Topology-Hiding Connectivity-Assurance for QKD Inter-Networking
This work addresses security and privacy concerns for QKD network operators by enabling verifiable and privacy-preserving inter-network connectivity, though it is incremental as it extends existing cryptographic methods to this domain.
The paper tackles the problem of trusted repeaters creating vulnerabilities in quantum key distribution (QKD) networks by introducing a topology-hiding connectivity assurance protocol that allows network providers to prove secure connections between endpoints without revealing internal topology details, using zero-knowledge proofs to ensure soundness and topology hiding.
While QKD ensures information-theoretic security at the link level, real-world deployments depend on trusted repeaters, creating potential vulnerabilities. In this paper, we thus introduce a topology-hiding connectivity assurance protocol to enhance trust in quantum key distribution (QKD) network infrastructures. Our protocol allows network providers to jointly prove the existence of a secure connection between endpoints without revealing internal topology details. By extending graph-signature techniques to support multi-graphs and hidden endpoints, we enable zero-knowledge proofs of connectivity that ensure both soundness and topology hiding. We further discuss how our approach can certify, e.g., multiple disjoint paths, supporting multi-path QKD scenarios. This work bridges cryptographic assurance methods with the operational requirements of QKD networks, promoting verifiable and privacy-preserving inter-network connectivity.