WO2012053883A1 - Switchable integrated quantum key distribution system - Google Patents

Switchable integrated quantum key distribution system Download PDF

Info

Publication number
WO2012053883A1
WO2012053883A1 PCT/MY2010/000292 MY2010000292W WO2012053883A1 WO 2012053883 A1 WO2012053883 A1 WO 2012053883A1 MY 2010000292 W MY2010000292 W MY 2010000292W WO 2012053883 A1 WO2012053883 A1 WO 2012053883A1
Authority
WO
WIPO (PCT)
Prior art keywords
quantum
key
subsystem
generating
state
Prior art date
Application number
PCT/MY2010/000292
Other languages
French (fr)
Inventor
Mohd Aminudin Mohd Khalid
Norshamsuri Ali@Hashim
Mohd Pazli Sulong
Dr . Gunawan Witjaksono
Original Assignee
Mimos Berhad
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mimos Berhad filed Critical Mimos Berhad
Publication of WO2012053883A1 publication Critical patent/WO2012053883A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B10/00Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
    • H04B10/70Photonic quantum communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • H04L9/0858Details about key distillation or coding, e.g. reconciliation, error correction, privacy amplification, polarisation coding or phase coding

Definitions

  • the present invention relates generally to cryptographic systems and methods, particularly, to Quantum Key Distribution (QKD) systems and methods. More particularly, to systems and methods for integrating non-deterministic and deterministic protocols in the QKD system.
  • QKD Quantum Key Distribution
  • QKD is a method to establish secret key between QKD stations by transmitting quantum states in the form of photons. These quantum states are encoded and measured using quantum cryptographic process. The final key can be derived from quantum state detections and finally used for cryptographic purposes.
  • QKD protocols can be divided into 2 categories: Non-deterministic protocol and deterministic. Each of these protocols has their own advantages and disadvantages.
  • Non-deterministic QKD protocols such as BB84
  • BB84 protocol an exemplary situation would be where an user, Alice randomly prepares a set of quantum states and sends it to another user, Bob. Subsequently, Bob randomly measures the quantum states. As a result, half of the quantum states will need to be discarded due to incompatible basis that are used in the measurement process. This translates to low key generation rate since many quantum states cannot be used to generate secret key.
  • deterministic protocols such as YUEN, usually perform better than Non- deterministic protocols. However, their deterministic nature requires the system to have a pre-shared secret information.
  • This pre-shared secret information is used by Alice to prepare quantum states and by Bob to measure the quantum states
  • the generated secret key will be doubled to that of BB84 since all bases are compatible, thus a good candidate for high key availability system.
  • the pre-shared secret information will need to be set before key generation process is started. The procedure to set the pre-shared secret is done manually, thus it is cumbersome and error-prone. More importantly, the level of confidentiality of deterministic protocol heavily depends on its fixed pre-shared secret information. The pre-shared secret is not changed regularly which means that any leakage of information regarding the shared secret will expose the system to cryptanalysis attack.
  • a high key availability system to support data encryption is essential in high data rate communication system especially when One-Time-Pad encryption is employed.
  • the problem in realizing QKD based One Time Pad encryption system is that it requires a large amount of encryption keys.
  • the size of the encryption key must be equal to the size of the plaintext. Therefore, it requires a high key availability QKD system.
  • Non-deterministic QKD system e.g. BB84 and SARG04
  • BB84 and SARG04 has drawbacks in term of low key generation rate.
  • security level has been proven. It offers trade-offs between high level of confidentiality and low level of key availability.
  • Deterministic QKD system e.g. YUEN
  • YUEN has its own drawbacks as it requires pre-shared secret prior to protocol execution. This pre-shared secret can be changed but the process is manually done.
  • the key generation rate is higher than non-deterministic protocol. It offers trade-offs between high level of key availability and low level of confidentiality and flexibility.
  • US2006059343 teaches a method of using final key as seed to key expansion function (e.g. stream cipher) to generate longer final key for high key availability system. This method can be applied to any type of QKD system. The disadvantage is that the expanded key is not purely derived from quantum state detections.
  • US5963646 teaches a solution to increase the level of secrecy of encryption key using secure deterministic method.
  • the disadvantage of this method is that it results in shorter key.
  • Xiaxiang Lin et al (An Implementation of Post-Processing Software in Quantum Key Distribution, Proceedings of 2009 World Congress on Computer Science and Information Engineering), proposes a multi-thread software architecture for high key availability QKD system.
  • the proposed method focuses on post-processing stage but not at QKD protocol level which means the method still rely on the performance of optical setup.
  • the advantage of the present invention is that the disclosed methods and systems are able to achieve a balance between high key availability, high level confidentiality and system flexibility. More importantly, the generated final key is purely derived from quantum state detections.
  • a system to generate quantum key between QKD stations using the combination of non- deterministic and deterministic QKD system is disclosed. Also disclosed are methods, where the method includes establishing a Master Key using non-deterministic QKD system and buffering the Master key in system memory.
  • the generated Master key is processed by activating Switching Bridge between 2 protocols to generate SubKey.
  • the SubKey is used as preshared secret for deterministic QKD system.
  • a plurality of Storage Key is generated using deterministic QKD system. The process will go back to Switching Bridge to produce new SubKey when Master Key is not expired. Otherwise, the Switching Bridge will direct the process to non deterministic protocol to renew Master Key.
  • the Storage Key can be used by other application for cryptographic purposes.
  • a system for QKD between two stations in quantum communication state each station comprising at least of: a) a first subsystem (300) capable of generating a first quantum key (103);
  • each station comprising at least of a first subsystem (300) capable of generating a Master Key (103) with a life time; a switching bridge means(305) capable of generating a SubKey (104) from the said Master Key (103), a second subsystem (306) capable of generating a Storage Key(105) using the said SubKey (104) and a storage means to store the Master Key (103), SubKey (104) and Storage Key (105), wherein the said switching bridge means (305) is further capable of activating the said first subsystem (300) to generate a new Master Key (103) on the expiry of the Master Key (103).
  • Another aspect of the invention is a method of distributing quantum keys between two stations in quantum communication state comprising any of the steps of: a) generating identical first quantum key (103) in a first subsystem (300) of each station by generating independently in each station a random binary code for a value of quantum state and assigning the said code for a quantum state, modulating and transmitting the said quantum state from the first station to the second station through a network and receiving the said quantum state in the second station;
  • Yet another aspect of the invention is a method of distributing quantum keys between two stations in quantum communication state comprising any of the steps of: a) generating identical first quantum key (103) in a first subsystem (300) of each station by generating independently in each station a random binary code for a value of quantum state and assigning the said code for a quantum state, modulating and transmitting the said quantum state from the first station to the second station through a network and receiving the said quantum state in the second station;
  • FIG 1 is a schematic representation of an embodiment of the invention.
  • FIG 2 is a schematic illustration of an embodiment of the invention.
  • FIG 3 is a schematic illustration of an embodiment of the invention.
  • an embodiment in accordance with the principles of the invention operates firstly (100), by activating the provably secure and flexible non-deterministic QKD system to establish identical Master Key (103) between QKD stations, secondly (101 ), the Switching Bridge between 2 protocols is activated by generating Sub Key (104) for subsequent step and thirdly (102), by making use of the high availability of deterministic QKD system, by using Sub Key (104) as seed to deterministic QKD system to generate Storage Key (105).
  • the Switching Bridge is activated again when Master Key lifetime expires so that the non-deterministic QKD system can renew Master Key.
  • FIG 2 illustrates an exemplary implementation of the BB84/YUEN QKD system consisting of a pair of fictitious QKD stations, Alice and Bob.
  • the internal system architecture consists of RANDOM NUMBER GENERATION UNIT (201 , 205), KEY STORAGE UNIT, MEMORY BUFFER, KEY GENERATION PROCESSOR UNIT (200, 206), QUANTUM TRANSMISSION/RECEPTION UNIT (203, 207) and PUBLIC COMMUNICATION UNIT (204, 208).
  • RANDOM NUMBER GENERATION UNIT (201 , 205) functions as source of random bit value.
  • the random bits are used during the process of modulating/polarizing and measuring quantum state.
  • the realization of this module can also be done with a quantum random number generator or alike.
  • KEY STORAGE UNIT and MEMORY BUFFER UNIT are used to store the generated cryptographic key namely, Master Key, Sub Key and Storage Key. Storage Key is stored in KEY STORAGE UNIT and other keys are stored in MEMORY BUFFER UNIT. These units can be realized by using any non-volatile memory and any volatile memory, for KEY STORAGE UNIT and MEMORY BUFFER UNIT respectively.
  • QUANTUM TRANSMISSION/RECEPTION UNIT (203,207) functions as transmitter and receiver to send and detect quantum states respectively. It consists of optical setup for BB84 protocol and its electronics control module such as laser driver and single photon detectors. The control logic can be implemented using microcontrollers or Field- Programmable Gate Array (FPGA). PUBLIC COMMUNICATION UNIT (204, 208) functions as network interface for public communication. This can be realized by using standard TCP/IP network interface card.
  • KEY GENERATION PROCESSOR UNIT (202,206) functions as main controller for the whole key generation system. It consists of SWITCHING BRIDGE UNIT (200,209), non- deterministic subsystem (ND) and deterministic subsystem (D). SWITCHING BRIDGE UNIT manages protocol switching between BB84 and YUEN by monitoring certain conditions such as Master Key expiry and KEY STORAGE UNIT status. It is also responsible in executing error correction procedure on sifted key as well as performing privacy amplification. This unit can be realized using FPGA based embedded platform by implementing computationally intensive part such as error control coding as FPGA logic and protocol interactivity in key distillation as firmware logic on FPGA based microprocessor soft-core.
  • FIG 3 illustrates the detailed steps taken during the execution of switchable QKD system to generate Storage Key for cryptographic purposes. It shows the steps taken by a pair of QKD system namely, Alice and Bob.
  • SWITCHING BRIDGE UNIT regularly checks KEY STORAGE UNIT, whether it is full or not. If KEY STORAGE UNIT is not full then SWITCHING BRIDGE UNIT (200) activates (300) its ND subsystem.
  • KEY GENERATION PROCESSOR UNIT (202) at Alice informs KEY GENERATION PROCESSOR UNIT (206) at Bob through PUBLIC COMMUNICATION UNIT (204, 208) to activate Bob's ND subsystem.
  • preparation steps prior to quantum state transmission are performed.
  • RANDOM NUMBER GENERATION UNIT (201 ) at Alice generates N bits of binary code to represent basis code ("+” or “x") for N number of quantum states. Another N bits of binary code is generated to represent value code ("0" or “1 ”) for N number of quantum states. This 2N bits of random binary code is retrieved by KEY GENERATION PROCESSOR (202) UNIT and transferred (303) to QUANTUM TRANSMISSION UNIT (203).
  • RANDOM NUMBER GENERATION UNIT (205) generates N bits of binary code to represent basis code ("+" or "x") for N number of quantum states. This N bits of random binary code is transferred (304) from RANDOM NUMBER GENERATION UNIT (205) to QUANTUM RECEPTION UNIT (207) through KEY GENERATION PROCESSOR UNIT (206).
  • Alice's QUANTUM TRANSMISSION UNIT (203) send quantum states by modulating or polarizing quantum signal according to its 2N bits binary code while Bob's QUANTUM RECEPTION UNIT (207) detects quantum state arrival and measure it according to its N bits binary code.
  • KEY GENERATION PROCESSOR UNIT 206 at Bob.
  • KEY GENERATION PROCESSOR UNIT 202, 206 at Alice and Bob distill identical Master Key by performing key sifting, error correction and privacy amplification on the binary code and measurement outcome.
  • SWITCHING BRIDGE UNIT 200, 209 at Alice and Bob detects the availability of Master Key and calculates (305) current SubKey using a cryptographically strong deterministic feedback function such as secure hash function. Master Key is used as input to deterministic feedback function for the first cycle of current Master Key. For the subsequent cycle, previous SubKey is used as input to deterministic feedback function to generate current SubKey as follows:
  • SubKey is a binary code that is used as basis code for N number of quantum states at Alice and Bob.
  • SubKey is an identical secret binary code between Alice and Bob which is derived from Master Key. This enables SWITCHING BRIDGE UNIT (200, 209) at Alice and Bob to activate (306) their D subsystem through KEY GENERATION PROCESSOR UNIT (202, 206).
  • SubKey is used to represent basis code ("+” or “x") for N number of quantum states.
  • Another N bits of binary code is generated (307) by RANDOM GENERATOR UNIT (201 ) to represent value code ("0" or “1 ”) for N number of quantum states.
  • This 2N bits of random binary code is retrieved by KEY GENERATION PROCESSOR UNIT (202) and transferred (308) to QUANTUM TRANSMISSION UNIT (203).
  • SubKey is used to represent basis code ("+” or "x") for N number of quantum states. This N bits of random binary code is transferred (309) from RANDOM NUMBER GENERATION UNIT (205) to QUANTUM RECEPTION UNIT (207) through KEY GENERATION PROCESSOR UNIT (206).
  • Alice's QUANTUM TRANSMISSION UNIT (203) send quantum states by modulating or polarizing quantum signal according to its 2N bits binary code while Bob's QUANTUM TRANSMISSION UNIT (203) detects quantum state arrival and measure it according to its N bits binary code. The outcome of the measurement is recorded and retrieved by KEY GENERATION PROCESSOR UNIT (206) at Bob.
  • KEY GENERATION PROCESSOR UNIT (202, 206) at Alice and Bob distill sifted key by performing key sifting steps on the binary code and the measurement outcome at both station. Key distillation steps heavily utilize PUBLIC COMMUNICATION UNIT (204, 208) at Alice and Bob to exchange public information. During this process, all public communication is encrypted using cryptographic algorithm such as AES or alike. Master Key is also used to perform privacy amplification on the error corrected key at Alice and Bob to produce (310) identical Storage Key.
  • the SWITCHING BRIDGE UNIT (200, 209) continues to activate D subsystem, generate new SubKey using deterministic feedback function and use it to generate Storage Key.
  • SWITCHING BRIDGE UNIT (200, 209) continuously checks whether the lifetime is expired or not. If Master Key's lifetime is expired, SWITCHING BRIDGE UNIT (200, 209) activates ND subsystem to generate new Master Key, new SubKey and finally generates Storage Key.

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Optics & Photonics (AREA)
  • Optical Communication System (AREA)
  • Lock And Its Accessories (AREA)

Abstract

A switching mechanism to generate quantum key between quantum key distribution (QKD) stations using the combination of non-deterministic and deterministic QKD subsystems is disclosed. The method includes establishing a Master Key (103) using non-deterministic QKD subsystem (301 ) and buffering the Master key (103) in system memory (105). The generated Master key (103) is processed by activating Switching Bridge (305) between two protocols to generate SubKey (104). The SubKey (104) is used as preshared secret information for deterministic QKD subsystem (306). A plurality of Storage Key (105) is generated using deterministic QKD subsystem (306). The process will go back to Switching Bridge (305) to produce a new SubKey (104) when Master Key (103) is not expired. Otherwise, the Switching Bridge (305) will direct the process to non deterministic protocol to renew Master Key (103). The Storage Key (105) can be used by other application for cryptographic purposes.

Description

SWITCHABLE INTEGRATED QUANTUM KEY DISTRIBUTION SYSTEM
FIELD OF THE INVENTION
The present invention relates generally to cryptographic systems and methods, particularly, to Quantum Key Distribution (QKD) systems and methods. More particularly, to systems and methods for integrating non-deterministic and deterministic protocols in the QKD system.
BACKGROUND OF THE INVENTION
QKD is a method to establish secret key between QKD stations by transmitting quantum states in the form of photons. These quantum states are encoded and measured using quantum cryptographic process. The final key can be derived from quantum state detections and finally used for cryptographic purposes.
In general, QKD protocols can be divided into 2 categories: Non-deterministic protocol and deterministic. Each of these protocols has their own advantages and disadvantages.
Non-deterministic QKD protocols, such as BB84, are considered as emblematic protocols in quantum cryptography with high level of confidentiality. In BB84 protocol, an exemplary situation would be where an user, Alice randomly prepares a set of quantum states and sends it to another user, Bob. Subsequently, Bob randomly measures the quantum states. As a result, half of the quantum states will need to be discarded due to incompatible basis that are used in the measurement process. This translates to low key generation rate since many quantum states cannot be used to generate secret key. However, deterministic protocols, such as YUEN, usually perform better than Non- deterministic protocols. However, their deterministic nature requires the system to have a pre-shared secret information. This pre-shared secret information is used by Alice to prepare quantum states and by Bob to measure the quantum states In the case of YUEN, the generated secret key will be doubled to that of BB84 since all bases are compatible, thus a good candidate for high key availability system. However, the pre-shared secret information will need to be set before key generation process is started. The procedure to set the pre-shared secret is done manually, thus it is cumbersome and error-prone. More importantly, the level of confidentiality of deterministic protocol heavily depends on its fixed pre-shared secret information. The pre-shared secret is not changed regularly which means that any leakage of information regarding the shared secret will expose the system to cryptanalysis attack.
A high key availability system to support data encryption is essential in high data rate communication system especially when One-Time-Pad encryption is employed.
The problem in realizing QKD based One Time Pad encryption system is that it requires a large amount of encryption keys. The size of the encryption key must be equal to the size of the plaintext. Therefore, it requires a high key availability QKD system.
Non-deterministic QKD system (e.g. BB84 and SARG04) has drawbacks in term of low key generation rate. However, its security level has been proven. It offers trade-offs between high level of confidentiality and low level of key availability. Deterministic QKD system (e.g. YUEN) has its own drawbacks as it requires pre-shared secret prior to protocol execution. This pre-shared secret can be changed but the process is manually done. The key generation rate is higher than non-deterministic protocol. It offers trade-offs between high level of key availability and low level of confidentiality and flexibility.
US2006059343 teaches a method of using final key as seed to key expansion function (e.g. stream cipher) to generate longer final key for high key availability system. This method can be applied to any type of QKD system. The disadvantage is that the expanded key is not purely derived from quantum state detections.
US5963646 teaches a solution to increase the level of secrecy of encryption key using secure deterministic method. The disadvantage of this method is that it results in shorter key. Xiaxiang Lin et al, (An Implementation of Post-Processing Software in Quantum Key Distribution, Proceedings of 2009 World Congress on Computer Science and Information Engineering), proposes a multi-thread software architecture for high key availability QKD system. However, the proposed method focuses on post-processing stage but not at QKD protocol level which means the method still rely on the performance of optical setup.
Therefore, there exists a need for methods and systems resulting in higher key generation and higher level of secrecy.
It is an object of the invention to disclose a system that has the advantages of both deterministic and non-deterministic protocol.
It is yet another object of the invention to disclose systems and methods generating higher key generation. It is yet another object of the invention to disclose systems and methods resulting in higher level of secrecy.
It is yet another object of the invention to disclose systems and methods that minimizes the disadvantages of non-deterministic and deterministic QKD systems to create a secure, flexible and high key availability switchable QKD system.
SUMMARY OF THE INVENTION
The advantage of the present invention is that the disclosed methods and systems are able to achieve a balance between high key availability, high level confidentiality and system flexibility. More importantly, the generated final key is purely derived from quantum state detections.
A system to generate quantum key between QKD stations using the combination of non- deterministic and deterministic QKD system is disclosed. Also disclosed are methods, where the method includes establishing a Master Key using non-deterministic QKD system and buffering the Master key in system memory. The generated Master key is processed by activating Switching Bridge between 2 protocols to generate SubKey. The SubKey is used as preshared secret for deterministic QKD system. A plurality of Storage Key is generated using deterministic QKD system. The process will go back to Switching Bridge to produce new SubKey when Master Key is not expired. Otherwise, the Switching Bridge will direct the process to non deterministic protocol to renew Master Key. The Storage Key can be used by other application for cryptographic purposes.
Accordingly, it is disclosed herein, a system for QKD between two stations in quantum communication state, each station comprising at least of: a) a first subsystem (300) capable of generating a first quantum key (103);
b) a switching bridge means (305) capable of generating a SubKey (104) from the said first key; and
c) a second subsystem (306) capable of generating a second quantum key(105) using the said SubKey. Also disclosed herein is a system for QKD between two stations in quantum communication state, each station comprising at least of a first subsystem (300) capable of generating a Master Key (103) with a life time; a switching bridge means(305) capable of generating a SubKey (104) from the said Master Key (103), a second subsystem (306) capable of generating a Storage Key(105) using the said SubKey (104) and a storage means to store the Master Key (103), SubKey (104) and Storage Key (105), wherein the said switching bridge means (305) is further capable of activating the said first subsystem (300) to generate a new Master Key (103) on the expiry of the Master Key (103).
Another aspect of the invention is a method of distributing quantum keys between two stations in quantum communication state comprising any of the steps of: a) generating identical first quantum key (103) in a first subsystem (300) of each station by generating independently in each station a random binary code for a value of quantum state and assigning the said code for a quantum state, modulating and transmitting the said quantum state from the first station to the second station through a network and receiving the said quantum state in the second station;
b) generating a SubKey (104) in a switching bridge means using the first quantum key(103); and c) generating a second quantum key (105) in a second subsystem (306) by using the said SubKey (104).
Yet another aspect of the invention is a method of distributing quantum keys between two stations in quantum communication state comprising any of the steps of: a) generating identical first quantum key (103) in a first subsystem (300) of each station by generating independently in each station a random binary code for a value of quantum state and assigning the said code for a quantum state, modulating and transmitting the said quantum state from the first station to the second station through a network and receiving the said quantum state in the second station;
b) generating SubKey (104) in a switching bridge means using the first quantum key (103);
c) generating a second quantum key (105) in a second subsystem(306) by using the SubKey (104);
d) storing the first quantum key(103), SubKey (104) and second quantum key(105) in a storage device; and
e) configuring the switching bridge means (305) to check the life time of the first quantum key (103) and generate a new first quantum key (103) on the expiry of the first quantum key (103).
BRIEF DESCRIPTION OF THE DRAWINGS
FIG 1 is a schematic representation of an embodiment of the invention.
FIG 2 is a schematic illustration of an embodiment of the invention.
FIG 3 is a schematic illustration of an embodiment of the invention.
DETAILED DESCRIPTION OF THE INVENTION
Referring to FIG 1 , an embodiment in accordance with the principles of the invention operates firstly (100), by activating the provably secure and flexible non-deterministic QKD system to establish identical Master Key (103) between QKD stations, secondly (101 ), the Switching Bridge between 2 protocols is activated by generating Sub Key (104) for subsequent step and thirdly (102), by making use of the high availability of deterministic QKD system, by using Sub Key (104) as seed to deterministic QKD system to generate Storage Key (105). The Switching Bridge is activated again when Master Key lifetime expires so that the non-deterministic QKD system can renew Master Key.
FIG 2 illustrates an exemplary implementation of the BB84/YUEN QKD system consisting of a pair of fictitious QKD stations, Alice and Bob. The internal system architecture consists of RANDOM NUMBER GENERATION UNIT (201 , 205), KEY STORAGE UNIT, MEMORY BUFFER, KEY GENERATION PROCESSOR UNIT (200, 206), QUANTUM TRANSMISSION/RECEPTION UNIT (203, 207) and PUBLIC COMMUNICATION UNIT (204, 208).
RANDOM NUMBER GENERATION UNIT (201 , 205) functions as source of random bit value. The random bits are used during the process of modulating/polarizing and measuring quantum state. The realization of this module can also be done with a quantum random number generator or alike.
KEY STORAGE UNIT and MEMORY BUFFER UNIT are used to store the generated cryptographic key namely, Master Key, Sub Key and Storage Key. Storage Key is stored in KEY STORAGE UNIT and other keys are stored in MEMORY BUFFER UNIT. These units can be realized by using any non-volatile memory and any volatile memory, for KEY STORAGE UNIT and MEMORY BUFFER UNIT respectively.
QUANTUM TRANSMISSION/RECEPTION UNIT (203,207) functions as transmitter and receiver to send and detect quantum states respectively. It consists of optical setup for BB84 protocol and its electronics control module such as laser driver and single photon detectors. The control logic can be implemented using microcontrollers or Field- Programmable Gate Array (FPGA). PUBLIC COMMUNICATION UNIT (204, 208) functions as network interface for public communication. This can be realized by using standard TCP/IP network interface card.
KEY GENERATION PROCESSOR UNIT (202,206) functions as main controller for the whole key generation system. It consists of SWITCHING BRIDGE UNIT (200,209), non- deterministic subsystem (ND) and deterministic subsystem (D). SWITCHING BRIDGE UNIT manages protocol switching between BB84 and YUEN by monitoring certain conditions such as Master Key expiry and KEY STORAGE UNIT status. It is also responsible in executing error correction procedure on sifted key as well as performing privacy amplification. This unit can be realized using FPGA based embedded platform by implementing computationally intensive part such as error control coding as FPGA logic and protocol interactivity in key distillation as firmware logic on FPGA based microprocessor soft-core.
FIG 3 illustrates the detailed steps taken during the execution of switchable QKD system to generate Storage Key for cryptographic purposes. It shows the steps taken by a pair of QKD system namely, Alice and Bob.
Referring to FIG 2 and FIG 3, at Alice, SWITCHING BRIDGE UNIT (200) regularly checks KEY STORAGE UNIT, whether it is full or not. If KEY STORAGE UNIT is not full then SWITCHING BRIDGE UNIT (200) activates (300) its ND subsystem. KEY GENERATION PROCESSOR UNIT (202) at Alice informs KEY GENERATION PROCESSOR UNIT (206) at Bob through PUBLIC COMMUNICATION UNIT (204, 208) to activate Bob's ND subsystem. At Alice (301 ), preparation steps prior to quantum state transmission are performed. RANDOM NUMBER GENERATION UNIT (201 ) at Alice generates N bits of binary code to represent basis code ("+" or "x") for N number of quantum states. Another N bits of binary code is generated to represent value code ("0" or "1 ") for N number of quantum states. This 2N bits of random binary code is retrieved by KEY GENERATION PROCESSOR (202) UNIT and transferred (303) to QUANTUM TRANSMISSION UNIT (203).
At Bob (302), the similar preparation steps are performed prior to quantum state transmission. RANDOM NUMBER GENERATION UNIT (205) generates N bits of binary code to represent basis code ("+" or "x") for N number of quantum states. This N bits of random binary code is transferred (304) from RANDOM NUMBER GENERATION UNIT (205) to QUANTUM RECEPTION UNIT (207) through KEY GENERATION PROCESSOR UNIT (206). After the preparation steps have been completed, sequentially, Alice's QUANTUM TRANSMISSION UNIT (203) send quantum states by modulating or polarizing quantum signal according to its 2N bits binary code while Bob's QUANTUM RECEPTION UNIT (207) detects quantum state arrival and measure it according to its N bits binary code. The outcome of the measurement is recorded and retrieved by KEY GENERATION PROCESSOR UNIT (206) at Bob. Finally, KEY GENERATION PROCESSOR UNIT (202, 206) at Alice and Bob distill identical Master Key by performing key sifting, error correction and privacy amplification on the binary code and measurement outcome. Subsequently, SWITCHING BRIDGE UNIT (200, 209) at Alice and Bob detects the availability of Master Key and calculates (305) current SubKey using a cryptographically strong deterministic feedback function such as secure hash function. Master Key is used as input to deterministic feedback function for the first cycle of current Master Key. For the subsequent cycle, previous SubKey is used as input to deterministic feedback function to generate current SubKey as follows:
SUBKEY[I] = F(SUBKEY[i-1 ]), SUBKEY[0] = Master Key
At this point, Alice and Bob share identical current SubKey which is a binary code that is used as basis code for N number of quantum states at Alice and Bob. Note that SubKey is an identical secret binary code between Alice and Bob which is derived from Master Key. This enables SWITCHING BRIDGE UNIT (200, 209) at Alice and Bob to activate (306) their D subsystem through KEY GENERATION PROCESSOR UNIT (202, 206).
Subsequently, at Alice, preparation steps prior to quantum state transmission are performed. SubKey is used to represent basis code ("+" or "x") for N number of quantum states. Another N bits of binary code is generated (307) by RANDOM GENERATOR UNIT (201 ) to represent value code ("0" or "1 ") for N number of quantum states. This 2N bits of random binary code is retrieved by KEY GENERATION PROCESSOR UNIT (202) and transferred (308) to QUANTUM TRANSMISSION UNIT (203).
At Bob, the similar preparation steps are performed prior to quantum state transmission. SubKey is used to represent basis code ("+" or "x") for N number of quantum states. This N bits of random binary code is transferred (309) from RANDOM NUMBER GENERATION UNIT (205) to QUANTUM RECEPTION UNIT (207) through KEY GENERATION PROCESSOR UNIT (206).
After the preparation steps have been completed, sequentially, Alice's QUANTUM TRANSMISSION UNIT (203) send quantum states by modulating or polarizing quantum signal according to its 2N bits binary code while Bob's QUANTUM TRANSMISSION UNIT (203) detects quantum state arrival and measure it according to its N bits binary code. The outcome of the measurement is recorded and retrieved by KEY GENERATION PROCESSOR UNIT (206) at Bob.
Finally, KEY GENERATION PROCESSOR UNIT (202, 206) at Alice and Bob distill sifted key by performing key sifting steps on the binary code and the measurement outcome at both station. Key distillation steps heavily utilize PUBLIC COMMUNICATION UNIT (204, 208) at Alice and Bob to exchange public information. During this process, all public communication is encrypted using cryptographic algorithm such as AES or alike. Master Key is also used to perform privacy amplification on the error corrected key at Alice and Bob to produce (310) identical Storage Key. The SWITCHING BRIDGE UNIT (200, 209) continues to activate D subsystem, generate new SubKey using deterministic feedback function and use it to generate Storage Key.
The key generated by ND subsystem namely, Master Key has a lifetime. SWITCHING BRIDGE UNIT (200, 209) continuously checks whether the lifetime is expired or not. If Master Key's lifetime is expired, SWITCHING BRIDGE UNIT (200, 209) activates ND subsystem to generate new Master Key, new SubKey and finally generates Storage Key.

Claims

A system for Quantum Key Distribution (QKD) between two stations in quantum communication state, each station comprising at least of:
a) a first subsystem (300) capable of generating a first quantum key(103); b) a switching bridge means (305) capable of generating a SubKey (104) from the said first key; and
c) a second subsystem (306) capable of generating a second quantum key (105) using the said SubKey.
A system as claimed in claim 1 wherein the said first subsystem (300) further comprises of a random number generator (301 ) to generate random binary code for a quantum state, a quantum transmitter (303) to transmit the quantum state, a quantum receiver (304) to receive the quantum state and a key generator (310) to generate the first quantum key (103) from the received quantum state.
A system as claimed in claim 1 wherein the said second subsystem (306) further comprises of a random number generator (307) to generate random binary code for a quantum state, a quantum transmitter (308) to transmit the quantum state, a quantum receiver (309) to receive the quantum state and a key generator (310) to generate the second quantum key (105) from the received quantum state.
A system as claimed in claim 1 wherein the said first subsystem (300) is capable of generating the first quantum key (103) in accordance with a non-deterministic QKD protocol.
A system as claimed in claim 1 wherein the said second subsystem (300) is capable of generating the second quantum key (105) in accordance with a deterministic QKD protocol with the said SubKey (104) as the preshared secret information.
6. A system as claimed in any of the preceding claims wherein the said first quantum key (103) includes a Master Key. A system as claimed in any of the preceding claims wherein the said second quantum key (105) includes a Storage Key.
A system for Quantum Key Distribution (QKD) between two stations in quantum communication state, each station comprising at least of a first subsystem (300) capable of generating a Master Key (103) with a life time; a switching bridge means(305) capable of generating a SubKey (104) from the said Master Key(103), a second subsystem (306) capable of generating a Storage Key(105) using the said SubKey (104) and a storage means to store the Master Key (103), SubKey (104) and Storage Key (105), wherein the said switching bridge means (305) is further capable of activating the said first subsystem (300) to generate a new Master Key (103) on the expiry of the Master Key (103).
A system as claimed in claim 8 wherein the said storage device includes random access memory devices or read only memory devices.
A method of distributing quantum keys between two stations in quantum communication state comprising any of the steps of:
a) generating identical first quantum key (103) in a first subsystem (300) of each station by generating independently in each station a random binary code for a value of quantum state and assigning the said code for a quantum state, modulating and transmitting the said quantum state from the first station to the second station through a network and receiving the said quantum state in the second station;
b) generating a SubKey (104) in a switching bridge means using the first quantum key (103); and
c) generating a second quantum key (105) in a second subsystem (306) by using the said SubKey (104). 1. A method of distributing quantum keys between two stations in quantum communication state comprising any of the steps of: a) generating identical first quantum key (103) in a first subsystem (300) of each station by generating independently in each station a random binary code for a value of quantum state and assigning the said code for a quantum state, modulating and transmitting the said quantum state from the first station to the second station through a network and receiving the said quantum state in the second station;
b) generating SubKey (104) in a switching bridge means using the first quantum key (103);
c) generating a second quantum key (105) in a second subsystem (306) by using the SubKey (104);
d) storing the first quantum key (103), SubKey (104) and second quantum key (105) in a storage device; and
e) configuring the switching bridge means (305) to check the life time of the first quantum key (103) and generate a new first quantum key (103) on the expiry of the first quantum key (103).
A method as claimed in claims 10 or 1 1 wherein the said first subsystem (300) further comprises of a random number generator (301 ) to generate random binary code for a quantum state, a quantum transmitter (303) to transmit the quantum state, a quantum receiver (304) to receive the quantum state and a key generator to generate the first quantum key.
A method as claimed in claims 10 or 11 wherein the said second subsystem (306) further comprises of a random number generator (307) to generate random binary code for a quantum state, a quantum transmitter (308) to transmit the quantum state, a quantum receiver (309) to receive the quantum state and a key generator (310) to generate the second quantum key.
14. A method as claimed in claims 10 or 1 1 wherein the said first subsystem (300) is capable of generating the first quantum key (103) in accordance with a non- deterministic QKD protocol. A method as claimed in claims 10 or 1 1 wherein the said second subsystem (300) is capable of generating the second quantum key (105) in accordance with a deterministic QKD protocol with the said SubKey (104) as the preshared secret information.
A method as claimed in any of the preceding claims 10-15 wherein, the said first quantum key ( 03) includes a Master Key.
A method as claimed in any of the preceding claims 10-15 wherein, the said second quantum key (105) includes a Storage Key.
A method as claimed in claims 10-15 wherein the said network includes a public network, a private network or open space.
PCT/MY2010/000292 2010-09-27 2010-11-25 Switchable integrated quantum key distribution system WO2012053883A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
MYPI2010004499 MY150189A (en) 2010-09-27 2010-09-27 System and method for quantum key distribution
MYPI20100004904 2010-10-18

Publications (1)

Publication Number Publication Date
WO2012053883A1 true WO2012053883A1 (en) 2012-04-26

Family

ID=45893397

Family Applications (2)

Application Number Title Priority Date Filing Date
PCT/MY2010/000272 WO2012044149A1 (en) 2010-09-27 2010-11-12 System and method for quantum key distribution
PCT/MY2010/000292 WO2012053883A1 (en) 2010-09-27 2010-11-25 Switchable integrated quantum key distribution system

Family Applications Before (1)

Application Number Title Priority Date Filing Date
PCT/MY2010/000272 WO2012044149A1 (en) 2010-09-27 2010-11-12 System and method for quantum key distribution

Country Status (2)

Country Link
MY (1) MY150189A (en)
WO (2) WO2012044149A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015023550A1 (en) * 2013-08-13 2015-02-19 Fiske Software, LLC. Nado cryptography using one-way functions
CN104618031A (en) * 2015-02-12 2015-05-13 四川师范大学 Unknown arbitrary two-particle bidirectional controlled quantum teleportation method
US9235697B2 (en) 2012-03-05 2016-01-12 Biogy, Inc. One-time passcodes with asymmetric keys

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102739394B (en) 2012-06-07 2013-11-06 中国科学技术大学 Light quantum phase modulating system
EP3111380B1 (en) 2014-02-28 2019-09-04 Rigetti & Co., Inc. Processing signals in a quantum computing system
WO2016099565A1 (en) * 2014-12-19 2016-06-23 Nokia Technologies Oy Photonic chip for continuous variable quantum key distribution
CN106059676B (en) * 2016-05-12 2018-04-24 山西大学 Multichannel frequency coding information Transmission system based on single photon detection
FR3080507B1 (en) * 2018-04-24 2021-05-21 Veriqloud RECONFIGURABLE PROCESSING DEVICE FOR QUANTUM COMMUNICATIONS.
CN109560880B (en) * 2018-12-28 2021-12-07 吉林大学 Quantum communication system
US11411724B2 (en) * 2019-08-01 2022-08-09 Ut-Battelle, Llc Continuous variable quantum secret sharing
US11329730B2 (en) 2019-09-26 2022-05-10 Eagle Technology, Llc Quantum communication system having time to frequency conversion and associated methods
US11418330B2 (en) * 2019-10-21 2022-08-16 Eagle Technology, Llc Quantum communication system that switches between quantum key distribution (QKD) protocols and associated methods
US11240018B2 (en) 2019-10-30 2022-02-01 Eagle Technology, Llc Quantum communications system having quantum key distribution and using a talbot effect image position and associated methods
US11082216B2 (en) 2019-10-30 2021-08-03 Eagle Technology, Llc Quantum communication system having quantum key distribution and using a midpoint of the talbot effect image position and associated methods
US11050559B2 (en) 2019-11-19 2021-06-29 Eagle Technology, Llc Quantum communications system using Talbot effect image position and associated methods
US11558123B2 (en) 2021-02-19 2023-01-17 Eagle Technology, Llc Quantum communications system having stabilized quantum communications channel and associated methods
CN114338020B (en) * 2022-03-15 2022-06-24 浙江九州量子信息技术股份有限公司 Quantum key distribution coding device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060059403A1 (en) * 2002-09-18 2006-03-16 Youdai Watanabe Quantum key distribution method and communication device
US20070014415A1 (en) * 2005-06-16 2007-01-18 Harrison Keith A Quantum key distribution method and apparatus
US20080101612A1 (en) * 2004-08-31 2008-05-01 Hideki Imai Quantum Key Distribution Protocol

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4124194B2 (en) * 2004-11-01 2008-07-23 日本電気株式会社 Shared information generation method and system
CA2569764A1 (en) * 2005-12-01 2007-06-01 Bing Li Method, system and apparatus for optical phase modulation based on frequency shift
JP4838166B2 (en) * 2007-02-19 2011-12-14 ソニー株式会社 Quantum cryptographic communication device and communication terminal

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060059403A1 (en) * 2002-09-18 2006-03-16 Youdai Watanabe Quantum key distribution method and communication device
US20080101612A1 (en) * 2004-08-31 2008-05-01 Hideki Imai Quantum Key Distribution Protocol
US20070014415A1 (en) * 2005-06-16 2007-01-18 Harrison Keith A Quantum key distribution method and apparatus

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9235697B2 (en) 2012-03-05 2016-01-12 Biogy, Inc. One-time passcodes with asymmetric keys
WO2015023550A1 (en) * 2013-08-13 2015-02-19 Fiske Software, LLC. Nado cryptography using one-way functions
CN104618031A (en) * 2015-02-12 2015-05-13 四川师范大学 Unknown arbitrary two-particle bidirectional controlled quantum teleportation method
CN104618031B (en) * 2015-02-12 2017-06-09 四川师范大学 The method of the bi-direction controlled quantum teleportation of unknown any two particle

Also Published As

Publication number Publication date
WO2012044149A8 (en) 2012-11-08
WO2012044149A1 (en) 2012-04-05
MY150189A (en) 2013-12-13

Similar Documents

Publication Publication Date Title
WO2012053883A1 (en) Switchable integrated quantum key distribution system
CN111740828B (en) Key generation method, device and equipment and encryption and decryption method
US10104048B2 (en) Method and system for secure key generation over an insecure shared communication medium
US8600063B2 (en) Key distribution system
JP5424008B2 (en) Shared information management method and system
US7181011B2 (en) Key bank systems and methods for QKD
JP2018538760A (en) Apparatus and method for quantum key distribution with improved security and reduced trust requirements
JP5871142B2 (en) Communication device and encryption key generation method in encryption key sharing system
US20130315395A1 (en) Embedded Authentication Protocol for Quantum Key Distribution Systems
WO2019088979A1 (en) Multi-party threshold authenticated encryption
JP5544355B2 (en) Method and system for verifying shared secrets
US10686587B2 (en) Method for safeguarding the information security of data transmitted via a data bus and data bus system
US20190294417A1 (en) Method and system for deriving deterministic prime number
CA2754370A1 (en) Method and device for data encryption and decryption
JP2007019789A (en) Random number sharing system and method therefor
TWI769961B (en) Physically unclonable function-based key management system and method of operating the same
JP5540743B2 (en) Signal processing system, quantum cryptography system, signal processing method, and quantum cryptography method
CN113965319A (en) Key management system and method based on quantum key distribution system
RU2277759C2 (en) Method for generation of encoding-decoding key
JP2008177815A (en) Broadcast encryption system and broadcast encryption device
CN116684091B (en) Relay multi-level data blockchain sharing method and system based on quantum key distribution
CN114362926B (en) Quantum secret communication network key management communication system and method based on key pool
WO2023078639A1 (en) Quantum-secured communication
JP2024059562A (en) Node for quantum communication system, quantum communication system and method
AU2011232817A1 (en) Method and device for data encryption and decryption

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10858711

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10858711

Country of ref document: EP

Kind code of ref document: A1