Quantum Computing

Information technology security techniques — Security requirements, test and evaluation methods for quantum key distribution — Part 1: Requirements

The present document specifies protection of QKD modules against Trojan horse attacks launched against a time-varying phase, polarisation or intensity modulator that encodes or decodes at least one of bit values, basis values or the intensities of signal, decoy or vacuum states from the quantum channel.

To realize secure, stable, efficient, and robust operations of and services by a quantum key distribution (QKD) network as well as to manage a QKD network (QKDN) as a whole and support user network management, Recommendation ITU-T Y.3804 specifies functions and procedures for QKDN control and management based on the requirements specified in Recommendation ITU-T Y.3801.

Recommendation ITU-T Y.3803 provides help for the design, deployment, and operation of key management of a quantum key distribution network (QKDN). 

Recommendation ITU-T Y.3802 defines a functional architecture model of quantum key distribution (QKD) networks. In order to realize this model, it specifies detailed functional elements and reference points, architectural configurations and basic operational procedures of QKD networks (QKDN).

In the context of quantum key distribution networks (QKDNs), Recommendation ITU-T Y.3801 specifies the functional requirements for quantum layer, the key management layer, the QKDN control layer and the QKDN management layer.

Recommendation ITU-T Y.3800 specifies an overview on networks supporting quantum key distribution (QKD).

This Recommendation aims to provide support for design, deployment, operation and maintenance to implement QKD networks (QKDNs) in terms of standardized technologies.

The relevant network aspects for conceptual structure, layered model and basic functions are within the scope of the Recommendation to support its implementation.

This Technical Report provides security considerations for quantum key distribution (QKD) network. It describes the following:

• Introduction to the QKD network (QKDN);
• Security considerations in communications between the QKD systems and (cryptographic) applications;
• Security considerations in communications between QKD systems and management (and monitoring) systems; and
• Standardization issues and suggestions for future works.

Recommendation ITU-T X.1714 describes key combination methods for quantum key distribution network (QKDN) and specifies security requirements for both the key combination and the key supply from QKDN to cryptographic applications.

Recommendation ITU-T X.1710 specifies a framework including requirements and measures to combat security threats for quantum key distribution networks (QKDNs).

It specifies a simplified QKDN structure for analysis of the relevant security threats. Security requirements and corresponding security measures are then specified on that basis.

The present document compares a selection of proposals for quantum-safe key exchanges taken from the academic literature. In particular, it includes key exchanges based on the Learning with Errors (LWE), Ring-LWE and Supersingular Isogeny Diffie-Hellman (SIDH) problems, as well as key exchanges constructed from the Niederreiter and NTRU key transport schemes.

The present document gives an overview of each key exchange, lists proposed parameters and gives software performance estimates on a range of processors. It also discusses various security and implementation considerations such as active attacks and side-channel vulnerabilities.

The present document provides a definition of management interfaces for the integration of QKD in disaggregated network control plane architectures, in particular with Software-Defined Networking (SDN). It defines abstraction models and workflows between a SDN-enabled QKD node and the SDN controller, including resource discovery, capabilities dissemination and system configuration operations. Application layer interfaces and quantum-channel interfaces are out of scope.