Personal Progress Report: 13/10/17

My current plan in this time of the semester is to write up my draft report by next Friday (the 20th) so that I can have it reviewed by my supervisor for any grammatical and formatting errors, and by someone who can determine that the concepts in my writing are correct.

After attending a report writing meeting yesterday, I was informed of the expected report format for a research project:
Research Report Format

My current framework is:

-Introduction to Quantum mechanics
-Introduction to QKD (Potentially also split into protocols also)

-Progress of protocols, BB84, BBM92, SARG04.

-Development of QKD in networks
-Development of trusted nodes
-Development of different QKD links

-The NIST SP 800-57

Analysis of Results
-Current state of network scheme with reference to the progress
-Applicability of quantum keys with relation to NIST procedure.

-Place of quantum keys and QKD in enterprise

Future Work
-Future potential of QKD
-Potential further research into overcoming QKD limitations


I intend to focus on these portions of the report first (references included) and then fill in the other parts of the report that feel less time-critical to me afterwards.



Tokyo QKD Network

This information is sourced from:
Sasaki M, et al. (11 May 2011) Field test of quantum key distribution in the Tokyo QKD Network.

The previous networks, DARPA, SECOQC, SwissQuantum, Durban[1], ATDNet, and Hefei[2], can be organized into two different network schemes: ‘key relay via trusted nodes, and transparent link via optical switching’.

The Tokyo QKD network is a mesh-type with six different QKD systems using the trusted node scheme. The network has four access points that are connected with commercial grade fibers. The four access points Kogenai (Ko), Otemachi (Ot), Hakusan(Ha), and Hongo (Ho).

For the Ko-Ot link (45km), loss rate is an average of approximately 0.3dB/km.
For the Ha-Ot link (12 Km), and Ho-Ot link (13km), loss rate is an average of 0.5dB/km.

Tokyo QKDN

The QKD network is part of  ‘the NICT open testbed called Japan’s Giga Bit Network 2 plus (JGN2plus)’, and has plenty of noise in the fibers and interfiber crosstalk (‘photon leakage from neighboring fibers’) is often observed. The crosstalk can be reduced through the implementation of a ‘narrow spectral or temporal bandpass at the receiver.’

Link 1: MELCO used decoy state BB84 protocol over 24km (loop) between Otemachi and Hakusan.

Link 2: NEC-NICT used BB84 protocol over 45km between Otemachi and Koganei, using the NICT’s superconducting single photon detector (SSPD).

Link 3: NTT-NICT used differential phase shifted (DPS) QKD over a 90km (loop) between Koganei and Otemachi, using the SSPD also.

Link 4: All Vienna used BBM92 with installed fibers over 1km.

Link 5: TREL used decoy state BB84 protocol over 45km, using electrically cooled self-differentiating avalanche photodiodes (SD-APDs).

Link 6: IDQ used their commercial system that employs the SARG04 protocol over the 13km between Otemachi and Hongo.

The network contains quantum links that are connected to create a network, where each link has a unique method in generating the key. ‘The QKD protocols as wells as the format and size of the key material can be arbitrary.’ The Tokyo network implemented the three-layer architecture similar to the one in the SECOQC article. The base layer involves a QKD device that pushes the key materials to the middle key management layer. The key management layer contains a key management agent (KMA) that exists at each node and ‘receives the the key material via an application interface (API)’. The API used in this system was developed by NEC and NICT and was compatible with the SECOQC quantum backbone link interface (QBB-LI). The use of the compatible API increased the ‘interoperability of a great variety of different QKD devices’.

The KMA is a computer that works as a trusted node. Its job is to ‘resize the key materials for absorbing the difference in key generation rate and key length of each QKD link, to reshape the key materials into a common format for further use, and to supply unique identifiers to the key materials.’ ‘ It then stores the materials in numerical order to synchronize key usage during encryption and decryption.’ The KMA also stores the information of the key generation rate and the QBER, which is then forwarded to the key management server (KMS), ‘who is introduced for the centralized management network’.

‘The KMS coordinates and oversees all links in the network’, as all network functions are performed within the KM layer. ‘A KMA can relay a secure key shared with one node to a second node by OTP-encrypting the key, using another key shared with the node.’ The KMS is in control of determining the provision of secure paths and managing the key life cycle.

Authentication is done by the WC scheme with a prior secure key.

Secure communication is achieved by using the keys for the encryption/decryption of any file ‘produced by various applications’. The users are situated within the trusted nodes and their data is sent to the KMAs to be encrypted/decrypted with an OTP in ‘a stored key mode’. Advanced Encryption Standard (AES) is also implemented in each of the KMAs. ‘The KMS switches two cryptographic schemes, referring residual amounts of secure keys.’

The Tokyo QKD uses an autonomous search algorithm to determine the node pathway. ‘The main reason for adopting the centralized management in the Tokyo QKD Network is that it assumes a test case if a government-chartered network or a mission critical infrastructure network which often have a central dispatcher or a central data server.’

Tokyo -Three layer scheme

QKD Systems
Tokyo Network Table

    • This system has been designed for ‘fast QKD for metropolitan-scale distances, which can realize OTP encryption of video data’.
    • ‘The hardware engine has a large memory, large-size field programmable gate arrays (FPGAs), and hish speed in/out interfaces, which can potentially handle up to 8 WDM channels, i.e. for a processing speed of up to 10Gbps’.
    • The decoy method has been realized with three different types of pulses: signal, decoy, and vacuum.
  • TREL
    • The photons are detected with ‘InGaAs APDs in self differentiating (SD) mode’ that are electrically cooled to -30° C.
    • The self-differentiating technique suppresses any afterpulse noise.
    • ‘The DPS-QKD scheme is especially suitable for fiber transmission, and is known to be secure against general individual attacks’.
    • Bob’s server sends the time information of the generated sifted keys to Alice’s server via an Ethernet connection.
    • ‘Ultra stable sifted key generation for more than 8 days was demonstrated. (Resulted with sifted key generation rate of 18kbps, and QBER of  an average 2.2%)
    • A stable operation for four hours was demonstrated for secure key generation combined with a key distillation engine. (Figures shown in table)
  • Mitsubishi
    • ‘Quantum and classical light sources are designed using DWDM (dense wavelength division multiplexing) DFB laser modules at telecom wavelengths.’ (Quantum is 1549.32nm, Classical is 1550.92nm)
    • ‘The system uses light pulses with four different intensity levels (signal: 0.63 photons per pulse, decoy: 0.3, 0.1, and vacuum). It consists of PLC’s with polarization stabilizers and commercial APDs.’ (Detection efficiency: 3%, dark count probability:6×10-6)
    • The InGaAs/InP APD detectors were set at -40° C through the use of Peltier modules.
    • ‘Single photon detectors were realized with both sinusoidal wave gating and a self-differentiating circuit.’
    • Error correction involved a low density parity check (LDPC) code that has been designed to ‘achieve a performance approaching Shannon’s limit’.
    • Privacy amplification time was reduced by using the fast Fourier transform ‘for multiplying the Toeplitz matrix and a reconciled key’.
    • A stable operation of key generation for 3 days was demonstrated.
    • An ‘OTP smartphone using QKD’ was also achieved: ‘Voice data is encoded at a rate of 1kBps, which requires approximately 1.2 MB for a 10min bidirectional talk. With a 2 GB Secure Digital (SD) card, continuous conversation for 10 days by OTP encryption can be supported with a single downloading.’ The secure key is downloaded from the QKD device, and after a key has been used, it is cleared from the smartphone’s memory.
  • IDQ
    • ‘System is working in a phase coding configuration and is based on the Plug & Play optical platform. This is a go and return configuration which allows high quality auto-compensation of polarization and phase fluctuation of the quantum channel.’
    • Has run for a 6 moth period continuously, except for 2 months  within that period, when tuning and secure key rate optimization occurred.
    • An addition of a filter increased the link loss, but reduced noise, which enabled a higher secure key exchange rate.
    • The QBER was reduced from 4% to 2% with the addition of the filter as it greatly reduced the crosstalk noise via spectral filtering.
  • All Vienna
    • Scheme is not ‘prepared by modulators’, and is instead ‘measured by passive polarization analyzers situated in the spatially separated devices of Alice and Bob’.
    • ‘Thereby quantum correlations are transferred into secrets’.
    • The passive entanglement scheme contains some benefits in that it is robust against certain attacks. An increase in laser power doesn’t present any leakage, but rather, after certain procedures, results in an ‘increased QBER and key rate reduction’. Consistent monitoring of the incident power stops any ‘blinding the detectors remotely’, which ensures that the detectors cannot be directly controlled by an ‘adversary’.
    • ‘The measurement results at Alice and Bob are further processed by an FPGA and an embedded PC (per device), delivering secure key over predefined interfaces’.
    • polarization drift with the fibers can be detected and ‘compensated at the receiver by a sophisticated polarization control algorithm.’
    • ‘Specifically QKD post-processing involves the standard stages of sifting, reconciliation (error correction), confirmation, and privacy amplification.’ The CASCADE error correction technique was applied, in ‘the parallel CASCADE flavor’ (L. Salvail’s proposition from SECOQC), which reduces the communication latency, and ‘real-time error correction speed’.
    • The privacy amplification block length was configured to 300kbit.
    • ‘Privacy amplification is based on a 2-universal hash function family realized as binary matrix multiplication with Toeplitz matrices’. An application which is computationally ineffective as is, but can be sped up using the Fourier transform.
    • The temperature of the environment can influence polarization stability, which was observed in the ‘arms of Bob’s BB84 module leading to a slow decrease of the secure key rate’.



[1] Mirza A. and Petruccione F. (24 May 2010)Realizing long-term quantum cryptography. Optical Society of America, Volume 27, No. 6.
Sourced from:

[2] Wang S. et al. (10 September 2014) Field and long term demonstration of a wide area quantum key distribution network.

DARPA Quantum Network

This information is sourced from:
Chip Elliot (3 December 2004) The DARPA Quantum Network.

DARPA QKD network
QKD is limited by distance through either fiber channels or freespace, which cannot be combined due to ‘frequency propagation and modulation’ problems. Often this can result in quantum links having a single point of failure due to only having a single channel. The DARPA network has attempted to resolve this by creating a QKD network ‘rather than stand-alone links’.

The DARPA network (when this article was published) consisted of six QKD nodes, of which four are weak-coherent systems and the other two are high-speed freespace systems.

The weak coherent system consists of two transmitters, Alice and Anna, which followed the BB84 protocol, and two receivers, Bob and Boris. This system also contained a 2×2 switch to allow the coupling of any of the transmitters with any of the receivers. ‘Alice, Bob, and the switch are in BBN’s laboratory; Anna is at Harvard; and Boris is at Boston University (BU). ‘ The switch is located 10km from Harvard and 19km from BU, which results in the Harvard-BU fiber path being 29km long.

The transmitter, Anna, has a mean photon number of 0.5, with the Anna-Bob path having a delivery speed of ‘1000 privacy-amplified secret bits/second’ with an average QBER of 3%.

The BBN-BU path has attenuation of 11.5dB, which results with the network having a mean photon number of 1.0, but a secret key yield of zero.

The freespace system consists of Ali and Baba, which are ‘electronic subsystems for a high-speed freespace QKD system’. The same BBN QKD protocols are run on this system, and have a link into the network via a key relay between Ali and Alice. (This system, in December 2004, contained ENT nodes that weren’t fully operational.)

This article provides a list of parameters that can be considered for classical encryption methods.

  • Protection of keys
    QKD systems provide keys that have not been encrypted via an algorithm, which provides greater long term security with respect to the processing ability of supercomputers and quantum computers.
  •  Authentication
    QKD doesn’t provide authentication of the key.
  • Robustness
    Point-to-point links contain a single point of failure unless there is redundancy created by creating multiple point-to-point interconnected links.
  • Distance and location Independence
    Due to attenuation in fiber and sensitivity of freespace environments, QKD systems to do not have large distances or location independence.
  • Resistance to traffic analysis
    This is weak due to the point-to-point link approach of most QKD systems.

The conclusive summary of these parameters for QKD, is that although QKD provides great protection of keys, it doesn’t have an intrinsic authentication system, nor does it have strong results for the other parameters.

The DARPA network attempts to increase the robustness and distance of a QKD system by creating a network that contains the links and endpoint all connected together.


In the above diagram, A1 and B1 are the Alice/Bob pair, A2 and B2 are the freespace Ali/Baba pair, A3 and B3, and A4 and B4, are also fiber-connected pairs. QKD networking protocols allow the A1 node to agree on a key with nodes that are multiple ‘hops’ away. For instance, two transmitting nodes A1 and A3 can agree on a key pair via the B1 node as a trusted intermediary.

A photon can be transmitted across an untrusted network to its endpoint node without being measured by the switches. In other words, the information is shared between two nodes within the network, without being shared within the network itself. The negative aspect of untrusted switched, is that each switch ‘adds at least a fractional dB insertion loss along the photonic path.’

A photon can also be transmitted across a trusted network to an end path node, where the intermediary nodes have ‘pairwise agreed-to keys’, which are used to ‘securely relay a key “hop-by-hop” from one endpoint to another.’ Each node along the transmission pathway decrypts then encrypts the photon using the pairwise keys. This results in the key being securely encrypted across each link.

The benefits of a QKD network are as follows:

  • Longer distance
    As a single key can now be distributed over multiple nodes, the ‘geographic reach’ of the quantum key has been increased.
  • Heterogeneous channels
    The links between nodes do not need to be homogeneous, indeed one could use fiber channels and the other use freespace.
  • Greater robustness
    An interconnected network results in multiple pathways between two endpoints. This resolves the single point of failure issue that occurs between single links.
  • Cost savings
    Large scale interconnectivity lowers costs by reducing the ‘required (N x N-1)/2 point-to-point links to as few as N links in the case of a simple star topology’.

BBN QKD Protocols
The software architecture for the BBN network is shown in the diagram below**:
DARPA BBN Protocol

‘The QKD protocols gave been integrated into a Unix operating system and provide key material to its indigenous Internet Key Exchange (IKE) daemon for use in cryptographically protecting Internet traffic via standard IPsec protocols and algorithms.’

The protocol stack contains a ‘traditional sifting protocol and the newer ‘Geneva’ style sifting’ (now commonly referred to as SARG, after the initials of those who produced it.)

Photonic Switching for untrusted network
For an untrusted network, the switch needs to be optically passive in order to not disturb the quantum states of the exchanged photons. For the DARPA network, there exists two transmitters, Alice and Anna, and their two ‘compatible’ receivers, Bob and Boris (as described at the start). In this situation, the transmitters and their receivers are not mutually exclusive, i.e. Any transmitter can organize key exchange with any receiver. The switch was designed to change the connectivity between each transmitter and receiver every 15 minutes. This resulted in the ‘receivers autonomously discover they are receiving photons from a new transmitter, and realign their Mach-Zehnder interferometers to match the tranmsitter’s interferometer.’ This purpose of this is to create multiple different keys. The switch does take time, 8 ms, and causes an optical loss of less than 1 dB.

BBN key relay protocols for trusted networks
For endpoints that are not directly connected, a path is created from links connecting to them. The BBN networking protocol ‘allows them to agree upon shared QKD bits.’ The path through the network is determined with a new random number, R, and ‘sending R one-time-pad encrypted across each link’, termed key relay.

**From a more extensive article on the DARPA network, published in 2005[1], the protocol are expanded upon as follows:

This enables the reconciliation of raw bit streams to reduce and remove such errors as photon loss, incorrect basis symbols, multiple detection symbols. Once sifted, the rest of the bit stream is discarded and only the sifted bits are used.

Error detection and correction
This occurs after the bit stream has been sifted, and is carried out in order to remove any damaged bits. However, Alice and Bob do not want to reveal the entirety of the sifted secret bit stream. This results in the following:
-The error correction is probabilistic, which results in the potential for Alice and Bob to not have completely identical sets.
-As error correction requires that Bob and Alice disclose information across a separate public channel, there is the potential for Eve to observe and obtain the information in plaintext, if she can decipher the communication.
-Error detection is used to estimate the QBER of the quantum channel.
The DARPA network used two types of error detection and modification: a modified version of the Cascade protocol (Brassard and Salvail’s protocol[I]), and a Forward Error Correction technique coined ‘Niagara[II]‘.

Entropy Estimation
The DARPA network used four different entropy techniques: Slutsky, Bennet, Myers-Pearson, and Shor-Preskill. The entropy is calculated in order to ensure that the privacy amplification is correct. If the entropy isn’t correctly calculated, this can result in a lower than possible privacy amplification, which would provide Eve greater accessibility to secret bits than the potential least amount.

Privacy Amplification
This process involves minimizing Eve’s knowledge of the shared bits to an ‘acceptable level’. A process otherwise known as distillation or advantage distillation. The amplification is completed by an algorithm which is designed to ‘operate on bits in computer memory’ and ‘”smears out” the value of each initial shared bit across the shorter resulting set of bits’. The purpose behind this, is that the shorter the resultant bit set, the less that Eve can know.  For the DARPA network, ‘the QKD node initiating privacy amplification selects a linear hash function over the Galois Field[IV] GF[2n] where n is the number of error-corrected bits in a block. ‘It then transmits four items to the other end -the number of bits m of the shortened result, the (sparse) primitive polynomial of the Galois field, a multiplier (n bits long), and an m-bit polynomial to add (i.e a bit string to exclusive-or) with the product. Each side then performs their corresponding hash and truncates the results to mbits to perform privacy amplification.’

Authentication involves the assurance that each endpoint is confident that they are communicating with their intended endpoint. For a QKD link between Alice and Bob, this is not only a preliminary action, but also continuous for the ensuing interactions. The DARPA network used Universal hash functions, based upon the authentication scheme outlined in the BB84 paper. Their Internet security architecture (IPsec) still utilizes standard authentication methods, and those described in the IKE. Their plan ‘is to extend this architecture by further incorporating those BB84 Universal Hash Functions described above in order to achieve continuous authentication based on secret bits derived from ongoing QKD.’


[I] Brassard and Salvail’s Cascade protocol
This protocol was the first error correction protocol for QKD, and requires an initial input of the error rate (QBER). It has an performance efficiency of working within 15-20% of the Shannon Limit[III], and a speed efficiency of being able to process key rates that are less than 5×104 bits-1.

[II] BBN Niagara
This is a type of Low-Density Parity Check (LDPC) code that has been newly designed for QKD applications, which doesn’t need the many protocol interactions between Alice and Bob, that entail a Cascade protocol.

[III] Shannon Limit
The Shannon Limit is a maximum rate for a channel, in which data can be sent without any error.[2]

[IV] Galois Field
A mathematical term for a finite field.[3]


[1] Elliot C., et al. (17 March 2005) Current Status of the DARPA Quantum Network.

[2] Hardesty Larry. (19 January 2010)Explained: The Shannon Limit, MIT News.

[3] Moreira J. and Farrell P. (06 November 2006) Essentials of Error-Control Coding. John Wiley & Sons. Sourced from:

Personal Progress Report: 04/10/17

Last week I set myself the following goals:

  • Finish writing up the QKD network articles
  • Finish the Glossary
  • Be at least 4000 words into my draft report

As I also completing work from my other courses, I was unable to complete these goals. What this means is that I need to consider whether I keep the glossary as part of my project or not. My current decision is to withhold any work on the glossary until after I’ve completed the draft report, as this prioritizes the aspect of this project that I consider most valuable. If I do have time, I will continue with the glossary but potentially trim it down to specific key words.

In terms of the work that I gave myself:
QKD Network Articles

  • Tokyo QKD Network Field Test
  • Chinese Star-Type QKDN
  • DARPA Quantum NetworkPotentially also:
  • Optical Networking for QKD and Quantum Communication
  • Building the Quantum Network

I have completed the SECOQC article, and found a more comprehensive article on star-type QKD networks. Once I have written up the Tokyo and DARPA articles, I will focus on my draft report, referring to the last two articles if I find the need.

In terms of time frames, my report is due on the 2nd November, which gives me just under a month to have the report completed. My goal for myself then, is to have a draft report handed into my supervisor by the 13th of October, the end of next week.

QKD: Multi-user Passive Optical Networks

This is sourced from:
Townsend P. D, et al. (1994) Quantum cryptography for multi-user passive optical networks.

Multi-user passive optical networks (PONs) enable the exchange of secure keys to each user within the network, and hence, securely encrypt a broadcast transmission on the network.

For QKD to become more utilizable, it needs to be able to work in a network that contains any-to-any and any-to-many communications. A multi-user PON scheme can allow ‘a network controller to distribute distinct secret keys to each of N users on the network, and hence to securely encrypt subsequent data transmissions broadcast on the network.’

QKD networks, in general, use optical fiber for data transmission, which allows point-to-point transmission on smaller networks. However, for a large network with many users, the utilization of point-to-point transmission becomes increasingly complicated. This article focuses on ‘simpler architectures based on passive optical networks in which the nodes are passive optical splitters. For a star-styled network, communications occurs at the ‘head-end of the PON and information is broadcast to, and ‘broadgathered’ from the downstream terminals on the network.’

In a multi-terminal network, a single input photon will only be received by a single receiver. This is also the case for optical pulses, except for the instance in which the average photon number per pulse is far less than one. ‘Hence in order to implement the standard quantum cryptography protocols on the network, the controller transmits a randomly encoded sequence of clocked pulses onto the network, an all receivers simultaneously make synchronous but independent random measurements on the network outputs. Because of the statistically random output from each coupler, this procedure is equivalent to simultaneously setting up N distinct quantum cryptography links in which the transmitter sends a random sequence in each case.’ Once this procedure is completed, the controller has supplied each terminal with a distinct key. This key can either be used to establish a secure link between the controller and a specific terminal. By encrypting a message with the key, Ki, the broadcast message can only be decrypted by terminal Ri. Each key can also be used by the controller to create an OTP of a master network key, which could be securely distributed to each terminal. This would enable the secure encryption of traffic between users on the network, with the controller acting only as a router.

The SECOQC quantum key distribution network in Vienna

Sourced from: Peev, M. et al. (02.07.2009) The SECOQC quantum key distribution network in Vienna, The Journal of Physics.

Current constraints of QKD (as of 2009)

  • Limited distance for key distribution
  • Low rate of key distribution, which exponentially decreases with respect to distance
  • Distribution is point-to-point, which limits potential for application

Quantum Networks
Quantum links are the links between two QKD devices, which contain a quantum channel and a classical channel. These channels perform QKD protocol and transfer QKD keys between the two parties hosting the QKD devices. The quantum links only operate over point-to-point connections and hence, cannot be ‘deployed over any arbitrary network topology’.

The SECOQC defined the QKD network as an infrastructure with point-to-point capabilities that ‘aims at information theoretically secure key agreement’, rather than at secure communication.

‘There are two principal types of QKD network paradigms:’

  • Quantum channel switching paradigm
  • Trusted repeater paradigm

End-to-end requires a technology not yet realized, quantum repeaters. Optical switching is used instead, where optical switching is applied to quantum signals to create a direct quantum channel. However, in fully-switched optical networks, the two end parties require an initial secret. This limits the scalability, also optical losses limit distance of the key distribution. They could be considered suitable for networks of a metropolitan scale.

Trusted repeater QKD networks contain quantum links between the locations or nodes, and QKD devices are used at the end of link to point to a node. In this system, a QKD key may be sent over a chain of QKD links and nodes. The key is randomly generated then sent to another node, encrypted using the OTP protocol, which uses ‘QKD key material, stored in the memory of the node, which was previously generated over the outgoing QKD link from the chain.’ The OTP key is sent from the node it was generated, with an ITS authentication tag, to the node where the QKD key is being sent. The OTP key can be verified by the receiving node and used to decrypt the QKD key. The QKD key can then be encrypted with an OTP from the received node before being sent to another node, the OTP key being sent their along a secure classical channel. This type of network requires full trust of all of the nodes, as every intermediate node is able to decrypt the QKD key. The nodes then, can be considered as trusted repeaters. SECOQC implemented this type of QKD paradigm into their network.

For SECOQC’s network, they also implemented an additional feature where initial secrets for authentication were only shared between neighboring nodes. This simplified the initialization of the QKD network, and made it easy to add any additional nodes during their operation.

Quantum Network Architecture
The SECOQC used the following device structure:

  • QKD devices have ‘access to the quantum channel alone and perform only a node internal classical communication with a dedicated device called a node module.’
  • Node modules manage the QKD key material of the QKD devices within the node ‘and takes over the authenticated classical communication with the partner QKD devices.’

This structure results in the QKD device having the objective ‘to communicate over the quantum channel, distill and push a QKD key to the node using the communication facilities of the latter.’
The node manages the point-to-point connections. This includes, classical communication to neighboring nodes, key management, and cryptoservices. The connections are required for determining destination paths and the realization of secure transport protocols. The implementation of the node modules hide the QKD devices from the network, which relieves the requirement for homogeneous QKD technology, and leaves only the requirement that the device can communicate with the node and can push up the QKD key.

The SECOQC contained six nodes and eight QKD links. All devices had to meet the following criteria:

  • QKD devices communicate classically with peers ‘over standardized interface, provided by the node module’
  • QKD devices push key to the node
  • QKD devices share management information and accept commands from the node


  • QKD links operate over distances greater than 25km with standard telecom fiber (Approx. 0.25dB km-1)
  • Key generation rate at 25km is greater than 1kbit s-1

System Types

  1. Weak laser pulse auto-compensated system: ‘plug & play’ device pairs (id-Q)
  2. One-way weak coherent pulse system with decoy states (Tosh)
  3. Coherent-one-way (COW)
  4. Entangled photons ENT)
  5. Continuous variable QKD system; with Guassian modulation, reverse reconciliation and homodyne detection of coherent light pulses (CV)
  6. Access free space link (FS)

SECOQC Network

Below is a table from the data for each system, provided by the SECOQC article.

SECOQC Network Table

  • id-Q:
    • System designed by id Quantique SA
    • BB84 and SARG protocols incorporated into system, specifically the BRT-ERD link, with mean number of photons per pulse = 1.03
    • System BRT-ERD had 5.75 dB link loss
    • The id-Q systems have been tested over longer periods of time
  • Tosh
    • Utilizes a protocol that is proven secure against all types of eavesdropping attacks
    • Mean number of photons per pulse for both signal (μ) and decoy state (ν) is dependent upon fiber distance, for SECOQC they were: μ = 0.48, and ν = 0.16, based on ‘numerical optimization of the secure bit rate’.
    • For fiber length 20km: SBR = 11kbits-1, for fiber length 25km: SBR = 5.7kbits-1. For fiber length 10km: SBR = 18kbits-1, for fiber length 1km: SBR = 27kbits-1

  • COW
    • COW-protocol can be implemented such that it is ‘insensitive to optical errors’
    • ‘Eve cannot count the number of photons in any finite number of pulses without introducing errors’.
    • Counting rate for the COW detector can be calculated by: DB is R ≈ μ t tB Σ , where η is the quantum efficiency of the photodetector, and μ ≈ 0.5.
    • Bob has monitoring detectors DM1 and DM2, where DM1 is set to pick up Alice’s wavelength and DM2 picks up detection of an eavesdropper
    • ‘the COW QKD system is compatible with standard telecom components, insensitive to polarization fluctuations in the fiber and robust against PNS attacks’.
  • ENT
    • Long-term stability of an ENT system requires multiple different stabilization modules: source stabilization, state alignment, polarization control, and delay synchronization.
    • ‘In terms of entanglement distribution, the system achieved an average polarization visibility of 93%’
    • ‘The high purity of the shared entangled state allows the device to efficiently extract a secure key from the measured correlations.’
  • CV
    • Noise; such as shot-noise, loss-based noise, and excess noise, need to accurately calculated as they influence the ‘calculation of the secret information available in the shared data’
    • To determine a key, highly sophisticated algorithms need to be applied to the data, ‘based on low-density parity-check codes’. The quantized data then has a privacy amplification scheme applied to it.
    • This type of system provides very high key generation rates at small distances such as 10-20km.
  • FS
    • The mean photon number for this system was 0.3
    • This system requires end systems that can be completely protected from any light.
    • During the testing period, fluctuations were noticed in the decoy parameter, which were considered to have likely occurred due to temperature variation.


Node module architecture
SECOQC give their node modules three main roles; enabling functionality of links and managing the key generated over said links, determining a path between nodes, and ensuring end-to-end transport of the secret key material. These roles are divided into three network layers.

The enabling of functionality of links and management of generated keys is considered as the quantum point-to-point protocol (Q3P) layer. This layer is designed to ‘separate key production from key usage.’ In this layer, the node module creates a Q3P connection with each node with which it has an association.  These connections use QKD links and are considered as Q3P links. The Q3P link has interchangeable modes based on the transmitted packet’s header. The three modes are: OTP and  ITS authenticated communication, Non-encrypted and ITS authenticated communication, and neither encrypted nor authenticated communication. These modes are determined by two ‘functional entities: a key store, and a crypto-engine.

The key store has different levels in itself. SECOQC Q3P key store levels
It has a ‘Pickup store’ in which multiple QKD devices can be attached to one Q3P link. This creates an association between each QKD device and a pickup store, to which generated keys are pushed. A protocol is run between the device and the pickup store which ensures that ‘synchronous keys’ are present in both, after which, if it terminates successfully, the key material is moved to the ‘Common store’. The common store is where all the QKD created keys are collected. Here, all of the key bits ‘form a homogeneous mass’.  The final level is are the key buffers, which are either in or out. Specific portions of key material are removed from the common store and are dedicated for either inbound or outbound communications. A key store is either given the role of master or slave. The master key store decides on which key material should be removed from the common store. Once the key material is used, it is shredded to ensure no further availability.

Q3P maintains connection between the ‘underlying QKD device corresponding to each Q3P link in the node’. Any key material that is pushed up by the QKD device is accepted by the Q3P link, as are ‘general node management commands’.

The second role of determining paths along the network nodes is considered the quantum network layer. Whilst IPv4 and IPv6 over Q3P for routing is suitable, the traditional use of IPv4 and IPv6 does not work well over Q3P. Hence, SECOQC used a similar method to the OSPF protocol where ‘the routing information exchanged by the QKD network layer protocol as link state packets holds additional properties addressing the average secure key generation rate on each link as well as the current amount of key material, available in the respective key store.’ The routing information is not encrypted when it is exchanged, but it is authenticated over the Q3P links, which results in ‘constant key consumption on the lines’.

The final role of ensuring end-to-end transport over the Q3P link, is the QKD transport layer protocol, QKD-TL. The method used by SECOQC is called ‘hop-by-hop encryption/decryption mechanism’, which is where each node, whether end-stage or intermediate, decrypts and authenticates a received message, before encrypting it again and sending it to the next node, along with an authentication tag. All of this is achieved over the Q3P network by having the incoming message be pulled from a link, its destination address read, then pushing the outgoing message along another link towards its specific final node.

‘It should be stressed that the secure communications between the client and server by means of the key distributed over the QKD network can use any communication channel of (generally any type of) a secure communication infrastructure.’

Key Behavior
There is a baseline key consumption rate that is resultant from the Q3P authentication process, which involves sifting, error correction, key confirmation, and privacy amplification. Also, there are pay-load applications that involve key expenditure.

The maximum shared key length between two nodes is equivalent to the maximum length of the message that can be shared via information-theoretic security.

Personal Progress Report: 26/09/17

Last week didn’t have a personal progress report as I have been continuing with the same focus as where I was with my last report.

The mid-semester break for NMIT is finally here. This means that in two weeks time, I will have a little under a month to complete my project. With that in mind, I have set forth the following goals for my break:

  • Finish writing up the QKD network articles
  • Finish the Glossary
  • Be at least 4000 words into my draft report **

The first two goals are very time expensive, but I consider them to be imperative. The final goal is one that would reduce the pressure from my last four weeks back into the semester, but may not be feasible considering other course work that also need to be completed by the end of the break.

In terms of the work required to finish, it would mean the following:

  • QKD Network Articles
    • SECOQC
    • Tokyo QKD Network Field Test
    • Chinese Star-Type QKDN
    • DARPA Quantum Network

      Potentially also:

    • Optical Networking for QKD and Quantum Communication
    • Building the Quantum Network
  • Glossary
    • ~35 terms still need to be defined

Currently, I believe that I can complete this, though it will take a lot of time. I will update next week as to my progress with this work and the feasibility of the third goal.