Jan Krause

In this work, we address the challenge of dynamically rerouting quantum key distribution (QKD) links during live operation without the need for a system restart. Our novel resynchronization method, combined with a qubit-based clock frequency recovery algorithm, enables seamless rerouting of quantum channels in software-defined networks (SDNs). We validate our method with our 625 MHz real-time BB84 QKD system, using free-running cost-effective quartz oscillators and without an optical clock channel. The effectiveness of our method is demonstrated by the reliable system operation covering fiber length changes exceeding 100 km and sustaining channel interruptions of multiple minutes. We believe that our findings will significantly enhance the utility of QKD systems and simplify their flexible integration into existing and future telecom infrastructures, including optically switched SDNs.

In recent years, quantum key distribution (QKD) has transitioned from a purely academic field to a commercially available cryptographic solution, supported by mathematically formulated security proofs. However, due to the fragmented nature of the literature, obtaining a comprehensive understanding of these proofs and their limitations remains a considerable challenge. Our work addresses this by providing a rigorous finite-size security proof for the 1-decoy and 2-decoy BB84 protocols against coherent attacks, based on Renner's entropic uncertainty relation (EUR) framework. We resolve key technical issues in previous analyses, including the treatment of fixed-length protocols and acceptance testing. Special attention is given to the 1-decoy protocol, where statistics are computed after error correction, leading to important subtleties when applying the entropic uncertainty relation. By unifying and refining results from the literature, our work contributes to a more robust and accessible understanding of QKD security.

We present iQSync, a novel clock offset recovery method for quantum key distribution. Our method is specifically tailored towards low-level hardware implementations, e.g. on FPGAs or microcontrollers, and requires only very little RAM and basic CPU instructions, like additions and bit-shifts. No floating-point operations, as is the case for FFT-based approaches, are needed. Offset revovery with iQSync typically only requires a few thousand iterations over a simple loop and evaluates with sublinear average-case computational complexity, improving on previous results with super-linear complexity. We implemented our method on our real-time QKD platform and demonstrate excellent agreement with theoretically derived success probabilities for channel attenuations exceeding 70 dB.

Quantum key distribution (QKD) is at the verge of becoming a commercially viable security solution, backed by mathematically formulated security proofs. In the last two decades, much effort has been devoted to closing the gap between the models and practical implementations in order to account for device imperfections and counter the resulting side-channel attacks. As a result, the topic of evaluating and certifying QKD systems against these attacks is increasingly coming to the forefront. This last step however presents its own challenges, currently hindering the widespread adoption of QKD. In this work, we lay at the intersection between theory and practice, focusing on the process of preparing an in-house QKD system for evaluation. We first present a consolidated and accessible security proof for the one-decoy and two-decoy state BB84 protocols, which serves as a baseline for our QKD system. Building on this security proof, we identify the critical side-channels by evaluating the risk of most of today's known attacks. We then tackle the most critical attacks by discussing existing countermeasures that can be implemented both in the QKD system and within the security proof, where applicable. In this process, we develop new methods to characterize and evaluate QKD systems, which can later be used in evaluation laboratories. Evaluating the security of QKD systems additionally involves performing attacks to potentially identify new loopholes. Thus, we also aim to perform the first real-time Trojan horse attack on a decoy state BB84 system, further highlighting the need for robust countermeasures. By providing a critical evaluation of our QKD system and incorporating robust countermeasures against side-channel attacks, our research contributes to advancing the practical implementation and evaluation of QKD as a trusted security solution.

We present experimental findings of a versatile quantum key distribution (QKD) system for diverse application scenarios such as long-distance, metropolitan, and last-mile/in-house links. This is enabled by the system’s dual-wavelength support, automatic initialization, stabilizing feedback loops, and modular design, which allows for usage of commercial detectors and encryptors.