Field Test of High-Speed Quantum-safe Optical Communication

Joo Yeon Cho

8 November 2018

ETSI / IQC Quantum Safe Workshop 2018

© 2018 ADVA Optical Networking. All rights reserved. Confidential.22

OTN (Layer 1) Security

© 2018 ADVA Optical Networking. All rights reserved. Confidential.33

Tapping of Optical Fiber is Reality

UK Government Communications Headquarter

– GCHQ –

© 2018 ADVA Optical Networking. All rights reserved. Confidential.44

1 …….…. 14 15 ….… 16 17 ………………………………. 3824 3825 .… 4080

1

2

3

4

Column number

OTU/ODU

overheadRO

W OPU

overheadEncryption

FEC

area

Encrypted Payload

OCH Overhead Och payload FEC data

Optical channel frame structure

AES-256

encrypted payload

Authenticated Diffie-

Hellman Key Exchange

Key Exchange

Encryption using G.709* / OTH Link Protocol * S. Gorshe, A tutorial on ITU-T G.709 optical transport networks (OTN), 2010

© 2018 ADVA Optical Networking. All rights reserved. Confidential.55

Hybrid Quantum-safe Key Exchange Schemes

Diffie-Hellman Key Exchange:

• Widely used (e.g. TLS)

• NIST standard (SP800-56Ar3)

Niederreiter Key Exchange:

• Unbroken since 1978

• PQC NIST standard candidate

• No additional hardware

Quantum Key Distribution: BB84

• Unconditionally secure by the laws of physics

• Requires additional hardware

Classic

McElieceNTS-KEM

NIST Post-quantum Crypto Project (2017 ~ )

2022-2024 - Draft standards available

(We chose following 2 out of 45 candidates.)

© 2018 ADVA Optical Networking. All rights reserved. Confidential.66

Post-Quantum Key Exchange: Niederreiter-Goppa

• Security level: NIST Category 5 (256-bit key)

• Implemented on the optical transmission system (PowerPC based platform)

• There are two submissions:

• Classic McEliece (https://classic.mceliece.org/)

• NTS-KEM (https://nts-kem.io/)

KEM [n, t] Public Key Secret Key

Classic McEliece [8192, 128] ~1.3 MB ~14 KB

NTS-KEM [8192, 136] ~1.4 MB ~19 KB

* Performance: NTS-KEM ≈ Classic McEliece

© 2018 ADVA Optical Networking. All rights reserved. Confidential.77

Quantum Key Distribution: ETSI QKD Key Interface*

NCU

(Alice) AES A1

QKD

NCU

(Bob)AES B1

QKD

Quantum Channel

Classical Channel

HTTPS HTTPS

Green: QKD system

Black: Optical Communication system

100G optical transponder 100G optical transponder

Diffie-Hellman KEX

I / FI / FKeyID

* ETSI QKD GS QKD 014 (Draft) “Quantum Key

Distribution (QKD) Protocol and data format of

key delivery API to Applications”

© 2018 ADVA Optical Networking. All rights reserved. Confidential.88

Hybrid key exchange provides a robust solution for quantum-safe key exchange.

Block Diagram of Hybrid Key Exchange Mode

AES-256-GCM AES-256-GCM

Secret key K

Message M Message M

Alice Bob

Ciphertext C

Diffie-

HellmanDiffie-

Hellman

Nieder-

reiter

Nieder-

reiter

Key

combiner

Key exchange

Key exchange

QKD QKDKey exchange

Secret key K

Key

combiner

Field Test of Quantum-safe 100G Optical Communication over NREN and GÉANT Network

When: 13 June 2018 15:30-16:00Where: @TNC18 in Trondheim

Live Demo:

© 2018 ADVA Optical Networking. All rights reserved. Confidential.1010

Demo Link for Quantum-safe Encryption

• Niederreiter post-quantum key exchange

• Quantum key distribution

• AES-256-GCM encryption

Post-quantum Key Exchange

(+ Diffie-Helllan)

Quantum Key Distribution

(+ Diffie-Helllan)

AES-GCM-256 encrypted payload data (OPU4)

Trondheim

ADVA Booth(Hamburg) (Oslo)

Poznan

PSNC

Trondheim

PSNC Booth

© 2018 ADVA Optical Networking. All rights reserved. Confidential.1111

The optical link and involved NRENs (~2800 km)

TNC18 venue - Trondheim

PSNC - Poznań

© 2018 ADVA Optical Networking. All rights reserved. Confidential.1212

QSC using QKD in national UK Testbed

Secure

Trusted

Node

Secure

Trusted

Node

Glass-

through

100KM

UKQN

• QKD for long-term security

• Standards compliant, open key interface

• Can accomodate different QKD suppliers

© 2018 ADVA Optical Networking. All rights reserved. Confidential.131313 © 2018 ADVA Optical Networking. All rights reserved. Confidential.13

We demonstrated a quantum-safe encryption on long distance optical network.

• Post-quantum encryption at Terena Networking Conference 2018 (2800 km, Poznam – Trondheim)

• QSC using QKD in national UK testbed

We implemented a hybrid key exchange for greater confidence and safe transition

from classical to quantum cryptography.

• Niederreiter-Goppa scheme with conservative parameters (the highest NIST category)

• ETSI QKD key interface (ETSI GS QKD 014)

• AES-256-GCM data encryption

Our field test clearly shows that high-speed quantum-safe optical communication is

possible today !

Summary

© 2018 ADVA Optical Networking. All rights reserved. Confidential.1414

Acknowledgements

This work has been performed in the framework of the CELTIC EUREKA project

SENDATE-Secure-DCI (Project ID C2015/3-4), and it is partly funded by the

German BMBF (Project ID 16KIS0477K).