qcrypt
DESCRIPTION
This project aims to considerably improve cryptography on both the key distribution level and the encryption level. Quantum Key Distribution (QKD) is a secure way to generate and distribute keys, which is based on the fundamental laws of quantum mechanics. However, existing systems are too slow. The new QKD system will be capable of producing keys at 1 Mbps rate, which means it will allow 1 MHz OTP encryption for high-level applications.TRANSCRIPT
QCRYPT
Secure High-Speed Communication based on
Quantum Key Distribution
What is quantum communication• Quantum Communication is the art of
transferring a quantum state from one location, Alice, to a distant one, Bob.
• A quantum state can’t be copied, hence the original is necessarily destroyed and there remains no copy.
• Copying quantum states would violate bothHeisenberg’s uncertainty relations and the impossibility of faster than light signaling. Hence, the impossibility of “Q cloning” is one of the best established facts in Science.
Alice Bob
What is quantum communication• Quantum Communication is the art of
transferring a quantum state from one location, Alice, to a distant one, Bob.
photonsplitter
detectors
The photonexplores
both paths
Quantumrandomness
Quantumnonlocality
(entanglement)
Used daily by some Swiss banks
Spin-off from the University of Geneva, 2001
67 km
The QCrypt Concept
100 Gb/s
1 Mb/s OTP
High-speed Quantum Key Distribution (1.25 Gbps pulse rate) +
40 – 100Gbps enCRYPTion +
WDM
Secure high-speed communication for the 21st
century
• Simple and robust scheme• Coherent faint laser pulses resistant to photon number splitting attacks• 625 MHz rate (1.25 GHz pulse rate)• 1 Mbit/s secret key rate @ 25km
Quantum Key Distribution Coherent-One-Way (COW) scheme
tB D B
D M 1D M 2
1 t BL ase r IM
b it 0b it 1 d ec o y
Optical scheme: coherent one way
Pulse generation
250 ps
Tfwhm=138 psHigh-Speed Intensity modulation
Rapid sine-gating single photon counter
Short gates (100 ps)Low noise and afterpulsingHigh count rates (10 MHz)
Rapid gating detector
AES-GCM Encryption
•Basic AES: 1 – 2 Gbps
x20 pipelining: requires feedback-free Encryption mode
x4 parallelization: data-independent partitioning
Counter Mode
•Basic Authentication: 4 – 8 Gbpsx4 pipelining
x4 parallelization
4 Galois field multipliers
(x128+x7+x2+x+1)
•Two engines for En- and Decryption
How to reach 100 Gbps
AES-GCM Encryption
•Basic AES: 1 – 2 Gbps
pipelining: 20x speedup: 32 Gbps mode
x4 parallelization: data-independent partitioning
Counter Mode
•Basic Authentication: 4 – 8 Gbpsx4 pipelining: 4x speedup: 28 Gbps
x4 parallelization
4 Galois field multipliers
(x128+x7+x2+x+1)
•Two engines for En- and Decryption
How to reach 100 Gbps
AES-GCM Encryption
•Basic AES: 1 – 2 Gbps
pipelining: 20x speedup: 32 Gbpsnc
x4 parallelization: 4x speedup: 128 Gbps
•Basic Authentication: 4 – 8 Gbpsx4 pipelining: 4x speedup: 28 Gbps
parallelization: 4x speedup 112 Gbps
How to reach 100 Gbps
AES-GCM Encryption
•Final AES up to 128 Gbps
Using Counter ModeAdvantage: no feedback loops
x4 In combination with Galois FieldAuthentication : Galois/Counter Mode
(GCM)
•Final Authentication up to 112 GbpsBased on operations on the Galois Field defined by x128+x7+x2+x+1
•Two engines for En- and Decryption
How to reach 100 Gbps
AES-GCM Encryption
Performance of Encryption coreAES AES-GCM Target
Max. Frequency 250 MHz 220 MHz 200 MHz
Max. Throughput 128 Gbps 112 Gbps 102 Gbps
AES AES-GCM Stratix IV GT
Logic usage 10 kALM 30 kALM 212 kALM
Block Rams (9kbit blocks) 322 322 1’280
Resource usage in target FPGA
ALM = adaptive logic module (2 Flipflops / 1 8-Input Lookup Table / 2 Adders)
100Gbps Interface
User side: 10 x 10Giga Ethernet channels through 10 SPF+ optical modulesClient side: 1 x 100Gbps channel using WDM optical module feeds with 10
high-speed serial links @ 10Giga
All synchronization and channels splitting made into the FPGA
FPGA Design
100G Fast Encryption BoardPCB: 24 layers, 52 high-speed serial links, 10 power supplies FPGA main power supply: 0,95V @ 40AmpCommunication links: 8x SFP+ & 2x XFP @ 10Giga
1x CXP & 1x CFP @ 100Giga22x High-speed serial @ 6.5Giga
Case 19 '' and 4U with embedded PC
Hardware (24 layers) with a FPGA (1932 balls)
1 to M Network Ports
Ethernet 1/10/40/100 G
1 to N Local Ports
Ethernet 1/10/40/100 G
FC1/2/4/8/10 Key Manager
with Quantum and/or Conventionals Keys
1 to M Network Ports
Ethernet 1/10/40/100 G
1 to N Local Ports
Ethernet 1/10/40/100 G
FC1/2/4/8/10
enCryptor
First tests for the encryption hardware
at start of 2011!
Software VHDL
enCryption Highlights
Conclusions• Quantum optics offers true randomness and
intrinsic confidentiality Let’s exploit those gifts of Nature !
• Goal: Secure high-speed communication for the 21st century.
1.25 Gbps on the quantum level 0.128 Tbps on the classical level
• Complex project involving : - advanced classical optics - world level high rate single photon detection - world level fast cryptographic algorithms - highly nontrivial interfaces