Key Distribution System Research Articles

Organizational and technical solutions for the construction of protected information and communication systems.

The paper presents the main approaches to the construction of the PKI public key architecture divided into basic, two-level, and multi-level hierarchies. Modern methods of attacks on existing public key infrastructures, protocols for building secure connections of both wired and wireless systems are considered. The basics of the class of attacks on PKI infrastructures are defined, of which the main attention is paid to the most dangerous class of attacks – man-in-the-middle (MITM-attacks). The paper provides models of various classes of MITM attacks, their details and existing methods of reducing the risks of their implementation. Existing examples of successful attacks on enterprises and various organizations that implemented MITM attack models at the application, network, and physical levels of the network interaction model are also given. For the PKI infrastructure, one of the options is its segmentation, which allows to reduce the scope of attacks on the key certification center. The paper also provides an alternative way to protect against MITM attacks using distributed micro ledger technology (DLT) to create a decentralized cryptographic key distribution system (DKMS). The solution is based on the use of micro ledgers (distributed ledger technology – DMLT). Using DMLT to create a DKMS allows protection against additional classes of MITM attacks.

The finite-size effect on continuous-variable quantum key distribution in the Terahertz band

We conducted a study to evaluate the performance of Terahertz Continuous Variable Quantum Key Distribution (THz CVQKD) systems in atmospheric conditions with the finite-size effect. Our research delved into the secure key rates and transmission distances of THz CVQKD for four protocols, all based on Gaussian coherent states, under the threat of collective Gaussian attacks. These protocols include reverse reconciliation with homodyne detection, direct reconciliation with homodyne detection, reverse reconciliation with heterodyne detection, and direct reconciliation with heterodyne detection. Our findings revealed distinctive key rates across various THz frequencies and protocols. However, the finite-size effect had a diminishing impact on the key rates of CVQKD in all scenarios. Fortunately, by harnessing a substantial number of keys exceeding 1012 and optimizing modulation variance, both the key rates and transmission distances of THz CVQKD can be significantly extended. This research contributes to advancing the practicality of THz CVQKD technology.

Retraction Note: High performance reconciliation for practical quantum key distribution systems

Retraction Note: High performance reconciliation for practical quantum key distribution systems

Preparing a commercial quantum key distribution system for certification against implementation loopholes

Preparing a commercial quantum key distribution system for certification against implementation loopholes

Continuous-variable quantum passive optical network

To establish a scalable and secure quantum network, a critical milestone is advancing from basic point-to-point quantum key distribution (QKD) systems to the development of inherently multi-user protocols designed to maximize network capacity. Here, we propose a quantum passive optical network (QPON) protocol based on continuous-variable (CV) systems, particularly the quadrature of the coherent state, which enables deterministic, simultaneous, and high-rate secret key generation among all network users. We implement two protocols with different trust levels assigned to the network users and experimentally demonstrate key generation in a quantum access network with 8 users, each with an 11 km span of access link. Depending on the trust assumptions about the users, we reach 1.5 and 2.1 Mbits/s of total network key generation (or 0.4 and 1.0 Mbits/s with finite-size channels estimation). Demonstrating the potential to expand the network’s capacity to accommodate tens of users at a high rate, our CV-QPON protocols open up new possibilities in establishing low-cost, high-rate, and scalable secure quantum access networks serving as a stepping stone towards a quantum internet.

Experimental demonstration of the time-dependent source side-channel and countermeasures in polarization-based BB84 QKD systems.

High-speed is one development tendency of the practical and commercial quantum key distribution (QKD) systems, and the gain-switched semiconductor laser (GSSL) and Sagnac interferometer have been popular components for high-speed commercial polarization-based BB84 QKD systems thanks to their stability, compactness and low cost. However, due to the finite extinction ratio (ER) of the GSSL, the time-dependent source side-channel, which is theoretically presented in [Phys. Rev. A106(6): 062618 (2022)10.1103/PhysRevA.106.062618], also exists in these QKD systems. In this article, we experimentally investigate this side-channel in the polarization-based BB84 QKD system. The results show an obvious correlation in the output polarization states between the weak leakage light and its adjacent pulses, which will cause information to leak. More importantly, we have proposed several countermeasures, retested the side channel, and developed a mathematical framework to quantitatively assess the impact of the time-dependent side channel and these countermeasures on the secure key rate. Finally, we offer a trade-off analysis that considers defense effectiveness, pulse impact, and cost for various countermeasures in QKD. This provides a practical recommendation for improving the security of QKD systems.

Intensity correlations in measurement-device-independent quantum key distribution.

The intensity correlations due to imperfect modulation during the quantum-state preparation in a measurement-device-independent quantum key distribution (MDI QKD) system compromise its security performance. Therefore, it is crucial to assess the impact of intensity correlations on the practical security of MDI QKD systems. In this work, we propose a theoretical model that quantitatively analyzes the secure key rate of MDI QKD systems under intensity correlations. Furthermore, we apply the theoretical model to a practical MDI QKD system with measured intensity correlations, which shows that the system struggles to generate keys efficiently under this model. We also explore the boundary conditions of intensity correlations to generate secret keys. This study extends the security analysis of intensity correlations to MDI QKD protocols, providing a methodology to evaluate the practical security of MDI QKD systems.

Simulations of distributed-phase-reference quantum key distribution protocols

Quantum technology can enable secure communication for cryptography purposes using quantum key distribution. Quantum key distribution protocol establishes a secret key between two users with security guaranteed by the laws of quantum mechanics. To define the proper implementation of a quantum key distribution system using a particular cryptography protocol, it is crucial to critically and meticulously assess the device’s performance due to technological limitations in the components used. We perform simulations on the ANSYS Interconnect platform to study the practical implementation of these devices using distributed-phase-reference protocols: differential-phase-shift and coherent-one-way quantum key distribution. Further, we briefly describe and simulate some possible eavesdropping attempts, backflash attack, trojan-horse attack and detector-blinding attack exploiting the device imperfections. The ideal simulations of these hacking attempts show how partial or complete secret key can be exposed to an eavesdropper, which can be mitigated by the implementation of discussed countermeasures.

Trojan-horse attack on a real-world quantum key distribution system: Theoretical and experimental security analysis

This paper presents a theoretical and experimental demonstration of a security analysis of a Trojan-horse attack (THA) on a real-world quantum key distribution (QKD) system. We show that the upper bound on the information leakage depends solely on the fidelity between the states of the adversary. We find the lower bound for fidelity between THA states in both the polarization- and phase-coding BB84 protocols, considering both pure and mixed states. Our bounds depend only on the mean photon number per pulse available to an adversary. We also present an experimental analysis of a QKD system, including optical time-domain reflectometry measurements with centimeter resolution and spectral transmittance measurements for optical defense elements ranging from 1100 to 1800 nm with a noise floor lower than −100 dB. Finally, by considering the optimal attack, we obtain the value of the mean photon number per pulse available to an adversary and calculate the key leakage that needs to be eliminated during the privacy amplification procedure. Published by the American Physical Society 2024

Automatically identifying imperfections and attacks in practical quantum key distribution systems via machine learning

Automatically identifying imperfections and attacks in practical quantum key distribution systems via machine learning

Amplitude-boosting attack against practical discrete-modulated continuous-variable quantum key distribution

Discrete-modulated continuous-variable quantum key distribution offers significant practical deployment advantages due to its straightforward state preparation and high compatibility with coherent optical communication systems. However, security analysis and parameter estimation of discrete-modulated protocol are different with Gaussian-modulated protocols, which could cause different practical security problems. Herein, we investigate the amplitude-boosting attack against discrete-modulated continuous-variable quantum key distribution systems and assess its impact on system performance. Our findings reveal that this attack could cause overestimation of secret key rate perceived by Alice and Bob, thereby opening a security loophole, and the vulnerability could be severer than Gaussian modulation. Additionally, we summarize defensive countermeasures, marking a crucial step towards enhancing the practical security of discrete-modulated continuous-variable quantum key distribution.

Light-injection attack against practical continuous-variable measurement-device-independent quantum key distribution systems.

Continuous-variable measurement-device-independent quantum key distribution (CV-MDI QKD) can defend all detection-side attacks effectively. Therefore, the source side is the final battlefield for performing quantum hacking attacks. This paper investigates the practical security of a CV-MDI QKD system under a light-injection attack. Here, we first describe two different light-injection attacks, i.e., the induced-photorefractive attack and the strong-power injection attack. Then, we consider three attack cases where Eve only attacks one of the parties or both parties of the CV-MDI QKD system. Based on the analysis of the parameter estimation, we find that the legitimate communication parties will overestimate the secret key rate of the system under the effect of a light-injection attack. This opens a security loophole for Eve to successfully obtain secret key information in a practical CV-MDI QKD system. In particular, compared to the laser-damage attack, the above attacks use a lower power of injected light and have a more serious effect on the security of the system. To eliminate the above effects, we can enhance the practical security of the system by doping the lithium niobate material with various impurities or by using protective devices, such as optical isolators, circulators, optical power limiters, and narrow-band filters. Apart from these, we can also use an intensity monitor or a photodetector to detect the light-injection attack.

Reference-frame-independent quantum key distribution with two-way classical communication

Abstract The data post-processing scheme based on two-way classical communication (TWCC) can improve the tolerable bit error rate and extend the maximal transmission distance when used in a quantum key distribution (QKD) system. In this study, we apply the TWCC method to improve the performance of reference-frame-independent quantum key distribution (RFI-QKD), and analyze the influence of the TWCC method on the performance of decoy-state RFI-QKD in both asymptotic and non-asymptotic cases. Our numerical simulation results show that the TWCC method is able to extend the maximal transmission distance from 175 km to 198 km and improve the tolerable bit error rate from 10.48% to 16.75%. At the same time, the performance of RFI-QKD in terms of the secret key rate and maximum transmission distance are still greatly improved when statistical fluctuations are considered. We conclude that RFI-QKD with the TWCC method is of practical interest.

Challenges and Solutions for Secure Key Management and Monitoring: Review of the Cerberis3 Quantum Key Distribution System

Quantum Key Distribution (QKD) offers a revolutionary approach to secure communication, leveraging the principles of quantum mechanics to generate and distribute cryptographic keys that are immune to eavesdropping. As QKD systems become more widely adopted, the need for robust monitoring and management solutions has become increasingly crucial. The Cerberis3 QKD system from ID Quantique addresses this challenge by providing a comprehensive monitoring and visualization platform. The system’s advanced features, including central configuration, SNMP integration, and the graphical visualization of key performance metrics, enable network administrators to ensure their QKD infrastructure’s reliable and secure operation. Monitoring critical parameters such as Quantum Bit Error Rate (QBER), secret key rate, and link visibility is essential for maintaining the integrity of the quantum channel and optimizing the system’s performance. The Cerberis3 system’s ability to interface with encryption vendors and support complex network topologies further enhances its versatility and integration capabilities. By addressing the unique challenges of quantum monitoring, the Cerberis3 system empowers organizations to leverage the power of QKD technology, ensuring the security of their data in the face of emerging quantum computing threats. This article explores the Cerberus3 system’s features and its role in overcoming the monitoring challenges inherent to QKD deployments.

O-band QKD link over a multiple ONT loaded carrier-grade GPON for FTTH applications.

We have successfully demonstrated the integration of a commercial O-band Quantum Key Distribution (QKD) system over a testbed that replicates a carrier-grade Fiber-to-the-Home (FTTH) optical access network consisting of components and systems installed in real-life FTTH operational deployments. The experiment demonstrated a QKD transmission over a 1:16 user Gigabit Optical Passive Network (GPON) configuration featuring a total of 9 Optical Network Terminals (ONTs) at the premises of the Telecom Operator COSMOTE that followed the operator's standard FTTH divided in two splitting stages. The architecture we implemented was a downstream access network with the quantum transmitter located at the operator's Central Office (CO) and the quantum receiver located on the end user's side.

Impact of visibility limiting conditions on satellite and high-altitude platform quantum key distribution links.

Satellite and aerial platforms are critical in the deployment of global quantum communications networks. Currently, there remain significant challenges including operation during daytime and robustness to visibility limiting conditions. In this work we investigate, through simulation, the impact of visibility limiting conditions on low-Earth orbit CubeSat dimensioned satellites, small satellites and high-altitude platform implementations. Three different operational wavelengths were considered: currently used near-infrared (at 850 nm); next-generation short-wave infrared (at 1550 nm); and a candidate longer wavelength (at 2133 nm). We present channel attenuation and consider quantum key distribution (QKD) system performance parameters. Results indicate that the "best wavelength" for an implementation depends on the minimum visibility rated and the single-photon detector technology utilized. In the cases where tolerated meteorological visibility is short, 1550 nm and 2133 nm wavelengths provide better performance. In cases when the visibility is long, the operational wavelength of 850 nm provides better QKD system performance.

Hong–Ou–Mandel Interference in Quantum Optics, Monogamy of Entanglement, Nonorthogonality, and Untrusted Nodes

Quantum key distribution systems with an untrusted intermediate node described by the so-called measurement device independent (MDI) protocol have been actively studied in the last decade. In early works, it was only argued why such a quantum key distribution system ensures the security of distributed keys mentioning that the security proof of the MDI protocol, which was not presented, is similar to that for the basic Bennett‒Brassard 84 (BB84) protocol. For this reason, despite the existing experimental implementations of the MDI quantum key distribution system, physical reasons for the protocol security are still questionable. Such quantum key distribution systems provide a common key between two network nodes connected through the intermediate untrusted node, which does not require protection of the equipment on it, and an eavesdropper sees the entire operation of the equipment, including the results of the operation of photodetectors. In this work, the MDI protocol has been analyzed. It has been shown that the physical reasons for the protocol security are based on fundamental properties such as the interference of photons from different sources, monogamy of entanglement, and nonorthogonality of states. A simple and explicit derivation is given showing the equivalence of the MDI and BB84 protocols and physical reasons for the identity of the corresponding expressions for the length of the final key.

Design and implementation of a polarization-encoding system for quantum key distribution

We present the design and implementation of a state-of-polarization (SOP) management technique and two efficient synchronizing methods for quantum key distribution (QKD) systems. This is achieved following a wavelength-division multiplexing approach, where the classical synchronization signal and the quantum states are propagated in the same optical fiber. The employed frame synchronization method is based on the monitoring of the quantum bit error ratio (QBER) of the quantum channel, thus avoiding additional hardware and high computational resources. We evaluate the operation of SOP generation method through the assessment of the individual response of the waveplates that comprise the employed electronic polarization controller. Finally, the performance was assessed by computing the overall QBER and the QBER contributions of each of the four polarization states associated with the different qubits. The measurements, obtained during six hours, show a slight variation of the QBER values associated with the individual contributions, reaching an overall QBER of 0.75%. This demonstrates the capability of the presented methods to operate, stably, with very low QBER values, making its application in practical QKD systems reliable.

Attack detection scheme for continuous variable quantum key distribution based on a graph neural network

The practical security of a continuous-variable quantum key distribution (CV-QKD) system is vulnerable to various attack strategies due to the significant difference between the idealized theoretical model and the practical physical system. The existing countermeasures against these attacks involve exploiting different real-time monitoring modules, which presents a challenge in effectively classifying attacks. We investigate a graph neural network (GNN)-based attack detection scheme for CV-QKD, which models data as a graph structure using three different methods for various conditions. Particularly, one of the proposed methods requires no additional devices and can detect attacks with over 99% accuracy. The algorithm can be expanded to different scenarios without additional training and can achieve a detection efficiency of more than 95%. Furthermore, our proposed scheme incorporates anomaly detection algorithms into the detection module, enabling 85% effective detection of partially unknown attacks with minimal security data.

Highly stable power control for chip-based continuous-variable quantum key distribution system.

Quantum key distribution allows secret key generation with information theoretical security. It can be realized with photonic integrated circuits to benefit the tiny footprints and the large-scale manufacturing capacity. Continuous-variable quantum key distribution is suitable for chip-based integration due to its compatibility with mature optical communication devices. However, the quantum signal power control compatible with the mature photonic integration process faces difficulties on stability, which limits the system performance and causes the overestimation of a secret key rate that opens practical security loopholes. Here, a highly stable chip-based quantum signal power control scheme based on a biased Mach-Zehnder interferometer structure is proposed, theoretically analyzed, and experimentally implemented with standard silicon photonic techniques. Simulations and experimental results show that the proposed scheme significantly improves the system stability, where the standard deviation of the secret key rate is suppressed by an order of magnitude compared with the system using traditional designs, showing a promising and practicable way to realize a highly stable continuous-variable quantum key distribution system on chip.