QUantum-based ReSistant Architectures and Techniques

The QURSA project addresses the design and proof of concept of an architecture and algorithms for quantum key distribution (QKD) over complex networks, and their integration with the classical Internet core and distribution infrastructures by means of an improved post-processing layer. For achieving an effective, seamless integration and maximize the adoption of quantum-based physical security across a diverse range of domains, we also propose to develop a novel bridge QKD endpoints, i.e., a set of physical equipment, part of the QKD network themselves, but located near the network edge to which end-users (individuals or firms) can bring their own devices to download and take away secure uncorrelated keys generated and distributed through the QKD network. As a complement, we propose the use of truly random quantum-generated keys as sources for the first general implementation of post-quantum cryptographic (PQC) signing and encryption algorithms. These PQ techniques are presently at the final stages of the standardization started by NIST in 2016, and the resulting PQC primitives will thus be embedded into the universal Internet carrier and signaling protocols (e.g., TLS/DTLS, HTTP, DNSSEC) guaranteeing security for network applications and their pervasive traffic. With this approach, the reach of quantum-safe security is stretched out to the bulk of Internet traffic by means of an evolutionary roadmap.

QURSA will adopt the well-known design principles of software-defined networking (SDN) for separation of the control, data and management planes of the QKD network, as the emerging technical standards in this field issued by ETSI and IETF-ITU advocate. The proposed proof of concept to bind together and test all the technical challenges in the project will be a pilot for demonstrating and testing the hybridization of quantum-based and quantum-safe communications on a managed open network, since in addition to the benefits of making QKD usable as a service, it showcases most of the features that will be faced in this research agenda: the creation and management of ultra-secure channels, the engineering of the composite quantum-classical network, an instantiation of quantum-safe Internet protocols, and a flexible distributed management system based on SDN principles. In addition to our equipment and background, we have engaged CESGA, CCN and INCIBE for supporting us in building and testing a feasible pilot.