Introduction
Key management has long been a challenge since the inception
of cryptography. From provisioning to distribution to rotation and expiration, managing
the secrecy of cryptographic keys has plagued modern security systems.
Previously,
the advent of public key cryptography and subsequent development of Public Key
Infrastructure (PKI) enabled scalable key distribution based on asymmetric
encryption algorithms, such as Rivest-Shamir-Adleman (RSA) and Elliptic Curve
Cryptography (ECC). However, the emergence of quantum computers threatens such
classical cryptographic primitives, where algorithms such as Shor’s algorithm can
factor large integers into their primes in polynomial time, rendering RSA and
other encryption schemes vulnerable.
The industry needs to migrate to quantum-safe methods,
including transitioning to Quantum Key Distribution (QKD). However, QKD comes
with its own complexities, considering the specialized setup of physical
infrastructure. To work around these limitations, pQCee’s QKDLite offers a
software implementation of a lightweight digital QKD to provide a quantum-safe
solution for current cloud applications.
What is QKD?
Quantum key distribution leverages the properties of quantum
photonics to securely establish a secret cryptographic key between two parties
over a quantum channel, typically a fiber optic cable. A Quantum Key
Distribution Entity (QKDE) transmits encoded photons which are measured by the
receiver. Due to the no-cloning theorem and the disturbance caused by quantum
measurement, the act of eavesdropping is detectable, thus establishing a
tamper-evident channel.
Unlike classical key distribution methods, which rely on the
computational complexity of mathematics as security, QKD is provably secure
against classical and quantum attacks, including man-in-the-middle attacks.
The need for digital QKD
Despite the theoretical advantages of QKD, its practical
implementation is currently limited in many ways.
A current drawback of QKD is that in addition to the quantum
channel, there is a requirement for a classical authenticated channel for key
verification between QKDEs, which creates a dependency on classical security
systems and compromises the overall end-to-end quantum safety that QKD intends
to solve.
Bigger than this is the issue of high infrastructure
overheads required for QKD networks to reach mass adoption, and its associated costs.
Not only are multiple QKDEs needed, but in the case they are linked by optic fiber cables, these are sensitive to environmental conditions and currently cannot
sustain transmission of photons beyond lengths of a few hundred kilometers. In the case that laser and satellite links are used to transmit photons, the cost to set up satellites, ground stations and equipment is significant, in addition to managing and overcoming weather conditions. On top of physical integration, current software and cloud applications must
be able to connect to and pull sufficient keys from QKDEs in a quantum-safe
manner.
QKDLite as a digital QKD
One possibility is for QKD to be implemented today with a
‘digital QKD’ – a completely classical-based module that acts as a QKD yet can
be instantiated much closer to cloud applications. This works around the
current lack of physical infrastructure and integrates with current software systems,
providing a quantum-safe solution usable today. pQCee’s QKDLite is designed to
act as such a digital QKD instance, providing a tamper-evident key usage, quantum
randomness and ephemeral keys.
Currently, QKDLite supports connection with a pair of QKDEs
or a QRNG (Quantum Random Number Generator) for quantum-safe key provisioning. If
two QKDLite instances are connected to a pair of QKDEs, they can request for
quantum keys via a REST API and push the keys into tamper-proof storage such as
an HSM at both sides while adhering to the latest ETSI protocol. Alternatively,
QKDLite supports internal creation of keys given values from a QRNG in
conjunction with post-quantum cryptography, resulting in quantum-safe keys that
can also be used and stored without any QKDE infrastructure. Any keys that are
generated in this way can be exported to another QKDLite instance using
quantum-safe libraries. In either case, users have access to a shared set of quantum-safe
keys available for consumption without needing to directly interface with
QKDEs.
Since QKDLite is directly involved in key generation, it allows for
custom key policy management: controlling key availability, rotation and
expiration. The number of keys always available can be set, as well as how
often keys are refreshed, accommodating for high-volume usage of ephemeral keys
that may be needed in cloud applications.
QKDLite’s key usage is also tamper-evident. Since each key
exists on both instances of the pair of digital QKDs, key consumption can be
tracked, enabling detection of unauthorized key usage.
An Example: Secure File Transfer
This concept is best illustrated by the example of securing files
for transfer. At both QKDLite instances, there are 3 keys set up. Alice wants
to encrypt and send a file to Bob, as shown in Figure 1 below.
Alice consumes a key from QKDLite A, the QKDLite instance to
which she is connected, to encrypt the file. The key remains at the other
QKDLite instance, QKDLite B, as displayed in Figure 2.
Alice sends the encrypted file to Bob over the internet
through email. Bob receives the encrypted file (Fig. 3) and consumes the same
key pulled from his QKDLite instance to decrypt and view the file (Fig. 4).
In the unideal scenario that Eve intercepts the encrypted
file (Fig. 5), file decryption depends on whether Eve has access to the decryption
key at QKDLite B and who consumes the key first. If Eve has no access to QKDLite
B, she cannot decrypt the file she intercepted. If she has access to the
QKDLite instance but Bob consumes the key first, Eve will not be able to
decrypt the file.
In the worst case, Eve decrypts the file by consuming the decryption key at QKDLite B. But if Bob tries to decrypt the file and finds he cannot, he is notified that the file has been decrypted since the key has been consumed, ensuring a tamper-evident key usage system.
What’s next for QKDLite?
By relying on quantum-safe cryptography as opposed to quantum
photonics, digital QKDs such as QKDLite can quickly integrate with current software
implementations without massive infrastructure overhead, providing quantum-safe
keys for use. The advantage is even more apparent for more complex cloud
applications that require high availability and implementation of a fail-safe for
quantum key management is needed. QKDLite can be horizontally scaled such that the
failure of any digital QKD instance does not impact the overall availability of
the key distribution infrastructure.