ETSI GS QKD 002 V1.1.1 (2010-06)

ETSI GS QKD 002 V1.1.1 (2010-06)
Group Specification


Quantum Key Distribution;
Use Cases

---------------------- Page: 1 ----------------------
2 ETSI GS QKD 002 V1.1.1 (2010-06)



Reference
DGS/QKD-0002_UserReqs
Keywords
quantum cryptography, quantum key distribution,
use case
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
Individual copies of the present document can be downloaded from:
http://www.etsi.org
The present document may be made available in more than one electronic version or in print. In any case of existing or
perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF).
In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive
within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
http://portal.etsi.org/tb/status/status.asp
If you find errors in the present document, please send your comment to one of the following services:
http://portal.etsi.org/chaircor/ETSI_support.asp
Copyright Notification
No part may be reproduced except as authorized by written permission.
The copyright and the foregoing restriction extend to reproduction in all media.

© European Telecommunications Standards Institute 2010.
All rights reserved.

TM TM TM TM
DECT , PLUGTESTS , UMTS , TIPHON , the TIPHON logo and the ETSI logo are Trade Marks of ETSI registered
for the benefit of its Members.
TM
3GPP is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners.
LTE™ is a Trade Mark of ETSI currently being registered
for the benefit of its Members and of the 3GPP Organizational Partners.
GSM® and the GSM logo are Trade Marks registered and owned by the GSM Association.
ETSI

---------------------- Page: 2 ----------------------
3 ETSI GS QKD 002 V1.1.1 (2010-06)
Contents
Intellectual Property Rights . 5
st
Foreword to the Present 1 Edition . 5
1 Scope . 7
2 References . 7
2.1 Normative references . 7
2.2 Informative references . 8
3 Definitions and abbreviations . 9
4 QKD - A Security Technology Innovation . . 10
4.1 Classification of QKD as cryptographic primitive . 10
4.1.1 Encryption primitives . 10
4.1.2 Key distribution primitives . 10
4.1.3 Message authentication primitives . 11
4.1.4 Synopsis . 11
5 ISG-QKD Work Plan . 12
5.1 QKD Security Certification . 12
5.1.1 QKD; Ontology, Vocabulary, Terms of Reference . 13
5.1.2 QKD; Assurance requirements . 13
5.1.3 QKD; Module security specification . 13
5.1.4 List of approved QKD technologies . 14
5.1.5 QKD; Threats and Attacks . 14
5.1.6 QKD; Security Proofs . 14
5.1.7 QKD; Components and Internal Interfaces . 14
5.2 QKD Integration into Existing Infrastructures . 14
5.2.1 QKD; Use Cases . 15
5.2.2 QKD; Application Interface . 15
5.2.3 QKD devices integration within standard optical networks . 15
5.3 Complementary Research . 15
5.3.1 Promoters and Inhibitors for QKD . 15
5.3.2 Prospects of QKD in Europe. 15
6 Application scenarios for QKD . 16
6.1 Data Link Layer . 16
6.2 Network Layer . 16
6.3 Transport Layer . 17
6.4 Application Layer . 17
7 Use Cases . 17
7.1 Use Case 1: Offsite Backup / Business Continuity . 17
7.1.1 Goal . 17
7.1.2 Description . 17
7.1.3 Concept of Operation . 18
7.1.4 Actors . 18
7.1.5 Actor Specific Issues . 18
7.1.6 Actor Specific Benefits . 19
7.1.7 Operational and Quality of Service Considerations . 19
7.1.8 Functional Characteristics . 19
7.2 Use Case 2: Enterprise Metropolitan Area Network . 19
7.2.1 Goal . 19
7.2.2 Description . 19
7.2.3 Concept of Operation . 20
7.2.4 Actors . 20
7.2.5 Actor Specific Issues . 20
7.2.6 Actor Specific Benefits . 20
7.2.7 Operational and Quality of Service Considerations . 20
ETSI

---------------------- Page: 3 ----------------------
4 ETSI GS QKD 002 V1.1.1 (2010-06)
7.2.8 Use Case Variant: QKD Secured Key Server . 21
7.2.9 Functional Characteristics . 21
7.3 Use Case 3: Critical Infrastructure Control and Data Acquisition . 21
7.3.1 Goal . 21
7.3.2 Description . 22
7.3.3 Concept of Operation . 22
7.3.4 Actors . 23
7.3.5 Actor Specific Issues . 23
7.3.6 Actor Specific Benefits . 23
7.3.7 Operational and Quality of Service Considerations . 24
7.3.8 Functional Characteristics . 24
7.4 Use Case 4: Backbone Protection . 24
7.4.1 Goal . 24
7.4.2 Description . 24
7.4.3 Concept of Operation . 25
7.4.4 Actors . 25
7.4.5 Actor Specific Issues . 25
7.4.6 Actor Specific Benefits . 25
7.4.7 Operational and Quality of Service Considerations . 25
7.4.8 Functional Characteristics . 25
7.5 Use Case 5: High Security Access Network. 26
7.5.1 Goal . 26
7.5.2 Description . 26
7.5.3 Concept of Operation . 26
7.5.4 Actors . 26
7.5.5 Actor Specific Issues . 27
7.5.6 Actor Specific Benefits . 27
7.5.7 Operational and Quality of Service Considerations . 27
7.5.8 Use Case Variant: QKD Authenticated Sensor Network . 27
7.5.9 Functional Characteristics . 27
7.6 Use Case 6: Long-Haul Service . 28
7.6.1 Goal . 28
7.6.2 Description . 28
7.6.3 Concept of Operation . 28
7.6.4 Actors . 29
7.6.5 Actor Specific Issues . 29
7.6.6 Actor Specific Benefits . 29
7.6.7 Operational and Quality of Service Considerations . 29
7.6.8 Use Case Variant: Flying QKD Node . 29
7.6.9 Functional Characteristics . 29
8 Requirements . 29
Annex A (informative): Authors and Contributors . 30
Annex B (informative): Bibliography . 31
History . 32

ETSI

---------------------- Page: 4 ----------------------
5 ETSI GS QKD 002 V1.1.1 (2010-06)
Intellectual Property Rights
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (http://webapp.etsi.org/IPR/home.asp).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
st
Foreword to the Present 1 Edition
This Group Specification (GS) has been produced by ETSI Industry Specification (ISG) Group Quantum Key
Distribution (QKD).
This is the first edition of the ‘Quantum Key Distribution; Use Cases' Group Specification. For that reason, the present
document contains introductory clauses not common to typical use cases Group Specifications. These parts shall at the
present time provide to the reader an introduction on QKD as cryptographic primitive, as well as an introduction to the
work program of the ISG-QKD. These clauses shall be removed (or moved to other Group Specifications) in future
releases.
At the same time, the present document lacks clauses which are common to typical use cases Group Specifications. This
reflects the fact that QKD as technology on the whole is subject to ongoing scientific research and development. Yet,
these parts are properly identified and shall be supplied in future releases of the present document.
According to the implementation plan, the present document will be superseded with a new revision in November 2010.
In detail the aforementioned clauses are:
• The introduction 1.2 'QKD versus Other Solutions': This clause provides an introduction to the technology
used in QKD, as well as a classification of QKD as cryptographic primitive. Moreover, the security which can
be achieved with QKD is discussed. This clause will later be moved to the Group Specification 'QKD;
Ontology, vocabulary, and terms of reference', which is currently under development in work item WI7 of the
ISG_QKD.
• The overview 1.1 'QKD Evaluation Context': This overview, including the work item numbers in Figure 1,
is not exactly appropriate for a Group Specification. Yet, the additional information presented in this clause is
essential for understanding the overall context of the work towards a framework for security certification of
QKD systems, as it is performed by the ETSI ISG-QKD. Future releases of the present document will have
this clause removed (and moved to the Group Specification 'QKD; Ontology, vocabulary, and terms of
reference').
• The present document lacks the 'Definitions' as well as the 'Abbreviations' clause (clause 3). These clauses
were completely removed from the document as they are not necessary since all terminology has been
harmonized to the vocabulary in the "QKD: Ontology, Vocabulary, Terms of Reference" group
specification (GS), which is currently under development. These clauses are not crucial for the understanding
of the present document as particular attention was paid to explain technical terms and abbreviations whenever
they appear first in the text.
• Although the ultimate goal of the 'QKD; Use Cases' Group Specification is to derive functional requirements
from the listed use cases, the 'Requirements' clause of clause 7 is completely left blank for the present first
issue of the GS. This is owed to the fact that the present document is the first effort towards a systematic
collection of use cases for QKD and will likely be strongly revised until its next release in November 2010.
ETSI

---------------------- Page: 5 ----------------------
6 ETSI GS QKD 002 V1.1.1 (2010-06)
• A scenario workshop with representatives from potential users, customers, system integrators, as well as
policy and decision makers shall be organized for June 22, 2010. One of the main goals of the scenario
workshop is to discuss and revise the six use cases presented in the present document. The use cases shall
subsequently be adapted according to the findings of the workshop and requirements derived for the
nd
November 2010 2 issue of the 'QKD; Use Cases' Group Specification.
ETSI

---------------------- Page: 6 ----------------------
7 ETSI GS QKD 002 V1.1.1 (2010-06)
1 Scope
The Use Cases Document shall provide an overview of possible application scenarios in which Quantum Key
Distribution (QKD) systems ([i.1]) can be used as building blocks for high security Information and communication
technology (ICT) systems.
QKD systems are commercially available today - there are a handful of small enterprises producing and selling QKD
systems. Even more QKD systems are being developed in research laboratories of big enterprises and at research
centers and universities. All these systems have in common, that they consist of two units, usually for 19" rack mount,
connected by a quantum channel of up to 100 km - either optical telecom fiber, or a free space channel through-the-air
between two telescopes. They use quantum physical properties of light to generate and simultaneously output identical
but random bit strings in the two units on both ends of the quantum channel.
The output of a QKD system can serve as a shared secret in any computer security system from which cryptographic
key can be generated.
The laws of quantum physics ensure that it is virtually impossible to eavesdrop on this key distribution process on the
quantum channel without the two stations immediately noticing it ([i.3] and [i.4]). More precisely, QKD systems never
output insecure key. The net effect of eavesdropping is a decrease, or eventually, a stop in the key output. The degree of
security of the keys is cryptographically denoted as "information-theoretical security". In broad terms this implies that
the key is almost perfectly random, while the state of knowledge of the eavesdropper is almost zero. The deviations of
these "ideal properties" are measurable and it is in the hand of the legitimate operators to make them arbitrarily small at
the expense of a small reduction in the key generation rate.
The actual implementations of the QKD devices vary strongly and belong to a number of broad technological
realization classes: discrete variable realizations, continuous variable realization, and distributed phase-reference
realizations (for a detailed technical description of QKD, see [i.2], [i.12] and the documents referenced therein).
However, the basic functionality of a QKD system as an information-theoretically secure key-distribution facility is
universal. All these implementations have an optical subsystem with components used for the preparation and
measurement of quantum information in photons of light, as well as complex computer systems for transforming
measured results into digital data. These implementations are, like any security system, subject to several side channels
through which information may eventually leak out of a secure boundary. Besides the showcase "use cases", the present
document presents the specifications and mechanisms for driving development towards a security certification of QKD
systems - an indispensable requirement for their qualified and dependable use.
2 References
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references,only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
Referenced documents which are not found to be publicly available in the expected location might be found at
http://docbox.etsi.org/Reference.
NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee
their long term validity.
2.1 Normative references
The following referenced documents are necessary for the application of the present document.
Not applicable.
ETSI

---------------------- Page: 7 ----------------------
8 ETSI GS QKD 002 V1.1.1 (2010-06)
2.2 Informative references
The following referenced documents are not necessary for the application of the present document but they assist the
user with regard to a particular subject area.
[i.1] "Quantum Cryptography: Public Key Distribution and Coin Tossing, Proceedings of IEEE
International Conference on Computers Systems and Signal Processing", Bangalore India, C.H.
Bennett and G. Brassard, December 1984, pp 175-179.
NOTE: Online at http://www.research.ibm.com/people/b/bennetc/bennettc198469790513.pdf.
[i.2] "Quantum cryptography, Reviews of Modern Physics", Nicolas Gisin, Grégoire Ribordy,
Wolfgang Tittel and Hugo Zbinden, Vol 74, 145-195 (2002).
NOTE: Online at http://www.gap-optique.unige.ch/Publications/PDF/QC.pdf.
[i.3] "The security of practical quantum key distribution", Valerio Scarani, Helle
Bechmann-Pasquinucci, Nicolas J. Cerf, Miloslav Dušek, Norbert Lütkenhaus, and Momtchil
Peev, Vol. 81, 1301-1351 (2009).
NOTE: Online at http://arxiv.org/abs/0802.4155.
[i.4] "Security of quantum key distribution with imperfect devices", D. Gottesman, H.-K. Lo, N.
Lütkenhaus, and J. Preskill,Vol. 5, 325-360) (2004).
NOTE: Available at http://arxiv.org/abs/quant-ph/0212066.
[i.5] "White Paper on Quantum Key Distribution and Cryptography", Preprint arXiv:quant-ph/0701168,
Alléaume R, Bouda J, Branciard C, Debuisschert T, Dianati M, Gisin N, Godfrey M, Grangier Ph,
Länger T, Leverrier A, Lütkenhaus N, Painchault P, Peev M, Poppe A, Pornin Th, Rarity J, Renner
R, Ribordy G, Riguidel M, Salvail L, Shields A, Weinfurter H, Zeilinge, A, 2006 SECOQC.
[i.6] UQC Report: "Updating Quantum Cryptography", Quantum Physics (quant-ph); Cyptography and
Security. Donna Dodson, Mikio Fujiwara, Philippe Grangier, Masahito Hayashi, Kentaro Imafuku,
Ken-ichi Kitayama, Prem Kumar, Christian Kurtsiefer, Gaby Lenhart, Norbert Luetkenhaus,
Tsutomu Matsumoto, William J. Munro, Tsuyoshi Nishioka, Momtchil Peev, Masahide Sasaki,
Yutaka Sata, Atsushi Takada, Masahiro Takeoka, Kiyoshi Tamaki, Hidema Tanaka, Yasuhiro
Tokura, Akihisa Tomita, Morio Toyoshima, Rodney van Meter, Atsuhiro Yamagishi, Yoshihisa
Yamamoto, and Akihiro Yamamura, 2009.
NOTE: Available at http://arxiv.org/abs/0905.4325.
[i.7] IETF RFC 1661: "The Point-to-Point Protocol (PPP)".
[i.8] IETF RFC 1968: "The PPP Encryption Control Protocol (ECP)".
[i.9] IEEE 802.3u.
[i.10] "Handbook of Applied Cryptography", (Boca Raton: CRC Press) Menezes A J, van Oorschot P C
and Vanstone S A 1997.
[i.11] "Applied Cryptography", Schneier B 1996, (New York: John Wiley).
[i.12] "Quantum Cryptography Progress in Optics 49", Dusek, M, Lütkenhaus N and Hendrych M 2006,
Edt. E. Wolf , Elsevier 381-454.
[i.13] "Principled Assuredly Trustworthy Composable Architectures Computer Science Laboratory",
Neumann P G 2003, SRI International, Menlo Park.
[i.14] "The Case for Quantum Key Distribution Preprint arXiv:0902.2839v1 [quant-ph]", Stebila D,
Mosca M and Lütkenhaus N 2009.
[i.15] "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems Communications of
the ACM 21,2 120-6", Rivest R L, Shamir A and Adleman L M 1978.
ETSI

---------------------- Page: 8 ----------------------
9 ETSI GS QKD 002 V1.1.1 (2010-06)
[i.16] "Communication theory of secrecy systems Bell Systems technical Journal", 28 656-715 Shannon
C E 1949.
[i.17] "New directions in cryptography IEEE Transactions on Information Theory", 22 644-54, Diffie W
and Hellman M E, 1976.
[i.18] "How to Break MD5 and Other Hash Functions Proc. EUROCRYPT 2005, Lecture Notes in
Computer Science" 3494 19-35, Wang X, Yu H, 2005.
[i.19] "Finding Collisions in the Full SHA-1 Lecture Notes in Computer Sciences", 3621 17-36, Wang
X, Yin Y
...