Industry Specification Group (ISG) on Quantum Key Distribution for Users (QKD) Activity Report 2021

Chair: Martin Ward, Toshiba Europe

Developing specifications that will enhance the security and interoperability of quantum communication networks being deployed around the world.

There is a concern that today’s network communications that are encrypted using conventional public key cryptography may be decrypted in the future when more powerful processors or new methods of cryptanalysis are available.

Unlike conventional methods, quantum cryptographic protocols should be resilient to all advances in computing and mathematics. The inherent security of quantum cryptography stems from the way it uses properties that quantum states derive from the Laws of Nature, rather than assumptions about the difficulty of certain mathematical operations.

The first applications of quantum cryptography are likely to be those requiring long term secrecy, such as encryption of sensitive government or corporate data or the health records of individuals. Examples include secure communication of human genome sequences and inter-site data replication in the financial sector.

Quantum Key Distribution (QKD) enables keys to be shared securely over optical links, via the transfer of quantum states. The security of QKD protocols is based on quantum entanglement – or the impossibility of cloning/measuring the unknown quantum states transferred – rather than algorithmic complexity. Recently there has been remarkable progress in the deployment of quantum technologies in communication infrastructures, with several quantum key distribution (QKD) networks under construction around the world. The high level of current activity in quantum communications means that there is a pressing need to develop industrial standards for the technology.

ETSI’s Industry Specification Group (ISG) on QKD is leading activities to help fulfil this need by developing common interfaces and specifications for the quantum communications industry that will stimulate markets for components, systems and applications. The group’s work is fundamental to enabling the future interoperability of the quantum communication networks being deployed around the world. Just as importantly, it will ensure that quantum cryptography is implemented in a safe manner that mitigates the risk of side channels and active attacks.

To help enable the security certification of QKD systems within the Common Criteria framework, a Protection Profile has been developed for a pair of prepare and measure QKD modules. Due for publication in the first half of 2022, Group Specification GS QKD 016 will provide a basis for security evaluations, which will be supported by future specifications covering a range of security aspects.

Published in March 2021, Group Specification GS QKD 015 defines management interfaces to integrate QKD with disaggregated network control plane architectures, in particular with Software Defined Networks (SDN). The specification defines abstraction models and workflows between a SDN-enabled QKD node and the SDN controller, including resource discovery, capabilities dissemination and system configuration operations. It will be complemented by a further Group Specification – GS QKD 018 (due for publication in early 2022) that defines orchestration interfaces between SDN controllers and orchestrators of multi-domain QKD networks.

Work neared completion on revisions to two existing Group Specifications, also anticipating publication in early 2022. An update of GS QKD 005 (security proofs) focuses on security definition, device models, implementation security and relevant quantum key distribution protocols. Further updates to GS QKD 015 (QKD control interface for SDN) are also in preparation, aligning the specification with other group work currently in development.

During the year work has progressed on six new Group Specifications:

  • GS QKD 010 addresses the design, construction, characterisation and operation of QKD systems that are intended to protect against Trojan horse attacks.
  • GS QKD 013 defines procedures for characterising specific properties of complete QKD transmitter modules.
  • GS QKD 016 describes a common criteria Protection Profile for complete QKD systems, involving point-to-point devices from the physical implementation up to the output of final secret keys.
  • GS QKD 018 provides a definition of orchestration interfaces between SDN orchestrator(s) and SDN controller(s) of QKD networks.
  • GS QKD 020 specifies an interface to meet the most urgent interoperability requirements between key management systems in QKD networks.

Meanwhile work was launched on two new Group Reports: one reviewing the variety of architectures that have been proposed for QKD networking, and another addressing the important role that authentication plays in QKD protocols and exploring the design of classical interfaces for QKD systems that include appropriate authentication measures.

Updates also progressed to existing Group Report GR QKD 007 on QKD vocabulary and definitions.

See the full list of current ISG QKD Work Items here.

The membership of ISG QKD comprises large companies, telecom operators, SMEs, NMIs, government labs and Universities, and includes representatives from North America, Asia and Europe. In 2021 the group further increased its list of members and participants to include 40 Members, 9 Participants and 1 Counsellor.