Presentation is loading. Please wait.

Presentation is loading. Please wait.

Welcome1 “A next generation 0.1-Terabit encryption device that can be seamlessly embedded in network infrastructures to provide quantum enabled security.”

Published byNyla Mabry Modified over 9 years ago

Similar presentations

Presentation on theme: "Welcome1 “A next generation 0.1-Terabit encryption device that can be seamlessly embedded in network infrastructures to provide quantum enabled security.”"— Presentation transcript:

1 Welcome1 “A next generation 0.1-Terabit encryption device that can be seamlessly embedded in network infrastructures to provide quantum enabled security.” QCRYPT Fast coherent-one way quantum key distribution and high-speed encryption Nino Walenta University of Geneva, GAP-Optique Zurich, 13.09.2011

2 Outline2 QCRYPT Fast coherent-one way quantum key distribution and high-speed encryption 1.Introduction 2.The QKD engine 3.The hardware key distillation engine 4.The 100 Gbit/s encryption engine 5.Outlook

3 Interdisciplinary competences3 Nino Walenta, Charles Lim Ci Wen, Raphael Houlmann, Olivier Guinnard, Hugo Zbinden, Rob Thew, Nicolas Gisin Etienne Messerli, Pascal Junod, Gregory Trolliet, Fabien Vannel, Olivier Auberson, Yann Thoma Norbert Felber, Christoph Keller, Christoph Roth, Andy Burg Patrick Trinkler, Laurent Monat, Samuel Robyr, Lucas Beguin, Matthieu Legré, Grégoire Ribordy

4 QCrypt Specifications4  625 Mbit/s clocked QKD  1.25 GHz Rapid gated single photon detectors  Hardware key distillation  1 Mbit/s One-Time-Pad encryption  1-fibre DWDM configuration  Continuous and reliable operation  10 Ethernet channels at 10 Gbit/s  100 Gbit/s AES encryption engine  100 Gbit/s data channel over a single fiber  Tamper proof  Certification

5 Coherent One-Way quantum key distribution5 1.Preparation: Alice encodes information into two time-ordered coherent states 2.Measurement: 3.“Sifting”: 4.Post-processing: 5.Authentication:

6 Coherent One-Way quantum key distribution6 1.Preparation: Alice encodes information into two time-ordered coherent states 2.Measurement: Bob measures pulse arrival time (bit value) and coherence between bits (eavesdropper’s potential information about key). 3.“Sifting”: Bob tells Alice publicly, when and in which detector he measured (bit measurement or coherence measurement), incompatible measurements are discarded. 4.Post-processing: 5.Authentication:

7 Coherent One-Way quantum key distribution7 1.Preparation: Alice encodes information into two time-ordered coherent states 2.Measurement: Bob measures pulse arrival time (bit value) and coherence between bits (eavesdropper’s potential information about key). 3.“Sifting”: Bob tells Alice publicly, when and in which detector he measured (bit measurement or coherence measurement), incompatible measurements are discarded. 4.Post-processing: 5.Authentication: tBtB

8 Coherent One-Way quantum key distribution8 1.Preparation: Alice encodes information into two time-ordered coherent states 2.Measurement: Bob measures pulse arrival time (bit value) and coherence between bits (eavesdropper’s potential information about key). 3.“Sifting”: Bob tells Alice publicly, when and in which detector he measured (bit measurement or coherence measurement), incompatible measurements are discarded. 4.Post-processing: Eliminate quantum bit errors and reduce eavesdropper’s potential information about the key. 5.Authentication: QBER Visibility

9 Coherent One-Way quantum key distribution9 1.Preparation: Alice encodes information into two time-ordered coherent states 2.Measurement: Bob measures pulse arrival time (bit value) and coherence between bits (eavesdropper’s potential information about key). 3.“Sifting”: Bob tells Alice publicly, when and in which detector he measured (bit measurement or coherence measurement), incompatible measurements are discarded. 4.Post-processing: Eliminate quantum bit errors and reduce eavesdropper’s potential information about the key. 5.Authentication: Assure that public communication is authentic. Secret key costs!

10 Coherent One-Way quantum key distribution10 C. Ci Wen Lim, N. Walenta, H. Zbinden. A quantum key distribution protocol that is highly robust against unambiguous state discrimination attacks. Submission in process..  No decoy states  One-way sifting  One basis - no sifting losses  More robust against USD attacks  No active elements at Bob  Robust bit measurement basis  Robust against PNS  Security proof for zero error attacks and some collective attacks Advantages of modification H. Zbinden, N. Walenta, C. Ci Wen Lim. US-Patent Nr. 13/182311.

11 Security against zero-error attacks11 C. Ci Wen Lim, N. Walenta, H. Zbinden. A new Coherent One-Way protocol that is highly immune against unambiguous state discrimination attacks. M. Mafu, A. Marais, F. Petruccione. Towards the security of coherent-one-way quantum key distribution protocol. Poster session 16:00 - 18:00 Distance [km] Secret key fraction

12 DWDM Dense wavelength division multiplexing12 Multiplexing classical channels (> -28 dBm) along with quantum channel (< -71 dBm) on 100 GHz DWDM grid Channel crosstalk  „Off-band noise“ due to finite channel isolation of the multiplexers  Reduced below detector dark counts by MUX channel isolation (-82 dB) Raman scatter  Scattering off optical phonons, in forward and backward direction  Dominating for fibre lengths > 10 km

13 DWDM impairment sources13 Channel crosstalk  „Off-band noise“ due to finite channel isolation of the multiplexers  Reduced below detector dark counts by MUX channel isolation (-82 dB) Raman scatter  Scattering off optical phonons, in forward and backward direction  Dominating for fibre lengths > 10 km P. Eraerds, N. Walenta et al. Quantum key distribution and 1 Gbps data encryption over a single fibre. NJP 12, 063027 (2010).

14 QKD performance estimates14 2-fibre configuration 1-fibre DWDM configuration

15 Fast pulse pattern modulation15 250 ps  t fwhm 130 ps Pulse amplitude modulation  Off-the-shelf components  High extinction ratio  QBER IM < 0.2 %  High visibiliy  625 MHz Pulse pattern repetition frequency V > 0.995

16 Rapid gated single photon detectors16 130 ps

17 QKD performance estimates17 Rapid gated single photon detectors  Low dead time 8 ns  Low afterpulse probability< 1%  High detection rates > 33 MHz  Peltier cooled InGaAs diode  Compact design 100 km 50 km 0 km

18 Hardware key distillation engine18 SiftingBit permutationError estimationError correctionPrivacy amplificationError verification Authentication Random sampling for QBER LDPC forward error correction Toeplitz hashing CRC check Polynomial hashing Ommited Timing and base information Hardware limits on maximal key length MemoryThroughput Key size

19 Sifting channel19 D3D2D1 001Data detection 010IF detection at t 1 011IF detection at t 2 100Bit 0 for QBER estimation 101Bit 1 for QBER estimation 111Include next block Indicator bitsTiming bits, relative to last detection High detection rate Low detection rate

20 LDPC Information reconciliation20 Ensure integrity of secret keys with minimum redundancy through forward error correction and privacy amplification Theoretically capacity-approaching - practically ressource limited efficiency Reverse reconciliation FPGA implementation Syndrome of length Low-density parity-check codes C. Roth, P. Meinerzhagen, C. Studer, A. Burg. "A 15.8 pJ/bit/iter quasi-cyclic LDPC decoder for IEEE 802.11n in 90 nm CMOS," Solid State Circuits Conference (A-SSCC), 2010 IEEE Asian, (2010)

21 Privacy amplification21 Toeplitz hashing Alice and Bob have to agree on a randomly selected Toeplitz matrix k + n sift -1 bits of communication Seed of length H. Krawczyk. LFSR-based hashing and authentication. Lecture Notes in Computer Science 839 (1994) C.Branciard et al. Upper bounds for the security of two distributed-phase reference protocols of quantum cryptography. NJP 10, 013031 (2008).

22 tag length Security parameter Information theoretic authentication22 D.R. Stinson. Universal hashing and authentication codes. Advances in Cryptology ‘91. Secret bits D.R. Stinson. Universal hashing and authentication codes. Designs, Codes and Cryptography, 4 (1994).

23 Information theoretic authentication23 Polynomial hashing  Construct an almost universal family of hash functions and apply a strongly universal hash function at the end. D.R. Stinson. Universal hashing and authentication codes. Designs, Codes and Cryptography, 4 (1994). tag length Security parameter Secret bits

24 100 Gbit/s Encryption engine24 FPGA design and 100 Gbps Interface  User side:10 x 10 Gbit/s Ethernet channels through 10 SPF+ optical modules  Client side:1 x 100 Gbit/s channel over a single fibre using WDM optical module feeds with 10 x 10 Gbit/s high-speed serial links  All synchronization and channels splitting made in the FPGA 10 x 10 Gbit/s Users interfaces1 x 100 Gbit/s Client interface

25 Cyphertext Plaintext Key Authentication tag Authenticated data and cyphertext 100 Gbit/s AES-GCM encryption25 Basic AES: 1 – 2 Gbit/s  20 x pipelining: requires feedback-free Encryption mode  4 x parallelization: data-independent partitioning  Counter mode Basic Authentication: 4 – 8 Gbit/s  4 x pipelining  4 x parallelization  4 Galois field multipliers (x 128 +x 7 +x 2 +x+1) Two engines for En- and Decryption

26 100 Gbit/s Fast encryption board26 100 Gbit/s Fast Encryption Board  PCB:24 layers, 52 high-speed serial links,10 power supplies  Communication links:22x High-speed serial 6.5 Gbit/s 8x SFP+; 2x XFP 10 Gbit/s 1x CXP; 1x CFP 100 Gbit/s  FPGA main power supply:0.95 V, 40 A

27 Outlook27 Real network compatibility and integration Side channel analysis Tamper detection Resistance against detector blinding attack Certification Afterpulsing reconcillation

28 Questions, please! 28 Thank you for your attention! Real network compatibility and integration Side channel analysis Tamper detection Resistance against detector blinding attack Certification Afterpulsing reconcillation

Download ppt "Welcome1 “A next generation 0.1-Terabit encryption device that can be seamlessly embedded in network infrastructures to provide quantum enabled security.”"

Similar presentations

Quantum Cryptography Post Tenebras Lux!

Quantum Cryptography Post Tenebras Lux!
Transmission Security via Fast Time-Frequency Hopping PI: Eli Yablanovich Co-PIs: Rick Wesel Ingrid Verbauwhede Ming Wu Bahram Jalali UCLA Electrical.

Transmission Security via Fast Time-Frequency Hopping PI: Eli Yablanovich Co-PIs: Rick Wesel Ingrid Verbauwhede Ming Wu Bahram Jalali UCLA Electrical.
Data and Computer Communications Tenth Edition by William Stallings Data and Computer Communications, Tenth Edition by William Stallings, (c) Pearson Education.

Data and Computer Communications Tenth Edition by William Stallings Data and Computer Communications, Tenth Edition by William Stallings, (c) Pearson Education.
Implementation of Practically Secure Quantum Bit Commitment Protocol Ariel Danan School of Physics Tel Aviv University September 2008.

Implementation of Practically Secure Quantum Bit Commitment Protocol Ariel Danan School of Physics Tel Aviv University September 2008.
Experimental demonstration of the coexistence of continuous-variable quantum key distribution with an intense DWDM classical channel Rupesh Kumar Joint.

Experimental demonstration of the coexistence of continuous-variable quantum key distribution with an intense DWDM classical channel Rupesh Kumar Joint.
CIS 5371 Cryptography 3b. Pseudorandomness.

CIS 5371 Cryptography 3b. Pseudorandomness.
Trojan-horse attacks on practical continuous-variable quantum key distribution systems Imran Khan, Nitin Jain, Birgit Stiller, Paul Jouguet, Sébastien.

Trojan-horse attacks on practical continuous-variable quantum key distribution systems Imran Khan, Nitin Jain, Birgit Stiller, Paul Jouguet, Sébastien.
QUANTUM CRYPTOGRAPHY ABHINAV GUPTA CSc 8230. Introduction [1,2]  Quantum cryptography is an emerging technology in which two parties can secure network.

QUANTUM CRYPTOGRAPHY ABHINAV GUPTA CSc Introduction [1,2]  Quantum cryptography is an emerging technology in which two parties can secure network.
Economic Stimulus : Valorization of Single Photon Detectors and Quantum Key Distribution Systems Hugo Zbinden Group of Applied Physics (GAP), UNIGE NCCR.

Economic Stimulus : Valorization of Single Photon Detectors and Quantum Key Distribution Systems Hugo Zbinden Group of Applied Physics (GAP), UNIGE NCCR.
1 Improving Chromatic Dispersion Tolerance in Long-Haul Fibre Links using Coherent OOFDM M. A. Jarajreh, Z. Ghassemlooy, and W. P. Ng Optical Communications.

1 Improving Chromatic Dispersion Tolerance in Long-Haul Fibre Links using Coherent OOFDM M. A. Jarajreh, Z. Ghassemlooy, and W. P. Ng Optical Communications.
Quantum Key Distribution Yet another method of generating a key.

Quantum Key Distribution Yet another method of generating a key.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
Quantum Cryptography Marshall Roth March 9, 2007.

Quantum Cryptography Marshall Roth March 9, 2007.
Toyohiro Tsurumaru (Mitsubishi Electric Corporation) Masahito Hayashi (Graduate School of Information Sciences, Tohoku University / CQT National University.

Toyohiro Tsurumaru (Mitsubishi Electric Corporation) Masahito Hayashi (Graduate School of Information Sciences, Tohoku University / CQT National University.
Distance-decreasing attack in GPS Final Presentation Horacio Arze Prof. Jean-Pierre Hubaux Assistant: Marcin Poturalski January 2009 Security and Cooperation.

Distance-decreasing attack in GPS Final Presentation Horacio Arze Prof. Jean-Pierre Hubaux Assistant: Marcin Poturalski January 2009 Security and Cooperation.
BB84 Quantum Key Distribution 1.Alice chooses (4+  )n random bitstrings a and b, 2.Alice encodes each bit a i as {|0>,|1>} if b i =0 and as {|+>,|->}

BB84 Quantum Key Distribution 1.Alice chooses (4+  )n random bitstrings a and b, 2.Alice encodes each bit a i as {|0>,|1>} if b i =0 and as {|+>,|->}
Quantum Cryptography Prafulla Basavaraja CS 265 – Spring 2005.

Quantum Cryptography Prafulla Basavaraja CS 265 – Spring 2005.
Lo-Chau Quantum Key Distribution 1.Alice creates 2n EPR pairs in state each in state |  00 >, and picks a random 2n bitstring b, 2.Alice randomly selects.

Lo-Chau Quantum Key Distribution 1.Alice creates 2n EPR pairs in state each in state |  00 >, and picks a random 2n bitstring b, 2.Alice randomly selects.
Quantum Cryptography December, 3 rd 2007 Philippe LABOUCHERE Annika BEHRENS.

Quantum Cryptography December, 3 rd 2007 Philippe LABOUCHERE Annika BEHRENS.
EECS 598 Fall ’01 Quantum Cryptography Presentation By George Mathew.

EECS 598 Fall ’01 Quantum Cryptography Presentation By George Mathew.

Similar presentations

Ads by Google