Quantum key distribution involves establishing a key between a sender (“Alice”) and a receiver (“Bob”) by using weak (e.g., 0.1 photon on average) optical signals transmitted over a “quantum channel.” The security of the key distribution is based on the quantum mechanical principle that any measurement of a quantum system in unknown state will modify its state. As a consequence, an eavesdropper (“Eve”) that attempts to intercept or otherwise measure the quantum signal will introduce errors into the transmitted signals, thereby revealing her presence.
The general principles of quantum cryptography were first set forth by Bennett and Brassard in their article “Quantum Cryptography: Public key distribution and coin tossing,” Proceedings of the International Conference on Computers, Systems and Signal Processing, Bangalore, India, 1984, pp. 175-179 (IEEE, New York, 1984). Specific QKD systems are described in publications by C. H. Bennett et al entitled “Experimental Quantum Cryptography.” J. Cryptology, (1992) 5: 3-28, and by C. H. Bennett entitled “Quantum Cryptography Using Any Two Non-Orthogonal States”, Phys. Rev. Lett. 68 3121 (1992). The general process for performing QKD is described in the book by Bouwmeester et al., “The Physics of Quantum Information,” Springer-Verlag 2001, in Section 2.3, pages 27-33.
The above-mentioned publications by Bennett describe a so-called “one-way” QKD system wherein Alice randomly encodes the polarization or phase of single photons, and Bob randomly measures the polarization or phase of the photons. The one-way system described in the Bennett 1992 paper and incorporated by reference herein is based on a shared interferometric system. Respective parts of the interferometric system are accessible by Alice and Bob so that each can control the phase of the interferometer. The signals (pulses) sent from Alice to Bob are time-multiplexed and follow different paths. As a consequence, the interferometers need to be actively stabilized to within a few tens of nanoseconds during transmission to compensate for thermal drifts.
U.S. Pat. No. 6,438,234 to Gisin (the '234 patent), which patent is incorporated herein by reference, discloses a so-called “two-way” QKD system that employs an autocompensating interferometer first invented by Dr. Joachim Meier of Germany and published in 1995 (in German) as “Stabile Interferometrie des nichtlinearen Brechzahl-Koeffizienten von Quarzglasfasern der optischen Nachrichtentechnik,” Joachim Meier.—Als Ms. gedr.—Düsseldorf: VDI-Verl., Nr. 443, 1995 (ISBN 3-18-344308-2). Because the Meier interferometer is autocompensated for polarization and thermal variations, the two-way QKD system based thereon is less susceptible to environmental effects than a one-way system.
It will be desirable to one day have multiple QKD links woven into an overall QKD network that connects its QKD endpoints via a mesh of QKD relays or routers. Example QKD networks are discussed in the publication by C. Elliot, New Journal of Physics 4 (2002), 46.146.12, and also in PCT patent application publication no. WO 02/05480, which publication and PCT patent application are incorporated by reference herein.
When a given point-to-point QKD link within the relay fails—e.g. by a fiber being cut or from too much eavesdropping or noise—that link is abandoned and another used instead. This type of QKD network can be engineered to be resilient even in the face of active eavesdropping or other denial-of-service attacks.
Such QKD networks can be built in several ways. In one example, the QKD relays only transport keying material. After relays have established pair-wise agreed-to keys along an end-to-end point, e.g., between the two QKD endpoints, they employ these key pairs to securely transport a key “hop by hop” from one endpoint to the other. The key is encrypted and decrypted using a onetime-pad with each pairwise key as it proceeds from one relay to the next. In this approach, the end-to-end key will appear in the clear within the relays' memories proper, but will always be encrypted when passing across a link. Such a design may be termed a “key transport network.”
Alternatively, QKD relays may transport both keying material and message traffic. In essence, this approach uses QKD as a link encryption mechanism, or stitches together an overall end-to-end traffic path from a series of QKD-protected tunnels.
Such QKD networks have advantages that overcome the drawbacks of point-to-point links enumerated above. First, they can extend the geographic reach of a network secured by quantum cryptography, since wide-area networks can be created by a series of point-to-point links bridged by active relays. Links can be heterogeneous transmission media, i.e., some may be through fiber while others are free-space. Thus, in theory, such a network could provide fully global coverage.
Second, they lessen the chance that an adversary could disable the key distribution process, whether by active eavesdropping or simply by cutting a fiber. A QKD network can be engineered with as much redundancy as desired simply by adding more links and relays to the mesh.
Third, QKD networks can greatly reduce the cost of large-scale interconnectivity of private enclaves by reducing the required (N×(N−1))/2 point-to-point links to as few as N links in the case of a simple star topology for the key distribution network.
Such QKD networks do have their own drawbacks, however. For example, their prime weakness is that the relays must be trusted. Since keying material and—directly or indirectly—message traffic are available in the clear in the relays' memories, these relays must not fall into an adversary's hands. They need to be in physically secured locations and perhaps guarded if the traffic is truly important. In addition, all users in the system must trust the network (and the network's operators) with all keys to their message traffic. Thus, a pair of users with unusually sensitive traffic must expand the circle of those who can be privy to it to include all machines, and probably all operators, of the QKD network used to transport keys for this sensitive traffic.
U.S. patent application Ser. No. 11/152,875, entitled “QKD System Network,” filed on Jun. 15, 2005, (the '875 application), and also filed as a corresponding PCT Patent Application on Jul. 28, 2005, and incorporated by reference herein, discloses a QKD network system that includes a cascaded arrangement of QKD stations that utilize switches. The switches allow for a choice of pathways between points in the network. The '875 application also describes approaches for communicating keys between stations in the network. In QKD networks, such as those described in the '875 application, it would be useful to have a way to perform a check of the Alice and Bob units in each box without fear of outside interference through the externally accessible fiber links, while also allowing pass-through communication between relays in a QKD-based network.