Industry Specification Group (ISG) on Quantum Key Distribution for Users (QKD) Activity Report 2022

Chair: Martin Ward, Toshiba Europe

Developing specifications that will enhance the security and interoperability of quantum communication networks being deployed around the world.

There is a concern that today’s network communications that are encrypted using conventional public key cryptography may be decrypted in the future, when more powerful processors or new methods of cryptanalysis are available.

Unlike conventional methods, quantum cryptographic protocols should be resilient to all advances in computing and mathematics. The inherent security of quantum cryptography stems from the way it uses properties that quantum states derive from the Laws of Nature, rather than assumptions about the difficulty of certain mathematical operations.

The first applications of quantum cryptography are likely to be those requiring long term secrecy, such as encryption of sensitive government or corporate data or the health records of individuals. Examples include secure communication of human genome sequences and inter-site data replication in the financial sector.

Quantum Key Distribution (QKD) enables keys to be shared securely over optical links, via the transfer of quantum states. The security of QKD protocols is based on quantum entanglement – or the impossibility of cloning/measuring the unknown quantum states transferred – rather than algorithmic complexity. Recently there has been remarkable progress in the deployment of quantum technologies in communication infrastructures, with several quantum key distribution (QKD) networks under construction around the world. The high level of current activity in quantum communications means that there is a pressing need to develop industrial standards for the technology.

ETSI’s Industry Specification Group (ISG) on QKD is leading activities to help fulfil this need by developing common interfaces and specifications for the quantum communications industry that will stimulate markets for components, systems and applications. The group’s work is fundamental to enabling the future interoperability of the quantum communication networks being deployed around the world. Just as importantly, it will ensure that quantum cryptography is implemented in a safe manner that mitigates the risk of side channels and active attacks.

Published in April 2022, GS QKD 018 is a new Group Specification that provides a definition of orchestration interfaces between SDN Orchestrator(s) and SDN Controller(s) of QKD networks. This specification covers abstraction models and workflows including resource management, system configuration management, performance management, alarm, service provisioning and management of multi-domain QKD networks.

In April the group also issued a revision to its existing Group Specification GS QKD 015 that presents a control interface for Software Defined Networks. This minor update aligns the specification with other group work currently in development.

To help enable the security certification of QKD systems within the Common Criteria framework, a Protection Profile has been developed for a pair of prepare and measure QKD modules. During the year work was finalised on a new Group Specification (GS QKD 016) that describes a common criteria Protection Profile for complete QKD systems, involving point-to-point devices from the physical implementation up to the output of final secret keys.

Work also neared completion on revisions to GS QKD 005 (security proofs), focusing on security definition, device models, implementation security and relevant quantum key distribution protocols.

Meanwhile progress was made on a number of further new Group Specifications:

  • GS QKD 010 addresses the design, construction, characterisation and operation of QKD systems that are intended to protect against Trojan horse attacks.
  • GS QKD 013 defines procedures for characterising specific properties of complete QKD transmitter modules.
  • GS QKD 020 specifies a REST-based Interoperable Key Management System API that allows key management systems to interoperate to pass keys horizontally between two systems located in a common trusted node. The API will enable QKD networks to serve applications that request shared secret keys from key management systems that are not linked by a contiguous chain of systems from the same vendor.

Meanwhile work continued on two new Group Reports: one (GR QKD 017) reviews the variety of architectures that have been proposed for QKD networking, while another (GR QKD 019) addresses the role that authentication plays in QKD protocols and exploring the design of classical interfaces for QKD systems that include appropriate authentication measures.

Updates also progressed to existing Group Report GR QKD 007 on QKD vocabulary and definitions.

The membership of ISG QKD comprises large companies, telecom operators, SMEs, NMIs, government labs and Universities, and includes representatives from North America, Asia and Europe. In 2022 the group further increased its list of members and participants that now includes 42 Members, 12 Participants and 1 Counsellor.