Evgeniy O. Kiktenko,Andrey Tayduganov,Aleksey K. Fedorov

2024-11-12

Abstract:We develop a novel key routing algorithm for quantum key distribution (QKD) networks that utilizes a distribution of keys between remote, i.e., not directly connected by a QKD link, nodes through multiple non-overlapping paths. This approach enchases the security of QKD network by minimizing potential vulnerabilities associated with individual trusted nodes. The algorithm ensures a balanced allocation of the workload across the QKD network links, while aiming for the target key generation rate between directly connected and remote nodes. We present the results of testing the algorithm on two QKD network models consisting of 6 and 10 nodes. The testing demonstrates the ability of the algorithm to distribute secure keys among the nodes of the network in an all-to-all manner, ensuring that the information-theoretic security of the keys between remote nodes is maintained even when one of the trusted nodes is compromised. These results highlight the potential of the algorithm to improve the performance of QKD networks.

Quantum Physics

Hao Wen,ZhengFu Han,YiBo Zhao,GuangCan Guo,PeiLin Hong

DOI: https://doi.org/10.1007/s11432-009-0001-4

2009-01-01

Abstract:Quantum key distribution (QKD) technology provides proven unconditional point-to-point security based on fundamental quantum physics. A QKD network also holds promise for secure multi-user communications over long distances at high-speed transmission rates. Although many schemes have been proposed so far, the trusted relay QKD network is still the most practical and flexible scenario. In reality, the insecurity of certain relay sections cannot be ignored, so to solve the fatal security problems of partially-trusted relay networks we suggest a multiple stochastic paths scheme. Its features are: (i) a safe probability model that may be more practical for real applications; (ii) a multi-path scheme with an upper bound for the overall safe probability; (iii) an adaptive stochastic routing algorithm to generate sufficient different paths and hidden routes. Simulation results for a typical partially-trusted relay QKD network show that this generalized scheme is effective.

Jiameng Yao,Yaxing Wang,Qiong Li,Haokun Mao,Ahmed A. Abd El-Latif,Nan Chen

DOI: https://doi.org/10.3390/e24070911

IF: 2.738

2022-01-01

Entropy

Abstract:Quantum key distribution (QKD) can provide point-to-point information-theoretic secure key services for two connected users. In fact, the development of QKD networks needs more focus from the scientific community in order to broaden the service scale of QKD technology to deliver end-to-end secure key services. Of course, some recent efforts have been made to develop secure communication protocols based on QKD. However, due to the limited key generation capability of QKD devices, high quantum secure key utilization is the major concern for QKD networks. Since traditional routing techniques do not account for the state of quantum secure keys on links, applying them in QKD networks directly will result in underutilization of quantum secure keys. Therefore, an efficient routing protocol for QKD networks, especially for large-scale QKD networks, is desperately needed. In this study, an efficient routing protocol based on optimized link-state routing, namely QOLSR, is proposed for QKD networks. QOLSR considerably improves quantum key utilization in QKD networks through link-state awareness and path optimization. Simulation results demonstrate the validity and efficiency of the proposed QOLSR routing protocol. Most importantly, with the growth of communication traffic, the benefit becomes even more apparent.

Jia-Meng Yao,Qiong Li,Hao-Kun Mao,Ahmed A. Abd El-Latif

2023-12-14

Abstract:With the advancement of quantum computing, the security of public key cryptography is under serious threat. To guarantee security in the quantum era, Quantum Key Distribution has become a competitive solution. QKD networks can be classified into measurement-device-dependent network and measurement-device-independent network. In measurement-device-dependent networks, the information is available for all trusted relays. This means that all trusted relays are strongly trusted relays that require strict control, which is difficult to realize. To address this issue, measurement-device-independent networks reduce the proportion of strongly trusted relay nodes by introducing untrusted relays. However, due to the higher key rate of measurement-device-dependent protocols over short distances, the communication capability of measurement-device-independent networks has a degradation compared to measurement-device-dependent networks. Therefore, how to reduce the dependence of QKD networks on strong trusted relays without significantly affecting the communication capability has become a major issue in the practicalization process of QKD networks. To address this issue, a novel Multi-Protocol Collaborative networking cell is proposed in this paper. The QKD network built by the MPC networking cell reduces the dependence on strongly trusted relays by combining the two protocols to introduce weak trusted relays while maintaining the high communication capacity. What's more, to further enhance the overall performance of the QKD network, an optimal topology design method is presented via the proposed flow-based mathematical model and optimization method. The simulation results show that the proposed scheme reduces the dependence on strongly trusted relays without a significant reduction in communication capability, our work holds great significance in promoting the practicalization of QKD networks.

Quantum Physics

Qi Han,Liyang Yu,Wenchao Zheng,Na Cheng,Xiamu Niu

2014-01-01

Abstract:The hybrid model of QKD(Quantum Key Distribution) network is a reasonable approach to build a quantum cryptographic network in the current phase which combines the optical switcher and the trusted repeater to attain the security and the scope of the network. The core network of this model is connected and routed by optical switchers, and is extended in spacial scale by the trusted repeater. This paper focuses on the routing method in the core network. Since the quantum path established by the optical switchers is monopolized by the current pair of Alice and Bob, the routing algorithm of the conventional network couldn’t deal with such a dynamic graph. More factors would be considered to find and keep an optical path in a dynamic graph. Based on a cost function of the optical path define in this paper, an multi-path search algorithm is proposed to find available optical paths and select a best path as the route of one process of key distribution. Experiments raised on NS2 demonstrates the validity and effectiveness of the proposed algorithm.

Shahbaz Akhtar,Krishnakumar G,Vishnu B,Abhishek Sinha

DOI: https://doi.org/10.48550/arXiv.2109.07934

2022-05-27

Abstract:We consider the problem of secure packet routing at the maximum achievable rate in Quantum Key Distribution (QKD) networks. Assume that a QKD protocol generates symmetric private key pairs for secure communication over each link in a network. The quantum key generation process is modeled using a stochastic counting process. Packets are first encrypted with the quantum keys available for each hop and then transmitted on a point-to-point basis over the links. A fundamental problem in this setting is the design of a secure and capacity-achieving routing policy that takes into account the time-varying availability of the encryption keys and finite link capacities. In this paper, we propose a new secure throughput-optimal policy called Tandem Queue Decomposition (TQD). The TQD policy is derived by combining the QKD process with the Universal Max Weight routing policy, proposed earlier by Sinha and Modiano. We show that the TQD policy solves the problem of secure and efficient packet routing for a broad class of traffic, including unicast, broadcast, multicast, and anycast. The proposed decomposition reduces the problem to the generalized network flow problem without the key availability constraints over a transformed network. The proof of the throughput-optimality of the TQD policy uses the Lyapunov stability theory for analyzing the interdependent packet queueing process and the key-storage dynamics. Finally, we demonstrate the competitiveness of the TQD policy over the existing algorithms by numerically comparing them on a simulator that we build on top of the state-of-the-art OMNeT++ network simulator platform.

Networking and Internet Architecture,Quantum Physics

Sun Xu,Yangming Zhao,Liusheng Huang,Chunming Qiao

DOI: https://doi.org/10.1109/infocom52122.2024.10621389

2024-01-01

Abstract:Quantum Key Distribution (QKD) is considered to be an ultimate solution to communication security. However, current QKD devices, especially quantum photon sources, are expensive, and they can generate secret keys only at a low rate. In this paper, we design a system named RPSP for trusted relay-based QKD networks to not only minimize the number of photon sources needed in a network to ensure at least one feasible relay path exists for any potential QKD requests but also save the time to complete a batch of end-to-end QKD requests by jointly optimizing the routing of relay paths and the provisioning of photon sources along each relay path. Compared with existing works, RPSP focuses on a more practical scenario where only some of the nodes are equipped with photon sources and it leverages optical switching to enable dynamic photon source provisioning such that we can utilize such QKD devices in a more efficient way. Extensive simulations show that compared with baseline schemes, RPSP can save up to 87% of the photon sources needed in a trusted relay based QKD network, and 36% of the time to complete a batch of QKD requests.

Pankaj Kumar,Neel Kanth Kundu,Binayak Kar

2024-07-26

Abstract:The use of quantum cryptography in everyday applications has gained attention in both industrial and academic fields. Due to advancements in quantum electronics, practical quantum devices are already available in the market, and ready for wider use. Quantum Key Distribution (QKD) is a crucial aspect of quantum cryptography, which involves generating and distributing symmetric cryptographic keys between geographically separated users using principles of quantum physics. Many successful QKD networks have been established to test different solutions. The objective of this paper is to delve into the potential of utilizing established routing design techniques in the context of quantum key distribution, a field distinguished by its unique properties rooted in the principles of quantum mechanics. However, the implementation of these techniques poses substantial challenges, including quantum memory decoherence, key rate generation, latency delays, inherent noise in quantum systems, limited communication ranges, and the necessity for highly specialized hardware. This paper conducts an in-depth examination of essential research pertaining to the design methodologies for quantum key distribution. It also explores the fundamental aspects of quantum routing and the associated properties inherent to quantum QKD. This paper elucidates the necessary steps for constructing efficient and resilient QKD networks. In summarizing the techniques relevant to QKD networking and routing, including their underlying principles, protocols, and challenges, this paper sheds light on potential applications and delineates future research directions in this burgeoning field.

Cryptography and Security

Liu Xingtong,Wang Jian,Li Ruilin,Zhang Chen

DOI: https://doi.org/10.1049/cje.2018.01.013

IF: 1.019

2018-01-01

Chinese Journal of Electronics

Abstract:Quantum key distribution（QKD） technology provides proved unconditional security in pointto-point key transmissions based on quantum mechanics. However, several limitations, most prominently range,make it complex to construct large QKD network. The trusted relay QKD network is the most practical scene,and stochastic routing scheme was proposed to solve the fatal problem that some relay nodes may be controlled by adversary. But most results in stochastic routing scheme hinge on an adversary model without consideration of attacker’s prior-knowledge and attack strategy. To reveal the security problem, we propose a new adversary model and apply it in grid-shaped partially-trusted relay QKD network. Then we analyze the best attack strategy and the impact on security under various situations respectively.Analysis and simulation results show that in some cases the security of stochastic routing scheme will be compromised, and a generalized upper bound for the overall safe probability is obtained. We also discuss how to alleviate the security problem, making the network more robust to attacks.

Diance Wu,Wanrong Yu,Baokang Zhao,Chunqing Wu

DOI: https://doi.org/10.1007/s10773-013-1862-2

2013-01-01

International Journal of Theoretical Physics

Abstract:Recently, small-scale Quantum Key Distribution (QKD) networks have been demonstrated and continuously operated in field environment. However, nodes of these QKD networks are less than 10 nodes. When the scale and structure of these networks becomes large and complex, such networks will subject to problem of intractable routing selection and limited transmission distance. We present a novel quantum network model and the corresponding protocol to solve these problems. The proposed quantum network model integrates classical communication network with quantum key distribution layer. Nodes in this quantum network model are divided into communication nodes for classical communication and quantum nodes for quantum key distribution. We use atomic ensembles to create entangled photons inside quantum nodes. Quantum repeaters are used to establish entanglement between remote quantum nodes so the maximum distribution distance of entangled photons can be extended. The main idea is to establish an appropriate key distribution path in the quantum key distribution layer based on the routing information obtained by the upper classical communication network. After the entanglement has been established between remote quantum nodes, these nodes will use the Ekert91 or BBM92 protocol to generate secret keys shared between each other. Then, these keys can be used to ensure the security of communication in the classical communication network.

Tim Johann,Mario Wenning,Daniel Giemsa,Annika Dochhan,Matthias Gunkel,Tobias Fehenberger,Stephan Pachnicke

DOI: https://doi.org/10.1364/jocn.509269

IF: 4.508

2024-02-28

Journal of Optical Communications and Networking

Abstract:Tim Johann, Mario Wenning, Daniel Giemsa, Annika Dochhan, Matthias Gunkel, Tobias Fehenberger, Stephan Pachnicke Quantum key distribution (QKD) appears as a promising technique for encrypted communication, preserving security even in the presence of a ... [J. Opt. Commun. Netw. 16, 382-391 (2024)]

computer science, information systems,telecommunications, hardware & architecture,optics

Jiaqi Wu,Lutong Chen,Jing Zhang,Zixuan Huang,Zhonghui Li,Jian Li,Kaiping Xue,Nenghai Yu

DOI: https://doi.org/10.1109/icc51166.2024.10622992

2024-01-01

Abstract:Nowadays, Quantum Key Distribution (QKD) has garnered widespread attention due to its ability to provide symmetric secret keys with information-theoretic security in point-to-point communication. Additionally, key relay technology has been introduced to complete end-to-end key distribution between remote parties by consuming keys in the intermediate links. The routing problem of selecting paths for key relay technology becomes crucial as it directly impacts the network's performance. In this paper, we focus on addressing the routing problem for a specific scenario to serve applications with real-time requirements. Real-time is a critical necessity for supporting various applications, such as video chatting and calling. To satisfy real-time requirements and achieve Quality of Service (QoS) provision to guarantee the completion time, we introduce a distributed routing protocol called Distributed Routing Protocol Based on Key Reservation (Q-RoKR). It reserves keys in advance along the selected path, thereby satisfying real-time requirements. We also propose a priority-awareness mechanism to address resource competition and make efficient use of keys in links. Extensive experiments demonstrate that our protocol effectively meets the real-time requirements and significantly improves throughput. Furthermore, our key efficiency approaches the optimal bound when compared to other comparison schemes.

Lin Bi,Xiaotong Yuan,Weijie Wu,Shengxi Lin,Xiaoqiang Di,Zhengang Jiang

DOI: https://doi.org/10.1088/1674-1056/ad2503

2024-02-04

Chinese Physics B

Abstract:Quantum key distribution (QKD) is a technology that can resist the threat of quantum computers to existing conventional cryptographic protocols. However, due to the stringent requirements of the quantum key generation environment, the generated quantum keys are considered valuable, and the slow key generation rate conflicts with the high-speed data transmission in traditional optical networks. In this paper, for the QKD network with a trusted relay, which is mainly based on point-to-point quantum keys and has complex changes in network resources, we aim to allocate resources reasonably for data packet distribution. Firstly, we formulate a linear programming constraint model for the key resource allocation (KRA) problem based on time-slot scheduling. Secondly, we propose a new scheduling scheme based on graded key security requirements (GKSR) and a new micro-log key storage algorithm for effective storage and management of key resources. Finally, we propose a key resource consumption (KRC) routing optimization algorithm to properly allocate time slots, routes, and key resources. Simulation results show that the proposed scheme significantly improves the key distribution success rate and key resource utilization rate, among others.

physics, multidisciplinary

Xiaosong Yu,Yuhang Liu,Xingyu Zou,Yuan Cao,Yongli Zhao,Avishek Nag,Jie Zhang

DOI: https://doi.org/10.1109/jlt.2022.3153992

IF: 4.7

2022-01-01

Journal of Lightwave Technology

Abstract:Xiaosong Yu, Yuhang Liu, Xingyu Zou, Yuan Cao, Yongli Zhao, Avishek Nag, Jie ZhangQuantum Key Distribution (QKD) is a promising technology that provides proven unconditional security based on fundamentals of quantum ... [J. Lightwave Technol. 40, 3530-3545 (2022)]

engineering, electrical & electronic,optics,telecommunications

Yaxing Wang,Qiong Li,Haokun Mao,Qi Han,Furong Huang,Hongwei Xu

DOI: https://doi.org/10.1364/oe.401672

IF: 3.8

2020-01-01

Optics Express

Abstract:With the growing complexity of quantum key distribution (QKD) networkstructures, aforehand topology design is of great significance to support alarge-number of nodes over a large-spatial area. However, the exclusivity ofquantum channels, the limitation of key generation capabilities, the variety ofQKD protocols and the necessity of untrusted-relay selection, make the optimaltopology design a very complicated task. In this research, a hybrid QKD networkis studied for the first time from the perspective of topology, by analyzingthe topological differences of various QKD protocols. In addition, to make fulluse of hybrid networking, an analytical model for optimal topology calculationis proposed, to reach the goal of best secure communication service byoptimizing the deployment of various QKD devices and the selection ofuntrusted-relays under a given cost limit. Plentiful simulation results showthat hybrid networking and untrusted-relay selection can bring greatperformance advantages, and then the universality and effectiveness of theproposed analytical model are verified.

Yi Luo,Qiong Li,Hao-Kun Mao

2024-02-01

Abstract:Quantum key distribution (QKD) networks are expected to enable information-theoretical secure (ITS) communication over a large-scale network. Most researches on relay-based QKD network assume that all relays or nodes are completely trustworthy. However, the malicious behavior of any single node can undermine security of QKD networks. Current research on QKD networks primarily addresses passive attacks conducted by malicious nodes such as eavesdropping. We suggest a novel paradigm, inspired by distributed systems, to address the active attack by collaborate malicious nodes in QKD networks. Firstly, regarding security, we introduce the ITS distributed authentication scheme, which additionally offers two crucial security properties to QKD networks: identity unforgeability and non-repudiation. Secondly, concerning correctness, our ITS fault-tolerant consensus method, ensures ITS and global consistency with fixed classical broadcast rounds, contrasting with the exponentially message-intensive Byzantine agreement method. Through our simulation, we have shown that our scheme exhibits a significantly lower growth trend in authentication key consumption compared to the original end-to-end pre-shared keys scheme.

Quantum Physics

Yi Luo,Qiong Li,Haokun Mao,Nan Chen

DOI: https://doi.org/10.48550/arxiv.2302.07688

2023-01-01

Abstract:Quantum key distribution (QKD) networks are expected to enable information-theoretical secure (ITS) communication over a large-scale network. Most researches on relay-based QKD network assume that all relays or nodes are completely trustworthy. However, the malicious behavior of any single node can undermine security of QKD networks. Current research on Quantum Key Distribution (QKD) networks primarily addresses passive attacks, such as eavesdropping, conducted by malicious nodes. Although there are proposed solutions like majority voting and secret sharing for point-to-point QKD systems to counter active attacks, these strategies are not directly transferable to QKD network research due to different security requirements. We propose the a new paradigm for the security requirements of QKD networks and addresses the active attack by collaborate malicious nodes. Firstly, regarding security, we introduce the ITS distributed authentication scheme, which additionally offers two crucial security properties to QKD networks: identity unforgeability and non-repudiation. Secondly, concerning correctness, we propose an ITS fault-tolerant consensus scheme based on our ITS distributed authentication to ensure global consistency, enabling participating nodes to collaborate correctly in a more practical manner. Through our simulation, we have shown that our scheme exhibits a significantly lower growth trend in key consumption compared to the original pre-shared keys scheme. For instance, in larger networks such as when the nodes number is 80, our scheme's key consumption is only 13.1\% of the pre-shared keys scheme.

Yuan Cao,Yongli Zhao,Jun Li,Rui Lin,Jie Zhang,Jiajia Chen

DOI: https://doi.org/10.1109/jsac.2021.3064662

IF: 16.4

2021-09-01

IEEE Journal on Selected Areas in Communications

Abstract:Quantum key distribution (QKD) has demonstrated a great potential to provide future-proofed security, especially for 5G and beyond communications. As the critical infrastructure for 5G and beyond communications, optical networks can offer a cost-effective solution to QKD deployment utilizing the existing fiber resources. In particular, measurement-device-independent QKD shows its ability to extend the secure distance with the aid of an untrusted relay. Compared to the trusted relay, the untrusted relay has obviously better security, since it does not rely on any assumption on measurement and even allows to be accessed by an eavesdropper. However, it cannot extend QKD to an arbitrary distance like the trusted relay, such that it is expected to be combined with the trusted relay for large-scale QKD deployment. In this work, we study the hybrid trusted/untrusted relay based QKD deployment over optical backbone networks and focus on cost optimization during the deployment phase. A new network architecture of hybrid trusted/untrusted relay based QKD over optical backbone networks is described, where the node structures of the trusted relay and untrusted relay are elaborated. The corresponding network, cost, and security models are formulated. To optimize the deployment cost, an integer linear programming model and a heuristic algorithm are designed. Numerical simulations verify that the cost-optimized design can significantly outperform the benchmark algorithm in terms of deployment cost and security level. Up to 25% cost saving can be achieved by deploying QKD with the hybrid trusted/untrusted relay scheme while keeping much higher security level relative to the conventional point-to-point QKD protocols that are only with the trusted relays.

telecommunications,engineering, electrical & electronic

Jian Wang,Xing-tong Liu

DOI: https://doi.org/10.1088/1572-9494/abeedc

2021-01-01

Communications in Theoretical Physics

Abstract:Trusted relays are the main state-of-the-art way to realize quantum key distribution networks. However, it is hard to require that all nodes in the network are fully trusted. In a multipath key-transmission mechanism, the nodes can be weakly trusted because the secret key can be split into many parts and each part is transmitted to the receiver through a different path. However, if the capacity of a node's quantum key pool is poorly designed, an attacker, Eve may eavesdrop on the communicating parties' secret message by initiating a redirection attack. In this paper, we show that Eve can trigger a cascading collapse effect by collapsing one of the edges in the network and forcing the communication parties to transmit the message through the nodes controlled by Eve. The influence of the traffic transfer ratio and the control parameters of the edge load on the breakdown probability of the edge are analyzed using a simulation. In order to effectively defend against the cascading attack, it is important for the designer to handle the relationship between the traffic and the capacity of the quantum key pool of each node in the network.

Mingjun Wang,Jian Li,Kaiping Xue,Ruidong Li,Nenghai Yu,Yangyang Li,Yifeng Liu,Qibin Sun,Jun Lu

DOI: https://doi.org/10.1109/mcom.010.2200672

IF: 9.03

2023-01-01

IEEE Communications Magazine

Abstract:As a promising application of quantum information technology, Quantum Key Distribution (QKD) can provide information-theoretically secure key exchange for adjacent communication parties. To achieve long-distance secure communication and scale expansion against inherent channel loss, trusted relays, which are assumed to be absolutely secure, are introduced into QKD networks. However, in practice, trusted relays may be compromised by attacks from ubiquitous eavesdroppers even protected by powerful hardware. Thus, how to ensure the security of end-to-end key distribution in partially-trusted relay QKD networks with the coexistence of trusted relays and untrusted relays becomes a challenging but urgent problem to be solved. To address this critical problem, in this article, we design a segment-based multipath key distribution method. The basic idea of the method is to maximize the security of the end-to-end key distribution through the segment-based multipath key distribution. Under the premise of security level requirements, we further propose a flexible key reconstruction scheme to improve the efficiency of key distribution and obtain available secret keys as many as possible. The extensive simulations are conducted and the results reveal that our method significantly outperforms the traditional multipath QKD method in terms of both security and efficiency.