Key Server

Thursday 11 June 2009

To overcome some limitations of the Quantum Key Distribution, the SwissQuantum network implements a new device called the Key Server which fetches secret keys from the Quantum Key Distribution (QKD) server and implements additional functionalities to enhance key management abilities such as:
- High-Speed Key Generation
- Key redundancy
- Efficient key distribution in multi-point networks
- Parallel Key Agreements

High-Speed Key Generation

The SwissQuantum network demonstrates high-speed key generation by connecting two or more QKS to the same Key Server, as shown in the figure below. This increases resiliency & the key throughput available to encryptors in quantum key exchange.

PNG - 9.1 kb
High-speed key generation by connecting several QKS to the same key server

Key Redundancy

SwissQuantum demonstrates a method of intra Key Servers key exchange that ensures key redundancy and helps avoid single points of failure in the Quantum key distribution network. The figure below shows how the key QKS3 + QKS4 is exchanged through the link KS1-KS3-KS2:

PNG - 26.6 kb
Key Redundancy

Efficient key distribution in multi-point networks

SwissQuantum network displays a mechanism to distribute the same set of keys to all key servers in a multipoint network. This would provide additional flexibility to users connected in the network. A simple application would be encryption of broadcast messages in a network. The figure below demonstrates the same:

PNG - 17.5 kb
Key distribution in multi-point networks

Parallel Key Agreements

Parallel Key Agreement is a cryptographic architecture, where two stations have the possibility to exchange secretly symmetric key material using several key agreement processes. The idea is to combine the different elementary keys producing a resulting key whose security can be ensured with weaker assumptions than for each of the elementary keys taken individually. This resulting key would thus be as secure as the strongest of the elementary keys.

Dual Key Agreement is the simplest realization of parallel key agreement. It indeed relies on two independent key agreement processes. One of the processes uses the Public Key Infrastructure (PKI) key exchange techniques, while the second one relies on quantum key distribution. The main benefits offered by dual key agreement are:
- The possibility to certify the conventional key agreement process according to national and international standards. This is particularly important since such standards do not exist yet for quantum cryptography.
- The possibility to implement a failure mode: contrary to the quantum cryptography process, the conventional one does not require specialized hardware. It can thus be used to implement a failure mode for key agreement in case the quantum cryptography hardware stopped working.

Warning: touch() [function.touch]: Utime failed: Permission denied in /home/www/4632712deec764b1cc10c73181107538/web/swissquantum/ecrire/inc/genie.php on line 81