Multi-path-based quasi-real-time key provisioning in quantum-key-distribution enabled optical networks (QKD-ON)

Xiaosong Yu; Xiang Liu; Yuhang Liu; Avishek Nag; Xingyu Zou; Yongli Zhao; Jie Zhang

doi:10.1364/OE.425562

1. Introduction

At present, with the continuous advancement of networks and communication technologies, the information exchange is increasingly convenient, and the amount of data carried on the networks is rising [1]. Networked communication has been pervasive in all aspects of people's lives. Various social undertakings, including military, financial, and government affairs, are relying more on the convenience of information exchange brought about by information interconnection. However, the use of information technology to provide information exchange services will inevitably lead to the disclosure of confidential information, like, people's property and privacy, intellectual patents, trade secrets, and national security to malicious parties. This security leakage can cause serious consequences and can even lead to wars. Thus, secure information transmission has become one of the most important concerns in the development of the networks [2].

For security in information transmission, the most effective way is to securely encrypt the information with keys that cannot be known by the third party. However, the classical key-distribution methods based on the mathematical complexity of the encryption algorithms, will face growing challenges with the rapid improvement of computational power [3]. Moreover, when quantum computing matures in the near future, existing classical key-distribution methods will become useless. Another technique to secure key exchange is the quantum key distribution (QKD) [4] technique. The primary reason why the academic community pays much attention to QKD technology is that QKD does not allow us to discriminate non-orthogonal states with certainty, which is owing to the basic law of quantum mechanics providing theoretical unconditional security via Heisenberg’s uncertainty principle and the no-cloning theorem [5–7]. More importantly, other existing conventional encryption methods will suffer from quantum computing that may be widespread in the near future. Quantum key distribution is considered to be an effective encryption method against quantum computing [8].

Recently, some studies have proved the feasibility of transmitting quantum signals in existing optical networks [9–11], and there have been some successful cases of constructing QKD networks [12,13]. The QKD-enabled optical network (QKD-ON), which represents the existing optical network secured by an integrated QKD mechanism, has become a solution to guarantee the safety of networks nowadays. In this paper, our study focuses on the mechanism of key storage in QKD-ON which is not bound to specific key-distribution protocol. And we choose the BB84 protocol, a discrete variable QKD protocol widely used in existing point-to-point QKD-enabled optical networks, as a representative to introduce existing schemes of key provisioning [14]. There are generally two types of schemes for integrating the point-to-point QKD function into the networks. The first type of schemes is online QKD in the form of one-to-one mapping between the cryptographic service and the QKD channel [15]. After the quantum key is generated, it is immediately provided to the service without being stored. This type of schemes wastes the secret-key resources when there are surplus keys for requests. Another type of schemes is offline QKD which separates the secret-key generation and the secret-key supply by constructing the quantum key pool (QKP) to store secret-key resources [16–18]. Nowadays, the generation rate of the secret-key in QKD systems is only 1∼2 Mbit/s over a single wavelength in a 50-km fiber [19–21]. It is quite obvious that destroying quantum keys is a great waste, and the QKP paradigm can save secret-key resources very well. QKPs provide stable and timely on-demand secret keys, and improve the ability of the networks to carry encrypted-service requests. So, at present, constructing QKPs in QKD-enabled optical networks is a significant research direction.

However, from the perspective of classical cryptography, any form of keys storage will lead to the loss of theoretical unconditional security, which is also suitable for QKP technology in a QKD-ON with security vulnerabilities [22]. QKP is logically located in QKD nodes including trusted nodes and trusted relays, and one of its function is to gather the key resources of various key-storage space over QKD nodes. Then some steps are taken to synchronize, store, and provision these keys to the services on time as well as on demand [17]. According to the ETSI standardization profiles [23], a series of authentications protect the key storage spaces in trusted nodes. However, during this process, with risks on imperfect characteristics of trusted relays, the storage behavior of the keys becomes a security issue. A long storage time will lead to the possibility of key exposure and the risk of key information leakage within the key life cycle [24,25]. Thus, the theoretical unconditional security and storage behavior of quantum keys in QKPs are two conditions that cannot be met at the same time. This counter-conflicting conditions made it difficult to achieve a balance between secret-key resource utilization, service success probability, and service security in current QKD-enabled optical networks. In this paper, we solve the security problem of secret-key storage in QKP by introducing the concept of quasi-real-time key provisioning (QRT-KP), and then we discuss how to maximize the ability of QKD-enabled optical networks to carry encrypted services while meeting the requirements of quasi-real-time key provisioning. Finally, we propose an efficient multi-path based quasi-real-time key provisioning algorithm (MP-QRT-KP), which additionally solves the problems of sufficient secure key provisioning.

The contribution of this paper includes five aspects: 1) We propose the concept of quasi-real-time key provisioning to solve the security problem caused by using QKP to store secret keys. 2) We introduce the concept of different levels of secret keys related to different secret-key storage time. We then study the impact of setting different key-storage times on security of cryptographic service and the ability of the QKD-enabled optical networks to carry encrypted services. 3) We propose a multi-path based quasi-real-time key provisioning scheme to allocate secret-key resources for QKD-enabled optical networks, and we evaluate the validity and benefits of the algorithm in an example of QKD-ON with three QCNs including different scenarios, such as different periods of key availability and different number of pre-stored paths. 4) We evaluate and verify the performance of our proposed algorithm in QKD-enabled optical networks through simulation experiments.

The rest of this paper is organized as follows. Section 2 describes the concepts presented in this paper, including the trusted-relay-based QKD, quantum-key life cycle, and quasi-real-time key provisioning. Section 3 introduces the mathematical model of the quasi-real-time key provisioning problem and proposes the MP-QRT-KP algorithm with an example that implements quasi-real-time key provisioning using multi-path to solve the network’s performance problems (i.e., the blocking probability and resource optimization) and service security problem. In Section 4, we performed simulation experiments to verify the effectiveness of the proposed algorithm. Finally, Section 5 summarizes this paper.

2. Quasi-real-time key provisioning (QRT-KP)

2.1 Trusted-relay-based QKD

Generally, the QKD process is accomplished using trusted relay to extend the physical range in practice. It is realized in either a hop-by-hop [13] or a key-relay manner [26]. Figure 1(a) illustrates the operations of trusted-relay-based QKD in the key-relay manner. Alice and Bob are two QCNs located over optical communication nodes. Firstly, Alice sets up an initial secure key K_AR with a trusted relay (TR) by the BB84 protocol. Similarly, the TR sets up a secret key K_RB which is the same size of K_AR with Bob. Upon receiving service requests, the TR generates $\textrm{K}^{\prime} = {K_{AR}} \oplus {K_{RB}}$ by using a one-time-pad algorithm (XOR) and sends it to Bob. Finally, Bob deciphers $\textrm{K}^{\prime}$ by ${K_{RB}} \oplus \textrm{K}^{\prime}$ to obtain K_AR so that Bob shares the same secure key K_AR with Alice. After they finish this extension process of key-sharing distance, those keys can be used to transmit the requests and messages between Alice and Bob with one-time-pad encryption.

Fig. 1. (a) Trusted-relay-based QKD; (b) quantum-key life cycle.

Download Full Size | PDF

2.2 Quantum-key life cycle

In the existing quantum communication processes, a complete quantum-key life cycle can be concluded as the following periods: generation period, waiting period, operation period, locking period, and destruction period [27]. As shown in Fig. 1(b), the generation period indicates that Alice and Bob share secret-key pairs by the quantum protocol (e.g., BB84 protocol) and store them in their QKPs. The sharing secret keys are aggregated from keys in QKPs over the relaying path according to the services’ situation which indicates that the quantum key enters a waiting period. After the quantum key is pushed from the QKP to the encryption application, it encrypts the data with the quantum key which is called the operation period (the quantum key of the corresponding destination QCN (Bob) is in the locking period). The quantum key is in locking period until the destination QCN (Bob) receives the encrypted data. In the process of decrypting the encrypted data by the destination QCN (Bob), the shared secret-key of the destination QCN (Bob) is in the operation period while the shared secret-key counterpart of the source QCN (Alice) is in the locking period. After the encrypted service transmission is correctly completed, the shared secret-key pair that has been used in both QCNs will be destroyed, which is called the destruction period. The complete key life cycle in both sides is shown in Fig. 1(b). In the process of the key life cycle, the keys will suffer from leakage in the waiting period. And one should also be aware that the time interval between generation and destruction period gives the secret key a limit of the available time.

2.3 Quasi-real-time key provisioning

In order to resolve the conflicting requirements between quantum-key storage and quantum-key security before key provisioning, this paper proposes the concept of quasi-real-time key provisioning. Before proposing quasi-real-time key provisioning, we should first make it clear what are real-time and non-real-time key provisioning. Real-time key provisioning means that the data is encrypted immediately as soon as the quantum keys go through the generation period, and the keys are destroyed immediately after the completion of the quantum communication. Real-time key provisioning maintains the unconditional security of quantum keys, and there is no waiting period in its quantum-key life cycle (the second part in Fig. 1(b)). Real-time key provisioning requires full synchronization of services and quantum-key generation, which is difficult to achieve. Non-real-time key provisioning on the other hand, refers to the quantum keys being generated and stored, and then the quantum keys are extracted from the storage device when they are used, which means the generation and consumption of secret keys are asynchronous. When the quantum keys are stored for a while, they will suffer from the risks of key leakage due to the imperfect physical devices. According to this, protection structures are developed for key-storage space through the collaboration of security entities including the key-management entity, secure application entity, and manners of key authentication over trusted nodes (TNs) [23]. In this way, key storing facilitates more flexible and efficient quantum-key-resources utilization in a secured fashion, and it is also the most widely adopted scheme at present.

Quasi-real-time, in short, is an infinitesimally close approximation to real-time with a threshold of waiting times for key storage in QKPs. It focuses on the security of the key storage during the waiting period in the process of QKP providing encryption services to users. According to the security issues mentioned above, the behavior of storing quantum keys will cause the loss of theoretical unconditional security. But one should also be aware that the entire quantum-key life cycle will still last for a while even if the quantum-key waiting period is cancelled, and the secret-key resources still have a very small probability of suffering from leakage. Therefore, we believe that as long as the quantum-key life cycle is short enough within a threshold, with the synchronization function of QKP, the theoretical unconditional security of quantum communication is still retained to the greatest extent. The degree of this security retention depends on the length of the quantum-key life cycle we set. A virtual quantum key pool (VQKP) logical structure, to suit for the quasi-real-time key provisioning, is proposed as shown in Fig. 2. Unlike ordinary QKP, each QKP is divided into multiple virtual spaces where quantum keys are stored from the corresponding QKD link. The secret-key sequences in each secret-key space are respectively stored. The quantum keys in (I) have the strictest limit of quantum-key available time, which can provide the highest level of secure communication for the encryption services in combination with the OTP encryption method. The quantum keys in (II) are transferred from the quantum keys which are not used under the time limit in (I). The quantum keys in (II) can be associated with some classical encryption algorithm (such as AES, etc.) to serve the second level of encrypted communications with less security. If necessary, virtual secret-key storage area of (III) or lower security levels can also be developed. The VQKP between two remote QCNs is constructed by relaying multiple QKPs on the QKD paths connecting two remote QCNs.

Fig. 2. Logical structure of quasi-real-time VQKP.

Download Full Size | PDF

3. Multi-path-based quasi-real-time key provisioning (MP-QRT-KP)

With QKD mechanism integrating into the optical networks, a guarantee of encryption on massive traffic flows should be considered. The choices on which QCNs, trusted relays, and QKD links are suitable for the routing are essential to be considered in practical QKD-ONs. In order to satisfy the practical services in terms of high-traffic requirements, this paper proposes a scheme to achieve quasi-real-time key provisioning with effective usage of keys which is called multi-path based quasi-real-time key provisioning (MP-QRT-KP). A practical example of MP-QRT-KP as shown in Fig. 3, is a comparison between MP-QRT-KP and single-path-based quasi-real-time key provisioning (SP-QRT-KP).

Fig. 3. Principle of multi-path based quasi-real-time key provisioning.

Download Full Size | PDF

We assume that 15 keys are needed for the request from node A to node C and the secret-key generation capabilities of link_A-B and link_B-C are the same. Node B can be equivalent to an intermediate node between node A and C in MP-QRT-KP. Furthermore, trusted relays are deployed between each pair of QCNs for long-distance secret keys sharing, which is not detailed in Fig. 3. Each QKP is assumed to have a storage capacity of 20 secret keys, and the key icon is equivalent to 5 secret keys in the figure. We define the waiting period of generated secret keys within time T₀ as the highest security level, while the time T₀ is assumed to be a threshold of key-exposure resistance according to the encryption process. The quantified definition of T₀ is out of the scope of this paper. The green ones are the keys stored within the time limit T₀ which have the highest level of security. While the yellow and red ones indicate that the time of keys storage have exceeded the limit T₀ which are respectively between T₀ and T₀+△T₁, T₀+△T₁, and T₀+△T₂ with lower levels of security. The time limits T₁ and T₂ represents longer waiting period of generated keys stored in QKPs, which suffer from more risks on key leakage. As the Fig. 3 depicts, when a QKD request comes with a requirement of 15 secret keys, the key provisioning with SP-QRT-KP can offer 10 green keys and 5 yellow keys, which approximately have a medium security level. While with MP-QRT-KP aggregating the key resources over entire QKD-ON, the constructed VQKP has a reserve of 15 green keys indicating a high security level of key provisioning. Considering the security requirement, it shows that MP-QRT-KP can carry the service (Fig. 3(b)) with enough keys in an appropriate security level while the SP-QRT-KP cannot satisfy sufficient high security level of secret keys provisioning (Fig. 3(a)). Thus, one can conclude that MP-QRT-KP can meet the practical requirements of reliable transmission by providing secure encryption and sufficient key supplement. This improvement could be better described with a specific model. In order to describe the MP-QRT-KP in the QKD-enabled optical networks, we use mathematical tools to formulate this problem. The notations and definitions used in this paper are shown in Table 1.

Table 1. Notations and Definitions

View Table

$G({N,E,H,V} )$ represents the substrate topology of QKD-enabled optical networks and R represents the set of service requests. The four basic elements in the QKD-enabled optical networks $G({N,E,H,V} )$ are initially set and do not change over time. $S{(t )_{i,j}}$ represents the amount of quantum keys stored in the QKP between QCN_i and QCN_j in the network at time t, and ${V_{i,j}}$ represents secret-key generation rate between these two QCNs. Equation (1) indicates the condition when I(t) is true in Eq. (3), indicating that the service request could be carried. The number of quantum keys available between two QCNs depends on the sum of available pre-stored secret keys on each of the k shortest paths between these two QCNs. If the service request can be carried, it should satisfy the following constraint.

(1)$${k_r} \le \mathop \sum \nolimits_1^K {S_{{P_{s,d(k )}}}}({{t_r}} )\; \; (0 < k \le K)$$

Equation (2) indicates the number of secret keys that can be provided by the path in the QKD-enabled optical networks. The number of secret keys available in one path depends on the minimum number of keys available on all QKD links on this path as follows.

(2)$${S_{{P_{s,d(k )}}}}(t )= min ({S{{(t )}_{s,i}}, \ldots S{{(t )}_{j,d}}} ),{e_{s,i}}, \ldots ,{e_{j,d}}\in{P_{s,d}}(k )$$

Equation (3) and Eq. (4) represent the consumption and generation model of secret-key resources in QKD-enabled optical networks.

(3)$$M_{{S_{i,j}}}^C(t )= \mathop \sum \nolimits_{0 \le t < T} I(t )\ast {R_{i,j}}(t ),({0 \le t < T} )$$

(4)$$M_{{S_{i,j}}}^V(t )= \mathop \smallint \limits_0^t {V_{i,j}}(0 \le t < T)$$

Equation (5) is the formula for calculating KRU of the services.

(5)$$KRU = \frac{{\mathop \sum \nolimits_1^m \{ [\mathop \smallint \nolimits_0^T ({V_{i,j}}\ast {h_e} - E{k_p})] - {S_p}\} }}{{\mathop \smallint \nolimits_0^T \mathop \sum \nolimits_1^m ({V_{i,j}}\ast {h_e})}}$$

MP-QRT-KP Algorithm is based on the virtual quantum key pool construction algorithm (VQKP-C Algorithm). VQKP-C Algorithm is used to construct a VQKP for quasi-real-time key provisioning. It is based on the k-shortest paths algorithm (Yen's Algorithm), using hop as weight. When a known service request can be carried, Yen's Algorithm can be used to calculate multiple paths to build VQKPs at the expense of a minimum number of secret keys.

Virtual Quantum Key pool Construction (VQKP-C) Algorithm

Input: $G({N,E,H,V} )$, $\; {S_{{P_{s,d(k )}}}}(t )$, ${k_r}$

Output: VQKPs construction for QKD links

1: if ${S_{{P_{s,d(k )}}}}(t )\le {k_r}$ then

2: construct a VQKP for ${P_{s,d(k )}}$

3: for each QKPs list $QK{P_{s,d}}(k )$ in ${P_{s,d}}(k )$ do

4: extract secret keys with the key amount of ${S_{{P_{s,d(k )}}}}(t )$ from QKP to VQKP

5: ${P_{s,d}}({k,n,t} )\leftarrow \; ({P_{s,d}}({k,n,t} )- {S_{{P_{s,d(k )}}}}(t ))$

6: end for

7: else

8: foreach QKPs list $QK{P_{s,d}}(k )$ in ${P_{s,d}}(k )$ do

9: extract secret keys with the key amount of ${k_r}$ from QKP to VQKP

10: ${P_{s,d}}({k,n,t} )\leftarrow ({{P_{s,d}}({k,n,t} )- {k_r}} )$

11: end for

12: end if

13: return VQKPs construction for QKD links

Multi-Path based Quasi-Real-Time Key Provisioning (MP-QRT-KP) Algorithm

Input: $G({N,E,H,V} )$, R (${s_r}$, $\; {d_r}$, $\; {k_r}$, $\; {t_r}$), K, t

Output: ${N_{sr}}$, ${N_{fr}}$, routing and secret keys allocation scheme for R (${s_r}$, $\; {d_r}$, $\; {k_r}$, $\; {t_r}$).

1: for each QKP in $G({N,E,H,V} )$ do

2: QKD links generate secret keys and store these keys in QKPs

3: $S{(t )_{i,j}} \leftarrow S{(t )_{i,j}}$+${V_{i,j}}$

4: if ${T_k}$*${V_{i,j}}$≤$S{(t )_{i,j}}$ then

5: transfer secret keys that is not used under the time limit ${T_k}$

6: end if

7: if t = ${t_r}$ then

8: for service request r (${s_r}$, $\; {d_r}$, $\; {k_r}$, $\; {t_r}$) do

9: calculate ${P_{s,d}}$ through Yen's Algorithm (use Hop as Weight)

10: for each ${P_{s,d}}(k )$ in paths list ${P_{s,d}}$ do

11: calculate each $M_{{S_{i,j}}}^V(t )$ of paths and ${S_{{P_{s,d(k )}}}}(t )$ ← $M_{{S_{i,j}}}^V(t )$

12: end for

13: if ${k_r} \le \mathop \sum \nolimits_1^K {S_{{P_{s,d(k )}}}}({{t_r}} )\; \; (0 < n \le K)$ then

14: for each ${P_{s,d}}(k )$ in paths list ${P_{s,d}}$ do

15: while ${S_{{P_{s,d(k )}}}}(t )\le {k_r}$ do

16: call VQKP-C Algorithm

17: ${k_r} \leftarrow ({{k_r} - {S_{{P_{s,d(k )}}}}(t )} )$

18: select the next path from ${P_{s,d}}(k )$

19: end while

20: call VQKP-C Algorithm

21: end for

22: ${N_{sr}}$ add the r (${s_r}$, $\; {d_r}$, $\; {k_r}$, $\; {t_r}$)

23: else

24: ${N_{fr}}$ add the r (${s_r}$, $\; {d_r}$, $\; {k_r}$, $\; {t_r}$)

25: end if

26: end for

27: end if

28: t++

29: end for

30: return ${N_{sr}}$, ${N_{fr}}$, routing and secret keys allocation scheme for R (${s_r}$, $\; {d_r}$, $\; {k_r}$, $\; {t_r}$).

The MP-QRT-KP is mainly divided into three steps. Firstly, a set of alternative QKD paths between the QCN_s and QCN_d is evaluated in advance while the result is stored in the corresponding QCNs. Next, quantum-key-life-cycle transformation is performed for the quantum keys generated in the QKD-enabled optical networks to meet the requirements of quasi-real-time key provisioning. Finally, it is judged whether the combined supply of quantum keys over the plurality of the paths between QCN_s and QCN_d can meet the service requirements. It determines whether this service can be carried and responded. At the same time, multiple QKD paths will be selected in accordance with VQKP-C Algorithm to provide the secret keys. If the number of secret keys is sufficient, the service can be responded. The worse-case time complexity of the MP-QRT-KP Algorithm is discussed as follows. Lines 2 to 6 perform QKP configuration for each QKD link. And the lines 7 to 28 perform MP-QRT-KP for each service request. The worse-case complexities of step 1 (lines 7 to 9, i.e., Yen’s Algorithm), step 2 (lines 2 to 6) and step 3 (lines 10 to 25, i.e., VQKP-C Algorithm) are $K.a({m + a.\textrm{log}(a )} )$ with Fibonacci heap, 1, and K, respectively. Thus, the total time complexity of MP-QRT-KP Algorithm for a service request r is $O({K.a({m + a.\textrm{log}(a )} )} )$.

4. Simulation results and analysis

In order to evaluate the performance of the MP-QRT-KP, we adopt the NSFNET topology with 14 nodes and 21 bidirectional links for simulation (shown in Fig. 4). We set the maximum available distance of point-to-point QKD as 400 km [28], using trusted relay to accomplish the long-distance QKD. And the setting of relay nodes is also based on it [29,30]. The secret-key generation rate of each point-to-point QKD system has a certain negative correlation with its physical distance. The times of arrived services request is subject to a negative exponential distribution (λ equals to 5u, where u is the smallest time unit in the simulation). We define the service intensity as the secret-key range required by the services (For example, if the service intensity is 500κ, the secret keys range required is 500 ± 50κ while κ is the smallest secret-key unit in the simulation). We select K (i.e., the number of alternative paths) equals to 1, 2, 3, or 4, and noticing that the MP-QRT-KP is equivalent to SP-QRT-KP when K equals to 1. The value of ${T_k}$ is evenly averaged from 20u to 100u, with an average interval of 10u. ${T_k}$ is the available time of the secret-key which also reflects the security requirement of the QKD service. The smaller the ${T_k}$ is, the shorter the time limit of the available secret-key sets, the more secure the secret-key resources are. Therefore, smaller ${T_k}$ denotes higher security level. And two indicators viz., success probability (SP) of keys allocation on requests and key resources utilization (KRU), are defined here to evaluate the performance of the algorithm, see Dataset 1 [31].

Fig. 4. NSFNET topology with 14 nodes and 21 links.

Download Full Size | PDF

For MP-QRT-KP Algorithm and SP-QRT-KP Algorithm to deal with the same service requests, Fig. 5(a) reflects the trend of their different success probabilities. The independent variables are the number of alternative paths K and the service intensity, the dependent variable is the success probability (SP) of both algorithms. As shown in Fig. 5(a), when we select T_k equals to 50u (which means that the safety requirements are lower in this case) to monitor the success probability, as K is fixed and the service intensity increases, the SP of MP-QRT-KP slowly decreases while the SP of SP-QRT-KP is decreasing faster. When we keep the service intensity fixed, SP will increase with the increasing of K and the SP growth rate of MP-QRT-KP will be significantly higher than SP-QRT-KP. It can be seen that the advantage of MP-QRT-KP becomes very obvious in this case. When K equals to 4 and the service intensity is 600, the improvement of the MP-QRT-KP compared with SP-QRT-KP is 16.46%. It can be said that when the security requirement T_k equals to 50u, MP-QRT-KP can achieve a much better QKD-enabled optical networks’ performance than SP-QRT-KP Algorithm (when K equals to 1, the two algorithms are exactly the same) as long as K>1.

Fig. 5. Success probability VS service intensity (a) ${T_k}$ = 50u; (b) ${T_k}$ = 30u.

Download Full Size | PDF

Figure 5(b) reflects the trend of different success probabilities for the two algorithms when the safety requirements are increased with T_k equals to 30u. The arguments and dependent variables in Fig. 5(b) are the same as Fig. 5(a). Keeping K fixed, the SP of MP-QRT-KP slowly decreases while the SP of SP-QRT-KP is dropping faster as the service intensity increases. Moreover, keeping the service intensity fixed, SP will increase with the increasing of K and the SP growth rate of MP-QRT-KP will be significantly higher than SP-QRT-KP. And the trend in Fig. 5(b) is much more obvious than Fig. 5(a). The SP of MP-QRT-KP is 20%-50% higher than SP-QRT-KP in most cases, and sometimes even several times higher (when the service intensity exceeds 500). All of these show that the stricter the security requirements are, the greater the advantage of MP-QRT-KP is.

As can be seen from Figs. 5(a) and (b), when T_k equals to 50u or 30u, the SP of SP-QRT-KP greatly reduces as the service intensity increases, while the SP of MP-QRT-KP is declining slowly. At the same time, the larger the number of candidate paths K is, the more obvious the effect will be. Figures 5(a) and (b) also show the comparison when T_k equals to 50u or 30u, respectively. A smaller abscissa T_k in Fig. 5(b) indicates that the level of safety requirement is higher. As the security requirements become more stringent, the SP of SP-QRT-KP declines rapidly, while the SP of MP-QRT-KP is declining slowly, indicating that the performance of MP-QRT-KP is much better than SP-QRT-KP.

For MP-QRT-KP and SP-QRT-KP to face the same service requests, Fig. 6(a) reflects the trend of their different secret-key resources utilization. Setting K and service intensity as independent variables, the dependent variable is the KRU of both the algorithms. As shown in Fig. 6(a), when we select T_k equals to 50u to monitor the usage of secret-key resources, keeping K fixed, with the increase of service intensity, the KRU of MP-QRT-KP increases steadily while the KRU of SP-QRT-KP is growing slowly or even stagnates. Keeping service intensity fixed, KRU will increase with the increase of K and the KRU growth rate of MP-QRT-KP will be significantly higher than SP-QRT-KP. With the comparison in Fig. 6(a), it can be seen that the advantage of MP-QRT-KP becomes very obvious in this case. It is worth noting that when K equals to 1 or 2 and service intensity is higher than 500, the KRU of SP-QRT-KP even shows a downward trend. This is because when the service intensity is too large and the available paths are too less, most of the service requests cannot be carried. Furthermore, a large number of secret keys cannot be used within the secret-key availability period, so that these secret keys are used in the next level of encryption activities and the phenomenon of KRU dropping in the Fig. 6(a) appears.

Fig. 6. Key resources utilization VS service intensity (a) ${T_k}$ = 50u; (b) ${T_k}$ = 30u.

Download Full Size | PDF

Figure 6(b) reflects the trend of different KRU for the two algorithms when the safety requirements are increased to T_k equaling 30u. The arguments and dependent variables in Fig. 6(b) are the same as Fig. 6(a). As the service intensity increases, the KRU of MP-QRT-KP rapidly increases but the KRU of SP-QRT-KP drops sharply, KRU of MP-QRT-KP will increase with the increasing of K but the corresponding changes in SP-QRT-KP are not obvious. The reason for the decrease of the KRU of SP-QRT-KP is same as the reason for the decline of the SP of SP-QRT-KP in Fig. 5, the difference is that the security requirements here are higher, so the decline of KRU is more obvious and rapid. From Fig. 5(b) we have seen that even if the service intensity is very high, the MP-QRT-KP still maintains a high level of SP. And the KRU at this time is also very high, because the QKD-enabled optical network has to use more QKD paths to carry the service requests at a greater cost.

As can be seen from Figs. 6(a) and (b), when T_k equals to 50u or 30u, the KRU of SP-QRT-KP will be greatly reduced as the service intensity increases, while the KRU of MP-QRT-KP is constantly improving. At the same time, the larger the number of candidate paths K is, the more obvious the effect reflected. Figures 6(a) and (b) also show the comparison when T_k equals to 50u or 30u, respectively. A smaller abscissa T_k in Fig. 6(b) indicates that the level of safety requirement is higher. As the security requirements become more stringent, the KRU of SP-QRT-KP declines rapidly, while the KRU of MP-QRT-KP is declining slowly, indicating that the performance of MP-QRT-KP is much better than SP-QRT-KP.

Figure 7(a) reflects the trend of SP of MP-QRT-KP as security requirements change. The independent variables are K and T_k (reflect security requirements), the dependent variable is the SP of MP-QRT-KP. As security requirements become more stringent (T_k continues to decrease), the overall trend of SP is declining. But the larger the K is, the smaller is the drop of SP. That is to say, using MP-QRT-KP can make QKD-enabled optical networks still perform well under strict security requirements. Figure 7(b) reflects the trend of SP of SP-QRT-KP as security requirements change. The independent variables are K and T_k, the dependent variable is the SP of SP-QRT-KP. As security requirements become more stringent (T_k continues to decrease), the overall trend of SP is rapidly declining, and the change in the value of K has little effect on this trend. With the comparison in Fig. 7, it can be seen that MP-QRT-KP can still carry the service requests well and ensure a higher SP compared with the SP-QRT-KP. When the security requirement continues to become stricter, SP-QRT-KP does not work properly and cannot meet strict security requirements. Especially, when T_k equals to 20u, the SP of SP-QRT-KP is very small. The reason is that when the available time of secret-key is extremely short and available paths are too less, the scheme cannot meet the requirement of services’ burstiness so that most of the services can’t be carried. The phenomenon of SP sharply dropping appears in Fig. 7(b).

Fig. 7. Success probability VS security requirement (a) MP-QRT-KP; (b) SP-QRT-KP.

Download Full Size | PDF

Figure 8(a) reflects the trend of KRU of MP-QRT-KP as security requirements change. The independent variables are K and T_k, the dependent variable is the KRU of MP-QRT-KP. Just like the SP in Fig. 7(a), the overall trend of KRU is also declining as security requirements become more stringent (T_k continues to decrease). But the larger the K is, the smaller is the drop of KRU. We can conclude that using MP-QRT-KP can make QKD-enabled optical networks have a high level of secret-key resources utilization under strict security requirements. Figure 8(b) reflects the trend of KRU of SP-QRT-KP as security requirements change. The independent variables are K and T_k, the dependent variable is the KRU of SP-QRT-KP. As security requirements become more stringent, the overall trend of KRU is rapidly declining, and the change in the value of K has little effect on this trend. With the comparison in Fig. 8, it can be seen that MP-QRT-KP can still carry the service requests well compared with the SP-QRT-KP, and it can ensure a higher KRU than SP-QRT-KP when the security requirement continues to become stricter. It is worth mentioning that when T_k equals to 20u, the KRU of SP-QRT-KP drops fast to almost 0. The reason for this decrease is the same as the reason for the decline of SP in Fig. 7. Furthermore, numbers of secret-keys cannot be used during extremely short waiting period in idle routes. So that these keys are used in the next level of encryption activities or even wasted. The phenomenon of KRU dropping in Fig. 8(b) appears.

Fig. 8. Key resources utilization VS security requirement (a) MP-QRT-KP; (b) SP-QRT-KP.

Download Full Size | PDF

5. Conclusion

This paper studied the tradeoff between the storage time of quantum keys and the risks on the security in quantum-key-distribution enabled optical networks. The concept of quasi-real-time key provisioning (QRT-KP), which distributes multiple sets of virtual quantum key pools within a given time limit, is introduced to achieve a balance between security requirements and key-resource usage. Moreover, a multi-path based quasi-real-time key provisioning (MP-QRT-KP) algorithm is proposed to allocate secret-key resources. It can provide sufficient secret keys with high level of security to enhance the process of services encryption. Simulation results show that the proposed scheme could achieve better performance than single-path based quasi-real-time key provisioning in terms of success probability of key allocation on requests and secret-key resources utilization. With the number of alternative paths increasing, MP-QRT-KP shows a significant improvement on the main parameters in simulations. The success probability and secret-key resources utilization of MP-QRT-KP maintain a steady trend when the security requirements become stringent.

Funding

National Natural Science Foundation of China (61971068, 61822105); National Key Research and Development Program of China (2020YFE0200600); Fund of State Key Laboratory of Advanced Optical Communication Systems and Networks, Shanghai Jiao Tong University (2020GZKF012); Fund of State Key Laboratory of Information Photonics and Optical Communications (IPOC2019ZR01, IPOC2020ZT04); Fundamental Research Funds for the Central Universities (2019XD-A05).

Disclosures

The authors declare no conflicts of interest.

Data availability

Data underlying the results presented in this paper are available in Dataset 1, Ref. [31].

References

1. P. J. Winzer, “Scaling optical fiber networks: challenges and solutions,” Opt. Photonics News 26(3), 28–35 (2015). [CrossRef]

2. M. P. Fok, Z. Wang, Y. Deng, and P. R. Prucnal, “Optical layer security in fiber-optic networks,” IEEE Trans.Inform.Forensic Secur. 6(3), 725–736 (2011). [CrossRef]

3. N. Wolchover, “A tricky path to quantum-safe encryption,” Quanta Mag., (2015).

4. M. Dhar, S. Tigga, S. Mitra, and S. Chandra, “Selection of master station and synchronization of transmission in quantum cryptography: A novel approach,” Int. J. Comput. Sci. Eng. Inf. Technol. Res. 3(4), 151–158 (2013).

5. W. Maeda, A. Tanaka, S. Takahashi, A. Tajima, and A. Tomita, “Technologies for quantum key distribution networks integrated with optical communication networks,” IEEE J. Select. Topics Quantum Electron. 15(6), 1591–1601 (2009). [CrossRef]

6. H. K. Lo, M. Curty, and K. Tamaki, “Secure quantum key distribution,” Nat. Photonics 8(8), 595–604 (2014). [CrossRef]

7. H. K. Lo and H. F. Chau, “Unconditional security of quantum key distribution over arbitrarily long distances,” Science 283(5410), 2050–2056 (1999). [CrossRef]

8. K. A. G. Fisher, A. Broadbent, L. K. Shalm, Z. Yan, J. O. Lavoie, R. O. Prevedel, T. H. Jennewein, and K. J. Resch, “Quantum computing on encrypted data,” Nat. Commun. 5(1), 3074 (2014). [CrossRef]

9. C. Gobby, Z. L. Yuan, and A. J. Shields, “Quantum key distribution over 122 km of standard telecom fiber,” Appl. Phys. Lett. 84(19), 3762–3764 (2004). [CrossRef]

10. K. Yoshino, M. Fujiwara, A. Tanaka, S. Takahashi, Y. Nambu, A. Tomita, S. Miki, T. Yamashita, Z. Wang, M. Sasaki, and A. Tajima, “High-speed wavelength-division multiplexing quantum key distribution system,” Opt. Express 37(2), 223–225 (2012). [CrossRef]

11. I. Choi, R. J. Young, and P. D. Townsend, “Quantum key distribution on a 10 Gb/s WDM-PON,” Opt. Express 18(9), 9600–9612 (2010). [CrossRef]

12. M. Sasaki, M. Fujiwara, H. Ishizuka, W. Klaus, K. Wakui, M. Takeoka, S. Miki, T. Yamashita, Z. Wang, A. Tanaka, K. Yoshino, Y. Nambu, S. Takahashi, A. Tajima, A. Tomita, T. Domeki, T. Hasegawa, Y. Sakai, H. Kobayashi, T. Asai, K. Shimizu, T. Tokura, T. Tsurumaru, M. Matsui, T. Honjo, K. Tamaki, H. Takesue, Y. Tokura, J. F. Dynes, A. R. Dixon, A. W. Sharpe, Z. L. Yuan, A. J. Shields, S. Uchikoga, M. Legré, S. Robyr, P. Trinkler, L. Monat, J.-B. Page, G. Ribordy, A. Poppe, A. Allacher, O. Maurhart, T. Länger, M. Peev, and A. Zeilinger, “Field test of quantum key distribution in the Tokyo QKD Network,” Opt. Express 19(11), 10387–10409 (2011). [CrossRef]

13. M. Peev, C. Pacher, R. Alléaume, C. Barreiro, J. Bouda, W. Boxleitner, T. Debuisschert, E. Diamanti, M. Dianati, and J. Dynes, “The secoqc quantum key distribution network in vienna,” New J. Phys. 11(7), 075001 (2009). [CrossRef]

14. C. H. Bennett and G. Brassard, “Quantum cryptography: public key distribution and coin tossing,” in Proc. IEEE Int. Conf. Comput., Syst., Signal Process., Bangalore, India, (1984) pp. 175–179.

15. H. Wang, Y. Zhao, X. Yu, Z. Ma, J. Wang, A. Nag, L. Yi, and J. Zhang, “Protection Schemes for Key Service in Optical Networks Secured by Quantum Key Distribution (QKD),” J. Opt. Commun. Netw. 11(3), 67–78 (2019). [CrossRef]

16. C. H. F. Fung, X. Ma, and H. F. Chau, “Practical issues in quantum-key-distribution post processing,” Phys. Rev. A 81(1), 012318 (2010). [CrossRef]

17. Y. Cao, Y. Zhao, C. Colman-Meixner, X. Yu, and J. Zhang, “Key on demand (KoD) for software-defined optical networks secured by quantum key distribution (QKD),” Opt. Express 25(22), 26453–26467 (2017). [CrossRef]

18. W. Maeda, A. Tanaka, S. Takahashi, A. Tajima, and A. Tomita, “Technologies for Quantum Key Distribution Networks Integrated With Optical Communication Networks,” in IEEE Journal of Selected Topics in Quantum Electronics 15(6), 1591–1601 (2009).

19. K. A. Patel, J. F. Dynes, M. Lucamarini, I. Choi, A. W. Sharpe, Z. L. Yuan, R. V. Penty, and A. J. Shields, “Quantum key distribution for 10 Gb/s dense wavelength division multiplexing networks,” Appl. Phys. Lett. 104(5), 051123 (2014). [CrossRef]

20. A. V. Gleim, V. I. Egorov, Y. V. Nazarov, S. V. Smirnov, V. V. Chistyakov, O. I. Bannik, A. A. Anisimov, S. M. Kynev, A. E. Ivanova, R. J. Collins, S. A. Kozlov, and G. S. Buller, “Secure polarization-independent subcarrier quantum key distribution in optical fiber channel using BB84 protocol with a strong reference,” Opt. Express 24(3), 2619–2633 (2016). [CrossRef]

21. A. R. Dixon, Z. L. Yuan, J. F. Dynes, A. W. Sharpe, and A. J. Shields, “Continuous operation of high bit rate quantum key distribution,” Appl. Phys. Lett. 96(16), 161102 (2010). [CrossRef]

22. M. Bellare and A. Palacio, “Protecting against key-exposure: strongly key-insulated encryption with optimal threshold,” AAECC 16(6), 379–396 (2006). [CrossRef]

23. “Quantum Key Distribution (QKD); Protocol and data format of REST-based key delivery API,” DGS/QKD-014KeyDeliv (2019).

24. J. Yu, K. Ren, and C. Wang, “Enabling cloud storage auditing with verifiable outsourcing of key updates,” IEEE Trans.Inform.Forensic Secur. 11(6), 1362–1375 (2016). [CrossRef]

25. Y. Zhao, Y. Cao, W. Wang, H. Wang, X. Yu, J. Zhang, M. Tornatore, Y. Wu, and B. Mukherjee, “Resource Allocation in Optical Networks Secured by Quantum Key Distribution,” in IEEE Communications Magazine56(8), 130–137 (2018).

26. C. Elliott and H. Yeh, “DARPA quantum network testbed,” Raytheon BBN Technol. Cambridge, MA, USA, Tech. Rep., (2007).

27. “Quantum key distribution networks – Key management,” ITU-T Y.3803 (12/2020).

28. https://www.idquantique.com/quantum-key-distribution-qkd-achieved-over-record-421-km

29. W. Stacey, R. Annabestani, X. Ma, and N. Lütkenhaus, “The security of quantum key distribution using a simplified trusted relay,” Phys. Rev. A 91(1), 012338 (2015). [CrossRef]

30. V. Christiana, R. M. Stevenson, J. Nilsson, J. Skiba Szymanska, B. Dzurňák, M. Lucamarini, R. V. Penty, I. Farrer, D. A. Ritchie, and A. J. Shields, “An entangled LED-driven quantum relay over 1 km,” npj Quantum Inf 2(1), 16006 (2016). [CrossRef]

31. Xiaosong Yu, “OE-MPQRTKP-Dataset1,” figshare, (2021), https://doi.org/10.6084/m9.figshare.14737365.

Notation	Definition
$G (N, E, H, V)$	Substrate topology of QKD network
$N = {n_{1}, n_{2}, \dots, n_{a}}$	Set of nodes
$E = {e_{1}, e_{2}, \dots, e_{m}}$	Set of physical links
$H = {h_{e 1}, h_{e 2}, \dots, h_{e m}}$	Set of QKD trusted-relay hops on each QKD link
$V = {v_{1}, v_{2}, \dots, v_{m}}$	Set of key generation rates for QKD links
R( $s_{r}$ , $d_{r}$ , $k_{r}$ , $t_{r}$ )	Set of QKD requests r
r( $s_{r}$ , $d_{r}$ , $k_{r}$ , $t_{r}$ )	QKD request among quantum communication nodes (QCNs)
$s_{r}$	Source of the service request r
$d_{r}$	Destination of the service request r
$k_{r}$	Number of secret keys the service request needs
$t_{r}$	Arrival time of the service request
T	Total time of requests in the QKD-enabled optical network
$I (t)$	Boolean variable, is 1 if the QKD service can be carried while 0 otherwise at time t
n	Index of QKPs
i, j	Index of the QCNs on a QKD link
$R_{i, j} (t)$	Consumption of secret keys on the QKD link between QCN_i and QCN_j at time t
$V_{i, j}$	Secret-key generation rate between QCN_i and QCN_j
K	Number of alternative paths
k	Index of the alternative paths between QCNs
$T_{k}$	Secret-key availability period
${E_{k}}_{p}$	Rate of secret keys expired in within each QKP
$S_{p} = {S_{p_{1}}, S_{p_{2}}, \dots, S_{p_{m}}}$	Number of secret keys stored within each QKP at time T
KRU	Ratio of secret-key resources utilization in this network
$P_{s, d}$	Set of k shortest paths from QCN_s to QCN_d
$P_{s, d} (k)$	The k_th shortest path from QCN_s to QCN_d, and $P_{s, d} (k) P_{s, d}$
$S (t)_{i, j}$	Secret keys stock in the QKP between QCN_i and QCN_j on the point-to-point QKD link at time t
$L i s t_{P_{s, d}} k, (k N^{+})$	k shortest paths sequence (ordered) between QCN_s and QCN_d
$S_{P_{s, d (k)}} (t)$	The amount of secret keys available on the k_th shortest path at time t
F	Boolean variable, is 1 if the request r( $s_{r}$ , $d_{r}$ , $k_{r}$ , $t_{r}$ ) is carried on link while 0 otherwise
$N_{s r}$	Set of service requests successfully carried
$N_{f r}$	Set of failed service requests
SP	Success probability of key allocation on requests
$Q K P_{s, d} (k)$	QKP list on the k_th path between QCN_s and QCN_d
$M_{S_{i, j}}^{C} (t)$	Number of consumption of secret keys resources in QKD-enabled optical network
$M_{S_{i, j}}^{V} (t)$	Number of generation of secret keys resources in QKD-enabled optical network
$P_{s, d} (k, n, t)$	Number of secret keys available on the n_th QKP on the k_th path between QCN_s to QCN_d at time t

Multi-path-based quasi-real-time key provisioning in quantum-key-distribution enabled optical networks (QKD-ON)

Abstract

1. Introduction

2. Quasi-real-time key provisioning (QRT-KP)

2.1 Trusted-relay-based QKD

2.2 Quantum-key life cycle

2.3 Quasi-real-time key provisioning

3. Multi-path-based quasi-real-time key provisioning (MP-QRT-KP)

4. Simulation results and analysis

5. Conclusion

Funding

Disclosures

Data availability

References

Supplementary Material (1)

Data availability

Cited By

Figures (8)

Tables (1)

Equations (5)

Optics Express