Quantum key distribution involves establishing a key between two QKD stations (“boxes”)—typically referred to as a sender named “Alice” and a receiver named “Bob”—by using weak (e.g., 0.1 photon on average) optical signals transmitted over a “quantum channel.” The security of the key distribution is based on the quantum mechanical principle that any measurement of a quantum system in unknown state will modify its state. As a consequence, an eavesdropper (“Eve”) that attempts to intercept or otherwise measure the quantum signal will introduce errors into the transmitted signals, thereby revealing her presence.
The general principles of quantum cryptography were first set forth by Bennett and Brassard in their article “Quantum Cryptography: Public key distribution and coin tossing,” Proceedings of the International Conference on Computers, Systems and Signal Processing, Bangalore, India, 1984, pp. 175-179 (IEEE, New York, 1984). Specific QKD systems are described in the publication by C. H. Bennett et al., entitled “Experimental Quantum Cryptography” J. Cryptology, (1992) 5: 3-28, and in the publication by C. H. Bennett, entitled “Quantum Cryptography Using Any Two Non-Orthogonal States”, Phys. Rev. Lett. 68 3121 (1992). The general process for performing QKD is described in the book by Bouwmeester et al., entitled “The Physics of Quantum Information,” Springer-Verlag 2001, in Section 2.3, pages 27-33.
The above-mentioned publications each describe a so-called “one-way” QKD system wherein Alice randomly encodes the polarization or phase of single photons, and Bob randomly measures the polarization or phase of the photons. The one-way system described in the Bennett 1992 paper and incorporated by reference herein is based on a shared interferometric system. Respective parts of the interferometric system are accessible by Alice and Bob so that each can control the phase of the interferometer.
U.S. Pat. No. 6,438,234 to Gisin (the '234 patent), which patent is incorporated herein by reference, discloses a so-called “two-way” QKD system that is autocompensated for polarization and thermal variations. Thus, the two-way QKD system of the '234 patent is generally less susceptible to environmental effects than a one-way system.
It will be desirable to one day have multiple QKD links woven into an overall QKD network that connects its QKD endpoints via a mesh of QKD relays or routers. Example QKD networks are discussed in the publication by C. Elliot et al., entitled “Quantum cryptography in practice,” New Journal of Physics 4 (2002), 46.1-46.12, and also in PCT Patent Application Publication No. WO 02/05480, which article and Patent Application Publication are incorporated by reference herein.
In a QKD network, the QKD systems that make up the network need to be able to distribute private quantum encryption keys among the participating stations (nodes) of the network. These private keys are to be used by distributed applications such as IPsec, SSL, L2TP, and applications using private security protocols. This requires that the method of acquiring the keys by the applications be node-independent. For example, if application A in one node acquires key K1, the peer application A in another node must also acquire the same key K1. This needs to be done in real time without using frequent communications among the nodes. In addition, since multiple applications “compete” for the keys, there needs to be a way to control the key flow rate from the QKD layer to the application layer. Furthermore, the set of keys distributed from the QKD layer may become inconsistent among the nodes due to the node reset, hardware/software failures, or errors in user administration.
Accordingly, there is a need for a method and architecture to manage and distribute, in real time, QKD-generated quantum encryption keys to all of the nodes in a QKD-based network.