Thursday 11 June 2009
To overcome some limitations of the Quantum Key Distribution, the SwissQuantum network implements a new device called the Key Server which fetches secret keys from the Quantum Key Distribution (QKD) server and implements additional functionalities to enhance key management abilities such as:
High-Speed Key Generation
Efficient key distribution in multi-point networks
Parallel Key Agreements
The SwissQuantum network demonstrates high-speed key generation by connecting two or more QKS to the same Key Server, as shown in the figure below. This increases resiliency & the key throughput available to encryptors in quantum key exchange.
SwissQuantum demonstrates a method of intra Key Servers key exchange that ensures key redundancy and helps avoid single points of failure in the Quantum key distribution network. The figure below shows how the key QKS3 + QKS4 is exchanged through the link KS1-KS3-KS2:
SwissQuantum network displays a mechanism to distribute the same set of keys to all key servers in a multipoint network. This would provide additional flexibility to users connected in the network. A simple application would be encryption of broadcast messages in a network. The figure below demonstrates the same:
Parallel Key Agreement is a cryptographic architecture, where two stations have the possibility to exchange secretly symmetric key material using several key agreement processes. The idea is to combine the different elementary keys producing a resulting key whose security can be ensured with weaker assumptions than for each of the elementary keys taken individually. This resulting key would thus be as secure as the strongest of the elementary keys.
Dual Key Agreement is the simplest realization of parallel key agreement. It indeed relies on two independent key agreement processes. One of the processes uses the Public Key Infrastructure (PKI) key exchange techniques, while the second one relies on quantum key distribution. The main benefits offered by dual key agreement are:
The possibility to certify the conventional key agreement process according to national and international standards. This is particularly important since such standards do not exist yet for quantum cryptography.
The possibility to implement a failure mode: contrary to the quantum cryptography process, the conventional one does not require specialized hardware. It can thus be used to implement a failure mode for key agreement in case the quantum cryptography hardware stopped working.