Q&A

General

  1. What is NQCIS? 

NQCIS is the National Quantum Communication Infrastructure in Sweden. The goal of the project is to implement a national quantum communication network adapted to the geographic needs of Sweden. Eventually, the national network will be connected to networks in neighbouring countries, creating an interconnected quantum communication network across Europe. 

  1. Why is NQCIS needed? 

Cybersecurity is at risk due to the development of quantum computers, which can crack the cryptographic algorithms that currently safeguard digital communication. To ensure future secure communication, NQCIS will utilize quantum key distribution (QKD) systems adapted to Sweden’s geographical needs. QKD implementations are beneficial for the protection of sensitive data, especially for institutions which are interested in keeping information confidential for a long period of time. Examples of community sectors which may need an additional layer of security against potential quantum attacks are business, industry, secure critical infrastructure and research. 

  1. Who will be the users of the NQCIS network? 

NQCIS will first and foremost be used as an academic testbed for quantum communication, which will also allow companies to test the applicability of QKD for their needs. In the long term, the infrastructure may also be used by institutions whose sensitive data will become exposed to security threats in the quantum era. 

  1. Who funds NQCIS? 

The NQCIS project is funded by the European Union together with Vinnova and Wallenberg Centre for Quantum Technology (WACQT). 

  1. Who oversees NQCIS? 

NQCIS is a collaboration between universities (KTH, SU, LiU and Chalmers) and industry (Quantum Scopes, QuCertify and Ericsson), and is overseen by a consortium of representatives from all collaborating partners. 

  1. I want to contact you; how can I do that? 

You can contact us using this contact form (link) 

Cryptography 

  1. What is the difference between symmetric and asymmetric encryption? 

Symmetric encryption refers to the use of only one key to encrypt and decrypt information. An advantage of using symmetric keys is that they are less susceptible to the quantum threat and could be considered quantum safe. 

Asymmetric encryption (or public key encryption) corresponds to the use of a public key to encrypt information and a private key to decrypt it. Asymmetric encryption is very widely used, but it is also very sensitive to the quantum threat. It is estimated that a quantum computer could crack an asymmetric key in only minutes or hours, as opposed to decades or centuries as is now the case with classical computers.  

Quantum Key Distribution (QKD) 

  1. What is quantum key distribution (QKD)? 

QKD is a cryptographic scheme based on the laws of quantum mechanics, by which two parties share symmetric cryptographic keys. Its security is guaranteed by the fact that the keys are encoded into quantum states that cannot be copied. An eavesdropper listening in on the communication would alter the quantum mechanical properties of the states, allowing the two parties to immediately detect the disturbance caused by the eavesdropper’s measurement. QKD utilises an untrusted quantum channel and an authenticated classical channel for secure communication. 

  1. How is the security of the classical channel ensured in QKD protocols? 

The communication through the classical channel does not need to be encrypted. However, the two parties need to establish authenticated communication to prevent man-in-the-middle (MITM) attacks. 

  1. How is authentication achieved in the classical channel? 

QKD can be considered a key growing scheme which requires an initial authentication key. The initial authentication is achieved through standard classical authentication algorithms, which may require a pre-shared secret between sender and receiver. You can use either Wegman-Carter authentication, which is based on a symmetric key or asymmetric schemes like PQC. After the first round of QKD, a small portion of the produced key can be used to authenticate the next round. 

  1. Do you need a new pre-shared key every time the system is rebooted? 

You only need the pre-shared key once. Once the initial key is used to authenticate the channel, part of the subsequently generated QKD key can be used as the shared secret for the next QKD communication. If the system is rebooted, but the communication is still between the same two parties, the shared secret that was obtained in the last round of QKD communication before the system was switched off can be used. 

  1. What is DV-QKD and CV-QKD? 

DV-QKD refers to discrete-variable QKD, where the encoding is achieved using a discrete-variable parameter, such as polarization, of weak single photon signals. The decoding of the photon states is done with single-photon detectors. DV-QKD is a mature technology which is commercially available from several companies. 

CV-QKD, or continuous-variable QKD, is implemented by encoding the information in the continuous-variable quadratures of the light’s electromagnetic fields. The information is then decoded with coherent homodyne or heterodyne detection, which allows for continuous read-out of the quadrature values. This technology is in the industrialization phase and therefore less mature, but it is developing rapidly. Individual hardware components, derived from optical communications, are mature. 

  1. What is free-space QKD? 

In free-space QKD, the quantum transmission channel is free-space, as opposed to optical fibers. As such, secret keys are transmitted between nodes on Earth and a satellite in space. A benefit of free-space QKD is that once a key has been successfully exchanged, it cannot be broken. However, a drawback would be that the line of sight may easily be blocked. 

  1. What wavelengths should be used for free-space quantum channels? 

There are three factors which should be considered when choosing the wavelength for free-space quantum channels. First, are there absorption windows in the atmosphere at the wavelength? Second, does a suitable detector exist? Finally, what is the level of background radiation? Current free-space QKD systems operate at 800nm or 1550nm, which both give reasonably good performance bearing in mind the three factors. 

Post-quantum cryptography (PQC) 

  1. What is post-quantum cryptography (PQC)? 

PQC refers to a family of asymmetric cryptographic algorithms which are computationally difficult to solve, even with a quantum computer. By offering protection against all currently known quantum attacks, they are considered quantum safe. Moreover, PQC algorithms run on classical computers and the field is fairly mature. 

  1. How does PQC compare to QKD? 

PQC represents the continued progression of modern cryptography, in which a new algorithm is designed in response to a specific attack. Therefore, it only offers protection against currently known attacks and there is still a risk that a new algorithm which can solve the mathematically difficult problem that PQC is based on will be invented. 

QKD, on the other hand, is based on the laws of quantum mechanics and in theory represents an unconditionally secure scheme.  

QKD and PQC are complementary solutions which can be used effectively together in a hybrid solution. 

  1. How can QKD and PQC be used in a hybrid solution? 

QKD and PQC can be used in different parts of the same network, depending on the security requirements of each link. Alternatively, their capabilities can be applied together to provide in-depth-defence, where for instance PQC could be used for authentication and QKD could be used for key generation and distribution. 

Technical implementation and future development 

  1. Does the quantum channel need polarization-maintaining fibres instead of existing fibres to avoid polarization drift?  

No, polarization-maintaining fibres cannot be used for polarization encoding. These fibres only preserve the polarization in one basis (for instance H/V) but scramble the polarization in other bases (for instance D/A). However, you need two basis sets for QKD communication. Using existing fibres, polarization drift is instead compensated at the receiver. Since the drift is typically slow, you would start the protocol with a calibration round and then compensate for the drift between key transmission rounds. 

  1. Can QKD be implemented in existing telecom networks? 

Yes, the NQCIS project will implement QKD into existing telecom networks. QKD plug-ins will only be needed at the transmitter and receiver ends of the fibre links.   

  1. Does the NQCIS QKD network require quantum repeaters to make up for optical fibre losses? 

Although quantum repeaters allow you to overcome optical fibre losses by transporting entangled quantum states over a distance without physically transmitting them, they are not essential for implementing a QKD network. The NQCIS network will instead use trusted nodes, which are authenticated and protected nodes along the communication link. This allows the signals to be received and re-transmitted to the final destination. As part of the project, the NQCIS team will also explore how to boost the transmission with new QKD protocols. 

  1. Is it possible to find commercially available components, such as detectors, at the telecommunication wavelength (1550nm)?  

For the transmitter module of a QKD system, off-the-shelf telecom technology at 1550nm can be used. However, single photon detector technology is more mature for visible wavelengths. At 1550nm, one can use avalanche photodiodes (APDs) with low efficiency and high dark count rates or superconducting nanowire single photon detectors (SNSPDs) which are bulky and currently expensive. 

  1. In what cases will DV-QKD and CV-QKD be used in NQCIS? 

DV-QKD is well suited for long-distance networks, for instance across Sweden and extending to Denmark and Finland. This method is less susceptible to losses, because the key is created from information contained in the received single photon signals. It is also worth noting that this technology is less suitable for integration with existing telecommunication networks since dedicated optical fibres are needed for the quantum channel. 

CV-QKD is suitable for short-distance metropolitan networks such as within Stockholm County, because it is more susceptible to optical fibre losses at long distances. The benefit of using CV-QKD short-range is that it allows for higher key rates and coherent detectors do not suffer from the dead time of single-photon detectors used in DV-QKD. 

So, DV-QKD and CV-QKD can be applied in different situations and will be used as complementary technologies for the NQCIS project. 

  1. Will NQCIS implement free-space QKD? 

Free-space QKD can be used to reach long-distance locations securely via satellites. The NQCIS project will prepare the network for satellite-based QKD, with the goal of bridging vast distances within Sweden and across borders to other EU nations. 

  1. Can squeezed light be used for QKD? 

Squeezed states of light are being investigated as a resource in CV-QKD, by means of a protocol which assumes no trusted devices. It is thereby possible to avoid side-channel attacks, such as trojan horse attacks, detector blinding attacks, measurement side-channel attacks and channel manipulation attacks, to name a few. In free-space channels such as the ones needed for satellite based QKD, squeezed states offer the advantage that they are less susceptible to the effects of turbulence and therefore could be a key resource for these schemes. 

A limitation is that this resource requires a squeezed light source, which is more complex than a standard weak-coherent-pulse source; squeezed states are fragile and challenging to generate. However, recent progress made in the use of waveguides could potentially mitigate this challenge. Squeezed state based QKD schemes, if considered from the commercial perspective, also require non standardized modulation schemes and therefore additional effort is needed in standardization of devices and protocols using squeezed states.