Obfuscated Quantum and Post-Quantum Cryptography

TL;DR

This work tackles quantum-era threats to classical cryptography by integrating quantum key distribution (QKD) with post-quantum cryptography (PQC) in a single, obfuscated workflow. It implements an entanglement-based BBM92 QKD system with GPS-free time synchronization and couples it to PQC primitives through an information-theoretic obfuscation of the operation sequence, controlled by a pre-shared key. The authors demonstrate real-time operation with modest overhead and quantify security benefits against practical attacks, including side-channel and implementation flaws, while showing the approach scales to field deployments. The results indicate that the combined QKD-PQC with obfuscation can offer enhanced security for near-term quantum networks and may reduce hardware and timing overhead via GPS-free synchronization. The work also identifies open theoretical questions about formal PQC security in multi-primitives and suggests directions for extending obfuscation to broader configurations.

Abstract

In this work, we present an experimental deployment of a new design for combined quantum key distribution (QKD) and post-quantum cryptography (PQC). Novel to our system is the dynamic obfuscation of the QKD-PQC sequence of operations, the number of operations, and parameters related to the operations; coupled to the integration of a GPS-free quantum synchronization protocol within the QKD process. We compare the performance and overhead of our QKD-PQC system relative to a standard QKD system with one-time pad encryption, demonstrating that our design can operate in real time with little additional overhead caused by the new security features. Since our system can offer additional defensive strategies against a wide spectrum of practical attacks that undermine deployed QKD, PQC, and certain combinations of these two primitives, we suggest that our design represents one of the most secure communication systems currently available. Given the dynamic nature of its obfuscation attributes, our new system can also be adapted in the field to defeat yet-to-be-discovered practical attacks.

Figures (6)

• Figure 1: The experimental setup and the combined QKD-PQC encryption–decryption module. This includes the optical setup with single photon detectors D1 through D4 at Alice detecting the horizontal ($H$), vertical ($V$), diagonal ($D$), or anti-diagonal ($A$) basis states, respectively (D5 through D8 similarly for Bob); and the post-processing unit, followed by quantum synchronization embedded within the QKD process. A software-implemented obfuscation function is used to determine a secret mode of system operations and settings, provided as an instruction sequence (IS), which is encrypted to form $\pi$ (an encrypted message (or identifier) sent from Bob to Alice so that the IS is known only to them). An example IS could be the type and order of the encryption-decryption protocols. Critical to the experiment is the pre-shared key (PSK), assumed to be known only to the data sender (Bob) and data receiver (Alice) and a priori shared between them. Part of the PSK is required for QKD, part for our obfuscation function, and part for AES. The EPS is external to both Alice and Bob. The bottom centered box (pink) illustrates the internal operations carried out within the obfuscation function module (bottom-blue box).
• Figure 2: A schematic of the logical flow between the PSK and the different elements of our architecture. The first portion of the PSK is used for QKD authentication. As per normal usage within QKD, when this is exhausted, the new grown QKD key is utilised for ongoing authentication. For AES, the PSK is only used to form a symmetric key. IT refers to information-theoretic security, and PQ refers to quantum-resistant security. $\pi$ denotes the encrypted identifier for an instruction sequence.
• Figure 3: The flowchart describes one cycle of a proposed QKD-PQC system. In the figure, it is assumed that Bob intends to communicate a data message ($M$) to Alice. The term $k^{psk}_\pi(1:\hat{N}_{obs})$ is used to represent that the next $\hat{N}_{obs}$ number of unused bits are taken from PSK. Similarly, the term $k^{psk}_{\text{AES}}(N_{\text{AES}}+1:2N_{\text{AES}})$ is used to represent that the next $N_{\text{AES}}$ bits are used for all data encryption-decryption, where the IS contains AES (the first $N_{\text{AES}}$ are used for encryption-decryption in QKD reconciliation). The output of $f_{\text{Map}}(\text{IS})$ is an identifier associated with the instruction sequence that is obtained from the mapping table. The output of Data Encryption obtained via algorithm 3 (the decryption is done with algorithm 4) is the ciphertext denoted by $C$.
• Figure 4: QBER and SKR as functions of timing error. Due to imperfect reconciliation, SKR drops to zero as QBER exceeds 0.1 (not 0.11). Here, the timing error is the standard deviation of the timing jitter in the photon detectors (Gaussian noise assumed). The coincidence window used to determine the counts is $1$ ns. Note, these key rates are upper limits due to the value of $N$ adopted. Approximately a factor of ten more collection time is required for the rates shown to be achievable.
• Figure 5: Coincidence counts as a function of a relative delay, $\Delta t$, added to Bob's time tag information. Counts are shown before (orange) and after (blue) application of the synchronization protocol. For each $\Delta t$, coincidences are counted only when Alice’s and Bob’s time tags match within a 0.5 ns window. The input information used here had a time offset of 10 ns and a timing drift of 1 ns per 250 ms applied. The points representing the information after applying our synchronization show a centered coincidence peak at $\Delta t = 0$, indicating the time offset and drift have been successfully removed. The data shown is accumulated over 4.5 s.