-
Notifications
You must be signed in to change notification settings - Fork 78
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
QKD Support [Feature Request] #242
Comments
Hi! Thank you for the detailed request. I think it's a topic for further discussion with Rosenpass contributors. This issue is likely to be of particular interest to both @koraa, Rosenpass' founder and lead cryptographer, and Paul Sporeen (aka: aparcar), who does a lot of research work on Quantum Key Distribution for HS Nordhausen. Would you be interested in discussing it further with them? Thanks, |
Hi Alice, that's a very good idea. thanks, |
Please reach out via mail[at]aparcar[dot]org |
@nean-and-i You already wrote a long intro message. How about a quick mail to @aparcar 's email and to karo at rosenpass dot eu so we can follow up by email… |
@koraa @aparcar thanks, very much appreciated! |
@koraa @AliceOrunitia Im interested in learning more about this journey, can I take part in this thread? |
Support for Quantum Key Distribution (QKD) [Feature Request]
This is a feature request for Rosenpass to facilitate the exchange of
key_ID
provided by Quantum Key Distribution (QKD) Key Management System (KMS) via ETSI-014, over a secure PQC (Post-Quantum Cryptography) channel.Background:
The objective is to enable Rosenpass to handle the exchange of
key_ID
associated with QKD-generated keys. This enhancement would establish Rosenpass to become a standard solution for both Post-Quantum Cryptography (PQC) and Quantum Key Distribution (QKD) additions to WireGuard.Workflow:
Key Provisioning from QKD KMS:
QKD-KMS-Alice
, will provide the keys for Pre-Shared Key (PSK) through a REST API call, adhering to the ETSI-014 specification (refer to ETSI014 specification).key_ID
and an actual QKD-generated symmetrickey
, both are identical at bothLocation-Alice
andLocation-Bob
.Exchange Process:
Location-Alice
will need to transmit thekey_ID
toLocation-Bob
.Location-Bob
can then leverage the receivedkey_ID
to queryQKD-KMS-Bob
for the corresponding symmetric key. Thekey
will subsequently be utilised as the Pre-Shared Key (PSK
) on both location.Result:
Location-Alice
andLocation-Bob
.By integrating QKD support into Rosenpass, this feature request facilitates the use of QKD-generated symmetric keys as
PSK
Examples
KMS REST API calls respecting ETSI014
Location Alice: Get-New-Key-Request
curl --url https://$KMS/api/v1/keys/$SAE_ID/enc_keys --cacert $CACERT --cert $CERT --key $KEY --header "Content-Type: application/json"
Result:
Location Alice -> Location Bob: use Rosenpass for PQC secured
key_ID
exchangeLocation Bob: Get-Key-Via-Key_ID
curl --url https://$KMS/api/v1/keys/$SAE_ID/dec_keys?key_ID=$KEYID --cacert $CACERT --cert $CERT --key $KEY --header "Content-Type: application/json"
The text was updated successfully, but these errors were encountered: