Ad-hoc hybrid-heterogeneous metropolitan-range quantum key distribution network

TL;DR

The paper tackles the challenge of rapidly deploying secure quantum communication across metropolitan-scale networks by integrating heterogeneous fiber and free-space channels with both trusted and untrusted nodes. It introduces a three-layer, crypto-agile architecture featuring quantum-secure gateways and a global key-management system, enabling key relays and inter-domain interoperability for diverse QKD protocols. Through a Jena testbed, it demonstrates practical ad-hoc deployments of DV-QKD, BBM92, HD-QKD, and CV-QKD across direct fiber, free-space, and fixed wireless fiber links, including a trusted-node demonstration and a quantum-secure link to a cloud service. The work shows that portable FSO terminals and modular QKD subsystems can form flexible metropolitan networks that deliver quantum-secure keys to real-world applications, with implications for disaster response and cloud security.

Abstract

This paper presents the development and implementation of a versatile ad-hoc metropolitan-range Quantum Key Distribution (QKD) network. The approach presented integrates various types of physical channels and QKD protocols, and a mix of trusted and untrusted nodes. Unlike conventional QKD networks that predominantly depend on either fiber-based or free-space optical (FSO) links, the testbed presented amalgamates FSO and fiber-based links, thereby overcoming some inherent limitations. Various network deployment strategies have been considered, including permanent infrastructure and provisional ad-hoc links to eradicate coverage gaps. Furthermore, the ability to rapidly establish a network using portable FSO terminals and to investigate diverse link topologies is demonstrated. The study also showcases the successful establishment of a quantum-secured link to a cloud server.

Figures (15)

• Figure 1: System architecture underlying the following experiments. Red background: Trusted node; Dashed lines: Path of cryptographic keys; Solid lines: Authenticated communication (black), quantum channel (red), quantum-secure communication (green); LAN: Local area network; Q-GW: Quantum gateway; KMS: Key management system; GKMS: Global KMS; $\mathrm{KMS}_\mathrm{PQC}$: KMS for keys produced by post-quantum cryptography algorithms; $\mathrm{KMS}_\mathrm{QKD}$: KMS for QKD keys; $\mathrm{KXX}_\mathrm{TN}$: Trusted node key relay; QKD$_i$: Quantum key distribution node $i$.
• Figure 2: Left: Transportable FSO terminal 1 (TFT-1) mounted on a motorized telescope tripod. Right: QuBUS with periscope assembly on its roof (cf. Sec. \ref{['sec:subsystems:fso-terminals:QuBUS']}).
• Figure 3: Left: Design of the transportable FSO terminal 2 (TFT-2). Right: Architecture of the pointing, acquisition ant tracking (PAT) system for TFT-2. The PAT system consists of multiple control loops running in parallel. The coarse pointing assembly (CPA) driver features an internal servo control for disturbance rejection. The position-sensitive device (PSD) is used to close the optical loop for the coarse alignment of the CPA to the fine-pointing assembly (FPA) during acquisition and for the fine pointing loop during the tracking phase. An additional integral controller offloads the low-passed FPA angles to the CPA, whenever a predefined threshold is exceeded. NFOV: Narrow field of view; GUI: Graphical user interface.
• Figure 4: System design of the 1-decoy time-bin BB84 QKD system from Fraunhofer HHI (BB84-QKD). ATT: Fix attenuator; BPF: Band-pass filter; BS: Beam splitter; DFB: Distributed-feedback laser; DLI: Delay-line interferometer; FPGA: Field-programmable gate array; IM: Intensity modulator; ISO: Isolator; KMS: Key-management system; PIN: Photodiode; PM: Phase modulator; QRNG: Quantum random number generator; Rb Clock: Rubidium atomic clock without GPS link; SPAD: Single-photon avalanche diode; TDC: Time-to-digital converter; VOA: Variable optical attenuator.
• Figure 5: Entanglement-based QKD. (a) The entangled photon pair source (EPS) consists of a ppLN waveguide that is pumped bidirectionally in a Sagnac loop with a 775 nm continuous-wave laser. Two entangled photons are generated at a center wavelength of 1550 nm via type-0 spontaneous parametric down-conversion. (b) The EPS transmits the photons to the receiver Alice in the same building and receiver Bob in a neighboring building. (c) The polarization of the light is detected in a polarization analysis module. BS: beam splitter; HWP: half-wave plate; PBS: polarizing beam splitter; SNSPD: superconducting nanowire single photon detector.