Experimental authentication of quantum key distribution with post-quantum cryptography

Abstract

Abstract Quantum key distribution (QKD) can provide information theoretically secure key exchange even in the era of quantum computers. However, QKD requires the classical channel to be authenticated, the current method for which is pre-sharing symmetric keys. For a QKD network of n users, this method requires $${C}_{n}^{2}=n(n-1)/2$$ <mml:math xmlns:mml="http://www.w3.org/1998/Math/MathML"><mml:mrow><mml:msubsup><mml:mrow><mml:mi>C</mml:mi></mml:mrow><mml:mrow><mml:mi>n</mml:mi></mml:mrow><mml:mrow><mml:mn>2</mml:mn></mml:mrow></mml:msubsup><mml:mo>=</mml:mo><mml:mi>n</mml:mi><mml:mrow><mml:mo>(</mml:mo><mml:mrow><mml:mi>n</mml:mi><mml:mo>−</mml:mo><mml:mn>1</mml:mn></mml:mrow><mml:mo>)</mml:mo></mml:mrow><mml:mo>/</mml:mo><mml:mn>2</mml:mn></mml:mrow></mml:math> pairs of symmetric keys to realize pairwise interconnection. In contrast, with the help of a mature public key infrastructure (PKI) and post-quantum cryptography (PQC) with quantum-resistant security, each user only needs to apply for one digital certificate from a certificate authority (CA) to achieve efficient and secure authentication for QKD. We need to assume only the short-term security of the PQC algorithm to achieve long-term security of the distributed keys. Here, we experimentally verified the feasibility, efficiency, and stability of the PQC algorithm in QKD authentication, and demonstrated the advantages when new users join the QKD network. Using the PQC public-key infrastructure, the nodes need to mutually trust only the CA to authenticate each other. QKD combined with PQC authentication will greatly promote and extend the application prospects of quantum-safe communication.