorithm to achieve long-term security of the distributed keys. Here, we experimentally verified the feasibility, efficiency, and stability of the PQC algorithm in QKD authentication, and demonstrated the advantages when new users join the QKD network. Using the PQC public-key infrastructure, the nodes need to mutually trust only the CA to authenticate each other. QKD combined with PQC authentication will greatly promote and extend the application prospects of quantum-safe communication.

Highlights

Google claimed to have achieved quantum supremacy[1], a major milestone towards the development of quantum computers
Each new user needs to apply for only one digital certificate, and a total of two digital certificates is sufficient to realize the connection of any two users
We experimentally verified the feasibility of its application in a metropolitan quantum key distribution (QKD) relay network and an all-pass network

Summary

INTRODUCTION

Google claimed to have achieved quantum supremacy[1], a major milestone towards the development of quantum computers. When new users join a QKD network, they need to pre-share symmetric keys with the trusted relay or the original users on demand. If PQC authentication is adopted, trusted relays can be replaced with OSs. Each new user needs to apply for only one digital certificate, and a total of two digital certificates is sufficient to realize the connection of any two users. The fiber length between two users in the all-pass network is the sum of the fiber lengths of the links between the two users in the relay network

DISCUSSION

METHODS

CODE AVAILABILITY