ETSI GS QKD 002 V1.1.1 (2010-06)

ETSI GS QKD 002 V1.1.1 (2010-06)
Group Specification
Quantum Key Distribution;
Use Cases
---------------------- Page: 1 ----------------------
2 ETSI GS QKD 002 V1.1.1 (2010-06)
Reference
DGS/QKD-0002_UserReqs
Keywords
quantum cryptography, quantum key distribution,
use case
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE
Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16
Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88
Important notice
Individual copies of the present document can be downloaded from:
http://www.etsi.org

The present document may be made available in more than one electronic version or in print. In any case of existing or

perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF).

In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive

Users of the present document should be aware that the document may be subject to revision or change of status.

Information on the current status of this and other ETSI documents is available at

If you find errors in the present document, please send your comment to one of the following services:

DECT , PLUGTESTS , UMTS , TIPHON , the TIPHON logo and the ETSI logo are Trade Marks of ETSI registered

3GPP is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners.

GSM® and the GSM logo are Trade Marks registered and owned by the GSM Association.

Intellectual Property Rights ................................................................................................................................ 5

Foreword to the Present 1 Edition .................................................................................................................... 5

1 Scope ........................................................................................................................................................ 7

2 References ................................................................................................................................................ 7

2.1 Normative references ......................................................................................................................................... 7

2.2 Informative references ........................................................................................................................................ 8

3 Definitions and abbreviations ................................................................................................................... 9

4 QKD - A Security Technology Innovation ...................................................................................... ...... 10

4.1 Classification of QKD as cryptographic primitive ........................................................................................... 10

4.1.1 Encryption primitives ................................................................................................................................. 10

4.1.2 Key distribution primitives ......................................................................................................................... 10

4.1.3 Message authentication primitives .............................................................................................................. 11

4.1.4 Synopsis ...................................................................................................................................................... 11

5 ISG-QKD Work Plan ............................................................................................................................. 12

5.1 QKD Security Certification .............................................................................................................................. 12

5.1.1 QKD; Ontology, Vocabulary, Terms of Reference .................................................................................... 13

5.1.2 QKD; Assurance requirements ................................................................................................................... 13

5.1.3 QKD; Module security specification .......................................................................................................... 13

5.1.4 List of approved QKD technologies ........................................................................................................... 14

5.1.5 QKD; Threats and Attacks .......................................................................................................................... 14

5.1.6 QKD; Security Proofs ................................................................................................................................. 14

5.1.7 QKD; Components and Internal Interfaces ................................................................................................. 14

5.2 QKD Integration into Existing Infrastructures ................................................................................................. 14

5.2.1 QKD; Use Cases ......................................................................................................................................... 15

5.2.2 QKD; Application Interface ........................................................................................................................ 15

5.2.3 QKD devices integration within standard optical networks ........................................................................ 15

5.3 Complementary Research ................................................................................................................................. 15

5.3.1 Promoters and Inhibitors for QKD ............................................................................................................. 15

5.3.2 Prospects of QKD in Europe....................................................................................................................... 15

6 Application scenarios for QKD .............................................................................................................. 16

6.1 Data Link Layer ............................................................................................................................................... 16

6.2 Network Layer .................................................................................................................................................. 16

6.3 Transport Layer ................................................................................................................................................ 17

6.4 Application Layer ............................................................................................................................................. 17

7 Use Cases ............................................................................................................................................... 17

7.1 Use Case 1: Offsite Backup / Business Continuity .......................................................................................... 17

7.1.1 Goal ............................................................................................................................................................ 17

7.1.2 Description .................................................................................................................................................. 17

7.1.3 Concept of Operation .................................................................................................................................. 18

7.1.4 Actors .......................................................................................................................................................... 18

7.1.5 Actor Specific Issues .................................................................................................................................. 18

7.1.6 Actor Specific Benefits ............................................................................................................................... 19

7.1.7 Operational and Quality of Service Considerations .................................................................................... 19

7.1.8 Functional Characteristics ........................................................................................................................... 19

7.2 Use Case 2: Enterprise Metropolitan Area Network ........................................................................................ 19

7.2.1 Goal ............................................................................................................................................................ 19

7.2.2 Description .................................................................................................................................................. 19

7.2.3 Concept of Operation .................................................................................................................................. 20

7.2.4 Actors .......................................................................................................................................................... 20

7.2.5 Actor Specific Issues .................................................................................................................................. 20

7.2.6 Actor Specific Benefits ............................................................................................................................... 20

7.2.7 Operational and Quality of Service Considerations .................................................................................... 20

7.2.8 Use Case Variant: QKD Secured Key Server ............................................................................................. 21

7.2.9 Functional Characteristics ........................................................................................................................... 21

7.3 Use Case 3: Critical Infrastructure Control and Data Acquisition ................................................................... 21

7.3.1 Goal ............................................................................................................................................................ 21

7.3.2 Description .................................................................................................................................................. 22

7.3.3 Concept of Operation .................................................................................................................................. 22

7.3.4 Actors .......................................................................................................................................................... 23

7.3.5 Actor Specific Issues .................................................................................................................................. 23

7.3.6 Actor Specific Benefits ............................................................................................................................... 23

7.3.7 Operational and Quality of Service Considerations .................................................................................... 24

7.3.8 Functional Characteristics ........................................................................................................................... 24

7.4 Use Case 4: Backbone Protection ..................................................................................................................... 24

7.4.1 Goal ............................................................................................................................................................ 24

7.4.2 Description .................................................................................................................................................. 24

7.4.3 Concept of Operation .................................................................................................................................. 25

7.4.4 Actors .......................................................................................................................................................... 25

7.4.5 Actor Specific Issues .................................................................................................................................. 25

7.4.6 Actor Specific Benefits ............................................................................................................................... 25

7.4.7 Operational and Quality of Service Considerations .................................................................................... 25

7.4.8 Functional Characteristics ........................................................................................................................... 25

7.5 Use Case 5: High Security Access Network..................................................................................................... 26

7.5.1 Goal ............................................................................................................................................................ 26

7.5.2 Description .................................................................................................................................................. 26

7.5.3 Concept of Operation .................................................................................................................................. 26

7.5.4 Actors .......................................................................................................................................................... 26

7.5.5 Actor Specific Issues .................................................................................................................................. 27

7.5.6 Actor Specific Benefits ............................................................................................................................... 27

7.5.7 Operational and Quality of Service Considerations .................................................................................... 27

7.5.8 Use Case Variant: QKD Authenticated Sensor Network ............................................................................ 27

7.5.9 Functional Characteristics ........................................................................................................................... 27

7.6 Use Case 6: Long-Haul Service ....................................................................................................................... 28

7.6.1 Goal ............................................................................................................................................................ 28

7.6.2 Description .................................................................................................................................................. 28

7.6.3 Concept of Operation .................................................................................................................................. 28

7.6.4 Actors .......................................................................................................................................................... 29

7.6.5 Actor Specific Issues .................................................................................................................................. 29

7.6.6 Actor Specific Benefits ............................................................................................................................... 29

7.6.7 Operational and Quality of Service Considerations .................................................................................... 29

7.6.8 Use Case Variant: Flying QKD Node ......................................................................................................... 29

7.6.9 Functional Characteristics ........................................................................................................................... 29

8 Requirements .......................................................................................................................................... 29

Annex A (informative): Authors and Contributors ............................................................................. 30

Annex B (informative): Bibliography ................................................................................................... 31

History .............................................................................................................................................................. 32

IPRs essential or potentially essential to the present document may have been declared to ETSI. The information

pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found

in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in

respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web

Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee

can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web

This Group Specification (GS) has been produced by ETSI Industry Specification (ISG) Group Quantum Key

This is the first edition of the ‘Quantum Key Distribution; Use Cases' Group Specification. For that reason, the present

document contains introductory clauses not common to typical use cases Group Specifications. These parts shall at the

present time provide to the reader an introduction on QKD as cryptographic primitive, as well as an introduction to the

work program of the ISG-QKD. These clauses shall be removed (or moved to other Group Specifications) in future

At the same time, the present document lacks clauses which are common to typical use cases Group Specifications. This

reflects the fact that QKD as technology on the whole is subject to ongoing scientific research and development. Yet,

these parts are properly identified and shall be supplied in future releases of the present document.

According to the implementation plan, the present document will be superseded with a new revision in November 2010.

• The introduction 1.2 'QKD versus Other Solutions': This clause provides an introduction to the technology

used in QKD, as well as a classification of QKD as cryptographic primitive. Moreover, the security which can

be achieved with QKD is discussed. This clause will later be moved to the Group Specification 'QKD;

Ontology, vocabulary, and terms of reference', which is currently under development in work item WI7 of the

• The overview 1.1 'QKD Evaluation Context': This overview, including the work item numbers in Figure 1,

is not exactly appropriate for a Group Specification. Yet, the additional information presented in this clause is

essential for understanding the overall context of the work towards a framework for security certification of

QKD systems, as it is performed by the ETSI ISG-QKD. Future releases of the present document will have

this clause removed (and moved to the Group Specification 'QKD; Ontology, vocabulary, and terms of

• The present document lacks the 'Definitions' as well as the 'Abbreviations' clause (clause 3). These clauses

were completely removed from the document as they are not necessary since all terminology has been

harmonized to the vocabulary in the "QKD: Ontology, Vocabulary, Terms of Reference" group

specification (GS), which is currently under development. These clauses are not crucial for the understanding

of the present document as particular attention was paid to explain technical terms and abbreviations whenever

• Although the ultimate goal of the 'QKD; Use Cases' Group Specification is to derive functional requirements

from the listed use cases, the 'Requirements' clause of clause 7 is completely left blank for the present first

issue of the GS. This is owed to the fact that the present document is the first effort towards a systematic

collection of use cases for QKD and will likely be strongly revised until its next release in November 2010.

• A scenario workshop with representatives from potential users, customers, system integrators, as well as

policy and decision makers shall be organized for June 22, 2010. One of the main goals of the scenario

workshop is to discuss and revise the six use cases presented in the present document. The use cases shall

subsequently be adapted according to the findings of the workshop and requirements derived for the

The Use Cases Document shall provide an overview of possible application scenarios in which Quantum Key

Distribution (QKD) systems ([i.1]) can be used as building blocks for high security Information and communication

QKD systems are commercially available today - there are a handful of small enterprises producing and selling QKD

systems. Even more QKD systems are being developed in research laboratories of big enterprises and at research

centers and universities. All these systems have in common, that they consist of two units, usually for 19" rack mount,

connected by a quantum channel of up to 100 km - either optical telecom fiber, or a free space channel through-the-air

between two telescopes. They use quantum physical properties of light to generate and simultaneously output identical

The output of a QKD system can serve as a shared secret in any computer security system from which cryptographic

The laws of quantum physics ensure that it is virtually impossible to eavesdrop on this key distribution process on the

quantum channel without the two stations immediately noticing it ([i.3] and [i.4]). More precisely, QKD systems never

output insecure key. The net effect of eavesdropping is a decrease, or eventually, a stop in the key output. The degree of

security of the keys is cryptographically denoted as "information-theoretical security". In broad terms this implies that

the key is almost perfectly random, while the state of knowledge of the eavesdropper is almost zero. The deviations of

these "ideal properties" are measurable and it is in the hand of the legitimate operators to make them arbitrarily small at

The actual implementations of the QKD devices vary strongly and belong to a number of broad technological

realization classes: discrete variable realizations, continuous variable realization, and distributed phase-reference

realizations (for a detailed technical description of QKD, see [i.2], [i.12] and the documents referenced therein).

However, the basic functionality of a QKD system as an information-theoretically secure key-distribution facility is

universal. All these implementations have an optical subsystem with components used for the preparation and

measurement of quantum information in photons of light, as well as complex computer systems for transforming

measured results into digital data. These implementations are, like any security system, subject to several side channels

through which information may eventually leak out of a secure boundary. Besides the showcase "use cases", the present

document presents the specifications and mechanisms for driving development towards a security certification of QKD

References are either specific (identified by date of publication and/or edition number or version number) or

non-specific. For specific references,only the cited version applies. For non-specific references, the latest version of the

Referenced documents which are not found to be publicly available in the expected location might be found at

NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee

The following referenced documents are necessary for the application of the present document.

The following referenced documents are not necessary for the application of the present document but they assist the

[i.1] "Quantum Cryptography: Public Key Distribution and Coin Tossing, Proceedings of IEEE

International Conference on Computers Systems and Signal Processing", Bangalore India, C.H.

NOTE: Online at http://www.research.ibm.com/people/b/bennetc/bennettc198469790513.pdf.

[i.2] "Quantum cryptography, Reviews of Modern Physics", Nicolas Gisin, Grégoire Ribordy,

[i.3] "The security of practical quantum key distribution", Valerio Scarani, Helle

Bechmann-Pasquinucci, Nicolas J. Cerf, Miloslav Dušek, Norbert Lütkenhaus, and Momtchil

[i.4] "Security of quantum key distribution with imperfect devices", D. Gottesman, H.-K. Lo, N.

[i.5] "White Paper on Quantum Key Distribution and Cryptography", Preprint arXiv:quant-ph/0701168,

Alléaume R, Bouda J, Branciard C, Debuisschert T, Dianati M, Gisin N, Godfrey M, Grangier Ph,

Länger T, Leverrier A, Lütkenhaus N, Painchault P, Peev M, Poppe A, Pornin Th, Rarity J, Renner

R, Ribordy G, Riguidel M, Salvail L, Shields A, Weinfurter H, Zeilinge, A, 2006 SECOQC.

[i.6] UQC Report: "Updating Quantum Cryptography", Quantum Physics (quant-ph); Cyptography and

Security. Donna Dodson, Mikio Fujiwara, Philippe Grangier, Masahito Hayashi, Kentaro Imafuku,

Ken-ichi Kitayama, Prem Kumar, Christian Kurtsiefer, Gaby Lenhart, Norbert Luetkenhaus,

Tsutomu Matsumoto, William J. Munro, Tsuyoshi Nishioka, Momtchil Peev, Masahide Sasaki,

Yutaka Sata, Atsushi Takada, Masahiro Takeoka, Kiyoshi Tamaki, Hidema Tanaka, Yasuhiro

Tokura, Akihisa Tomita, Morio Toyoshima, Rodney van Meter, Atsuhiro Yamagishi, Yoshihisa

[i.10] "Handbook of Applied Cryptography", (Boca Raton: CRC Press) Menezes A J, van Oorschot P C

[i.12] "Quantum Cryptography Progress in Optics 49", Dusek, M, Lütkenhaus N and Hendrych M 2006,

[i.13] "Principled Assuredly Trustworthy Composable Architectures Computer Science Laboratory",

[i.14] "The Case for Quantum Key Distribution Preprint arXiv:0902.2839v1 [quant-ph]", Stebila D,

[i.15] "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems Communications of

[i.16] "Communication theory of secrecy systems Bell Systems technical Journal", 28 656-715 Shannon

[i.17] "New directions in cryptography IEEE Transactions on Information Theory", 22 644-54, Diffie W

[i.18] "How to Break MD5 and Other Hash Functions Proc. EUROCRYPT 2005, Lecture Notes in

[i.19] "Finding Collisions in the Full SHA-1 Lecture Notes in Computer Sciences", 3621 17-36, Wang