Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
. 2024 Jan 31;26(2):123.
doi: 10.3390/e26020123.

Linking QKD Testbeds across Europe

Max Brauer  1 Rafael J Vicente  2 Jaime S Buruaga  2 Rubén B Méndez  2 Ralf-Peter Braun  1 Marc Geitz  1 Piotr Rydlichkowski  3 Hans H Brunner  4 Fred Fung  4 Momtchil Peev  4 Antonio Pastor  5 Diego R Lopez  5 Vicente Martin  2 Juan P Brito  2
Affiliations

Linking QKD Testbeds across Europe

Max Brauer et al. Entropy (Basel). .

Abstract

Quantum-key-distribution (QKD) networks are gaining importance and it has become necessary to analyze the most appropriate methods for their long-distance interconnection. In this paper, four different methods of interconnecting remote QKD networks are proposed. The methods are used to link three different QKD testbeds in Europe, located in Berlin, Madrid, and Poznan. Although long-distance QKD links are only emulated, the methods used can serve as a blueprint for the secure interconnection of distant QKD networks in the future. Specifically, the presented approaches combine, in a transparent way, different fiber and satellite physical media, as well as common standards of key delivery interfaces. The testbed interconnections are designed to increase the security by utilizing multipath techniques and multiple hybridizations of QKD and post-quantum cryptography (PQC) algorithms.

Keywords: QKD; quantum communications; quantum cryptography; quantum networks.

PubMed Disclaimer

Conflict of interest statement

Authors Max Brauer, Ralf-Peter Braun, Marc Geitz were employed by the company T-Labs, Deutsche Telekom AG. Authors Hans H. Brunner, Fred Fung, Momtchil Peev were employed by the company Munich Research Center, Huawei Technologies Duesseldorf GmbH. Authors Antonio Pastor and Diego R. Lopez were employed by the company Telefónica gCTIO/I+D. The remaining authors declare that the research was conducted in the absence of any commercial or financial relationships that could be construed as a potential conflict of interest.

Figures

Figure 1
Figure 1
Connection of the quantum testbeds in Madrid (left), Berlin (middle), and Poznan (right) with emulated long-distance QKD links. The key exchange is indicated by the curved blue lines, which connect dedicated QKD gateway nodes (blue circles) in each testbed. The other QKD nodes in the respective testbeds are indicated by orange circles.
Figure 2
Figure 2
Dark-fiber topology in the Berlin metropolitan-area testbed (top left), deployed three-layer architecture (bottom left), rack hosting QKD modules, servers, HSMs, and encryptors (right). For more details the reader is referred to [4].
Figure 3
Figure 3
PSNC testbed together with the dark fiber topology in the Poznań metropolitan area (top left), deployed layer architecture for both metro and backbone networks—POZMAN and PIONIER (center left), racks hosting QKD equipment and encryptors (right), additionally connected trusted-node configuration of the long-distance QKD link between Poznań and Warsaw (bottom) [20].
Figure 4
Figure 4
Madrid network—topology (top left); Madrid network—functional diagram (bottom left); Quijote ode (right). For more details the reader is referred to [6].
Figure 5
Figure 5
The disjoint network is realized by a “space link” via the Iridium network and a “ground link” via the public Internet. The network connects the gateway nodes of the Madrid, Berlin, and Poznan QKD testbeds. The Munich Research Center of Huawei in Germany serves as a pseudo-internal node of the Madrid network.
Figure 6
Figure 6
Application key transport between the REDIMadrid domain and the Telefónica domain through a QKD link-based border node. The left part represents the REDIMadrid domain; the right part represents the Telefónica domain. The upper part represents the SDN controllers of each network, both controllers being NETCONF based. The central part represents the LKMS of each node involved in the communication: on the left, the source node of REDIMadrid receiving a QKD key request through ETSI GS QKD 004; in the center-left, there is the border node in the REDIMadrid side; on the center-right, the border node of the Telefónica side; and on the right, the destination node of the communication, showing the application disconnect. In the lower part, the left side represents the source application and the right side the destination application.
Figure 7
Figure 7
Links between Concepción, Distrito, and Munich. The QKD-simulated link using PQC between Distrito and Munich is indicated in red.
Figure 8
Figure 8
On the left side of the image an application is started to send key material from Madrid to Berlin. Three different keys are sent from the Cathelyn node in Concepción to the Jojen node in Munich, where the application-based border node is running and sends the key material to the Berlin border node using a PQC link. On the lower part of the image, the key material received in Berlin is shown.
Figure 9
Figure 9
Bi-directional exchange of encryption keys between the Berlin and Poznan border nodes. The Poznan server (top, right) and the Berlin client (bottom, left) exchange keys. The server log states the reception of the ground link transmission (Keys 1/2); so does the client log. In this state of the exchange process, the space link keys transmission has not yet been finalized. The Berlin server (top, left) and the Poznan client (bottom, right) exchange keys (in the opposite direction). The server log already states the full reception of the keys of the second (space) segment, while the client shows the final (KDF-combined) block of 50 keys and their key identifiers, respectively.
Figure 10
Figure 10
Integration of an emulated QKD key-exchange system into a QKD architecture. The keys of the emulated QKD key exchange are stored in the local key store of the border nodes. A sending QKD node forwards a random number through the trusted-node chain of the senders border node and the recipients border node to the receiving QKD node. The random number is either directly used as a final secure key or two random numbers, transferred across disjoint network links, are combined using a KDF for the final secure key.
Figure 11
Figure 11
Long-distance (emulated) QKD links connecting the metropolitan-area QKD networks of Madrid and Munich, Berlin, and Poznan.
See this image and copyright information in PMC

References

    1. Shor P.W. Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM Rev. 1999;41:303–332. doi: 10.1137/S0036144598347011. - DOI
    1. Moody D. Let’s Get Ready to Rumble. The NIST PQC “Competition”; Proceedings of the First PQC Standardization Conference; Fort Lauderdale, FL, USA. 12–13 April 2018; pp. 11–13.
    1. NIST, Information Technology Laboratory, C.S.R.C. Post Quantum Cryptography, Draft FIPS 203, FIPS 204 and FIPS 205, Which Specify Algorithms Derived from CRYSTALS-Dilithium, CRYSTALS-KYBER and SPHINCS+ [(accessed on 8 November 2023)];2023 Available online: https://csrc.nist.gov/projects/post-quantum-cryptography.
    1. Braun R.P., Geitz M. The OpenQKD Testbed in Berlin; Proceedings of the 2021 Asia Communications and Photonics Conference (ACP); Shanghai, China. 24–27 October 2021; pp. 1–3.
    1. Rydlichkowski P. OPENQKD project Work Package 7 review; Proceedings of the QKD Days; Madrid, Spanish. 13 December 2022.

LinkOut - more resources