IDQ leads standardization efforts at ETSI to accelerate the adoption of QKD technology
As a founding member of the ETSI Industry Specification Group for QKD, ID Quantique (IDQ) has been supporting the community effort to standardize QKD systems for more than 10 years. A crucial standard for QKD security evaluation is about to be finalized: a so-called Protection Profile with mandatory security requirements for the QKD link. This standard should be published later this year.
Prospective customers will only entrust their most valuable data to QKD systems when they have sufficient assurance that the systems are secure and compliant to their security policies. Security evaluation provides a way to give this assurance:
- A trusted, competent testing lab thoroughly tests and evaluates the QKD systems and networks
- An oversight certification body gives green light for qualified deployment and use.
Standardizing QKD Security
The paradigm for security evaluation is also based on a standard. The “Common Criteria for Information Technology Security Evaluation” (ISO/IEC/EN 15408, since 1996, recently upgraded to version 4.0) defines the procedures and necessary “ingredients”. One of the main goals of the ETSI Industry Specification Group-QKD is to develop and provide all these ingredients, which are standards.
This includes:
- characterization of the optical components used
- protocols and algorithms
- implementation security against particular attacks
- generic security requirements
Advancing QKD Standards: Challenges and Contributions
The new ETSI Common Criteria Protection Profile Group Specification QKD 016 defines such security requirements for a generic BB84 QKD link and is thus applicable for ID Quantique’s new Clavis XG QKD system. The Protection Profile itself is currently being evaluated by SGS in Graz, Austria and will be published in December 2023.
However, some mandatory ingredients for the evaluation are still missing. For example, a security proof for the QKD protocol, in the specific format required by the security certification. Several promising efforts to formalize a QKD protocol are currently ongoing, and together with its partner Nutshell Quantum-Safe, IDQ is actively contributing to these community efforts. Internally, IDQ is striving to cover all the manufacturer’s responsibilities for the evaluation process to have everything ready for the evaluation of its Clavis XG, once all the ingredients are available. This includes:
- the preparation of the extensive specifications and documentations
- the adaption of processes to required security levels
- the identification of necessary design modifications
Beyond security evaluation, IDQ together with Toshiba Europe (UK) is driving the update of two ETSI standard interfaces for the QKD network: ETSI Group Specifications QKD 014 and 020. The latter enables large QKD networks with multiple (vendor) domains. This is the kind of network IDQ is currently implementing in Korea.
Unifying QKD Standards Across Organisations
In addition to its participation in ETSI, IDQ assists its partners SK telecom (SKT) and SK Broadband to promote standards for QKD Networks, such as integrating QKD and post-quantum cryptography (PQC) within ITU-T’s Study Group 17. In a recent press release, SK Telecom announced it would be working to develop standards for the combined use of QKD and PQC at the ITU-T SG17 meeting in Seoul, Korea.
The extensive interest in QKD of main standard organizations is further demonstrated by the recent publication by the ISO (International Organization for Standardization) of its first standards for QKD security evaluation. The two-part ISO/IEC 23837 provides a common baseline set of Common Criteria security functional requirements (SFRs) of QKD modules, as well as related test and evaluation methods.
Today, these various standards developing organizations cover different aspects of QKD standardization and security. However, they also communicate and collaborate through liaisons. We expect that this will result in a common framework, which will be beneficial to the entire QKD community.
Learn more about the work ID Quantique is doing in the QKD space:
Quantum-Safe Security Solutions – ID Quantique
The future of Quantum Key Distribution
Case Study: IDQ & SK Broadband complete phase one of Korean QKD Network