Quditto: Emulating and Orchestrating Distributed QKD Network Deployments

TL;DR

Quditto tackles the difficulty of deploying large-scale QKD networks by delivering an automated, open-emulation platform that coherently combines high-fidelity quantum-channel modeling with a standards-compliant ETSI 014 API across distributed topologies. Its three-tier architecture—orchestrator, modeling engine, and nodes—supports real-time interactions, pluggable protocol implementations (e.g., BB84 with Eve and Extended BB84 Andres2), and detailed logging for performance analysis. Validation demonstrates automated deployment scalability, end-to-end key exchanges with adversarial and realistic channel conditions, and insights into link quality effects on time and key rate. This platform enables rapid prototyping, interoperability testing, and hardware-in-the-loop experimentation for interoperable QKD services in distributed environments.

Abstract

Quantum Key Distribution (QKD) offers information-theoretic security by leveraging quantum mechanics, yet the cost and complexity of dedicated hardware and fiber infrastructure have so far limited large-scale deployment and experimentation. In this paper, we introduce Quditto, an automated open-access emulation platform that combines high-fidelity quantum-channel modeling with a standardized key-delivery API, enabling users to interact with the emulated network exactly as they would with real QKD hardware. Quditto modular design supports pluggable protocol implementations, complex key management schemes and detailed channel models, including variable attenuation and decoherence. We validate Quditto by deploying networks of various sizes and demonstrate its flexibility through two proof-of-concept scenarios featuring eavesdropper attacks and heterogeneous channel conditions.

Figures (6)

• Figure 1: Outline of the general design of Quditto. The user composes a set of documents describing: 1) the desired QKDN, identifying its constituent nodes and the QKDN topology; 2) the parameters that define the behavior of each QKD link, such as distance, QKD protocol used for key exchange, or whether there is an eavesdropper; and 3) the set of equipment (standard PCs, single-board computers, virtual machines, or virtualization containers) that will be used to instantiate the QKD nodes. These documents are then passed to the Quditto orchestrator. This component automatically installs and configures all required software on the target equipment. It then launches the Quditto quantum-behavior modeling engine, which will be in charge of properly modeling the behavior of the QKD links, and instantiates lightweight Quditto nodes on the target set of devices.
• Figure 2: Flowchart of the instantiation of an emulated QKDN using Quditto.
• Figure 3: Detailed time of different actions performed byQuditto orchestrator. The distribution of 10 deployments with a 95% confidence interval is shown for each network. The total setup time is decomposed into five distinct stages performed by the orchestrator in sequence via Ansible: (1) the node installation is the time taken to install the node package on all virtual machines specified in the configuration file, (2) the modeling engine installation includes both the installation of NetSquid and the modeling engine package on the designated modeling engine machine, (3) the RabbitMQ configuration represents the time required to install and configure RabbitMQ to enable communication between the nodes and the modeling engine, (4) the node initialization is the time it takes to run the required scripts on all nodes, (5) the modeling engine initialization corresponds to the time it takes to run the modeling engine scripts.
• Figure 4: Madrid quantum communication infrastructure madq with the nodes that we emulated for validation highlighted in color. This topology is used as an illustrative example to demonstrate the platform’s operation. Note that in Validation B, Performance in a Partially Adversarial QKD Environment, the attenuations indicated in the figure were not taken into account, but we placed an eavesdropper on the link between Quijote and Aquiles. On the other hand, in Validation C, Performance in a Realistic QKD Environment, we removed the eavesdropper and included the attenuated fibers.
• Figure 5: Events diagram with Quditto nodes and modeling engine workflows.