View on GitHub

Quantum Key Distribution (QKD) in OpenSSL

A report describing how we implemented QKD for OpenSSL during the RIPE Quantum Internet Hackathon 2019

This is part 3 in a multi-part report describing how we implemented Quantum Key Distribution (QKD) in OpenSSL as part of the pan-European quantum Internet hackathon in Delft on 5 and 6 November 2019. See the main page of this report for the other parts. – Bruno Rijsman

The ETSI QKD API.

The roll-of-the-tongue acronym ETSI QKD API stands for the European Telecommunications Standards Organization (ETSI) Quantum Key Distribution (QKD) Application Programming Interface (API).

In part 2 of this report we described what is broken in classical security, how Quantum Key Distribution (QKD) can fix it, what some of the theory behind QKD is, and how there are already some commercial companies that offer QKD devices for sale.

For now, the commercially available QKD devices are rather large stand-alone devices that are not yet integrated into routers or switches or end-point computers on the network. Thus the application that wants to consume QKD sits on a different device than the stand-alone device that implements QKD.

As a result, we need some sort of interface, a so-called Application Programming Interface (API) between QKD consumer (the application) and the QKD provider (the stand-alone QKD device).

The European Telecommunications Standards Organization (ETSI) has defined exactly such an API, namely ETSI GS QKD 004 V1.1.1 (2010-12): Quantum Key Distribution (QKD); Application Interface. In part 4 of this report we will use this API to add QKD support to OpenSSL.

In fact, there is an Industry Specification Group (ISG) in ETSI that defines standards for Quantum Key Distribution for Users that has produced multiple standards in the area of QKD:

ETSI GS QKD 002 V1.1.1 (2010-06): Quantum Key Distribution (QKD); Use Cases.
ETSI GR QKD 003 V2.1.1 (2018-03): Quantum Key Distribution (QKD); Components and Internal Interfaces.
ETSI GS QKD 004 V1.1.1 (2010-12): Quantum Key Distribution (QKD); Application Interface.
ETSI GS QKD 005 V1.1.1 (2010-12): Quantum Key Distribution (QKD); Security Proofs.
ETSI GR QKD 007 V1.1.1 (2018-12): Quantum Key Distribution (QKD); Vocabulary.
ETSI GS QKD 008 V1.1.1 (2010-12): Quantum Key Distribution (QKD); QKD Module Security Specification.
ETSI GS QKD 011 V1.1.1 (2016-05): Quantum Key Distribution (QKD); Component characterization: characterizing optical components for QKD systems.
ETSI GS QKD 012 V1.1.1 (2019-02): Quantum Key Distribution (QKD); Device and Communication Channel Parameters for QKD Deployment.
ETSI GS QKD 014 V1.1.1 (2019-02): Quantum Key Distribution (QKD); Protocol and data format of REST-based key delivery API.

ETSI also published an interesting report that describes practical attacks and counter measures on the QKD implementations: ETSI White Paper No. 27: Implementation Security of Quantum Cryptography; Introduction, challenges, solutions.

Note that these are vulnerabilities due the the implementation of the QKD system as opposed to vulnerabilities due to flaws in the QKD theory itself.