No Arabic abstract
We describe systems and methods for the deployment of global quantum key distribution (QKD) networks covering transoceanic, long-haul, metro, and access segments of the network. A comparative study of the state-of-the-art QKD technologies is carried out, including both terrestrial QKD via optical fibers and free-space optics, as well as spaceborne solutions via satellites. We compare the pros and cons of various existing QKD technologies, including channel loss, potential interference, distance, connection topology, deployment cost and requirements, as well as application scenarios. Technical selection criteria and deployment requirements are developed for various different QKD solutions in each segment of networks. For example, optical fiber-based QKD is suitable for access networks due to its limited distance and compatibility with point-to-multipoint (P2MP) topology; with the help of trusted relays, it can be extended to long-haul and metro networks. Spaceborne QKD on the other hand, has much smaller channel loss and extended transmission distance, which can be used for transoceanic and long-haul networks exploiting satellite-based trusted relays.
Digital signatures are widely used for providing security of communications. At the same time, the security of currently deployed digital signature protocols is based on unproven computational assumptions. An efficient way to ensure an unconditional (information-theoretic) security of communication is to use quantum key distribution (QKD), whose security is based on laws of quantum mechanics. In this work, we develop an unconditionally secure signatures (USS) scheme that guarantees authenticity and transferability of arbitrary length messages in a QKD network. In the proposed setup, the QKD network consists of two subnetworks: (i) the internal network that includes the signer and with limitation on the number of malicious nodes, and (ii) the external one that has no assumptions on the number of malicious nodes. A price of the absence of the trust assumption in the external subnetwork is a necessity of the assistance from internal subnetwork recipients for the verification of message-signature pairs by external subnetwork recipients. We provide a comprehensive security analysis of the developed scheme, perform an optimization of the scheme parameters with respect to the secret key consumption, and demonstrate that the developed scheme is compatible with the capabilities of currently available QKD devices.
Untrusted node networks initially implemented by measurement-device-independent quantum key distribution (MDI-QKD) protocol are a crucial step on the roadmap of the quantum Internet. Considering extensive QKD implementations of trusted node networks, a workable upgrading tactic of existing networks toward MDI networks needs to be explicit. Here, referring to the nonstandalone (NSA) network of 5G, we propose an NSA-MDI scheme as an evolutionary selection for existing phase-encoding BB84 networks. Our solution can upgrade the BB84 networks and terminals that employ various phase-encoding schemes to immediately support MDI without hardware changes. This cost-effective upgrade effectively promotes the deployment of MDI networks as a step of untrusted node networks while taking full advantage of existing networks. In addition, the diversified demands on security and bandwidth are satisfied, and network survivability is improved.
Quantum key distribution (QKD) enables unconditionally secure communication between distinct parties using a quantum channel and an authentic public channel. Reducing the portion of quantum-generated secret keys, that is consumed during the authentication procedure, is of significant importance for improving the performance of QKD systems. In the present work, we develop a lightweight authentication protocol for QKD based on a `ping-pong scheme of authenticity check for QKD. An important feature of this scheme is that the only one authentication tag is generated and transmitted during each of the QKD post-processing rounds. For the tag generation purpose, we design an unconditionally secure procedure based on the concept of key recycling. The procedure is based on the combination of almost universal$_2$ polynomial hashing, XOR universal$_2$ Toeplitz hashing, and one-time pad (OTP) encryption. We demonstrate how to minimize both the length of the recycled key and the size of the authentication key, that is required for OTP encryption. As a result, in real case scenarios, the portion of quantum-generated secret keys that is consumed for the authentication purposes is below 1%. Finally, we provide a security analysis of the full quantum key growing process in the framework of universally composable security.
We prove the security of theoretical quantum key distribution against the most general attacks which can be performed on the channel, by an eavesdropper who has unlimited computation abilities, and the full power allowed by the rules of classical and quantum physics. A key created that way can then be used to transmit secure messages such that their security is also unaffected in the future.
This paper addresses multi-user quantum key distribution networks, in which any two users can mutually exchange a secret key without trusting any other nodes. The same network also supports conventional classical communications by assigning two different wavelength bands to quantum and classical signals. Time and code division multiple access (CDMA) techniques, within a passive star network, are considered. In the case of CDMA, it turns out that the optimal performance is achieved at a unity code weight. A listen-before-send protocol is then proposed to improve secret key generation rates in this case. Finally, a hybrid setup with wavelength routers and passive optical networks, which can support a large number of users, is considered and analyzed.