In the future, our society and our lives will become even more reliant on networks, so it will be vital that information is transmitted quickly and safely. However, the rise of quantum computers, with their overwhelming computational capabilities, will pose a threat to the security of cryptographic communications. Hopes are high for quantum key distribution as a method of secure encrypted communication. According to information theory, quantum key distribution, which uses the principles of quantum mechanics, is an unbreakable form of encryption. Toshiba is leading the world in developing unique technologies for accelerating and stabilizing quantum key distribution.

In this running feature, we'll explain this technology over the course of several articles.

In part 3, we'll learn about quantum key distribution networks, which are essential technologies for the real-world deployment of quantum cryptographic communication. We'll also look at the standardization of these networks.

As we explained in part 1, quantum cryptographic communication is cryptographic communication using keys shared through quantum key distribution. Quantum key distribution devices (transmitters or receivers), connected by optic fibers, are installed in two sites where quantum cryptographic communication will be used, and keys are shared using these devices. Quantum key distribution systems are created, centered on these pairs of quantum key distribution devices.

The problem is that the sites that wish to engage in quantum cryptographic communication must be directly connected by a quantum key distribution system.
Widespread real-world deployment of quantum cryptographic communications would require the installation of a prodigious number of quantum key distribution systems directly connecting every site. This is simply not practical. Furthermore, the greater the distance between sites, the lower the speed with which quantum keys can be delivered, and the less stable that transmission becomes. In part 2, we discussed technologies for accelerating and stabilizing transmission. However, if the distance between sites is so great that it exceeds the capabilities of these technologies, practical implementation of quantum key distribution becomes difficult.

One technology that can be used to address this problem is quantum key distribution network technology. Toshiba has focused on quantum key distribution networks, seeing them as vital to the real-world deployment of quantum cryptographic communication, and has been at the forefront of their development and standardization.

The fundamental concept of quantum key distribution networks is the mutual connection and networking of multiple quantum key distribution systems (shown in the "Quantum Layer" in Figure 1). The storage and management of keys generated with quantum key distribution systems are done by key managers, which are installed in each site. These key managers are also interconnected in a network (shown in the "Key Management Layer" in Figure 1). This design makes it possible for two sites that are not directly connected by a quantum key distribution system, like sites X and Z in the figure, to share keys via other sites, such as site Y, controlled by coordinated key managers.

Furthermore, quantum key distribution networks provide keys when requested by applications that use quantum cryptographic communication. The key managers are also responsible for providing keys to applications (shown in "Key supply" in Figure 1).

The sharing of keys between sites that are not directly connected by a quantum key distribution system by relaying them through other sites is called a "key relay."

Let's look at how keys are relayed using the three sites of X, Y, and Z in Figure 1. Sites X and Y are directly connected by a quantum key distribution system, as are sites Y and Z, so these connected sites can share keys using quantum key distribution. However, sites X and Z are not directly connected by quantum key distribution systems, so they cannot share keys directly. Sharing is therefore performed using the following procedure (Figure 2).

① Site X generates a key, K_XZ, to be shared by sites X and Z.

② Quantum cryptographic communication is used between sites X and Y to send key K_XZ from site X to site Y. This means that site X uses key K_XY, shared between sites X and Y using quantum key distribution, to encrypt key K_XZ, and the encrypted text, K_XY⊕K_XZ, is sent to site Y.

③ Site Y uses key K_XY to decrypt the encrypted text, K_XY⊕K_XZ, and acquires key K_XZ.

④ Quantum cryptographic communication is used between sites Y and Z to send key K_XZ from site Y to site Z.

⑤ Site Z decrypts the encrypted text, K_YZ⊕K_XZ, and acquires key K_XZ.

Transmission ②, between sites X and Y, and transmission ④, between sites Y and Z, are performed using quantum cryptographic communication, ensuring that key K_XZ is safe from eavesdropping. Key K_XZ is handled in unencrypted form within sites, such as in site Y during step ③, so measures need to be taken to prevent the key from being stolen through an attack on a site.

This approach is predicated on the sites connected by quantum key distribution networks being trusted nodes that have implemented countermeasures to prevent this key theft. Research and development is underway on the requirements and technologies of trusted nodes, which are important elements of quantum key distribution network technology. These countermeasures include not only the use of appropriate encryption technologies for processing performed within sites, such as in step ③, but also encompasses things like the physical protection of quantum key distribution devices themselves and the wiring and lines connected to them, and the management of the buildings where the equipment is located.

As explained here, building a quantum key distribution network eliminates the need to use quantum key distribution systems to connect every pair of sites that use quantum cryptographic communication. It also makes it possible to avoid the limitations on distance between sites by relaying keys through appropriate intermediary sites.

Worldwide, quantum key distribution network technology R&D is gaining momentum, and hopes are high for various countries, regions, communications providers, and device vendors to lead the real-world deployment of these networks. To achieve this, it will be vital to have agreed-upon standards regarding important aspects of quantum key distribution network technology, such as its structure, functional requirements, and security.

Toshiba is participating in global efforts to standardize quantum key distribution networks. Our approach has three key points.

① Standardization of quantum key distribution network systems

② Standardization of key supply interfaces for quantum cryptographic communication applications

③ Standardization related to the security of the devices that make up quantum key distribution networks

The standardization of quantum key distribution network systems is primarily being led by the International Telecommunication Union Telecommunication Standardization Sector (ITU-T).

The National Institute of Information and Communications Technology (NICT), NEC Corporation, and Toshiba proposed ITU-T with a joint the basic configuration for the quantum key distribution network models and key relay processing explained so far. Based on this, in July 2019, ITU-T issued its ITU-T Y.3800 recommendation. (*1)

Following the adoption of Y.3800, recommendations with more detailed stipulations regarding quantum key distribution network systems have been created based on the framework put forth by Y.3800.

These recommendations, and the reference relationships between them, are shown in Figure 4.

Y.3801 stipulates functional requirements for quantum key distribution networks. Y3802 stipulates a detailed architecture for the framework introduced in Y.3800. Based on the architecture from Y.3802, Y.3803 presents key management requirements and processing methods, and Y.3804 presents requirements and processing methods related to the control and management of quantum key distribution networks.

Several other recommendations regarding quantum key distribution network security, such as X.1710, have been issued or are in the process of being formulated.

As mentioned earlier, quantum key distribution networks provide keys upon request by applications that use quantum cryptographic communication.

In order to improve the interoperability of applications that use key supply services, the interfaces used to request and supply keys should be standardized.

This is why Toshiba issued a specification proposal to the European Telecommunications Standards Institute (ETSI) to assist with the formulation of standards for key supply interfaces. Following internal deliberation, in February 2019, ETSI issued the ETSI GS QKD 014 standard based on Toshiba's proposal.

This standard defines three Application Programming Interfaces (APIs) and applications can use these APIs as shown in Figure 5 in order to share keys. The APIs use Hypertext Transfer Protocol Secure (HTTPS) as their transmission protocol and JavaScript Object Notation (JSON) for their data structure, so there is a high degree of affinity between them and network applications as a whole.

• Quantum Key Distribution