Industry Specification Group (ISG) on Quantum Key Distribution for Users (QKD) Activity Report 2023
Chair: Martin Ward, Toshiba Europe
Developing specifications that will enhance the security and interoperability of quantum communication networks being deployed around the world.
There is a concern that today’s network communications that are encrypted using conventional public key cryptography may be decrypted in the future, when more powerful processors or new methods of cryptanalysis are available.
Unlike conventional methods, quantum cryptographic protocols should be resilient to all advances in computing and mathematics. The inherent security of quantum cryptography stems from the way it uses properties that quantum states derive from the Laws of Nature, rather than assumptions about the difficulty of certain mathematical operations.
The first applications of quantum cryptography are likely to be those requiring long term secrecy, such as encryption of sensitive government or corporate data or the health records of individuals. Examples include secure communication of human genome sequences and inter-site data replication in the financial sector.
Quantum Key Distribution (QKD) enables keys to be established securely over optical links, via the transfer of quantum states. The security of QKD protocols is based on quantum entanglement – or the impossibility of cloning/measuring the unknown quantum states transferred – rather than algorithmic complexity. Recently there has been remarkable progress in the deployment of quantum technologies in communication infrastructures, with several quantum key distribution (QKD) networks under construction around the world. The high level of current activity in quantum communications means that there is a pressing need to develop industrial standards for the technology.
ETSI’s Industry Specification Group (ISG) on QKD is leading activities to help fulfil this need by developing common interfaces and specifications for the quantum communications industry that will stimulate markets for components, systems and applications. The group’s work is fundamental to enabling the future interoperability of the QKD networks being deployed around the world. Just as importantly, it will ensure that quantum cryptography is implemented in a secure manner that mitigates the risk of side channels and active attacks. ISG QKD brings together experts from various companies and organizations with interests in QKD certification: these include potential customers for applications and system manufacturers, along with security experts from organizations involved in certification schemes and academia. The membership of ISG QKD comprises large companies, telecom operators, SMEs, NMIs, government labs and Universities, and includes representatives from North America, Asia and Europe.
In April 2023 ISG QKD released Group Specification GS QKD 016, the world’s first Protection Profile (PP) for Quantum Key Distribution. Anticipating the need for quantum safe cryptography, the new ETSI specification will help manufacturers to submit pairs of ‘prepare and measure’ QKD modules for evaluation under a security certification process. Such modules can be used by telecom operators and enterprises in securing their networks with the knowledge that certified products have been subjected to the scrutiny of a formal security evaluation process. The Protection Profile specifies high-level requirements for the physical implementation of prepare and measure QKD protocols through to the output of final secret keys. A revision to this Group Specification was initiated to update it to conform to a new version of the Common Criteria evaluation scheme. Drafts of this update were subjected to evaluation, as part of an application for certification of the PP.
Meanwhile progress was made on a number of further Group Specifications, including revisions to existing publications:
- GS QKD 004 revises ETSI’s previously published GS on QKD Application Interface, adding the specification of a transport protocol and data formats that can be used together to implement the API.
- GS QKD 005 revises previously published GS on Security Proofs, focusing on security definition, device models, implementation security and relevant quantum key distribution protocols.
- GS QKD 010 addresses the design, construction, characterisation and operation of QKD systems that are intended to protect against Trojan horse attacks.
- GS QKD 013 defines procedures for characterising specific properties of complete QKD transmitter modules.
- GS QKD 014 revises ETSI’s previously published REST API specification that allows applications to request cryptographic keys from a QKD network.
- GS QKD 020 specifies a REST-based Interoperable Key Management System API that allows key management systems to interoperate to pass keys horizontally between two systems located in a common trusted node. The API will enable QKD networks to serve applications that request shared secret keys from key management systems that are not linked by a contiguous chain of systems from the same vendor.
Work neared completion on two new Group Reports. One (GR QKD 017) reviews the variety of architectures that have been proposed for QKD networking, while another (GR QKD 019) addresses the role that authentication plays in QKD protocols and explores the design of classical interfaces for QKD systems that include appropriate authentication measures.
Updates also progressed to existing Group Report GR QKD 007 on QKD vocabulary and definitions.
Several ISG QKD members and participants took part in the 9th ETSI/IQC Quantum Safe Cryptography Event, held at ETSI’s headquarters in February 2023. During the event the activities of ISG QKD were presented, along with a range of technical presentations on QKD and a panel discussion on certification. The Group’s activities were also presented at the ETSI Security Conference in October 2023.
See the full list of ISG QKD Work Items currently in development here.