Quantum Key Management

“…The objective, expressed in (13), is identical to that of the MForced formulation, as are constraints (14)- (16) and (19). The significant differences are encoded in constraints (17) and (18), which now ensure that there is sufficient key material entering or exiting the terminal nodes of each demand (without caring for which direction it is traveling in, or whether it is split among both), and in constraints (20) and (21), which perform a similar function to constraints (8) and (9) in MForced, by linearising the relation (25):…”

“…In the absence of quantum repeaters, we are currently limited to 'trusted' repeaters, i.e., nodes (of degree two) where one QKD instance is terminated and another initiated, with classical crypto-based security in the middle. Note that having to monitor a few sites instead of hundreds of kilometers of underground fibers is already a vast security improvement over the current situation, and the nodes themselves need not expose clear-text key material if they use OTPs to simply re-encrypt an arbitrary bit string (the key) with a local key that is the XOR of the link-local QKD keys produced by its two sides [8]. Since the key generation rate decays with distance, the next obvious question pertains to where to place how many repeaters on any particular link to achieve sufficient key generation at optimal, i.e., minimal cost.…”

Optimal Design of Practical Quantum Key Distribution Backbones for Securing CoreTransport Networks

“…The objective, expressed in (13), is identical to that of the MForced formulation, as are constraints (14)- (16) and (19). The significant differences are encoded in constraints (17) and (18), which now ensure that there is sufficient key material entering or exiting the terminal nodes of each demand (without caring for which direction it is traveling in, or whether it is split among both), and in constraints (20) and (21), which perform a similar function to constraints (8) and (9) in MForced, by linearising the relation (25):…”

“…In the absence of quantum repeaters, we are currently limited to 'trusted' repeaters, i.e., nodes (of degree two) where one QKD instance is terminated and another initiated, with classical crypto-based security in the middle. Note that having to monitor a few sites instead of hundreds of kilometers of underground fibers is already a vast security improvement over the current situation, and the nodes themselves need not expose clear-text key material if they use OTPs to simply re-encrypt an arbitrary bit string (the key) with a local key that is the XOR of the link-local QKD keys produced by its two sides [8]. Since the key generation rate decays with distance, the next obvious question pertains to where to place how many repeaters on any particular link to achieve sufficient key generation at optimal, i.e., minimal cost.…”

Optimal Design of Practical Quantum Key Distribution Backbones for Securing CoreTransport Networks

“…We consider BB84-style point-to-point QKD devices (already on the market); a daisy-chain of such devices is, in general, necessary to cross a long link (and multiple chains in parallel can be used to achieve greater key rates). Since devices process signals electronically, acting as trusted relays and storing intermediate keys securely as outlined in [6], a network of such QKD-secured links is by its nature opaque. As a consequence, QKD device placements in individual links can be independently optimized as shown in [7], balancing the cost of additional devices with the higher key rate of shorter QKD spans.…”

Optimization of Secure Quantum Key Distribution Backbones in Core Transport Networks

Quality of Service Signaling Protocols in Quantum Key Distribution Networks