View on GitHub

Quantum Key Distribution (QKD) in OpenSSL

A report describing how we implemented QKD for OpenSSL during the RIPE Quantum Internet Hackathon 2019

The pan-European quantum Internet hackathon

On 5 and 6 November 2019 I (Bruno Rijsman) took part in the Pan-European Quantum Internet Hackathon organized by RIPE labs.

Pan European Quantum Hackathon Logo

Participants from six geographically distributed locations (Delft, Dublin, Geneva, Padua, Paris, and Sarajevo) formed teams that worked on various projects related to the Quantum Internet.

I participated in Delft where the hackathon was hosted by QuTech, a world-leading quantum technology research and development office within the Delft University of Technology.

The OpenSSL integration challenge

In Delft, I joined Yvo Keuter and Tim Janssen to form a team working on one of the challenges suggested by the hackathon organizers, namely the OpenSSL integration challenge.

This challenge was developed by Wojciech Kozlowski, a postdoctoral researcher at QuTech and one of the organizers of the Delft hackathon. He is also the main author of the Architectural Principles of the Quantum Internet document that is being developed in the Quantum Internet Research Group (QIRG) in the Internet Research Task Force (IRTF).

OpenSSL Logo

The OpenSSL integration challenge consists of two parts:

  1. Enhance OpenSSL to be able to use Quantum Key Distribution (QKD) as a key agreement protocol. OpenSSL is an open source cryptography library that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. OpenSSL is widely used in Internet applications such as web browsers and web servers.

  2. Implement a specific quantum key distribution protocol, namely the Bennett and Brassard 1984 (BB84) protocol, on top of the SimulaQron quantum network simulator.

The end-goal of the challenge is to use an off-the-shelf browser (e.g. Chrome) and connect it to a secure HTTPS website hosted on an off-the-shelf web server (e.g. Apache), while using the BB84 quantum key distribution algorithm as the key agreement protocol (running a SimulaQron simulated quantum network), instead of the classical Diffie-Hellman protocol that is normally used in classical networks.

The following figure shows what was actually achieved soon after the end of the hackathon (see part 4 for more details). At some time in the future I will replace the “mock QKD” implementation with a “real” implementation of BB84 QKD and update this report to document the results (I put “real” in quotes because it will run on a simulated quantum network using SimulaQron).

Architecture using engines and mock QKD

Structure of this report

In this report I describe how we achieved the goals set forth by the OpenSSL integration challenge.

The report consists of multiple parts (if you are already familiar with classical cryptography and quantum cryptography you probably want to skip ahead to part 4 which describes the actual implementation):

At some point in the future, I also plan to implement BB84 on top of SimulaQron and add a part 5 to this report to document that work.