Open Access
Add to BibSonomy
Abstract
Nowadays, critical sectors in government, finance, and military are facing increasingly high security challenges. However, traditional public-key crypto-systems based on computational complexity are likely to suffer from upgrade computational power. Quantum key distribution (QKD) is a promising technology to effectively address the challenge by providing secret keys due to the laws of quantum physics. Limited by the transmission distance of quantum communications, remote parties have to share secret keys by exchanging keys through the trusted relay nodes hop by hop. However, if relaying hop by hop is still used in metro quantum-optical networks (MQON), a large amount of key resources will be wasted since the distance between any two nodes is short. Therefore, the problem of how to distribute quantum keys with lower waste of key resources over MQON is urgent. In order to solve this problem, we design a novel quantum node structure that is able to bypass itself. Also, by extending the connectivity graph, auxiliary graphs are constructed to describe the adjacency of quantum nodes in different levels influenced by the physical distance. Based on the novel node, two routing, wavelength and time-slot assignment algorithms are proposed, in which some middle nodes can be bypassed to reduce the resource consumption as long as the distance between the two parties meets the requirement of quantum key distribution. Simulations have been conducted to verify the performance of the proposed algorithms in terms of blocking probability, resource utilization, number of bypassed nodes, and security rate per service. Numerical results illustrate that our algorithms perform better on resource utilization than a traditional scheme without bypass. Furthermore, a tradeoff between the keys saved and blocking probability is analyzed and discussed in our paper.
© 2020 Optical Society of America under the terms of the OSA Open Access Publishing Agreement
1. Introduction
Critical areas such as government, finance, and military which transfer information over network are likely to suffer from cyberattacks (e.g., eavesdropping, interception, and jamming [1]). However, the security of traditional key-distribution techniques (e.g., public-key crypto-systems [2]) can be compromised with the high-performance quantum computers [3] and quantum code-breaking such as Shor’s efficient algorithm [4]. Quantum key distribution (QKD) is regarded as one of the most promising solutions to share secret keys between two remote parties based on the principles of quantum physics (e.g., quantum no-cloning theorem, Heisenberg uncertainty principle) [5].
Since the first QKD protocol BB84 was proposed in 1984 [6] and the first field trial of QKD system was demonstrated in 1992 [7], significant progress has been made in the performance of point-to-point QKD and great developments have been achieved in the field trials of QKD systems [8–13]. Recently, the transmission distance of QKD has exceeded hundreds of kilometers [8], and the secret-key rate between the two QKD nodes has reached 10 Mbit per second [9]. In addition, experimental QKD has been successfully demonstrated over optical fibers [10] and free space [11] and the “Beijing-Shanghai trunk line” quantum communication network was officially opened [12] with a full-line secret-key rate of greater than 20 kbps. Thirty-two trusted relays were deployed along the line to extend the QKD transmission distance. However, each additional trusted relay means that one more set of keys and the corresponding operations will be consumed [13]. Therefore, reducing the number of relay nodes that the service passes through is beneficial to achieve a more flexible, efficient, and secure QKD network.
In the metropolitan area (80km∼100km), as long as the distance between two nodes is within a certain range, a no-relay situation can be realized during the QKD process. As far as the entire network is concerned, it only needs to be relayed at some nodes through which the key distribution path passes, and the remaining nodes can be bypassed, which means that the information passes directly in the form of quantum on these nodes, and there is no need to receive and transmit quantum signals. The process we described is defined as bypass in the domain of MQON. The distance between adjacent relay nodes is longer in this situation compared with the case where each hop is relayed [14]. Influenced by Raman scattering and four-wave mixing, the secret-key rate decreases as the distance increases [6]. Therefore, how to bypass nodes to reduce the waste of key resource and achieve a high efficient MQON becomes an urgent problem to be addressed.
In recent years, the research on MQON has greatly progressed. In order to implement dynamic reconfiguration of the key-distribution path, optical switches have been widely employed in many QKD networks [15–17] since the first QKD system with optical switches was demonstrated by Toliver [18]. In order to achieve the extension of QKD transmission distance, trusted relay is also introduced into MQON. Chen et al. [19] demonstrate a hybrid five-node MQON with both optical switches and trusted relays. Moreover, the switching time is also studied by [20] and successfully reduced to 20s. In addition, a lot of field trials have been demonstrated for MQON [21–23]. However, existing researches believe that encryption and decryption operations are performed when a service passes through a trusted relay node. To the best of the authors’ knowledge, there is almost no study targeting at reducing the waste of key resource by bypassing relay nodes over MQON.
This paper is an extension of [13]. In this study, we proposed two auxiliary graph based routing, wavelength, and time-slot algorithms in MQON, and the main contributions of our paper can be described as follows: 1) a simple trusted relay node structure supporting bypass which is controlled by Software Defined network(SDN) is designed; 2) by extending the connectivity graph in [24], a series of auxiliary graphs are constructed to illustrate the adjacency of quantum nodes in different levels influenced by the physical distance over MQON; 3) based on the new node structure and the auxiliary graphs, two heuristic algorithms, full-bypassed based routing, wavelength, and time-slot assignment (FB-RWTA) algorithm and partial-bypassed based routing, wavelength, and time-slot assignment (PB-RWTA) algorithm, are proposed to reduce the number of relay nodes and achieve a flexible, efficient and secure MQON; 4) simulations are conducted on the problem of the waste of key resource. The result shows that our algorithms obtain a promising performance and compared with FB-RWTA, PB-RWTA achieves a tradeoff of keys saved and blocking probability and is more flexible to be employed in real MQON.
The rest of this study is organized as follows. Some related technologies over MQON are briefly described in Section 2. Section 3 proposes the problem including the waste of resources and the security of trusted relay. Section 4 provides the network model. A simple node structure supporting bypass is designed in Section 5. Section 6 proposes the FB-RWTA and the PB-RWTA algorithm. The performance of our algorithms is evaluated and analyzed in Section 7. Section 8 concludes this study.
2. Related technologies to MQON
In this section, several related technologies (i.e., point-to-point QKD and trusted relay for long distance QKD) to MQON are introduced first.
2.1 Point-to-point QKD
In order to illustrate the basic principles of QKD, a point-to-point QKD system is shown in Fig. 1 for secure transmission between Alice and Bob. The sender Alice transmits photon sequences with random basis, and Bob randomly selects basis to measure and obtain the raw keys through the quantum channel (QCh, located at approximately 1530 nm). The public channel (PCh) is used to transmit the synchronous clock signal and the data channel (DCh) is used to transmit the encrypted data. The shared keys will be obtained after a series of interactions (i.e., key sifting, key distillation) between Alice and Bob through PCh. Given that the cost of dark fibers is extremely high, it is efficient and reasonable to integrate QKD with the existing optical networks by wavelength division multiplexing (WDM) technique [25,26] as long as a large guard band (e.g., 200 GHz [14,27]) is reserved between QCh and PCh.
2.2 Trusted relay for long-distance QKD
Influenced by Raman scattering and four-wave mixing, the key rate decreases as the distance increases. Given that quantum relay is still immature [28], trusted relay is proposed and employed to extend the transmission distance between two quantum nodes [21,23]. A QKD scenario with a trusted relay is demonstrated in Fig. 2, which includes three Quantum Nodes (QNs) and two Quantum Links (QLs). When a QKD service from QN1 to QN3 is requested, QN2 acts as a trusted relay (TR) node to establish two QKD links to QN1 and QN3, respectively. To obtain the keys between QN1 and QN3, two steps should be than: Both QKD links produce (①), independently, secret keys Sk1 and Sk2 with the same quantum key size. Sk1 is encrypted by Sk2 and then relayed to QN3 for sharing keys Sk1 between QN1 and QN3 (②).
3. Problem statement
In this section, the problem of waste of key resources is proposed and analyzed over MQON. In MQON, all the given quantum nodes have service requirements, and the distance between two adjacent nodes is much closer than that of the backbone network. Therefore, there is almost no need to deploy dedicated trusted relays. For a key-distribution request between non-adjacent quantum nodes, all nodes except the source node and the destination node on the service path can be regarded as trusted relays.
However, from the use case shown in Fig. 2, we can see that all the secret keys shared between QN1 and QN3 have to be relayed through QN2 in tradition, though the transmission distance between QN1 and QN3 is close enough to distribute secrets keys directly.
When a secure service is request from QN1 to share secret keys with QN3 illustrated in Fig. 3, the routing path is calculated as QN1-QN2-QN3. Considering the method shown in the red rectangle, to obtain the shared keys, two QKD processes are required to generate Sk1 and Sk2, respectively and encryption and decryption operations are required at QN2. In this way, the number of keys consumed will be twice the number of requested keys. However, if QN1 distribute secret keys with QN3 directly with QN2 bypassed, only one set of keys are consumed to obtain Sk. Therefore, it is a great waste of keys to relay in every node located on the routing path over MQON.
Given the wavelength resources for QChs in existing WDM networks are finite and the secret keys are precious, for a certain number of security services, our target is to maximum the number of bypassed nodes to reduce the waste of key resources. We divide it into two cases according to different constraints: (1) regardless of channel occupation of QChs, as long as a certain distance condition is satisfied, bypass can be performed; (2) the congestion of QChs will affect the threshold distance that can be bypassed. Later, we will also give different solutions for different constraints.
4. Network model
In this section, we describe the network so as to better illustrate our schemes applying in this scenario. The network can be represented by G (V, E), where V is the QKD node set and E is the QKD directed link set. The physically adjacent node vi and the node vj are connected by the link eij, and all the nodes vi in the network have the quantum transponder device, which means that each node can serve as the source node and the destination node of the service. In addition, each vi can act as a trusted relay. Each quantum link contains 4 PChs and 4 QChs. For the sake of simplicity, we do not consider the transmission of encrypted data here, so the number of DChs is set sufficient.
Advanced encryption standard (AES) is an algorithm to encrypt data with short execution time, small key size and high efficiency. Given that AES is applied to encrypt the data in our model, the secure keys must be frequently updated to prevent the encrypted data being cracked by the eavesdroppers. The updating period are set to a fixed value and denoted as T [14]. In addition, R is the set of secure services with secret keys required. Rk is the set of QKD requests to distribute keys for R, which is composed of rik and ruk. rik and ruk are sets to respectively illustrate the request of an initial-secret key and the request of an update-secret key. We named it absolutely secure only when all the requests of update-secret keys are met, and when only part of such requests are distributed keys successfully, we call it relatively safe. In order to carry more secret-key services, the Time Division Multiple Access (TDMA) technology is applied to the scenario of key distribution. One update period can be divided into multiple time slots denoted as Δt, and multiple services can work in parallel by occupying different numbers of time slots.
Before introducing the two bypass methods we proposed, we here introduce the various parameters used in this paper which are illustrated in Table 1. The specific expression will be detailed in Section 5 and Section 6 where the auxiliary graph and the two routing, time-slot, and wavelength assignment schemes are proposed.
Table 1. Notations and Definitions
5. Quantum node structure supporting bypass
In order to realize the quantum key distribution directly between the two non-adjacent nodes whose distance is within a certain range, a feasible node structure with the ability of bypass is designed in this section. Since the focus of this article is not the new node architecture, we only briefly describe the structure of the node.
As shown in Fig. 4, the node structure supporting bypass is composed of five modules: The MUX and DEMUX module, the optical switch module, the optical quantum transceiver module, the logical-processing module, and the SDN agent. SDN is a promising technique used in MQON, which can control the entire network efficiently [29]. And among these modules, the SDN agent is used to control the node by SDN; the MUX and DEMUX module is used to implement wavelength division multiplexing and demultiplexing; the optical switch module is controlled by the SDN agent for realizing the change of the quantum signal transmission direction; the optical quantum transceiver module is for receiving and transmitting the quantum signal, and finally the logical-processing module is used to process the quantum signal and generate secret keys. Compared with the traditional quantum node, our novel node structure adds an optical switch module and an SDN agent to control whether the node is bypassed under different conditions.
When the quantum signal arrives at the node, it first splits its wavelength through the demultiplexer and enters into two different fibers. The optical switch module then changes its state according to the information obtained from the controller. For each wavelength, there are two options: access phase and bypass which are represented by the red line and the green line respectively. If it is chosen to receive the quantum signal, the node will behave as a relay node or a destination node. If bypass is selected, the quantum signal will not be accepted at this node, and will be transferred directly to the next node. Next, through the optical opening and multiplexer, the bypassed quantum signal and the quantum signal emitted from the node are merged into the same fiber and passed to the next node. In the above manner, the node we designed implements the function of node selective bypass.
6. Heuristic algorithms
In this section, we first construct a series of auxiliary graphs by extending the connectivity graph [24] to illustrate the adjacency of quantum nodes in different levels influenced by the physical distance over MQON. Different from [24], a set of auxiliary graphs rather than one are constructed with distance as the threshold, so that the mapping between auxiliary graphs can be achieved, not just the mapping between auxiliary graphs and physical topology. Based on the auxiliary graphs, two promising schemes are proposed and illustrated. Finally, we give a detailed introduction and complexity analysis of the specific algorithms proposed by the two schemes.
6.1 Design of auxiliary graph
Figure 5(a) shows the secret-key rate versus point-to-point QKD distance for standard BB84 protocols where Dmax (∼60 km) represents the maximum achievable distance. However, the further the distance, the lower is the secret-key rate. Therefore, according to the different requirements of the secret-key rate in the actual scenario, we set a series of distance thresholds di to divide different distance intervals. As illustrated in Fig. 5(a), d1 and d2 are set to divide the entire distance interval into three parts: 0-d1, d1-d2 and d1-Dmax. We believe that when the distance is greater than d2, the rate is too low to meet the requirement of point-to-point QKD secret-key rate. In order to simplify the model, v1 and v2 are used to represent the secret-key rates of the intervals 0-d1 and d1-d2, respectively. Since the key rates in these two intervals are different, if the same number of keys are required, the number of slots in one period occupied is also different. When a similar number of keys are distributed through two links in different distance intervals, the number of time slices required to occupy is also different. The ratio of the number of occupied time slots in these two cases is defined as TPi, which can be calculated as:
According to the above division of the distance between adjacent nodes, a series of auxiliary topologies AGi are constructed for each distance interval Ii. An example of auxiliary graph construction is described in Fig. 5(b). The physical topology consists of 8 quantum nodes with all of them having bypass functionality and the distances between the nodes are given. The choice of distance corresponds to the actual distance between the nodes in the metropolitan area network. In addition, d1 and d2 are set to 28 km and 39 km, respectively. In order to construct the auxiliary graph AG2, virtual direct links are generated between all pairs of nodes whose physical distance is less than d2 in the physical topology. For example, the physical distance between QN2 and QN4 is 37 km, which is less than 39 km. So, in the auxiliary graph, node A and node C can be regarded as adjacent parties as Fig. 5(b) shows. Similarly, the other virtual links of auxiliary graph can be generated as well and then the auxiliary graph AG2 is constructed completely.
Fig. 5. (a)The secret-key rate versus point-to-point QKD distance; (b) Example of an auxiliary graph.
The auxiliary graph can clearly show the adjacency between any two nodes in different situations. Routing on the auxiliary graph can reduce the calculation time of the Dijkstra algorithm since the number of nodes to traverse was reduced. In addition, through the route mapping between the auxiliary graphs, it can adapt to the scenarios with different TP and SR where the routing line changes due to the change in the number of key resources, and it also provides more options for routing in different auxiliary graphs. Therefore, it will be applied to all the two schemes we proposed in next section.
6.2 Two scheme to address the problem
In order to make full use of the ability of our novel node structure supporting bypass and construct a high-performance quantum-key-distribution network, we propose two routing, wavelength, and timeslot-assignment schemes based on the auxiliary map, namely FB-RWTA and PB-RWTA.
The scheme of FB-RWTA is described in Fig. 6(a). In this scheme, our main purpose is to bypass as many nodes as possible. Therefore, an acceptable maximum threshold distance should be firstly chosen and the auxiliary graph is constructed according to this distance. When this auxiliary graph is constructed, it will replace the physical one. Then all the secure services will be routed on this auxiliary graph. The service is regarded as a success only when there are sufficient resources on the physical links and the physical links corresponding to the virtual links in the path.
With the scheme of FB-RWTA, we bypass as many nodes as possible, but each time it bypasses a node, it takes more time slots. When the traffic load is relatively large, it may cause traffic congestion. In order to alleviate this problem, the scheme of PB-RWTA is proposed and described in Fig. 6(b). In this method, we not only try to bypass more nodes, but also need to consider the blocking rate. Similar to the FB-RWTA scheme, we will first determine an acceptable maximum transmission distance d2. In addition, we also determine a threshold d1 between 0 and d2, and auxiliary graphs for each 0-di are constructed. In our example, the TP2 are set to 1.5. As shown in Fig. 6(b), when the resource occupancy is smaller than the threshold SR, the certain quantum node can be bypassed and a basic time-slot resource should be allocated multiplied by TP2. However, if the occupied resource of any link between QN1 and QN2 exceeds the corresponding threshold, then QN will no longer be able to bypass. The two nodes will then be routed in AG1. If there are enough time slots to allocate for the service, the service is also regarded as successful.
6.3 Full-bypassed based routing, wavelength and time-slot assignment algorithm
The proposed FB-RWTA algorithm is presented in Table 2. Given the maximum acceptable bypass level denoted as max, the first thing our algorithm needs to do is to construct the auxiliary graph AGmax as shown in line 1. For each QKD request R, Dijkstra algorithm is used to compute and select a specific virtual path Pv on AGmax in line 2. Then, Pv is mapped from AGmax to the physical topology illustrated by lines 4-8 to get the physical path Pp. In order to obtain Pp, we map each link Lj in path Pv to the physical topology to get the corresponding sub-path Pp(j). Next, the TPj is determined based on the real physical distance of each virtual link Lj in Pv in the physical topology. In addition, the number of time-slots that need to be occupied in the sub-path Pp(j) is calculated. At last, Pp(j)s are stitched together to construct Pp. Since Pp and Pv are prepared, First Fit algorithm is used to allocate time-slots for QChs.
Table 2. FB-RWTA algorithm
As described above, the QKD request set is composed of the request of initial-secret key and the request of update-secret key. The corresponding secure service is completely successful only if the request of initial-secret key and all of the requests of the update-secret key are successfully allocated enough time slots. However, if at least one update request fails, the QKD request is considered to be partially successful. At this point, compared to the completely successful QKD request, the security level of corresponding secure service will be reduced. In addition, if the initial-secret key request cannot be satisfied, then the update-secret key will not be continuously requested, and the QKD request will be directly determined to fail.
The worse-case time complexity of the FB-RWTA algorithm is analyzed as follows. Line 1 generates an auxiliary graph whose complexity can be regarded as O(|V|2). Lines 3-16 performs RWTA for each QKD request. The worst-case complexity of line 3, lines 4-8, line 9 are O(|V|2), O(|V|3), and O (|Wk|·|Tk|· (|V-1|)). Therefore, the overall time complexity of this FB-RWTA is approximately O (|V|3+|Wk|·|Tk|· (|V-1|)).
6.4 Partial-bypassed based routing, wavelength and time-slot assignment algorithm
The proposed PB-RWTA algorithm is presented in Table 3. Similar to FB-RWTA, it is also necessary to first determine the maximum acceptable bypass level max in this algorithm. Then, |max| auxiliary graphs (AG1, AG2, …, AGmax) are generated to describe the adjacency between two nodes in different level in line 1. Lines 3-14 performs routing to get the final virtual path Pv. For each QKD request R, Dijkstra algorithm is firstly used to compute and select a specific virtual path Pv on AGmax in line 4. For each virtual link Lj in Pv existing in auxiliary graph AGi, the resource occupancy RCk of physical link Ek corresponding to Lj is checked and compared with TPi. If the resource occupancy exceeds SR(i), then the Lj will be mapped to the auxiliary graph AGi-1 to obtain the sub-path. Lj will be replaced by the new virtual sub-path to implement the update of Pv. Until the resource occupancy of all links meets the corresponding threshold requirements, or |max| loops have been performed, a virtual path Pv that meets the resource threshold is finally obtained.
Table 3. PB-RWTA algorithm
Now that Pv has been obtained, the next step is to map Pv to the physical topology and calculate the number of time slots really needed for each physical link. Finally, the FF algorithm will be used for wavelength and time-slot assignment (WTA). The operation of this part is the same as the lines 4-16 of the FB-RWTA algorithm, so it will not be described here in detail.
The total overall worst-case time complexity of the PB-RWTA algorithm is evaluated as follows: line 1 generate the auxiliary graphs for |max| times. Therefore, the corresponding time complexity can be calculated as O(|max|·|V|2); through a maximum of |max| cycles, the path mapping is continuously performed according to the resource occupation on a specific physical link to obtain the final Pv. The worst-case time complexity of this part is O(|max|·|V|3). Similar to FB-RWTA, line 17 achieves WTA with a time complexity of O(|Wk|·|Tk|·(|V-1|)). Therefore, the worst-case time complexity of this PB-RWTA algorithm is O(|max|·|V|3+|Wk|·|Tk|·(|V-1|)).
7. Simulation results and analysis
The topology of eight nodes and ten links shown in Fig. 5(b) is adopted to evaluate the performance of our FB-RWTA and PB-RWTA algorithm. Considering the average numbers allocated to quantum channels is 4 in Ref. [26], 4 wavelengths are served for QChs with its distance labeled in Fig. 5. Secure services are generated among all node pairs with 10N•Δt secret keys required, while the key update period T is set to 100 Δt. 100,000 secure requests are randomly generated following Poisson Distribution and the leaving rate is set to a fixed 0.004/Δt. For the ease of explanation, only two levels of distances are set in this paper. d1 and d2 are set to 28 km and 39 km, respectively. In addition, TP1, TP2, SR(1) and SR(2) are initialed to 1, 1.5, 1, and 0.5 respectively. For the sake of simplicity, we ignore the effect of the insertion loss caused by the optical switch on the key generation rate. In order to evaluate the performance of our FB-RWTA and PB-RWTA algorithms more accurately, we adapt the traditional RWTA scheme without bypass as a benchmark. Based on the settings introduced above, we performed simulation verification on five aspects, i.e., SPA and SPR for secure services, the blocking probability and resource utilization for QKD requests, the number of bypassed nodes for QKD requests, the performance with different value of TP and SR for auxiliary graphs and the security analyzed with different algorithms. The results of performance for our two schemes are given and discussed as follows.
7.1 SPA and SPR for corresponding secure services
For the security service, what we value more is not the success of a QKD request in the time when the service exists, but whether the entire security service is secure. Therefore, here we present two indicators, SPA and SPR. SPA is defined as the ratio of the number of secure requests which are absolutely secure, to the total number of secure requests generated whereas SPR is defined as the ratio of the number of secure requests which are relatively secure to the total number of secure requests generated. Hence, SPA and SPR represent the absolutely secure probability and the relatively secure probability of secure services respectively.
SPA and SPR are depicted in Fig. 7(a) and Fig. 7(b) separately versus traffic load for the three algorithms respectively. It can be observed that both SPA and SPR of all the three algorithms decrease as the traffic load increases which mainly results from the increase of the number of secure requests. Compared with the benchmark, the proposed FB-RWTA and PB-RWTA algorithm have a lower SPA. The reason is that the way of bypassing extends the transmission distance between nodes with a lower secret-key rate, so more time slots are required to distribute the same number of keys for a certain QKD request.
On the other hand, as the traffic load increases, the SPA of PB-RWTA is getting closer to the benchmark while the SPA of FB-RWTA is getting away from the benchmark. For PB-RWTA, when the traffic load is 70, the impact on SPA is the largest, and the performance compared with the benchmark is reduced by 5%. In addition, when the traffic load is 190, the performance of the two algorithms is very close. For FB-RWTA, when the traffic load is 190, the performance is reduced by 10.7%. The reason is that PB-RWTA algorithm can be dynamically adjusted based on the resource occupancy situation of the actual network. The more congested the link is, the fewer is the number of nodes bypassed.
For similar reasons, the three algorithms have similar curves for SPR and SPA, because the increase in time slots occupied by a single QKD request can cause both rik and ruk to fail. However, the SPR only requires that the rik corresponding to a security service must succeed, so the SPR is always higher than the SPA when the same traffic is used.
7.2 Blocking probability and resource utilization for QKD requests (rik or ruk)
In this part, the main focus is on the traditional performance indicators for each specific QKD request (rik or ruk). Blocking probability (defined as ratio of QKD requests that fail to obtain the keys to the total number of QKD requests) and resource (including wavelength and time-slot resources) utilization of QKD requests are utilized to evaluate the performance of our algorithms.
As shown in Fig. 8(a), blocking probability of QCh increases when the traffic load increases which results from the increasing number of QKD requests. It can be seen clearly that PB-RWTA has a lower blocking probability than FB-RWTA especially when the traffic load is large enough. When the traffic load arrives at 190 Erlang, the blocking rate improvement of PB-RWTA is up to 29.6% versus FB-RWTA. This is because PB-RWTA can alleviate the resource pressure caused by the increase in traffic by reducing the number of bypass nodes. Moreover, for the case where the benchmark has the lowest blocking probability, the reason can be attributed to the fact that during key generation, it is necessary to relay at all the nodes through which the physical path passes. Therefore, the distance between adjacent nodes is within d1, and no more time slots are required.
Fig. 8. (a)Blocking probability, (b) Wavelength and time-slot utilization of QKD requests under the three algorithms.
Figure 8(b) shows the wavelength and time-slot utilization of QKD requests under the benchmark, FB-RWTA, and PB-RWTA algorithms. The benchmark scheme shows a lowest utilization result from its lower used resources. The wavelength and time-slot utilization of the three algorithms increase as the traffic load increases. Moreover, FB-RWTA has a highest utilization among the three schemes, because it tries hard to bypass as many nodes as possible without considering the congestion in the network. It is obvious that a positive change in the update period will lead to a negative change in the time-slot utilization through an increase in the number of updating key services. The wavelength and time-slot of PB-RWTA approximates that of FB-RWTA at the beginning, and then get closer to the curve of the benchmark gradually. This is because limited by the TP of the corresponding distance interval before bypassing, as the traffic load increases, PB-RWTA reduces the number of bypassed nodes and the time slots required.
7.3 The number of bypassed nodes for QKD requests (rik or ruk)
In order to reduce the waste of key resources, we adopted the bypass method to reduce the number of relays, and the number of bypass nodes indicates the key resources that we can save, which is an important indicator for evaluating the performance of the algorithm.
Figure 9 shows the total number of bypassed nodes for all QKD requests (100000 secure services) under the benchmark, FB-RWTA, and PB-RWTA algorithms. The number of bypass nodes Nb means how much secret key resources are saved and it can be defined and calculated as:
We can observe that the benchmark does not bypass any nodes from start to end. When the traffic load increases or decreases, the number of bypass nodes for FB-RWTA algorithm also increases or decreases gradually due to the reduction of the successful QKD requests. Moreover, when the traffic load is low, PB-RWTA can save similar resources compared with the FB-RWTA. As traffic load increases, the algorithm adjusts itself to reduce the number of bypassed nodes, thus achieve a lower blocking rate. It can be seen that the number of nodes bypassed and the blocking probability of QKD requests are contradictory parameters. The main purpose of benchmark is to reduce the blocking probability. The purpose of FB-RWTA is to save more key resources. PB-RWTA saves more key resources while considering the degree of congestion of QKD requests, thus achieving a trade-off between the two parameters.
Since TDMA technology is applied in our algorithm, we evaluate the performance for PB-RWTA with different fixed T. As shown in Fig. 10, blocking probability of PB-RWTA increases for increasing traffic load, and it decreases for increasing value of the key-updating period T (the number of key-update requests increases as T increases). At the same time, increasing the value of T will also reduce the security of the corresponding security service. When the required security level is not high enough, we can distribute the keys for more secure services by increasing T.
7.4 Performance evaluation with different values of TP and SR for auxiliary graphs
The construction of the auxiliary graph is the basis of the FB-RWTA and PB-RWTA algorithms, so the settings of the auxiliary graph parameters will have a greater impact on the performance of the algorithm. Given d1 and d2 are set to 28 km and 39 km, the impacts on blocking probability of different TP2 and SR(2) are respectively evaluated and discussed in this part.
Figure 11(a) depicts the blocking probability for QChs with different TP2 under FB-RWTA and PB-RWTA. It can be seen that the blocking probability of both algorithms increases for increasing TP. This is because the increase of TP2 means that each time when the node is bypassed, more time slots are required to consume, which will lead to the increase of blocking rate. Moreover, Compared with PB-RWTA, the change of TP2 has a greater impact on the FB-RWTA algorithm. It can be seen that when the traffic volume is 130, the blocking probability with a lower TP2 (TP2=1.2) is reduced by 35% compared to that with a higher TP2 (TP2=1.8). The reason is that the FB-RWTA algorithm does not consider the side effects of bypassing, but just try to bypass more nodes to save key resources. In contrast, PB-RWTA considers the resource occupancy during bypass and adjusts itself to reduce the impact of TP changes.
Fig. 11. QChs blocking probability with different settings of auxiliary graph under PB-RWTA and FB-RWTA algorithm: (a) different TP2; (b) different SR(2).
Figure 11(b) illustrates the comparison of the blocking probability with different SR(2) (0, 0.2, 0.5, 0.8, 1) under PB-RWTA algorithm. As shown in Fig. 11(b), the blocking probability of QKD requests increases as SR(2) increases. It can be explained that the larger the SR(2), the more difficult it is to achieve bypass in I2 (28 km-39 km). When SR(2) equals 0, it means it will never bypass node in I2 (different from FB-RWTA, they are exactly the same only in the case of SR(2)= SR(3)=…= SR(k) = 0). And it will try its best to bypass the node when SR(2) equals to 1. From this point of view, it can be found that SR is able to adjust the trade-off between the blocking probability and the number of secret keys saved. If we would like to bypass more nodes, SR(2) is suggested to be set at a larger value. In contrast, in can be set smaller if the blocking probability is more important.
7.5 Security analysis for different algorithms
In addition to reduce the waste of key resources, bypassing also has a certain impact on the security performance of the service. In this part, we propose two indicators that represent security performance, namely physical security (security of relay) and algorithm security (security of update)."Trusted relay” is actually a complex of quantum signal transmitter and receiver, plus a computer to encrypt and decrypt the key, so in the “trusted relay”, there is a process of continuously decrypting and re-encrypting secret keys and the secret will be expose for a period of time in plain text, thus face a risk of being leaked. And physical security is affected by the number of nodes in the path. Since trust relay may have some small security risks caused by the exposed of plaintext, the more are the number of relay nodes, the lower is the physical security score. On the other hand, since bypassing may cause a decrease in key generation rate, generating the same number of keys may take more time slices, which causes some key update requests to fail due to insufficient channel resources, thereby reducing algorithm security score. The score of physical security Sp for a certain R can be calculated as:
where NR represents the number of nodes in the path. Algorithm security score Sa is related to the success rate of Rk (including Rik and Ruk). The higher the success rate of Rk, the higher the algorithm security score. Here, the score of algorithm security can be calculated as: where Ns and Nt represent the number of successful Rk and the total number of Rk respectively.Figures 12(a) and 12(b) demonstrate the score of the physical security and algorithm security for different algorithms respectively. It can be seen in Fig. 12(a) that the physical security score of FB-RWTA is larger than that of the algorithm without bypassing. The reason is that the bypass can reduce the number of relay nodes in the selected path, thereby increasing the physical security score. In addition, the score will increase as the traffic load increases. It is because when the traffic is relatively large, the fewer the number of path nodes, the easier it is to allocate enough resources. The PB-RWTA algorithm can be bypassed based on network congestion, thus its physical security score is between the other two algorithms. In Fig. 12(b), we can see that the score of the algorithm security for all three algorithms becomes lower when the traffic load increases since the resource becomes insufficient. PB-RWTA has a higher algorithm security score than FB-RWTA because it reduces the number of bypasses and saves resources in high traffic scenarios.
Fig. 12. Score of security versus traffic load under different algorithms:(a) physical security; (b) algorithm security.
8. Conclusion
In this paper, the problem of how to distribute quantum keys with high efficiency over MQON is addressed. To solve the problem, firstly a novel node structure is designed to support bypassing. Secondly, we enhance the connectivity graph and construct a set of auxiliary graphs to describe the adjacency of quantum nodes in different levels influenced by the physical distance. Finally, two schemes named PB-RWTA and FB-RWTA are proposed based on the auxiliary graph to achieve the key distribution with high efficiency and security over MQON. Numerical results show that our PB-RWTA and FB-RWTA algorithms perform better than the benchmark in terms of resource utilization, the number of bypassed nodes, and the score of the physical security. Moreover, PB-RWTA shows a better performance than FB-RWTA since it can adjust itself considering the congestion of the network. In the future, we will further study to apply the theory to the practice of quantum metropolitan area network networking and achieve a more efficient MQON.
Funding
National Natural Science Foundation of China (61822105, 61971068); Fundamental Research Funds for the Central Universities (2019XD-A05); State Key Laboratory of Information Photonics and Optical Communications (IPOC2019ZR01).
Acknowledgments
Part of this work has appeared in the proceeding of Optoelectronics and Communications Conference (OECC), Fukuoka, Japan, 2019 [13].
Disclosures
The authors declare no conflicts of interest.
References
1. N. Skorin-Kapov, M. Furdek, S. Zsigmond, and L. Wosinska, “Physical-layer security in evolving optical networks,” IEEE Commun. Mag. 54(8), 110–117 (2016). [CrossRef]
2. R. L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems,” Commun. ACM 21(2), 120–126 (1978). [CrossRef]
3. L. R. Schreiber and H. Bluhm, “Toward a silicon-based quantum computer,” Science 359(6374), 393–394 (2018). [CrossRef]
4. P. W. Shor, “Algorithms for quantum computation: discrete logarithms and factoring,” in Proceedings 35th Annual Symposium on Foundations of Computer Science (Academic1994), pp. 124–134.
5. H. K. Lo, M. Curty, and K. Tamaki, “Secure quantum key distribution,” Nat. Photonics 8(8), 595–604 (2014). [CrossRef]
6. C. H. Bennett and G. Brassard, “Quantum cryptography: Public key distribution and coin tossing,” Theor. Comput. Sci. 560(12), 7–11 (2014). [CrossRef]
7. C. H. Bennett, “Experimental Quantum Cryptography,” J. Cryptol. 5(1), 3–28 (1992). [CrossRef]
8. B. Korzh, C. C. W. Lim, R. Houlmann, N. Gisin, M. Li, D. Nolan, B. Sanguinetti, R. Thew, and H. Zbinden, “Provably secure and practical quantum key distribution over 307 km of optical fibre,” Nat. Photonics 9(3), 163–168 (2015). [CrossRef]
9. Z. Yuan, A. Plews, R. Takahashi, K. Doi, W. Tam, A. Sharpe, A. Dixon, E. Lavelle, J. Dynes, A. Murakami, M. Kujiraoka, M. Lucamarini, Y. Tanizawa, H. Sato, and A. Shields, “10-Mb/s Quantum Key Distribution,” J. Lightwave Technol. 36(16), 3427–3433 (2018). [CrossRef]
10. P. Eraerds, N. Walenta, M. Legré, N. Gisin, and H. Zbinden, “Quantum key distribution and 1 Gbps data encryption over a single fibre,” New J. Phys. 12(6), 063027 (2010). [CrossRef]
11. G. Vallone, V. D’Ambrosio, A. Sponselli, S. Slussarenko, L. Marrucci, F. Sciarrino, and P. Villoresi, “Free-space quantum key distribution by rotation-invariant twisted photons,” Phys. Rev. Lett. 113(6), 060503 (2014). [CrossRef]
12. S. Liao, W. Cai, J. Handsteiner, B. Liu, J. Yin, L. Zhang, D. Rauch, M. Fink, J. Ren, W. Liu, Y. Li, Q. Shen, Y. Cao, F. Li, J. Wang, Y. Huang, L. Deng, T. Xi, L. Ma, T. Hu, L. Li, N. Liu, F. Koidl, P. Wang, Y. Chen, X. Wang, M. Steindorfer, G. Kirchner, C. Lu, R. Shu, R. Ursin, T. Scheidl, C. Peng, J. Wang, A. Zeilinger, and J. Pan, “Satellite-Relayed Intercontinental Quantum Network,” Phys. Rev. Lett. 120(3), 030501 (2018). [CrossRef]
13. K. Dong, Y. Zhao, X. Yu, and J. Zhang, “Auxiliary Graph Based Routing, Wavelength and Time-slot Assignment in Metro Quantum Optical Networks,” in Proceedings of IEEE Conference on 24th OptoElectronics and Communications Conference (OECC) and 2019 International Conference on Photonics in Switching and Computing (PSC) (IEEE2019), pp. 1–3.
14. Y. Zhao, T. Cao, W. Wang, H. Wang, X. Yu, J. Zhang, T. Massimo, Y. Wu, and M. Biswanath, “Resource Allocation in Optical Networks Secured by Quantum Key Distribution,” IEEE Commun. Mag. 56(8), 130–137 (2018). [CrossRef]
15. L. Ma, A. Mink, H. Xu, O. Slattery, and X. Tang, “Experimental demonstration of an active quantum key distribution network with over gbps clock synchronization,” IEEE Commun. Lett. 11(12), 1019–1021 (2007). [CrossRef]
16. A. Aguado, E. Hugues-Salas, P. A. Haigh, J. Marhuenda, A. B. Price, P. Sibson, J. E. Kennard, C. Erven, J. G. Rarity, M. G. Thompson, A. Lord, R. Nejabati, and D. Simeonidou, “Secure NFV Orchestration Over an SDN-Controlled Optical Network With Time-Shared Quantum Key Distribution Resources,” J. Lightwave Technol. 35(8), 1357–1362 (2017). [CrossRef]
17. T. E. Chapuran, P. Toliver, N. A. Peters, J. Jackel, M. S. Goodman, R. J. Runser, S. R. McNown, N. Dallmann, R. J. Hughes, K. P. McCabe, J. E. Nordholt, C. G. Peterson, K. T. Tyagi, L. Mercer, and H. Dardy, “Optical Networking for Quantum Key Distribution and Quantum Communications,” New J. Phys. 11(10), 105001 (2009). [CrossRef]
18. P. Toliver, R. J. Runser, T. E. Chapuran, J. L. Jackel, T. C. Banwell, M. S. Goodman, R. J. Hughes, C. G. Peterson, D. Derkacs, J. E. Nordholt, L. Mercer, S. McNown, A. Goldman, and J. Blake, “Experimental investigation of quantum key distribution through transparent optical switch elements,” IEEE Photonics Technol. Lett. 15(11), 1669–1671 (2003). [CrossRef]
19. T. Chen, J. Wang, H. Liang, W. Liu, Y. Liu, X. Jiang, Y. Wang, X. Wan, W. Cai, L. Ju, L. Chen, L. Wang, Y. Gao, K. Chen, C. Peng, Z. Chen, and J. Pan, “Metropolitan all-pass and inter-city quantum communication network,” Opt. Express 18(26), 27217–27225 (2010). [CrossRef]
20. X. Tang, A. Wonfor, R. Kumar, R. V. Penty, and I. H. White, “Quantum-Safe Metro Network with Low-Latency Reconfigurable Quantum Key Distribution,” J. Lightwave Technol. 36(22), 5230–5236 (2018). [CrossRef]
21. S. Wang, W. Chen, Z. Yin, H. Li, D. He, Y. Li, Z. Zhou, X. Song, F. Li, D. Wang, H. Chen, Y. Han, J. Huang, J. Guo, P. Hao, M. Li, C. Zhang, D. Liu, W. Liang, C. Miao, P. Wu, G. Guo, and Z. Han, “Field and long-term demonstration of a wide area quantum key distribution network,” Opt. Express 22(18), 21739–21756 (2014). [CrossRef]
22. M. Dianati and R. Alleaume, “Architecture of the Secoqc quantum key distribution network,” in Proceedings of 2007 First International Conference on Quantum (Academic2007), pp. 13.
23. M. Peev, C. Pacher, R. Alléaume, C. Barreiro, J. Bouda, W. Boxleitner, T. Debuisschert, E. Diamanti, M. Dianati, J. F. Dynes, S. Fasel, S. Fossier, M. Fürst, J. D. Gautier, O. Gay, N. Gisin, P. Grangier, A. Happe, Y. Hasani, M. Hentschel, H. Hübel, G. Humer, T. Länger, M. Legré, R. Lieger, J. Lodewyck, T. Lorünser, N. Lütkenhaus, A. Marhold, T. Matyus, O. Maurhart, L. Monat, S. Nauerth, J. B. Page, A. Poppe, E. Querasser, G. Ribordy, S. Robyr, L. Salvail, A. W. Sharpe, A. J. Shields, D. Stucki, M. Suda, C. Tamas, T. Themel, R. T. Thew, Y. Thoma, A. Treiber, P. Trinkler, R. Tualle-Brouri, F. Vannel, N. Walenta, H. Weier, H. Weinfurter, I. Wimberger, Z. L. Yuan, H. Zbinden, and A. Zeilinger, “The SECOQC quantum key distribution network in Vienna,” New J. Phys. 11(7), 075001 (2009). [CrossRef]
24. M. S. Savasini, P. Monti, M. Tacca, A. Fumagalli, and H. Waldman, “Regenerator placement with guaranteed connectivity in optical networks,” in Proceedings of IEEE on Int. Conf. Optical Network Design and Modeling (IEEE2007), pp. 1–6.
25. K. A. Patel, J. F. Dynes, M. Lucamarini, I. Choi, A. W. Sharpe, Z. L. Yuan, R. V. Penty, and A. J. Shields, “Quantum key distribution for 10 Gb/s dense wavelength division multiplexing networks,” Appl. Phys. Lett. 104(5), 051123 (2014). [CrossRef]
26. Y. Mao, B. X. Wang, C. Zhao, G. Wang, R. Wang, H. Wang, F. Zhou, J. Nie, Q. Chen, Y. Zhao, Q. Zhang, J. Zhang, T. Chen, and J. Pan, “Integrating quantum key distribution with classical communications in backbone fiber network,” Opt. Express 26(5), 6010–6020 (2018). [CrossRef]
27. Y. Cao, Y. Zhao, X. Yu, and Y. Wu, “Resource assignment strategy in optical networks integrated with quantum key distribution,” J. Opt. Commun. Netw. 9(11), 995–1004 (2017). [CrossRef]
28. ETSI white paper, “Quantum safe cryptography and security,” http://www.etsi.org/images/files/ETSIWhitePapers/QuantumSafeWhitepaper.pdf.
29. Y. Zhao, B. Yan, Z. Li, W. Wang, Y. Wang, and J. Zhang, “Coordination Between Control Layer AI and On-Board AI in Optical Transport Networks [invited],” J. Opt. Commun. Netw. 12(1), A49–A57 (2020). [CrossRef]
