Privacy Enhanced QKD Networks: Zero Trust Relay Architecture based on Homomorphic Encryption
- URL: http://arxiv.org/abs/2503.17011v1
- Date: Fri, 21 Mar 2025 10:20:06 GMT
- Title: Privacy Enhanced QKD Networks: Zero Trust Relay Architecture based on Homomorphic Encryption
- Authors: Aitor Brazaola-Vicario, Oscar Lage, Julen Bernabé-Rodríguez, Eduardo Jacob, Jasone Astorga,
- Abstract summary: Quantum key distribution (QKD) enables unconditionally secure symmetric key exchange between parties.<n>Traditional solutions rely on trusted relay nodes, which perform intermediate re-encryption of keys using one-time pad (OTP) encryption.<n>We propose a zero-trust relay design that applies fully homomorphic encryption (FHE) to perform intermediate OTP re-encryption.
- Score: 0.0
- License: http://creativecommons.org/licenses/by-nc-nd/4.0/
- Abstract: Quantum key distribution (QKD) enables unconditionally secure symmetric key exchange between parties. However, terrestrial fibre-optic links face inherent distance constraints due to quantum signal degradation. Traditional solutions to overcome these limits rely on trusted relay nodes, which perform intermediate re-encryption of keys using one-time pad (OTP) encryption. This approach, however, exposes keys as plaintext at each relay, requiring significant trust and stringent security controls at every intermediate node. These "trusted" relays become a security liability if compromised. To address this issue, we propose a zero-trust relay design that applies fully homomorphic encryption (FHE) to perform intermediate OTP re-encryption without exposing plaintext keys, effectively mitigating the risks associated with potentially compromised or malicious relay nodes. Additionally, the architecture enhances crypto-agility by incorporating external quantum random number generators, thus decoupling key generation from specific QKD hardware and reducing vulnerabilities tied to embedded key-generation modules. The solution is designed with the existing European Telecommunication Standards Institute (ETSI) QKD standards in mind, enabling straightforward integration into current infrastructures. Its feasibility has been successfully demonstrated through a hybrid network setup combining simulated and commercially available QKD equipment. The proposed zero-trust architecture thus significantly advances the scalability and practical security of large-scale QKD networks, greatly reducing reliance on fully trusted infrastructure.
Related papers
- Onion Routing Key Distribution for QKDN [1.8637078358591843]
The advance of quantum computing poses a significant threat to classical cryptography.<n>Two main approaches have emerged: quantum cryptography and post-quantum cryptography.<n>We propose a secure key distribution protocol for Quantum Key Distribution Networks (QKDN)
arXiv Detail & Related papers (2025-02-10T16:47:42Z) - Application of $α$-order Information Metrics for Secure Communication in Quantum Physical Layer Design [45.41082277680607]
We study the $alpha$-order information-theoretic metrics based on R'enyi entropy.
We apply our framework to a practical scenario involving BPSK modulation over a lossy bosonic channel.
arXiv Detail & Related papers (2025-02-07T03:44:11Z) - Practical hybrid PQC-QKD protocols with enhanced security and performance [44.8840598334124]
We develop hybrid protocols by which QKD and PQC inter-operate within a joint quantum-classical network.
In particular, we consider different hybrid designs that may offer enhanced speed and/or security over the individual performance of either approach.
arXiv Detail & Related papers (2024-11-02T00:02:01Z) - Relaxing Trust Assumptions on Quantum Key Distribution Networks [0.0]
We explore the possibility to securely relay a secret in a QKD network by relaxing the trust assumptions (if not completely) on the relay.
We propose multiple constructions of the QKD key management system based on the different trust levels.
Main contribution of the paper is realized by evaluating key management systems with no access trust level.
arXiv Detail & Related papers (2024-02-20T16:51:30Z) - Coding-Based Hybrid Post-Quantum Cryptosystem for Non-Uniform Information [53.85237314348328]
We introduce for non-uniform messages a novel hybrid universal network coding cryptosystem (NU-HUNCC)
We show that NU-HUNCC is information-theoretic individually secured against an eavesdropper with access to any subset of the links.
arXiv Detail & Related papers (2024-02-13T12:12:39Z) - A Practical Multi-Protocol Collaborative QKD Networking Scheme [7.328751101180386]
Quantum Key Distribution (QKD) networks can be classified into measurement-device-dependent network and measurement-device-independent network.
The communication capability of measurement-device-independent networks has a degradation compared to measurement-device-dependent networks.
A novel Multi-Protocol Collaborative networking cell is proposed in this paper.
arXiv Detail & Related papers (2023-12-12T12:08:35Z) - Eavesdropper localization for quantum and classical channels via
nonlinear scattering [58.720142291102135]
Quantum key distribution (QKD) offers theoretical security based on the laws of physics.
We present a novel approach to eavesdropper location that can be employed in quantum as well as classical channels.
We demonstrate that our approach outperforms conventional OTDR in the task of localizing an evanescent outcoupling of 1% with cm precision inside standard optical fibers.
arXiv Detail & Related papers (2023-06-25T21:06:27Z) - Practical quantum secure direct communication with squeezed states [55.41644538483948]
We report the first table-top experimental demonstration of a CV-QSDC system and assess its security.
This realization paves the way into future threat-less quantum metropolitan networks, compatible with coexisting advanced wavelength division multiplexing (WDM) systems.
arXiv Detail & Related papers (2023-06-25T19:23:42Z) - Distributed Information-theoretical Secure Protocols for Quantum Key
Distribution Networks against Malicious Nodes [15.200383830307915]
Quantum key distribution (QKD) networks are expected to enable information-theoretical secure (ITS) communication over a large-scale network.
Current research on QKD networks primarily addresses passive attacks conducted by malicious nodes such as eavesdropping.
We suggest a novel paradigm, inspired by distributed systems, to address the active attack by collaborate malicious nodes in QKD networks.
arXiv Detail & Related papers (2023-02-14T11:53:22Z) - Practical quantum multiparty signatures using quantum-key-distribution
networks [0.0]
We develop an unconditionally secure signature scheme that guarantees authenticity and transferability of arbitrary length messages in a quantum key distribution network.
We provide a comprehensive security analysis of the developed scheme, perform an optimization of the scheme parameters with respect to the secret key consumption, and demonstrate that the developed scheme is compatible with the capabilities of currently available QKD devices.
arXiv Detail & Related papers (2021-07-27T17:41:40Z) - Backflash Light as a Security Vulnerability in Quantum Key Distribution
Systems [77.34726150561087]
We review the security vulnerabilities of quantum key distribution (QKD) systems.
We mainly focus on a particular effect known as backflash light, which can be a source of eavesdropping attacks.
arXiv Detail & Related papers (2020-03-23T18:23:12Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.