Onion Routing Key Distribution for QKDN

TL;DR

This paper introduces a secure key distribution protocol for Quantum Key Distribution Networks that combines onion routing-inspired encapsulation and post-quantum cryptography to enhance security and anonymity in high-security environments.

Contribution

It proposes a novel key distribution protocol for QKDN that integrates onion routing techniques with post-quantum encryption to improve security and privacy.

Findings

Enhanced security against malicious intermediaries

Applicability to critical infrastructure and digital money

Reduced attack surface in QKDN environments

Abstract

The advance of quantum computing poses a significant threat to classical cryptography, compromising the security of current encryption schemes such as RSA and ECC. In response to this challenge, two main approaches have emerged: quantum cryptography and post-quantum cryptography (PQC). However, both have implementation and security limitations. In this paper, we propose a secure key distribution protocol for Quantum Key Distribution Networks (QKDN), which incorporates encapsulation techniques in the key-relay model for QKDN inspired by onion routing and combined with PQC to guarantee confidentiality, integrity, authenticity and anonymity in communication. The proposed protocol optimizes security by using post-quantum public key encryption to protect the shared secrets from intermediate nodes in the QKDN, thereby reducing the risk of attacks by malicious intermediaries. Finally, relevant use cases are presented, such as critical infrastructure networks, interconnection of data centers and digital money, demonstrating the applicability of the proposal in critical high-security environments.