Summary

Recommendation ITU-T Y.3803 provides help for the design, deployment, and operation of key management of a quantum key distribution network (QKDN). The overall structure and basic functions of a QKDN are first reviewed along with Recommendation ITU-T Y.3800, then the requirements of a QKDN are reviewed along with Recommendation ITU-T Y.3801. Functional elements and procedures of key management are then described.

Quantum key distribution (QKD) protocols provide the means to distribute symmetric random bit strings as a secure key that can be proven to be secure even against an eavesdropper who has unbounded computational ability. A basic element of QKD is a pair of QKD modules linked by a QKD link that allows two remote parties to share secure keys. A QKDN consists of two or more QKD links and trusted nodes (QKD nodes), where any pair of two QKD nodes can share secure keys via QKD links and key relay. In the end, these keys are supplied to cryptographic applications in user networks. To implement a QKDN and appropriately integrate with the user network, an overview of QKD technologies, including network capabilities, conceptual structure, layered model, basic functions and components, and its relation to the user network, is given in Recommendation ITU-T Y.3800.

To operate a QKDN efficiently and securely, key management is the highest priority issue because without this, most meaningful QKD operations and services cannot be realized. Key management includes, at least, storing keys generated by QKD modules, relaying keys between the nodes of the QKDN, and supplying keys to cryptographic applications upon requests from users, all in a secure manner. The standardization of these issues is essential to realize the interoperability for QKDN, ensuring security and widening applications of QKD.