Quoc-Cuong Le,Patrick Bellot

DOI: https://doi.org/10.48550/arXiv.0803.3699

2008-03-26

Abstract:We investigate Quantum Key Distribution (QKD) relaying models. Firstly, we propose a novel quasi-trusted QKD relaying model. The quasi-trusted relays are defined as follows: (i) being honest enough to correctly follow a given multi-party finite-time communication protocol; (ii) however, being under the monitoring of eavesdroppers. We develop a simple 3-party quasi-trusted model, called Quantum Quasi-Trusted Bridge (QQTB) model, to show that we could securely extend up to two times the limited range of single-photon based QKD schemes. We also develop the Quantum Quasi-Trusted Relay (QQTR) model to show that we could securely distribute QKD keys over arbitrarily long distances. The QQTR model requires EPR pair sources, but does not use entanglement swapping and entanglement purification schemes. Secondly, we show that our quasi-trusted models could be improved to become untrusted models in which the security is not compromised even though attackers have full controls over some relaying nodes. We call our two improved models the Quantum Untrusted Bridge (QUB) and Quantum Untrusted Relay (QUR) ones. The QUB model works on single photons and allows securely extend up to two times the limited QKD range. The QUR model works on entangled photons but does not use entanglement swapping and entanglement purification operations. This model allows securely transmit shared keys over arbitrarily long distances without dramatically decreasing the key rate of the original QKD schemes.

Quantum Physics

David Elkouss,Jesus Martinez-Mateo,Alex Ciurana,Vicente Martin

DOI: https://doi.org/10.1364/JOCN.5.000316

2013-04-15

Abstract:In this paper we explore how recent technologies can improve the security of optical networks. In particular, we study how to use quantum key distribution (QKD) in common optical network infrastructures and propose a method to overcome its distance limitations. QKD is the first technology offering information theoretic secret-key distribution that relies only on the fundamental principles of quantum physics. Point-to-point QKD devices have reached a mature industrial state; however, these devices are severely limited in distance, since signals at the quantum level (e.g. single photons) are highly affected by the losses in the communication channel and intermediate devices. To overcome this limitation, intermediate nodes (i.e. repeaters) are used. Both, quantum-regime and trusted, classical, repeaters have been proposed in the QKD literature, but only the latter can be implemented in practice. As a novelty, we propose here a new QKD network model based on the use of not fully trusted intermediate nodes, referred as weakly trusted repeaters. This approach forces the attacker to simultaneously break several paths to get access to the exchanged key, thus improving significantly the security of the network. We formalize the model using network codes and provide real scenarios that allow users to exchange secure keys over metropolitan optical networks using only passive components. Moreover, the theoretical framework allows to extend these scenarios not only to accommodate more complex trust constraints, but also to consider robustness and resiliency constraints on the network.

Quantum Physics,Cryptography and Security,Networking and Internet Architecture

Yuan Cao,Xiaosong Yu,Yongli Zhao,Chunhui Zhang,Xingyu Zhou,Jie Zhang,Qin Wang

DOI: https://doi.org/10.1088/1674-1056/ad9018

2024-11-10

Chinese Physics B

Abstract:As the first stage of the quantum Internet, quantum key distribution (QKD) networks hold the promise of providing long-term security for diverse users. Most existing QKD networks have been constructed based on independent QKD protocols, and they commonly rely on the deployment of single-protocol trusted relay chains for long reach. Driven by the evolution of QKD protocols, large-scale QKD networking is expected to migrate from a single-protocol to a multi-protocol paradigm, during which some useful evolutionary elements for the later stages of the quantum Internet may be incorporated. In this work, we delve into a pivotal technique for large-scale QKD networking, namely multi-protocol relay chaining. A multi-protocol relay chain is established by connecting a set of trusted/untrusted relays relying on multiple QKD protocols between a pair of QKD nodes. The structures of diverse multi-protocol relay chains are described, based on which the associated model is formulated and the policies are defined for the deployment of multi-protocol relay chains. Furthermore, we propose three multi-protocol relay chaining heuristics. Numerical simulations indicate that the designed heuristics can effectively reduce the number of trusted relays deployed and enhance the average security level versus the commonly used single-protocol trusted relay chaining methods on backbone network topologies.

physics, multidisciplinary

William Stacey,Razieh Annabestani,Xiongfeng Ma,Norbert Luetkenhaus

DOI: https://doi.org/10.1103/physreva.91.012338

2015-01-01

Abstract:We propose a QKD protocol for trusted node relays. Our protocol shifts the communication and computational weight of classical postprocessing to the end users by reassigning the roles of error correction and privacy amplification, while leaving the exchange of quantum signals untouched. We perform a security analysis for this protocol based on the Bennett-Brassard 1984 protocol on the level of infinite key formulas, taking into account weak coherent implementations involving decoy analysis.

Davide Li Calsi,Sumit Chaudhary,JinHyeock Choi,Marc Geitz,Janis Nötzel

2024-11-27

Abstract:Quantum Key Distribution (QKD) systems are infamously known for their high demand on hardware, their extremely low key generation rates and their lack of security resulting from a need for trusted nodes which is implied by the absence of quantum repeaters. While they theoretically offer unlimited security, they are therefore practically limited in several regards. In this work we focus on the lack of options to guarantee an end-to-end security service with the currently available technology and infrastructure and propose a novel protocol. We find that one of the stumbling stones on the path towards an end-to-end security service guaranteed by quantum key distribution may be removed by using this protocol. Our proposal combines several parallel instances of twinfield QKD followed by classical postprocessing and communication to allow Alice and Bob to share a secret key. This hybrid approach improves the key rate and range w.r.t. to previous QKD approaches at a contained cost in security. We show that a coalition of intermediary nodes between Alice and Bob is needed to break the new scheme, sharply outperforming the trusted node approach in terms of security. Furthermore, the protocols do not require complex quantum measurements on Alice and Bob's sides, thus being truly end-to-end.

Quantum Physics,Cryptography and Security

H. Bechmann-Pasquinucci,A. Pasquinucci

DOI: https://doi.org/10.48550/arXiv.quant-ph/0505089

2005-05-12

Quantum Physics

Abstract:A trusted quantum relay is introduced to enable quantum key distribution links to form the basic legs in a quantum key distribution network. The idea is based on the well-known intercept/resend eavesdropping. The same scheme can be used to make quantum key distribution between several parties. No entanglement is required.

Emir Dervisevic,Amina Tankovic,Ehsan Fazel,Ramana Kompella,Peppino Fazio,Miroslav Voznak,Miralem Mehic

2024-08-09

Abstract:Secure communication makes the widespread use of telecommunication networks and services possible. With the constant progress of computing and mathematics, new cryptographic methods are being diligently developed. Quantum Key Distribution (QKD) is a promising technology that provides an Information-Theoretically Secure (ITS) solution to the secret-key agreement problem between two remote parties. QKD networks based on trusted repeaters are built to provide service to a larger number of parties at arbitrary distances. They function as an add-on technology to traditional networks, generating, managing, distributing, and supplying ITS cryptographic keys. Since key resources are limited, integrating QKD network services into critical infrastructures necessitates effective key management. As a result, this paper provides a comprehensive review of QKD network key management approaches. They are analyzed to facilitate the identification of potential strategies and accelerate the future development of QKD networks.

Cryptography and Security

Yi Luo,Qiong Li,Haokun Mao,Nan Chen

DOI: https://doi.org/10.48550/arxiv.2302.07688

2023-01-01

Abstract:Quantum key distribution (QKD) networks are expected to enable information-theoretical secure (ITS) communication over a large-scale network. Most researches on relay-based QKD network assume that all relays or nodes are completely trustworthy. However, the malicious behavior of any single node can undermine security of QKD networks. Current research on Quantum Key Distribution (QKD) networks primarily addresses passive attacks, such as eavesdropping, conducted by malicious nodes. Although there are proposed solutions like majority voting and secret sharing for point-to-point QKD systems to counter active attacks, these strategies are not directly transferable to QKD network research due to different security requirements. We propose the a new paradigm for the security requirements of QKD networks and addresses the active attack by collaborate malicious nodes. Firstly, regarding security, we introduce the ITS distributed authentication scheme, which additionally offers two crucial security properties to QKD networks: identity unforgeability and non-repudiation. Secondly, concerning correctness, we propose an ITS fault-tolerant consensus scheme based on our ITS distributed authentication to ensure global consistency, enabling participating nodes to collaborate correctly in a more practical manner. Through our simulation, we have shown that our scheme exhibits a significantly lower growth trend in key consumption compared to the original pre-shared keys scheme. For instance, in larger networks such as when the nodes number is 80, our scheme's key consumption is only 13.1\% of the pre-shared keys scheme.

Jia-Meng Yao,Qiong Li,Hao-Kun Mao,Ahmed A. Abd El-Latif

2023-12-14

Abstract:With the advancement of quantum computing, the security of public key cryptography is under serious threat. To guarantee security in the quantum era, Quantum Key Distribution has become a competitive solution. QKD networks can be classified into measurement-device-dependent network and measurement-device-independent network. In measurement-device-dependent networks, the information is available for all trusted relays. This means that all trusted relays are strongly trusted relays that require strict control, which is difficult to realize. To address this issue, measurement-device-independent networks reduce the proportion of strongly trusted relay nodes by introducing untrusted relays. However, due to the higher key rate of measurement-device-dependent protocols over short distances, the communication capability of measurement-device-independent networks has a degradation compared to measurement-device-dependent networks. Therefore, how to reduce the dependence of QKD networks on strong trusted relays without significantly affecting the communication capability has become a major issue in the practicalization process of QKD networks. To address this issue, a novel Multi-Protocol Collaborative networking cell is proposed in this paper. The QKD network built by the MPC networking cell reduces the dependence on strongly trusted relays by combining the two protocols to introduce weak trusted relays while maintaining the high communication capacity. What's more, to further enhance the overall performance of the QKD network, an optimal topology design method is presented via the proposed flow-based mathematical model and optimization method. The simulation results show that the proposed scheme reduces the dependence on strongly trusted relays without a significant reduction in communication capability, our work holds great significance in promoting the practicalization of QKD networks.

Quantum Physics

Hao Wen,ZhengFu Han,YiBo Zhao,GuangCan Guo,PeiLin Hong

DOI: https://doi.org/10.1007/s11432-009-0001-4

2009-01-01

Abstract:Quantum key distribution (QKD) technology provides proven unconditional point-to-point security based on fundamental quantum physics. A QKD network also holds promise for secure multi-user communications over long distances at high-speed transmission rates. Although many schemes have been proposed so far, the trusted relay QKD network is still the most practical and flexible scenario. In reality, the insecurity of certain relay sections cannot be ignored, so to solve the fatal security problems of partially-trusted relay networks we suggest a multiple stochastic paths scheme. Its features are: (i) a safe probability model that may be more practical for real applications; (ii) a multi-path scheme with an upper bound for the overall safe probability; (iii) an adaptive stochastic routing algorithm to generate sufficient different paths and hidden routes. Simulation results for a typical partially-trusted relay QKD network show that this generalized scheme is effective.

Yuan Cao,Yongli Zhao,Jun Li,Rui Lin,Jie Zhang,Jiajia Chen

DOI: https://doi.org/10.1109/jsac.2021.3064662

IF: 16.4

2021-09-01

IEEE Journal on Selected Areas in Communications

Abstract:Quantum key distribution (QKD) has demonstrated a great potential to provide future-proofed security, especially for 5G and beyond communications. As the critical infrastructure for 5G and beyond communications, optical networks can offer a cost-effective solution to QKD deployment utilizing the existing fiber resources. In particular, measurement-device-independent QKD shows its ability to extend the secure distance with the aid of an untrusted relay. Compared to the trusted relay, the untrusted relay has obviously better security, since it does not rely on any assumption on measurement and even allows to be accessed by an eavesdropper. However, it cannot extend QKD to an arbitrary distance like the trusted relay, such that it is expected to be combined with the trusted relay for large-scale QKD deployment. In this work, we study the hybrid trusted/untrusted relay based QKD deployment over optical backbone networks and focus on cost optimization during the deployment phase. A new network architecture of hybrid trusted/untrusted relay based QKD over optical backbone networks is described, where the node structures of the trusted relay and untrusted relay are elaborated. The corresponding network, cost, and security models are formulated. To optimize the deployment cost, an integer linear programming model and a heuristic algorithm are designed. Numerical simulations verify that the cost-optimized design can significantly outperform the benchmark algorithm in terms of deployment cost and security level. Up to 25% cost saving can be achieved by deploying QKD with the hybrid trusted/untrusted relay scheme while keeping much higher security level relative to the conventional point-to-point QKD protocols that are only with the trusted relays.

telecommunications,engineering, electrical & electronic

Weiyue Liu,Hai-Lin Yong,Zhu Cao,Ji-Gang Ren,Xiongfeng Ma,Cheng-Zhi Peng,Jian-Wei Pan

2013-01-01

Abstract:Nowadays, information security plays an increasingly important role in global communication. Quantum cryptography [1, 2], particularly quantum key distribution (QKD), offers means to expand a secure key between two distant parties, whose security is stemmed from the fundamental laws of quantum mechanics [3–5]. In practice, QKD experiments have been demonstrated over longdistance optical links through both free space [6] and fiber [7–9]. In the past decade, commercial QKD products have appeared in the market [11]. The next step toward real-life application of QKD is to build up a quantum network. However, due to the fragility of quantum signals, the transmission distance of current QKD implementations is limited to the order of hundreds of kilometers. The key reason is that the transmittance of quantum signal decays exponentially with the transmission distance. For a global quantum network, it is natural to employ a satellite as a moving trusted relay and ground stations around the world as user nodes, as shown in Fig. 1. Currently, there are a few challenges even for a faithful feasibility test of this task. Firstly, the test should be performed at various locations with different atmosphere environment to simulate various ground stations. Secondly, for postprocessing, the test must take into account of the limited computational power in the relay and minimize classical communication between the relay and user nodes. We demonstrate a free-space quantum network by es-

Yi Luo,Qiong Li,Hao-Kun Mao

2024-02-01

Abstract:Quantum key distribution (QKD) networks are expected to enable information-theoretical secure (ITS) communication over a large-scale network. Most researches on relay-based QKD network assume that all relays or nodes are completely trustworthy. However, the malicious behavior of any single node can undermine security of QKD networks. Current research on QKD networks primarily addresses passive attacks conducted by malicious nodes such as eavesdropping. We suggest a novel paradigm, inspired by distributed systems, to address the active attack by collaborate malicious nodes in QKD networks. Firstly, regarding security, we introduce the ITS distributed authentication scheme, which additionally offers two crucial security properties to QKD networks: identity unforgeability and non-repudiation. Secondly, concerning correctness, our ITS fault-tolerant consensus method, ensures ITS and global consistency with fixed classical broadcast rounds, contrasting with the exponentially message-intensive Byzantine agreement method. Through our simulation, we have shown that our scheme exhibits a significantly lower growth trend in authentication key consumption compared to the original end-to-end pre-shared keys scheme.

Quantum Physics

Mingjun Wang,Jian Li,Kaiping Xue,Ruidong Li,Nenghai Yu,Yangyang Li,Yifeng Liu,Qibin Sun,Jun Lu

DOI: https://doi.org/10.1109/mcom.010.2200672

IF: 9.03

2023-01-01

IEEE Communications Magazine

Abstract:As a promising application of quantum information technology, Quantum Key Distribution (QKD) can provide information-theoretically secure key exchange for adjacent communication parties. To achieve long-distance secure communication and scale expansion against inherent channel loss, trusted relays, which are assumed to be absolutely secure, are introduced into QKD networks. However, in practice, trusted relays may be compromised by attacks from ubiquitous eavesdroppers even protected by powerful hardware. Thus, how to ensure the security of end-to-end key distribution in partially-trusted relay QKD networks with the coexistence of trusted relays and untrusted relays becomes a challenging but urgent problem to be solved. To address this critical problem, in this article, we design a segment-based multipath key distribution method. The basic idea of the method is to maximize the security of the end-to-end key distribution through the segment-based multipath key distribution. Under the premise of security level requirements, we further propose a flexible key reconstruction scheme to improve the efficiency of key distribution and obtain available secret keys as many as possible. The extensive simulations are conducted and the results reveal that our method significantly outperforms the traditional multipath QKD method in terms of both security and efficiency.

Yi Luo,Hao-Kun Mao,Qiong Li

DOI: https://doi.org/10.48550/arXiv.2204.09832

2022-04-21

Abstract:Quantum key distribution (QKD) networks is expected to provide information-theoretical secured (ITS) communication over long distances. QKD networks based trusted relay architecture are now the most widely used scheme in practice. However, it is an unrealistic assumption that all relays are fully trustable in complex networks. In the past, only a few studies have theoretically analyzed the case of passive eavesdropping attack by dishonest relays and corresponding defense method. However, we have found that active attacks by dishonest relays can be more threatening. With the consideration of passive and active attacks, we treat dishonest relays as Byzantine nodes and analyzes the upper limit of Byzantine nodes that the QKD network can accommodate. In this paper, we propose an ITS Byzantine-fault tolerance (BFT) QKD network scheme to achieve end-to-end key distribution based on point-to-point QKD links. To ensure consistency and provide BFT ability in the QKD network, we design an ITSBFT-consensus protocol for this network scheme. To ensure the information-theoretic security of consensus, we design a temporary signature scheme based on point-to-point QKD link keys. To prevent Byzantine nodes from disrupting the execution process of key distribution, we design an end-to-end key distribution scheme combined with consensus. We theoretically analyze proposed ITSBFT-QKD network scheme from four aspects: QKD key distribution security, temporary signature security, consensus security, and leader election fairness. The simulation result proved the feasibility and demonstrate the performance.

Quantum Physics,Networking and Internet Architecture

Hoi-Kwong Lo,Wenyuan Wang,Feihu Xu

DOI: https://doi.org/10.1364/ofc.2020.m1e.2

2020-01-01

Abstract:We review the recent developments of quantum key distribution networks with untrusted relays based on the concept of Measurement-Device-Independent quantum key distribution (MDI-QKD).

Yan-Lin Tang,Hua-Lei Yin,Qi Zhao,Hui Liu,Xiang-Xiang Sun,Ming-Qi Huang,Wei-Jun Zhang,Si-Jing Chen,Lu Zhang,Li-Xing You,Zhen Wang,Yang Liu,Chao-Yang Lu,Xiao Jiang,Xiongfeng Ma,Qiang Zhang,Teng-Yun Chen,Jian-Wei Pan

DOI: https://doi.org/10.1103/physrevx.6.011024

2016-01-01

Physical Review X

Abstract:Quantum cryptography holds the promise to establish an information-theoretically secure global network. All field tests of metropolitan-scale quantum networks to date are based on trusted relays. The security critically relies on the accountability of the trusted relays, which will break down if the relay is dishonest or compromised. Here, we construct a measurement-device-independent quantum key distribution (MDIQKD) network in a star topology over a 200-square-kilometer metropolitan area, which is secure against untrustful relays and against all detection attacks. In the field test, our system continuously runs through one week with a secure key rate 10 times larger than previous results. Our results demonstrate that the MDIQKD network, combining the best of both worlds-security and practicality, constitutes an appealing solution to secure metropolitan communications.

Peng-Yong Kong

DOI: https://doi.org/10.1109/jiot.2024.3349476

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Cyber-physical systems rely heavily on communication networks for remote monitoring and control. It is crucial to protect the communication networks from cyberattacks because an attack on the physical subsystem can be indirectly launched from a compromised cyber subsystem. Since remote control devices have limited computational power, we ensure communication confidentiality and integrity using one-time-pad (OTP) symmetric cryptography, which despite simple is unconditionally secure. To provide OTP with secret keys, we use quantum key distribution (QKD) across multiple hops, where each intermediate relay is a trusted node. These nodes can be weak points in cyberattacks. Hence, this paper focuses on routing in multi-hop QKD networks that reduces the required number of trusted nodes. We formulate and solve an optimization problem to find the set of QKD routes that minimizes the number of activated trusted nodes while satisfying the secret key rate requirements of multiple communicating pairs. Extensive evaluation results confirm that the proposed scheme can indeed has fewer activated trusted nodes as compared to a benchmark scheme that finds only the shortest paths for communicating pairs.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yizhi Huang,Xingjian Zhang,Hongyi Zhou,Xiongfeng Ma

DOI: https://doi.org/10.1364/qim.2021.w3b.1

2021-01-01

Abstract:Quantum network is undergoing exciting develop-ments. To address the practical issues in it, we design new key management algorithms, and a routing scheme with delayed privacy ampli ication to reduce the trustworthiness requirement on relays.

Xiongfeng Ma,Hongyi Zhou,Kefan Lv

DOI: https://doi.org/10.1109/phosst.2018.8456711

2018-01-01

Abstract:We present a framework of quantum key distribution networks, including a communication scheme of the highest security level with sufficient keys and a key management scheme realizing a maximum information flow with limited keys. Meanwhile, we briefly report the recent field tests of quantum networks.