1

For a practical QKD implementation where OTP has been chosen for encrypting, how are key sizes determined?

Say, for example, Alice wishes to exchange xGB to Bob, then a key management system should already have xGB worth of OTP key material ready to use from a larger pool of shared key material. If so, then how is this key material built up using QKD? Is it (a) built in a monolithic style, where post processing is conducted on keys of arbitrary length, or is it (b) build up from smaller keys individually post processed? (Error correction method is arbitrary).

If (b) is the correct answer, then what is a typical/optimal individual key size?

Niall Canavan
  • 13
  • 3

1 Answers1

2

Welcome Niall :-)

It's worthwhile visiting https://crypto.stackexchange.com/a/67525/23115 first as there is some confusion on how QKD works. Look specifically at the single quantum channel between Alice and Bob.

There is no extant store/reserve of key material. Generating such a pool is the whole purpose of QKD. It is initiated by Alice's RNG, transferred over the optical channel and accumulated at Bob's digs after sifting and verification.

This can occur logical bit by logical bit at any arbitrary rate (currently up to some Mbps). Thus there is no "key size" as such. That notion may have come to you from the fact that commercial QKD systems like this one use slower quantum transmission to generate/exchange keys for much faster traditional cryptography such as AES. That then operates over conventional network infrastructure.

Paul Uszak
  • 15,905
  • 2
  • 32
  • 83