End-to-end QKD network with non-localized trust

TL;DR

This work tackles the challenge of delivering end-to-end quantum-secure communication over networks without relying on quantum repeaters or trusted nodes. It proposes a hybrid protocol that stacks multiple Twin-Field QKD sessions across intermediary nodes and employs classical postprocessing to establish end-to-end keys between Alice and Bob. A key contribution is the introduction of additional intermediary keys via point-to-point QKD to defeat eavesdropping in ring topologies, with a formal generalization to $m$ intermediaries and rate-distance analyses showing improved reach and key rate, e.g., extending the effective distance beyond $L$ to $3L$ in the base case and scaling with the number of paths. The framework provides a practical, hardware-light path toward end-to-end QKD that outperforms traditional trusted-node schemes in security while remaining implementable with current technology, and it identifies trade-offs between security, topology, and collaboration among network nodes. The approach yields a modular, multi-path, end-to-end QKD architecture with quantified resilience against colluding intermediaries and scalable rate-distance performance, offering a promising direction for large-scale quantum-secure networks.

Abstract

Quantum Key Distribution (QKD) systems are infamously known for their high demand on hardware, their extremely low key generation rates and their lack of security resulting from a need for trusted nodes which is implied by the absence of quantum repeaters. While they theoretically offer unlimited security, they are therefore practically limited in several regards. In this work we focus on the lack of options to guarantee an end-to-end security service with the currently available technology and infrastructure and propose a novel protocol. We find that one of the stumbling stones on the path towards an end-to-end security service guaranteed by quantum key distribution may be removed by using this protocol. Our proposal combines several parallel instances of twinfield QKD followed by classical postprocessing and communication to allow Alice and Bob to share a secret key. This hybrid approach improves the key rate and range w.r.t. to previous QKD approaches at a contained cost in security. We show that a coalition of intermediary nodes between Alice and Bob is needed to break the new scheme, sharply outperforming the trusted node approach in terms of security. Furthermore, the protocols do not require complex quantum measurements on Alice and Bob's sides, thus being truly end-to-end.

Figures (8)

• Figure 1: Schematic of TF-QKD protocol. QRNG: Quantum random number generator; BS: Beam-splitter; VOA: Variable optical attenuator. Alice and Bob's setup uses the intensity modulator to randomly generate signal and decoy states, then modulated by the phase modulator, which encodes the bit information, basis selection, and a randomized phase. QRNG drives these modulators to have true randomness. VOA reduces the power of the optical field to the desired level before launching into the quantum channel. Charlie performs the measurement using a beamsplitter and single photon detectors. The phase modulator in Charlie's setup compensates for the phase instability.
• Figure 2: Ring network for end-to-end quantum-classical key distribution. Blue labels represent the exchanged intermediate keys, and black labels over arrows represent classical messages.
• Figure 3: Rate-vs-distance comparison between our protocols and existing QKD alternatives
• Figure 4: End-to-end QKD with $m$ intermediaries
• Figure 5: Multipath generalization with three disjoint paths. Each path allows Alice and Bob to exchange a secret bitstring, namely $X_1,X_2$ and $X_3$. By XORing them they obtain the final key.