Darmstadt University of Applied Sciences

mls.ietf@gmail.com https://danet.h-da.io

Darmstadt University of Applied Sciences

fabian.seidl@h-da.de https://danet.h-da.io

Darmstadt University of Applied Sciences

malte.bauch@h-da.de https://danet.h-da.io

Darmstadt University of Applied Sciences

neil.schark@h-da.de https://danet.h-da.io

Darmstadt University of Applied Sciences

johanna.henrich@h-da.de https://ucs.h-da.io

Internet Network Working Group QKDN Quantum communication modules connected via a link, either via fiber or free-space communications, have been used since a while to distribute random numbers as secure keys, but there are other use cases, such as time synchronization. By today, a number of research and industrial efforts are underway to built complete networks, primary for secure key distribution, i.e., so-called Quantum Key Distribution Networks (QKDN). This memo briefly explores the space of QKDNs and identifies spots of potentials interest to develop standardized protocols specific for such networks.

Introduction Quantum communication modules connected via a link, either via fiber or free-space communications, have been used since a while to distribute random numbers as secure keys, but there also other use cases, such as time synchronization. By today, a number of research and industrial efforts are underway to built complete networks, primary for secure key distribution, i.e., so-called Quantum Key Distribution Networks (QKDN) (see as one overview). Quantum Links (QL) are quite limited in their distance between two adjacent Quantum Communication Modules (QCM), e.g., around 100 km distance or even below. To overcome this limitation, multiple segments of Quantum Links are concatenated. This concatenation typically requires an extra level of functionality, i.e., the use of Key Management Systems (KMS). This memo briefly explores the space of QKDNs and identifies spots of potentials interest to develop standardized protocols specific for such networks.

Simplified Architecture The ITU defines an extensive QKDN architecture in Y.3802 . However, for our discussion we use a simplified architecture here. The Figure below shows a simplified architecture for a single QKDN domain. The Quantum Communication Modules (QCM) are in charge of exchanging random numbers between 2 QCM, or n modules for single-source entangled based systems. The Key Management Systems (KMS) are in charge of allowing a secure end-to-end relay of a secret across the whole domain. They obtain the encryption keys, or some initial input to the encryption key, from their local KMS. The Network Controller (NW cntrl) can be used to control and managed the operations of the KMS and also the QCM.

A simplified single Domain QKDN Architecture | KMS |<----->| KMS | +-----+ +-------------+ +-----+ ^ ^ ^ ^ | (b) | (b) | | (b) v v v v +-----+ (c) +-----+ +-----+ (c) +-----+ | QCM |<----->| QCM | | QCM |<----->| QCM | +-----+ +-----+ +-----+ +-----+ ]]>

The interfaces between the components are:

• (a) KMS-to-KMS interface: this interface is used to facilitate the secure key forwarding between the KMS
• (b) KMS-to-QCM interface: this interface is used by the KMS to obtain the generated random numbers from the QCM
• (c) QCM-to-QCM interface: this interface is used between adjacent Quantum Communication Modules and consists actually out of two interfaces, i.e., the quantum link and the classical channel.
• (d) Network Controller to KMS interface: This interface, if a controller-based approach is used, controls the operation of the KMS.

Conclusion This document does not yet have a conclusion, at it is a first attempt to gather information about protocols for QDKNS.

IANA Considerations This document has no IANA actions.

Security Considerations This document has no security considerations yet, but since the whole sense of a QDKN is to securely, i.e., secured against eavesdropping, tampering, and replay attacks, forward a key from end-to-end, security is a matter per se. Future revisions of this memo will discuss the security considerations.

Informative References

Acknowledgements Malte Bauch, Neil Schark and Fabian Seidl are funded by the German BMBF DemoQuanDT project. Martin Stiemerling is partially funded by the German BMBF DemoQuanDT project.