Papers
Topics
Authors
Recent
Search
2000 character limit reached

Interconnecting Regional QKD Networks: Hybrid Key Delivery Across Quantum Domains

Published 22 Apr 2026 in cs.NI | (2604.20376v1)

Abstract: QKD technology is being increasingly adopted inside the network core for protecting information transport against any form of computational attacks. However, the use of QKD for wide-area internetworking is still challenging and costly, due to its strong trust assumptions and the low achievable key rates in long QKD links. This paper presents a standards-driven design and implementation of a unified hybrid key delivery service for a network of isolated QKD domains (subnetworks using QKD as provider technology for secret key generation) connected via classical WAN links. The framework follows a distributed architecture and uses a hybrid approach where keys generated in a domain are securely relayed to other domains with PQC (Kyber), dynamically routed, and managed at the system level. The solution has been implemented in an operational testbed comprising three regional subnetworks. We present the design principles, the deployment, and the experimental performance results for this scalable key delivery service.

Summary

  • The paper introduces a standards-driven, hybrid QKD-PQC key distribution architecture that federates isolated QKD networks through secure classical WAN segments.
  • It employs ETSI GS QKD 014/020 APIs for vendor-agnostic integration and demonstrates reliable key relay using Dijkstra/A* routing over a 500 km production testbed.
  • Experimental results reveal keyrates of 2–3 kbps (dropping to ~500 bps on long links) and latencies ranging from 100 ms to 700 ms, underlining practical performance tradeoffs.

Hybrid Key Distribution Across Quantum Domains via Federated QKD and PQC Routing

Introduction and Motivation

The proliferation of Quantum Key Distribution (QKD) networks for confidential communication faces multiple impediments as deployments scale: constrained SKR over long-haul links, inflexible trust boundaries, and proprietary device heterogeneity inhibit robust end-to-end key delivery. While national and continental initiatives (e.g., EuroQCI, Beijing–Shanghai backbone) illustrate the emergence of federated quantum networks, wide-area scaling is precluded by the physical limitations of QKD links and the management complexity of integrating disparate domains.

This work introduces a standards-driven architecture for interconnecting isolated QKD subnetworks (“QKD islands”) via hybrid key routing over classical WAN segments secured with post-quantum cryptography (PQC), specifically Kyber. The solution leverages ETSI GS QKD 014 and 020 APIs for vendor-agnostic integration and achieves geographical federation while decoupling the cryptographic application layer from physical QKD device topology. The architecture is empirically validated through a 500 km production testbed spanning Galicia and the Basque Country.

System Architecture Overview

The proposed key distribution infrastructure is based on a federation of Key Management System Trusted Nodes (KMSTNs), offering a distributed key management layer agnostic to underlying QKD device vendors and topologies. Each KMSTN concurrently supports interfaces to (i) local QKD KMS, (ii) application clients (SAEs), and (iii) peer KMSTNs in remote domains. ETSI GS QKD 014 provides standardized southbound communication (for QKD key retrieval and application provisioning), while ETSI GS QKD 020 specifies the KMS-to-KMS interface for overlay routing.

The key delivery paradigm is hybridized across quantum and classical infrastructure. Keys generated within a QKD island are relayed to remote domains via intermediate KMSTNs; where QKD links are present between nodes, information-theoretic security is maintained, but traversals over classical WAN segments are rendered quantum-safe by encapsulating key material with Kyber-derived PQC session keys (FIPS 203). Figure 1

Figure 1: Map and network topology of the testbed spanning Galicia and the Basque Country, with solid lines denoting QKD-secured links and dashed lines representing PQC-only segments.

The architecture implements explicit separation of vertical (SAE–KMSTN/QKD) and horizontal (KMSTN–KMSTN) trust domains. AES256 with pluggable ephemeral session key derivation (hybrid QKD+Kyber or Kyber-only) ensures each protocol message is protected beyond mTLS. Local key secrecy on KMSTNs is maintained by hardware TPM-backed subkeys, with all key persistence AES-encrypted under TPM-protected passphrases, mitigating software and physical side-channel threats.

Key Routing Protocol

Key negotiation is initiated by a Master SAE requesting session material from its local KMSTN, naming its remote peer. The KMSTN retrieves QKD-generated key blocks from the connected vendor KMS, then determines a multi-hop route to the destination using Dijkstra/A* computed atop the overlay KMS graph. Key forwarding proceeds in a hop-by-hop manner, using ETSI GS QKD 020 encapsulated “post-ext” messages, with per-hop encryption layered (hybrid OTP with QKD keys and Kyber session keys, or Kyber-only) to ensure each traversed segment is protected under quantum-safe assumptions. Each message is uniquely keyed (per-message ephemerality) and IV-salted to defeat replay and statistical attacks. Figure 2

Figure 2: Protocol workflow and message exchange for key relay among federated KMSTNs, detailing SAE/KMSTN interactions across overlay routes.

Error handling is standards-compliant, employing asynchronous ACK containers for delivery notification. Key storage is implemented with SQLCipher (AES256), with TPM-sealed secrets files providing hardware-bound secrecy for database access and optionally field-level QKD key encryption. Fallback to TPM emulation or passphrase prompting ensures deployability across heterogeneous infrastructure, albeit with reduced assurance under software-only attestation domains.

Experimental Deployment and Evaluation

The physical testbed comprises four institutional sites (CESGA, AtlanTTic, ITG, TECNALIA) operating DV-QKD and CV-QKD equipment from different vendors and interconnected via both QKD and PQC-protected classical links. The overlay KMS topology integrates eight KMSTNs, coordinating trusted-node relay for end-to-end key delivery, including one 120 km QKD trunk (the longest in Spain at deployment time). Figure 3

Figure 3: Configuration overview for distributed KMSTN deployment and testbed measurement orchestration.

Quantitative Performance: Keyrate and Latency

Empirical results highlight the throughput and responsiveness constraints inherent to hybrid QKD–PQC federation: at typical links, average keyrates are $2$–$3$ kbps, with the longest QKD span (120 km, CESGA–ITG) reduced to 500\sim 500 bps. Keyrate distributions exhibit substantial skew, with pronounced burstiness reflective of QKD protocol sifting and error correction dynamics, compounded by overlay relaying latencies. Figure 4

Figure 4

Figure 4: Keyrate statistics for KMSTN1 and KMSTN7, characterizing throughput under varied network conditions and technology baselines.

Key delivery latencies are $100$–$140$ ms median for short links but escalate to $500$–$700$ ms for the longest physical connections. Delay distributions are heavy-tailed (substantial probabilities for multi-second trips), especially under concurrent multi-client load, primarily due to key buffer depletion in KMS instances and the bottleneck of QKD key synchronicity. Figure 5

Figure 5

Figure 5: Delay statistics for key requests from diverse KMSTNs, highlighting median and tail behavior per node.

Short-term latency variability is further illustrated by per-node rolling window analysis, confirming non-negligible jitter (20–100 ms) even in best-case scenarios. Figure 6

Figure 6: Real-time rolling average of key request latency with sample-wise standard deviation shading for a representative KMSTN.

High-concurrency experiments reveal dispersion (and failures) due to node-level key starvation, with batch-injected application-level requests either rapidly fulfilled from buffer, queued until key regeneration, or triggering KMS error cascades. Figure 7

Figure 7

Figure 7

Figure 7

Figure 7

Figure 7

Figure 7: Latency scatter and failure distribution for simultaneous concurrent key requests to various KMSTNs.

Strong statistical dependence is established by correlating keyrate and error metrics against concurrency and aggregate request load. Systematically, increased burst size and concurrency degrade average keyrate and increase error/failure rates, underscoring the necessity for congestion control and buffer-aware request throttling in practical deployments. Figure 8

Figure 8

Figure 8: Pairwise correlation matrices showing concurrency and request volume effects on SKR, error rate, and delay statistics.

Architectural Insights and Security Considerations

The architectural decoupling of QKD generation from the federated key delivery overlay enables domain-agnostic interoperability. All overlay control and data-plane operations conform strictly to ETSI 014 and 020, which streamlines integration with legacy vendor pools and commercial KMS appliances without intrusive modification.

Portability is realized through containerized deployment and configuration-driven topology management; TPM-backed key stores are seamlessly integrated into the container runtime, and the system is robust against accidental or trivial misconfiguration.

However, several limitations are inherent in the present implementation. Overlay routing is statically computed and does not adapt reactively to real-time KMS buffer state or network load. The trusted-node paradigm necessarily enlarges the trust boundary, and horizontal authentication for KMSTN–KMSTN channels does not yet realize native QKD/PQC authentication at the application-protocol level. While TPM-sealed secrets harden local key persistence, compromise of the runtime or hardware root-of-trust remains a pertinent concern.

Theoretical and Practical Implications

The demonstrated system models a viable template for continent-scale quantum-safe infrastructure: hybridized overlay key relay virtualizes the logical quantum channel, alleviating the exponential fiber loss scaling of repeater-less QKD, and obviates geographic continuity for secure WAN federation. The containerized, standards-aligned stack positions the architecture for operator and carrier adoption, with direct applicability to forthcoming EuroQCI and analogous initiatives.

Future directions must focus on dynamic, state-aware routing mechanisms for key relay (potentially exploiting policy-driven SDN control loops), enhancements to device- and protocol-level quantum-safe authentication, and systematic scaling to handle many-domain topologies and high concurrency under realistic traffic models. Direct integration with higher-layer security protocols (e.g., IPsec, TLS) will enable comprehensive post-quantum secure stacks.

Conclusion

This work systematically demonstrates the design, implementation, and operational validation of a federated QKD and PQC hybrid key distribution architecture capable of bridging isolated QKD domains via quantum-safe WAN relays. The architecture is standards-compliant (ETSI GS QKD 014/020), supports modular overlay deployment, and substantiates practical keyrate and latency tradeoffs essential for wide-area quantum-safe networking. By extending the applicability of QKD beyond direct optical reach without sacrificing interoperability or security, this system represents a robust foundation for scalable future quantum communication infrastructures.

Paper to Video (Beta)

No one has generated a video about this paper yet.

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Collections

Sign up for free to add this paper to one or more collections.