Experimental Integration of Quantum Key Distribution and Post‐Quantum Cryptography in a Hybrid Quantum‐Safe Cryptosystem

Quantum key distribution (QKD) and post‐quantum cryptography (PQC) are the two counter measures against cryptographic attacks via quantum computing. While QKD offers information theoretic security but limited authentication scalability, PQC facilitates scalable authentication in high density network...

Full description

Saved in:
Bibliographic Details
Published in:Advanced quantum technologies (Online) 2024-04, Vol.7 (4), p.n/a
Main Authors: Garms, Lydia, Paraïso, Taofiq K., Hanley, Neil, Khalid, Ayesha, Rafferty, Ciara, Grant, James, Newman, James, Shields, Andrew J., Cid, Carlos, O'Neill, Maire
Format: Article
Language:English
Subjects:
hybrid authenticated cryptosystem
information theoretic security
post‐quantum cryptography
quantum cryptography
quantum key distribution
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Quantum key distribution (QKD) and post‐quantum cryptography (PQC) are the two counter measures against cryptographic attacks via quantum computing. While QKD offers information theoretic security but limited authentication scalability, PQC facilitates scalable authentication in high density networks but is not information theoretic secure. Therefore, an ideal quantum‐safe framework should efficiently leverage the complementarity of both techniques. However, despite growing efforts in integrating both, current realizations have focused on channel authentication, and a complete cryptosystem addressing both hybrid authentication and hybrid key exchange is yet to be demonstrated. Here, an authenticated hybrid key exchange protocol is introduced that incorporates PQC and QKD in a modular and information‐theoretic secure architecture. The quantum‐safe protocol is inherently resilient to catastrophic cryptographic failures and provides both forward and post‐compromise security. As proof‐of‐concept implementation, the cryptosystem on a QKD hardware prototype is integrated, with the QKD processing, PQC key exchange and secret state masking via physical unclonable functions (PUFs) all running on a single field programmable gate array (FPGA). This work paves the way for the deployment of versatile and modular quantum‐safe networks that exploit the complementarity of PQC and QKD. By leveraging the complementarity of Quantum, Post‐Quantum, and Classical Cryptography, the authors design a modular Hybrid Authenticated Cryptosystem with advanced features of forward security and post‐compromise security. In its optimal instantiation, the protocol is information theoretic secure for both authentication and key exchange. A proof‐of‐concept implementation is provided experimentally using a commercial‐grade QKD system, where the post‐quantum KEM algorithm is implemented in hardware on the same FPGA that runs the QKD functions.
ISSN:2511-9044
2511-9044
DOI:10.1002/qute.202300304