QaaS: Quantum Key Distribution (QKD) as a Service

by Institute of Mathematics and Computer Science, University of Latvia

The experimental Quantum Key Distribution (QKD) infrastructure accessible as a service.

Papers to cite:

QKD as a Service (QaaS) allows the users to securely obtain a shared secret from two remote key distribution centers (KDCs) running QKD equipment. QaaS uses a mix of quantum and classical channels in a way that is sustainable for active attacks on any single communication segment. The following figure illustrates the main components participating in QaaS from the end user point of view:


User 1 and User 2 (also known as the TLS client and TLS server) are end users of QaaS. They aim to establish a secure TLS connection (green) using a quantumly shared key. Since neither of the end users has direct access to QKD devices, each of the users connects to both KDCs (represented by the Aija and Brencis servers) using classical links encrypted using PQC algorithms (currently, we use FrodoKEM and SPHINCS+). KDCs return material that can be used to reconstruct the quantumly shared key that has been distributed using QKD devices between KDCs. An essential property of QaaS is that the full shared key is never transmitted via any single classical communication segment.

In order to connect to our QaaS service, you will need the following:

Upon request, keys and certificates can be generated using IDQ Quantis QRNG devices. All certificates (CA, client-side, and server-side) are based on the quantum-resistant SPHINCS+ algorithm.