Interconnecting Regional QKD Networks: Hybrid Key Delivery Across Quantum Domains
This addresses the problem of scalable and cost-effective QKD internetworking for secure communication networks, though it is incremental as it builds on existing QKD and classical technologies.
The paper tackled the challenge of wide-area quantum key distribution (QKD) networking by designing and implementing a hybrid key delivery service that securely relays keys across isolated QKD domains using classical links and post-quantum cryptography, achieving deployment in a testbed with three regional subnetworks.
QKD technology is being increasingly adopted inside the network core for protecting information transport against any form of computational attacks. However, the use of QKD for wide-area internetworking is still challenging and costly, due to its strong trust assumptions and the low achievable key rates in long QKD links. This paper presents a standards-driven design and implementation of a unified hybrid key delivery service for a network of isolated QKD domains (subnetworks using QKD as provider technology for secret key generation) connected via classical WAN links. The framework follows a distributed architecture and uses a hybrid approach where keys generated in a domain are securely relayed to other domains with PQC (Kyber), dynamically routed, and managed at the system level. The solution has been implemented in an operational testbed comprising three regional subnetworks. We present the design principles, the deployment, and the experimental performance results for this scalable key delivery service.