QKD WIP
This commit is contained in:
jaseg
parent
cf7385f2f2
commit
e9de75411f
2 changed files with 1964 additions and 1971 deletions
|
|
@ -11,9 +11,24 @@
|
|||
natbib=true,
|
||||
url=false,
|
||||
doi=true,
|
||||
eprint=false
|
||||
eprint=false,
|
||||
]{biblatex}
|
||||
\addbibresource{../main.bib}
|
||||
\DeclareSourcemap{
|
||||
\maps[datatype=bibtex]{
|
||||
\map{
|
||||
\step[fieldsource=doi,final]
|
||||
\step[fieldset=isbn,null]
|
||||
\step[fieldset=issn,null]
|
||||
\step[fieldset=url,null]
|
||||
}
|
||||
\map{
|
||||
\step[fieldsource=isbn,final]
|
||||
\step[fieldset=issn,null]
|
||||
\step[fieldset=url,null]
|
||||
}
|
||||
}
|
||||
}
|
||||
\usepackage{amssymb,amsmath}
|
||||
\usepackage{listings}
|
||||
\usepackage{eurosym}
|
||||
|
|
@ -39,7 +54,7 @@
|
|||
\usetikzlibrary{positioning}
|
||||
\usetikzlibrary{shapes}
|
||||
|
||||
\usepackage[binary-units]{siunitx}
|
||||
\usepackage[binary-units,per-mode=fraction]{siunitx}
|
||||
\DeclareSIUnit{\baud}{Bd}
|
||||
\usepackage[hidelinks]{hyperref}
|
||||
\usepackage{tabularx}
|
||||
|
|
@ -189,13 +204,13 @@ person's encrypted digital communications.
|
|||
There has been ongoing work on quantum secure cryptographic algorithms, and standardization of several such algorithms
|
||||
is progressing. However, in the time frame of cryptosystems, these algorithms are still rather young and the recent
|
||||
discovery of a catastrophic key recovery attack against the Supersingular Isogeny Diffie-Hellman protocol
|
||||
(SIDH)\cite{hazay_efficient_2023} illustrates the risk in the use of immature cryptographic primitives. Thus,
|
||||
(SIDH)\cite{castryckEfficientKeyRecovery2023} illustrates the risk in the use of immature cryptographic primitives. Thus,
|
||||
recommendations on the concrete steps that should be taken today to mitigate Store-Now-Decrypt-Later attacks vary. For
|
||||
instance, Google's under its threat model as laid out in \textcite{schmieg_blog_2024} recommends a list of quantum
|
||||
secure counterparts to classically secure cryptographic algorithms, but recognizes the relative immaturity of these
|
||||
quantum secure algorithms and consequently recommends \emph{Hybrid Deployment}, where a young, quantum secure algorithm
|
||||
is paired with a mature classically secure algorithm such that \emph{both} algorithms would have to be broken to
|
||||
compromise the composite protocol's security. Given that quantum secure public key cryptography tends to have both a
|
||||
instance, Google's under its threat model as laid out in \textcite{schmiegGoogleThreatModel2024} recommends a list of
|
||||
quantum secure counterparts to classically secure cryptographic algorithms, but recognizes the relative immaturity of
|
||||
these quantum secure algorithms and consequently recommends \emph{Hybrid Deployment}, where a young, quantum secure
|
||||
algorithm is paired with a mature classically secure algorithm such that \emph{both} algorithms would have to be broken
|
||||
to compromise the composite protocol's security. Given that quantum secure public key cryptography tends to have both a
|
||||
much larger key and/or ciphertext size and worse performance compared to state-of-the-art Elliptic Curve-based key
|
||||
exchange or signature algorithms, pairing it with a classically secure alternative incurs only a negligible overhead in
|
||||
key storage, network communication and computation costs.
|
||||
|
|
@ -239,9 +254,9 @@ On the technical level, QKD must be distinguished from general Quantum Computing
|
|||
No-Cloning Theorem and sometimes quantum entanglement in their operation, the scope of their quantum operations is very
|
||||
limited. QKD systems always operate on photons, while general quantum computers use a variety of physical
|
||||
implementations for their qubits that include photons and squeezed light, but extend over atom nuclei, trapped ions,
|
||||
various aspects of currents in superconducters into phonons\cite{berrios_high_2012}.
|
||||
various aspects of currents in superconducters into phonons\cite{berriosHighFidelityQuantum2012}.
|
||||
|
||||
\subsubsection{Practical Challenges}
|
||||
\subsection{Practical Challenges}
|
||||
% FIXME I don't like this paragraph.
|
||||
The central challenge in general quantum computers is extending the lifetime of the quantum state encoding a qubit.
|
||||
Quantum states are extremely sensitive to disturbances, and despite the best efforts to shield their quantum states
|
||||
|
|
@ -265,11 +280,12 @@ can then later measure the captured photon to extract the same information that
|
|||
|
||||
The practical implication of this is that the optical brightness of a QKD system is directly proportional to the rate
|
||||
at which the system can prepare, and later measure the individual quantum states. With today's electronics, rates up to
|
||||
a few GHz are feasible. Alas, this brightness limit interacts poorly with the reality of optical communication,
|
||||
especially through fibers. Even modern, high-quality fiber-optic cables have attenuation in the order of 0.5 dB/km,
|
||||
which corresponds to roughly half of the signal being lost every 5 km. In classical optical networks, this can be
|
||||
compensated by increasing transmit power--i.e. packing more photons into each bit--or by optically amplifying the signal
|
||||
partway through the fiber. In QKD systems however, the signal cannot be amplified, and the system's bit rate
|
||||
a few \unit{\GHz} are feasible. Alas, this brightness limit interacts poorly with the reality of optical communication,
|
||||
especially through fibers. Even modern, high-quality fiber-optic cables have attenuation in the order of
|
||||
\qty{0.5}{\dB\per\km},
|
||||
which corresponds to roughly half of the signal being lost every \qty{5}{\km}. In classical optical networks, this can
|
||||
be compensated by increasing transmit power--i.e. packing more photons into each bit--or by optically amplifying the
|
||||
signal partway through the fiber. In QKD systems however, the signal cannot be amplified, and the system's bit rate
|
||||
exponentially decreases with distance due to absorption. Some QKD systems can reach ranges of several hundred kilometer,
|
||||
but the useable data rate (here called \emph{key rate}) of these systems usually is in the kilobits per second or worse.
|
||||
|
||||
|
|
@ -295,7 +311,8 @@ classical optical signals through a single fiber.
|
|||
|
||||
% FIXME CV-QKD
|
||||
|
||||
\subsubsection{Relaying}
|
||||
\subsection{Relaying}
|
||||
% FIXME (one?) term of the art seems to be "repeater"
|
||||
|
||||
The No-Cloning Theorem prevents us from using conventional optical amplifiers to extend the range of a single continuous
|
||||
QKD link. What remains as ways to extend the range of a QKD link are \emph{relaying} methods, where one QKD link is
|
||||
|
|
@ -325,6 +342,26 @@ at this point in time. Quantum Networks naturally follow from a relay-assisted Q
|
|||
topologies in classical wide-area networks (WANs), such multi-fanout relays, or \emph{routers} can be used to provide
|
||||
QKD services over complex network topologies.
|
||||
|
||||
There exists a large corpus of academic research on the theory of such large-scale QKD networks ranging from the
|
||||
technical implementation of management protocols to specialized QKD systems for QKD networks that improve on standard
|
||||
two-party QKD in areas such as complexity or performance. % FIXME lots of citations here
|
||||
In the past decades, a number of proof-of-concept QKD networks have been put into practice. None of these systems
|
||||
provide any practical utility yet, and their raison d'être lies in the political realm more than it arises out of
|
||||
technical necessity considering that any of today's city-scale demonstrations can easily be simulated more compactly in
|
||||
a lab using a few spools of fiber as a near-perfect stand-in for long-range fiber links.
|
||||
|
||||
Many of the technical challenges in the deployment of QKD networks coincide with similar technical challenges in
|
||||
classical packet-switched networks. An unique challenge to QKD networks is how their routing problem is different to the
|
||||
one in classical computer networks. In a classical network, each link has a known, fixed capacity. A router decides
|
||||
which packet to send through which link, and when the rate of incoming packets momentarily exceeds the capacity of the
|
||||
outgoing links, packets must either be dropped, or put into a growing queue. QKD networks are different in that
|
||||
information is not exchanged through the network, but instead the network \emph{generates} information in the form of
|
||||
secret key material. The measurement of individual pulses that underly key generation conform to a stochastic process,
|
||||
but amortized across the large time spans required for the subsequent selection and privacy amplification steps that
|
||||
converts these raw measurements into usable secret key bits, key generation rate is constant. Each node of a QKD network
|
||||
thus accumulates secret key bits for each of its links, storing them for later use. The routing problem in this scenario
|
||||
revolves around managing the levels of these key stores to avoid depletion.
|
||||
|
||||
\section{Securing QKD Networks with Inertial HSMs}
|
||||
|
||||
As we discussed above, when it comes down to practical, end-to-end security properties, Quantum Key Distribution
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue