Quantum Key Distribution in the GÉANT network Guy Roberts Linz 31 May 2017

The Challenge The security in current encryption algorithms typically relies on hard mathematical problems: the integer factorization problem, the discrete logarithm problem or the elliptic-curve discrete logarithm problem. These hard math problems are expected to be overcome once quantum computers become available. Network providers need to start thinking now about ways building quantum-proof encryption. Quantum Key Distribution (QKD) is one solution

Page title Page text

Can GÉANT deliver on the Quantum Manifesto goal? The Challenge: Can GÉANT deliver this Quantum Manifesto goal? How far have can we go based on the current generation of technology? What still needs to be do be done? Action plan: Lab testing has been carried out with Toshiba on the GÉANT transmission equipment to understand what we can do with the current generation equipment Find applications for current generation technology Plan for the future

Types of QKD Single photon QKD In quantum mechanics, the principle of quantum indeterminacy means that measuring an unknown quantum state changes that state in some way. Indeterminacy is used to detect any eavesdropping on single photon based information. Entanglement based QKD Entanglement occurs when the quantum states of two objects become linked together in such a way that they must be described by a combined quantum state. Entanglement means that, performing a measurement on one object affects the other. If an entangled pair of objects is shared between two parties, anyone intercepting either object alters the overall system, revealing the presence of the third party (and the amount of information they have gained).

Implementing QKD Data Data for transmission is encrypted using one-time pad method. This allows a large volume of data to be sent with one short key that can be refreshed rapidly. Keys are distributed between Alice and Bob using a quantum channel. A quantum key protocol such as BB84 is used for key transmission. AES256 AES256 QKD Alice BB84 QKD Bob

Key exchange protocol: BB84 BB84 is a quantum cryptography protocol that is ‘provably’ secure Relies on the quantum property that information gain is only possible at the expense of disturbing the signal (single photon method). However, in QKD protocols, such as BB84, a single photon source is assumed to be used by the sender, Alice. In reality, a perfect single photon source will slow down key distribution over high-loss links. Need to increase key rate – solution: Decoy State.

Decoy state for BB84 Real-world QKD optical sources are multi-photon. A potential security loophole exists when Alice uses multi-photon states. To minimize the effects of multi-photon states, Alice would have to use a low-power source, which results in a relatively low speed of QKD. To solve this, ‘Decoy State’ QKD varies the photon intensity. States are transmitted by Alice using randomly chosen intensity levels (one signal state and several decoy states), resulting in varying photon number statistics throughout the channel. The resulting key transmission rate is higher, but the risk of attack remains very low <10-10

Toshiba Quantum Encryption System Proprietary Technology: Active status tracking for stable operation Self-differencing semiconductor detectors – room-temperature operation for improved reliability and reduced power consumption BB84 protocol with decoy states - failure probability < 10-10 Toshiba Quantum Encryption System Prototype Key exchange protocol Efficient BB84 protocol with decoy states – superior one-way quantum key exchange – stable encoding onto phase of <50ps optical pulses Transmission speed and distance Secure key rate over 1 Mb/s for 10 dB loss Max supported transmission loss > 20dB (equivalent to 100km of fibre) Photon Detection technology Proprietary self-differencing InGaAs detectors – room temperature operation for improved reliability and power saving Multiplexing compatibility Coarse wavelength-division multiplexing (CWDM) / dense wavelength-division multiplexing (DWDM) Security parameter Key failure probability < 10-10, corresponding to less than once in 30.000 years – protection against Trojan horse attacks – protection against blinding attacks Interfaces Single fibre channel – dual fibre channel for highest transmission speed Dimensions Standard 19’’ rack mount, 3U height Features: World’s leading 1Mbit/s secure key rate Quantum Key Distribution (QKD) Highest level of verifiable security with theoretically rigorous proof Operation over normal fibre networks

Quantum Key distribution technology

Add/drop of quantum channel into Infinera Infinera DTN-X: 500Gbps super- channel with 10 waves on photonic Integrated Circuit (PIC) QKD operates at 1GHz with quantum channel at 1550nm Multiplexed QKD and DTN-X traffic in the forward direction

Combing Toshiba QKD with Infinera DTN-X Optical spectrum shows the Infinera OCG data channels and amplified spontaneous emission (ASE) from DTN-X dominates quantum signal Designed filtering system to remove ASE at quantum wavelength Filtering also removes effect of Raman scattering in the fibre Mux also used to insert quantum channel

In the Lab QKD Mux testing in GÉANT lab in May James Dynes Toshiba researcher adjusts quantum mux

Multiplexing Results – Infinera DTN-X Pre FEC Bit Error Rate (BER) depends on receiver power. Obtain minimum receiver power of just over -30dBm for both 50km and 100km More sensitive receiver card would give a further 4dB improvement

Multiplexing Results – Infinera DTN-X Used minimum receiver power to model QKD secure bit rate. Obtain > 1Mbps @ 50km of fibre. With a narrow 15GHz filter in the quantum channel, reach > 90km. More sensitive receiver card further extends QKD reach > 100km note: multiple OCGs will reduce reach

Limitations and next steps We have demonstrated distribution Quantum keys over 100km of with Infinera Excellent key transmission rate of >1Mbps at 50km Currently technology will not work over optical amplifiers, so limited to single optical spans. Trusted nodes are needed to create new keys for each span In the future QKD-friendly amplifiers need to be developed to allow QKD channel to bypass amplifiers.

guy.roberts@geant.org