QKD Entity Source Authentication: Defense-in-Depth for Post Quantum Cryptography

Quantum key distribution (QKD) was conceived by Charles Bennett and Gilles Brassard in December of 1984. In the ensuing 39 years QKD systems have been deployed around the world to provide secure encryption for terrestrial as well as satellite communication. In 2016 the National Institute of Standards and Technology (NIST) began a program to standardize a series of quantum resistant algorithms to replace our current encryption standards thereby protecting against future quantum computers breaking public key cryptography. This program is known as post quantum cryptography or PQC. One of the tenets of cybersecurity is to use an approach that simultaneously provides multiple protections known as defense-in-depth. This approach seeks to avoid single points of failure. The goal of this paper is to examine the suitability of a hybrid QKD / PQC defense-in-depth strategy. A focus of the paper will be to examine the sufficiency of initial QKD hardware authentication (entity source authentication) which is necessary to guard against man-in-the-middle attacks.