Low-cost, Scalable and Practical Post Quantum Key Distribution
- Physical (hardware-based) QKD is being researched and developed at Oak Ridge National Laboratory (ORNL) and Los Alamos National Laboratory (LANL).
- Our proposed software-based QKD effort is complementary to these efforts and aims to significantly reduce deployment hurdles and monetary costs. We will follow a two-pronged strategy for transitioning our technology. One prong is to publish and disseminate the algorithms and open-source the implementations so they are available for interested vendors. The second prong is to actively engage vendors in the EDS space on this technology through meetings and demonstrations of the technology. Some examples include but are not limited to, GE Global Research and ID Quantique. Vendors who are interested in engaging with this second prong are encouraged to contact Attila Yavuz.
We will develop an efficient and authenticated Computationally-secure QKD (CQKD) infrastructure, which will be bootstrapped by QKD hardware only minimally but strategically. Our proposed CQKD will provide post-quantum key distribution via lattice-based public key encryption techniques that are supported by hash-based signatures to prevent quantum man-in-the-middle attacks. Hence, our CQKD will offer a post-quantum communication backbone that can cover a vast majority of critical EDS infrastructure without the need of expensive QKD hardware and costly dedicated fiber optic deployments. Moreover, CQKD will enable key distribution not only among substations, but also between substations and peripheral devices; and therefore, eliminate the hurdles of manual symmetric key distribution. CQKD will harness QKD hardware to deliver only the master CQKD certification keys, which will be used as the root keys in the certification hierarchy. As a result, only a fraction of EDS infrastructure will need QKD, while the rest of the infrastructure will be protected with CQKD. This is expected to offer significant cost reductions.
With the latest advancements on quantum computers (e.g., D-Wave 2000Q ), the need for post-quantum security is gaining urgency especially in critical infrastructures such as energy delivery systems (EDS) (e.g., electricity, oil & gas). Quantum computers can break most of the existing cryptographic schemes (e.g., ECDH, RSA, etc.) that are based on traditional hard problems (e.g., factoring, DLP). Therefore, standard public key primitives (e.g., encryption/signatures), and hence key distribution and public key infrastructures that rely on those primitives will be ineffective. However, symmetric key primitives with larger key sizes remain secure against quantum computers (e.g., AES-256, SHA-512) . Hence, physical Quantum Key Distribution (QKD) is proposed for distributing symmetric keys between high-end devices securely [19,20,21,22,23,24,25]. While QKD can provide high security based on the laws of physics, scalability issues hinder its wide adoption. Our proposed approach will help physical QKD scale and significantly reduce deployment and infrastructure costs.
Low-cost, Scalable and Practical Post Quantum Key Distribution Infrastructure for EDS (2018 Industry Workshop)