Papers
Topics
Authors
Recent
Search
2000 character limit reached

PQC-Enhanced QKD Networks: A Layered Approach

Published 7 Apr 2026 in quant-ph and cs.CR | (2604.05599v1)

Abstract: We present a layered and modular network architecture that combines Quantum Key Distribution (QKD) and Post-Quantum Cryptography (PQC) to provide scalable end-to-end security across long distance multi-hop, trusted-node quantum networks. To ensure interoperability and efficient practical deployment, hop-wise tunnels between physically secured nodes are protected by WireGuard with periodically rotated pre-shared keys sourced via the ETSI GS QKD 014 interface. On top, Rosenpass performs a PQC key exchange to establish an end-to-end data channel without modifying deployed QKD devices or network protocols. This dual-layer composition yields post-quantum forward secrecy and authenticity under practical assumptions. We implement the design using open-source components and validate and evaluate it in simulated and lab test-beds. Experiments show uninterrupted operation over multi-hop paths, low resource footprint and fail-safe mechanisms. We further discuss the design's compositional security, wherein the security of each individual component is preserved under their combination and outline migration paths for operators integrating QKD-aware overlays in existing infrastructures.

Summary

  • The paper proposes a modular design that integrates QKD-derived keys with PQC overlays to achieve quantum resistance and defense-in-depth.
  • Empirical evaluations demonstrate robust performance with rapid setup (<15s for up to 100 hops) and effective failover under degraded network conditions.
  • The architecture eliminates centralized KMS dependency while ensuring scalability, interoperability, and practical deployment in critical infrastructure.

PQC-Enhanced QKD Networks: Layered Cryptographic Architecture for Quantum-Safe Networking

Introduction: Motivation and Problem Space

The convergence of Post-Quantum Cryptography (PQC) and Quantum Key Distribution (QKD) into unified communication infrastructures is motivated by the impending obsolescence of classical public-key schemes (e.g., RSA, ECC) under quantum adversaries. PQC protocols, while robust against polynomial-time quantum attacks, retain residual risk from unanticipated cryptanalytic advances or future weaknesses in mathematical primitives. In parallel, QKD offers information-theoretic key establishment based on quantum phenomena, but with significant operational constraints, notably the need for trusted relay nodes (TNs) and exposure to physical-layer vulnerabilities.

The paper proposes a modular, Key Management System (KMS)-free architecture that composes QKD-derived per-hop symmetric keys with end-to-end PQC-secured overlays, leveraging standardized interfaces to facilitate gradual migration and interoperability. The design is tailored to multi-hop, long-distance networks with trusted nodes, addressing composability, inter-domain segment protection, and operations without modifying existing QKD hardware/protocol stacks.

Layered Architecture Overview

The proposed framework establishes three cryptographic strata:

  • Hop Layer: WireGuard tunnels are deployed between adjacent physically-secured TNs. Their pre-shared keys (PSKs) are provided via ETSI GS QKD 014-compliant APIs, with periodic PSK rotation ensuring forward secrecy at the link layer.
  • End-to-End Layer: On top of the hop-by-hop tunnels, Rosenpass performs a PQC key exchange (using Classic McEliece for authentication and Kyber for confidentiality), establishing an end-to-end protected data channel. This enables PQC-level session confidentiality traversing the QKD/PSK-secured backbone.
  • Application Layer: Data and application protocols are encapsulated atop the composite quantum-safe substrate. No modifications to upper-layer protocols or applications are required. Figure 1

    Figure 1: Conceptual schema illustrating separation and stacking of classical, QKD-protected, and PQC-based cryptographic layers.

The strict separation between hop-domain (QKD) and end-to-end (PQC) cryptographic state provides defense-in-depth. Individual compromise is insufficient for session recovery by an adversary; the adversary must simultaneously break both physical (QKD+TNs) and algorithmic (PQC) layers.

Routing, Composition, and Multi-Hop Networks

The network is realized as a composition of sequential QKD-enabled WireGuard tunnels, with intermediate TNs solely relaying hop-protected payloads. Figure 2

Figure 2: Layered network diagram including end nodes (Alice, Bob, Carol), trusted QKD nodes, and last-mile scenarios with non-QKD client access.

Practical deployments, such as in industrial or governmental environments, often necessitate last-mile connectivity for end users lacking direct QKD hardware. These are integrated by connecting via a local trusted QKD node. Routing flexibility—both for PQC overlay establishment and dynamic fallback—enables resilience to TN or link failures, with end-to-end PQC sessions maintained across path changes.

The architecture inherently supports multi-tenancy and path diversity. Endpoints may concurrently instantiate multiple PQC exchanges over distinct QKD hop-paths, utilizing a multi-link strategy to further elevate the attack threshold.

Implementation: Open-Source KMS-Free Stack

The realization leverages open-source software components:

  • WireGuard handles L3 tunneling, offering high efficiency and formal security guarantees for its Noise-based handshake, even with hybrid post-quantum extensions.
  • Arnika mediates between QKD hardware (ETSI GS QKD 014) and WireGuard, performing timed PSK extraction/injection.
  • Rosenpass implements a PQC handshake, deriving session material for the end-to-end channel, with support for classic and PQ-safe primitives (Kyber, Classic McEliece). Figure 3

    Figure 3: Operational flow with three hops: QKD material generation, PSK negotiation via Arnika, hop-wise WireGuard establishment, and PQC end-to-end handshake via Rosenpass.

To protect against key/fallback failure or QKD-level outage, randomized PSK injection is used as a failsafe across the stack, thus preventing silent downgrades or prolonged reuse of compromised material.

Empirical Evaluation and Simulation

Experiments are executed in both physical and emulated environments, establishing proof points for the architectural claims:

  • Prototype Validation: Physical testbed demonstrates successive Rosenpass handshakes across five QKD-backed hops, indicating implementation tractability and the absence of observable cryptosignature bottlenecks at the multi-hop scale. Figure 4

    Figure 4: Testbed configuration employing commercial QKD equipment and multiple daisy-chained trusted nodes.

  • Long-Distance Emulation: Simulations with paths up to 100 TNs show that end-to-end tunnel setup times (10.6\approx10.6s for 100 hops) are bound by the slowest QKD hop, not aggregate hop count, due to parallelization and independent PSK scheduling.
  • Dual QKD Link/Agility: Multiple QKD chains support endpoint-side cryptographic agility (independent Rosenpass implementations, PSK-combining strategies), with data tunnels established in under 10s across two parallelized QKD paths. Figure 5

    Figure 5: Testbed with dual QKD chains and dual (heterogeneous) PQC handshake implementations for endpoint agility and resilience.

  • Degraded Connectivity: The stack maintains link-level and end-to-end session continuity under substantial latency/jitter/loss (300ms RTT, 100ms jitter, 1% loss), contingent on race condition resolution in intermediate software states. Figure 6

    Figure 6: Emulated testbed with degraded QKD and network conditions, validating robustness under adverse operational scenarios.

  • QKD Outage/Failsafe: Simulated QKD component failure shows a controlled failure propagation: PSK expiry and session invalidation occur within tightly-bounded windows (540\sim540s maximum), eliminating persistent exposure.

Security Analysis

The construction achieves a layered security profile:

  • WireGuard ensures strong session authentication, forward secrecy, and robust resistance against classical and quantum adversaries when augmented with external PSKs.
  • QKD provides PSK material with information-theoretic security under hardware and physical assumptions, with hop-wise keying and authenticated distribution per ETSI-014. Compromise requires direct access to both QKD hardware and trusted facility domains.
  • PQC (via Rosenpass) leverages NIST-standardized candidate algorithms (Kyber, McEliece), ensuring session resistance to known quantum attacks. PQC key exchanges are protected in transit by QKD-hardened tunnels, mitigating passive “harvest-now, decrypt-later” threats.
  • Composability Proofs: Breaching end-to-end confidentiality mandates the simultaneous defeat of all cryptographic domains. Disjoint compromise enables only partial session key extraction, not end-to-end recovery.

Contrary to designs employing only PQC or only QKD, the proposed construction asserts that any attacker must compromise both algorithmic and physical trust assumptions simultaneously for session recovery.

Theoretical and Practical Implications

This architecture enables pragmatic quantum-safe deployments in real-world WANs, government/critical infrastructure, and long-haul trusted-node topologies. Its modularity, strict layering, and use of well-supported open-source stacks reduce vendor lock-in and lower operational complexity by removing the need for a KMS layer and associated SDN orchestration.

From a theoretical stance, the work strengthens arguments for cryptographic defense-in-depth as the foundation for post-quantum infrastructure. The design’s strict composability ensures that protocol upgrades (e.g., new PQC suites, alternative L3 tunnels) may occur in isolation, without re-architecting the entire stack.

Future Work

Further research will address carrier-scale simulation, inter-domain AAA integration, and real-world deployments across telecom QKD backbone infrastructure. Evaluating alternative IPsec/MACsec tunnel primitives and PQC handshake variants remains open, alongside long-term scrutiny of PQC and QKD system-level vulnerabilities as standards mature and quantum technology progresses.

Conclusion

This paper introduces a layered, modular network architecture synthesizing QKD and PQC into a single deployable design, validated across physical and emulated topologies. Forward secrecy, rapid setup (<<15s for \leq100 hops), predictable failover, and minimal control-plane overhead are empirically supported. The design eliminates KMS dependency, aligns with standardized interfaces, and advances toward practical quantum-resilient networks, with future scalability and interoperability as compelling directions.

Paper to Video (Beta)

No one has generated a video about this paper yet.

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Collections

Sign up for free to add this paper to one or more collections.