Arquitecturas y técnicas resistentes basadas en cuántica. Integración QKD+PQC

The QURSA project addresses the design and proof of concept of an architecture and algorithms for quantum key distribution (QKD) over complex networks, and their integration with the classical Internet core and distribution infrastructures by means of an improved post-processing layer. For achieving an effective, seamless integration and maximize the adoption of quantum-based physical security across a diverse range of domains, we also propose to develop a novel bridge QKD endpoints, i.e., a set of physical equipment, part of the QKD network themselves, but located near the network edge to which end-users (individuals or firms) can bring their own devices to download and take away secure uncorrelated keys generated and distributed through the QKD network. As a complement, we propose the use of truly random quantum-generated keys as sources for the first general implementation of post-quantum cryptographic (PQC) signing and encryption algorithms. These PQ techniques are presently at the final stages of the standardization started by NIST in 2016, and the resulting PQC primitives will thus be embedded into the universal Internet carrier and signaling protocols (e.g., TLS/DTLS, HTTP, DNSSEC) guaranteeing security for network applications and their pervasive traffic. With this approach, the reach of quantum-safe security is stretched out to the bulk of Internet traffic by means of an evolutionary roadmap.

QURSA will adopt the well-known design principles of software-defined networking (SDN) for separation of the control, data and management planes of the QKD network, as the emerging technical standards in this field issued by ETSI and IETF-ITU advocate. The proposed proof of concept to bind together and test all the technical challenges in the project will be a pilot for demonstrating and testing the hybridization of quantumbased and quantum-safe communications on a managed open network, since in addition to the benefits of making QKD usable as a service, it showcases most of the features that will be faced in this research agenda: the creation and management of ultra-secure channels, the engineering of the composite quantum-classical network, an instantiation of quantum-safe Internet protocols, and a flexible distributed management system based on SDN principles. In addition to our equipment and background, we have engaged CESGA, CCN and INCIBE for supporting us in building and testing a feasible pilot.

Publicaciones
Revistas JCR
GiCSI Effects of experimental impairments on the security of continuous-variable quantum key distribution
Andres Ruiz-Chamorro, Daniel Cano, Aida Garcia-Callejo, Veronica Fernandez
Heliyon, Volume 9, Issue 6, 2023, e16670
https://doi.org/10.1016/j.heliyon.2023.e16670
Congresos y reuniones, conferencias
2024
GiCSI Futuros Estándares de la Criptografía Postcuántica
Presentación oral

Luis Hernández Encinas

Congreso Bienal de la Real Sociedad Matemática Española

Del 22 al 26 de enero de 2024, Pamplona, España.

2023
GiCSI Acerca del nuevo estándar de criptografía ligera, ASCON
Conferencia invitada

L. Hernández Encinas y V. Sarasa Laborda

XVII Jornadas de Seguridad TIC del CCN-CERT, Centro Criptológico Nacional, Centro Nacional de Inteligencia

Del 28 al 30 de noviembre de 2023, Madrid, España.

2022
GiCSI Pre-Quantum, Quantum and Post-Quantum Cryptography
Conferencia plenaria

Luis Hernández Encinas

IV National CyberLeague, Guardia Civil

16 de noviembre de 2022, Aranjuez (Madrid), España.

GiCSI La ciberseguridad como mecanismo para la protección de la información
Conferencia invitada

Luis Hernández Encinas

4º Simposio Internacional de Ingenierías, Universidad Vasco de Quiroga

Octubre de 2022, Morelia (México)