The objective of this Recommendation is to provide guidance on security requirements for trusted nodes in QKD networks. This Recommendation will identify the security threats and provide security requirements of trusted node, as well as some implementation examples to meet the requirements.
The present document gives an overview of the current understanding and best practice in academia and industry about quantum-safe cryptography (QSC). It focuses on identifying and assessing cryptographic primitives that have been proposed for efficient key establishment and authentication applications, and which may be suitable for standardization by ETSI and subsequent use by industry to develop quantum-safe solutions for real-world applications.
The present document examines a number of real-world uses cases for the deployment of quantum-safe cryptography (QSC). Specifically, it examines some typical applications where cryptographic primitives are deployed today and discusses some points for consideration by developers, highlighting features that may need change to accommodate quantum-safe cryptography. The main focus of the document is on options for upgrading public-key primitives for key establishment and authentication, although several alternative, non-public-key options are also discussed.
The present document presents the results of a simplified threat assessment following the guidelines of ETSI TS 102 165-1 [i.3] for a number of use cases. The method and key results of the analysis is described in clause 4. The present document makes a number of assumptions regarding the timescale for the deployment of viable quantum computers, however the overriding assertion is that quantum computing will become viable in due course. This is examined in more detail in clause 5. The impact of quantum computing attacks on the cryptographic deployments used in a number of existing industrial deployment scenarios are considered in clause 7.
The present document gives information on the long-term suitability of symmetric cryptographic primitives in the face of quantum computing.
The Use Cases Document shall provide an overview of possible application scenarios in which Quantum Key Distribution (QKD) systems ([i.1]) can be used as building blocks for high security Information and communication technology (ICT) systems.
The present document is intended to specify an Application Programming Interface (API) between a QKD key manager and applications. The function of a QKD key manager is to manage the secure keys produced by an implementation of a QKD protocol and to deliver the identical set of keys, via this API, to the associated applications at the communication end points.
The present document gives specifications and procedures for the characterization of optical components for use in QKD systems. Examples of specific tests and procedures for performing such tests are given. Due to their importance in the security of a QKD system, particular attention is given to active optical components such as optical sources and single photon detectors.
The present document describes the main communication resources involved in a QKD system and the possible architectures that can be adopted when performing a QKD deployment over an optical network infrastructure. The scope of the present document is restricted to QKD deployments over fibre optical networks. Architectural options are also restricted to point-to-point communication.
The present document specifies a communication protocol and data format for a quantum key distribution (QKD) network to supply cryptographic keys to an application.
The present document provides a definition of management interfaces for the integration of QKD in disaggregated network control plane architectures, in particular with Software-Defined Networking (SDN). It defines abstraction models and workflows between a SDN-enabled QKD node and the SDN controller, including resource discovery, capabilities dissemination and system configuration operations. Application layer interfaces and quantum-channel interfaces are out of scope.
Recommendation ITU-T Y.3802 defines a functional architecture model of quantum key distribution (QKD) networks. In order to realize this model, it specifies detailed functional elements and reference points, architectural configurations and basic operational procedures of QKD networks (QKDN).