Personal Project Report: Final Report

With the progress reports hand-in being close, I figure that it is time to do one last report, this time as a summary of my own experience with the project. As my project has been a graduate diploma project, it has been worth only 30 points, which has meant that I’ve needed to take two other papers as well. Certainly, the juggle of balancing a course that requires my own self-discipline and focus on a particular topic with other courses has been a growing experience, and one that I help felt has been very informative in how I balance my time with the different pressures involved for each course. Certainly, I found the best method for mental management and time management was to write a list of everything that I needed to accomplish and the prioritize each task on the list. This enabled me to more rationally organize a schedule for my time. All in all, the course has been a rewarding experience and has (and still is as I continue with these last moments) felt like a great accomplishment.

What I enjoyed the most:
Probably the most enjoyable aspect of this project has been reading about the development of QKD and finding it to be conceptually simple to understand, and having great potential for future use.

What I found the hardest:
For me, the hardest part of the project was determining what aspects of QKD I was going to focus upon. My project proposal was relatively broad due to my minimal understanding of QKD then, and as such, I found myself spending quite a few moments where I needed to step back from my research and critically evaluate where I was heading with my research and whether I considered it to fit with my end goal.

Anything I could change if I were to do this again:
I’ve really enjoyed how my how my project has turned out, and how I decided to build it. If I knew now what I knew back at the start of the semester, I would like to gain a better mathematical understanding of how the QKD process works. However, this was not a feasible action to make during my current project as it would have taken a lot of time and resulted in little to show.

What I feel I’ve gained from this:
Certainly, I feel like I’ve picked up passion for the encryption/security aspect of IT, and I’m excited to see how encryption technology and processes will develop.

What new skills I’ve learned:
As this project was research rather than practical or job experience based, I haven’t gained too many skills. In saying that, I have become more familiar with WordPress and HTML formatting within it.

Would I want to take this further:
QKD is very much still in development, although there are some commercial elements to it. I would personally love to know more, especially, as I mentioned earlier, the mathematical and physical foundation behind the process and different methods involved. However, I do anticipate that it is relatively complicated which implies that it would take me some time before I could feel comfortable and confident in that aspect of the topic. With that in mind, the answer is yes, yes I would.


Personal Progress Report: 24/10/17

In my last personal progress report, I intended to complete my draft report by the 20th. I was unable to complete it by said date, but did complete it yesterday, the 23rd.

During the meeting with my supervisor today, we reviewed the draft report. From this meeting, I have compiled the following list of adjustments for the draft:

  • Elaborate (in either main body or appendix) on Alice and Bob
  • APA format references (This can be done through Zotero)
  • Clarify a few phrases within the report, and fix the typos
  • Finish write-up about CV-QKD
  • Potentially create a small conclusion about results from NIST section
  • Potentially change diagram position to be above network description


I also still need to complete the glossary, which I will work at over the week.



Personal Progress Report: 13/10/17

My current plan in this time of the semester is to write up my draft report by next Friday (the 20th) so that I can have it reviewed by my supervisor for any grammatical and formatting errors, and by someone who can determine that the concepts in my writing are correct.

After attending a report writing meeting yesterday, I was informed of the expected report format for a research project:
Research Report Format

My current framework is:

-Introduction to Quantum mechanics
-Introduction to QKD (Potentially also split into protocols also)

-Progress of protocols, BB84, BBM92, SARG04.

-Development of QKD in networks
-Development of trusted nodes
-Development of different QKD links

-The NIST SP 800-57

Analysis of Results
-Current state of network scheme with reference to the progress
-Applicability of quantum keys with relation to NIST procedure.

-Place of quantum keys and QKD in enterprise

Future Work
-Future potential of QKD
-Potential further research into overcoming QKD limitations


I intend to focus on these portions of the report first (references included) and then fill in the other parts of the report that feel less time-critical to me afterwards.


Tokyo QKD Network

This information is sourced from:
Sasaki M, et al. (11 May 2011) Field test of quantum key distribution in the Tokyo QKD Network.

The previous networks, DARPA, SECOQC, SwissQuantum, Durban[1], ATDNet, and Hefei[2], can be organized into two different network schemes: ‘key relay via trusted nodes, and transparent link via optical switching’.

The Tokyo QKD network is a mesh-type with six different QKD systems using the trusted node scheme. The network has four access points that are connected with commercial grade fibers. The four access points Kogenai (Ko), Otemachi (Ot), Hakusan(Ha), and Hongo (Ho).

For the Ko-Ot link (45km), loss rate is an average of approximately 0.3dB/km.
For the Ha-Ot link (12 Km), and Ho-Ot link (13km), loss rate is an average of 0.5dB/km.

Tokyo QKDN

The QKD network is part of  ‘the NICT open testbed called Japan’s Giga Bit Network 2 plus (JGN2plus)’, and has plenty of noise in the fibers and interfiber crosstalk (‘photon leakage from neighboring fibers’) is often observed. The crosstalk can be reduced through the implementation of a ‘narrow spectral or temporal bandpass at the receiver.’

Link 1: MELCO used decoy state BB84 protocol over 24km (loop) between Otemachi and Hakusan.

Link 2: NEC-NICT used BB84 protocol over 45km between Otemachi and Koganei, using the NICT’s superconducting single photon detector (SSPD).

Link 3: NTT-NICT used differential phase shifted (DPS) QKD over a 90km (loop) between Koganei and Otemachi, using the SSPD also.

Link 4: All Vienna used BBM92 with installed fibers over 1km.

Link 5: TREL used decoy state BB84 protocol over 45km, using electrically cooled self-differentiating avalanche photodiodes (SD-APDs).

Link 6: IDQ used their commercial system that employs the SARG04 protocol over the 13km between Otemachi and Hongo.

The network contains quantum links that are connected to create a network, where each link has a unique method in generating the key. ‘The QKD protocols as wells as the format and size of the key material can be arbitrary.’ The Tokyo network implemented the three-layer architecture similar to the one in the SECOQC article. The base layer involves a QKD device that pushes the key materials to the middle key management layer. The key management layer contains a key management agent (KMA) that exists at each node and ‘receives the the key material via an application interface (API)’. The API used in this system was developed by NEC and NICT and was compatible with the SECOQC quantum backbone link interface (QBB-LI). The use of the compatible API increased the ‘interoperability of a great variety of different QKD devices’.

The KMA is a computer that works as a trusted node. Its job is to ‘resize the key materials for absorbing the difference in key generation rate and key length of each QKD link, to reshape the key materials into a common format for further use, and to supply unique identifiers to the key materials.’ ‘ It then stores the materials in numerical order to synchronize key usage during encryption and decryption.’ The KMA also stores the information of the key generation rate and the QBER, which is then forwarded to the key management server (KMS), ‘who is introduced for the centralized management network’.

‘The KMS coordinates and oversees all links in the network’, as all network functions are performed within the KM layer. ‘A KMA can relay a secure key shared with one node to a second node by OTP-encrypting the key, using another key shared with the node.’ The KMS is in control of determining the provision of secure paths and managing the key life cycle.

Authentication is done by the WC scheme with a prior secure key.

Secure communication is achieved by using the keys for the encryption/decryption of any file ‘produced by various applications’. The users are situated within the trusted nodes and their data is sent to the KMAs to be encrypted/decrypted with an OTP in ‘a stored key mode’. Advanced Encryption Standard (AES) is also implemented in each of the KMAs. ‘The KMS switches two cryptographic schemes, referring residual amounts of secure keys.’

The Tokyo QKD uses an autonomous search algorithm to determine the node pathway. ‘The main reason for adopting the centralized management in the Tokyo QKD Network is that it assumes a test case if a government-chartered network or a mission critical infrastructure network which often have a central dispatcher or a central data server.’

Tokyo -Three layer scheme

QKD Systems
Tokyo Network Table

    • This system has been designed for ‘fast QKD for metropolitan-scale distances, which can realize OTP encryption of video data’.
    • ‘The hardware engine has a large memory, large-size field programmable gate arrays (FPGAs), and hish speed in/out interfaces, which can potentially handle up to 8 WDM channels, i.e. for a processing speed of up to 10Gbps’.
    • The decoy method has been realized with three different types of pulses: signal, decoy, and vacuum.
  • TREL
    • The photons are detected with ‘InGaAs APDs in self differentiating (SD) mode’ that are electrically cooled to -30° C.
    • The self-differentiating technique suppresses any afterpulse noise.
    • ‘The DPS-QKD scheme is especially suitable for fiber transmission, and is known to be secure against general individual attacks’.
    • Bob’s server sends the time information of the generated sifted keys to Alice’s server via an Ethernet connection.
    • ‘Ultra stable sifted key generation for more than 8 days was demonstrated. (Resulted with sifted key generation rate of 18kbps, and QBER of  an average 2.2%)
    • A stable operation for four hours was demonstrated for secure key generation combined with a key distillation engine. (Figures shown in table)
  • Mitsubishi
    • ‘Quantum and classical light sources are designed using DWDM (dense wavelength division multiplexing) DFB laser modules at telecom wavelengths.’ (Quantum is 1549.32nm, Classical is 1550.92nm)
    • ‘The system uses light pulses with four different intensity levels (signal: 0.63 photons per pulse, decoy: 0.3, 0.1, and vacuum). It consists of PLC’s with polarization stabilizers and commercial APDs.’ (Detection efficiency: 3%, dark count probability:6×10-6)
    • The InGaAs/InP APD detectors were set at -40° C through the use of Peltier modules.
    • ‘Single photon detectors were realized with both sinusoidal wave gating and a self-differentiating circuit.’
    • Error correction involved a low density parity check (LDPC) code that has been designed to ‘achieve a performance approaching Shannon’s limit’.
    • Privacy amplification time was reduced by using the fast Fourier transform ‘for multiplying the Toeplitz matrix and a reconciled key’.
    • A stable operation of key generation for 3 days was demonstrated.
    • An ‘OTP smartphone using QKD’ was also achieved: ‘Voice data is encoded at a rate of 1kBps, which requires approximately 1.2 MB for a 10min bidirectional talk. With a 2 GB Secure Digital (SD) card, continuous conversation for 10 days by OTP encryption can be supported with a single downloading.’ The secure key is downloaded from the QKD device, and after a key has been used, it is cleared from the smartphone’s memory.
  • IDQ
    • ‘System is working in a phase coding configuration and is based on the Plug & Play optical platform. This is a go and return configuration which allows high quality auto-compensation of polarization and phase fluctuation of the quantum channel.’
    • Has run for a 6 moth period continuously, except for 2 months  within that period, when tuning and secure key rate optimization occurred.
    • An addition of a filter increased the link loss, but reduced noise, which enabled a higher secure key exchange rate.
    • The QBER was reduced from 4% to 2% with the addition of the filter as it greatly reduced the crosstalk noise via spectral filtering.
  • All Vienna
    • Scheme is not ‘prepared by modulators’, and is instead ‘measured by passive polarization analyzers situated in the spatially separated devices of Alice and Bob’.
    • ‘Thereby quantum correlations are transferred into secrets’.
    • The passive entanglement scheme contains some benefits in that it is robust against certain attacks. An increase in laser power doesn’t present any leakage, but rather, after certain procedures, results in an ‘increased QBER and key rate reduction’. Consistent monitoring of the incident power stops any ‘blinding the detectors remotely’, which ensures that the detectors cannot be directly controlled by an ‘adversary’.
    • ‘The measurement results at Alice and Bob are further processed by an FPGA and an embedded PC (per device), delivering secure key over predefined interfaces’.
    • polarization drift with the fibers can be detected and ‘compensated at the receiver by a sophisticated polarization control algorithm.’
    • ‘Specifically QKD post-processing involves the standard stages of sifting, reconciliation (error correction), confirmation, and privacy amplification.’ The CASCADE error correction technique was applied, in ‘the parallel CASCADE flavor’ (L. Salvail’s proposition from SECOQC), which reduces the communication latency, and ‘real-time error correction speed’.
    • The privacy amplification block length was configured to 300kbit.
    • ‘Privacy amplification is based on a 2-universal hash function family realized as binary matrix multiplication with Toeplitz matrices’. An application which is computationally ineffective as is, but can be sped up using the Fourier transform.
    • The temperature of the environment can influence polarization stability, which was observed in the ‘arms of Bob’s BB84 module leading to a slow decrease of the secure key rate’.



[1] Mirza A. and Petruccione F. (24 May 2010)Realizing long-term quantum cryptography. Optical Society of America, Volume 27, No. 6.
Sourced from:

[2] Wang S. et al. (10 September 2014) Field and long term demonstration of a wide area quantum key distribution network.

DARPA Quantum Network

This information is sourced from:
Chip Elliot (3 December 2004) The DARPA Quantum Network.

DARPA QKD network
QKD is limited by distance through either fiber channels or freespace, which cannot be combined due to ‘frequency propagation and modulation’ problems. Often this can result in quantum links having a single point of failure due to only having a single channel. The DARPA network has attempted to resolve this by creating a QKD network ‘rather than stand-alone links’.

The DARPA network (when this article was published) consisted of six QKD nodes, of which four are weak-coherent systems and the other two are high-speed freespace systems.

The weak coherent system consists of two transmitters, Alice and Anna, which followed the BB84 protocol, and two receivers, Bob and Boris. This system also contained a 2×2 switch to allow the coupling of any of the transmitters with any of the receivers. ‘Alice, Bob, and the switch are in BBN’s laboratory; Anna is at Harvard; and Boris is at Boston University (BU). ‘ The switch is located 10km from Harvard and 19km from BU, which results in the Harvard-BU fiber path being 29km long.

The transmitter, Anna, has a mean photon number of 0.5, with the Anna-Bob path having a delivery speed of ‘1000 privacy-amplified secret bits/second’ with an average QBER of 3%.

The BBN-BU path has attenuation of 11.5dB, which results with the network having a mean photon number of 1.0, but a secret key yield of zero.

The freespace system consists of Ali and Baba, which are ‘electronic subsystems for a high-speed freespace QKD system’. The same BBN QKD protocols are run on this system, and have a link into the network via a key relay between Ali and Alice. (This system, in December 2004, contained ENT nodes that weren’t fully operational.)

This article provides a list of parameters that can be considered for classical encryption methods.

  • Protection of keys
    QKD systems provide keys that have not been encrypted via an algorithm, which provides greater long term security with respect to the processing ability of supercomputers and quantum computers.
  •  Authentication
    QKD doesn’t provide authentication of the key.
  • Robustness
    Point-to-point links contain a single point of failure unless there is redundancy created by creating multiple point-to-point interconnected links.
  • Distance and location Independence
    Due to attenuation in fiber and sensitivity of freespace environments, QKD systems to do not have large distances or location independence.
  • Resistance to traffic analysis
    This is weak due to the point-to-point link approach of most QKD systems.

The conclusive summary of these parameters for QKD, is that although QKD provides great protection of keys, it doesn’t have an intrinsic authentication system, nor does it have strong results for the other parameters.

The DARPA network attempts to increase the robustness and distance of a QKD system by creating a network that contains the links and endpoint all connected together.


In the above diagram, A1 and B1 are the Alice/Bob pair, A2 and B2 are the freespace Ali/Baba pair, A3 and B3, and A4 and B4, are also fiber-connected pairs. QKD networking protocols allow the A1 node to agree on a key with nodes that are multiple ‘hops’ away. For instance, two transmitting nodes A1 and A3 can agree on a key pair via the B1 node as a trusted intermediary.

A photon can be transmitted across an untrusted network to its endpoint node without being measured by the switches. In other words, the information is shared between two nodes within the network, without being shared within the network itself. The negative aspect of untrusted switched, is that each switch ‘adds at least a fractional dB insertion loss along the photonic path.’

A photon can also be transmitted across a trusted network to an end path node, where the intermediary nodes have ‘pairwise agreed-to keys’, which are used to ‘securely relay a key “hop-by-hop” from one endpoint to another.’ Each node along the transmission pathway decrypts then encrypts the photon using the pairwise keys. This results in the key being securely encrypted across each link.

The benefits of a QKD network are as follows:

  • Longer distance
    As a single key can now be distributed over multiple nodes, the ‘geographic reach’ of the quantum key has been increased.
  • Heterogeneous channels
    The links between nodes do not need to be homogeneous, indeed one could use fiber channels and the other use freespace.
  • Greater robustness
    An interconnected network results in multiple pathways between two endpoints. This resolves the single point of failure issue that occurs between single links.
  • Cost savings
    Large scale interconnectivity lowers costs by reducing the ‘required (N x N-1)/2 point-to-point links to as few as N links in the case of a simple star topology’.

BBN QKD Protocols
The software architecture for the BBN network is shown in the diagram below**:
DARPA BBN Protocol

‘The QKD protocols gave been integrated into a Unix operating system and provide key material to its indigenous Internet Key Exchange (IKE) daemon for use in cryptographically protecting Internet traffic via standard IPsec protocols and algorithms.’

The protocol stack contains a ‘traditional sifting protocol and the newer ‘Geneva’ style sifting’ (now commonly referred to as SARG, after the initials of those who produced it.)

Photonic Switching for untrusted network
For an untrusted network, the switch needs to be optically passive in order to not disturb the quantum states of the exchanged photons. For the DARPA network, there exists two transmitters, Alice and Anna, and their two ‘compatible’ receivers, Bob and Boris (as described at the start). In this situation, the transmitters and their receivers are not mutually exclusive, i.e. Any transmitter can organize key exchange with any receiver. The switch was designed to change the connectivity between each transmitter and receiver every 15 minutes. This resulted in the ‘receivers autonomously discover they are receiving photons from a new transmitter, and realign their Mach-Zehnder interferometers to match the tranmsitter’s interferometer.’ This purpose of this is to create multiple different keys. The switch does take time, 8 ms, and causes an optical loss of less than 1 dB.

BBN key relay protocols for trusted networks
For endpoints that are not directly connected, a path is created from links connecting to them. The BBN networking protocol ‘allows them to agree upon shared QKD bits.’ The path through the network is determined with a new random number, R, and ‘sending R one-time-pad encrypted across each link’, termed key relay.

**From a more extensive article on the DARPA network, published in 2005[1], the protocol are expanded upon as follows:

This enables the reconciliation of raw bit streams to reduce and remove such errors as photon loss, incorrect basis symbols, multiple detection symbols. Once sifted, the rest of the bit stream is discarded and only the sifted bits are used.

Error detection and correction
This occurs after the bit stream has been sifted, and is carried out in order to remove any damaged bits. However, Alice and Bob do not want to reveal the entirety of the sifted secret bit stream. This results in the following:
-The error correction is probabilistic, which results in the potential for Alice and Bob to not have completely identical sets.
-As error correction requires that Bob and Alice disclose information across a separate public channel, there is the potential for Eve to observe and obtain the information in plaintext, if she can decipher the communication.
-Error detection is used to estimate the QBER of the quantum channel.
The DARPA network used two types of error detection and modification: a modified version of the Cascade protocol (Brassard and Salvail’s protocol[I]), and a Forward Error Correction technique coined ‘Niagara[II]‘.

Entropy Estimation
The DARPA network used four different entropy techniques: Slutsky, Bennet, Myers-Pearson, and Shor-Preskill. The entropy is calculated in order to ensure that the privacy amplification is correct. If the entropy isn’t correctly calculated, this can result in a lower than possible privacy amplification, which would provide Eve greater accessibility to secret bits than the potential least amount.

Privacy Amplification
This process involves minimizing Eve’s knowledge of the shared bits to an ‘acceptable level’. A process otherwise known as distillation or advantage distillation. The amplification is completed by an algorithm which is designed to ‘operate on bits in computer memory’ and ‘”smears out” the value of each initial shared bit across the shorter resulting set of bits’. The purpose behind this, is that the shorter the resultant bit set, the less that Eve can know.  For the DARPA network, ‘the QKD node initiating privacy amplification selects a linear hash function over the Galois Field[IV] GF[2n] where n is the number of error-corrected bits in a block. ‘It then transmits four items to the other end -the number of bits m of the shortened result, the (sparse) primitive polynomial of the Galois field, a multiplier (n bits long), and an m-bit polynomial to add (i.e a bit string to exclusive-or) with the product. Each side then performs their corresponding hash and truncates the results to mbits to perform privacy amplification.’

Authentication involves the assurance that each endpoint is confident that they are communicating with their intended endpoint. For a QKD link between Alice and Bob, this is not only a preliminary action, but also continuous for the ensuing interactions. The DARPA network used Universal hash functions, based upon the authentication scheme outlined in the BB84 paper. Their Internet security architecture (IPsec) still utilizes standard authentication methods, and those described in the IKE. Their plan ‘is to extend this architecture by further incorporating those BB84 Universal Hash Functions described above in order to achieve continuous authentication based on secret bits derived from ongoing QKD.’


[I] Brassard and Salvail’s Cascade protocol
This protocol was the first error correction protocol for QKD, and requires an initial input of the error rate (QBER). It has an performance efficiency of working within 15-20% of the Shannon Limit[III], and a speed efficiency of being able to process key rates that are less than 5×104 bits-1.

[II] BBN Niagara
This is a type of Low-Density Parity Check (LDPC) code that has been newly designed for QKD applications, which doesn’t need the many protocol interactions between Alice and Bob, that entail a Cascade protocol.

[III] Shannon Limit
The Shannon Limit is a maximum rate for a channel, in which data can be sent without any error.[2]

[IV] Galois Field
A mathematical term for a finite field.[3]


[1] Elliot C., et al. (17 March 2005) Current Status of the DARPA Quantum Network.

[2] Hardesty Larry. (19 January 2010)Explained: The Shannon Limit, MIT News.

[3] Moreira J. and Farrell P. (06 November 2006) Essentials of Error-Control Coding. John Wiley & Sons. Sourced from:

Personal Progress Report: 04/10/17

Last week I set myself the following goals:

  • Finish writing up the QKD network articles
  • Finish the Glossary
  • Be at least 4000 words into my draft report

As I also completing work from my other courses, I was unable to complete these goals. What this means is that I need to consider whether I keep the glossary as part of my project or not. My current decision is to withhold any work on the glossary until after I’ve completed the draft report, as this prioritizes the aspect of this project that I consider most valuable. If I do have time, I will continue with the glossary but potentially trim it down to specific key words.

In terms of the work that I gave myself:
QKD Network Articles

  • Tokyo QKD Network Field Test
  • Chinese Star-Type QKDN
  • DARPA Quantum NetworkPotentially also:
  • Optical Networking for QKD and Quantum Communication
  • Building the Quantum Network

I have completed the SECOQC article, and found a more comprehensive article on star-type QKD networks. Once I have written up the Tokyo and DARPA articles, I will focus on my draft report, referring to the last two articles if I find the need.

In terms of time frames, my report is due on the 2nd November, which gives me just under a month to have the report completed. My goal for myself then, is to have a draft report handed into my supervisor by the 13th of October, the end of next week.

QKD: Multi-user Passive Optical Networks

This is sourced from:
Townsend P. D, et al. (1994) Quantum cryptography for multi-user passive optical networks.

Multi-user passive optical networks (PONs) enable the exchange of secure keys to each user within the network, and hence, securely encrypt a broadcast transmission on the network.

For QKD to become more utilizable, it needs to be able to work in a network that contains any-to-any and any-to-many communications. A multi-user PON scheme can allow ‘a network controller to distribute distinct secret keys to each of N users on the network, and hence to securely encrypt subsequent data transmissions broadcast on the network.’

QKD networks, in general, use optical fiber for data transmission, which allows point-to-point transmission on smaller networks. However, for a large network with many users, the utilization of point-to-point transmission becomes increasingly complicated. This article focuses on ‘simpler architectures based on passive optical networks in which the nodes are passive optical splitters. For a star-styled network, communications occurs at the ‘head-end of the PON and information is broadcast to, and ‘broadgathered’ from the downstream terminals on the network.’

In a multi-terminal network, a single input photon will only be received by a single receiver. This is also the case for optical pulses, except for the instance in which the average photon number per pulse is far less than one. ‘Hence in order to implement the standard quantum cryptography protocols on the network, the controller transmits a randomly encoded sequence of clocked pulses onto the network, an all receivers simultaneously make synchronous but independent random measurements on the network outputs. Because of the statistically random output from each coupler, this procedure is equivalent to simultaneously setting up N distinct quantum cryptography links in which the transmitter sends a random sequence in each case.’ Once this procedure is completed, the controller has supplied each terminal with a distinct key. This key can either be used to establish a secure link between the controller and a specific terminal. By encrypting a message with the key, Ki, the broadcast message can only be decrypted by terminal Ri. Each key can also be used by the controller to create an OTP of a master network key, which could be securely distributed to each terminal. This would enable the secure encryption of traffic between users on the network, with the controller acting only as a router.