Christoph Pacher

Sebastian Raubitzek, Werner Strasser, Sebastian Ramacher et al.

The European Union is developing the European Quantum Communication Infrastructure (EuroQCI) as a pan-European network to provide secure communication capabilities across Member States, including governmental and critical-infrastructure domains. While the strategic objective is defined at EU level, the required scale and structure of national quantum key distribution (QKD) networks remain largely unspecified. This work addresses the question of how to plan and size national terrestrial QKD networks to support critical infrastructure and public authorities. We propose a reproducible planning methodology that estimates network size, total fiber length, and the number of required QKD components based on a small set of explicit assumptions. The approach is demonstrated for Austria, where a synthetic but structured network model is constructed and evaluated using Monte Carlo simulation. The model focuses on terrestrial QKD infrastructure and explicitly excludes space-based segments. It estimates endpoint counts, trusted repeater node requirements, and hop-length distributions under realistic operational constraints. The Austrian case is then used as a baseline to derive scaling rules for other EU Member States based on population and geographic extent. The results provide first-order planning estimates for national QKD backbone sizes across Europe. These estimates are not intended as deployment designs but as planning-level references that support early-stage cost assessment and infrastructure dimensioning under the EuroQCI framework.

Christoph Pacher, Aysajan Abidin, Thomas Lorünser et al.

We demonstrate how adversaries with unbounded computing resources can break Quantum Key Distribution (QKD) protocols which employ a particular message authentication code suggested previously. This authentication code, featuring low key consumption, is not Information-Theoretically Secure (ITS) since for each message the eavesdropper has intercepted she is able to send a different message from a set of messages that she can calculate by finding collisions of a cryptographic hash function. However, when this authentication code was introduced it was shown to prevent straightforward Man-In-The-Middle (MITM) attacks against QKD protocols. In this paper, we prove that the set of messages that collide with any given message under this authentication code contains with high probability a message that has small Hamming distance to any other given message. Based on this fact we present extended MITM attacks against different versions of BB84 QKD protocols using the addressed authentication code; for three protocols we describe every single action taken by the adversary. For all protocols the adversary can obtain complete knowledge of the key, and for most protocols her success probability in doing so approaches unity. Since the attacks work against all authentication methods which allow to calculate colliding messages, the underlying building blocks of the presented attacks expose the potential pitfalls arising as a consequence of non-ITS authentication in QKD-postprocessing. We propose countermeasures, increasing the eavesdroppers demand for computational power, and also prove necessary and sufficient conditions for upgrading the discussed authentication code to the ITS level.