Topology-Hiding Path Validation for Large-Scale Quantum Key Distribution Networks

TL;DR

This paper introduces a secure, efficient path validation protocol for large-scale quantum key distribution networks that preserves network topology confidentiality while enabling compliance verification.

Contribution

It presents a formal, provably secure protocol that ensures trust and confidentiality in QKD network path validation, suitable for large networks.

Findings

The protocol can verify paths in networks with 100 nodes within 1-2.5 seconds.

Communication overhead is less than 70kB, demonstrating efficiency.

The protocol maintains confidentiality of network topology information.

Abstract

Secure long-distance communication in quantum key distribution (QKD) networks depends on trusted repeater nodes along the entire transmission path. Consequently, these nodes will be subject to strict auditing and certification in future large-scale QKD deployments. However, trust must also extend to the network operator, who is responsible for fulfilling contractual obligations -- such as ensuring certified devices are used and transmission paths remain disjoint where required. In this work, we present a path validation protocol specifically designed for QKD networks. It enables the receiver to verify compliance with agreed-upon policies. At the same time, the protocol preserves the operator's confidentiality by ensuring that no sensitive information about the network topology is revealed to users. We provide a formal model and a provably secure generic construction of the protocol, along with a concrete instantiation. For long-distance communication involving 100 nodes, the protocol has a computational cost of 1-2.5s depending on the machine, and a communication overhead of less than 70kB - demonstrating the efficiency of our approach.