View on GitHub

Quantum Key Distribution (QKD) in OpenSSL

A report describing how we implemented QKD for OpenSSL during the RIPE Quantum Internet Hackathon 2019

This is part 3 in a multi-part report describing how we implemented Quantum Key Distribution (QKD) in OpenSSL as part of the pan-European quantum Internet hackathon in Delft on 5 and 6 November 2019. See the main page of this report for the other parts. – Bruno Rijsman

The ETSI QKD API.

The roll-of-the-tongue acronym ETSI QKD API stands for the European Telecommunications Standards Organization (ETSI) Quantum Key Distribution (QKD) Application Programming Interface (API).

In part 2 of this report we described what is broken in classical security, how Quantum Key Distribution (QKD) can fix it, what some of the theory behind QKD is, and how there are already some commercial companies that offer QKD devices for sale.

For now, the commercially available QKD devices are rather large stand-alone devices that are not yet integrated into routers or switches or end-point computers on the network. Thus the application that wants to consume QKD sits on a different device than the stand-alone device that implements QKD.

As a result, we need some sort of interface, a so-called Application Programming Interface (API) between QKD consumer (the application) and the QKD provider (the stand-alone QKD device).

The European Telecommunications Standards Organization (ETSI) has defined exactly such an API, namely ETSI GS QKD 004 V1.1.1 (2010-12): Quantum Key Distribution (QKD); Application Interface. In part 4 of this report we will use this API to add QKD support to OpenSSL.

In fact, there is an Industry Specification Group (ISG) in ETSI that defines standards for Quantum Key Distribution for Users that has produced multiple standards in the area of QKD:

ETSI also published an interesting report that describes practical attacks and counter measures on the QKD implementations: ETSI White Paper No. 27: Implementation Security of Quantum Cryptography; Introduction, challenges, solutions.

Note that these are vulnerabilities due the the implementation of the QKD system as opposed to vulnerabilities due to flaws in the QKD theory itself.