Patent Application
20240313949
The present application claims the benefit under of U.K. patent application No.: 2101310.7 entitled “QKD SWITCHING SYSTEM” and filed on 29 Jan. 2021, the disclosure of which is incorporated herein by reference in its entirety.
The present application relates to a system, apparatus and method for key exchange chaining between two or more devices connected together via one or more other devices.
Quantum key distribution (QKD) protocols are secure communication methods that implements a cryptographic protocol involving components of quantum mechanics of quantum channels for distributing cryptographic keys to parties. It enables at least two parties to produce a shared random secret key, cryptographic key or shared key/final shared key known only to them. The final shared key may be used for, without limitation, for example cryptographic operations by said at least two parties and/or secure communications between said parties using the final shared key to encrypt and decrypt said communication sessions/channel and/or messages therebetween.
In a quantum network, the endpoints communicate with each other using end-to-end quantum cryptography. This creates an unconditionally secure encrypted channel between two endpoints that ensures perfect secrecy and is resistant to attack by quantum computers. Efforts have been underway for many years to realise a large-scale quantum network. These take may take several forms including, without limitation, for example: 1) Terrestrial fibre networks, where the limit for point-to-point connections is around 100 km due to optical losses in the optical fibre for each quantum channel. Existing terrestrial networks use intermediate repeater nodes, or intermediary devices, to extend this distance but at the cost that the intermediate nodes (or intermediary devices) have to be trusted with knowledge about the final key; 2) Satellite networks, which operate at global scale but suffer from the same issue that the satellite needs to be trusted with information about the final shared key. Lower bitrates and physical availability also means that satellites are impractical for connecting large numbers of endpoints. These quantum networks so far number only a handful of endpoints, but typical classical networks consist of many thousands (if not millions) of endpoints. These networks often use a hub- and spoke topology, where a smaller number of regional hubs connect to larger number of endpoints. For quantum networks to become practical they need to flexibly support a hub-and-spoke topology at global scale, but without the downside of intermediate trusted nodes/devices.
There is a desire for a more improved and/or flexible key exchange methodology for securely sharing a final shared key between endpoint devices via one or more intermediary devices (or nodes) using any one or more key exchange protocols for securing the communication links between intermediary nodes/devices and endpoints, whilst delivering a certain level of trust (e.g. from fully trusted to trustless/untrusted) depending on the capabilities of the one or more intermediary devices/nodes/endpoint devices. There is also a desire for a key exchange methodology requiring a reduced level of trust (e.g. untrusted) in relation to the intermediate nodes/devices.
The embodiments described below are not limited to implementations which solve any or all of the disadvantages of the known approaches described above.
This Summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to determine the scope of the claimed subject matter; variants and alternative features which facilitate the working of the invention and/or serve to achieve a substantially similar technical effect should be considered as falling into the scope of the invention disclosed herein.
The present disclosure provides method(s), apparatus and system(s) of key exchange chaining between a first device and a second device via one or more intermediary devices or a plurality of intermediary devices. The first device exchanges intermediate key information, such as, without limitation, for example a shared key, or an intermediate set of symbols and the like, with a first intermediary device that the first device is connected to over a first communication link, where the exchange of intermediate key information is based on a first key exchange protocol. The intermediary devices that connect the first device to the second device also exchange shared keys between themselves using one or more key exchange protocols depending on their capabilities or the level of trust. The first intermediary device securely sends the intermediate key information to the second device, where the shared keys of the intermediary devices are used to secure the intermediate key information transmission to the second device, where the second device retrieves the intermediate key information and performs a shared final key exchange with the first device based on the first key exchange protocol and the intermediate key information.
In a first aspect, the present disclosure provides a computer-implemented method of key exchange between a first endpoint device and a second endpoint device communicatively coupled over communication links via one or more intermediary devices, wherein the first endpoint device is coupled by a first communication link to a first of the one or more intermediary devices, and the second endpoint device and the one or more intermediary devices form a group of devices, wherein each of the one or more intermediary devices is communicatively coupled to at least one other of the one or more intermediary devices via at least one of the communication links and the second endpoint device is coupled to a last of the one or more intermediary devices in the group via a second communication link, the method comprising: exchanging intermediate key information between the first intermediary device and the first endpoint device based on a first key exchange protocol; and securely sending data representative of the exchanged intermediate key information from the first intermediary device to the second endpoint device via the intermediary device(s), the secure communications over the communication links of the group of devices based on shared keys exchanged using one or more key exchange protocols over the communication links of the group of devices; wherein the first and second endpoint devices use a further communication channel therebetween for processing and transforming said intermediate key information into the final shared key.
As an option, the computer-implemented method according to the first aspect, wherein there are N intermediary devices, N>0, and the first endpoint device, the N intermediary devices and the second endpoint device form a chain, line network or linear array topology with the first endpoint device being communicatively coupled to the second endpoint device via said N intermediary devices, wherein the first endpoint device is connected via a first communication link to the first of the N intermediary devices in the chain, and the second device is connected via a second communication link to an N-th intermediary device in the chain, each of the N intermediary devices coupled to an adjacent intermediary device via a further communication link.
As another option, the computer-implemented method according to the first aspect, wherein the first key exchange protocol is configured for detecting eavesdroppers during the exchange of the final shared key.
As a further option, the computer-implemented method according to the first aspect, wherein the shared keys for a device are shared keys between said device and any adjacent or neighboring device connected to said device by one of the communication links.
Optionally, the computer-implemented method according to the first aspect, wherein said each shared key is used for securing the communication of the intermediate key information from one device to next.
As an option, the computer-implemented method according to the first aspect, wherein each intermediary device sends its shared key to the second endpoint device, and only encrypts any incoming communications associated with the intermediate key information with its shared key before forwarding towards the second endpoint device via its nearest neighbour device, wherein the second endpoint device uses the shared keys to decrypt the encrypted intermediate key information.
As an option, the computer-implemented method according to the first aspect, wherein each intermediary device sends its shared key to the second endpoint device, and passes through any incoming communications associated with the intermediate key information via its nearest neighbour device, wherein the second endpoint device uses the shared keys to decrypt the encrypted intermediate key information.
As another option, the computer-implemented method according to the first aspect, wherein each intermediary device cryptographically combines a pair of shared keys exchanged with its nearest neighbour devices, and sends the combined pair of shared keys to the second endpoint device, and the first device cryptographically combining the intermediate key information with a shared key exchanged with an adjacent intermediary device prior to securely communicating the cryptographically combined intermediate key information to the second device, wherein the second endpoint device uses the received cryptographically combined shared keys to decrypt the encrypted or cryptographically combined intermediate key information.
As a further option, the computer-implemented method according to the first aspect, wherein cryptographically combining a pair of shared keys comprises performing a one time pad or exclusive OR operation on the pair of shared keys, and cryptographically combining the intermediate key information with a shared key comprises performing a one time pad or exclusive OR operation on the intermediate key information and the shared key.
As an option, the computer-implemented method according to the first aspect, wherein each intermediary device has exchanged a shared key with its nearest neighbour devices using a key exchange protocol, said each intermediary device apart from the first intermediary device having a first and second shared key sends its shared key to the second endpoint device, and only encrypts any incoming communications associated with the intermediate key information with its shared key before forwarding towards the second endpoint device via its nearest neighbour device, wherein the second endpoint device uses the shared keys to decrypt the encrypted intermediate key information.
Optionally, the computer-implemented method according to the first aspect, wherein the one or more key exchange protocols used between one or more of the devices in the group of devices for secure communications therebetween are selected from a group of key exchange protocols based on a desired or required trust level in relation to the one or more intermediary devices of the group of devices.
As an option, the computer-implemented method according to the first aspect, wherein when the level of trust is a trust level that is considered an untrusted level, then the one or more key exchange protocols selected include QKD protocols for use in sharing keys with untrusted parties.
As a further option, the computer-implemented method according to the first aspect, wherein the shared keys for an intermediary device of the one or more intermediary devices of the group of devices are shared keys between said intermediary device and one or more other intermediary devices of the intermediary devices that are adjacent or neighboring the intermediary device in the line network or linear array topology.
As a further option, the computer-implemented method according to the first aspect, wherein the first communication link includes a first quantum channel and a first classical channel and the first key exchange protocol is a quantum key distribution protocol.
As another option, the computer-implemented method according to the first aspect, wherein each of the second communication link and the communication links between the intermediary devices includes a quantum channel and a classical channel and the one or more key exchange protocols is a quantum key distribution protocol different to the first key exchange protocol.
Optionally, the computer-implemented method according to the first aspect, wherein the first key exchange protocol comprises a key exchange protocol selected from the group of: a QKD protocol from the Bennett and Brassard 1984, BB84, family of QKD protocols; the BB84 QKD protocol; modified versions of the BB84 protocol configured to ensure the QKD linking apparatus is unable to derive the resulting exchanged QKD keys between the endpoint devices; a modified or hybrid-BB84 based version of the BB84 protocol configured in which at least the first device transmits or receives a first set of random symbols over a first quantum channel with the first intermediary device, but withholds the basis set used by the first device for the transmitting or receiving the first set of random symbols over the first quantum channel, wherein the first intermediary device is unable to derive the validly transmitted or received first set of random symbols by the first device or an exchanged shared key with a second device based on the validly transmitted or received first set of random symbols by the first device; a modified or hybrid-BB84 based version of the BB84 protocol configured in which at least the first device transmits or receives a first set of random symbols over a first quantum channel with the first intermediary device, but withholds the basis set used by the first device for the transmitting or receiving of the first set of random symbols over the first quantum channel, and at least the second device transmits or receives a second set of random symbols over a second quantum channel with the first intermediary device, but withholds the basis set used by the second device for the transmitting or receiving of the second set of random symbols over the second quantum channel, wherein the intermediary device is unable to derive: the validly transmitted or received first set of random symbols by the first device, the validly transmitted or received second set of random symbols by the second device, and the resulting shared key exchanged between the first and second devices based on the validly transmitted or received first set of random symbols and the validly transmitted or received second set of random symbols; the Bennet 1992, B92, QKD protocol; the Six-State Protocol, SSP, QKD protocol; the Scarani Acin Ribordy Gisin 2004, SARG04, QKD protocol; the Doherty Parrilo Spedalieri 2002, DPS02, QKD protocol; the differential phase shift, DPS, QKD protocol; the Eckert 1991, E91, QKD protocol; the coherent one-way, COW, QKD protocol; the Khan Murphy Beige 2009, KMB09, QKD protocol; the Esteban Serna 2009, S09, QKD protocol; the Serna 2013, S13, QKD protocol; the A Abushgra K Elleithy 2015, AK15, QKD protocol; any one or more other entanglement based QKD protocols; any one or more future QKD protocols; and any other suitable QKD protocol for exchanging QKD keys between endpoint devices using quantum transmissions and classical transmissions.
As a further option, the computer-implemented method according to the first aspect, wherein exchanging intermediate key information between the first intermediary device and the first endpoint device based on the first key exchange protocol further comprising: the first key exchange protocol configured for performing at least the steps of: transmitting or receiving, by the first intermediary device, a first set of random symbols over a first quantum channel with the first endpoint device; transmitting, from the first intermediary device to the first endpoint device, the basis set used by the first intermediary device for transmitting or receiving the first set of random symbols over the first quantum channel; generating, by the first intermediary device, first endpoint device intermediate key information comprising data representative of a first intermediate set of symbols based on the validly transmitted or received first set of symbols using the transmitting or receiving basis set used by the first intermediary device when transmitting or receiving the first set of symbols over the first quantum channel; wherein the first endpoint device withholds the first transmitting or receiving basis set used by the first endpoint device for transmitting or receiving the first set of random symbols over the first quantum channel with the first intermediary device.
As another option, the computer-implemented method according to the first aspect, wherein the first key exchange protocol is a modified or hybrid-BB84 based version of the BB84 protocol.
As an option, the computer-implemented method according to the first aspect, wherein determining the final shared key, by the first and second endpoint devices, based on the exchanged first endpoint device intermediate key information securely sent via the one or more intermediary devices to the second endpoint device, further comprising: exchanging, between the first and second endpoint devices over a secure communication channel therebetween, the basis set used by the first endpoint device for transmitting or receiving the first set of random symbols; determining, by the second endpoint device using the basis set used by the first endpoint device for transmitting or receiving the first set of random symbols and the first endpoint device intermediate key information, a common set of symbols corresponding to at least a portion of the first set of random symbols transmitted or received by the first endpoint device; exchanging, by the first and second devices over the secure communication channel therebetween, a shared key based on the common set of symbols and the first set of random symbols transmitted or received by the first endpoint device.
As another option, the computer-implemented method according to the first aspect, wherein each of the communication links between the group of devices includes a quantum channel and a classical channel and the one or more key exchange protocols used to exchange the shared keys between the corresponding devices of the group of devices are one or more quantum key distribution protocols.
As another option, the computer-implemented method according to the first aspect, wherein each of the communication links between the one or more intermediary devices includes a quantum channel and a classical channel and the one or more key exchange protocols selected to be used to exchange the shared keys between the corresponding intermediary devices of the one or more intermediary devices are quantum key distribution protocols.
Optionally, the computer-implemented method according to the first aspect, wherein the one or more key exchange protocols comprises one or more key exchange protocols selected from the group of: a QKD protocol from the Bennett and Brassard 1984, BB84, family of QKD protocols; the BB84 QKD protocol; modified versions of the BB84 protocol configured to ensure the QKD linking apparatus is unable to derive the resulting exchanged QKD keys between the endpoint devices; a modified or hybrid-BB84 based version of the BB84 protocol configured in which at least the first device transmits or receives a first set of random symbols over a first quantum channel with the first intermediary device, but withholds the basis set used by the first device for the transmitting or receiving the first set of random symbols over the first quantum channel, wherein the first intermediary device is unable to derive the validly transmitted or received first set of random symbols by the first device or an exchanged shared key with a second device based on the validly transmitted or received first set of random symbols by the first device; a modified or hybrid-BB84 based of the BB84 protocol configured in which at least the first device transmits or receives a first set of random symbols over a first quantum channel with the first intermediary device, but withholds the basis set used by the first device for the transmitting or receiving of the first set of random symbols over the first quantum channel, and at least the second device transmits or receives a second set of random symbols over a second quantum channel with the first intermediary device, but withholds the basis set used by the second device for the transmitting or receiving of the second set of random symbols over the second quantum channel, wherein the intermediary device is unable to derive: the validly transmitted or received first set of random symbols by the first device, the validly transmitted or received second set of random symbols by the second device, and the resulting shared key exchanged between the first and second devices based on the validly transmitted or received first set of random symbols and the validly transmitted or received second set of random symbols; the Bennet 1992, B92, QKD protocol; the Six-State Protocol, SSP, QKD protocol; the Scarani Acin Ribordy Gisin 2004, SARG04, QKD protocol; the Doherty Parrilo Spedalieri 2002, DPS02, QKD protocol; the differential phase shift, DPS, QKD protocol; the Eckert 1991, E91, QKD protocol; the coherent one-way, COW, QKD protocol; the Khan Murphy Beige 2009, KMB09, QKD protocol; the Esteban Serna 2009, S09, QKD protocol; the Serna 2013, S13, QKD protocol; the A Abushgra K Elleithy 2015, AK15, QKD protocol; any one or more other entanglement based QKD protocols; any one or more future QKD protocols; and any other suitable QKD protocol for exchanging QKD keys between endpoint devices using quantum transmissions and classical transmissions.
As a further option, the computer-implemented method according to the first aspect, wherein the one or more key QKD exchange protocols used between one or more of the devices in the group of devices for secure communications therebetween are selected from a group of key exchange protocols based on a desired or required trust level in relation to the one or more intermediary devices of the group of devices.
As another option, the computer-implemented method according to the first aspect, wherein when the level of trust is a trust level that is considered an untrusted level, then the one or more key exchange protocols selected include QKD protocols for use in sharing keys with untrusted parties.
As an option, the computer-implemented method according to the first aspect, wherein the first key exchange protocol and the one or more key exchange protocols are entanglement based QKD protocols, wherein: exchanging intermediate key information between the first intermediary device and the first endpoint device based on a first key exchange protocol further comprising distributing one or more Einstein-Podolsky-Rosen, EPR, pair(s) between the first intermediary device and the first endpoint device; distributing one or more EPR pair(s) between each of the one or more intermediary devices; distributing one or more EPR pair(s) between a last of the one or more intermediary devices and the second device; securely sending data representative of the exchanged intermediate key information further comprising: performing, at the first intermediary device, a Bell State Measurement, BSM, on corresponding EPR pairs held by the first intermediary device; performing, at each other intermediary device, a Bell State Measurement, BSM, on corresponding EPR pairs held by each other intermediary device; and sending the BSM results from each of the intermediary devices to both the first and second endpoint devices; wherein the first and second endpoint devices process the BSM results and share EPR pairs for generating the final shared key.
As another option, the computer-implemented method according to the first aspect, wherein: each of the devices in the group of devices is connected to each of its nearest neighbour devices via a quantum channel, wherein each quantum channel is unidirectional depending on the selected one or more key exchange protocols used between said each device and its nearest neighbour devices; the first and the second endpoint devices have a classically-secured classical channel therebetween; each of the N intermediary devices have a classical channels with each of their nearest neighbour intermediary devices, the method further comprising: said exchanging first intermediate key information using the first key exchange protocol further comprising: transmitting or receiving, by the first intermediary device, a first set of random symbols over a first quantum channel with the first endpoint device; transmitting, from the first intermediary device to the first endpoint device, the basis set used by the first intermediary device for transmitting or receiving the first set of random symbols over the first quantum channel; generating, by the first intermediary device, first intermediate key information comprising data representative of a first intermediate set of symbols based on the validly transmitted or received first set of symbols using the transmitting or receiving basis set used by the first intermediary device when transmitting or receiving the first set of symbols over the first quantum channel; wherein the first endpoint device withholds the first transmitting or receiving basis set used by the first endpoint device for transmitting or receiving the first set of random symbols over the first quantum channel with the first intermediary device; said securely sending data representative of the exchanged first intermediate key information from the first intermediary device to the second endpoint device further comprising: encrypting the first intermediate key information with a shared key of a neighbouring device of the group of devices; sending the encrypted first endpoint device intermediate key information to the second endpoint device via said neighbouring device(s) over said communication link therebetween, wherein any remaining intermediary devices securely send the first intermediate key information to said second endpoint device over said communication links therebetween; wherein said second endpoint device receives the encrypted first intermediate key information and decrypts said encrypted first intermediate key information using a shared key exchanged with one of the intermediary devices to retrieve said first intermediate set of symbols determined by the first intermediary device; said determining of the final shared key, by the first and second endpoint devices further comprising: exchanging, between the first and second endpoint devices over a secure communication channel therebetween, the transmitting or receiving basis set used by the first endpoint device for transmitting or receiving the first set of random symbols; determining, by the second endpoint device using the transmitting or receiving basis set used by the first endpoint device for transmitting or receiving the first set of random symbols and the first intermediate set of symbols, a second set of symbols corresponding to at least a portion of the first set of random symbols transmitted or received by the first endpoint device; and exchanging, by the first and second devices over the classically-secured communication channel therebetween, a shared key based processing and transforming the first set of random symbols and second set of symbols.
Optionally, the computer-implemented method according to the first aspect, wherein the first intermediate key information further comprises data representative from the group of: said transmitting or receiving basis set used by the first intermediary device when transmitting or receiving said first set of random symbols over the first quantum channel with the first endpoint device; and said first set of random symbols transmitted or received by the first intermediary device when transmitting or receiving said first set of random symbols with the first endpoint device.
As a further option, the computer-implemented method according to the first aspect, wherein said exchanging, by the first endpoint device and second endpoint device over a secure communication channel therebetween, a shared key further comprising performing final key information reconciliation and privacy amplification on the second set of symbols determined by the second endpoint device and the first set of symbols transmitted or received by the first endpoint device resulting in a final shared symmetric key.
As another option, the computer-implemented method according to the first aspect, wherein the one or more key exchange protocols used for secure communications between the second endpoint device and the first intermediary device is the BB84 key exchange protocol.
As an option, the computer-implemented method according to the first aspect, wherein each of the communication links between the group of devices includes a quantum channel and a classical channel and wherein the BB84 key exchange protocol is used to exchange shared keys between the corresponding devices of the group of devices and their neighbour devices of the group of devices.
Optionally, the computer-implemented method according to the first aspect, wherein the first key exchange protocol and the one or more key exchange protocols are classical or post-quantum key exchange protocols.
As an option, the computer-implemented method according to the first aspect, wherein: exchanging intermediate key information between the first intermediary device and the first endpoint device based on the first key exchange protocol, wherein the intermediate key information is a first shared key between the first intermediary device and the first endpoint device; for each of the intermediary devices and the second endpoint device exchanging a shared key with each of the nearest neighbouring devices, wherein each of the intermediary devices have a pair of shared keys and the second endpoint device has a shared key exchanged with the intermediary device it is connected to, and the first intermediary device has a second shared key with another intermediary device it is connected to; securely sending data representative of the exchanged intermediate key information from the first intermediary device to the second endpoint device via the intermediary device(s) based on: encrypting, by the intermediary device, the intermediate key information with the second shared key of the intermediary device, and sending to the second endpoint device; for each other intermediary device, cryptographically combining their pairs of shared keys and sending to the second endpoint device; wherein the second endpoint device uses its shared key and the received cryptographically combined pairs of shared keys from the intermediary devices to decrypt the encrypted intermediate key information, the first and second endpoint devices use the further communication channel to share the knowledge that the first shared key has been received and decrypted by the second endpoint device, said first shared key comprising the final shared key.
As an option, the computer-implemented method according to the first aspect, wherein the first key exchange protocol or the one or more key exchange protocols comprises a classical or post-quantum key exchange protocol from the group of: classical symmetric key exchange protocols; Rivest/Shamir/Adelman (RSA) key exchange protocol; Diffie-Hellman key exchange protocol; Finite Field Cryptographic key exchange protocols; Digital Signature Algorithm (DSA) key exchange protocol; Elliptic Curve (EC) cryptographic key exchange protocol; ECDSA key exchange protocol and EC-DH (ECDH) key exchange protocol; Elliptic Curve Diffie Hellman ephemeral-Rivest/Shamir/Adelman (ECDHE-RSA) key exchange protocol; ECDHE-ECDSA key exchange protocols; Secure Hash Algorithm (SHA)-2 (384 bit); SHA-3; key exchange protocols based on, without limitation, for example Advanced Encryption Standard (AES) (256-bit) based protocols; Galois Counter Mode based protocols; Transport Layer Security (TLS), https, SSL, SSH based protocols; any one or more other classical key exchange protocols; any one or more future classical key exchange protocols; any other suitable classical key exchange protocol for exchanging a shared key between endpoint devices or intermediary devices and the like using classical transmissions; lattice-based cryptographic key exchange protocol(s); Ring-Learning With Errors (LWE)-based key exchange protocol(s); Nth degree-truncated polynomial ring units (NTRU)-based key exchange protocol(s); Stehle-Steinfeld variant of NTRU-based key exchange protocol(s); Bimodal Lattice Signature Scheme (BLISS)-based key exchange protocol(s); multivariate-based cryptographic key exchange protocol(s); Rainbow or Unbalanced Oil and Vinegar (UOV)-based key exchange protocol(s); Hash-based cryptographic key exchange protocol(s); Lamport-based cryptographic key exchange protocol(s); Merkle-based cryptographic key exchange protocol(s); Code-based cryptographic key exchange protocol(s); McEliece-based cryptographic key exchange protocol(s); Niederreiter-based key exchange protocol(s), Courtois, Finiasz and Sendrier Signature-based key exchange protocol(s); random linear code encryption scheme (RLCE)-based key exchange protocol(s); Supersingular elliptic curve isogeny-based cryptographic key exchange protocol(s); symmetric key quantum resistance-based cryptographic key exchange protocol(s); any one or more other post-quantum key exchange protocols; any one or more future post-quantum key exchange protocols; and any other suitable post-quantum key exchange protocol for exchanging a shared key between endpoint devices or intermediary devices and the like using classical transmissions; any other suitable classical or post-quantum protocol for exchanging keys between endpoint devices and/or intermediary devices using classical transmissions.
As another option, the computer-implemented method according to the first aspect, wherein each classical communication channel is based on one or more types of communication channels from the group of: optical communication channel; free-space optical communication channel; wireless communication channel; wired communication channel; radio communication channel; microwave communication channel; satellite communication channel; terrestrial communication channel; optical fibre communication channel; optical laser communication channel; any other type of one or more optical, wireless and/or wired communication channel(s) for transmitting data between devices; and two or more optical, wireless and/or wired communication channel(s) that form a composite communication channel for transmitting data between devices.
As another option, the computer-implemented method according to the first aspect, wherein each quantum communication channel is based on one or more types of quantum communication channels from the group of: optical quantum communications; free-space optical quantum communications; optical fibre quantum communications; optical laser quantum communications; quantum entanglement communications; any other type of quantum communications for transmitting data over a quantum communication channel between devices.
Optionally, the computer-implemented method according to the first aspect, wherein one or more of the intermediary devices is a satellite apparatus, one or more terrestrial intermediary devices are satellite ground stations of hubs, and the first and second endpoint devices are connected via a terrestrial network to said satellite ground stations or hubs, wherein the first quantum communication channel between the first endpoint device and the first terrestrial intermediary device is a fibre optical quantum communication channel, the second quantum communication channel between the second endpoint device and the last terrestrial intermediary device is a fibre optical quantum communication channel, and the classical communication channel between the first and second endpoint devices is a non-quantum communications channel.
As an option, the computer-implemented method according to the first aspect, wherein one or more of the intermediary devices is a satellite and the first endpoint device and second endpoint device are satellites, wherein the first quantum communication channel between the first endpoint device and the first intermediary device is a free-space optical quantum communication channel, the second quantum communication channel between the second endpoint device and the last intermediary device is a free-space optical quantum communication channel, and the classical communication channel between the first and second endpoint devices is a non-quantum communications channel.
As another option, the computer-implemented method according to the first aspect, wherein the intermediary devices are satellites forming a satellite mesh network, the first endpoint device and second endpoint device are satellites, wherein the first quantum communication channel between the first endpoint device and the first intermediary device is a free-space optical quantum communication channel, the second quantum communication channel between the second endpoint device and the last intermediary device is a free-space optical quantum communication channel, and the classical communication channel between the first and second endpoint devices is a non-quantum communications channel.
As a further option, the computer-implemented method according to the first aspect, wherein one or more of the intermediary devices is a terrestrial communication apparatus, the first device and second endpoint device are terrestrial endpoint devices, wherein the first quantum communication channel between the first endpoint device and the first intermediary device is a fibre optic quantum communication channel, the second quantum communication channel is between the second endpoint device and the second intermediary device is a fibre optic quantum communication channel, and the classical communication channel between the first and second endpoint devices is a non-quantum communications channel or classical terrestrial communications channel.
Optionally, the computer-implemented method according to the first aspect, wherein the classical communications channels are encrypted communication channels.
As a further option, the computer-implemented method according to the first aspect, further comprising encrypting transmission data or messages prior to transmitting said data or messages to: the first endpoint device over the first classical communication channel; or the second endpoint device over the second classical communication channel.
As another option, the computer-implemented method according to the first aspect, wherein one or more authentication protocols are used by one or more of the intermediary devices and the first or second endpoint devices for authenticating the intermediary device(s), first or second endpoint devices prior to communicating over the classical or quantum communications channels.
As a further option, the computer-implemented method according to the first aspect, further comprising authenticating the first and second endpoint device prior to transmitting data to the first and second endpoint device over the classical communication channels, respectively.
In a second aspect, the present disclosure provides a computer-implemented method of key exchange between a first endpoint device and a second endpoint device communicatively coupled over communication links via one or more intermediary devices, wherein the first endpoint device is coupled by a first communication link to a first of the one or more intermediary devices, and the second endpoint device and the one or more intermediary devices form a group of devices, wherein each of the one or more intermediary devices is communicatively coupled to at least one other of the one or more intermediary devices via at least one of the communication links and the second endpoint device is coupled to a last of the one or more intermediary devices in the group via a second communication link, the method comprising: exchanging intermediate key information between the first intermediary device and the first endpoint device based on a first key exchange protocol, wherein the first key exchange protocol is a QKD protocol configured for exchanging the intermediate key information in which the first endpoint device withholds key exchange information from the first intermediary device; and securely sending data representative of the exchanged intermediate key information from the first intermediary device to the second endpoint device via the intermediary device(s), the secure communications over the communication links of the group of devices based on shared keys exchanged using one or more key exchange protocols over the communication links of the group of devices; wherein the first and second endpoint devices use a further communication channel therebetween for exchanging said withheld key exchange information and processing and transforming said intermediate key information with said key exchange information into the final shared key.
As an option, the computer-implemented method according to the second aspect, wherein: each of the devices in the group of devices is connected to each of its nearest neighbour devices via a quantum channel, wherein each quantum channel is unidirectional depending on the selected one or more key exchange protocols used between said each device and its nearest neighbour devices; the first and the second endpoint devices have a classically-secured classical channel therebetween; each of the N intermediary devices have a classical channels with each of their nearest neighbour intermediary devices, the method further comprising: said exchanging first intermediate key information using the first key exchange protocol further comprising: transmitting or receiving, by the first intermediary device, a first set of random symbols over a first quantum channel with the first endpoint device; transmitting, from the first intermediary device to the first endpoint device, the basis set used by the first intermediary device for transmitting or receiving the first set of random symbols over the first quantum channel; generating, by the first intermediary device, first intermediate key information comprising data representative of a first intermediate set of symbols based on the validly transmitted or received first set of symbols using the transmitting or receiving basis set used by the first intermediary device when transmitting or receiving the first set of symbols over the first quantum channel; wherein the first endpoint device withholds the first transmitting or receiving basis set used by the first endpoint device for transmitting or receiving the first set of random symbols over the first quantum channel with the first intermediary device; said securely sending data representative of the exchanged first intermediate key information from the first intermediary device to the second endpoint device further comprising: encrypting the first intermediate key information with a shared key of a neighbouring device of the group of devices; sending the encrypted first endpoint device intermediate key information to the second endpoint device via said neighbouring device(s) over said communication link therebetween, wherein any remaining intermediary devices securely send the first intermediate key information to said second endpoint device over said communication links therebetween; wherein said second endpoint device receives the encrypted first intermediate key information and decrypts said encrypted first intermediate key information using a shared key exchanged with one of the intermediary devices to retrieve said first intermediate set of symbols determined by the first intermediary device; said determining of the final shared key, by the first and second endpoint devices further comprising: exchanging, between the first and second endpoint devices over a secure communication channel therebetween, the transmitting or receiving basis set used by the first endpoint device for transmitting or receiving the first set of random symbols; determining, by the second endpoint device using the transmitting or receiving basis set used by the first endpoint device for transmitting or receiving the first set of random symbols and the first intermediate set of symbols, a second set of symbols corresponding to at least a portion of the first set of random symbols transmitted or received by the first endpoint device; and exchanging, by the first and second devices over the classically-secured communication channel therebetween, a shared key based processing and transforming the first set of random symbols and second set of symbols.
As another option, the computer-implemented method according to the second aspect, wherein the first intermediate key information further comprises data representative from the group of: said transmitting or receiving basis set used by the first intermediary device when transmitting or receiving said first set of random symbols over the first quantum channel with the first endpoint device; and said first set of random symbols transmitted or received by the first intermediary device when transmitting or receiving said first set of random symbols with the first endpoint device.
As a further option, the computer-implemented method according to the second aspect, wherein said exchanging, by the first endpoint device and second endpoint device over a secure communication channel therebetween, a shared key further comprising performing final key information reconciliation and privacy amplification on the second set of symbols determined by the second endpoint device and the first set of symbols transmitted or received by the first endpoint device resulting in a final shared symmetric key.
As a further option, the computer-implemented method according to the second aspect, wherein the one or more key exchange protocols used for secure communications between the second endpoint device and the first intermediary device is the BB84 key exchange protocol.
Optionally, the computer-implemented method according to the second aspect, wherein each of the communication links between the group of devices includes a quantum channel and a classical channel and wherein the BB84 key exchange protocol is used to exchange shared keys between the corresponding devices of the group of devices and their neighbour devices of the group of devices.
In a third aspect, the present disclosure provides an intermediary apparatus comprising a processor unit, a memory unit, and a communication interface, the processor unit connected to the memory unit and the communication interface, wherein the processor unit, memory unit and communication interface are adapted to implement the corresponding intermediary device steps of the computer-implemented method according to any of the first and/or second aspects.
In a fourth aspect, the present disclosure provides an apparatus comprising a processor unit, a memory unit, and a communication interface, the processor unit connected to the memory unit and the communication interface, wherein the processor unit, memory unit and communication interface are adapted to implement the corresponding steps of the computer-implemented method in relation to the first endpoint device or second endpoint device according to any of the first, second and/or third aspects.
In a fifth aspect, the present disclosure provides a system comprising: one or more an intermediary devices configured according to any of the first, second and/or third aspects; an first endpoint device comprising an apparatus according configured according to any of the first, second and/or fourth aspects; and a second endpoint device comprising an apparatus configured according to any of the first, second and/or fourth aspects; wherein the one or more intermediary devices, first endpoint device and second endpoint device are configured to communicate with each other for establishing a shared a cryptographic key between the first and second endpoint devices.
In a sixth aspect, the present disclosure provides a system comprising an intermediary device, a first device and a second device, wherein the intermediary device, first device and second device are configured to implement the corresponding steps of the computer-implemented method according to according to any of the first, second, third, fourth and/or fifth aspects.
As a further option, system according to the fifth or sixth aspects, wherein the system is a satellite quantum key distribution system comprising a plurality of satellites, each satellite including the functionality of an intermediary device, each satellite in communication with one or more ground receiving stations, and each ground receiving station including the functionality of the first and/or second endpoint devices.
In a seventh aspect, the present disclosure provides a computer-readable medium comprising computer code or instructions stored thereon, which when executed on a processor, causes the processor to perform the corresponding steps of the computer implemented method in relation to the intermediary device according to any of the first, second, third, fourth and/or fifth aspects.
In an eighth aspect, the present disclosure provides a computer-readable medium comprising computer code or instructions stored thereon, which when executed on a processor, causes the processor to perform the corresponding steps of the computer implemented method in relation to the first device according to any of the first, second, third, fourth and/or fifth aspects.
In a ninth aspect, the present disclosure provides a computer-readable medium comprising computer code or instructions stored thereon, which when executed on a processor, causes the processor to perform the corresponding steps of the computer implemented method in relation to the second device according to any of the first, second, third, fourth and/or fifth aspects.
In a tenth aspect, the present disclosure provides a computer-readable medium comprising computer code or instructions stored thereon, which when executed on one or more processor(s), causes the one or more processor(s) to perform the computer implemented method according to any of the first, second, third, and/or fourth aspects.
In an eleventh aspect, the present disclosure provides a key exchange system as herein described with reference to the accompanying drawings.
In a twelfth aspect, the present disclosure provides a key exchange process as herein described with reference to the accompanying drawings.
In a thirteenth aspect, the present disclosure provides a method as herein described with reference to the accompanying drawings.
In a fourteenth aspect, the present disclosure provides a n intermediary device as herein described with reference to the accompanying drawings.
In a fifteenth aspect, the present disclosure provides a n endpoint device as herein described with reference to the accompanying drawings.
In a sixteenth aspect, the present disclosure provides a computer program product as herein described with reference to the accompanying drawings.
In a seventeenth aspect, the present disclosure provides a key exchange chaining system comprising a plurality of intermediary devices, a first and second endpoint device connected thereto, wherein the first and second endpoint perform a key exchange chaining process as herein described with reference to the accompanying drawings for exchanging a final shared key therebetween.
In an eighteenth aspect, the present disclosure provides a key exchange chaining process for use in a key exchange chaining system as herein described with reference to the accompanying drawings.
The methods described herein may be performed by software in machine readable form on a tangible storage medium e.g. in the form of a computer program comprising computer program code means adapted to perform all the steps of any of the methods described herein when the program is run on a computer and where the computer program may be embodied on a computer readable medium. Examples of tangible (or non-transitory) storage media include disks, thumb drives, memory cards etc. and do not include propagated signals. The software can be suitable for execution on a parallel processor or a serial processor such that the method steps may be carried out in any suitable order, or simultaneously.
This application acknowledges that firmware and software can be valuable, separately tradable commodities. It is intended to encompass software, which runs on or controls “dumb” or standard hardware, to carry out the desired functions. It is also intended to encompass software which “describes” or defines the configuration of hardware, such as HDL (hardware description language) software, as is used for designing silicon chips, or for configuring universal programmable chips, to carry out desired functions.
The preferred features may be combined as appropriate, as would be apparent to a skilled person, and may be combined with any of the aspects of the invention.
Embodiments of the invention will be described, byway of example, with reference to the following drawings, in which:
Common reference numerals are used throughout the figures to indicate similar features.
Embodiments of the present invention are described below byway of example only. These examples represent the best mode of putting the invention into practice that are currently known to the Applicant although they are not the only ways in which this could be achieved. The description sets forth the functions of the example and the sequence of steps for constructing and operating the example. However, the same or equivalent functions and sequences may be accomplished by different examples.
The present disclosure provides method(s), apparatus and system(s) of performing key exchange chaining between two or more devices connected together via one or more other devices. The key exchange is performed between a first device and a second device via one or more intermediary device(s) connected together via communication links in which a first key exchange protocol is used over a first communication link connecting a first of the intermediary device(s) with the first device, and second key exchange protocol from a set of key exchange protocols is used on a second communication link connecting the second device with a second of the intermediary device(s), where one or more key exchange protocols from the set of key exchange protocols may be used on communication links connecting any other intermediary device(s) between said first and second intermediary devices. The second device and said second intermediary device connected thereto exchange a shared key therebetween using said second key exchange protocol, and any of the first, second and other intermediary devices exchange shared keys therebetween using said one or more key exchange protocols. Thus, each of the intermediary devices have pairs of shared keys from adjacent or neighbour devices. The first device exchanges a final shared key with the second device based on: the first device exchanging first intermediate key information or a first intermediate shared key with the intermediary device connected via a communication link to said first device using the first key exchange protocol; the intermediary device securely forwarding the first intermediate key information (e.g. first intermediate shared key) to the second device connected to said at least one of the intermediary devices, where said second intermediary device uses the second key exchange protocol to securely provide said first intermediate key information to the second device. The first and second devices may use a further communication channel therebetween for processing and transforming said first intermediate key information for determining a final shared key between the first and second devices based on using, at least in part, the first key exchange protocol therebetween and the first intermediate key information. The first intermediate key information (or first intermediate shared key) may include a first intermediate set of symbols (e.g. n bit(s) per symbol are represented by M=2n different symbols, where n≥1) that are exchanged between the first device and the first intermediary device.
The first and second intermediary device may be the same intermediary device, when there is one intermediary device between the first and second devices. The first and second intermediary devices may be different intermediary devices. The intermediary devices may use one or more key exchange protocols from the set of key exchange protocols for exchanging a shared key with any adjacent neighbouring intermediary device. The first and second key exchange protocols may be different key exchange protocols. The first and second key exchange protocols may be based on the same key exchange protocol.
Further modifications and/or additions to the key exchange between the first and second devices may include, without limitation, for example the first device may be a first endpoint device and the second device may be a second endpoint device, where the key exchange is between the first endpoint device and the second endpoint device, which are communicatively coupled over communication links via N intermediary devices, N>0, where N is an integer. The first endpoint device is coupled by a first communication link to a first of the N intermediary devices. The second endpoint device and the N intermediary devices form a group of devices, where each of the N intermediary devices is communicatively coupled to at least one other of the N intermediary devices via at least one of the communication links. The second endpoint device is coupled to at least one of the N intermediary devices via a second communication link. The key exchange between the first endpoint device and the second endpoint device may include the first endpoint device exchanging first intermediate key information between the first intermediary device and the first endpoint device based on a first key exchange protocol. Once said first intermediate key information has been exchanged, the first intermediary device securely sends data representative of the exchanged first intermediate key information via the group of devices to the second endpoint device, e.g. from the first intermediary device to the second endpoint device via any one or more intermediary devices connected therebetween. The secure communication of the first intermediate key information over the communication links of the group of devices based on shared keys exchanged using one or more key exchange protocols of a set of key exchange protocols over the communication links of the group of devices. Once the second endpoint device has securely received the first intermediate key information from the first intermediary device, the first and second endpoint devices use a further communication channel therebetween for processing and transforming said first intermediate key information into final shared key. The first and second endpoint devices may use the first intermediate key information, at least in part, with the portion of the first key exchange protocol that enables a final shared key to be agreed between the first and second endpoint devices based on the first intermediate key information.
The first endpoint device, the N intermediary device(s) (e.g. N>0) and the second endpoint device may form a string or chain of devices, where each device in the string or chain of devices are connected to at least one adjacent device via a communication link of the communication links, where the first endpoint device and second endpoint device are communicatively coupled together via the N intermediary devices. The first endpoint device being connected by a first communication link to a first intermediary device of the string or chain of devices and the second endpoint device being connected by a second communication link to an N-th intermediary device. As an example, when N>1, then the first intermediary device and the N-th intermediary devices are different in which the first device is connected via a first communication link to a first of the N intermediary devices, where each of the N intermediary devices are connected via a communication link to at least one adjacent or neighbouring intermediary device, with the N-th intermediary device connected via a second communication link to the second device. In another example, when N=1, then the first and N-th intermediary devices are one and the same intermediary device in which the first device is connected via a first communication link to said intermediary device, and the second device is connected via a second communication link to said intermediary device.
The string or chain of devices including the first, second, and N intermediary devices may form a line network or linear array topology with the first endpoint device being communicatively coupled to the second endpoint device via said N intermediary devices. The string or chain of devices may be part of a communication or mesh network where one or more of the N intermediary devices may be connected via other communication links to other devices and/or intermediary devices in the communication or mesh network. That is, the string or chain of devices may simply be a connected portion or subnetwork (or linear subnetwork) of a larger communication network, where the connected portion or subnetwork containing the string or chain of device may be based on a linear array, linear network topology and the like.
The first and second key exchange protocols may be selected from the set of key exchange protocols. The set of key exchange protocols may include, without limitation, for example a plurality of classical key exchange protocols; a plurality of post-quantum resistant key exchange protocols; a plurality of quantum key exchange protocols; one or more classical key exchange protocols, one or more post-quantum resistant key exchange protocols, and/or one or more quantum key exchange/distribution protocols; any mixture of key exchange protocols from the families of classical, post-quantum resistant and/or quantum key exchange protocols and the like; and/or any other type of key exchange protocol for use in sharing and/or exchanging shared keys between the first device, second device, and one or more intermediary device(s); combinations thereof; modifications thereto; and/or as herein described; and/or as the application demands.
Examples of classical key exchange protocols may include, without limitation, classical key exchange protocols from the group of: Rivest/Shamir/Adelman (RSA) key exchange protocol; Diffie-Hellman key exchange protocol; Finite Field Cryptographic key exchange protocols; Digital Signature Algorithm (DSA) key exchange protocol; Elliptic Curve (EC) cryptographic key exchange protocol; ECDSA key exchange protocol and EC-DH (ECDH) key exchange protocol; Elliptic Curve Diffie Hellman ephemeral-Rivest/Shamir/Adelman (ECDHE-RSA) key exchange protocol; ECDHE-ECDSA key exchange protocols; key exchange protocols based on, without limitation, for example Secure Hash Algorithm (SHA)-2 (384 bit) and SHA-3; key exchange protocols based on, without limitation, for example Advanced Encryption Standard (AES) (256-bit) and/or Galois Counter Mode and the like; key exchange protocols such as, without limitation, for example Transport Layer Security (TLS), https, SSL, SSH; TLS using, without limitation, for example any one or more of ECDHE-RSA, AES (128-bit) GCM and SHA256; TLS using, without limitation, for example ECDHE-RSA with AES (256-bit) GCM and SHA (384-bit); any one or more other classical key exchange protocols; any one or more future classical key exchange protocols; and any other suitable classical key exchange protocol for exchanging a shared key between endpoint devices or intermediary devices and the like using classical transmissions; combinations thereof; modifications thereto; as herein described, and/or as the application demands.
Examples of post-quantum or quantum-resistant key exchange protocols may include, without limitation, one or more from the group of: lattice-based cryptographic key exchange protocol(s) including, without limitation, for example Ring-Learning With Errors (LWE)-based key exchange protocol(s), Nth degree-truncated polynomial ring units (NTRU)-based key exchange protocol(s), Stehle-Steinfeld variant of NTRU-based key exchange protocol(s), Bimodal Lattice Signature Scheme (BLISS)-based key exchange protocol(s); multivariate-based cryptographic key exchange protocol(s) such as, without limitation, for example Rainbow or Unbalanced Oil and Vinegar (UOV)-based key exchange protocol(s); Hash-based cryptographic key exchange protocol(s) such as, without limitation, for example Lamport-based cryptographic key exchange protocol(s), Merkle-based cryptographic key exchange protocol(s), XMSS and SPHINC; Code-based cryptographic key exchange protocol(s) such as, without limitation, for example McEliece-based cryptographic key exchange protocol(s), Niederreiter-based key exchange protocol(s), Courtois, Finiasz and Sendrier Signature-based key exchange protocol(s), random linear code encryption scheme (RLCE)-based key exchange protocol(s); Supersingular elliptic curve isogeny-based cryptographic key exchange protocol(s); symmetric key quantum resistance-based cryptographic key exchange protocol(s); any one or more other post-quantum key exchange protocols; any one or more future post-quantum key exchange protocols; and any other suitable post-quantum key exchange protocol for exchanging a shared key between endpoint devices or intermediary devices and the like using classical transmissions and the like; combinations thereof; modifications thereto; as herein described, and/or as the application demands.
Examples of quantum key exchange/distribution protocols may include one or more quantum key exchange/distribution protocols from the group of, without limitation, for example: a QKD protocol from the Bennett and Brassard 1984 (BB84) family of QKD protocols; the BB84 QKD protocol; modified versions of the BB84 protocol configured to ensure the QKD linking apparatus is unable to derive the resulting exchanged QKD keys between the endpoint devices; a modified version of the BB84 protocol configured in which at least the first device transmits or receives a first set of random symbols over a first quantum channel with the first intermediary device, but withholds the basis set used by the first device for the transmitting or receiving the first set of random symbols over the first quantum channel, wherein the first intermediary device is unable to derive the validly transmitted or received first set of random symbols by the first device or an exchanged shared key with a second device based on the validly transmitted or received first set of random symbols by the first device; a modified version of the BB84 protocol configured in which at least the first device transmits or receives a first set of random symbols over a first quantum channel with the first intermediary device, but withholds the basis set used by the first device for the transmitting or receiving of the first set of random symbols over the first quantum channel, and at least the second device transmits or receives a second set of random symbols over a second quantum channel with the first intermediary device, but withholds the basis set used by the second device for the transmitting or receiving of the second set of random symbols over the second quantum channel, wherein the intermediary device is unable to derive: the validly transmitted or received first set of random symbols by the first device, the validly transmitted or received second set of random symbols by the second device, and the resulting shared key exchanged between the first and second devices based on the validly transmitted or received first set of random symbols and the validly transmitted or received second set of random symbols; the Bennet 1992 (B92) QKD protocol; the Six-State Protocol (SSP) QKD protocol; the Scarani Acin Ribordy Gisin 2004 (SARG04) QKD protocol; the Doherty Parrilo Spedalieri 2002 (DPS02) QKD protocol; the differential phase shift (DPS) QKD protocol; the Eckert 1991 (E91) QKD protocol; the coherent one-way (COVV) QKD protocol; the Khan Murphy Beige 2009 (KMB09) QKD protocol; the Esteban Serna 2009 (S09) QKD protocol; the Serna 2013 (S13) QKD protocol; the A Abushgra K Elleithy 2015 (AK15) QKD protocol; any one or more other entanglement based QKD protocols; any one or more future QKD protocols; and any other suitable QKD protocol for exchanging QKD keys between endpoint devices using quantum transmissions and classical transmissions; combinations thereof; modifications thereto; as herein described, and/or as the application demands.
As an example, the first and second key exchange protocols may include one or more or a plurality of classical key exchange protocols and/or post-quantum resistant key exchange protocols, and where any of the one or more key exchange protocols used between the intermediary devices are also classical key exchange protocols and/or post-quantum resistant key exchange protocols. The first, second, and one or more key exchange protocols may be the same and/or different classical key exchange protocols and/or post-quantum resistant key exchange protocols.
In other examples, the set of key exchange protocols may include, without limitation, for example a plurality of quantum key exchange/distribution protocols, where the first and second key exchange protocols are quantum key exchange/distribution protocols, and where any of the one or more key exchange protocols used between the intermediary devices are quantum key exchange/distribution protocols. The first, second, and one or more key exchange protocols may be the same and/or different quantum key exchange/distribution protocols. For example, the first key exchange protocol may be a first quantum key exchange/distribution protocol, the second key exchange protocol may be a second quantum key exchange/distribution protocol, and the one or more key exchange protocols used by the intermediary devices may be the second key exchange/distribution protocol. The first key exchange protocol may be configured for detecting eavesdroppers during the exchange of the final shared key.
In further examples, the set of key exchange protocols may include, without limitation, for example a plurality of classical key exchange protocols, a plurality of post-quantum key exchange protocols, and/or a plurality of quantum key exchange/distribution protocols, where the first key exchange protocol is a quantum key exchange/distribution protocol, and where the second key exchange protocol and the one or more key exchange protocols may be classical and/or post-quantum resistant key exchange protocols. The second and one or more key exchange protocols may be the same and/or different quantum key exchange/distribution protocols. The first key exchange protocol may be configured for detecting eavesdroppers during the exchange of the final shared key.
Devices may encrypt a first set of symbols or data by using cryptographic operations that cryptographically combine the first set of symbols with a second set of symbols or data (e.g. intermediate symbols, shared keys and the like) resulting in a third set of symbols or an encrypted set of symbols, which can only be decrypted with the first or second set of symbols. Similarly devices may decrypt the third set of symbols or the encrypted set of symbols by applying cryptographic operations either to the first set of symbols or the second set of symbols to the third set of symbols to retrieve either the second set of symbols or first set of symbols, respectively. For example, a first set of symbols (e.g. a bit string or symbol string) and may be cryptographically combined with another set of symbols or a second set of symbols (another bit string or symbol string) in a secure but reversible manner using cryptographic operations such as, without limitation, for example: exclusive or (XOR) operations on these sets of symbols (e.g. converting the sets of symbols into bit strings and performing bitwise XOR); extended XOR operations on these sets of symbols (e.g. using a mathematically defined extended set of “symbol XOR” operations on symbols that preserve the mathematical properties of bitwise XOR operations); one-time-pad encryption of these sets of symbols; any other classical, post-quantum resistant, or quantum encryption/decryption operation on these sets of symbols such that a device is able to decrypt and retrieve one of the sets of symbols using the other of the sets of symbols used to encrypt both sets of symbols; modifications thereto; combinations thereof; and/or as herein described.
A quantum communication channel(s) may comprise or represent a communication channel capable of transmitting and/or receiving at least quantum information. Examples of a quantum communication channel or quantum channel that may be used according to the invention may include or be based on, without limitation, for example on one or more types of quantum communication channels associated with the group of: optical quantum communications; free-space optical quantum communications; optical fibre quantum communications; optical laser quantum communications; communications using electromagnetic waves such as, without limitation, for example radio, microwave, infra-red, gigahertz, terahertz and/or any other type of electromagnetic wave communications; communications based on electron spin and the like; any other type of quantum communications for transmitting and receiving data over a quantum communication channel between devices. It is noted that one or more types of quantum communication channel(s) may be capable of transmitting and/or receiving non-quantum or classical information.
A standard, classical or non-quantum communication channel(s) may comprise or represent any communication channel between two devices that at least is capable of transmitting and/or receiving non-quantum information. Examples of standard, classical and/or non-quantum communication channels according to the invention may include or be based on, without limitation, for example on one or more types of communication channels from the group of: any one or more physical communication channel(s); optical communication channel; free-space optical communication channel; wireless communication channel; wired communication channel; radio communication channel; microwave communication channel; satellite communication channel; terrestrial communication channel; optical fibre communication channel; optical laser communication channel; telecommunications channels; 2G to 6G and beyond telecommunications channels; logical channels such as, without limitation, for example Internet Protocol (IP) channels; any other type of logical channel being provided over any standard, classical or non-quantum physical communication channel; one or more other physical communications or carriers of data such as, without limitation, for example avian carriers, paper, sealed briefcases, courier or other delivery service and the like; any other type of one or more optical, wireless and/or wired communication channel(s) for transmitting data between devices; and/or two or more optical, wireless and/or wired communication channel(s) that form a composite communication channel for transmitting data between devices; and/or any combination of two or more standard, classical or non-quantum communication channel(s) that form a composite communication channel for transmitting and/or carrying data between devices; combinations thereof, modifications thereto, and/or as described herein and the like and/or as the application demands. It is noted that one or more types of standard, classical or non-quantum communication channel(s) may be capable of transmitting and/or receiving quantum information.
A communication link between at least two devices may comprise or represent any one or more communication channels formed between said at least two devices enabling said at least two devices to communicate therebetween. Examples of a communication link according to the invention may include or be based on, without limitation, for example a classical communication link such as a communication link between said at least two devices including at least one or more classical or standard communication channels formed therebetween; a quantum communication link such as a communication link between said at least two devices including at least one or more quantum communication channels formed therebetween; a combined classical and quantum communication link such as a communication link between said at least two devices including at least one or more quantum communication channels formed therebetween and at least one or more classical or standard communication channels formed therebetween; a communication link including only one or more classical communication channel(s); a communication link including only a classical communication channel and a quantum communication channel; a communication link including only one or more quantum communication channels; a communication link including at least a bidirectional classical channel and a unidirectional quantum communication channel between said at least two devices; a communication link including at least a bidirectional classical channel and a first unidirectional quantum communication channel and a second unidirectional quantum communication channel, the first unidirectional quantum communication channel for transmitting quantum information from a first device to a second device, and the second unidirectional quantum communication channel for transmitting quantum information from the second device to the first device; combinations thereof; modifications thereto; and/or as described herein and the like; and/or as the application demands.
The intermediary device may comprise or represent any device or apparatus, component or system that is adapted to, configured to, includes the capability of: establishing one or more communication links including at least one or more non-quantum, standard or classical communication channels and/or quantum communication channel(s) with one or more other communication devices for transmitting/receiving data to/from said one or more other communication devices and configured for implementing a key exchange according to the invention as described herein and/or as the application demands. Examples of an intermediary device as described herein and/or according to the invention may include, without limitation, for example a satellite or apparatus/components thereof, a ground station or apparatus/components thereof, a relay station, repeater, telecommunication apparatus, network apparatus, network nodes, routers, and/or any apparatus, communication device, computing device or server and the like with a communication interface configured for and/or including functionality of, without limitation, for example a non-quantum, standard or classical communication interface for communicating over non-quantum, standard or classical communication channel(s); and a quantum communication interface for communicating over quantum channel(s).
The first or second endpoint device or first or second communication device (also referred to herein as first or second devices) may comprise or represent any device or apparatus with communication components/systems or communication capabilities configured to connect over one or more communication links with one or more intermediary devices, where each communication link may include at least one of more of a non-quantum, standard or classical communication channel(s) and/or quantum communication channel(s) for implementing the key exchange according to the invention as described herein and/or as the application demands. Examples of a first or second endpoint/communication devices (or first and second devices) according to the invention may include, without limitation, for example a satellite and/or apparatus/components thereof, a satellite ground receiving station and/or apparatus/components thereof, optical ground receiving station, user device, endpoint device, telecommunication apparatus, network apparatus, network nodes, routers, and/or any communication device, computing device or server and the like with a communication interface configured for and/or including functionality of, without limitation, for example a non-quantum, standard or classical communication interface for communicating over non-quantum, standard or classical communication channel(s); and a quantum communication interface for communicating over quantum channel(s).
Although the following description describes several different types of classical and/or quantum key exchange protocols, this is byway of example only and the invention is not so limited, it is to be appreciated by the skilled person that any of the above-mentioned examples of classical, post-quantum, and/or quantum key exchange/distribution protocols may be used in place of those examples specified below and/or as herein described; combinations thereof; modifications thereto; and/or as the application demands.
In this example, the first and second devices 102a and 102b may require a shared key (or final shared key) that is facilitated by a first intermediary device 104a of the one or more intermediary devices 104a-104n. The first intermediary device 104a is connected via communication link 106a to the first device 102a. The first device and first intermediary device 104a are configured to use a first key exchange protocol over the first communication link 106a to exchange first intermediate key information 112 for use by the first and second devices in determining the final shared key. The first intermediate key information 112 (e.g. IA) is securely communicated 114 from the first intermediary device 104a via any intermediary devices between the first intermediary device 104a and the second device 102a. The secure communication 114 of the first intermediate key information 112 may be performed by encrypting said first intermediate key information 112 from one intermediary device 104a to another based on using shared keys therebetween determined or derived from one or more key exchange protocols from a set of key exchange protocols. The second device 102b performs a second key exchange protocol from the set of key exchange protocols to establish a shared key with intermediary device 104n for use in securing the second communication link 106b connecting the second device 102b with intermediary device 104n. The second device 104b and said intermediary device 104n connected thereto exchange shared key therebetween using said second key exchange protocol. Any of the first and/or other intermediary devices exchange shared keys therebetween using said one or more key exchange protocols from the set of key exchange protocols. The one or more key exchange protocols and the second key exchange protocol may be different and/or the same. The shared keys may be symmetric shared keys enabling the first intermediate key information to be encrypted/decrypted with the shared key using, without limitation, for example XOR-type operations, and/or one-time-pad operations, and/or any other type of encryption/decryption operations using symmetric keys
In operation, the first device 102a exchanges a final shared key with the second device 102b based on: the first device 102a exchanging first intermediate key information 112 with the first intermediary device 104a connected to said first device 102a using the first key exchange protocol. The first intermediate key information 112 (e.g. IA) may include a first intermediate set of symbols (e.g. n bit(s) per symbol are represented by M=2n different symbols, where n≥1) that are exchanged between the first device and the first intermediary device. The first intermediary device 104a securely forwards/communicates 114 the first intermediate key information 112 (e.g. IA) to the second device 102b connected to said at least one of the intermediary devices 104a-104n, where the intermediary device 104n connected to said second device 102b uses the second key exchange protocol to exchange a shared key for securely providing said first intermediate key information 112 (e.g. IA) to the second device 102b. As an option, the shared keys used in the secure communications may be symmetric shared keys enabling the first intermediate key information to be encrypted/decrypted with the shared key using, without limitation, for example XOR-type operations, and/or one-time-pad operations, and/or any other type of encryption/decryption operations using symmetric keys. Once the second device 102b has the first intermediate key information 112 (e.g. IA), the first and second devices may use a further communication channel 110 therebetween for processing and transforming said first intermediate key information 112 (e.g. IA) for determining the final shared key between the first and second devices 102a and 102b based on using, at least in part, the portions of the first key exchange protocol for reconciling a final shared key based on, at least in part, the first intermediate key information 112 (e.g. IA).
As an option, when there is one intermediary device between the first and second devices 102a and 102b (i.e. there may be only one intermediary device), as illustrated in
The first endpoint device 102a is connected by a first communication link 106a to a first intermediary device 104a of the string or chain of intermediary devices 104a-104n and the second endpoint device being connected by a second communication link to the last intermediary device 104n of the chain of intermediary devices 104a-104n. As an example, when there are more than one intermediary devices, then the first intermediary device 104a and the last intermediary device 104n are different in which the first device 102a is connected via the first communication link 106a to the first intermediary device 104a of the chain of intermediary devices 104a-104n, where each of the other intermediary devices 104b-104n are connected via a communication link 108a-108m to at least one adjacent or neighbouring intermediary device of the chain of intermediary devices 104a-104n, with the last intermediary device 104n connected via a second communication link 106b to the second device 102b. In another example, when there is only one intermediary device, then the first and last intermediary devices are one and the same intermediary device 104a in which the first device 102a is connected via a first communication link 106a to said intermediary device 104a, and the second device 102b is connected via a second communication link 106b to said intermediary device 104a.
The string or chain of devices including the first device 102a, second device 102b, and one or more intermediary devices 104a-104n may form a line network or linear array topology with the first endpoint device 102a being communicatively coupled to the second endpoint device 102b via said one or more intermediary devices 104a-104n. The string or chain of devices may be part of a communication or mesh network 124 where one or more of the intermediary devices 104a-104n may be connected via other communication links 126a-126d to other devices and/or intermediary devices 128a-128d in the communication or mesh network 124. That is, the string or chain of devices 102a, 104a-104n and 102b may simply be a connected portion or subnetwork 122 (or linear subnetwork) of a larger communication network 124, where the connected portion or subnetwork 122 containing the string or chain of devices 102a-104a-104n and 102b may be based on a linear array, linear network topology and the like.
Once the second endpoint device 102b has securely received and decrypted the first intermediate key information from the first intermediary device 104a, the first and second endpoint devices 102a and 102b use a further communication channel 110 therebetween for processing and transforming said first intermediate key information into final shared key. The first and second endpoint devices 102a and 102b may use the first intermediate key information, at least in part, with the portion of the first key exchange protocol over the further communication channel 110 that enables a final shared key to be agreed between the first and second endpoint devices 102a and 102b based on the first intermediate key information.
The first endpoint device 102a, the N intermediary device(s) (e.g. N>0) 104a-104n and the second endpoint device 102b form a string or chain of devices, where each device in the string or chain of devices are connected to at least one adjacent device via a communication link of the communication links 106a, 108a-108m and 106b, where the first endpoint device 102a and second endpoint device 102b are communicatively coupled together via the N intermediary devices 104a-104n. The first endpoint device 102a being connected by a first communication link 106a to a first intermediary device 104a of the string or chain of devices and the second endpoint device 102b being connected by a second communication link 106b to an N-th intermediary device 104n of the string or chain of devices. As an example, when N>1, then the first intermediary device 102a and the N-th intermediary devices 104n are different in which the first device 102a is connected via a first communication link 106a to a first intermediary device 104a of the N intermediary devices 104a-104n, where each of the N intermediary devices 104a-104n are connected via communication links 108a-108m to at least one adjacent or neighbouring intermediary device of the intermediary devices 104a-104n, with the N-th intermediary device 104n connected via a second communication link 106b to the second device 102b. In another example, when N=1, then the first and N-th intermediary devices are one and the same intermediary device in which the first device 102a is connected via a first communication link 106a to said first intermediary device 104a, and the second device 102b is connected via a second communication link 106b to said first intermediary device.
Referring to
In relation to the group of devices 132, which may use one or more key exchange protocols from the set of key exchange protocols to share keys between adjacent devices in the group of devices 132. Thus, the shared key(s) for a device in the group of devices 132 are shared keys between said device and any adjacent or neighbouring device connected to said device by one of the communication links 106b and 108a-108n. In an example, each shared key for a device in the group of devices 132 is used for securing the communication of the first intermediate key information from one device to next neighbouring device in the chain of devices or communication path towards the second endpoint device 102b. This may mean each device that is connected to two adjacent devices has a first and second shared key, where the first shared key is shared with an adjacent device in the communication path towards the first endpoint device 102a (e.g. communication path upstream of the device) and the second shared key is shared with an adjacent device in the communication path towards the second endpoint device 102b. Thus, in this example, the first shared key may be used to decrypt the first intermediate key information, which was encrypted with the first shared key by the adjacent device upstream of the device, where the device then re-encrypts the first key information with the second shared key for sending to the downstream adjacent device, with which the device shared the second shared key with. This is repeated until the second endpoint device 102b in the group of devices 132 receives the encrypted first intermediate key information, which it decrypts with the shared key shared with the N-th or last intermediary device 104n of the group 132.
Alternatively, each device in the group of devices 132 sends its shared key(s) to the second endpoint device 102b, thus the second endpoint device 102b accumulates the shared keys from all devices in the group 132. Thus, when an intermediary device in the group of devices 132 receives the first intermediate key information, which may have been encrypted with another shared key from the adjacent intermediary device, the intermediary device only encrypts the incoming communications associated with the first intermediate key information with the shared key that was shared with the adjacent device in the communication path closer to the second endpoint device 102b before forwarding it towards the second endpoint device 102b via its nearest neighbour/adjacent device. The second endpoint device 102b uses the accumulated shared keys to decrypt the encrypted first intermediate key information.
Furthermore, the one or more key exchange protocols used between one or more of the devices in the group of devices 132 for secure communications therebetween are selected from a group of key exchange protocols based on a desired or required trust level in relation to the N intermediary devices 104a-104n of the group of devices 132. For example, when the level of trust is a trust level that is considered an untrusted level, then the one or more key exchange protocols selected include quantum key exchange/distribution protocols for use in sharing keys with untrusted parties. Thus, the one or more key exchange protocols used by the group of devices 132 may use one or more types of quantum key exchange/distribution protocols. Should the quantum key exchange/distribution protocol require at least one quantum channel and at least one classical channel, then each of the communication links 108a-108m and 106b may include a quantum communication channel and a classical communication channel. For each communication link between a pair of devices in the group of devices 132, the direction of the quantum communication channel may depend on the quantum key exchange protocol used to exchange the shared keys between the pair of devices over said each communication link. For each communication link, the quantum channel may be a unidirectional quantum channel, whereas the classical communication channel may be a bidirectional classical communication channel.
In another example, when the level of trust is a trust level that is considered an untrusted level, then the one or more key exchange protocols selected include quantum key exchange/distribution protocols for use in sharing keys with untrusted parties. Thus, the one or more key exchange protocols used by the group of devices 132 may use one or more types of quantum key exchange/distribution protocols. Should the types of quantum key exchange/distribution protocols require only quantum channel(s) (e.g. quantum entanglement protocols), then each of the communication links 108a-108m and 106b may include a suitable quantum communication channel. For each communication link between a pair of devices in the group of devices 132, the direction of the quantum communication channel may depend on the quantum key exchange protocol used to exchange the shared keys between the pair of devices over said each communication link.
In another example, when the one or more of the intermediary devices can be trusted and other intermediary devices cannot be trusted, then the one or more key exchange protocols selected may include classical/post-quantum key exchange protocol for sharing keys between pairs of trusted intermediary devices in the group of devices 132, and the one or more key exchange protocols selected may include quantum key exchange/distribution protocols for use in sharing keys with between pairs of intermediary devices, in which at least one of the intermediary devices is an untrusted party. Thus, the one or more key exchange protocols used by the group of devices 132 may use one or more types of classical/post-quantum and/or quantum key exchange/distribution protocols.
Furthermore, to enhance the level of security, the first key exchange protocol used between the first intermediary device 104a and the first device 102a may be configured for detecting eavesdroppers during the exchange of the final shared key. That is, the first key exchange protocol may be a quantum key distribution/exchange protocol, in which the first communication link includes a first quantum channel and a first classical channel. The first key exchange protocol may be chosen to be different to the one or more key exchange protocols used for exchanging shared keys between the devices in the group of devices 132.
Although several different configurations on the different types of key exchange protocols have been described, this is by way of example only and the invention is not so limited, it is to be appreciated by the skilled person that the first key exchange protocol may be selected from a set of protocols including at least one from the group of classical, post quantum, and quantum key exchange protocols as the application demands and/or as herein described, and/or similarly, the second key exchange protocol and/or the one or more key exchange protocols used to share keys between the one or more intermediary devices may be selected from a set of key exchange protocols including at least one from the group of classical, post quantum, and quantum key exchange protocols as the application demands and/or as herein described.
In this example, the key exchange process 140 performs, with reference to
In step 142, sharing cryptographic keys over the communication links 102b, 104a-104n between neighbouring and/or adjacent devices in the group of devices 132, where one or more key exchange protocols from the set of key exchange protocols are used to share a cryptographic key between devices over the communication link therebetween. It is noted that this step may be performed prior to step 144, after step 144, and/or as a separate key exchange between pairs of adjacent or neighbouring devices in the group of devices 102b, 104a-104n and the like. The second device 102b uses a second key exchange protocol to share a cryptographic key over the second communication link 106b with the N-th intermediary device 104n. Thus, each of the intermediary devices 104a-104n has at least one shared cryptographic keys with at least one of its neighbouring intermediary devices 104a-104n and/or the second device 102b and the like.
As an option, each device of the group of devices 102b and 104a-104n may send at least one of its shared cryptographic keys that it shared with an adjacent or neighbouring device to the second endpoint device 102b, where the second endpoint device 102b may accumulate the shared keys. Thus, each intermediary device in the group of devices 132, when securely communicating said first intermediate key information, only encrypts said incoming communications associated with the first intermediate key information with the shared key it sent to the second endpoint device 102b before forwarding the encrypted first intermediate key information towards the second endpoint device 102b via its nearest neighbour device. The intermediary devices 104a-104n do not have to decrypt and re-encrypt the first intermediate key information, which can remain secret until decrypted by the second endpoint device 102b. The multiple encryption may be performed using symmetric keys using an XOR-type operation, thus the first intermediate key information is encrypted using nested XOR operations. Thus, the second endpoint device 102b uses the received shared keys to decrypt the multiply encrypted (or nested encrypted with XOR operations) first intermediate key information for use in the final key exchange of the final shared key with the first device 102a.
As an option, the shared keys used in the secure communications may be symmetric shared keys enabling the first intermediate key information to be encrypted/decrypted with the shared key using, without limitation, for example XOR-type operations, and/or one-time-pad operations, and/or any other type of encryption/decryption operations using symmetric keys.
In step 144, exchanging intermediate key information (e.g. IA) between the first intermediary device 104a and the first endpoint device 102a based on a first key exchange protocol used over a first communication link 106a of the communication links 106a, 108a-108m and 106b. The first intermediary key information 112 for use by the second device 102a in performing a key exchange of the final shared key between the first device 102a and the second device 102b using, at least in part, the first key exchange protocol over another communication link 110 therebetween.
In step 146, securely sending data representative of the exchanged first intermediate key information from the first intermediary device 104a to the second endpoint device 102b via, if any, the one or more intermediary devices 104b-104n using the shared cryptographic keys therebetween. The secure communications over the communication links 108a-108n and 106b of the group of devices 104a-104n and 102b, respectively, is based on cryptographic keys that have been shared between adjacent or neighbouring devices in the group of devices 132. The cryptographic keys exchanged between said devices are based on using one or more key exchange protocols selected from a set of key exchange protocols over each of the communication links 108a-108m and 106b of the group of devices 104a-104n and 102b, respectively. The one or more key exchange protocols that are selected may be the same for each of the communication links 108a-108m and 106b and group of devices 104a-104n and 102b, respectively. One or more of the key exchange protocols that are selected may be the different depending on the capability and/or configuration of the communication links 108a-108m and 106b and/or depending on the capability and/or configuration of each device in the group of devices 104a-104n and 102b. The key exchange protocols may be selected or used based on a required level of trust or actual level of trust that can be met by each of the intermediary devices in the group of devices 132. For example, if each of the intermediary devices in the group of devices 132 is untrusted or controlled by an untrusted party, then the key exchange protocol(s) used between said intermediate devices may be based on quantum key exchange/distribution protocol(s) that do not depend on the intermediary devices being trusted devices, where the communication links therebetween include the appropriate quantum and/or classical channels and the like.
In step 148, performing a key exchange of the final shared key between the first and second endpoint devices 102a and 102b use a further communication link or channel 110 based, at least in part, on performing the first key exchange protocol using the first intermediate key information securely received by the second device 102b, which is processed and transformed by the first and second devices 102a and 102b using said first key exchange protocol into the final shared key.
As an option, the first endpoint device 102a, the N intermediary devices 104a-104n and the second endpoint device 102b may form a string or chain of devices in which adjacent devices are connected via a communication link of the communication links 106a, 108a-108m and 106b. The string or chain of devices may form a line network or a line subnetwork of a larger communication network. The line network or link subnetwork may have a linear array topology and the like. Thus, the first endpoint device 102a being communicatively coupled to the second endpoint device 102b via communication links 106a, 108a-108m and 106b and said N intermediary devices 104a-104n.
For added security, the first key exchange protocol used by the first device 102a may be configured for detecting eavesdroppers during the exchange of the final shared key with the second device 102b. The first communication link 106a between the first device 102a and the first intermediary device 104a includes a first quantum channel and a first classical channel, where the first key exchange protocol is a quantum key distribution protocol.
As an option, the one or more key exchange protocols used between one or more of the devices 102b, 104a-104n in the group of devices 132 for secure communications therebetween are selected from a group or set of key exchange protocols based on a desired trust level, required trust level, trust capability, or an actual level of trust in relation to the N intermediary devices 104a-104n of the group of devices 132. Thus, when the level of trust is a trust level that is considered an untrusted level, then the one or more key exchange protocols selected may include QKD protocols configured and/or capable for use in sharing keys with untrusted parties. This may be used when one or more of the intermediary devices are in the control of a third party operator and the like, thus such intermediary devices might not be fully trusted when exchanging shared keys and the like. In another example, the level of trust is a trust level that is considered to be a trusted level or high level of trust, such as when the intermediary devices are operated or owned by a known and trusted operator, then the one or more key exchange protocols selected may include QKD protocols configured and/or capable for use in sharing keys with trusted parties. Using QKD protocols may enable eavesdropper detection in relation to the shared keys that are shared between the devices in the group of devices 132.
Although the first key exchange protocol, the second key exchange protocol and/or the one or more key exchange protocols used between intermediary devices are described based on using one or more QKD protocols and the like, this is for simplicity and byway of example only and the invention is not so limited, it is to be appreciated by the skilled person that depending on the capabilities of the first device, second device and the intermediary devices, and the trust requirements and/or capabilities of these devices and the key exchange system as a whole and the like, the first key exchange protocol, the second key exchange protocol and/or one or more key exchange protocols used by the intermediary devices may be based on, without limitation, for example one or more key exchange protocols from the group of: one or more classical key exchange protocol(s); one or more post-quantum or quantum resistant key exchange protocol(s); and one or more quantum key exchange protocol(s); and/or any other one or more suitable key exchange protocols as the application demands.
In step 152, the first intermediary device 104a shares a first cryptographic key over the communication link 108a (or 106b) with its neighbouring and/or adjacent device in the group of devices 132. If there are any further intermediary devices in the group of devices 132, then the neighbouring or adjacent device is an intermediary device 104b in the group of devices 132 that is connected with the intermediary device 104a via communication link 108a. The intermediary device 104a uses a key exchange protocol to share a key over the communication link 108a with intermediary device 104b. Otherwise, if the group of devices 132 only includes the intermediary device 104a and the second device 102b, then the neighbouring or adjacent device is the second device 102b in the group of devices 132 that is connected with the intermediary device 104a via communication link 106b. The intermediary device 104a uses a key exchange protocol, or second key exchange protocol, to share a key over the communication link 106b with second device 102b. Depending on the capabilities of the devices 104a and 104b (or 102b) and the communication link 104a (or 106b), the key exchange protocol used may be selected (e.g. predetermined or dynamically selected) from the set of key exchange protocols to share the first cryptographic key between these two devices 104a and 104b (or second device 102b) over the communication link 104a (or communication link 106b) therebetween. It is noted that this step may be performed prior to step 154, after step 154, and/or as a separate one or more key exchanges between the pair of devices 104a and 104b (or 102b). For example, the devices 104a and 104b (or 102b) may perform key management and store a set of paired shared cryptographic keys for future use and the like.
As an option, the first intermediary device 104a of the group of devices 132 may send the first shared cryptographic key to the second endpoint device 102b, where the second endpoint device 102b may accumulate the different cryptographic shared keys from the intermediary devices 104a-104n. Thus, each intermediary device in the group of devices 132, when securely communicating said first intermediate key information, only encrypts said incoming communications associated with the first intermediate key information with the shared key it sent to the second endpoint device 102b before forwarding the encrypted first intermediate key information towards the second endpoint device 102b via its nearest neighbour device 104b. The encryption of the first intermediate key information, which will be exchanged with the first intermediary device 104a in step 154, may be performed using symmetric shared keys using, without limitation, for example an XOR-type operation, a OTP operation(s), and/or any other type of encryption operation for encrypting said first intermediate key information with a shared key, which may be decrypted using the same symmetric shared key and the like. As an option, the shared keys used in the secure communication may be symmetric shared keys enabling the first intermediate key information to be encrypted by the first intermediary device 104a for sending securely towards the second device 102b via, if any, one or more other intermediary devices 104b-104n. The symmetric shared keys enable encryption/decryption of the first intermediate key information with the shared key using, without limitation, for example XOR-type operations, and/or one-time-pad operations, and/or any other type of encryption/decryption operations using symmetric keys.
In step 154, exchanging intermediate key information (e.g. IA) between the first intermediary device 104a and the first endpoint device 102a based on a first key exchange protocol used over a first communication link 106a of the communication links 106a, 108a-108m and 106b. The first intermediary key information 112 for use by the second device 102a in performing a key exchange of the final shared key between the first device 102a and the second device 102b using, at least in part, the first key exchange protocol over another communication link 110 therebetween.
In step 156, securely sending data representative of the exchanged first intermediate key information from the first intermediary device 104a to the second endpoint device 102b via, if any, the one or more intermediary devices 104b-104n using the first shared cryptographic key determined from step 152.
Once the first intermediate key information is received by the second device 102b, the first and second devices 102a and 102b perform a key exchange of the final shared key between the first and second endpoint devices 102a and 102b using a further communication link or channel 110 based, at least in part, on performing the first key exchange protocol using the first intermediate key information that was securely sent by the first intermediary device 104a and securely received and decrypted by the second device 102b, which is processed and transformed by the first and second devices 102a and 102b using said first key exchange protocol into the final shared key.
In step 162, exchanging intermediate key information 112 (e.g. IA) between the first intermediary device 104a and the first endpoint device 102a based on a first key exchange protocol used over a first communication link 106a of the communication links 106a, 108a-108m and 106b. The first intermediary key information 112 for use by the second device 102a in performing a key exchange of the final shared key between the first device 102a and the second device 102b using, at least in part, the first key exchange protocol over another communication link 110 therebetween.
The first intermediate key information is securely sent by the first intermediary device 104a to the second endpoint device 102b via, if any, the one or more intermediary devices 104b-104n using the first shared cryptographic key determined from step 152 of intermediary device process 150 of
In step 164, once the first intermediate key information is received by the second device 102b, performing a key exchange of the final shared key with the second device 102b using a further communication link or channel 110 based, at least in part, on performing the first key exchange protocol using the first intermediate key information that was securely sent by the first intermediary device 104a and securely received and decrypted by the second device 102b.
As an option, the key exchange process for determining the final shared key may involve processing and/or transforming by the first and second devices 102a and 102b the first intermediate key information using said first key exchange protocol into the final shared key. This key exchange process may include, should the first key exchange protocol be based on a quantum key exchange/distribution protocol, a reconciliation of random symbols between the first and second devices 102a and 102b using said first intermediate key information to form a common set of symbols, error correction and/or privacy amplification or eavesdropper detection and the like of said common set of symbols, and/or agreeing which symbols (or bits) of the common set of symbols may be used as the final shared key between the first and second devices 102a and 102b. This key exchange process may include, should the first key exchange protocol be a suitable type of key exchange protocol (e.g. classical or post-quantum key exchange protocol), a reconciliation of random symbols between the first and second devices 102a and 102b using said first intermediate key information to form a common set of symbols and/or error correction of said common set of symbols, and/or agreeing which symbols (or bits) of the common set of symbols may be used as the final shared key between the first and second devices 102a and 102b.
The further communication link or channel 110 may be a secure communication link or channel, that is, the further communication link or channel 110 may be secured by one or more previously shared keys between the first and second devices 102a and 102b, where the previously shared keys are unknown to the intermediary devices 104a-104n. Thus, the final shared key agreed between the first and second devices 102a and 102b is known to only these two devices 102a and 102b. Once the final shared key has been exchanged, the first and second devices 102a and 102b may use the final shared key for cryptographic operations therebetween and/or secure/encrypted/authenticated communications with each other over one or more communication links communicatively connecting the first and second devices together.
In step 172, the second device 102b shares a first cryptographic key of the second device 102b over the communication link 106b with its neighbouring and/or adjacent intermediary device in the group of devices 132. If there are more than one intermediary devices in the group of devices 132, then the neighbouring or adjacent intermediary device is the last or N-th intermediary device 104n in the group of devices 132 that is connected with the second device 102b via communication link 106b. The second device 102b uses a second key exchange protocol from the set of key exchange protocols to share a key over the communication link 106b with intermediary device 104n. Otherwise, if the group of devices 132 only includes the first intermediary device 104a and the second device 102b, then the neighbouring or adjacent device is the first intermediary device 104a in the group of devices 132 that is connected with the second device 102b via communication link 106b. The second device 102b uses the second key exchange protocol to share a key over the communication link 106b with the first intermediary device 104a. Depending on the capabilities of the devices 102b and 104n (or 104a) and the communication link 106b, the second key exchange protocol used may be selected (e.g. predetermined or dynamically selected) from the set of key exchange protocols to share the first cryptographic key of the second device 102b between these two devices 102b and 104n (or first intermediary device 104a) over the communication link 106b therebetween. It is noted that this step may be performed prior to step 174 and/or as a separate one or more key exchanges at another time between the pair of devices 102b and 104n (or 104a). For example, the devices 102b and 104n (or 104a) may perform key management and store a set of paired shared cryptographic keys for future use and the like.
As an option, the first intermediary device 104a of the group of devices 132 may send the first shared cryptographic key to the second endpoint device 102b, where the second endpoint device 102b may accumulate the different cryptographic shared keys from the intermediary devices 104a-104n. Thus, each intermediary device in the group of devices 132, when securely communicating said first intermediate key information, only encrypts said incoming communications associated with the first intermediate key information with the shared key it sent to the second endpoint device 102b before forwarding the encrypted first intermediate key information towards the second endpoint device 102b via its nearest neighbour device 104b. The encryption of the first intermediate key information, which will be exchanged with the first intermediary device 104a in step 154, may be performed using symmetric shared keys using, without limitation, for example an XOR-type operation, a OTP operation(s), and/or any other type of encryption operation for encrypting said first intermediate key information with a shared key, which may be decrypted using the same symmetric shared key and the like. As an option, the shared keys used in the secure communication may be symmetric shared keys enabling the first intermediate key information to be encrypted by the first intermediary device 104a for sending securely towards the second device 102b via, if any, one or more other intermediary devices 104b-104n. The symmetric shared keys enable encryption/decryption of the first intermediate key information with the shared key using, without limitation, for example XOR-type operations, and/or one-time-pad operations, and/or any other type of encryption/decryption operations using symmetric keys.
In step 174, securely receiving and decrypting data representative of the exchanged first intermediate key information from the first intermediary device 104a via, if any, the one or more intermediary devices 104b-104n using at least the first shared cryptographic key determined from step 172.
In step 176, once the first intermediate key information is received by the second device 102b, performing a key exchange of the final shared key with the first device 102a using a further communication link or channel 110 based, at least in part, on performing the first key exchange protocol using the first intermediate key information that was securely sent by the first intermediary device 104a and securely received and decrypted by the second device 102b.
As an option, the key exchange process for determining the final shared key may involve processing and/or transforming by the first and second devices 102a and 102b the first intermediate key information using said first key exchange protocol into the final shared key. This key exchange process may include, should the first key exchange protocol be based on a quantum key exchange/distribution protocol, a reconciliation of random symbols between the first and second devices 102a and 102b using said first intermediate key information to form a common set of symbols, error correction and/or privacy amplification or eavesdropper detection and the like of said common set of symbols, and/or agreeing which symbols (or bits) of the common set of symbols may be used as the final shared key between the first and second devices 102a and 102b. This key exchange process may include, should the first key exchange protocol be a suitable type of key exchange protocol (e.g. classical or post-quantum key exchange protocol), a reconciliation of random symbols between the first and second devices 102a and 102b using said first intermediate key information to form a common set of symbols and/or error correction of said common set of symbols, and/or agreeing which symbols (or bits) of the common set of symbols may be used as the final shared key between the first and second devices 102a and 102b.
The further communication link or channel 110 may be a secure communication link or channel, that is, the further communication link or channel 110 may be secured by one or more previously shared keys between the first and second devices 102a and 102b, where the previously shared keys are unknown to the intermediary devices 104a-104n. Thus, the final shared key agreed between the first and second devices 102a and 102b is known to only these two devices 102a and 102b. Once the final shared key has been exchanged, the first and second devices 102a and 102b may use the final shared key for cryptographic operations therebetween and/or secure/encrypted/authenticated communications with each other over one or more communication links communicatively connecting the first and second devices together.
In this example, each of the three communication links 106a, 108a and 106b are classical communication links, in which each communication link 106a, 108a and 106b includes a classical channel. The first device 102a is connected to intermediary device 104a via a first communication link 106a of the communication links 106a, 108a, and 106b, the second device 102b is similarly connected via a second communication link 106b to intermediary device 104b and each of the intermediary devices 104a-104b are connected to each adjacent or neighbouring intermediary device 104b and 104a via one of the communication links 108a. Thus, the first and second devices 102a and 102b are communicatively coupled to each other via the one or more intermediary devices 104a-104n. In this example, there are four devices 102a, 104a, 104b and 102b and there are three communication links. Although four devices 102a, 104a, 104b and 102b are described, this is byway of example only and the invention is not so limited, it is to be appreciated by the skilled person that the key exchange system 200 can be extended to a plurality of intermediary devices 104a-104n as described in
Thus, the first device 102a is communicatively coupled via the communication links 106a, 108a and 106b and intermediary devices 104a and 104b to the second device 103b. Thus, with these communication links 106a, 108a and 106b in place, each of the devices may use a classical key exchange protocol to share a set of secret symbols or random symbols (or bits) with the next adjacent device. For example, first device 102a and first intermediary device 104a may use a first classical key exchange protocol to share a first set of secret symbols 202a (e.g. KAC) with each other, which forms first intermediate key information. First intermediary device 104a and second intermediary device 104b may use the same or another classical key exchange protocol to share a second set of secret symbols 202b (e.g. KCD) with each other, which may be considered to form a “shared key” therebetween. Finally, second intermediary device (e.g. last or the N-th intermediary device, where N=2) and the second device 102b may use a second classical key exchange protocol, which may be the same as the first and said other classical key exchange protocols, to share a third set of secret symbols 202c (e.g. KDB) with each other, which may be considered to form another shared key therebetween. Now, there is a first set of symbols (e.g. KAC), second set of symbols (e.g. KCD) and third set of symbols (e.g. KDB) that are believed to be secret, and separately shared between the first device 102a and the first intermediary device 104a (e.g. Alice and Carol), the first intermediary device 104a and the second intermediary device 104b (e.g. Carol and David), and the second intermediary device 104b and the second device 102b (e.g. David and Bob), respectively.
Now, the first and second devices 102a and 102b may perform a further key exchange in which the first and second devices 102a and 102b and share a final shared key therebetween, but where the secure channel is no longer available to them. In order to do this, the first and second devices 102a and 102b can use the existing shared sets of symbols 202a, 202b, and 202c to derive a final shared key between the first device 102a and the second device 102b. The first and second devices 102a and 102b can also perform this key exchange of the final shared key over an insecure channel, e.g. the classical communication links 106a, 108 and 106b, whilst remaining certain that any eavesdropper listening in on the communication involved would not gain any information about the final shared key that is eventually shared between the first and second devices 102a and 102b. As described with reference to
Alternatively or additionally, the first intermediary device 104a may encrypt the first intermediate key information (e.g. KAC) with the second set of symbols (e.g. KCD) shared with the second intermediary device 104b, and sends the encrypted first intermediate key information (e.g. (e.g. KAC XOR KCD) to the second intermediary device 104a. For example, the first intermediary device 104a calculates KAC XOR KCD, where when the first intermediate key information 202a and the second set of symbols 202b are bit strings and/or bits or are converted into a bit string/bits, then a bitwise XOR may be performed in which XOR on a pair of bits has its standard meaning of: 0 XOR 0=0; 0 XOR 1=1; 1 XOR 0=1; and 1 XOR 1=0. Although the bitwise XOR operation is described herein, this is byway of example only and the invention is not so limited, the person skilled in the art would understand that any other type of symmetric encryption operation may be performed such as, without limitation, for example XOR-type operations performed on symbols, bitwise One-Time-Pad operations, and/or symbol wise OTP operations, and/or any suitable type of cryptographic operation may be used.
The second intermediary device 104a, may use the second set of symbols (e.g. KCD) shared with the first intermediary device 104a to decrypt the received encrypted first intermediate key information (e.g. (KAC XOR KCD) XOR KCD=KAC), to retrieve the first intermediate key information (e.g. KAC). The second intermediate device 104b then re-encrypts the first intermediate key information (e.g. KAC) with the third set of symbols 202c (e.g. KDB) to form re-encrypted first intermediate key information (e.g. KAC XOR KDB), and sends the re-encrypted first intermediate key information (e.g. KAC XOR KDB) to the second device 102b. The second device 102b decrypts the received re-encrypted first intermediate key information using the third set of symbols (e.g. KDB) shared with the second intermediary device 102b (e.g. (KAC XOR KDB) XOR KDB=KAC), to retrieve the first intermediate key information (e.g. KAC). Now, the first and second device 102a and 102b have the same set of key information (e.g. KAC) and may form a final shared key using this same set of key information (e.g. KAC). In the simplest case, the first and second devices 102a and 102b may simply use the first intermediate key information (e.g. KAC) as the final shared key therebetween. However, the downside to encrypting/decrypting the first intermediate key information (e.g. KAC) at each other intermediary device 102b downstream of the first intermediary device 104a, is that the first intermediate key information (e.g. KAC) is revealed to said each intermediary device 104b. As well, multiple encryption/decryption operations are required to be performed on the first intermediate key information (e.g. KAC).
Another approach may be used according to the invention, where the first intermediary device 104a (e.g. Carol), which exchanged the first intermediate key information (e.g. KAC) with the first device 102a (e.g. Alice), encrypts the first intermediate key information (e.g. KAC) with the second set of symbols 202b (e.g. KCD or second shared key) shared with the second intermediary device 104b (e.g. David) using, without limitation, for example an XOR-type operation (e.g. KAC XOR KCD). That is, the first intermediary device 104a encrypts the first intermediate key information 202a (e.g. KAC) with the second set of symbols (e.g. KCD) shared with the adjacent intermediary device 104b. The remaining intermediary devices 104b in the communication path (e.g. intermediary devices connected to communication links 108a and 106b) to the second device 102b use the shared keys they shared with their neighbouring or adjacent devices (e.g. KCD, KDB) and send towards the second device 102b an XOR of their two shared keys (e.g. KCD XOR KDB) whilst also passing through the encrypted first intermediate key information (e.g. KAC XOR KCD). Thus, the second device 102a accumulates a set of XOR'ed shared keys (e.g. KCD XOR KDB) from those intermediary devices 104b other than the first intermediary device 104a and receives the encrypted first intermediate key information (e.g. KAC XOR KCD) from intermediary device 104a and passed through via those other intermediary devices 104b. Thus, the second device 102b may perform XOR operation(s) based on XORing together the following: a) all of the received XOR'd shared keys (e.g. KCD XOR KDB); b) the received encrypted first intermediate device information (e.g. KAC XOR KCD); and c) the third set of symbols 202c (e.g. KDB) that the second device 102b shared with the N-th intermediary device 104b. In this example, the second device 102b calculates ((KAC XOR KCD) XOR (KCD XOR KDB)) XOR KDB. Since the only information that appears once is the first intermediate key information (e.g. KAC) and not twice in the calculated string of XORs, this means that the second device 102b has retrieved/decrypted the first intermediate key information (e.g. KAC). The effect of XORing the same set of symbols twice is equivalent to multiplying by “1”, so the overall result of this XORing calculation is the first intermediate key information (e.g. KAC). Thus, in this case, both the first device and the second device now know the value of the first intermediate key information (e.g. KAC) and, in essence, KAC may be the final shared key between the first and second endpoint devices 102a and 102b.
Note that neither intermediary devices 104a and 104b will gain any additional information about the secret shared final key by only carrying out their XOR calculations. In fact, intermediary device 104a already knows the value of the first intermediate key information (e.g. KAC) since they shared it or exchanged it with the first device 102b during the initial stage of the key exchange protocol 200. Furthermore, intermediary device 104b will still not know the value of the first intermediate key information (e.g. KAC), even if they know the results of both the XOR calculations. Likewise, if an eavesdropper were listening in on the transmissions in which intermediary devices 104a and 104b communicated the results of their XOR calculations, this would not provide the eavesdropper with any information about any of the shared secret keys and/or first intermediate key information (e.g. KAC).
A further approach may be used according to the invention, where the first intermediary device 104a (e.g. Carol), which exchanged the first intermediate key information (e.g. KAC) with the first device 102a (e.g. Alice), encrypts the first intermediate key information (e.g. KAC) with the second set of symbols 202b (e.g. KCD or second shared key) shared with the second intermediary device 104b (e.g. David) using, without limitation, for example an XOR-type operation (e.g. KAC XOR KCD). That is, the first intermediary device 104a encrypts the first intermediate key information 202a (e.g. KAC) with the second set of symbols (e.g. KCD) shared with the adjacent intermediary device 104b. The remaining intermediary devices 104b in the communication path (e.g. intermediary devices connected to communication links 108a and 106b) to the second device 102b combine their shared keys that they shared with their neighbouring or adjacent devices 104a and 102b (e.g. KCD, KDB) with an XOR operation to generate a new combined shared key (e.g. KCD XOR KDB), which is used to further encrypt the received encrypted first intermediate key information (e.g. KAC XOR KCD). When the encrypted first intermediate key information (e.g. KAC XOR KCD) is received by a remaining intermediary device 104b, it further encrypts the encrypted first intermediate key information (e.g. KAC XOR KCD) by XORing with the new combined shared key (e.g. KCD XOR KDB), and then passes through the further encrypted first intermediate key information (e.g. (KAC XOR KCD) XOR (KCD XOR KDB)) by sending on towards, if any, the adjacent or neighbouring device in the direction of the second device 102b, which in this example, is second device 102b.
Thus, the second device 102a receives the further encrypted first intermediate key information (e.g. [(KAC XOR KCD) XOR (KCD XOR KDB)]), which has been encrypted multiple times by combined pairwise shared keys as it passes through each intermediary device 104b other than the first intermediary device 104a. The second device 102b may then simply decrypt and retrieve the first intermediate key information from the further encrypted first intermediate key information (e.g. [(KAC XOR KCD) XOR (KCD XOR KDB)]) by XORing it with the third set of symbols 202c (e.g. KDB) that the second device 102b shared with the N-th intermediary device 104b. In this example, the second device 102b calculates [KAC XOR KCD) XOR (KCD XOR KDB)] XOR KDB. Since the only information that appears once is the first intermediate key information (e.g. KAC) and not twice in the calculated string of XORs, this means that the second device 102b has retrieved/decrypted the first intermediate key information (e.g. KAC). Thus, in this case, both the first device and the second device now know the value of the first intermediate key information (e.g. KAC) and, in essence, KAC may be the final shared key between the first and second endpoint devices 102a and 102b.
Note that neither intermediary devices 104a and 104b will gain any additional information about the secret shared final key by only carrying out their XOR calculations. In fact, intermediary device 104a already knows the value of the first intermediate key information (e.g. KAC) since they shared it or exchanged it with the first device 102b during the initial stage of the key exchange protocol 200. Furthermore, intermediary device 104b will still not know the value of the first intermediate key information (e.g. KAC), unless they have knowledge of the result of the intermediary device's 104a XOR calculation(s). Likewise, if an eavesdropper were listening in on the transmissions in which intermediary devices 104a and 104b communicated the results of their XOR calculations, this would not provide the eavesdropper with any information about any of the shared secret keys and/or first intermediate key information (e.g. KAC).
Although this fully classical linking and chaining scheme/protocol is simple to implement, it requires the use of classical channels to carry out the initial distribution of the first intermediate device information 202a and the shared keys 202b and 202c, and, in contrast to the use of quantum channels, there is no fundamental guarantee that an eavesdropper gaining information about the first intermediate key information, or the second and third sets of symbols 202b and 202c during this initial stage will be detected. Furthermore, the key exchange system 200 also requires that the first intermediary device 104a is a trusted node, because the first intermediary device 104a will fully know the first set of secret symbols 202a (e.g. KAC), also referred to as the first intermediate key information, that it exchanged with the first device 102a and which was eventually shared between the first device 102a and the second device 102b. These limitations can be overcome by either: a) using a fully quantum protocol, or b) a hybrid classical-quantum approach.
In this example, each of the three communication links 106a, 108a and 106b are quantum communication links (e.g. indicated by the dashed lines), in which each quantum communication link 106a, 108a and 106b includes a quantum channel connecting between the devices. Thus, each device 102a, 104a, 104b and 102b has the required quantum hardware/technology and/or quantum transmitter/receiver structures for being able to perform one or more types of quantum key exchange/distribution protocol(s) as described herein, modifications thereto, combinations thereof and/or as the application demands. The first device 102a is connected via a first quantum channel to intermediary device 104a via a first quantum communication link 106a of the quantum communication links 106a, 108a, and 106b, the second device 102b is similarly connected via a second quantum channel of the second quantum communication link 106b to intermediary device 104b and each of the intermediary devices 104a-104b are connected to each adjacent or neighbouring intermediary device 104b and 104a via a quantum channel of one of the quantum communication links 108a therebetween. Thus, the first and second devices 102a and 102b are communicatively coupled to each other via the one or more intermediary devices 104a-104n. In this example, there are four devices 102a, 104a, 104b and 102b and there are three quantum communication links. Although four devices 102a, 104a, 104b and 102b are described, this is byway of example only and the invention is not so limited, it is to be appreciated by the skilled person that the key exchange system 210 can be extended to a plurality of intermediary devices 104a-104n as described in
In this key exchange system 210, a entanglement-based quantum key exchange/distribution is performed. Thus, the first device 102a is communicatively coupled via the quantum communication links 106a, 108a and 106b and intermediary devices 104a and 104b to the second device 102b. With these quantum communication links 106a, 108a and 106b in place, each of the devices may use a quantum key exchange/distribution protocol that only uses quantum channels to share a set of secret symbols or random symbols (or bits) with the next adjacent device. The key exchange system 210 using entanglement-based quantum key exchange/distribution further modifies the key exchange systems 100, 120, 130 and/or 200 by performing a two-way chaining procedure in which two intermediate key information exchanges are performed and the shared key pair information exchanges between intermediary device 104a and 104b and the first and second devices 102a and 102b are performed. For example, a first intermediate key information exchange is performed between the first device 102a and first intermediary device 104a, a second intermediate key information exchange between the second device 102b and the N-th or last intermediary device 104b (or in this example the second intermediary device 104b). In which the results of the first and second intermediate key information exchanges are “encrypted” and securely sent in a quantum manner to the first and second devices 102a and 102b, respectively. Furthermore, the first intermediary device 104a perform a first and second shared key pair exchange with the second intermediary device 104b, in which each first and second shared key of the pair is used to “encrypt” the first and second intermediate key information in which the results are securely sent in a quantum manner to the first device 102a and second device 102b, respectively. Thereafter, the first device 102a and second device 102b performed a further key exchange based on the first and second intermediate key information and the first and second shared key information to form a final shared key therebetween.
For this key exchange system 210, the entanglement-based quantum key exchange/distribution is performed in which the secret symbols or random symbols (or bits) and XOR calculations as described with reference to
In this example, for simplicity and to illustrate the application of entanglement-based quantum key exchange/distribution to the key exchange system according to the invention, only 3 EPR pairs are distributed using a entanglement quantum protocol between the first device 102a and the first intermediary device 104a, the first intermediary device 104a and the second intermediary device 104b, and the second intermediary device 104b and the second device 102b. In order to do this, each of the communication links 106a, 108a, and 106b has a quantum channel, which is depicted by the dashed lines. The first EPR pair (or A-C EPR pair) is denoted as A-C EPR 212a-1 and A-C EPR 212a-2, in which the A-C EPR 212a-2 may represent the first intermediate key information exchanged between the first device 102a and the first intermediary device 104a. The second EPR pair (or C-D EPR pair) is denoted C-D EPR 212b-1 and 212b-2, which may represent a shared key pair exchanged between the first intermediary device 104a and the second intermediary device 104b. The third EPR pair (or D-B EPR pair) is denoted D-B EPR 212c-1 and 212c-2, in which the D-B EPR 212c-1 may represent the second intermediate key information exchanged between the second device 102b and the second intermediary device 104b. Once the EPR pairs have been distributed/exchanged between the first device 102a and first intermediary device 104a, first intermediary device 104a and second intermediary device 104b, and second device 102b and second intermediary device 104b by the entanglement protocol, the first intermediary device 104a performs an “entanglement” encryption of the first intermediate key information A-C EPR 212b-2 by carrying out a BSM (e.g. entanglement quantum version of a classical XOR) on the two particles in its possession, which is its half of the A-C EPR pair, namely, A-C EPR 212a-2 (e.g. the first intermediate device information represented by A-C EPR 212a-2) together with its half of the B-C EPR pair, which is B-C EPR 212b-1 and represents, crudely, a first shared key of the shared key pair with the second intermediary device 104b. Similarly, the second intermediary device 104b performs an “entanglement” encryption of the second intermediate key information D-B EPR 212c-1 by carrying out a BSM (e.g. entanglement quantum version of a classical XOR) on the two particles in its possession, which is its half of the D-B EPR pair and is D-B EPR 212c-1 (e.g. the second intermediate device information represented by D-B EPR 212c-1) together with its half of the B-C EPR pair, which is B-C EPR 212b-2 and represents its part of the shared key pair with the first intermediary device 104a. Each of these BSMs has 4 possible outcomes, and so the result of each of them can be represented by 2 (classical) bits. Given this, the first intermediary device 104a and second intermediary device 104b communicate their 2 bits representing their BSM outcomes to both the first and second devices 102a and 102b. Depending on the 2 bits received, the first and second devices 102a and 102b each carry out one of 4 possible deterministic operations on the particles in their possession. Following this, the first and second device 102a and 102b will share an EPR pair. The overall process just outlined can be described as (double) entanglement swapping (which in turn can be described as an example of quantum teleportation). The initial maximal entanglement between the first device 102a and second device 102b (one particle at each), between the first intermediary device 104a and the second intermediary device 104b (one particle at each), and between the second intermediary device 104b and the second device 102b (one particle at each) has been converted to maximal entanglement between the two particles at the first intermediary device 104a, between the two particles at the second intermediary device 104b, and between the first and second devices 102a and 102b (one particle at each).
The EPR pair that the first and second devices 102a and 102b now possess will enable them to perform a key exchange and determine a final shared key (albeit 1 secret bit in this example) by generating a shared secret bit, at anytime (in principle) of their choosing, by carrying out a measurement on their particles (with both of them using the same measurement basis). If they repeat this EPR process a number of times with a series of EPR pairs obtained by chaining in the same way as described above, they will be able share a longer final shared key and also detect if there was any eavesdropping on the quantum channels of the quantum communication links 106a, 108a and 106b used to distribute the EPR pairs by carrying out a simple test. In addition, neither the first intermediary device 104a and the second intermediary device 104b will have any knowledge of the secret bits shared by the first and second devices 102a and 102b and so can be considered trustless without compromising the security of the scheme. Thus, it can be seen that this fully quantum scheme does not have the same limitations associated with the fully classical scheme described with reference to
In this example, each of the three communication links 106a, 108a and 106b are hybrid quantum-classical communication links with quantum channels, indicated by the dashed lines, and classical channels (indicated by solid lines). Each communication link 106a, 108a and 106b includes a quantum channel and a classical channel connecting between the devices. Thus, each device 102a, 104a, 104b and 102b has the required quantum hardware/technology and/or quantum transmitter/receiver structures as well as the required classical hardware/technology and/or classical transceivers and the like for being able to perform one or more types of quantum key exchange/distribution protocol(s) using the quantum channels and classical channels as described herein, modifications thereto, combinations thereof and/or as the application demands. The first device 102a is connected via a first quantum channel 106a-1 and a first classical channel 106a-2 to intermediary device 104a via a first communication link 106a, the second device 102b is similarly connected via a second quantum channel 106b-1 and a second classical channel 106b-2 of the second communication link 106b to intermediary device 104b, and each of the intermediary devices 104a-104b are connected to each adjacent or neighbouring intermediary device 104b and 104a via a quantum channel 108a-1 and a classical channel 108a-2 of one of the communication links 108a therebetween. Thus, the first and second devices 102a and 102b are communicatively coupled to each other via the one or more intermediary devices 104a-104n and communication links 106a, 108a, and 106b therebetween. As an option, the first and second devices 102a and 102b may also be connected via a further communication link 110, which may be a classical channel that the first and second devices secure using one or more previously exchanged cryptographic keys and the like. This may enable the first and second devices 102a and 102b to agree on a final shared key independently of the intermediary devices 104a and 104b, and/or to prevent the intermediary devices 104a and 104b from eavesdropping on the final key exchange between the first and second devices 102a and 102b. In this example, there are four devices 102a, 104a, 104b and 102b and there are three communication links. Although four devices 102a, 104a, 104b and 102b are described, this is by way of example only and the invention is not so limited, it is to be appreciated by the skilled person that the key exchange system 220 can be extended to a plurality of intermediary devices 104a-104n as described in
In this key exchange system 220, one or more hybrid quantum-classical key exchange protocol(s) may be used from the set of key exchange protocols. Although in this example the BB84 Quantum Key Distribution (QKD) scheme is described, this is byway of example only and the invention is not so limited, it is to be appreciated by the skilled person that any other suitable quantum key distribution protocol that makes use of a quantum channel and a classical channel over a communication link between devices may be used. The hybrid quantum-classical key exchange protocols offer a compromise: unlike the fully classical scheme as described with reference to
For the BB84-based key exchange system 220, standard BB84 protocol key exchange processes are carried out between pairs of devices for exchanging shared keys and/or intermediate key information therebetween. For example, a first BB84 key exchange protocol is used over the first communication link 106a between the first device 102a and the first intermediary device 104a to exchange a first set of symbols 222a (or random/secret symbols/bits) therebetween, which may be referred to as the first intermediate key information 222a (e.g. KAC). A second BB84 key exchange protocol is used over the intermediary communication link 108a between the first intermediary device 104a and the second intermediary device 104b to exchange a second set of symbols 222b therebetween, which may be referred to as a shared key 222b (e.g. KCD). A third BB84 key exchange protocol is used over the second communication link 106b between the second device 102b and the N-th or last intermediary device 104b to exchange a third set of symbols 222c therebetween, which may be referred to as a second shared key 222c (e.g. KDB). Thus, each pair of devices shares a set of symbols (e.g. a series of secret bits/symbols). As part of each of the first, second and third BB84 exchange processes, each respective pair of devices can carry out eavesdropping tests, which provide a guarantee that no eavesdropper trying to gain information about the first, second and third sets of symbols 222a, 222b and 222c that have been shared between corresponding devices 102a and 104a, 104a and 104b, and 104b and 102b will be able to escape detection. In this example, once all three pairs of sets of symbols have been exchanged and the devices 102a, 104a, 104b and 102b have confirmed that their shared bits are indeed secret, the methodology performed in key exchange system 200 described in
Although the hybrid BB84-based key exchange system 220 may be able to detect eavesdroppers due to the use of the quantum channels of the communication links 106a, 108a, and 106b, just as with the fully classical key exchange system 200 of
In this example, each of the three communication links 106a, 108a and 106b are hybrid quantum-classical communication links with quantum channels, indicated by the dashed lines, and classical channels (indicated by solid lines). Each communication link 106a, 108a and 106b includes a quantum channel and a classical channel connecting between the devices. Thus, each device 102a, 104a, 104b and 102b has the required quantum hardware/technology and/or quantum transmitter/receiver structures as well as the required classical hardware/technology and/or classical transceivers and the like for being able to perform one or more types of quantum key exchange/distribution protocol(s) using the quantum channels and classical channels as described herein, modifications thereto, combinations thereof and/or as the application demands. The first device 102a is connected via a first quantum channel 106a-1 and a first classical channel 106a-2 to intermediary device 104a via a first communication link 106a, the second device 102b is similarly connected via a second quantum channel 106b-1 and a second classical channel 106b-2 of the second communication link 106b to intermediary device 104b, and each of the intermediary devices 104a-104b are connected to each adjacent or neighbouring intermediary device 104b and 104a via a quantum channel 108a-1 and a classical channel 108a-2 of one of the communication links 108a therebetween. Thus, the first and second devices 102a and 102b are communicatively coupled to each other via the one or more intermediary devices 104a-104n and communication links 106a, 108a, and 106b therebetween. Furthermore, the first and second devices 102a and 102b may also be connected via a further communication link 110, which may be a classical channel that the first and second devices secure using one or more previously exchanged cryptographic keys and the like. This may enable the first and second devices 102a and 102b to agree on a final shared key independently of the intermediary devices 104a and 104b, and/or to prevent the intermediary devices 104a and 104b from eavesdropping on the final key exchange between the first and second devices 102a and 102b.
In this example, there are four devices 102a, 104a, 104b and 102b and there are three communication links. Although four devices 102a, 104a, 104b and 102b are described, this is by way of example only and the invention is not so limited, it is to be appreciated by the skilled person that the key exchange system 230 can be extended to a plurality of intermediary devices 104a-104n as described in
In this key exchange system 230, one or more hybrid quantum-classical key exchange protocol(s) based on the BB84 family of protocols may be used from the set of key exchange protocols. In this example, a hybrid-BB84 key exchange protocol is used, which operates in a similar manner as the BB84-based key exchange system 220 as described with reference to
In the four party example of
After this, the first device 102a and second device 102b perform a key exchange based on the hybrid-BB84 protocol over a secure communication channel 110, which is private, by performing a reconciliation procedure, error detection/correction, privacy amplification and the like. For example the reconciliation procedure may be used to discard all of their unsifted key symbols/bits except unsifted key symbols/bits for those cases in which the following conditions are satisfied: (i) for the unsifted keys (e.g. IAC, SAC) distributed/exchanged between the first device 102a and the first intermediary device 104b, the measurement bases used by the first device 102a and the first intermediary device 104b must be the same, (ii) for the unsifted key (e.g. ICD) distributed/exchanged between first intermediary device 104a and the second intermediary device 104b, the measurement bases used by first intermediary device 104a and the second intermediary device 104b must be the same, and (iii) for the unsifted keys (e.g. IDB, SDB) distributed/exchanged between the second device 102b and the second intermediary device 104b, the measurement bases used by the second device 102b and the second intermediary device 104b must be the same. For the cases where all three of these conditions are satisfied, the symbols/bits retained by the first device 102a and second device 102b will constitute a quantum-secure cryptographic key, which may be used as the final shared key. In addition, the first device 102a and second device 102b can use a portion of these symbols/bits to check whether there was any eavesdropping on the quantum channels 106a-1, 108a-1 and 106b-1 through which the quantum systems, from which the key symbols/bits were derived, were distributed.
For the hybrid-BB84 protocol, the requirement for the first intermediary device 104a to be a trusted node is weaker than in the BB84-based scheme as described with reference to
Although the key exchange protocols may be the same for each of the communication links 106a, 108a and 106b as described with reference to
Although the key exchange systems 200, 210, 220 and 230 have been described as involving four devices, e.g. two endpoint devices 102a and 102b, and two intermediary devices 104a and 104b with three communication links 106a, 108a and 106b connecting these devices, this is byway of example only and the invention is not so limited, the skilled person in the art would appreciate that these key exchange system 200, 210, 220 and 230 with reference to
Although
In a generalised key exchange system with N devices, labelled 1, 2, . . . N, and the goal is for endpoint devices 1 and N to share a final shared key that is based on device 1's original version of the key. For two adjacent devices i and j within the string of devices or chain, the versions of the key they share using a key exchange protocol are denoted, at the point the XORs are applied, as KLj(i) and KLj(j) respectively. Note that in the cases of a fully classical part of a chain or a BB84-based part, these keys are the same KLj(i)=KLj(j), but for the hybrid-BB84-based part of a chain these keys are not the same KLj(i) #KLj(j) because the keys are unsifted at the point the XOR calculations are applied. In the general case, the key that device N calculates is derived from the following formula:
If there is an hybrid-BB84-based part/component to the chain, the key that device N derives will then have to be reconciled against participant 1's unsifted key, based on the measurement basis information that has been communicated by all the intermediate/intermediary devices, in combination with devices 1 and N's measurement basis information, with the latter being communicated between devices 1 and N via a private channel or private communication link intended to prevent the other devices or participants (and in particular intermediary devices such as participants 2 . . . N−1) from accessing it. In other cases, this reconciliation step will not be necessary.
In this example, there are five parties and so each of the four communication links 106a, 108a, 108b and 106b may be hybrid quantum-classical communication links, each communication links 106a, 108a, 108b and 106b having at least a quantum channels, indicated by the dotted and/or dashed lines, with classical channels (not shown). Each communication link 106a, 108a, 108b and 106b may include a quantum channel and a classical channel connecting between the devices. Thus, each device 102a, 104a, 104b, 104c and 102b has the required quantum hardware/technology and/or quantum transmitter/receiver structures as well as the required classical hardware/technology and/or classical transceivers and the like for being able to perform one or more types of quantum key exchange/distribution protocol(s) using the quantum channels and classical channels as described herein, modifications thereto, combinations thereof and/or as the application demands.
The first device 102a is connected via at least a first quantum channel (dashed arrow) and a classical channel (not shown) to intermediary device 104a via a first communication link 106a. In this example, the first quantum channel is an optical fibre channel, the first classical channel is also an optical fibre channel. The second device 102b is similarly connected via at least a second quantum channel and a second classical channel (not shown) via the second communication link 106b to the N-th or last intermediary device 104c (e.g. Carol). In this example, the first quantum channel is an optical fibre channel, the second classical channel is also an optical fibre channel. Each of the intermediary devices 104a-104c are connected to each adjacent or neighbouring intermediary device 104c, 104b and 104a via at least a quantum channel and a classical channel of one of the communication links 108a-108b therebetween. In this example, the quantum channels between the intermediary devices 104a-104c are optical free space quantum channels, and the classical channels are satellite communication channels and the like. Thus, the first and second devices 102a and 102b are communicatively coupled to each other via the one or more intermediary devices 104a-104n and communication links 106a, 108a, and 106b therebetween. Furthermore, the first and second devices 102a and 102b may also be connected via a further communication link 110, which may be a separate classical channel that the first and second devices 102a-102b securely communicate over using one or more previously exchanged cryptographic keys and the like. This further communication link 110 may bypass the classical channels of the other communication links 106a, 108a-108b and 106b. This may enable the first and second devices 102a and 102b to later agree on a final shared key independently of the intermediary devices 104a, 104b and 104c, and/or to prevent the intermediary devices 104a, 104b and 104c from eavesdropping on the final key exchange between the first and second devices 102a and 102b.
In this example, the key exchange system 300 includes three intermediate/intermediary devices/nodes 104a-104c (Evan, David and Carol) in which the second intermediary device 104b (e.g. David) is a satellite and the first and third intermediary devices 104a and 104c (e.g. Evan and Carol) are two regional fibre optic hubs with optical ground receiver stations (OGRs) for receiving quantum transmissions from the second satellite intermediary device 104b. Although the second intermediary device 104b is a satellite, this is by way of example only and the invention is not so limited, it is to be appreciated by the skilled person that each of the intermediary devices 104a, 104b and 104c may be any type of device that is capable of transmitting and/or receiving quantum transmissions and/or classical transmissions, where the second intermediary node 104b may simply be another regional fibre hub that connects with the two first and last intermediary devices 104a and 104c via optical fibre communication links and the like, and/or as the application demands. The two first and second end point devices 102a and 102b (Alice and Bob) may wish to establish or exchange a shared secret key or a final shared key with each other.
As shown in
The key exchange system 300 and/or those of
Referring to
The first endpoint device 102a (e.g. Alice) exchanges first intermediate key information with the intermediary device 104a (e.g. Evan) using a first key exchange protocol, in which the first key exchange protocol is a hybrid-BB84 quantum key exchange protocol (e.g. the hybrid-BB84 based protocol as described with reference to
Thus, the first intermediary device 104a has exchanged/shared first intermediate key information with the first device 102a, in which the first intermediate key information at the first intermediary device 104a forms a first shared key associated with the intermediary device 104a. Each of the remaining devices perform a key exchange of a shared key with their adjacent or neighbouring devices using a quantum key exchange protocol selected from the set of key exchange protocols including, without limitation, the hybrid-BB84 quantum key exchange protocol described above and/or another quantum key exchange protocol such as, without limitation, for example the BB84 quantum key exchange protocol and/or any other quantum key exchange protocol using quantum channels and/or classical channels and the like. Thus, for example, using the selected quantum key exchange protocol over communication link 108a, the first intermediary device 104a exchanges a second shared key with the adjacent second intermediary device 104b. This means, the intermediary device 104a has a pair of shared keys including the first intermediate key information and the second shared key with the second intermediary device 104b. The second intermediary device 104b, using a selected quantum key exchange protocol over communication link 108b, exchanges a another shared key with the adjacent third intermediary device 104c. This means, the second intermediary device 104b has a pair of shared keys including the second shared key shared with the first intermediary device and the other shared key shared with the third intermediary device 104c. The third intermediary device 104c, using a selected quantum key exchange protocol over communication link 106b, exchanges a further shared key with the adjacent second device 102b. This means, the third intermediary device 104c has a pair of shared keys including the other shared key shared with the second intermediary device 104b and the further shared key shared with the second device 102b. The second device 102b only has said further shared key shared with the third intermediary device 104c. As well, the first device 102a only has said received first set of symbols along with the transmitting or receiving basis set from the first intermediary device and the receiving or transmitting basis set used to receive or transmit the random symbols and the like.
Once each of the devices 102a, 104a-104c and 102b have shared so-called keys with their neighbouring adjacent devices in the set of devices 102a, 104a-104c and 102b, the first intermediary device 104a securely sends data representative of the exchanged first intermediate key information to the second endpoint device via the communication links 108a, 108b, and 106c. This may include encrypting the first intermediate key information with a shared key of a neighbouring device of the group of devices. Sending the encrypted first intermediate key information to the second endpoint device via said neighbouring device(s) over said communication links 108b, 106b therebetween, in which any remaining intermediary devices 104b and 104c securely send the first endpoint device intermediate key information to said second endpoint device using corresponding shared keys with neighbouring devices over said communication links therebetween. The second endpoint device 102a receives the encrypted first intermediate key information and decrypts said encrypted first intermediate key information to retrieve said first intermediate set of symbols determined by the first intermediary device 104a.
Once received, the first and second endpoint devices 102a and 102b determine the final shared key, using the hybrid-BB84 based protocol (or any other QKD protocol) that was used by the first device 102a in exchanging the first intermediate key information with the first intermediary device 104a. The final shared key may be determined by the first and second devices 102a and 102b performing a second portion of the hybrid-BB84 based protocol for exchanging a shared final key based on the first intermediate key information, where the second portion of the hybrid-BB84 quantum key exchange protocol used to exchange the final shared key includes the first and second endpoint devices 102a and 102b performing the following steps of, over a secure classical communication channel 110: exchanging, between the first and second endpoint devices over the secure communication channel 110 therebetween, the transmitting or receiving basis set used by the first endpoint device 102a for transmitting or receiving the first set of random symbols with the first intermediary device 104a; determining, by the second endpoint device 102b using the transmitting or receiving basis set used by the first endpoint device 102a for transmitting or receiving the first set of random symbols and the first intermediate set of symbols received in the first intermediate key information, a second set of symbols corresponding to at least a portion of the first set of random symbols transmitted or received by the first endpoint device 102a; and exchanging, by the first and second devices 102a and 102b over the classically-secured communication channel 110 therebetween, a shared key based processing and transforming the first set of random symbols and second set of symbols. The processing and transforming including a reconciliation procedure of sifting the first and second sets of random symbols, error detection and correction of the sifted first and second sets of random symbols, privacy amplification and eavesdropper detection by discarding those symbols form the first and second sets of random symbols detected to have been eavesdropped, and agreeing on a selection of symbols from the first and second sets of symbols for forming a final shared key therebetween.
As an option, the first intermediate key information may further include data representative of from the group of: said transmitting or receiving basis set used by the first intermediary device 104a when transmitting or receiving said first set of random symbols over the first quantum channel of the communication link 106a with the first endpoint device 102a; and said first set of random symbols transmitted or received by the first intermediary device 104a when transmitting or receiving said first set of random symbols with the first endpoint device 102a. As another option, the exchanging a shared key by the first endpoint device 102a and second endpoint device 102b over a secure communication channel 110 therebetween may further include performing final key information reconciliation, error correction and/or detection and privacy amplification on the second set of symbols determined by the second endpoint device 102b and the first set of symbols transmitted or received by the first endpoint device 102a resulting in a final shared symmetric key. Additionally or alternatively, the one or more key exchange protocols used for secure communications between the second endpoint device 102b and the first intermediary device 104c is the BB84 key exchange protocol. Furthermore, sharing keys between a group of devices including the first intermediary device 104a, any other intermediary device(s) 104b and 104c and the second device 102b connected over communication links 108a, 108b, 106b, each with quantum channel and a classical channel, may include using the BB84 key exchange protocol to exchange shared keys between the corresponding devices of the group and their neighbour devices of the group of devices.
As an example of the above-described key exchange system 300 and process for exchanging a shared secret key, or final shared key, between the first device 102a and the second device 102b is now described for the key exchange system 300 with reference to the BB84 protocol and a hybrid-BB84 version, which was briefly outlined above in relation to the first portion of a hybrid-BB84 based protocol and key exchange portion of the hybrid-BB84 protocol. Although this example makes use of the BB84 protocol and also describes a hybrid-BB84 version, this is by way of example only and the invention is not so limited, the skilled person in the art would appreciate that any QKD protocol/process that allows the generation of a shared key between two devices that provides OTP and/or XOR encryption of the raw key material as it is relayed between intermediary devices (e.g. intermediate nodes) may be used as the key exchange protocol used between devices.
The BB84 protocol and also hybrid-BB84-based protocol (e.g. see
Alice 102a and Evan 104a performs the first part of the hybrid-BB84-based protocol over communication link 106a in which, in this example, Evan 104a exchanges first key information with Alice 104a. This is performed by Evan 104a transmitting a random bitstring (or set of symbols/symbol stream, or bit string), denoted KEA, over the quantum channel of the communication link 106a, where Alice 102a uses a random receiving basis set or bases to receive the quantum transmissions of the random bitstring KEA and form a received bitstring K′EA. In addition, Evan 104a sends via the classical channel of communication link 106a the transmitting basis set that Evan 104a used to transmit the random bitstring KEA to Alice 102a. Alice 102a receives the transmitting basis set or bases that Evan 104a used to prepare the transmitted states of the random bitstring KEA (these are announced publicly, so they are also known to Bob 102b) but Alice 102a withholds or does not announce which receiving basis set or bases Alice 102a used to measure the transmitted quantum states of the random bitstring KEA transmitted from Evan 104a. Thus, given Alice 102a has Evan's transmitting bases and Alice's receiving bases, Alice 102a knows which symbols/bits Evan 104a has sent and also which symbols/bits Alice 102a has validly/successfully received, but Evan 104a does not know which symbols/bits of the random bitstring KEA that Alice 102a has received or that Alice 102a has validly/successfully received. Note, the bits/symbols of the random bitstring KEA that Alice 102a receives is denoted K′EA, which will be different to the bits/symbols of the transmitted random bitstring KEA, this is because Alice 102a randomly selects a receiving basis when receiving the transmitted random bitstring KEA, and so inevitably uses the wrong receiving basis when measuring/receiving some of the bits/symbols than the transmitting basis used for those bits/symbols by Evan 104a for transmitting the random bitstring KEA.
Evan 104a proceeds to transmit the random bitstring KEA sent to Alice 102a to Carol 104c, via, in this example, David 104b. This might happen directly if there are no other intermediary devices between Evan 104a and Carol 104c (in fact, if there is only one intermediary device then Carol and Evan are the same intermediary device/node), otherwise the bitstring KEA is transmitted across a series of intermediary devices (e.g. from Evan 104a to David 104b and then to Carol 104c), each of which has previously performed a full BB84 key exchange with its nearest neighbours to exchange a shared key therebetween. Thus, Evan 104a has the first intermediate key information, namely, random bitstring KEA, exchanged with Alice 102a over communication link 106a and a shared key KDE shared with David 104b over communication link 108a; David 104b has the shared key KDE shared with Evan 104a over communication link 108a and a shared key KCD shared with Carol 104c over communication link 108b; and Carol 104b has the shared key KBC shared with Bob 102b over communication link 106b and the shared key KCD shared with David 104b over communication link 108b. The BB84 generated shared key KDE is used by Evan 104a to OTP encrypt the bitstring KEA (e.g. KEA XOR KDE). David 104b receives over the classical channel of communication link 108a the encrypted bitstring KEA, decrypts it using shared key KDE (e.g. encrypted bitstring KEA XOR KDE) and encrypts the bitstring KEA with the shared key KCD (e.g. KEA XOR KCD). In this way, Carol 104c finally receives over the classical channel of communication link 108b a copy of the bitstring KEA that Evan 104a used to prepare his quantum states and transmitted over the quantum channel of communication link 106a to Alice 102a. It is noted that each of the shared keys are long enough to encrypt the bitstring KEA.
At this point, Carol 104c encrypts the bitstring (e.g. KEA XOR KBC) and transmits over the classical channel of communication link 106a to Bob 102b using their BB84-established shared key KBC. Alice 102a and Bob 102b now communicate over a further or separate classical channel 110 to perform the key exchange part of the hybrid-BB84-based protocol. The classical channel 110 between Alice 102a and Bob 102b may be classically encrypted (or encrypted using post-quantum cryptography keys and the like), where Alice 102a now securely shares with Bob 102b data representative of the receiving basis measurements Alice 102a used to receive KEA from Evan 104a. As an option, Alice 102a may also send the transmitting basis measurements Evan 104a used to transmit KEA to Alice 102a over the quantum channel of the communication link 106a, but this may also publicly shared by Evan 104a. This means that Bob 102b can determine which bits/symbols of KEA that Alice 102a actually received from Evan 104a. Together with the prepared bases (or transmitting basis measurements) that were shared publicly by Evan 104a, or Alice 102a shared over the classical channel 110, Bob 102b can then determine which bits/symbols Alice 102a successfully/validly received to form K′EA. As part of the hybrid-BB84 key exchange protocol, Alice 102a and Bob 102b perform final information reconciliation on the validly received bitstring K′EA, as well as, privacy amplification and/or error correction and the like as performed in the standard BB84 protocol. This results in a final shared symmetric key, a final shared key, without errors and guaranteed only to be known to Alice 102a and Bob 102b.
Referring to
The implementation of the hybrid-BB84-based protocol 310 with respect to Alice 102a, Bob 102b and Carol 104c is described, without limitation, for example in four main key exchange subprocesses or portions based on the following: 1) a first intermediate key sharing subprocess 312a describing a first set interactions between Alice 102a and Carol 104c for generating first intermediate key information for Carol 104c, also referred to as a first intermediate set of symbols (or bits), or first secret symbols/bits, and denoted KAC and a first receiving intermediate set of symbols for Alice 102a, denoted K′AC; 2) a second intermediate key sharing subprocess 312b equivalent to the first intermediate key sharing subprocess but with respect to Bob 102b and Carol 104c, which describes a second set interactions between Bob 102b and Carol 104c for generating second intermediate key information for Carol 104c, also referred to as a second intermediate set of symbols (or bits), or second secret symbols/bits, and denoted KBC and a second receiving intermediate set of symbols for Bob 102b, denoted K′BC; a third key exchange subprocess 312d describes a third set of key exchange interactions between Bob 102b and Carol 104c (and/or Bob 102b) for deriving an estimate of the original random bits KAC sent to Alice 102a, denoted K″AC; and a fourth key exchange subprocess describes a fourth set of key exchange interactions between Alice 102a and Bob 102b for determining the final shared key by processing and/or transforming K″AC and K′AC into the final shared key between Alice 102a and Bob 102b. The following key exchange subprocess(es) may be described, without limitation, for example in relation to Alice 102a, Bob 102b and/or Carol 104c based on the following:
In the first subprocess 312a, Carol 104c sends random bitstring KAC (first set of symbols/bits) to Alice 102a encoded in quantum states using a first transmitting bases, in a similar manner as for the BB84 protocol, for transmission over the corresponding quantum channel of communication link 106a. Alice 102a receives these quantum transmissions by making measurements on these transmitted states using a first receiving random basis set and recording the results to generate a first received set of symbols/bits. When Carol 104c announces the transmitting bases she prepared her states in for transmitting the first set of symbols KAC over the quantum channel to Alice 102a, Alice 102a is able to determine the bits/symbols where Alice 102a measured in the same basis as Carol 104c prepared. For Alice 102a, the received first set of symbols/bits are effectively passed through a filter 314a, where the bits/symbols of the received first set of symbols/bits that were measured in the same basis that Carol 104c prepared them in for transmission are allowed to pass through, and other bits/symbols are not. The bits/symbols that pass through form a first received intermediate set of symbols/bits K′AC. It is noted that the first received intermediate set of symbols/bits K′AC is not a perfect copy of the original first set of symbols KAC transmitted to Alice 102a.
In the second subprocess 312b, Carol 104c sends random bitstring KBC (second sets of symbols/bits) to Bob 102b encoded in quantum states using a second transmitting bases, in a similar manner as for the BB84 protocol, for transmission over the corresponding quantum channel of communication link 106b. Bob 102b receives these quantum transmissions by making measurements on these states using a second receiving random basis set and recording the results to generate a second received set of symbols/bits. When Carol 104c announces the transmitting bases she prepared her states in for transmitting the second set of symbols KBC over the quantum channel to Bob 102b, Bob 102b is able to determine the bits/symbols that Bob 102b measured in the same basis as Carol 104c prepared. For Bob 102b, the received second set of symbols/bits are effectively passed through a filter 314b, where the bits/symbols of the received second set of symbols/bits that were measured in the same basis that Carol 104c prepared them in for transmission are allowed to pass through, and other bits/symbols are not. The bits/symbols that pass through form a second received intermediate set of symbols/bits K′BC. It is noted that the second received intermediate set of symbols/bits K′BC is not a perfect copy of the original second set of symbols KBC transmitted to Bob 102b.
In the third subprocess 312c, in order to proceed with the protocol, Carol 104c must send Bob 102b the random bitstring KAC that Carol 104c sent to Alice 102a. Carol 104c does this by XORing the random bitstring KAC with the random bitstring KBC that Carol 104c sent to Bob 102b, which essentially encrypts random bitstring KAC (e.g. KBC XOR KAC). The encrypted random bitstring KBC XOR KAC is sent to Bob 102b over the classical channel of communication link 106b. Since Bob 102b does not have a perfect copy of KAC, Bob 102b only has the second received intermediate set of symbols/bits K′BC, Bob 102b is not able to recover KBC with perfect fidelity, rather Bob 102b uses a filter 312c based on XORing the second received intermediate set of symbols/bits K′BC with the received encrypted random bitstring KAC (e.g. K′BC XOR (KBC XOR KAC)=K′AC) then Bob 102b gets a filtered version of the received encrypted random bitstring KAC, denoted K″AC.
In the fourth subprocess 312d, Alice 102a and Bob 102b determine a final shared key using the known transmitting basis sets used by Carol 104c and the receiving basis sets used by Alice 102a and Bob 102b to perform filtering/matching operations 314d and 314e to find matching symbols/bits in the same symbol/bit positions between K′AC and K″AC. At this point Alice 102a and Bob 102b essentially share the same or similar random bitstring in which portions of K″AC will match corresponding portions of K′AC. To arrive at the same final shared key, Alice 102a and Bob 102b securely communicate over the classical channel 110 by swapping their respective receiving basis sets, which were used to filter the original received random bitstrings when they formed K′AC and K″AC, respectively. They then perform a reconciliation and/or matching/filtering operations 314d and 314e, respectively, to determine the corresponding bits/symbols that are matching bits/symbols in the same bit/symbol positions in K′AC and K″AC, where this intersection provides a matching set of bits/symbols resulting in KFAC for both Alice and Bob 102a and 102b, which is what is used as the final shared key. In addition, prior to determining the final shared key Alice 102a and Bob 102b may perform, in a similar manner as for BB84, further reconciliation operations/processing including, without limitation, for example sifting, error detection/correction, information reconciliation and privacy amplification (IR/PA), which transforms the matching bits/symbols into the final shared key between Alice 102a and Bob 102b.
Referring to
The implementation of the hybrid-BB84-based protocol 310 with respect to Alice 102a, Bob 102b and Carol 104c is described, without limitation, for example in four main key exchange subprocesses or portions based on the following: 1) a first intermediate key sharing subprocess 322a is performed between Alice 102a and Carol 102c based on the first subprocess 312a of the hybrid-BB84-based protocol 310 of
In the first subprocess 322a, as described in subprocess 312a of
In the second subprocess 322b, Carol 104c and Bob 102a use a QKD protocol to exchange a shared key using the quantum channel of communication link 106b. In this example, the BB84 AKD protocol is used to share a shared key KBC therebetween.
In the third subprocess 322c, in order to proceed with the protocol, Carol 104c must send Bob 102b the random bitstring KAC that Carol 104c sent to Alice 102a. Carol 104c does this by XORing the random bitstring KAC with the random bitstring KBC that Carol 104c sent to Bob 102b, which essentially encrypts random bitstring KAC (e.g. KBC XOR KAC). The encrypted random bitstring KBC XOR KAC is sent to Bob 102b over the classical channel of communication link 106b. Since Bob 102b has the shared key KBC, Bob 102b is able to fully recover KAC based on XORing the his shared key KBC with the received encrypted random bitstring KBC XOR KAC (e.g. KBC XOR (KBC XOR KAC)=KAC), thus Bob 102b has the same random bitstring KAC as Carol 104c.
In the fourth subprocess 322d, half of the subprocess 312a of
In this example, as can be seen by there are five parties and so each of the four communication links 106a, 108a, 108b and 106b may be hybrid quantum-classical communication links, each communication links 106a, 108a, 108b and 106b having at least a quantum channels, indicated by the dotted and/or dashed lines, with classical channels (not shown). Each communication link 106a, 108a, 108b and 106b may include a quantum channel and a classical channel connecting between the devices. Thus, each device 102a, 104a, 104b, 104c and 102b has the required quantum hardware/technology and/or quantum transmitter/receiver structures as well as the required classical hardware/technology and/or classical transceivers and the like for being able to perform one or more types of quantum key exchange/distribution protocol(s) using the quantum channels and classical channels as described herein, modifications thereto, combinations thereof and/or as the application demands. The BB84 protocol and also a part of the hybrid-BB84-based protocol (e.g. see
Referring to
Assume Alice 102a and Bob 102b want to share a key of length N bits. Initially, each intermediary device Evan 104a, David 104b, Carol 104c which needs to communicate bits over the quantum channels of the communication links 106a, 108a, 108b, 106b to a nearest-neighbour generates a random bitstring. Ideally this bitstring is generated using a quantum-random number generator to ensure high quality randomness. Assume the efficiency of each quantum channel is the same and is given by η, so that if N bits are prepared by the sender, then after performing, without limitation, for example the BB84 protocol the resulting shared key length is ηN. To start the key exchange protocol, each of Carol 104c and David 104b prepares η−2N bits per quantum channel, except Evan 104c (the intermediary device/node nearest to Alice 102a) who prepares only η−1N bits for his communication to Alice 102a using the first subprocess 312a or 322a of the hybrid-BB84 based protocol 310 and the like.
All quantum channels on the communication links 108a, 108b, and 106a, except the one on communication link 106a between Evan 104a and Alice 102a, perform a full BB84 QKD exchange to create shared keys between each neighbouring device. This results in shared keys of length η−1N between each pair of intermediary nodes (after losses) of Evan 104a and David 104b, David 104b and Carol 104c, and between Bob 102b and Carol 104c.
Evan 104a performs the subprocess 312a or 322a of
Since each intermediary device/node now has a shared key of length η−1N with its nearest-neighbour, Evan 104a is able to transmit the bitstring he transmitted to Alice 102a also of length η−1N, with perfect fidelity using the shared keys as classical one-time pads. This communication is quantum-secure and information-theoretic secure since the one-time pad is completely random, and each party (e.g. Evan 104a, David 104b, Carol 104c, and Bob 102b) has used QKD to communication their shared keys to one another. In this way, Bob 102b is able to retrieve (over classical communication channels) a copy of the bitstring that Evan 104a transmitted to Alice 102a.
Now that Bob 102b has a copy of the bitstring Evan 104a sent to Alice 102a, Alice 102a can send her the bases she measured in for each bit. In contrast to BB84, these received bases cannot be announced publicly, since doing so would mean that Evan 104a could also determine the final key as he has a copy of the entire original bitstring. To avoid this, Alice 102a and Bob 102b create a classically encrypted communication channel 110 (e.g. using TLS or some other security or encryption protocol/scheme) to ensure that Evan 104a (and any other intermediary devices/nodes 104b and 104c) aren't able to discover Alice's 102a measurement bases (also known as, or referred to herein as, a random receiving basis set and the like). Other physical means could be deployed to ensure that the communication between Alice 102a and Bob 102b could not be made known to Evan 104a such as, without limitation, for example physical channel separation, together with monitoring of communications, could provide sufficient guarantees of separation. Regardless, it is preferable to use quantum-resistant encryption on this channel to improve practical security, even though the full theoretical security proof depends on the physical channel separation. Following well known practices from, without limitation, for example the BB84 protocol or any other similar QKD protocol for information reconciliation and privacy amplification, Alice 102a and Bob 102b can now distil the final shared key at an efficiency of 11, resulting in a shared key length of η·η−1N=N.
Referring now to the key exchange process 402 of key exchange system 400, where the key exchange process 402 is read from top to bottom, with time advancing moving down the flow diagram. The key exchange process 402 is an illustration of how the first intermediate key information, which may include a first key or random bitstring K4 that is exchanged between Evan 104a and Alice 102a, is securely forwarded and sent through to Bob 102b at the other end of the chain of devices using shared keys K3, K2, K1 therebetween passing through intermediary nodes David 104b and Carol 104c. Thereafter a key exchange of a final shared key, derived from key K′4, between Alice 102a and Bob 102b over communication channel 110 is performed.
In particular, in this example, the group of devices Evan 104a, David 104b, Carol 104c and Bob 102b form a chain of devices via communication links 108a, 108b and 106b. All of these communication links 108a, 108b and 106b include quantum channels/classical channels that are used by the group of devices of Evan 104a, David 104b, Carol 104c and Bob 102b to perform, without limitation, for example a full BB84 key exchange for exchanging shared keys K1, K2, and K3 between the group of devices of Bob 102b, Carol 104c, David 104b, and Evan 104a. However, the communication link 106a from Evan 104a to Alice 102a is used to exchange Evan's random bitstring (or first intermediate key information) K4 with Alice 102a, which receives the random bitstring K4 as K′4, where K4 and K′4 are different. The exchange of Evan's random bitstring (or first intermediate key information) K4 with Alice 102a is based on a partial key exchange using, without limitation, for example the hybrid-BB84-based protocol 310 and/or the first subprocess 312a or 322a described with reference to
In particular, the key exchange process 402 may include the following steps of: At time step T1, Evan 104a, David 104b, Carol 104c and Bob 102b establish secret keys K1, K2, and K3 between their nearest neighbours using a QKD protocol such as, without limitation, for example the BB84 protocol. For example, Bob 102b exchanges shared key K1 with Carol 104c, Carol 104c exchanges shared key K2 with David 104b K2, and David 104b exchanges shared key K3 with Evan 104a. The shared keys K1, K2, and K3 are long enough to encrypt the bitstring K4 (first intermediate key information) that Evan 104a sends to Alice 102a over communication link 106a. In this example, since David 104c is a satellite, he transmits along two channels: one to Carol 104c, and one to Evan 104a. Note that, in this example, the direction of quantum transmissions on the quantum channels of communication links 106a and 106b to Alice 102a and Bob 102b, respectively, mean that Alice 102a and Bob 102b only need quantum receiving equipment, not quantum transmitting equipment, simplifying the quantum apparatus required at the endpoints of Alice 102a and Bob 102b. Similarly, as David 104b is a satellite, in this example, the direction of quantum transmissions on the quantum channels of communication links 108a and 108b to Evan 104a and Carol 104c, respectively, mean that Evan 104a and Carol 104c only need an quantum receiving equipment such as, without limitation, for example an OGR, not quantum transmitting equipment such as, without limitation, for example an optical ground based laser, which also simplifies the quantum apparatus required at the satellite David 104c and hubs of Evan 104a and Carol 104c.
As well, in time step T1, Evan 104a performs a partial key exchange with Alice 102a by sending his bitstring K4 (e.g. first intermediate set of symbols, first set of symbols or first intermediate key information) to Alice 102a as a quantum transmission over quantum channel of communication link 106a, where Alice 102a receives the quantum transmissions by measuring in random receiving bases, i.e. a random receiving basis set, to receive the transmitted symbols/bits of the bitstring K4. As well, Evan 104a shares his transmitted bases, i.e. a random transmitting basis set, with Alice 102a over the classical channel of communication link 106a (and/or can do so publicly so that Bob 102b also has access to Evan's transmitted bases), but Alice 102a withholds sharing her random receiving basis set (e.g. random receiving bases) and so does not share her measured bases with Evan 104a at all. Alice 102a makes measurements using her and recording the results to generate a received first set of symbols/bits. When Evan 104a announces the transmitting bases he prepared his states in for transmitting the bitstring K4 over the quantum channel to Alice 102a, Alice 102a is able to determine the bits/symbols where Alice 102a measured in the same basis as Evan 104a prepared. For Alice 102a, the received first set of symbols/bits are effectively passed through a filter 322a/314a, where the bits/symbols of the received first set of symbols/bits that were measured in the same basis that Carol 104c prepared them in for transmission are allowed to pass through, and other bits/symbols are not. The bits/symbols that pass through form a first received intermediate set of symbols/bits K′4 at Alice 102a. It is noted that the first received intermediate set of symbols/bits K′4 is not a perfect copy of the original random bitstring K4 transmitted from Evan 104a to Alice 102a.
At time step T2, Evan 104a encrypts the random bitstring K4 by XORing (e.g. represented by ⊕ operator) it with the shared key K3 that Evan 104a exchanged with David 104b (e.g. K3 XOR K4 also denoted as K3⊕K4). This result, the encrypted random bit string K3 XOR K4, is sent to David 104b, where David 104b applies his shared key K3 to the encrypted random bit string K3 XOR K4 (e.g. K3 XOR (K3 XOR K4)=K4) to decrypt/retrieve K4.
At time step T3, David 104b then re-encrypts K4 with the shared key K2 that David 104b exchanged with Carol 104c (e.g. K2 XOR K4 also denoted as K2⊕K4) and sends it to Carol 104c, where Carol 104c similarly applies her shared key K2 to the re-encrypted random bit string K2 XOR K4 (e.g. K2 XOR (K2 XOR K4)=K4) to decrypt/retrieve K4.
At time step T4, Carol 104c then re-encrypts K4 with the shared key K1 that Carol 104c exchanged with Bob 102b (e.g. K1 XOR K4 also denoted as K1⊕K4) and sends it to Bob 102b over communication link 106b. Bob 102b similarly applies his shared key K1 to the re-encrypted random bit string K1 XOR K4 (e.g. K1 XOR (K1 XOR K4)=K4) to decrypt/retrieve K4.
At time step, T5, Alice 102a and Bob 102b create a classically encrypted channel 110, (e.g. TLS), which Alice 102a uses at 110a to send her receiving measurement bases (i.e. the random receiving basis set used by Alice 102a to receive the bitstring K4 from Evan 104c over communication link 106a) to Bob 102b. Bob 102b uses Alice's receiving measurement bases and Evan's transmitting bases used to transmit the original random bitstring K4 to filter K4 to form the same filtered version of K4, namely, K′4 that Alice 102a has.
At time step T6, Alice 102a and Bob 102b then perform at 110b any reconciliation operations/processing that may be required including, without limitation, for example error detection/correction and/or information reconciliation and privacy amplification (IR/PA), which may transforms K′4 into the final shared key KF between Alice 102a and Bob 102b.
Referring to
Given the potentially large number of nodes/intermediary devices 104a-104n (e.g. in
Hypothetically, any of the intermediary communication links 108a-108m and/or corresponding intermediary nodes 104a-104n (e.g. communication links 108a and 108b connecting Evan 104a, David 104b and Carol 104c) could be replaced by an insecure link/intermediary device that revealed the contents; that information could be combined with eavesdropped information on the encrypted communication link 110 between Alice 102a and Bob 102b, in order to reveal the keys. Thus, for higher security, it may be necessary for Alice 102a and Bob 102b to trust the operators of the network that such substitution has not been performed. This can be mitigated by the equipment manufacturer, who could provide a resilient process to individually authenticate each intermediary device/node, for example by secure functions to read a per-device identifier, or my Message Authentication Codes (MAC) on each classical channel message. These authenticated messages are required as part of standard BB84 and similar QKD protocols. If the messages are also sent or relayed to the endpoints (e.g. Alice 102a and Bob 102b) or end node, those endpoints can also be assured that the intermediary devices/node are authorised.
As noted, the BB84 protocol requires pairs of devices to be authenticated. Existing techniques would be used for this, especially use of pre-shared keys for provably quantum safe information theoretic authentication, and which are refreshed from the shared QKD key bits. These pair-wise authentication processes will therefore require additional protocol exchanges between each pair of nodes.
Referring to
Although each of the intermediary devices 104a-104c of the key exchange system 400 of
As described with reference to
In this example, rather than the David 104b and Carol 104c decrypting and re-encrypting the first intermediate key information using their shared keys as described with reference to
In any event, in this example as illustrated in
As well, in time step T1, Evan 104a performs a partial key exchange with Alice 102a by sending his bitstring K4 (e.g. first intermediate set of symbols, first set of symbols or first intermediate key information) to Alice 102a and as a quantum transmission over quantum channel of communication link 106a, where Alice 102a receives the quantum transmissions by measuring in random receiving bases, i.e. a random receiving basis set, to receive the transmitted symbols/bits of the bitstring K4. As well, Evan 104a shares his transmitted bases, i.e. a random transmitting basis set, with Alice 102a over the classical channel of communication link 106a (and/or can do so publicly so that Bob 102b also has access to Evan's transmitted bases), but Alice 102a withholds sharing her random receiving basis set (e.g. random receiving bases) and so does not share her measured bases with Evan 104a at all. Alice 102a makes measurements using her and recording the results to generate a received first set of symbols/bits. When Evan 104a announces the transmitting bases he prepared his states in for transmitting the bitstring K4 over the quantum channel to Alice 102a, Alice 102a is able to determine the bits/symbols where Alice 102a measured in the same basis as Evan 104a prepared. For Alice 102a, the received first set of symbols/bits are effectively passed through a filter 322a/314a, where the bits/symbols of the received first set of symbols/bits that were measured in the same basis that Carol 104c prepared them in for transmission are allowed to pass through, and other bits/symbols are not. The bits/symbols that pass through form a first received intermediate set of symbols/bits K′4 at Alice 102a. It is noted that the first received intermediate set of symbols/bits K′4 is not a perfect copy of the original random bitstring K4 transmitted from Evan 104a to Alice 102a.
At time step T2, Carol 104c encrypts her shared keys K1 and K2 (e.g. Carol 104c exchanged shared key K1 with Bob 102b using BB84 protocol and the like, and Carol 104c exchanged shared key K2 with David 104b using BB84 protocol and the like) together using OTP operations forming an encrypted shared key K1 XOR K2, also denoted as K1⊕K2. Carol 104c sends the encrypted shared keys K1 XOR K2 to Bob 102b over the classical channel of communication link 106b. Bob 102b similarly applies his shared key K1 to the encrypted shared key K1 XOR K2 from Carol 104c to retrieve shared key K2 (e.g. K1 XOR (K1 XOR K2)=K2).
At time step T3, David 104b encrypts his shared keys K2 and K3 (e.g. Carol 104c exchanged shared key K2 with David 104b using BB84 protocol and the like, and David 104b exchanged shared key K3 with Evan 104a using BB84 protocol and the like) together using OTP operations forming an encrypted shared key K2 XOR K3, also denoted as K2⊕K3. David 104b sends the encrypted shared keys K2 XOR K3 to Bob 102b via Carol 104c over the classical channel of communication links 108b and 106b. Bob 102b similarly applies his accumulated shared key K2 to the encrypted shared key K2 XOR K3 from David 104b to retrieve shared key K3 (e.g. K2 XOR (K2 XOR K3)=K3).
At time step T4, Evan 104a encrypts the random bitstring K4 by XORing (e.g. represented by ⊕ operator) it with the shared key K3 that Evan 104a exchanged with David 104b (e.g. K3 XOR K4 also denoted as K3⊕K4). Evan 104a sends the encrypted random bitstring K3 XOR K4 to Bob 102b via David 104b and Carol 104c over the classical channels of communication links 108a, 108b and 106b. Alternatively, Evan 104a may send the encrypted random bitstring K3 XOR K4 to Bob 102b via another terrestrial communication channel to Bob 102b should David 104b not be in range, or via relay satellites through to Carol 104c then to Bob 102b. This is because the random bitstring is encrypted with the shared key K3, so any communication path should be sufficiently secure as long as no-one else, apart from Bob 102b or David 104b, has the shared key K3. Bob 102b similarly applies his accumulated shared key K3 to the encrypted random bitstring K3 XOR K4 from Evan 104a to retrieve the original random bitstring K4 (e.g. K3 XOR (K3 XOR K4)=K4) that was used in the partial key exchange between Evan 104a and Alice 102a.
At time step, T5, Alice 102a and Bob 102b create a classically encrypted channel 110, (e.g. TLS), which Alice 102a uses at 110a to send her receiving measurement bases (i.e. the random receiving basis set used by Alice 102a to receive the bitstring K4 from Evan 104c over communication link 106a) to Bob 102b. Bob 102b uses Alice's receiving measurement bases and Evan's transmitting bases used to transmit the original random bitstring K4 to filter K4 to form the same filtered version of K4, namely, K′4 that Alice 102a has.
At time step T6, Alice 102a and Bob 102b then perform at 110b any reconciliation operations/processing that may be required including, without limitation, for example error detection/correction and/or information reconciliation and privacy amplification (IR/PA), which may transforms K′4 into the final shared key KF between Alice 102a and Bob 102b.
Alternatively, rather than accumulating shared keys at Bob 102b or any other intermediary device such as Carol 104c, each of the intermediary devices Carol 104c and David 104b other than Evan 104a may combine their shared keys to each form a “super” key, and simply re-encrypt Evan's encrypted original bitstring as it passes through said intermediary device towards Bob 102b. Thus, based on the property of XORs, all Bob 102b has to do is use his shared key with Carol 104c to decrypt the re-encrypted original bitstring. In particular, the key exchange process 422 may be further modified based on the following steps of: At time step T1, Evan 104a, David 104b, Carol 104c and Bob 102b establish secret keys K1, K2, and K3 between their nearest neighbours using a QKD protocol such as, without limitation, for example the BB84 protocol. For example, Bob 102b exchanges shared key K1 with Carol 104c, Carol 104c exchanges shared key K2 with David 104b K2, and David 104b exchanges shared key K3 with Evan 104a. The shared keys K1, K2, and K3 are long enough to encrypt the bitstring K4 (first intermediate key information) that Evan 104a sends to Alice 102a over communication link 106a. Thus, Bob 102b only has one shared key K1, Carol 104c has a pair of shared keys K1 and K2, David also has a pair of shared keys K2 and K3. Thus, each of Carol 104c and David 104b create a “super” key KC and KD, respectively, by XORing their pairs of shared keys. For example, Carol 104c creates key KC=K1 XOR K2 and David creates KD=K2 XOR K3. At this point, Carol 104c and David 104b might simply destroy their pairs of keys K1 and K2 and K2 and K3, where Carol 104c uses key KC for encryption and David uses key KD for encryption.
As well, in time step T1, Evan 104a performs a partial key exchange with Alice 102a by sending his bitstring K4 (e.g. first intermediate set of symbols, first set of symbols or first intermediate key information) to Alice 102a and as a quantum transmission over quantum channel of communication link 106a, where Alice 102a receives the quantum transmissions by measuring in random receiving bases, i.e. a random receiving basis set, to receive the transmitted symbols/bits of the bitstring K4. As well, Evan 104a shares his transmitted bases, i.e. a random transmitting basis set, with Alice 102a over the classical channel of communication link 106a (and/or can do so publicly so that Bob 102b also has access to Evan's transmitted bases), but Alice 102a withholds sharing her random receiving basis set (e.g. random receiving bases) and so does not share her measured bases with Evan 104a at all. Alice 102a makes measurements using her and recording the results to generate a received first set of symbols/bits. When Evan 104a announces the transmitting bases he prepared his states in for transmitting the bitstring K4 over the quantum channel to Alice 102a, Alice 102a is able to determine the bits/symbols where Alice 102a measured in the same basis as Evan 104a prepared. For Alice 102a, the received first set of symbols/bits are effectively passed through a filter 322a/314a, where the bits/symbols of the received first set of symbols/bits that were measured in the same basis that Carol 104c prepared them in for transmission are allowed to pass through, and other bits/symbols are not. The bits/symbols that pass through form a first received intermediate set of symbols/bits K′4 at Alice 102a. It is noted that the first received intermediate set of symbols/bits K′4 is not a perfect copy of the original random bitstring K4 transmitted from Evan 104a to Alice 102a.
At time step T2, Evan 104a encrypts the random bitstring K4 by XORing (e.g. represented by ⊕ operator) it with the shared key K3 that Evan 104a exchanged with David 104b (e.g. K3 XOR K4 also denoted as K3⊕K4). This result, the encrypted random bit string K3 XOR K4, is sent to David 104b.
At time step T3, David 104b then re-encrypts the encrypted random bitstring K3 XOR K4 with the “superkey” KD that David 104b created (e.g. KD XOR (K3 XOR K4)) and sends the resulting encrypted random bitstring KD XOR (K3 XOR K4) to Carol 104c.
At time step T4, Carol 104c then re-encrypts the received encrypted random bitstring KD XOR (K3 XOR K4) with her “superkey” KC that Carol 104c created (e.g. KC XOR (KD XOR (K3 XOR K4))) and sends the resulting encrypted random bitstring KC XOR (KD XOR (K3 XOR K4)) to Bob 102b over communication link 106b. Bob 102b similarly applies his shared key K1 to the encrypted random bit string to retrieve the original bit string K4. For example, given KC=K1 XOR K2 and KD=K2 XOR K3, then K1 XOR [KC XOR (KD XOR (K3 XOR K4))]=K1 XOR [(K1 XOR K2) XOR ((K2 XOR K3) XOR (K3 XOR K4))]K4)=K1 XOR [(K1 XOR K4))]=K1 XOR [(K1 XOR K4)]=K4.
At time step, T5, Alice 102a and Bob 102b create a classically encrypted channel 110, (e.g. TLS), which Alice 102a uses at 110a to send her receiving measurement bases (i.e. the random receiving basis set used by Alice 102a to receive the bitstring K4 from Evan 104c over communication link 106a) to Bob 102b. Bob 102b uses Alice's receiving measurement bases and Evan's transmitting bases used to transmit the original random bitstring K4 to filter K4 to form the same filtered version of K4, namely, K′4 that Alice 102a has.
At time step T6, Alice 102a and Bob 102b then perform at 110b any reconciliation operations/processing that may be required including, without limitation, for example error detection/correction and/or information reconciliation and privacy amplification (IR/PA), which may transforms K′4 into the final shared key KF between Alice 102a and Bob 102b.
Several of the steps in the key exchange processes 402 and/or 422 of
As described with reference to
As described, several of the steps in the key exchange processes 402 and/or 422 of
In this example, the key exchange process 432 may modify key exchange process 402 and 422 such that all shared keys K1, K2, and K3 accumulate at Carol 104c, meaning that only she is able to decrypt Evan's bitstring K4. In this way, only Carol 104c and Evan 104a (and later on Bob 102b) only ever end up knowing the original bitstring K4. A further advantage of key exchange process 422 may be that sending and accumulating shared keys at Carol 104c may allow alterative classical communication channels to be used between Evan 104a and Bob 102b when sending the encrypted bitstring K4.
In any event, in this example as illustrated in
At time step T2, David 104b encrypts his shared keys K2 and K3 (e.g. Carol 104c exchanged shared key K2 with David 104b using BB84 protocol and the like, and David 104b exchanged shared key K3 with Evan 104a using BB84 protocol and the like) together using OTP operations forming an encrypted shared key K2 XOR K3, also denoted as K2⊕K3. David 104b sends the encrypted shared keys K2 XOR K3 to Carol 102c over the classical channel of communication link 108b. Carol 102c similarly applies her shared key K2 to the encrypted shared key K2 XOR K3 from David 104b to retrieve shared key K3 (e.g. K2 XOR (K2 XOR K3)=K3).
At time step T3, Evan 104a generates random bitstring K4 and encrypts the random bitstring K4 by XORing (e.g. represented by ⊕ operator) it with the shared key K3 that Evan 104a exchanged with David 104b (e.g. K3 XOR K4 also denoted as K3⊕K4). Evan 104a sends the encrypted random bitstring K3 XOR K4 to Carol 104c via David 104b over the classical channels of communication links 108a and 108b. Alternatively, Evan 104a may send the encrypted random bitstring K3 XOR K4 to Carol 104c via another terrestrial communication channel to Carol 104c should David 104b not be in range, or via relay satellites through to Carol 104c. This is because the random bitstring is encrypted with the shared key K3, so any communication path should be sufficiently secure as long as no-one else, apart from Carol 104c or David 104b, has the shared key K3. Carol 102c similarly applies her accumulated shared key K3 to the encrypted random bitstring K3 XOR K4 from Evan 104a to retrieve the original random bitstring K4 (e.g. K3 XOR (K3 XOR K4)=K4). K4 will be used by Evan 104a in the partial key exchange between Evan 104a and Alice 102a at time step T5.
Thus, first process 432a of process 432 has completed and Carol 104c and Evan 104a may wait until Bob 102b and/or Alice 102a request a key exchange for performing secure communications and the like with each other. The second process 432b of process 432 proceeds when Bob 102b or Alice 102a request secure communications, the second process 432b of process 432 may include the following steps of:
At time step, T4, after a pause or once Bob 102b and/or Alice 102a request to communicate over a secure communications channel. In response, Carol 104c and Bob 102b exchange a shared key K1 using the quantum channel of the communication link 106b and a QKD protocol such as, without limitation for example the BB84 protocol.
At time step, T5, Carol 104c encrypts the accumulated original bitstring K4 with the shared key K1 to form encrypted bitstring K1 XOR K4 (e.g. K1 XOR K4 also denoted as K1⊕K4) and sends it to Bob 102b over communication link 106b. Bob 102b similarly applies his shared key K1 to the encrypted random bit string K1 XOR K4 (e.g. K1 XOR (K1 XOR K4)=K4) to decrypt/retrieve K4.
As well, at around the same time as time steps T4 or T5, Evan 104a performs a partial key exchange with Alice 102a by sending his bitstring K4 (e.g. first intermediate set of symbols, first set of symbols or first intermediate key information) to Alice 102a as a quantum transmission over quantum channel of communication link 106a, where Alice 102a receives the quantum transmissions by measuring in random receiving bases, i.e. a random receiving basis set, to receive the transmitted symbols/bits of the bitstring K4. As well, Evan 104a shares his transmitted bases, i.e. a random transmitting basis set, with Alice 102a over the classical channel of communication link 106a (and/or can do so publicly so that Bob 102b also has access to Evan's transmitted bases), but Alice 102a withholds sharing her random receiving basis set (e.g. random receiving bases) and so does not share her measured bases with Evan 104a at all. Alice 102a makes measurements using her and recording the results to generate a received first set of symbols/bits. When Evan 104a announces the transmitting bases he prepared his states in for transmitting the bitstring K4 over the quantum channel to Alice 102a, Alice 102a is able to determine the bits/symbols where Alice 102a measured in the same basis as Evan 104a prepared. For Alice 102a, the received first set of symbols/bits are effectively passed through a filter 322a/314a, where the bits/symbols of the received first set of symbols/bits that were measured in the same basis that Carol 104c prepared them in for transmission are allowed to pass through, and other bits/symbols are not. The bits/symbols that pass through form a first received intermediate set of symbols/bits K′4 at Alice 102a. It is noted that the first received intermediate set of symbols/bits K′4 is not a perfect copy of the original random bitstring K4 transmitted from Evan 104a to Alice 102a.
At time step T6, Alice 102a and Bob 102b create a classically encrypted channel 110, (e.g. TLS), which Alice 102a uses at 110a to send her receiving measurement bases (i.e. the random receiving basis set used by Alice 102a to receive the bitstring K4 from Evan 104c over communication link 106a) to Bob 102b. Bob 102b uses Alice's receiving measurement bases and Evan's transmitting bases used to transmit the original random bitstring K4 to filter K4 to form the same filtered version of K4, namely, K′4 that Alice 102a has. Alice 102a and Bob 102b also perform at 110b any reconciliation operations/processing that may be required including, without limitation, for example error detection/correction and/or information reconciliation and privacy amplification (IR/PA), which may transforms K′4 into the final shared key KF between Alice 102a and Bob 102b.
The following describes further modifications that may be made to key exchange systems 400, 420, 430 as described with reference to
Additionally or as an option, any secure channel/communication link may be used between the intermediary devices/nodes. In principle, any (quantum) secure channel in a communication link can be used between the intermediary nodes/devices, including post-quantum algorithms, and pre-shared keys (or re-used keys as described above). Ideally the pre-shared keys would be one time pad (OTP) keys (i.e. keys with the same length as the data being encrypted). If desired, and as an option, non-quantum-secure links can also be used such as, without limitation, for example Transport Layer Security (TLS) and/or any other classical form of security/secure communications, however, the downside of using non-quantum-secure links is that the key exchange system becomes non-quantum-secure since there is no eavesdropping protection on these non-quantum secure links and they could be broken with quantum computers.
Additionally and/or alternatively, the intermediary nodes have been described herein as satellites (e.g. David 104b) and/or terrestrial hubs (e.g. Evan 104a and Carol 104c), this is byway of example only and the invention is not so limited, the skilled person in the art would understand that the key exchange systems do not have to use satellite(s) as intermediary nodes/devices and the like, but rather the intermediary nodes may be any type of suitable device for operating and communication as an intermediary device in the key exchange systems as described herein. For example, the intermediate nodes/intermediary devices of a key exchange system may be composed entirely of terrestrial hubs connected via optical fibre; alternatively and/or additionally, all of the intermediate nodes/intermediary devices could be satellites, which could mean that a meshed network of satellites could allow two endpoints to negotiate keys in real-time, without having to wait for the satellite to complete an orbit; thus the intermediary devices/nodes can be any hardware that can establish a quantum channel with their nearest neighbours and be chained together with one or more endpoints for exchanging a final shared key between two endpoints in a key exchange process and/or key exchange system as described herein.
Additionally and/or alternatively, in the key exchange systems as described herein, rather than use a quantum resistant link or communication channel 110 between Alice 102a and Bob 102b, the communication link/channel 110 may be a QKD-protected link, which could also be used by Alice 102a and Bob 102b for the key exchange of the final shared key therebetween based on completing the first key exchange, key exchange or partial key exchange protocol used initially by Evan 104a and Alice 102a to exchange the first key information and/or first set of symbols therebetween and the like. The first key exchange, key exchange or partial key exchange protocol may be any QKD type protocol that enables the endpoint device, e.g. Alice 102a, to withhold key information and/or basis information or any other information that would prevent an intermediary device, e.g. Evan 104a, from deriving the bits/symbols that Alice 102a has received or transmitted during the partial key exchange, but where in the final part of the QKD protocol enables a key exchange to be performed in which Alice 102a reveals the withheld key information and/or basis information enabling the other endpoint device, e.g. Bob 102b, to participate in the key exchange for agreeing and/or determining the final shared key between Alice 102a and Bob 102b.
Further modifications and/or adjustments to the key exchange systems 100, 120, 130, 200, 210, 220, 230, 300, 310, 320, 400, 420, 430 and process(es) 140, 150, 160, 170, 402, 422, 432 of
The chaining key exchange process may be thought of as spreading correlations. Initially physical systems are distributed between adjacent nodes in a chain, and measurements are then carried out on the physical systems at each node. This will result in states of physical systems at adjacent nodes that are correlated with each other, and datasets at adjacent nodes that are correlated with each other. Every node except for the first and last nodes in the chain will then hold two sets of physical systems/data, one of which is correlated with physical systems/data held by the node to its immediate left and one of which is correlated with physical systems/data held by the node to its immediate right. By carrying out physical measurements and/or mathematical operations at the nodes, it is possible to implement a process of spreading the correlations such that at the end of the process physical systems and/or data held at the first and last links of the chain will be correlated with each other.
An example of a purely classical chaining process may include the following: Classical physical systems are distributed between adjacent nodes, within a linked set of nodes; The systems are measured at each node, creating data, so that there are two datasets at all nodes except the first and last nodes in the chain, which will have one dataset each. Mathematical operations (typically XORs) are carried out on the two datasets held at each of the intermediate nodes. The results of these operations are communicated to the first and/or last node in the chain. Depending on the results received, the first and/or last nodes modify their datasets by carrying out mathematical operations (typically XORs). The datasets held by the first and last nodes will now be correlated with each other.
An example of a purely quantum chain may include the following: Entangled quantum states are distributed between adjacent nodes, within a linked set of nodes. Each of the nodes, except for the first and last nodes in the chain, will now have two sets of quantum systems, one of which will be entangled with a quantum system held by the node to the immediate left, and one of which will be entangled with a quantum system held by the node to the immediate right. Physical operations (measurements) are carried out on the two sets of quantum systems held at each of the intermediate nodes. The results of these operations are communicated to the first and/or last node in the chain. Depending on the results received, the first and last nodes discard some of their quantum systems. The quantum systems held by the first and last nodes will now be entangled with each other. The first and last nodes can use this entanglement to generate classically correlated datasets.
An example of a Quantum/classical hybrid chain may include the following: Quantum systems are transmitted between adjacent nodes, within a linked set of nodes. Physical operations (measurements) are carried out on the quantum systems before and after transmission. These operations will create classical data, so that there are now two datasets at all nodes except the first and last nodes in the chain, which will have one dataset each. Mathematical operations (typically XORs) are carried out on the two datasets held at each of the intermediate nodes. Sifting operations are also carried out between the nodes, by way of classical communication between the nodes. Depending on the protocol used, these sifting operations may be carried out before and/or after the mathematical operations. The results of the mathematical operations are transmitted along the nodes and/or to the first and/or last node in the chain (depending on the protocol). Depending on the results received, the first and/or last nodes modify their datasets by carrying out mathematical operations (typically XORs). The datasets held by the first and last nodes will now be correlated with each other.
An example of a Mixed Chains is now provided where it is possible to combine any two, or all three, of the above types of chain and/or key exchange process(es) and/or key exchange systems to make a single chain. For example, in the context of this generalised chaining paradigm all three types may combined in the following example chain: Consider a chain with 7 linked nodes, labelled A-G. Nodes A-B, B-C, E-F and F-G are linked by quantum and classical channels. Nodes C-D and D-E are linked by classical channels only. A fully quantum protocol is carried out between nodes A, B, and C. Nodes A and C will now share correlated datasets. A fully classical protocol is carried out between nodes C, D, and E. Nodes C and E will now share correlated datasets. A quantum/classical hybrid protocol is carried out between nodes E, F, and G. Nodes E and G will now share correlated datasets. Mathematical operations (typically XORs) are carried out on the two datasets held at C, and on the two datasets held at E, and the results of these operations are communicated to nodes A and/or G. Depending on the results received, the nodes A and G modify their datasets by carrying out mathematical operations (typically XORs). The datasets held by nodes A and G will now be correlated with each other.
Although the generalised chaining process has been described using the above-mentioned terminology, this is byway of example only and the invention is not so limited, it is to be appreciated by the skilled person that these generalised chaining concepts/process(es) and the like may be implemented in one or more aspects of the key exchange systems, apparatus, methods, key exchange process(es)/protocol(s) and/or subprocess(es), intermediary device(s), first and second device(s), use cases, and/or key exchange systems 100, 120, 130, 200, 210, 220, 230, 300, 310, 320, 400, 420, 430, 500510, 520, 530 and process(es) 140, 150, 160, 170, 402, 422, 432 as described with reference to
In the embodiment described above the server may comprise a single server or network of servers. In some examples the functionality of the server may be provided by a network of servers distributed across a geographical area, such as a worldwide distributed network of servers, and a user may be connected to an appropriate one of the network of servers based upon a user location.
The above description discusses embodiments of the invention with reference to a single user for clarity. It will be understood that in practice the system may be shared by a plurality of users, and possibly by a very large number of users simultaneously.
The embodiments described above are fully automatic. In some examples a user or operator of the system may manually instruct some steps of the method to be carried out.
In the described embodiments of the invention the system may be implemented as any form of a computing and/or electronic device. Such a device may comprise one or more processors which may be microprocessors, controllers or any other suitable type of processors for processing computer executable instructions to control the operation of the device in order to gather and record routing information. In some examples, for example where a system on a chip architecture is used, the processors may include one or more fixed function blocks (also referred to as accelerators) which implement a part of the method in hardware (rather than software or firmware). Platform software comprising an operating system or any other suitable platform software may be provided at the computing-based device to enable application software to be executed on the device.
Various functions described herein can be implemented in hardware, software, or any combination thereof. If implemented in software, the functions can be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media may include, for example, computer-readable storage media. Computer-readable storage media may include volatile or non-volatile, removable or non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. A computer-readable storage media can be any available storage media that may be accessed by a computer. By way of example, and not limitation, such computer-readable storage media may comprise RAM, ROM, EEPROM, flash memory or other memory devices, CD-ROM or other optical disc storage, magnetic disc storage or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer. Disc and disk, as used herein, include compact disc (CD), laser disc, optical disc, digital versatile disc (DVD), floppy disk, and blu-ray disc (BD). Further, a propagated signal is not included within the scope of computer-readable storage media. Computer-readable media also includes communication media including any medium that facilitates transfer of a computer program from one place to another. A connection, for instance, can be a communication medium. For example, if the software is transmitted from a website, server, or other remote source using a coaxial cable, fiber/fibre optic cable, twisted pair, DSL, or wireless technologies such as infrared, radio, and microwave are included in the definition of communication medium. Combinations of the above should also be included within the scope of computer-readable media.
Alternatively, or in addition, the functionality described herein can be performed, at least in part, by one or more hardware logic components. For example, and without limitation, hardware logic components that can be used may include Field-programmable Gate Arrays (FPGAs), Application-Program-specific Integrated Circuits (ASICs), Application-Program-specific Standard Products (ASSPs), System-on-a-chip systems (SOCs), Complex Programmable Logic Devices (CPLDs), etc.
Although illustrated as a single system, it is to be understood that the computing device may be a distributed system. Thus, for instance, several devices may be in communication byway of a network connection and may collectively perform tasks described as being performed by the computing device.
Although illustrated as a local device it will be appreciated that the computing device may be located remotely and accessed via a network or other communication link (for example using a communication interface).
The term ‘computer’ is used herein to refer to any device with processing capability such that it can execute instructions. Those skilled in the art will realise that such processing capabilities are incorporated into many different devices and therefore the term ‘computer’ includes PCs, servers, mobile telephones, personal digital assistants and many other devices.
Those skilled in the art will realise that storage devices utilised to store program instructions can be distributed across a network. For example, a remote computer may store an example of the process described as software. A local or terminal computer may access the remote computer and download a part or all of the software to run the program. Alternatively, the local computer may download pieces of the software as needed, or execute some software instructions at the local terminal and some at the remote computer (or computer network). Those skilled in the art will also realise that by utilising conventional techniques known to those skilled in the art that all, or a portion of the software instructions may be carried out by a dedicated circuit, such as a DSP, programmable logic array, or the like.
It will be understood that the benefits and advantages described above may relate to one embodiment or may relate to several embodiments. The embodiments are not limited to those that solve any or all of the stated problems or those that have any or all of the stated benefits and advantages. Variants should be considered to be included into the scope of the invention.
Any reference to ‘an’ item refers to one or more of those items. The term ‘comprising’ is used herein to mean including the method steps or elements identified, but that such steps or elements do not comprise an exclusive list and a method or apparatus may contain additional steps or elements.
As used herein, the terms “component” and “system” are intended to encompass computer-readable data storage that is configured with computer-executable instructions that cause certain functionality to be performed when executed by a processor. The computer-executable instructions may include a routine, a function, or the like. It is also to be understood that a component or system may be localized on a single device or distributed across several devices.
Further, as used herein, the term “exemplary” is intended to mean “serving as an illustration or example of something”.
Further, to the extent that the term “includes” is used in either the detailed description or the claims, such term is intended to be inclusive in a manner similar to the term “comprising” as “comprising” is interpreted when employed as a transitional word in a claim.
The figures illustrate exemplary methods. While the methods are shown and described as being a series of acts that are performed in a particular sequence, it is to be understood and appreciated that the methods are not limited by the order of the sequence. For example, some acts can occur in a different order than what is described herein. In addition, an act can occur concurrently with another act. Further, in some instances, not all acts may be required to implement a method described herein.
Moreover, the acts described herein may comprise computer-executable instructions that can be implemented by one or more processors and/or stored on a computer-readable medium or media. The computer-executable instructions can include routines, sub-routines, programs, threads of execution, and/or the like. Still further, results of acts of the methods can be stored in a computer-readable medium, displayed on a display device, and/or the like.
The order of the steps of the methods described herein is exemplary, but the steps may be carried out in any suitable order, or simultaneously where appropriate. Additionally, steps may be added or substituted in, or individual steps may be deleted from any of the methods without departing from the scope of the subject matter described herein. Aspects of any of the examples described above may be combined with aspects of any of the other examples described to form further examples without losing the effect sought.
It will be understood that the above description of a preferred embodiment is given by way of example only and that various modifications may be made by those skilled in the art. What has been described above includes examples of one or more embodiments. It is, of course, not possible to describe every conceivable modification and alteration of the above devices or methods for purposes of describing the aforementioned aspects, but one of ordinary skill in the art can recognize that many further modifications and permutations of various aspects are possible. Accordingly, the described aspects are intended to embrace all such alterations, modifications, and variations that fall within the scope of the appended claims.
| Number | Date | Country | Kind |
|---|---|---|---|
| 2101310.7 | Jan 2021 | GB | national |
| 2106980.2 | May 2021 | GB | national |
| Filing Document | Filing Date | Country | Kind |
|---|---|---|---|
| PCT/GB2022/050243 | 1/28/2022 | WO |
