Quantum Key Distribution (QKD) is a technology that is based on quantum mechanics to distribute secure keys, to both authorized parties involved in the conversation. QKD is an advancement over current asymmetric cryptography systems, because the principles of quantum mechanics make QKD resistant to quantum attacks.
The aim of the QKD blueprint is to provide the SLICES community with a replicable set of software, hardware, and methodologies for conducting various use cases in QKD environments.
This blueprint is designed in a modular way such that one can either deploy it fully or only partially. For example, researchers only interested in the functioning of the simulator and the Key Management System (KMS), they can deploy just those modules and work with them (or even each one by their side). Advanced users could also make their own modules and integrate them into the architecture.
Eventually, the goal is to expand on the blueprint capabilities to support new use cases, especially in regards to integrating the usage of real QKD equipment, thus enabling real-world measurements. In addition, the blueprint must be integrated with the SLICES toolchain in order to make it available to the users. Interested SLICES partners are welcome to contribute to this blueprint with their own expertise and ideas.
The current version of the blueprint consists of QKD simulators, KMS servers and a quantum-secured chat application, with the option of adding PQC authenticator modules for the classical channel between the QKD simulation modules. The QKD simulators generate quantum secure keys, and each simulator pushes it to its corresponding KMS. KMSs are responsible for storing QKD keys, synchronizing with its peer KMS, handling sessions stablished with the applications, and delivering, on demand, identical sets of quantum keys via the API to peer applications. In the provided chat application, each application endpoint acquires a secure QKD key from the KMS to encrypt the messages sent in the communication. In addition, there is also an option to implement Post-Quantum Cryptography (PQC) algorithms to authenticate the classical channel between the QKD simulators, which is used for the post-processing message transmission.
The deployment of all these modules is orchestrated using Kubernetes. Single-node deployments are considered for the experiments by default, in which case all modules are deployed in the same Kubernetes cluster. When an experiment is requested, the resources needed for that experiment instance will be automatically deployed by executing a local script (which could for example be triggered by SLICES CLI or Basic Infrastructure Service).
The first experiment, depicted in Figure 1, is the one explained in the introduction, in which the SimulaQron1 software simulates Alice and Bob and virtual Quantum (QC) and Classical Channels (CC).
As the experiment starts, all the modules needed for the experiment are automatically deployed. Once the architecture is deployed and all the experiment components are running in Kubernetes, the user can attach itself to the application pod’s process in both nodes. By executing an already programmed shell script in each node, the secure chat application will be set between both parties.
The first experiment is not entirely secure theoretically, as the simulators can suffer the man-in-the-middle attack in their classical channel communication. Authenticating both parties prevents this threat. In the blueprint there exists the possibility of adding PQC Authenticator modules to have a quantum-safe authentication, as represented in Figure 2. Each simulator will have a PQC module, and all the classical communication will happen through these modules. These modules will authenticate both Alice and Bob simulators signing the messages with PQC-based algorithms on every BB84 iteration.
Eventually experiments with QKD hardware can be integrated as part of the catalog of experiments in the blueprint. This would require the availability of QKD hardware in the involved nodes.
In the UPV/EHU node, we currently have an entanglement-based QKD solution (Elvis 1550 QKD-System from Quantum Optics Jena). It comprises an Entangled Photon Source (EPS) that generates and distributes entangled photons, two Polarization Analyzing Modules (PAM), and their corresponding servers for the implementation of the QKD protocol, the KMS and the Key Exchange API, among other functionalities. Key delivery is achieved through the Key Exchange API, which implemented using the ETSI-standardized API ETSI GS QKD 014.
Experiments making use of physical QKD equipment can collect experiment results directly from the hardware under different conditions. For example, for the case of the abovementioned entanglement-based QKD, these include photon count in each QKD device, coincidences, visibility, fidelity, Quantum Bit Error Rate (QBER), bitrate, and information about synchronization.
If you are interested in using our resources, please fill in the form below.
We will contact you as soon as possible.