QCRYPT

QCRYPTSecure High-Speed Communication based on Quantum Key Distribution

1

In todays information society data security is of highest importance e-commerce, e-banking, backup (banks)AliceBobGoalTransfer of secret messages between Alice and Bob

RequirementsSecrecy: the message cannot be read by an unauthorized partyAuthenticity: message cannot be changed by an unauthorized party

3

AliceNetwork encryptorNetwork encryptorBobEncryptionEncoding the messages with a shared secret key

GoalTransfer of secret messages between Alice and Bob4

AliceAuthentication deviceAuthentication deviceBob

GoalTransfer of private messages between Alice and BobAuthenticationAttach authentication tag to verify that message has been received as it was sent by Alice

5The QCrypt Concept

High-speed Quantum Key Distribution

40 100Gbps enCRYPTion

100 Gb/s

In line nano-tera key words: Security, Communication, Systems and SoftwareWDM

6 QCRYPT is multidisciplinary!

1Group of Applied University of Geneva, 2Telecommunications Circuits Laboratory, EPF Lausanne,3idQuantique SA, Geneva, 4University of Applied Sciences Western Switzerland ,Geneva.5University of Applied Sciences Western Switzerland, Yverdon-les-Bains (HEIG-VD),6Institute for Theoretical Physics, ETH Zurich, 7Integrated Systems Laboratory, ETH Zurich, 8Microelectronics Design Center, ETH Zurich, Nino Walenta1, Olivier Guinnard1, Raphael Houlmann1, Charles Lim Ci Wen1, Boris Korzh1, Tommaso Lunghi1, Nicolas Gisin1, Hugo Zbinden1, Andreas Burg2, Jeremy Constantin2, Matthieu Legr3, Patrick Trinkler3, Dario Caselunghe3, Natalia Kulesza3, Gregory Trolliet4, Fabien Vannel4, Pascal Junod5, Olivier Auberson5, Yoan Graf5, Gilles Curchod5, Gilles Habegger5, Etienne Messerli5,Christopher Portmann1,6, Luca Henzen7, Christoph Keller7, Christian Pendl7, Michael Mhlberghuber7, Christoph Roth7, Norbert Felber7, Frank Grkaynak8, Daniel Schni8, Beat Muheim8

Quantum PhysicsMathematicsComputer ScienceTelecommunicationFPGA programmingrf electronics PCB designMechanical engineeringTechnology transfer7 Part A) QKD

Send key with individual photons (quantum states)The eavesdropper may not measure without perturbation (Heisenbergs uncertainty principle)Eavesdropping can be detected by Alice and Bob!

QKD is proven information theoretically secure! Poster!8 Efficient, rapid stable QKD scheme

QBER Visibility

Characteristics of coherent one way scheme:1.25 GHz clock rateSecurity proof with finite key analysisReveals action of eavesdropperInput for key distillation9 High speed hardware key distillation

Error estimationRandom sampling for QBERError correctionLDPC forward error correctionPrivacy amplificationToeplitz hashingError verificationUniversal hashingAuthenticationPolynomial hashingSiftingTiming and base information

Distillation implemented in a single FPGA (Virtex 6)Secret key distillation at a rate of up to 4Mbit/sOne-time-pad encryption implementedPoster!10 Efficient, rapid single photon detectors

130 ps(fwhm)1.25 GHz

=10 % pdark=610-7 /gateInGaAs APD1.25 GHz gate frequencyHigh detection rates > 33 MHzLow afterpulse probability < 1%Low dead time of 8 nsLow timing jitter of ~70 ps (fwhm)Room temperature operationWalenta et al. J. of App. Phys., 112, 063106 (2012).

11 QKD Results

Detection rate: 5.3 MHzSifted rate: 4.1 MHzSecret rate: 527 kHz

Distance up to 100kmSecret bit rates up to 1Mbit/s12 B) Encryption: Motivation and Challenges

High bit rate encryption and authentication based on QKD for next-generation communication systems (100Gb/s)Enhance the security against successful cipher attacks by replaceable alternative encryption and authentication architectures

Error-free operation due to perfect debugging of the complex system with the aid of advanced testbenchesDesign of the fast encryption PCB as close as possible to industrial manufacturability with high quality electrical connections13Fast Encryptor

AES100 GE10 GE10 GEKey Management & SynchronizationGHASHGHASHAESTDMKeyOptical Link100 GE10 GE10 GEKey Management & SynchronizationAESGHASHGHASHAESTDMKey 10x/4x 10 Gbit/s Ethernet 10x/4x 10 Gbit/s Ethernet100/40Gbit/sFull system/Demonstrator 10000 encryption keys per second4 alternative Crypto CoresAESSerpentGCMAES + GCMSerpent + GCMOCBAES + OCBSerpent + OCBPoster!AES = Advanced Encryption StandardGCM = Galois/Counter Mode14QCrypt TestBench Debugging

Use of SystemVerilog TestBench to validate the Encryptor

Hardware analyzerVery fast (10Gbit/s per channel)No control on the generated trafficOnly BER is reported

TestBenchVery slow (250 bit/s per channel)Driven test signal using random or fixedEthernet frame settings:PayloadFrame sizeAll internal signals availableBitwise comparison

Poster!This slide shows the pro and cons between a hardware tester and a software testbench

Important to note for a hardware tester:- No control on the data generated, but very fast.

Important to note for such Testbench:Written in SystemVerilogNot suitable to run a huge amount of data because it takes very very long time to simulateBut, this kind of testbench can run every kind of scenarii, we want and observe all internal signals of the desing under test (which is not possible when runing a hardware tester)And, it is possible to generated the data exactly as we need them15QCrypt PCB Version V2

Challenges V2/V1

10Gbit/s differential line qualityThe right material Rogers low-profile Controlled impedance differential pairs

Simulations for 10G Structures3D simulations CST STUDIO SUITE

ManufacturabilityThe right company: Photochemie WIKO pcbAspect ratio of vias 1:20 1:20 1:15Symmetric layer stack no yes yes high-speed layers in center, back-drilled vias

Via model for 3D simulation: Differential via, traces and GND viasCut through Cu planes of stackupResults before and after optimization Order of items: highest challenge first

The right material: low profile Cu surface and epoxy-glass-ceramic_pouder dielectric in the high-speed layers

3D simulations: Upper/lower curves in figure: Reflexion Coefficient / Time-domain-reflectometry (emulated from simulation results)

The right company: Due to vanished manufacturers: Evaluation of more than 14 companies not able to process the PCB. Why ?=> Mainly because of the aspect ratio (Thickness of the PCB compared to the hole diameter) of the drill holes too small, but required for the impedance-matched differential vias

In consequence, we have to accept a trade-off:=> 0.25mm drill diameter instead of 0.22mm in 4mm thick PCBconsequences: Delay of PCB design (now ready for processing = PCB ready to be manufactured) Demonstration Prototype works with QCrypt PCB Version 1

16QCrypt PCB Version V2

Challenges V2/V1

PCB with 26 layersVery high speed signals up to 10 Gbit/sRouting FPGA with 2000 pinsHigh current up to 40 A26 different power supplies

Power distribution75 power planes / split planes for lowermutual influence 26 Layer PCB

Industrial requirementsPCIe cable interface to QKD systemATCA form factor PCB V2 compliantEDC chips for six 10Gbit/s interfaces Compensates for signal degradations Improved communication range

StackupPCB V1FPGAPOWERGENERALHIGH-SPEEDNELCO 4000FPGAPCB V2POWERGENERALHIGH-SPEEDVENTEC VT-47POWERGENERALROGERS LoProVENTEC VT-47

CopperCorePrepregBack-drilledHole = copper removedPoster!Important:26 layers10GHz PCB => very difficult routing ! Every details counts (impedance, capacitance, inductance of the traces)Complex routing due to the high quantity of pins of the FPGAComplex power planes (split over many layers) / For example: A maximum of 40 Ampers must be supported to power the FPGA core !For the industrial point of view, EDC chips have been added to support improved communication distance and signal quality.

The picture shows:Left: the PCB V1 with only 24 Layers and with small thickness / Asymmetrical stack => not good for PCB manufacturing AND the PCB could twist when heated for soldering the components.Right: the PCB V2 with 26 layers, but thicker to enhance high speed signals. This is due to bigger hole size (0.25mm instead of the ones at 0.22mm used on PCB V1) / This PCB is symmetrical with high speed signal in the middle. => Consequences: to avoid antenna for signals going from top to middle and again to top, we have to back-drill (= mechanically remove) the remaining copper (from bottom to middle). It shows in grey in the right image

Info:ATCA = Advanced Telecom Computing Architecture, a new series of specifications targeted to meet requirements for next-generation carrier-grade high-speed communications equipmentEDC = electronic dispersion correction

17 Results Encryption

100/40 Gbit/s demonstrator with 4 exchangeable authentication/encryption coresup to 10000 key updates per secondMeasured bit error rates of