Andrew Shields (Toshiba Research Europe Ltd)

Industry Specification Group in Quantum Key Distribution

ETSI’S ROLE IN THE DEPLOYMENT OF QUANTUM KEY DISTRIBUTION

optical fibre

Quantum Communications-each bit encoded on a single photon

Quantum Key Distribution

Detect unauthorised tapping of optical fibre networks

Distribute verifiably-secret digital keys

Secrecy can be tested directly!!-quantum theory dictates that eavesdropping unavoidably alters encoding of single photons

Quantum Key Distribution – Use Cases

Link Encryptiondata centre back-up centre

Healthcare NetworksNational Security

Quantum Key Distribution

Mobile devices

Critical InfrastructureFinancial Sector

National Security

Large-scale Quantum Computer would have devastating effect on e-commerce, e-government, critical infrastructure security, individual privacy etc

Shor’s algorithm will break security of current Public Key Crypto (based on integer factorisation problem)

Long Term Perspective

– “Quantum-Safe” Cryptography

New crypto systems take long time to deploy, so need to plan now.

integer factorisation problem)

Quantum Crypto based on Laws of Naturenot threatened by quantum computer

… or any conventional computer

Courtesy of D-Wave Systems Inc.

Research on new PK methods with resilience to Shor’s algorithm

Address different applicationsBOTH are important

Two Solutions for Quantum-Safe Crypto

Nearer Term: Physical Layer Quantum Encryption

Commercial 10G DWDM transmission multiple 10 Gb/s data channelswire speed data encryption using AES

Using installed fibre in BT network

26 km, 10dB loss

Choi et al, Optics Exp 22, 23121 (2014)

40 Gb/s data

40 Gb/s data

4x10G DWDM encrypted (1529.55, 1530.33, 1531.12, 1531.9 nm)

QKD (1548.52 nm)

field fibre

Data bandwidths over 1 Tb/s possible in the future

Recent Advances in QKD Technology

Remarkable technological advances in recent years

Secure key rates

• Increased from kb/s to multiple Mb/s

• Single link range increased to > 300 km

1Mb/s

2Mb/s

Increase of secure bit rate

Security

• Rigorous security proofs developed

• Failure probability now quantified

• Implementation security is better understood

Quantum Networks

• Integration in core, metro, access, mobile now demonstrated

• No longer necessary to use expensive dedicated dark fibre

2008 2010 2012 2014

0b/s

1Mb/s

UK Quantum Technologies Programme (2014-9)

£270M investment (Dec 2013) in Quantum Technologies

Tokyo QKD Network 2011-6

Metro QKD network (Toshiba, Mitsubishi, NEC, NTT, & others)

led by NICT

Global QKD Network Installations

Calgary Waterloo

SECOQC

Pilot deployments are taking place

- it is meaningful to define requirements and standards now

Batelle 2013-6

650 km link from Ohio to Washington

Beijing-Shanghai

2000 km link ($100M) from Beijing to Shanghai, ~50 node networks in Jinan and Hefei

Durban

Madrid Geneva

SECOQC ConsortiumBoston

CQC2T

Paris

Interoperability of systems from different manufacturers

Integration into ordinary telecom networks

Stimulate application development on common interfaces

Industrial Standards

Industrial Standards are essential for …

Stimulate application development on common interfaces

Stimulate a component supply chain for Quantum Technologies

Security assurance

• Ensure that QKD is implemented securely

ETSI Industry Specification Group in QKD

ISG-QKD established in 2008

Published Group Standardisation Documents on QKD Use

Cases, Application Interfaces, Security Proofs, QKD Module

specification, Ontology, Components and Internal Interfaces

Membership comprises large industry, telecom operators, Membership comprises large industry, telecom operators,

SMEs, NMIs, government labs, universities

New members are welcome

Current Work Items of ETSI ISG

Deployment parameters• User requirements for implementing QKD

• Combining classical and quantum channels on a common optical fibre

Quantum component specification• Parameters and test procedures for quantum components• Parameters and test procedures for quantum components

• Impact on system security

• see talk by Chris Chunnilall

Implementation security• Ensure that implementations are secure and robust against attack

Implementation Security

Objective: Investigate and close security loopholes of real QKD systems

Motivation Approach

Deviations between ideal and real system

could be exploited by Eve through either

active or passive attacks

Study and quantify known attacks

Introduce appropriate countermeasures

Modify the QKD protocol if necessary

encoded single

optical fibre

encoded single

photons

Exploits difference

between theory

and practical

implementation

Eve

Security by Measurement

Secure key rate after privacy amplification (ideal system) …

Info leakage Finite key For given ε = prob of key failureTypically ε = 10-10

Modified secure key rate (real system) …

etc

Info leakage due to error correction

Finite key size effect

Info leakage due to imperfection 1

Info leakage due to imperfection 2

Typically ε = 10-10

(< 1 “bad” key per 30000 years)

Trojan Horse Attack

Eve injects bright light (µin) and measures back-reflection (µout) to

determine Alice’s or Bob’s phase modulator settings

DFB laser

Pulsed 1GHzα β 0

Alice

Eve

Bob1

Recent experimental studies (reported at QCrypt, Paris, Sept 14)

CV QKD : Khan et al, Erlangen, Paris Telecom Tech & SecureNet

“two-way” QKD : Sajeed et al, IQC & IdQuantique

“one-way” QKD : considered here

Trojan Horse Attack

Eve injects bright light (µin) and measures back-reflection (µout) to

determine Alice’s or Bob’s phase modulator settings

DFB laser

Pulsed 1GHzα β 0

Alice

Eve

Bob1

Upper bound µin using fibre laser damage threshold* I < 107 J/cm2.

Require µout<10-4 (can be mitigated by <1% privacy amplification)

optical isolation > 150 dB

Consider extreme case…

(*) R M Wood, Laser-induced damage of optical materials, Taylor & Francis (2003).

150dB Isolation provided by spectral filtering and optical isolator(s)

Filter Isolator

Shutting out the Trojan Horse

Reflectivity Attenuation Isolation Total

Alice 40dB 2x25dB 60dB 150dB

Bob 40dB 0 110dB 150dB

Extinction > 80dBm (limited by

dynamic range of measurement)

Trojan horse attacks blocked both at Alice & Bob using passive components

Insertion loss < 1dB

Isolation > 60dB at quantum λ

Summary

Several large QKD network deployments underway worldwide

Standards are essential … for future interoperability

To assure customers that technology implemented securelyTo assure customers that technology implemented securely

And to stimulate markets for components, systems and

applications

Contact: andrew.shields@crl.toshiba.co.uk

Thank you!