QuKayDee Tutorial
Components of a QKD network
The following figure shows the components of a Quantum Key Distribution (QKD) network:
QKD Entities (QKDEs)
The QKD Entities (QKDEs) are the devices that actually produce the keys by running QKD protocols such as BB84 or BBM92.
These QKD devices are offered by companies such as Toshiba, ID Quantique, Q*Bird, and others.
QuKayDee does not simulate the low-level details of QKD entities or QKD protocols; this is why the QKD entities are shown as dashed boxes in the figure above.
Key Management Entities (KMEs)
The Key Management Entities (KMEs), also known as quantum Key Management Systems (KMSs), are responsible for:
- Retrieving the produced keys from the QKD entities.
- Securely storing the keys.
- Applying key management policies, e.g. how long keys are allowed to be stored before expiring.
- Delivering keys to authorized Secure Application Entities (SAEs).
The key management entities are typically offered by the same companies that offer the QKD Entitites. They are often integrated into the same physical devices as the QKD entities, although some companies implement them as a separate devices.
Secure Application Entities (SAEs)
The Secure Application Entities (SAEs) are the devices the consume the keys that are produced by the QKD entities and that are stored in the key management entities.
The secure application entities are typically classical encryptor devices such as:
- Layer 1 optical transport encryptors (example).
- Layer 2 MACsec encryptors (example).
- Layer 3 IPsec encryptors (example).
- Layer 4 TLS encryptors (example).
The secure application entities periodically rollover their encryption keys. At each rollover, they retrieve a fresh encryption key from the key management entity using the key delivery API (described below).
Key Streams (KSs)
A Key Streams (KSs) is key delivery session that produces a stream of keys and delivers it to a specific set of secure application entities.
Key streams may be point-to-point or multicast:
- Point-to-point key streams deliver keys to exactly two secure application entities.
- Multicast key streams deliver keys to three or more secure application entities. Not all key management entities support multicast key streams.
Key Delivery API
The Key Delivery API is the interface between the key management system and the secure application entity which is used for delivering keys.
QuKayDee currently only supports one standard key delivery API, namely ETSI GS QKD 014 V1.1.1 (2019-02): Quantum Key Distribution (QKD); Protocol and data format of REST-based key delivery API