Quantum Key Infrastructure: A scalable quantum-proof key distribution system

We propose and implement a protocol for a scalable, cost-effective, information-theoretically secure key distribution and management system. The system, called Quantum Key Infrastructure (QKI), relies on pre-shared random numbers between QKI clients and a group of Quantum Entropy Managers (QEMs). Any group of QKI clients can use the QKI protocol to distill from the pre-shared numbers a secret key. The clients are protected from QEM compromise via a secret sharing scheme that allows the creation of the final key without the need to trust individual QEMs. Precisely, if the number of compromised QEMs does not exceed a certain threshold, confidentiality is guaranteed to QKI clients and, at the same time, robustness against denial-of-service (DoS) attacks. The QKI system can be used for quantum-secure communication, can be easily integrated into existing network infrastructures, and can support arbitrary groups of communication parties that have access to a key. We discuss the high-level protocol, analyze its security, including its robustness against disruption. A proof-of-principle demonstration of secure communication between two distant clients with a QKI-based VPN using QEMs on Amazon Web Server (AWS) nodes thousands of kilometres away from them was performed, demonstrating the feasibility of QKI-enabled secret sharing one-time-pad encryption with a data rate above 50 Mbit/s and a latency below 70 ms.