WO2020125967A1 - Quantum key distribution apparatus and method - Google Patents

Quantum key distribution apparatus and method Download PDF

Info

Publication number
WO2020125967A1
WO2020125967A1 PCT/EP2018/085829 EP2018085829W WO2020125967A1 WO 2020125967 A1 WO2020125967 A1 WO 2020125967A1 EP 2018085829 W EP2018085829 W EP 2018085829W WO 2020125967 A1 WO2020125967 A1 WO 2020125967A1
Authority
WO
WIPO (PCT)
Prior art keywords
qkd
channels
qkey
channel
sub
Prior art date
Application number
PCT/EP2018/085829
Other languages
French (fr)
Inventor
Tommaso CATUOGNO
Fabio Cavaliere
Giulio Bottari
Original Assignee
Telefonaktiebolaget Lm Ericsson (Publ)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget Lm Ericsson (Publ) filed Critical Telefonaktiebolaget Lm Ericsson (Publ)
Priority to PCT/EP2018/085829 priority Critical patent/WO2020125967A1/en
Publication of WO2020125967A1 publication Critical patent/WO2020125967A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • H04L9/0855Quantum cryptography involving additional nodes, e.g. quantum relays, repeaters, intermediate nodes or remote nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes

Definitions

  • the invention relates to Quantum key distribution, QKD, apparatus for an optical communications network.
  • the invention further relates to Quantum receiver apparatus for an optical communications network, optical communications network nodes, a method of QKD and a method of receiving a quantum key.
  • Quantum communication systems exploit the possibility of transmitting information encoded in quantum states, prepared in such a way that an eavesdropper between two communicating partners unavoidably introduces a detectable disturbance.
  • the quantum information is encoded over a characteristic of a photon; for example, polarization state, phase or spin.
  • Quantum Key Distribution solves the problem of key distribution in symmetric encryption systems.
  • quantum encryption should be applied to the whole message that is to be transmitted; known as one-time pad encryption.
  • this would unacceptably compromise capacity and latency of the communication channel, since feasible QKD systems can only work up to a few Mbit/s and require processing time for sender and receiver to agree the final quantum key, free of errors.
  • QKD is only used to produce and distribute the key, not to transmit message data.
  • the quantum key is then used with a classical encryption algorithm to encrypt and decrypt a message, transmitted over a classical high capacity communication channel.
  • the modelling used to evaluate quality performances is instead probabilistic: the probability that a photon reaches the receiver is expressed with a parameter Parr which depends on several factors, including: link distance, propagation noise, devices present along the link, inter- channel noise.
  • the number of photons received in a given time window is defined as the Quantum Rate, Qrate, which is proportional to Parr and dynamically changes over time: the Qrate is very susceptible to changes of the aforementioned factors and small perturbations of the channel may also lead to large changes in the Qrate.
  • the“advantage” parameter is used as a measure of security guarantee and to determine how often the secret key of a symmetric encryption algorithm must be renewed.
  • the advantage parameter is fixed a priori and together with the encryption system and the data rate, it is possible to evaluate the time after which a given secret key must be renewed to keep the required security level over the transmission.
  • the Qrate dynamically changes with several parameters, such as inter-channel noise, number of coexisting channels, number of traversed switches, and is extremely susceptible to changes in these parameters.
  • An aspect of the invention provides quantum key distribution, QKD, apparatus for an optical communications network.
  • the optical communications network comprises a plurality of nodes and a plurality of links.
  • the QKD apparatus comprises a quantum transmitter, a processor and memory.
  • the memory comprises instructions executable by the processor whereby the QKD apparatus is operative to:
  • Qkey for transmission from a first node to a second node in the optical communications network at a target quantum rate, Qrate;
  • a QKD channels request comprising a request for QKD channels for distribution of the Qkey and an indication of the target Qrate;
  • a QKD channels response from the PCE, the response comprising an indication of a plurality of QKD channels having respective paths and respective Qrates, a sum of the QKD channel Qrates being at least equal to the target Qrate;
  • the Qkey partition the Qkey into a plurality of sub-keys for transmission on respective QKD channels, the plurality of sub-keys corresponding to the plurality of QKD channels; and generate at least one control signal comprising instructions arranged to cause the quantum transmitter to transmit the sub-keys on the respective QKD channels at the respective Qrates and on the respective paths.
  • the QKD apparatus advantageously enables a Qkey to be transmitted at the target Qrate, and thus with a desired level of security, without over-provisioning of resources within the optical communications network.
  • the QKD apparatus advantageously enables the achievable Qrate to be increased as compared to current QKD networked systems with point-to-point Qkey distribution, by exploiting the available resources in the network.
  • the memory comprises instructions executable by the processor whereby the QKD apparatus is operative: to receive a channel release notification from the PCE, the notification comprising an indication that the quantum channel with the lowest achieved Qrate may be released; and, responsive to said notification, to partition a remaining portion of the Qkey into a smaller plurality of sub keys for transmission on the corresponding smaller plurality of QKD channels.
  • the QKD apparatus advantageously enables a Qkey to be transmitted with the desired level of security without over-provisioning of resources within the optical communications network.
  • the QKD apparatus is advantageously able to adapt to a fluctuating Qrate in the network without compromising the desired level of security.
  • the QKD apparatus advantageously enables a variable number of QKD channels to be used to achieve transmission of the Qkey at the target Qrate.
  • the memory further comprises instructions executable by the processor whereby the QKD apparatus is operative to: receive a notification from the PCE that an additional QKD channel needs to be added to the plurality of QKD channels to maintain transmission of the Qkey at the target Qrate, the notification comprising an indication of the additional QKD channel having a respective path and a respective Qrate; and, responsive to said notification, to partition a remaining portion of the Qkey into a larger plurality of sub-keys for transmission on the corresponding larger plurality of QKD channels.
  • the QKD apparatus is advantageously able to adapt to a fluctuating Qrate in the network without compromising the desired level of security.
  • the QKD apparatus advantageously enables a variable number of QKD channels to be used to achieve transmission of the Qkey at the target Qrate.
  • the memory comprises instructions executable by the processor whereby the QKD apparatus is operative to: partition the Qkey into a plurality of sub-keys by serially allocating bits of the Qkey to the plurality of QKD channels according to a channel order; and generate a further control signal comprising instructions arranged to cause the quantum transmitter apparatus to transmit a representation of the channel order on one of the QKD channels.
  • Disaggregating the Qkey into sub-keys in this way advantageously increases the security of transmission of the Qkey.
  • Transmitting a representation of the channel order on one of the QKD channels may advantageously keep the channel order secure and introduce another degree of security in the transmission of the Qkey.
  • Transmitting a representation of the channel order may also advantageously tell a quantum receiver the number of QKD channels it will receive the Qkey on.
  • the further control signal comprises instructions arranged to cause the quantum transmitter apparatus to transmit a representation of the channel order on a first one of the QKD channels or a best one of the QKD channels.
  • the channel order comprises a random permutation of the integers in the range one to said plurality, K, of QKD channels, each said integer representing a respective QKD channel.
  • the memory further comprises instructions executable by the processor whereby the QKD apparatus is operative to partition the Qkey into a plurality of sub-keys by serially allocating bits of the Qkey to the QKD channels in the order in which the integers are arranged in the channel order. Disaggregating the Qkey into sub-keys in this way advantageously increases the security of transmission of the Qkey.
  • the representation of the channel order comprises a channel permutation vector comprising the random permutation of the integers in the range one to K.
  • the optical communications network is an optical switched network, such as a wavelength switched optical network, WSON.
  • the QKD channels are at least one of space multiplexed, wavelength multiplexed and time multiplexed.
  • the QKD apparatus may advantageously enables the achievable Qrate to be increased as compared to current QKD networked systems with point-to-point Qkey distribution, by exploiting the available wavelengths, links and time-slots in the network.
  • a further aspect of the invention provides quantum receiver apparatus for an optical communications network.
  • the quantum receiver apparatus is configured to receive a plurality of QKD channels carrying respective sub-keys of a quantum key, Qkey.
  • the quantum receiver apparatus comprises a processor and memory, the memory comprising instructions executable by the processor whereby the apparatus is operative to: obtain the sub-keys carried by the received QKD channels; and combine the sub-keys according to an agreed channel order to form the Qkey.
  • the quantum receiver apparatus advantageously enables a Qkey to be received at a desired Qrate, and thus with a desired level of security, without over-provisioning of resources within the optical communications network.
  • the quantum receiver apparatus advantageously enables the achievable Qrate to be increased as compared to current QKD networked systems with point-to-point Qkey distribution, by exploiting the available resources in the network.
  • the memory comprises further instructions executable by the processor whereby the apparatus is operative to determine respective Qrates of the received QKD channels; and generate a Qrates reporting signal comprising an indication of the determined Qrates of the received QKD channels. This may enable the sum of the Qrates of the received QKD channels to be compared to a target Qrate for transmission of the Qkey.
  • each sub-key comprises a plurality of bits.
  • the memory comprises further instructions executable by the processor whereby the apparatus is operative to: receive an indication of the agreed channel order, the agreed channel order comprising a random permutation of the integers in the range one to said plurality, K, each said integer representing a respective QKD channel; and combine the sub-keys by interleaving the respective bits carried by the received QKD channels according to the order in which the integers are arranged in the agreed channel order.
  • Receiving a Qkey disaggregated into sub-keys in this way advantageously increases the security of transmission of the Qkey.
  • a further aspect of the invention provides an optical communications network node comprising QKD apparatus.
  • the QKD apparatus comprises a quantum transmitter, a processor and memory.
  • the memory comprises instructions executable by the processor whereby the QKD apparatus is operative to:
  • Qkey for transmission from a first node to a second node in the optical communications network at a target quantum rate, Qrate;
  • a QKD channels request comprising a request for QKD channels for distribution of the Qkey and an indication of the target Qrate;
  • a QKD channels response from the PCE, the response comprising an indication of a plurality of QKD channels having respective paths and respective Qrates, a sum of the QKD channel Qrates being at least equal to the target Qrate;
  • the Qkey partition the Qkey into a plurality of sub-keys for transmission on respective QKD channels, the plurality of sub-keys corresponding to the plurality of QKD channels; and generate at least one control signal comprising instructions arranged to cause the quantum transmitter to transmit the sub-keys on the respective QKD channels at the respective Qrates and on the respective paths.
  • a further aspect of the invention provides an optical communications network node comprising quantum receiver apparatus.
  • the quantum receiver apparatus is configured to receive a plurality of QKD channels carrying respective sub-keys of a quantum key, Qkey.
  • the quantum receiver apparatus comprises a processor and memory, the memory comprising instructions executable by the processor whereby the apparatus is operative to: obtain the sub-keys carried by the received QKD channels; and combine the sub-keys according to an agreed channel order to form the Qkey.
  • a further aspect of the invention provides a method of quantum key distribution, QKD, in an optical communications network comprising a plurality of nodes and a plurality of links. The method comprises steps of:
  • a QKD channels request comprising a request for channels for distribution of the Qkey and an indication of the target Qrate;
  • the PCE receiving a QKD channels response from the PCE, the response comprising an indication of a plurality of QKD channels having respective paths and respective Qrates, a sum of the QKD channel Qrates being at least equal to the target Qrate;
  • the method further comprises: receiving a channel release notification from the PCE, the notification comprising an indication that the quantum channel with the lowest achieved Qrate may be released; and, responsive to said notification, partitioning a remaining portion of the Qkey into a smaller plurality of sub keys for transmission on the corresponding smaller plurality of QKD channels.
  • the method further comprises: receiving a notification from the PCE that an additional QKD channel needs to be added to the plurality of QKD channels to maintain transmission of the Qkey at the target Qrate, the notification comprising an indication of the additional QKD channel having a respective path and a respective Qrate; and, responsive to said notification, partitioning a remaining portion of the Qkey into a larger plurality of sub-keys for transmission on the corresponding larger plurality of QKD channels.
  • the method is advantageously adaptive enabling the Qrate to be adjusted as the network evolves with time which can maintain the correct level of security for quantum key distribution without the need to over-provision network resources.
  • partitioning the Qkey into a plurality of sub-keys comprises serially allocating bits of the Qkey to the plurality of QKD channels according to a channel order.
  • the method further comprises transmitting a representation of the channel order on one of the QKD channels.
  • the channel order comprises a random permutation of the integers in the range one to said plurality, K, of QKD channels, each said integer representing a respective QKD channel and wherein partitioning the Qkey into a plurality of sub-keys comprises serially allocating bits of the Qkey to the QKD channels in the order in which the integers are arranged in the channel order.
  • a further aspect of the invention provides a method of receiving a quantum key, Qkey, in an optical communications network comprising a plurality of nodes and a plurality of links.
  • the method comprises steps of: receiving a plurality of QKD channels carrying respective sub-keys of a Qkey; obtaining the sub-keys carried by the received QKD channels; and combining the sub-keys according to an agreed channel order to form the Qkey.
  • the method further comprises: determining respective Qrates of the received QKD channels; and generating a Qrates reporting signal comprising an indication of the determined Qrates of the received QKD channels.
  • each sub-key comprises a plurality of bits.
  • the method further comprises: receiving an indication of the agreed channel order, the agreed channel order comprising a random permutation of the integers in the range one to said plurality, K, each said integer representing a respective QKD channel; and combining the sub-keys by interleaving the respective bits carried by the received QKD channels according to the order in which the integers are arranged in the agreed channel order.
  • a further aspect of the invention provides QKD apparatus comprising a quantum transmitter, interface circuitry and processing circuitry configured to:
  • Qkey for transmission from a first node to a second node in an optical communications network at a target quantum rate, Qrate;
  • a QKD channels request comprising a request for QKD channels for distribution of the Qkey and an indication of said target Qrate
  • a QKD channels response from said PCE comprising an indication of a plurality of QKD channels having respective paths and respective Qrates, a sum of the QKD channel Qrates being at least equal to said target Qrate; partition the Qkey into a plurality of sub-keys for transmission on respective QKD channels, said plurality of sub-keys corresponding to said plurality of QKD channels; and generate at least one control signal comprising instructions arranged to cause the quantum transmitter to transmit the sub-keys on the respective QKD channels at the respective Qrates and on the respective paths.
  • a further aspect of the invention provides quantum receiver apparatus for an optical communications network.
  • the quantum receiver apparatus is configured to receive a plurality of QKD channels carrying respective sub-keys of a Qkey.
  • the quantum receiver apparatus comprises interface circuitry and processing circuitry configured to: obtain said sub-keys carried by said received QKD channels; and combine said sub-keys according to an agreed channel order to form said Qkey.
  • FIG. 1 is a block diagram illustrating QKD apparatus according to an embodiment of the invention
  • FIGS. 2 and 4 are block diagrams illustrating optical communications network nodes according to embodiments of the invention.
  • Figure 3 is a block diagram illustrating quantum receiver apparatus according to an embodiment of the invention.
  • Figures 5 to 8 are block diagrams illustrating operation of QKD apparatus and quantum receiver apparatus according to an embodiment of the invention in an optical communications network
  • FIGS. 9 to 11 are flowcharts illustrating methods according to embodiments of the invention.
  • Figure 12 shows block diagrams illustrating a secret key and a channel order of a method according to an embodiment of the invention.
  • Figure 13 shows block diagrams illustrating steps of combining received secret key bits according to the channel order to reform the secret key illustrated in Figure 12.
  • an embodiment of the invention provides quantum key distribution, QKD, apparatus 100 for an optical communications network.
  • the optical communications network comprises a plurality of nodes and a plurality of links.
  • the QKD apparatus comprises a quantum transmitter 1 10, a processor 120 and memory 130.
  • the memory comprising instructions executable by the processor whereby the QKD apparatus 100 is operative as follows.
  • the QKD apparatus is operative to obtain a quantum key, Qkey, for transmission from a first node to a second node in the optical communications network.
  • the Qkey is for transmission at a target quantum rate, Qrate.
  • the QKD apparatus is operative to generate a QKD channels request comprising a request for QKD channels for distribution of the Qkey and an indication of the target Qrate.
  • the QKD apparatus is operative to send the QKD channels request to a path computation element, PCE.
  • the QKD apparatus is operative to receive a QKD channels response from the PCE.
  • the QKD channels response comprises an indication of a plurality of QKD channels having respective paths and respective Qrates.
  • a sum of the QKD channel Qrates is at least equal to the target Qrate.
  • the QKD apparatus is operative to partition the Qkey into a plurality of sub-keys for transmission on respective QKD channels.
  • the plurality of sub-keys corresponds to the plurality of QKD channels, so each sub-key is transmitted on a respective one of the QKD channels.
  • the QKD apparatus is operative to generate at least one control signal comprising instructions arranged to cause the quantum transmitter 1 10 to transmit the sub-keys on the respective QKD channels at the respective Qrates and on the respective paths.
  • the memory 130 comprises instructions executable by the processor 120 whereby the QKD apparatus 100 is operative as follows.
  • the QKD apparatus is operative to receive a channel release notification from the PCE.
  • the channel release notification comprises an indication that the quantum channel with the lowest achieved Qrate may be released from use.
  • Such a notification may be received if the sum of the Qrates of the QKD channels is higher than the target Qrate by an amount at least equal to the lowest achieved Qrate, so release of the QKD channel with the lowest achieved Qrate will reduce the sum of the Qrates but the sum of the Qrates will still be at least equal to the target Qrate.
  • the QKD apparatus is operative, responsive to the channel release notification, to partition a remaining portion of the Qkey into a smaller plurality of sub-keys for transmission on the corresponding smaller plurality of QKD channels, i.e. on the previous plurality of QKD channels less the channel with the lowest achieved Qrate, which has been released from use.
  • the sum of the Qrates of the remaining, smaller, plurality of QKD channels is at least equal to the target Qrate.
  • the memory 130 further comprises instructions executable by the processor 120 whereby the QKD apparatus 100 is operative as follows.
  • the QKD apparatus is operative to receive a notification from the PCE that an additional QKD channel needs to be added to the plurality of QKD channels to maintain transmission of the Qkey at the target Qrate.
  • the notification comprises an indication of the additional QKD channel having a respective path and a respective Qrate.
  • the additional QKD channel has a Qrate which, when added to the sum of the Qrates of the existing QKD channels, increase the sum of the Qrates so that it is at least equal to the target Qrate.
  • a notification that an additional QKD channel needs to be added may be received if the sum of the Qrates of the QKD channels is less than the target Qrate. This may be as a result of a reduction in the Qrate of one or more of the QKD channels, causing the sum of the Qrates to fall below the target Qrate.
  • the Qrate of a QKD channel can change due to changes in various network parameters such as inter-channel noise, number of coexisting channels, and number of switches crossed by a channel.
  • the Qrate of a QKD channel can be extremely susceptible to changes in these parameters, with small changes in one or more parameters leading to a large change in the Qrate.
  • the QKD apparatus is operative, responsive to a notification that an additional QKD channel needs to be added, to partition a remaining portion of the Qkey into a larger plurality of sub-keys for transmission on the corresponding larger plurality of QKD channels, i.e. on the previous plurality of QKD channels plus the additional QKD channel.
  • the Qkey comprises a plurality of bits and the memory 130 comprises instructions executable by the processor 120 whereby the QKD apparatus 100 is operative as follows.
  • the QKD apparatus is operative to partition the Qkey into a plurality of sub-keys by serially allocating bits of the Qkey to the plurality of QKD channels according to a channel order.
  • the QKD apparatus is operative to generate a further control signal comprising instructions arranged to cause the quantum transmitter 1 10 apparatus to transmit a representation of the channel order on one of the QKD channels.
  • the further control signal comprises instructions arranged to cause the quantum transmitter 1 10 apparatus to transmit a representation of the channel order on a first one of the plurality of QKD channels.
  • the representation of the channel order may be transmitted on a best one of the plurality of QKD channels, for example the QKD channel with the highest Qrate or the highest quality, i.e. the highest probability, that a photon reaches a receiver.
  • the channel order comprises a random permutation of the integers in the range 1 to K, where K is the plurality of QKD channels.
  • K is the plurality of QKD channels.
  • Each integer in the range 1 to K represents a respective one of the QKD channels.
  • the memory 130 further comprises instructions executable by the processor 120 whereby the QKD apparatus 100 is operative to partition the Qkey into a plurality of sub-keys by serially allocating bits of the Qkey to the QKD channels in the order in which the integers are arranged in the channel order.
  • the representation of the channel order comprises a channel permutation vector comprising the random permutation of the integers in the range 1 to K
  • the QKD channels are one or more of space multiplexed, i.e. transmitted over different physical paths within the optical communications network, wavelength multiplexed and time multiplexed, i.e. transmitted within different time slots.
  • the optical communications network is an optical switched network.
  • the optical communications network may be a wavelength switched optical network, WSON, as shown in Figures 5 to 8.
  • the QKD channels are at least one of space multiplexed, wavelength multiplexed and time multiplexed.
  • the QKD apparatus may advantageously enables the achievable Qrate to be increased as compared to current QKD networked systems with point-to-point Qkey distribution, by exploiting the available wavelengths, links and time-slots in the network.
  • the PCE may comprise a processor and memory comprising instructions executable by the processor whereby the PCE is operative as follows.
  • the PCE is operative to receive the QKD channels request for the QKD apparatus 100.
  • the PCE is operative to determine a plurality of QKD channels for distribution of the Qkey.
  • the QKD channels have respective Qrates and a sum of the QKD channel Qrates is at least equal to the target Qrate.
  • the PCE is operative to select respective paths from the first node to the second node for the QKD channels and to generate a control signal comprising instructions arranged to configure the paths.
  • the PCE is operative to generate a QKD channels response comprising an indication of the plurality of QKD channels and the respective Qrates, and to send the QKD channels response to the QKD apparatus 100.
  • the PCE memory may comprise instructions executable by the processor whereby the PCE is operative to determine the plurality of QKD channels for distribution of the Qkey by estimating a number of QKD channels required to achieve the sum of the QKD channel Qrates being at least equal to the target Qrate.
  • the number of QKD channels may be numerically estimated as function of the target Qrate and of system design parameters, by modelling Qrate for a number of channels using a known Qrate estimation model, such as described in D. Stucki et al,“Quantum Key Distribution over 67 km with a plug & play system", New J. Phys., 2002, volume 4, page 341 .
  • the PCE memory may comprise instructions executable by the processor whereby the PCE is operative to determine a required number of additional QKD channels responsive to the sum of the QKD channel Qrates being lower than the target Qrate.
  • the PCE is operative to determine a required number of additional QKD channels by: calculating a mean achieved Qrate for the transmitted QKD channels; calculating a number of QKD channels required to achieve the sum of the QKD channel Qrates being at least equal to the target Qrate assuming each of said QKD channels is at the mean achieved Qrate; and calculating a difference between the calculated number of QKD channels and the plurality of transmitted QKD channels.
  • the PCE memory may comprise instructions executable by the processor whereby the PCE is operative as follows.
  • the PCE is operative, after a preselected time period has elapsed or in response to a configuration change in the optical communications network, to repeat obtaining achieved Qrates for the transmitted QKD channels.
  • the PCE is operative, responsive to the sum of the achieved Qrates being less than the target Qrate, to repeat determining a required number of additional QKD channels for the sum of the QKD channel Qrates to be at least equal to the target Qrate.
  • the PCE memory may comprise instructions executable by the processor whereby the PCE is operative to generate a channel release notification if the sum of the achieved Qrates less the lowest achieved Qrate is at least equal to the target Qrate.
  • the PCE is operative to send the channel release notification to the QKD apparatus.
  • the channel release notification comprises an indication that the quantum channel with the lowest achieved Qrate may be released from use.
  • the PCE memory may comprise instructions executable by the processor whereby the PCE is operative to generate a channel order by allocating respective integers in the range 1 to K to the QKD channels, where K is the plurality of QKD channels and to generate a random permutation of the integers 1 to K.
  • the PCE is operative to provide the channel order to the QKD apparatus.
  • the PCE memory may comprise instructions executable by the processor whereby the PCE is operative to independently route each path for each QKD channel, independently selecting the best route for each path.
  • the PCE may be provided within a network management system, NMS, of the optical communications network or may be provided within a node of the optical communications network.
  • NMS network management system
  • an embodiment of the invention provides an optical communications network node 200 comprising QKD apparatus 100 according to any of the above described embodiments.
  • an embodiment of the invention provides quantum receiver apparatus 300 for an optical communications network, such as the optical communications network 500 illustrated in Figures 5 to 8.
  • the quantum receiver apparatus 300 is configured to receive a plurality of QKD channels carrying respective sub-keys of a Qkey.
  • the quantum receiver apparatus comprises a processor 310 and memory 320.
  • the memory 320 comprises instructions executable by the processor whereby the quantum receiver apparatus 300 is operative to obtain the sub-keys carried by the received QKD channels and to combine the sub-keys according to an agreed channel order to form the Qkey.
  • the memory 320 comprises further instructions executable by the processor 310 whereby the quantum receiver apparatus 300 is operative to determine respective Qrates of the received QKD channels and is operative to generate a Qrates reporting signal.
  • the Qrates reporting signal comprises an indication of the determined Qrates of the received QKD channels.
  • the quantum receiver apparatus 300 may be operative to send the Qrates reporting signal to the PCE that the QKD apparatus 100 communicates with.
  • each sub-key comprises a plurality of bits.
  • the memory 320 comprises instructions executable by the processor 310 whereby the quantum receiver apparatus 300 is operative as follows.
  • the quantum receiver apparatus 300 is operative to receive an indication of the agreed channel order.
  • the agreed channel order comprises a random permutation of the integers in the range 1 to K, where K is the plurality of received QKD channels.
  • Each integer in the channel order represents a respective one of the QKD channels.
  • the quantum receiver apparatus 300 is operative to combine the sub-keys by interleaving the respective bits carried by the received QKD channels according to the order in which the integers are arranged in the channel order.
  • the quantum receiver apparatus 300 receives the agreed channel order on one of the received QKD channels and the memory 320 comprises further instructions executable by the processor 310 whereby the quantum receiver apparatus 300 is operative to obtain the agreed channel order carried by the QKD channel.
  • the memory 320 comprises further instructions executable by the processor 310 whereby the quantum receiver apparatus 300 is operative to determine from the length of the random permutation of the integers in the range 1 to K the number of QKD channels that will be received.
  • an embodiment of the invention provides an optical communications network node 400 comprising quantum receiver apparatus 300 as described above with reference to Figure 3.
  • FIGS 5 to 8 illustrate operation of a node 520 comprising QKD apparatus 100 for an optical communications network 500 and of a node 550 comprising quantum receiver apparatus 300 according to embodiments of the invention.
  • the optical communications network 500 is a WSON comprising a plurality of nodes 520, 550, 560 and a plurality of links 522.
  • a traffic PCET 512 and a QKD PCEQ 510 are provided within an NMS of the network 500.
  • a secure data transmission signal is to be transmitted from node A 520 to node D 550, using an encryption algorithm that requires a quantum key exchange between nodes A and B at a target Qrate of 500Kbit/s.
  • This Qrate is computed based the data rate, encryption system and security guarantee and remains fixed for the whole time that secure data is to be transmitted between these nodes.
  • the PCET selects path A-B-C-D 530 for the secure data transmission signal.
  • Node A is operative to generate the Qkey and to provide the Qkey to the QKD apparatus 100.
  • the QKD apparatus 100 generates a QKD channels request comprising a request for QKD channels for distribution of the Qkey and an indication of the target Qrate.
  • the QKD apparatus then sends the QKD channels request to the PCEQ which selects the best path 540 from node A to node D and sends a QKD channels response back to the QKD apparatus.
  • the QKD channels response comprising an indication of the QKD channel and its Qrate, and the path 540 on which the QKD channel should be transmitted.
  • There is just one QKD channel so the QKD apparatus 100 generates a control signal to cause the quantum transmitter 110 to transmit the channel order on that QKD channel and to transmit bits of the Qkey on this first QKD channel on path 540.
  • the transmitted QKD channel is received at Node B 550 and the quantum receiver apparatus 300 receives the agreed channel order and then obtains the transmitted bits of the Qkey.
  • the quantum receiver apparatus 300 also determines the achieved Qrate of the transmitted QKD channel and generates a Qrates reporting signal comprising an indication of the Qrate of the received QKD channel and sends the Qrate reporting signal to the PCEQ 510.
  • the achieved Qrate of the first QKD channel is 250Kbit/s, which is less than the target Qrate of 500Kbits/s.
  • the PCEQ therefore determines that one additional QKD channels is required to achieve the sum of the Qrates being at least equal to the target Qrate, by assuming that any additional QKD channels will have the same Qrate as the first QKD channel.
  • the PCEQ therefore allocates a second QKD channel in an attempt to achieve a similar Qrate to the first QKD channel.
  • the second QKD channel is routed independently from the first QKD channel and in this case the PCEQ selects path A-E-D 542, as illustrated in Figure 6, and sends a notification to the QKD apparatus 100 that an QKD channel needs to be added.
  • the notification comprises an indication of the second QKD channel and its expected Qrate, and the path 542 on which the second QKD channel should be transmitted.
  • the PCEQ 510 also generates the channel order and sends the channel order to the QKD apparatus 100.
  • the QKD apparatus 100 generates a control signal to cause the quantum transmitter 1 10 to transmit the channel order on the first QKD channel.
  • the QKD apparatus 100 may transmit the channel order on the best QKD channel.
  • the QKD apparatus 100 continues transmission of the Qkey by partitioning the remaining portion of the Qkey into two sub-keys for transmission on the two QKD channels.
  • the QKD apparatus 100 generates at least one control signal to cause the quantum transmitter 1 10 to start transmitting the two sub-keys on the two QKD channels.
  • the transmitted QKD channels are received at Node B 550 and the quantum receiver apparatus 300 determines the achieved Qrate of the two transmitted QKD channels.
  • the second QKD channel only achieves a Qrate of 40Kbit/s.
  • the quantum receiver apparatus generates a further Qrates reporting signal comprising at least an indication of the Qrate of the received second QKD channel and sends the Qrate reporting signal to the PCEQ 510.
  • the sum of the Qrates of the first and second QKD channels is 290Kbit/s, which is still lower than the target Qrate.
  • the PCEQ then calculates a number of QKD channels required to achieve the sum of the QKD channel Qrates being at least equal to the target Qrate assuming each of said QKD channels is at the mean achieved Qrate. In this example, the PCEQ calculates that four QKD channels will be needed to fulfill this requirement, assuming each channel is at the mean achieved Qrate.
  • the PCEQ therefore activates two additional QKD channels, as illustrated in Figure 7: a third QKD channel on the already used path A-D but at a different wavelength, referred to as path 546; and a fourth QKD channel on path A-B-D 544.
  • the transmitted QKD channels are received at Node B 550 and the quantum receiver apparatus 300 determines the achieved Qrate of the four transmitted QKD channels.
  • the third QKD channel has an achieved Qrate of 150 Kbit/s, while the fourth QKD channel has an achieved Qrate of 130 Kbit/s.
  • the allocation of a second channel over the path A-D introduces some noise on the first QKD channel, reducing its achieved Qrate to 230 Kbit/s.
  • the sum of the achieved Qrates of the four QKD channels is 550 Kbit/s, to the target Qrate is met, and in fact exceeded.
  • the QKD apparatus 100 continues transmission of the Qkey by partitioning the remaining portion of the Qkey into four sub-keys for transmission on the four QKD channels.
  • the QKD apparatus 100 generates at least one control signal to cause the quantum transmitter 1 10 to start transmitting the four sub-keys on the four QKD channels.
  • the PCEQ may decide that there is still space for optimization of the Qkey transmission, and some of the QKD channels may be released.
  • the PCEQ decides to release the second QKD channel, on path A-E-D 542, which has the lowest achieved Qrate of just 40 Kbit/s.
  • the PCE sends a channel release notification to the QKD apparatus.
  • the channel release notification comprises an indication that the second QKD channel should be released from use.
  • the QKD apparatus 100 responsive to receiving the channel release indication, continues transmission of the Qkey by partitioning the remaining portion of the Qkey into three sub-keys for transmission on the remaining three QKD channels.
  • the QKD apparatus 100 generates at least one control signal to cause the quantum transmitter 110 to start transmitting the three sub-keys on the remaining three QKD channels.
  • the sum of the Qrates is 51 OKbit/s, which is enough to fulfill the requirement that the sum of the Qrates must be at least equal to the target Qrate of 500 Kbit/s.
  • the achieved Qrates are again measured and, if the sum of the achieved Qrates is below the target Qrate of 500 Kbit/s, the PCEQ repeats the procedure of determining a required number of additional channels.
  • the Qkey is therefore distributed using K channels, which can be wavelength-, space-, and/or time-multiplexed.
  • K channels can be wavelength-, space-, and/or time-multiplexed.
  • Each QKD channel is routed independently of each other, enabling the best route to be selected for each channel.
  • the resulting K independent quantum flows are received and combined at the quantum receiver apparatus to obtain the Qkey with an aggregated Qrate that is at least equal to the target Qrate.
  • the QKD apparatus 100 and quantum receiver apparatus 300 therefore enable the disaggregation and re-combination of a Qkey into multiple sub-keys, the number of which may be adapted based on measurement of achieved Qrates.
  • the QKD apparatus 100 and quantum receiver apparatus 300 enable a fluctuating Qrate to be dealt with in an optical communication network with no decrease in the desired level of security for the Qkey transmission.
  • the QKD apparatus 100 and quantum receiver apparatus 300 enable the achievable Qrate to be increased by exploiting available resources in the optical communications network, using multiple wavelengths, links and/or time slots, which is an issue in current QKD networked systems with point-to-point Qkey distribution.
  • the QKD apparatus 100 and quantum receiver apparatus 300 can be used in any optical switched network in which an encrypted data flow is to be transmitted, and a Qkey need to be exchanged, using any QKD protocol.
  • an initial plurality of QKD channels may be numerically estimated by the PCEQ as function of the target Qrate and of network design parameters.
  • the Qrate for a number of channels is modelled using a known Qrate estimation model, such as described in D. Stucki et al,“Quantum Key Distribution over 67 km with a plug & play system", New J. Phys., 2002, volume 4, page 341 .
  • the process of measuring the achieved Qrates for the transmitted QKD channels and determining a required number of additional QKD channels may then be performed.
  • This may reduce the time required for convergence on the required plurality of QKD channels.
  • an embodiment of the invention provides a method 600 of quantum key distribution, QKD, in an optical communications network, such as the network 500 illustrated in Figures 5 to 8.
  • the optical communications network comprises a plurality of nodes and a plurality of links.
  • the method comprises obtaining 610 a quantum key, Qkey, for transmission from a first node to a second node in the optical communications network at a target quantum rate, Qrate.
  • a QKD channels request is generated and sent 612 to a PCE; the QKD channels request comprises a request for channels for distribution of the Qkey and an indication of the target Qrate.
  • a QKD channels response is received 614 from the PCE; the QKD channels response comprises an indication of a plurality of QKD channels having respective paths and respective Qrates.
  • a sum of the QKD channel Qrates is at least equal to the target Qrate.
  • the Qkey is partitioned 616 into a plurality of sub-keys for transmission on respective QKD channels; the plurality of sub-keys corresponds to the plurality of QKD channels.
  • the sub-keys are transmitted (618 from the first node to the second node on the respective QKD channels, at the respective Qrates and on the respective paths.
  • the method 600 additionally comprises receiving a channel release notification from the PCE.
  • the channel release notification comprises an indication that the quantum channel with the lowest achieved Qrate may be released, resulting in a smaller plurality of QKD channels remaining in use. Responsive to the channel release notification, the remaining portion of the Qkey is partitioned into a corresponding smaller plurality of sub-keys for transmission on the smaller plurality of QKD channels.
  • the method 600 additionally comprises receiving a notification from the PCE that an additional QKD channel needs to be added to the plurality of QKD channels to maintain transmission of the Qkey at the target Qrate, resulting in a larger plurality of QKD channels to be used.
  • the notification comprises an indication of the additional QKD channel having a respective path and a respective Qrate. Responsive to receiving a notification that an additional QKD channel needs to be added, the remaining portion of the Qkey is partitioned into a corresponding larger plurality of sub-keys for transmission on the larger plurality of QKD channels.
  • the Qkey 900 comprises a plurality of bits 902. Partitioning the Qkey into a plurality of sub-keys comprises serially allocating the bits of the Qkey to the plurality of QKD channels according to a channel order 910. The method further comprises transmitting a representation of the channel order on one of the QKD channels.
  • the channel order comprises a random permutation of the integers in the range one to K, where K is the plurality of QKD channels.
  • K represents a respective QKD channel.
  • Partitioning the Qkey into a plurality of sub-keys comprises serially allocating the bits 902 of the Qkey 900 to the QKD channels in the order in which the integers are arranged in the channel order 910. So, for example, the first bit x1 is allocated to channel 2, the second bit x2 is allocated to channel 1 , the third bit x3 is allocated to channel 3, and so on.
  • an embodiment of the invention provides a method 700 of receiving a quantum key, Qkey, in an optical communications network, such as the network 500 illustrated in Figures 5 to 8.
  • the optical communications network comprises a plurality of nodes and a plurality of links.
  • the method 700 comprises receiving 710 a plurality of QKD channels carrying respective sub-keys of a Qkey.
  • the sub-keys carried by the received QKD channels are then obtained 712 and combined 714 according to an agreed channel order to form the Qkey.
  • each sub-key comprises a plurality of bits 902.
  • the method comprises receiving an indication of the agreed channel order 910 comprising a random permutation of the integers in the range 1 to K, where K is the plurality of QKD channels which will be received.
  • Each integer represents a respective QKD channel.
  • the sub-keys 920 are combined by interleaving the respective bits carried by the received QKD channels according to the order in which the integers are arranged in the agreed channel order.
  • three QKD channels, CH1 , CFI2, CFI3, are received, together with channel order [1 , 2, 3] 910.
  • CH1 carries a first sub-key comprising bits x2 and x5
  • CFI2 carries a second sub-key comprising bits x1 and x4
  • CFI3 carries a third sub-key comprising bits x3 and x6.
  • the sub-keys are obtained from the QKD channels and combined by interleaving them according to the channel order 910, to obtain the Qkey 900.
  • the bits of the sub-keys are interleaved as follows: first bit on CFI2, x1 ; first bit on CH 1 , x2; first bit on CFI3, x3; second bit on CFI2, x4; second bit on CH1 , x5; second bit on CFI3, x6.
  • the method 700 additionally comprises steps of determining respective Qrates of the received QKD channels and generating a Qrates reporting signal comprising an indication of the determined Qrates of the received QKD channels.
  • the method 600 of quantum key distribution and the method 700 of receiving a Qkey may be combined, as illustrated in Figure 11 .
  • a secure data transmission signal is to be transmitted from a first node to a second node across an optical communications network, using an encryption algorithm that requires a quantum key exchange between the two nodes
  • the method 800 commences with analytically estimating a number of QKD channels, K, required to transmit the Qkey at a target Qrate.
  • the Qkey is partitioned into that number of sub-keys and the method proceeds to start sending 820 the sub-keys on the K QKD channels, each of which has been independently routed.
  • the achieved Qrates for the K QKD channels are empirically measured 830 and the sum of the Qrates is compared to the target Qrate. If the sum of the Qrates is above the target Qrate (‘threshold’) 834, the method continues transmitting the Qkey on the analytically estimated number of QKD channels. After a preselected time, T, the measurement of the achieved Qrates is repeated 842.
  • the method proceeds to determining 850 an additional number of QKD channels required to achieve the sum of the Qrates being at least equal to the target Qrate.
  • the additional channels are enabled 850 and the method continues, partitioning the Qkey into the resulting larger plurality of sub-keys, and transmitting the sub-keys on the corresponding larger plurality of QKD channels.
  • the K QKD channels are received by the second node where the sub-keys are obtained and combined, as described above.
  • the achieved Qrates may also be empirically measured following a change in network configuration, to check whether the QKD channels are still meeting the requirement that the sum of the Qrates is at least equal to the target Qrate, to guarantee the desired level of security of transmission. Fluctuations in the Qrates may be caused, for example, by a change in the number of active classical/QKD channels or in the paths chosen for them, a change in the network configuration, or a change in the amount of noise in the network/channel.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Optical Communication System (AREA)

Abstract

Quantum key distribution, QKD, apparatus (100) for an optical communications network. The QKD apparatus comprises a quantum transmitter (1 10), a processor (120) and memory (130) comprising instructions executable by the processor whereby the QKD apparatus is operative to: obtain a Qkey for transmission from a first node to a second node in an optical communications network at a target Qrate; generate and send to a path computation element, PCE, a QKD channels request comprising a request for QKD channels for distribution of the Qkey and an indication of the target Qrate; receive, from the PCE, an indication of QKD channels having paths and Qrates, a sum of the QKD channel Qrates being at least equal to the target Qrate; partition the Qkey into a plurality of sub-keys; and generate a control signal comprising instructions arranged to cause the quantum transmitter to transmit the sub-keys on respective QKD channels at respective Qrates and on respective paths.

Description

QUANTUM KEY DISTRIBUTION APPARATUS AND METHOD
Technical Field
The invention relates to Quantum key distribution, QKD, apparatus for an optical communications network. The invention further relates to Quantum receiver apparatus for an optical communications network, optical communications network nodes, a method of QKD and a method of receiving a quantum key.
Background
Quantum communication systems exploit the possibility of transmitting information encoded in quantum states, prepared in such a way that an eavesdropper between two communicating partners unavoidably introduces a detectable disturbance. In optical communications, the quantum information is encoded over a characteristic of a photon; for example, polarization state, phase or spin.
Quantum Key Distribution, QKD, solves the problem of key distribution in symmetric encryption systems. In theory, quantum encryption should be applied to the whole message that is to be transmitted; known as one-time pad encryption. However, this would unacceptably compromise capacity and latency of the communication channel, since feasible QKD systems can only work up to a few Mbit/s and require processing time for sender and receiver to agree the final quantum key, free of errors. In practice, QKD is only used to produce and distribute the key, not to transmit message data. The quantum key is then used with a classical encryption algorithm to encrypt and decrypt a message, transmitted over a classical high capacity communication channel.
In standard optical communications, where a huge number of photons is transmitted per second with a fixed rate, transmission quality performances are evaluated using the Bit Error Rate, BER. In single photon transmission, the modelling used to evaluate quality performances is instead probabilistic: the probability that a photon reaches the receiver is expressed with a parameter Parr which depends on several factors, including: link distance, propagation noise, devices present along the link, inter- channel noise. The number of photons received in a given time window is defined as the Quantum Rate, Qrate, which is proportional to Parr and dynamically changes over time: the Qrate is very susceptible to changes of the aforementioned factors and small perturbations of the channel may also lead to large changes in the Qrate.
In cryptography the“advantage" parameter is used as a measure of security guarantee and to determine how often the secret key of a symmetric encryption algorithm must be renewed. Usually while designing a secure system, the advantage parameter is fixed a priori and together with the encryption system and the data rate, it is possible to evaluate the time after which a given secret key must be renewed to keep the required security level over the transmission. Using a quantum system to exchange the secret key, and knowing the classical encryption algorithm used and thus the key renewal time (that is proportional to the advantage), we can compute a fixed Qrate that is required for the system to work with the desired level of security. As noted above, the Qrate dynamically changes with several parameters, such as inter-channel noise, number of coexisting channels, number of traversed switches, and is extremely susceptible to changes in these parameters.
Summary
It is an object to provide an improved QKD apparatus for an optical communications network. It is a further object to provide an improved quantum receiver apparatus for an optical communications network. It is a further object to provide improved optical communications network nodes for an optical communications network. It is a further object to provide an improved method of QKD in an optical communications network. It is a further object to provide an improved method of receiving a quantum key in an optical communications network.
An aspect of the invention provides quantum key distribution, QKD, apparatus for an optical communications network. The optical communications network comprises a plurality of nodes and a plurality of links. The QKD apparatus comprises a quantum transmitter, a processor and memory. The memory comprises instructions executable by the processor whereby the QKD apparatus is operative to:
obtain a quantum key, Qkey, for transmission from a first node to a second node in the optical communications network at a target quantum rate, Qrate;
generate and send to a path computation element, PCE, a QKD channels request comprising a request for QKD channels for distribution of the Qkey and an indication of the target Qrate;
receive a QKD channels response from the PCE, the response comprising an indication of a plurality of QKD channels having respective paths and respective Qrates, a sum of the QKD channel Qrates being at least equal to the target Qrate;
partition the Qkey into a plurality of sub-keys for transmission on respective QKD channels, the plurality of sub-keys corresponding to the plurality of QKD channels; and generate at least one control signal comprising instructions arranged to cause the quantum transmitter to transmit the sub-keys on the respective QKD channels at the respective Qrates and on the respective paths.
The QKD apparatus advantageously enables a Qkey to be transmitted at the target Qrate, and thus with a desired level of security, without over-provisioning of resources within the optical communications network. The QKD apparatus advantageously enables the achievable Qrate to be increased as compared to current QKD networked systems with point-to-point Qkey distribution, by exploiting the available resources in the network.
In an embodiment, the memory comprises instructions executable by the processor whereby the QKD apparatus is operative: to receive a channel release notification from the PCE, the notification comprising an indication that the quantum channel with the lowest achieved Qrate may be released; and, responsive to said notification, to partition a remaining portion of the Qkey into a smaller plurality of sub keys for transmission on the corresponding smaller plurality of QKD channels. The QKD apparatus advantageously enables a Qkey to be transmitted with the desired level of security without over-provisioning of resources within the optical communications network. The QKD apparatus is advantageously able to adapt to a fluctuating Qrate in the network without compromising the desired level of security. The QKD apparatus advantageously enables a variable number of QKD channels to be used to achieve transmission of the Qkey at the target Qrate.
In an embodiment, the memory further comprises instructions executable by the processor whereby the QKD apparatus is operative to: receive a notification from the PCE that an additional QKD channel needs to be added to the plurality of QKD channels to maintain transmission of the Qkey at the target Qrate, the notification comprising an indication of the additional QKD channel having a respective path and a respective Qrate; and, responsive to said notification, to partition a remaining portion of the Qkey into a larger plurality of sub-keys for transmission on the corresponding larger plurality of QKD channels. The QKD apparatus is advantageously able to adapt to a fluctuating Qrate in the network without compromising the desired level of security. The QKD apparatus advantageously enables a variable number of QKD channels to be used to achieve transmission of the Qkey at the target Qrate.
In an embodiment, the memory comprises instructions executable by the processor whereby the QKD apparatus is operative to: partition the Qkey into a plurality of sub-keys by serially allocating bits of the Qkey to the plurality of QKD channels according to a channel order; and generate a further control signal comprising instructions arranged to cause the quantum transmitter apparatus to transmit a representation of the channel order on one of the QKD channels.
Disaggregating the Qkey into sub-keys in this way advantageously increases the security of transmission of the Qkey. Transmitting a representation of the channel order on one of the QKD channels may advantageously keep the channel order secure and introduce another degree of security in the transmission of the Qkey. Transmitting a representation of the channel order may also advantageously tell a quantum receiver the number of QKD channels it will receive the Qkey on. In an embodiment, the further control signal comprises instructions arranged to cause the quantum transmitter apparatus to transmit a representation of the channel order on a first one of the QKD channels or a best one of the QKD channels.
In an embodiment, the channel order comprises a random permutation of the integers in the range one to said plurality, K, of QKD channels, each said integer representing a respective QKD channel. The memory further comprises instructions executable by the processor whereby the QKD apparatus is operative to partition the Qkey into a plurality of sub-keys by serially allocating bits of the Qkey to the QKD channels in the order in which the integers are arranged in the channel order. Disaggregating the Qkey into sub-keys in this way advantageously increases the security of transmission of the Qkey.
In an embodiment, the representation of the channel order comprises a channel permutation vector comprising the random permutation of the integers in the range one to K.
In an embodiment, the optical communications network is an optical switched network, such as a wavelength switched optical network, WSON.
In an embodiment, the QKD channels are at least one of space multiplexed, wavelength multiplexed and time multiplexed. The QKD apparatus may advantageously enables the achievable Qrate to be increased as compared to current QKD networked systems with point-to-point Qkey distribution, by exploiting the available wavelengths, links and time-slots in the network.
Corresponding embodiments and advantages apply equally to the optical communications network node and method described below.
A further aspect of the invention provides quantum receiver apparatus for an optical communications network. The quantum receiver apparatus is configured to receive a plurality of QKD channels carrying respective sub-keys of a quantum key, Qkey. The quantum receiver apparatus comprises a processor and memory, the memory comprising instructions executable by the processor whereby the apparatus is operative to: obtain the sub-keys carried by the received QKD channels; and combine the sub-keys according to an agreed channel order to form the Qkey.
The quantum receiver apparatus advantageously enables a Qkey to be received at a desired Qrate, and thus with a desired level of security, without over-provisioning of resources within the optical communications network. The quantum receiver apparatus advantageously enables the achievable Qrate to be increased as compared to current QKD networked systems with point-to-point Qkey distribution, by exploiting the available resources in the network.
In an embodiment, the memory comprises further instructions executable by the processor whereby the apparatus is operative to determine respective Qrates of the received QKD channels; and generate a Qrates reporting signal comprising an indication of the determined Qrates of the received QKD channels. This may enable the sum of the Qrates of the received QKD channels to be compared to a target Qrate for transmission of the Qkey.
In an embodiment, each sub-key comprises a plurality of bits. The memory comprises further instructions executable by the processor whereby the apparatus is operative to: receive an indication of the agreed channel order, the agreed channel order comprising a random permutation of the integers in the range one to said plurality, K, each said integer representing a respective QKD channel; and combine the sub-keys by interleaving the respective bits carried by the received QKD channels according to the order in which the integers are arranged in the agreed channel order. Receiving a Qkey disaggregated into sub-keys in this way advantageously increases the security of transmission of the Qkey.
Corresponding embodiments and advantages apply equally to the optical communications network node and method described below.
A further aspect of the invention provides an optical communications network node comprising QKD apparatus. The QKD apparatus comprises a quantum transmitter, a processor and memory. The memory comprises instructions executable by the processor whereby the QKD apparatus is operative to:
obtain a quantum key, Qkey, for transmission from a first node to a second node in the optical communications network at a target quantum rate, Qrate;
generate and send to a path computation element, PCE, a QKD channels request comprising a request for QKD channels for distribution of the Qkey and an indication of the target Qrate;
receive a QKD channels response from the PCE, the response comprising an indication of a plurality of QKD channels having respective paths and respective Qrates, a sum of the QKD channel Qrates being at least equal to the target Qrate;
partition the Qkey into a plurality of sub-keys for transmission on respective QKD channels, the plurality of sub-keys corresponding to the plurality of QKD channels; and generate at least one control signal comprising instructions arranged to cause the quantum transmitter to transmit the sub-keys on the respective QKD channels at the respective Qrates and on the respective paths.
A further aspect of the invention provides an optical communications network node comprising quantum receiver apparatus. The quantum receiver apparatus is configured to receive a plurality of QKD channels carrying respective sub-keys of a quantum key, Qkey. The quantum receiver apparatus comprises a processor and memory, the memory comprising instructions executable by the processor whereby the apparatus is operative to: obtain the sub-keys carried by the received QKD channels; and combine the sub-keys according to an agreed channel order to form the Qkey. A further aspect of the invention provides a method of quantum key distribution, QKD, in an optical communications network comprising a plurality of nodes and a plurality of links. The method comprises steps of:
obtaining a quantum key, Qkey, for transmission from a first node to a second node in the optical communications network at a target quantum rate, Qrate;
generating and sending to a path computation element, PCE, a QKD channels request comprising a request for channels for distribution of the Qkey and an indication of the target Qrate;
receiving a QKD channels response from the PCE, the response comprising an indication of a plurality of QKD channels having respective paths and respective Qrates, a sum of the QKD channel Qrates being at least equal to the target Qrate;
partitioning the Qkey into a plurality of sub-keys for transmission on respective QKD channels, the plurality of sub-keys corresponding to the plurality of QKD channels; and
transmitting the sub-keys from the first node to the second node on the respective QKD channels at the respective Qrates and on the respective paths.
In an embodiment, the method further comprises: receiving a channel release notification from the PCE, the notification comprising an indication that the quantum channel with the lowest achieved Qrate may be released; and, responsive to said notification, partitioning a remaining portion of the Qkey into a smaller plurality of sub keys for transmission on the corresponding smaller plurality of QKD channels.
In an embodiment, the method further comprises: receiving a notification from the PCE that an additional QKD channel needs to be added to the plurality of QKD channels to maintain transmission of the Qkey at the target Qrate, the notification comprising an indication of the additional QKD channel having a respective path and a respective Qrate; and, responsive to said notification, partitioning a remaining portion of the Qkey into a larger plurality of sub-keys for transmission on the corresponding larger plurality of QKD channels.
The method is advantageously adaptive enabling the Qrate to be adjusted as the network evolves with time which can maintain the correct level of security for quantum key distribution without the need to over-provision network resources.
In an embodiment, partitioning the Qkey into a plurality of sub-keys comprises serially allocating bits of the Qkey to the plurality of QKD channels according to a channel order. The method further comprises transmitting a representation of the channel order on one of the QKD channels.
In an embodiment, the channel order comprises a random permutation of the integers in the range one to said plurality, K, of QKD channels, each said integer representing a respective QKD channel and wherein partitioning the Qkey into a plurality of sub-keys comprises serially allocating bits of the Qkey to the QKD channels in the order in which the integers are arranged in the channel order.
A further aspect of the invention provides a method of receiving a quantum key, Qkey, in an optical communications network comprising a plurality of nodes and a plurality of links. The method comprises steps of: receiving a plurality of QKD channels carrying respective sub-keys of a Qkey; obtaining the sub-keys carried by the received QKD channels; and combining the sub-keys according to an agreed channel order to form the Qkey.
In an embodiment, the method further comprises: determining respective Qrates of the received QKD channels; and generating a Qrates reporting signal comprising an indication of the determined Qrates of the received QKD channels.
In an embodiment, each sub-key comprises a plurality of bits. The method further comprises: receiving an indication of the agreed channel order, the agreed channel order comprising a random permutation of the integers in the range one to said plurality, K, each said integer representing a respective QKD channel; and combining the sub-keys by interleaving the respective bits carried by the received QKD channels according to the order in which the integers are arranged in the agreed channel order.
A further aspect of the invention provides QKD apparatus comprising a quantum transmitter, interface circuitry and processing circuitry configured to:
obtain a quantum key, Qkey, for transmission from a first node to a second node in an optical communications network at a target quantum rate, Qrate;
generate and send to a path computation element, PCE, a QKD channels request comprising a request for QKD channels for distribution of the Qkey and an indication of said target Qrate;
receive a QKD channels response from said PCE, the response comprising an indication of a plurality of QKD channels having respective paths and respective Qrates, a sum of the QKD channel Qrates being at least equal to said target Qrate; partition the Qkey into a plurality of sub-keys for transmission on respective QKD channels, said plurality of sub-keys corresponding to said plurality of QKD channels; and generate at least one control signal comprising instructions arranged to cause the quantum transmitter to transmit the sub-keys on the respective QKD channels at the respective Qrates and on the respective paths.
A further aspect of the invention provides quantum receiver apparatus for an optical communications network. The quantum receiver apparatus is configured to receive a plurality of QKD channels carrying respective sub-keys of a Qkey. The quantum receiver apparatus comprises interface circuitry and processing circuitry configured to: obtain said sub-keys carried by said received QKD channels; and combine said sub-keys according to an agreed channel order to form said Qkey. Embodiments of the invention will now be described, by way of example only, with reference to the accompanying drawings.
Brief Description of the drawings
Figure 1 is a block diagram illustrating QKD apparatus according to an embodiment of the invention;
Figures 2 and 4 are block diagrams illustrating optical communications network nodes according to embodiments of the invention;
Figure 3 is a block diagram illustrating quantum receiver apparatus according to an embodiment of the invention;
Figures 5 to 8 are block diagrams illustrating operation of QKD apparatus and quantum receiver apparatus according to an embodiment of the invention in an optical communications network;
Figures 9 to 11 are flowcharts illustrating methods according to embodiments of the invention;
Figure 12 shows block diagrams illustrating a secret key and a channel order of a method according to an embodiment of the invention; and
Figure 13 shows block diagrams illustrating steps of combining received secret key bits according to the channel order to reform the secret key illustrated in Figure 12.
Detailed description
The same reference numbers will used for corresponding features in different embodiments.
Referring to Figure 1 , an embodiment of the invention provides quantum key distribution, QKD, apparatus 100 for an optical communications network. The optical communications network comprises a plurality of nodes and a plurality of links.
The QKD apparatus comprises a quantum transmitter 1 10, a processor 120 and memory 130. The memory comprising instructions executable by the processor whereby the QKD apparatus 100 is operative as follows.
The QKD apparatus is operative to obtain a quantum key, Qkey, for transmission from a first node to a second node in the optical communications network. The Qkey is for transmission at a target quantum rate, Qrate. The QKD apparatus is operative to generate a QKD channels request comprising a request for QKD channels for distribution of the Qkey and an indication of the target Qrate. The QKD apparatus is operative to send the QKD channels request to a path computation element, PCE. The QKD apparatus is operative to receive a QKD channels response from the PCE. The QKD channels response comprises an indication of a plurality of QKD channels having respective paths and respective Qrates. A sum of the QKD channel Qrates is at least equal to the target Qrate. The QKD apparatus is operative to partition the Qkey into a plurality of sub-keys for transmission on respective QKD channels. The plurality of sub-keys corresponds to the plurality of QKD channels, so each sub-key is transmitted on a respective one of the QKD channels. The QKD apparatus is operative to generate at least one control signal comprising instructions arranged to cause the quantum transmitter 1 10 to transmit the sub-keys on the respective QKD channels at the respective Qrates and on the respective paths.
In an embodiment, the memory 130 comprises instructions executable by the processor 120 whereby the QKD apparatus 100 is operative as follows. The QKD apparatus is operative to receive a channel release notification from the PCE. The channel release notification comprises an indication that the quantum channel with the lowest achieved Qrate may be released from use. Such a notification may be received if the sum of the Qrates of the QKD channels is higher than the target Qrate by an amount at least equal to the lowest achieved Qrate, so release of the QKD channel with the lowest achieved Qrate will reduce the sum of the Qrates but the sum of the Qrates will still be at least equal to the target Qrate.
The QKD apparatus is operative, responsive to the channel release notification, to partition a remaining portion of the Qkey into a smaller plurality of sub-keys for transmission on the corresponding smaller plurality of QKD channels, i.e. on the previous plurality of QKD channels less the channel with the lowest achieved Qrate, which has been released from use. The sum of the Qrates of the remaining, smaller, plurality of QKD channels is at least equal to the target Qrate.
In an embodiment, the memory 130 further comprises instructions executable by the processor 120 whereby the QKD apparatus 100 is operative as follows. The QKD apparatus is operative to receive a notification from the PCE that an additional QKD channel needs to be added to the plurality of QKD channels to maintain transmission of the Qkey at the target Qrate. The notification comprises an indication of the additional QKD channel having a respective path and a respective Qrate. The additional QKD channel has a Qrate which, when added to the sum of the Qrates of the existing QKD channels, increase the sum of the Qrates so that it is at least equal to the target Qrate.
A notification that an additional QKD channel needs to be added may be received if the sum of the Qrates of the QKD channels is less than the target Qrate. This may be as a result of a reduction in the Qrate of one or more of the QKD channels, causing the sum of the Qrates to fall below the target Qrate. The Qrate of a QKD channel can change due to changes in various network parameters such as inter-channel noise, number of coexisting channels, and number of switches crossed by a channel. The Qrate of a QKD channel can be extremely susceptible to changes in these parameters, with small changes in one or more parameters leading to a large change in the Qrate. The QKD apparatus is operative, responsive to a notification that an additional QKD channel needs to be added, to partition a remaining portion of the Qkey into a larger plurality of sub-keys for transmission on the corresponding larger plurality of QKD channels, i.e. on the previous plurality of QKD channels plus the additional QKD channel.
In an embodiment, the Qkey comprises a plurality of bits and the memory 130 comprises instructions executable by the processor 120 whereby the QKD apparatus 100 is operative as follows. The QKD apparatus is operative to partition the Qkey into a plurality of sub-keys by serially allocating bits of the Qkey to the plurality of QKD channels according to a channel order. The QKD apparatus is operative to generate a further control signal comprising instructions arranged to cause the quantum transmitter 1 10 apparatus to transmit a representation of the channel order on one of the QKD channels.
In an embodiment, the further control signal comprises instructions arranged to cause the quantum transmitter 1 10 apparatus to transmit a representation of the channel order on a first one of the plurality of QKD channels. Alternatively, the representation of the channel order may be transmitted on a best one of the plurality of QKD channels, for example the QKD channel with the highest Qrate or the highest quality, i.e. the highest probability,
Figure imgf000011_0001
that a photon reaches a receiver.
In an embodiment, the channel order comprises a random permutation of the integers in the range 1 to K, where K is the plurality of QKD channels. Each integer in the range 1 to K represents a respective one of the QKD channels. The memory 130 further comprises instructions executable by the processor 120 whereby the QKD apparatus 100 is operative to partition the Qkey into a plurality of sub-keys by serially allocating bits of the Qkey to the QKD channels in the order in which the integers are arranged in the channel order.
In an embodiment, the representation of the channel order comprises a channel permutation vector comprising the random permutation of the integers in the range 1 to K
In an embodiment, the QKD channels are one or more of space multiplexed, i.e. transmitted over different physical paths within the optical communications network, wavelength multiplexed and time multiplexed, i.e. transmitted within different time slots.
In an embodiment, the optical communications network is an optical switched network. For example, the optical communications network may be a wavelength switched optical network, WSON, as shown in Figures 5 to 8.
In an embodiment, the QKD channels are at least one of space multiplexed, wavelength multiplexed and time multiplexed. The QKD apparatus may advantageously enables the achievable Qrate to be increased as compared to current QKD networked systems with point-to-point Qkey distribution, by exploiting the available wavelengths, links and time-slots in the network. In respect of the above embodiments, the PCE may comprise a processor and memory comprising instructions executable by the processor whereby the PCE is operative as follows. The PCE is operative to receive the QKD channels request for the QKD apparatus 100. The PCE is operative to determine a plurality of QKD channels for distribution of the Qkey. The QKD channels have respective Qrates and a sum of the QKD channel Qrates is at least equal to the target Qrate.
The PCE is operative to select respective paths from the first node to the second node for the QKD channels and to generate a control signal comprising instructions arranged to configure the paths.
The PCE is operative to generate a QKD channels response comprising an indication of the plurality of QKD channels and the respective Qrates, and to send the QKD channels response to the QKD apparatus 100.
The PCE memory may comprise instructions executable by the processor whereby the PCE is operative to determine the plurality of QKD channels for distribution of the Qkey by estimating a number of QKD channels required to achieve the sum of the QKD channel Qrates being at least equal to the target Qrate. The number of QKD channels may be numerically estimated as function of the target Qrate and of system design parameters, by modelling Qrate for a number of channels using a known Qrate estimation model, such as described in D. Stucki et al,“Quantum Key Distribution over 67 km with a plug & play system", New J. Phys., 2002, volume 4, page 341 .
The PCE memory may comprise instructions executable by the processor whereby the PCE is operative to determine a required number of additional QKD channels responsive to the sum of the QKD channel Qrates being lower than the target Qrate. The PCE is operative to determine a required number of additional QKD channels by: calculating a mean achieved Qrate for the transmitted QKD channels; calculating a number of QKD channels required to achieve the sum of the QKD channel Qrates being at least equal to the target Qrate assuming each of said QKD channels is at the mean achieved Qrate; and calculating a difference between the calculated number of QKD channels and the plurality of transmitted QKD channels.
The PCE memory may comprise instructions executable by the processor whereby the PCE is operative as follows. The PCE is operative, after a preselected time period has elapsed or in response to a configuration change in the optical communications network, to repeat obtaining achieved Qrates for the transmitted QKD channels. The PCE is operative, responsive to the sum of the achieved Qrates being less than the target Qrate, to repeat determining a required number of additional QKD channels for the sum of the QKD channel Qrates to be at least equal to the target Qrate.
The PCE memory may comprise instructions executable by the processor whereby the PCE is operative to generate a channel release notification if the sum of the achieved Qrates less the lowest achieved Qrate is at least equal to the target Qrate. The PCE is operative to send the channel release notification to the QKD apparatus. The channel release notification comprises an indication that the quantum channel with the lowest achieved Qrate may be released from use.
The PCE memory may comprise instructions executable by the processor whereby the PCE is operative to generate a channel order by allocating respective integers in the range 1 to K to the QKD channels, where K is the plurality of QKD channels and to generate a random permutation of the integers 1 to K. The PCE is operative to provide the channel order to the QKD apparatus.
The PCE memory may comprise instructions executable by the processor whereby the PCE is operative to independently route each path for each QKD channel, independently selecting the best route for each path.
The PCE may be provided within a network management system, NMS, of the optical communications network or may be provided within a node of the optical communications network.
Referring to Figure 2, an embodiment of the invention provides an optical communications network node 200 comprising QKD apparatus 100 according to any of the above described embodiments.
Referring to Figure 3, an embodiment of the invention provides quantum receiver apparatus 300 for an optical communications network, such as the optical communications network 500 illustrated in Figures 5 to 8. The quantum receiver apparatus 300 is configured to receive a plurality of QKD channels carrying respective sub-keys of a Qkey. The quantum receiver apparatus comprises a processor 310 and memory 320. The memory 320 comprises instructions executable by the processor whereby the quantum receiver apparatus 300 is operative to obtain the sub-keys carried by the received QKD channels and to combine the sub-keys according to an agreed channel order to form the Qkey.
In an embodiment, the memory 320 comprises further instructions executable by the processor 310 whereby the quantum receiver apparatus 300 is operative to determine respective Qrates of the received QKD channels and is operative to generate a Qrates reporting signal. The Qrates reporting signal comprises an indication of the determined Qrates of the received QKD channels. The quantum receiver apparatus 300 may be operative to send the Qrates reporting signal to the PCE that the QKD apparatus 100 communicates with.
In an embodiment, each sub-key comprises a plurality of bits. The memory 320 comprises instructions executable by the processor 310 whereby the quantum receiver apparatus 300 is operative as follows. The quantum receiver apparatus 300 is operative to receive an indication of the agreed channel order. The agreed channel order comprises a random permutation of the integers in the range 1 to K, where K is the plurality of received QKD channels. Each integer in the channel order represents a respective one of the QKD channels. The quantum receiver apparatus 300 is operative to combine the sub-keys by interleaving the respective bits carried by the received QKD channels according to the order in which the integers are arranged in the channel order.
In an embodiment, the quantum receiver apparatus 300 receives the agreed channel order on one of the received QKD channels and the memory 320 comprises further instructions executable by the processor 310 whereby the quantum receiver apparatus 300 is operative to obtain the agreed channel order carried by the QKD channel.
In an embodiment, the memory 320 comprises further instructions executable by the processor 310 whereby the quantum receiver apparatus 300 is operative to determine from the length of the random permutation of the integers in the range 1 to K the number of QKD channels that will be received.
Referring to Figure 4, an embodiment of the invention provides an optical communications network node 400 comprising quantum receiver apparatus 300 as described above with reference to Figure 3.
Figures 5 to 8 illustrate operation of a node 520 comprising QKD apparatus 100 for an optical communications network 500 and of a node 550 comprising quantum receiver apparatus 300 according to embodiments of the invention.
The optical communications network 500 is a WSON comprising a plurality of nodes 520, 550, 560 and a plurality of links 522. A traffic PCET 512 and a QKD PCEQ 510 are provided within an NMS of the network 500.
In this example, a secure data transmission signal is to be transmitted from node A 520 to node D 550, using an encryption algorithm that requires a quantum key exchange between nodes A and B at a target Qrate of 500Kbit/s. This Qrate is computed based the data rate, encryption system and security guarantee and remains fixed for the whole time that secure data is to be transmitted between these nodes.
Referring to Figure 5, the PCET selects path A-B-C-D 530 for the secure data transmission signal.
Node A is operative to generate the Qkey and to provide the Qkey to the QKD apparatus 100. The QKD apparatus 100 generates a QKD channels request comprising a request for QKD channels for distribution of the Qkey and an indication of the target Qrate. The QKD apparatus then sends the QKD channels request to the PCEQ which selects the best path 540 from node A to node D and sends a QKD channels response back to the QKD apparatus. The QKD channels response comprising an indication of the QKD channel and its Qrate, and the path 540 on which the QKD channel should be transmitted. There is just one QKD channel, so the QKD apparatus 100 generates a control signal to cause the quantum transmitter 110 to transmit the channel order on that QKD channel and to transmit bits of the Qkey on this first QKD channel on path 540.
The transmitted QKD channel is received at Node B 550 and the quantum receiver apparatus 300 receives the agreed channel order and then obtains the transmitted bits of the Qkey. The quantum receiver apparatus 300 also determines the achieved Qrate of the transmitted QKD channel and generates a Qrates reporting signal comprising an indication of the Qrate of the received QKD channel and sends the Qrate reporting signal to the PCEQ 510.
In this example, the achieved Qrate of the first QKD channel is 250Kbit/s, which is less than the target Qrate of 500Kbits/s. The PCEQ therefore determines that one additional QKD channels is required to achieve the sum of the Qrates being at least equal to the target Qrate, by assuming that any additional QKD channels will have the same Qrate as the first QKD channel. The PCEQ therefore allocates a second QKD channel in an attempt to achieve a similar Qrate to the first QKD channel.
The second QKD channel is routed independently from the first QKD channel and in this case the PCEQ selects path A-E-D 542, as illustrated in Figure 6, and sends a notification to the QKD apparatus 100 that an QKD channel needs to be added. The notification comprises an indication of the second QKD channel and its expected Qrate, and the path 542 on which the second QKD channel should be transmitted.
The PCEQ 510 also generates the channel order and sends the channel order to the QKD apparatus 100. The QKD apparatus 100 generates a control signal to cause the quantum transmitter 1 10 to transmit the channel order on the first QKD channel. Alternatively, the QKD apparatus 100 may transmit the channel order on the best QKD channel.
The QKD apparatus 100 continues transmission of the Qkey by partitioning the remaining portion of the Qkey into two sub-keys for transmission on the two QKD channels. The QKD apparatus 100 generates at least one control signal to cause the quantum transmitter 1 10 to start transmitting the two sub-keys on the two QKD channels.
The transmitted QKD channels are received at Node B 550 and the quantum receiver apparatus 300 determines the achieved Qrate of the two transmitted QKD channels. In this example, the second QKD channel only achieves a Qrate of 40Kbit/s. The quantum receiver apparatus generates a further Qrates reporting signal comprising at least an indication of the Qrate of the received second QKD channel and sends the Qrate reporting signal to the PCEQ 510.
The sum of the Qrates of the first and second QKD channels is 290Kbit/s, which is still lower than the target Qrate. The PCEQ therefore repeats the step of determining a required number of additional QKD channels. This time the PCEQ calculates a mean achieved Qrate per QKD channel, which is (250+40 )/2=145Kbit/s. The PCEQ then calculates a number of QKD channels required to achieve the sum of the QKD channel Qrates being at least equal to the target Qrate assuming each of said QKD channels is at the mean achieved Qrate. In this example, the PCEQ calculates that four QKD channels will be needed to fulfill this requirement, assuming each channel is at the mean achieved Qrate. The PCEQ therefore activates two additional QKD channels, as illustrated in Figure 7: a third QKD channel on the already used path A-D but at a different wavelength, referred to as path 546; and a fourth QKD channel on path A-B-D 544.
The transmitted QKD channels are received at Node B 550 and the quantum receiver apparatus 300 determines the achieved Qrate of the four transmitted QKD channels. The third QKD channel has an achieved Qrate of 150 Kbit/s, while the fourth QKD channel has an achieved Qrate of 130 Kbit/s. The allocation of a second channel over the path A-D introduces some noise on the first QKD channel, reducing its achieved Qrate to 230 Kbit/s. The sum of the achieved Qrates of the four QKD channels is 550 Kbit/s, to the target Qrate is met, and in fact exceeded.
The QKD apparatus 100 continues transmission of the Qkey by partitioning the remaining portion of the Qkey into four sub-keys for transmission on the four QKD channels. The QKD apparatus 100 generates at least one control signal to cause the quantum transmitter 1 10 to start transmitting the four sub-keys on the four QKD channels.
Referring to Figure 8, the PCEQ may decide that there is still space for optimization of the Qkey transmission, and some of the QKD channels may be released. In this example, the PCEQ decides to release the second QKD channel, on path A-E-D 542, which has the lowest achieved Qrate of just 40 Kbit/s. The PCE sends a channel release notification to the QKD apparatus. The channel release notification comprises an indication that the second QKD channel should be released from use.
The QKD apparatus 100, responsive to receiving the channel release indication, continues transmission of the Qkey by partitioning the remaining portion of the Qkey into three sub-keys for transmission on the remaining three QKD channels. The QKD apparatus 100 generates at least one control signal to cause the quantum transmitter 110 to start transmitting the three sub-keys on the remaining three QKD channels.
Following release of the second QKD channel, the sum of the Qrates is 51 OKbit/s, which is enough to fulfill the requirement that the sum of the Qrates must be at least equal to the target Qrate of 500 Kbit/s.
After a preselected time, the achieved Qrates are again measured and, if the sum of the achieved Qrates is below the target Qrate of 500 Kbit/s, the PCEQ repeats the procedure of determining a required number of additional channels.
The Qkey is therefore distributed using K channels, which can be wavelength-, space-, and/or time-multiplexed. Each QKD channel is routed independently of each other, enabling the best route to be selected for each channel. The resulting K independent quantum flows are received and combined at the quantum receiver apparatus to obtain the Qkey with an aggregated Qrate that is at least equal to the target Qrate.
The QKD apparatus 100 and quantum receiver apparatus 300 therefore enable the disaggregation and re-combination of a Qkey into multiple sub-keys, the number of which may be adapted based on measurement of achieved Qrates.
The QKD apparatus 100 and quantum receiver apparatus 300 enable a fluctuating Qrate to be dealt with in an optical communication network with no decrease in the desired level of security for the Qkey transmission. Advantageously, the QKD apparatus 100 and quantum receiver apparatus 300 enable the achievable Qrate to be increased by exploiting available resources in the optical communications network, using multiple wavelengths, links and/or time slots, which is an issue in current QKD networked systems with point-to-point Qkey distribution.
The QKD apparatus 100 and quantum receiver apparatus 300 can be used in any optical switched network in which an encrypted data flow is to be transmitted, and a Qkey need to be exchanged, using any QKD protocol.
In another embodiment, an initial plurality of QKD channels may be numerically estimated by the PCEQ as function of the target Qrate and of network design parameters. The Qrate for a number of channels is modelled using a known Qrate estimation model, such as described in D. Stucki et al,“Quantum Key Distribution over 67 km with a plug & play system", New J. Phys., 2002, volume 4, page 341 . The process of measuring the achieved Qrates for the transmitted QKD channels and determining a required number of additional QKD channels may then be performed.
This may reduce the time required for convergence on the required plurality of QKD channels.
Referring to Figure 9, an embodiment of the invention provides a method 600 of quantum key distribution, QKD, in an optical communications network, such as the network 500 illustrated in Figures 5 to 8. The optical communications network comprises a plurality of nodes and a plurality of links.
The method comprises obtaining 610 a quantum key, Qkey, for transmission from a first node to a second node in the optical communications network at a target quantum rate, Qrate. A QKD channels request is generated and sent 612 to a PCE; the QKD channels request comprises a request for channels for distribution of the Qkey and an indication of the target Qrate. A QKD channels response is received 614 from the PCE; the QKD channels response comprises an indication of a plurality of QKD channels having respective paths and respective Qrates. A sum of the QKD channel Qrates is at least equal to the target Qrate.
The Qkey is partitioned 616 into a plurality of sub-keys for transmission on respective QKD channels; the plurality of sub-keys corresponds to the plurality of QKD channels. The sub-keys are transmitted (618 from the first node to the second node on the respective QKD channels, at the respective Qrates and on the respective paths.
In an embodiment, the method 600 additionally comprises receiving a channel release notification from the PCE. The channel release notification comprises an indication that the quantum channel with the lowest achieved Qrate may be released, resulting in a smaller plurality of QKD channels remaining in use. Responsive to the channel release notification, the remaining portion of the Qkey is partitioned into a corresponding smaller plurality of sub-keys for transmission on the smaller plurality of QKD channels.
In an embodiment, the method 600 additionally comprises receiving a notification from the PCE that an additional QKD channel needs to be added to the plurality of QKD channels to maintain transmission of the Qkey at the target Qrate, resulting in a larger plurality of QKD channels to be used. The notification comprises an indication of the additional QKD channel having a respective path and a respective Qrate. Responsive to receiving a notification that an additional QKD channel needs to be added, the remaining portion of the Qkey is partitioned into a corresponding larger plurality of sub-keys for transmission on the larger plurality of QKD channels.
In an embodiment, referring to Figure 12, the Qkey 900 comprises a plurality of bits 902. Partitioning the Qkey into a plurality of sub-keys comprises serially allocating the bits of the Qkey to the plurality of QKD channels according to a channel order 910. The method further comprises transmitting a representation of the channel order on one of the QKD channels.
In an embodiment, the channel order comprises a random permutation of the integers in the range one to K, where K is the plurality of QKD channels. Each integer represents a respective QKD channel. For example, as illustrated in Figure 12, three QKD channels, i.e. K=3, may be represented by channel order comprising a random permutation of the integers in the range 1 to 3. Partitioning the Qkey into a plurality of sub-keys comprises serially allocating the bits 902 of the Qkey 900 to the QKD channels in the order in which the integers are arranged in the channel order 910. So, for example, the first bit x1 is allocated to channel 2, the second bit x2 is allocated to channel 1 , the third bit x3 is allocated to channel 3, and so on.
Referring to Figure 10, an embodiment of the invention provides a method 700 of receiving a quantum key, Qkey, in an optical communications network, such as the network 500 illustrated in Figures 5 to 8. The optical communications network comprises a plurality of nodes and a plurality of links.
The method 700 comprises receiving 710 a plurality of QKD channels carrying respective sub-keys of a Qkey. The sub-keys carried by the received QKD channels are then obtained 712 and combined 714 according to an agreed channel order to form the Qkey. In an embodiment, each sub-key comprises a plurality of bits 902. The method comprises receiving an indication of the agreed channel order 910 comprising a random permutation of the integers in the range 1 to K, where K is the plurality of QKD channels which will be received. Each integer represents a respective QKD channel. The sub-keys 920 are combined by interleaving the respective bits carried by the received QKD channels according to the order in which the integers are arranged in the agreed channel order.
For example, referring to Figure 13, three QKD channels, CH1 , CFI2, CFI3, are received, together with channel order [1 , 2, 3] 910. CH1 carries a first sub-key comprising bits x2 and x5, CFI2 carries a second sub-key comprising bits x1 and x4, and CFI3 carries a third sub-key comprising bits x3 and x6. The sub-keys are obtained from the QKD channels and combined by interleaving them according to the channel order 910, to obtain the Qkey 900. So, in this example, the bits of the sub-keys are interleaved as follows: first bit on CFI2, x1 ; first bit on CH 1 , x2; first bit on CFI3, x3; second bit on CFI2, x4; second bit on CH1 , x5; second bit on CFI3, x6.
In an embodiment, the method 700 additionally comprises steps of determining respective Qrates of the received QKD channels and generating a Qrates reporting signal comprising an indication of the determined Qrates of the received QKD channels.
In an embodiment, the method 600 of quantum key distribution and the method 700 of receiving a Qkey may be combined, as illustrated in Figure 11 . For example, a secure data transmission signal is to be transmitted from a first node to a second node across an optical communications network, using an encryption algorithm that requires a quantum key exchange between the two nodes
The method 800 commences with analytically estimating a number of QKD channels, K, required to transmit the Qkey at a target Qrate. The Qkey is partitioned into that number of sub-keys and the method proceeds to start sending 820 the sub-keys on the K QKD channels, each of which has been independently routed. The achieved Qrates for the K QKD channels are empirically measured 830 and the sum of the Qrates is compared to the target Qrate. If the sum of the Qrates is above the target Qrate (‘threshold’) 834, the method continues transmitting the Qkey on the analytically estimated number of QKD channels. After a preselected time, T, the measurement of the achieved Qrates is repeated 842.
If the sum of the Qrates of the K QKD channels is below the target Qrate 832, the method proceeds to determining 850 an additional number of QKD channels required to achieve the sum of the Qrates being at least equal to the target Qrate. The additional channels are enabled 850 and the method continues, partitioning the Qkey into the resulting larger plurality of sub-keys, and transmitting the sub-keys on the corresponding larger plurality of QKD channels. The K QKD channels are received by the second node where the sub-keys are obtained and combined, as described above.
The achieved Qrates may also be empirically measured following a change in network configuration, to check whether the QKD channels are still meeting the requirement that the sum of the Qrates is at least equal to the target Qrate, to guarantee the desired level of security of transmission. Fluctuations in the Qrates may be caused, for example, by a change in the number of active classical/QKD channels or in the paths chosen for them, a change in the network configuration, or a change in the amount of noise in the network/channel.

Claims

1. Quantum key distribution, QKD, apparatus for an optical communications network, the optical communications network comprising a plurality of nodes and a plurality of links, the QKD apparatus comprising a quantum transmitter, a processor and memory, the memory comprising instructions executable by the processor whereby the QKD apparatus is operative to:
obtain a quantum key, Qkey, for transmission from a first node to a second node in the optical communications network at a target quantum rate, Qrate;
generate and send to a path computation element, PCE, a QKD channels request comprising a request for QKD channels for distribution of the Qkey and an indication of the target Qrate;
receive a QKD channels response from the PCE, the response comprising an indication of a plurality of QKD channels having respective paths and respective Qrates, a sum of the QKD channel Qrates being at least equal to the target Qrate; partition the Qkey into a plurality of sub-keys for transmission on respective QKD channels, the plurality of sub-keys corresponding to the plurality of QKD channels; and generate at least one control signal comprising instructions arranged to cause the quantum transmitter to transmit the sub-keys on the respective QKD channels at the respective Qrates and on the respective paths.
2. QKD apparatus according to claim 1 , wherein the memory comprises instructions executable by the processor whereby the QKD apparatus is operative:
to receive a channel release notification from the PCE, the notification comprising an indication that the quantum channel with the lowest achieved Qrate may be released; and, responsive to said notification, to partition a remaining portion of the Qkey into a smaller plurality of sub-keys for transmission on the corresponding smaller plurality of QKD channels.
3. QKD apparatus according to claim 1 or claim 2, wherein the memory further comprises instructions executable by the processor whereby the QKD apparatus is operative to: receive a notification from the PCE that an additional QKD channel needs to be added to the plurality of QKD channels to maintain transmission of the Qkey at the target Qrate, the notification comprising an indication of the additional QKD channel having a respective path and a respective Qrate;
and, responsive to said notification, to partition a remaining portion of the Qkey into a larger plurality of sub-keys for transmission on the corresponding larger plurality of QKD channels.
4. QKD apparatus according to any preceding claim, wherein the memory comprises instructions executable by the processor whereby the QKD apparatus is operative to: partition the Qkey into a plurality of sub-keys by serially allocating bits of the Qkey to the plurality of QKD channels according to a channel order; and
generate a further control signal comprising instructions arranged to cause the quantum transmitter apparatus to transmit a representation of the channel order on one of the QKD channels.
5. QKD apparatus according to claim 4, wherein the channel order comprises a random permutation of the integers in the range one to said plurality, K, of QKD channels, each said integer representing a respective QKD channel, and wherein the memory further comprises instructions executable by the processor whereby the QKD apparatus is operative to partition the Qkey into a plurality of sub-keys by serially allocating bits of the Qkey to the QKD channels in the order in which the integers are arranged in the channel order.
6. Quantum receiver apparatus for an optical communications network, wherein the apparatus is configured to receive a plurality of QKD channels carrying respective sub keys of a quantum key, Qkey, and wherein the apparatus comprises a processor and memory, the memory comprising instructions executable by the processor whereby the apparatus is operative to:
obtain the sub-keys carried by the received QKD channels; and
combine the sub-keys according to an agreed channel order to form the Qkey.
7. Quantum receiver apparatus according to claim 6, wherein the memory comprises further instructions executable by the processor whereby the apparatus is operative to determine respective Qrates of the received QKD channels; and
generate a Qrates reporting signal comprising an indication of the determined Qrates of the received QKD channels.
8. Quantum receiver apparatus according to claim 6 or 7 wherein each sub-key
comprises a plurality of bits and wherein the memory comprises further instructions executable by the processor whereby the apparatus is operative to:
receive an indication of the agreed channel order, the agreed channel order comprising a random permutation of the integers in the range one to said plurality, K, each said integer representing a respective QKD channel; and
combine the sub-keys by interleaving the respective bits carried by the received QKD channels according to the order in which the integers are arranged in the agreed channel order.
9. An optical communications network node comprising QKD apparatus according to any of claims 1 to 5.
10. An optical communications network node comprising quantum receiver apparatus according to any of claims 6 to 8.
11 . A method of quantum key distribution, QKD, in an optical communications network comprising a plurality of nodes and a plurality of links, the method comprising steps of:
obtaining a quantum key, Qkey, for transmission from a first node to a second node in the optical communications network at a target quantum rate, Qrate;
generating and sending to a path computation element, PCE, a QKD channels request comprising a request for channels for distribution of the Qkey and an indication of the target Qrate;
receiving a QKD channels response from the PCE, the response comprising an indication of a plurality of QKD channels having respective paths and respective Qrates, a sum of the QKD channel Qrates being at least equal to the target Qrate; partitioning the Qkey into a plurality of sub-keys for transmission on respective QKD channels, the plurality of sub-keys corresponding to the plurality of QKD channels; and
transmitting the sub-keys from the first node to the second node on the respective QKD channels at the respective Qrates and on the respective paths.
12. A method according to claim 11 , further comprising:
receiving a channel release notification from the PCE, the notification comprising an indication that the quantum channel with the lowest achieved Qrate may be released; and, responsive to said notification, partitioning a remaining portion of the Qkey into a smaller plurality of sub-keys for transmission on the corresponding smaller plurality of QKD channels.
13. A method according to claim 11 or claim 12, further comprising:
receiving a notification from the PCE that an additional QKD channel needs to be added to the plurality of QKD channels to maintain transmission of the Qkey at the target Qrate, the notification comprising an indication of the additional QKD channel having a respective path and a respective Qrate;
and, responsive to said notification, partitioning a remaining portion of the Qkey into a larger plurality of sub-keys for transmission on the corresponding larger plurality of QKD channels.
14. A method according to any of claims 1 1 to 13, wherein partitioning the Qkey into a plurality of sub-keys comprises serially allocating bits of the Qkey to the plurality of QKD channels according to a channel order and wherein the method further comprises transmitting a representation of the channel order on one of the QKD channels.
15. A method according to claim 14, wherein the channel order comprises a random permutation of the integers in the range one to said plurality, K, of QKD channels, each said integer representing a respective QKD channel and wherein partitioning the Qkey into a plurality of sub-keys comprises serially allocating bits of the Qkey to the QKD channels in the order in which the integers are arranged in the channel order.
16. A method of receiving a quantum key, Qkey, in an optical communications network comprising a plurality of nodes and a plurality of links, the method comprising steps of:
receiving a plurality of QKD channels carrying respective sub-keys of a Qkey;
obtaining the sub-keys carried by the received QKD channels; and
combining the sub-keys according to an agreed channel order to form the Qkey.
17. A method according to claim 16, further comprising:
determining respective Qrates of the received QKD channels; and
generating a Qrates reporting signal comprising an indication of the determined Qrates of the received QKD channels.
18. A method according to claim 16 or claim 17, wherein each sub-key comprises a plurality of bits and the method further comprises:
receiving an indication of the agreed channel order, the agreed channel order comprising a random permutation of the integers in the range one to said plurality, K, each said integer representing a respective QKD channel; and
combining the sub-keys by interleaving the respective bits carried by the received QKD channels according to the order in which the integers are arranged in the agreed channel order.
PCT/EP2018/085829 2018-12-19 2018-12-19 Quantum key distribution apparatus and method WO2020125967A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2018/085829 WO2020125967A1 (en) 2018-12-19 2018-12-19 Quantum key distribution apparatus and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2018/085829 WO2020125967A1 (en) 2018-12-19 2018-12-19 Quantum key distribution apparatus and method

Publications (1)

Publication Number Publication Date
WO2020125967A1 true WO2020125967A1 (en) 2020-06-25

Family

ID=64899338

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2018/085829 WO2020125967A1 (en) 2018-12-19 2018-12-19 Quantum key distribution apparatus and method

Country Status (1)

Country Link
WO (1) WO2020125967A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112564818A (en) * 2020-12-07 2021-03-26 中国电子科技集团公司信息科学研究院 Quantum key distribution channel distribution method and device, electronic equipment and storage medium
WO2022142462A1 (en) * 2020-12-28 2022-07-07 科大国盾量子技术股份有限公司 Centralized wide area quantum cryptography network group key distribution method and system
WO2022142460A1 (en) * 2020-12-28 2022-07-07 科大国盾量子技术股份有限公司 Centralized quantum cryptography network group key distribution method and system
CN116743380A (en) * 2023-08-14 2023-09-12 中电信量子科技有限公司 OTN encryption communication method and system based on quantum key distribution

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080137868A1 (en) * 2006-12-08 2008-06-12 University Technologies International, a Canadian Corporation Distributed encryption methods and systems
EP2647155A2 (en) * 2010-12-02 2013-10-09 Qinetiq Limited Quantum key distribution
WO2016112086A1 (en) * 2015-01-08 2016-07-14 Alibaba Group Holding Limited Quantum key distribution system, method and apparatus based on trusted relay

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080137868A1 (en) * 2006-12-08 2008-06-12 University Technologies International, a Canadian Corporation Distributed encryption methods and systems
EP2647155A2 (en) * 2010-12-02 2013-10-09 Qinetiq Limited Quantum key distribution
WO2016112086A1 (en) * 2015-01-08 2016-07-14 Alibaba Group Holding Limited Quantum key distribution system, method and apparatus based on trusted relay

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
D. STUCKI ET AL., QUANTUM KEY DISTRIBUTION OVER 67 KM WITH A PLUG & PLAY SYSTEM
NEW J., PHYS., vol. 4, 2002
NEW J., PHYS., vol. 4, 2002, pages 341

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112564818A (en) * 2020-12-07 2021-03-26 中国电子科技集团公司信息科学研究院 Quantum key distribution channel distribution method and device, electronic equipment and storage medium
WO2022142462A1 (en) * 2020-12-28 2022-07-07 科大国盾量子技术股份有限公司 Centralized wide area quantum cryptography network group key distribution method and system
WO2022142460A1 (en) * 2020-12-28 2022-07-07 科大国盾量子技术股份有限公司 Centralized quantum cryptography network group key distribution method and system
CN116743380A (en) * 2023-08-14 2023-09-12 中电信量子科技有限公司 OTN encryption communication method and system based on quantum key distribution

Similar Documents

Publication Publication Date Title
WO2020125967A1 (en) Quantum key distribution apparatus and method
CA2883444C (en) System and method for quantum key distribution
KR101338409B1 (en) Method and node for generating distributed rivest shamir adleman signature in ad-hoc network
KR20190073520A (en) Method and apparatus for relaying quantum cryptographic keys based on centralized management and control networks
Alagheband et al. Dynamic and secure key management model for hierarchical heterogeneous sensor networks
CN108111305B (en) Multi-type quantum terminal compatible converged network access system and method
CN112865964A (en) Quantum key distribution method, equipment and storage medium
CN113141252B (en) Quantum key distribution method, quantum communication method, device and system
JP2014509094A (en) System and method for securing wireless communication
JP2022549047A (en) Quantum encryption key distribution method, device and system
CN111200493A (en) Post-processing system and method for phase polarization joint modulation QKD
US11424836B2 (en) Path computation engine and method of configuring an optical path for quantum key distribution
CN109412797B (en) Key negotiation method and client based on bit error rate decision state base
Kong Challenges of routing in quantum key distribution networks with trusted nodes for key relaying
CN115549895A (en) Encryption transmission method and device
Khalil et al. On the delay limited secrecy capacity of fading channels
JP7392065B2 (en) Quantum networks and authentication methods
Ramotsoela et al. Data aggregation using homomorphic encryption in wireless sensor networks
CN116389947A (en) Dynamic service-oriented bandwidth and key distribution method and related device
CN116743379B (en) Encryption transmission scheme determining method for power network data
Huang et al. A novel key distribution scheme based on transmission delays
RU2820558C1 (en) Method of controlling strength criterion of quantum distribution of keys described by connected graphs of arbitrary configurations
Chorti et al. Optimal power allocation in block fading channels with confidential messages
WO2022228684A1 (en) Quantum communication method and apparatus
Sojdeh et al. Multi-Transmitter Coded Caching with Secure Delivery over Linear Networks--Extended Version

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18826327

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18826327

Country of ref document: EP

Kind code of ref document: A1