Three-User active QKD network developed by ITL
NIST's Information Technology Laboratory (ITL) has demonstrated a three-node QKD network that allows multiple users to share a secure key. This QKD network operates on the 850 nm and 1550 nm wavelengths at 1.25 Gbps clock rate. The communication route is controlled by a MEMS optical switch.
Since security has become a critical issue for current data communication systems and networks, provably secure encryption techniques are needed. Quantum Key Distribution (QKD) is one approach that can provide unconditional security of communication and is based on the fundamental laws of physics rather than mathematical or algorithmic computational complexity. Since QKD was first proposed in 1984, several high-speed and long-distance point-to-point links have been demonstrated. However, speed and distance are not the only objectives of QKD systems. Integrating a QKD system into a network that supports security for a number of interconnected users is important for evaluating the practicality of deployment of such a system into commercial infrastructures.
The three-node QKD network, shown schematically in the figure, has two vertical-cavity surface-emitting lasers (VCSEL) generate 850-nm optical pulse trains at Alice, which are complementarily modulated by pseudo-random data generated by a custom high speed data handling circuit board in Alice's computer. The two pulse trains are attenuated down to a single photon level. Their polarization orientations are set at 45 and 90 degrees respectively and they are then combined into a single fiber, forming the quantum channel. The classical channel is generated by a WDM transceiver, which transmits a 1510-nm signal and receives a 1590-nm signal. The communication routine of the quantum channel and the classical channel are controlled by two MEMS optical switches independently. At each Bob, the arriving photons are randomly selected by a 50/50 coupler into different detection bases. After the polarization state is automatically recovered by polarization controllers, these photons are detected by silicon avalanche photodiodes (APDs). For the classical channel, another WDM transceiver receives the 1510-nm signal and transmits a 1590-nm signal.
The system can perform either the BB84 or B92 protocol. Though not as secure as the protocol BB84 and vulnerable to the "intercept-resend" attack, the B92 protocol is relatively simple to implement at a lower cost, and it is widely used in laboratory studies of the physical-layer of QKD systems. It should be noted, however, that the system can be converted to the BB84 protocol by adding additional APDs and faint laser sources. The system switching time in this network is approximately 1~2 minutes.
A practical QKD network needs a network management system that coordinates all nodes and operations, such as switching, synchronization and polarization recovery. For this project, a network manager was developed. The manager consists of a set of commands that request operations including link switching, polarization recovery, key sifting, error reconciliation, and privacy amplification functions etc. These commands are sent through the internet. With the network manager, the QKD network can automatically reconfigure the transmission links and implement multi-node quantum key distribution without any manual control and tuning.
A high-speed QKD network can provide a wide range of potential applications in Local Area Networks (LANs). One important application is a QKD secured video surveillance network. A video surveillance system secured by the three-node QKD network is demonstrated as shown in the figure below. The two Bobs at two different locations are each equipped with a monitoring video camera, while Alice is installed at the surveillance station. A network management PC/ (OR computer) controls the optical switches and the initial link connection. Once the secret quantum keys are generated between the two nodes, the video content from the monitoring camera at Bob is encrypted with the secret key bits and sent to Alice over an unsecured public network, which, in this experiment, is just the Internet. Alice can then decrypt the transmitted data and display the video. The speed of our system enables real-time one-time pad encryption and decryption of streaming video.
Xiao Tang, Lijun Ma, Alan Mink, Anastase Nakassis, Hai Xu, Barry Hershman, Joshua Bienfang, David Su, Ronald F. Boisvert, Charles Clark, and Carl Williams, "Demonstration of an Active Quantum Key Distribution Network," Proc. SPIE Vol. 6305, 630506 (August 2006)
Lijun Ma, Tiejun Chang, Alan Mink, Oliver Slattery, Barry Hershman, and Xiao Tang, "Experimental demonstration of an active quantum key distribution network with over Gbps clock synchronization", IEEE Communications Letters, Vol. 11, No. 12, P.1019, December 2007.