Such modules can be used by telecom operators and enterprises in securing their networks with the knowledge that certified products have been subjected to the scrutiny of a formal security evaluation process. The Protection Profile specifies high-level requirements for the physical implementation of prepare and measure QKD protocols through to the output of final secret keys.
Quantum Key Distribution is a quantum-safe security technique to generate shared random secret keys by using the quantum properties of optical signals. Attempts to measure these signals in transit are detectable, and a QKD protocol can take these into account to ensure - in a quantifiable manner - that only secure keys are delivered.
"The development of large-scale quantum computers threatens most of the public-key cryptography in use today. For some use cases, quantum key distribution could provide an addition to post-quantum cryptography to mitigate this threat. In order to develop trustworthy QKD devices, appropriate security requirements and evaluation criteria are crucial in BSI's view. This Protection Profile for quantum key distribution modules is the first of its kind and an important first step in this direction. That is why BSI has supported its development and would like to thank the ETSI Industry Specification Group Quantum Key Distribution for the fruitful collaboration," states Dr. Günther Welsch, BSI (German Federal Office for Information Security), Head of Division "Information Assurance Technology and IT Management".
“We are delighted to publish this initial Protection Profile as an important step to help certify QKD modules under the widely recognised security certification scheme of the Common Criteria for Information Technology Security Evaluation,” says Martin Ward, Chair of the ETSI ISG QKD.
The ETSI Quantum Key Distribution Industry Specification Group brings together experts from various companies and organisations with interests in QKD certification. These include potential customers for applications and system manufacturers, along with security experts from organisations involved in certification schemes and academia.