IG.18混合（QKD和PQC）场景的机遇和挑战

Version 1.0 20 October2024 This is aWhitepaperof the GSMA Security Classification:Non-Confidential Access to and distribution of this document is restricted to the personspermitted by the securityclassification. This document is subject tocopyright protection. This document is to be used only for the purposes for which it has been supplied and information contained in it must not bedisclosed or in any other way made available, in whole or in part,to persons otherthan thosepermitted under the securityclassification withoutthe prior written approval of the Association. Copyright Notice Copyright ©2024GSM Association Disclaimer The GSM Association (“Association”) makes no representation, warranty or undertaking (express or implied) with respect to anddoes not acceptany responsibility for, and hereby disclaims liability for the accuracy or completeness or timeliness of the information contained in this document.The information contained in this document may be subject to change without prior notice. Compliance Notice The information contain herein is in full compliance with the GSM Association’s antitrust compliance policy. GSM AssociationIG.18Opportunities and Challenges for Hybrid (QKD and PQC) Scenarios Table of Contents 1.Introduction 1.1.Overview and scope1.2.Intended audience1.3.Abbreviations1.4.References 3344 2.Terms and Definitions2.1.What’s QKD?2.2.What’s PQC?2.3.How is the term “Hybrid” used? 777 3.Taxonomy on Hybrid Security 8 3.1.Security primitives3.2.Physical Security subsystem3.3.Organizational subsystems3.4.Overall security systems3.5.Hybrid security systems 88899 4.Hybrid security solutions integrating PQC and QKD 4.1.Key combination approaches104.2Authentication in a QKD protocol104.2.1PQC to initialize the QKD authentication key124.2.2Symmetric ITS Methods to initialize the QKD authentication key14 5.Overview of state of standardizationon key combination 5.1.ITU-T5.2.ETSI5.3.IETF5.4.NIST 6.Proof-of-Concepts on Hybrid QKD-PQC 6.1.Example 1 of hybridization PoC6.2.Example 2 of hybridization PoC6.3.Example 3 of hybridization PoC6.4.Example 4 of hybridization PoC 7.Conclusions and Recommendations AnnexADocument Management23Annex A.1 Document History23 1.Introduction Quantum Key Distribution (QKD) is a security technology based on quantum physics tosecurelyestablish symmetric encryption keys.This technology in principle allows theagreementof cryptographic keys between two remote parties with information-theoreticsecurity, guaranteed by the fundamental laws of physics.These keys can then be usedsecurely with conventional cryptographic algorithms. Post-quantum cryptography (PQC) refers to cryptographic algorithms which are resilient toattacks by quantum computers.In other words, unlike QKD, PQC relies on algorithms that aretoo complex for quantum computers to crack. PQC is still in active development, and it’scurrently undergoing standardization by NIST. Also, the model of Post Quantum TelcoNetwork is under definition and development [GSMA4] These two technologies, i.e., QKD and PQC arelikely to be consideredpillars complementingeach otherin hybrid security scenarios.Thescope of this report is to analyse opportunitiesand challenges in Hybridsecurity scenarios based on the combined used of QKD and PQC. It is important to underline that simultaneous use of PQC with QKD is permissable and inalignmentwith the the current state of the European Commission draft document:recommendation on a Coordinated Implementation Roadmap for the transition to Post-Quantum Cryptography[EC-1]. It should be mentioned that, in general, the term hybrid security is used, incryptography,withseveraldifferent meanings.Acleartaxonomy of thesemeanings is required (and evenstandardised)forbetteranalysing theoptions of theso-called QKD-PQC hybrid securityscenarios. 1.1.Overview and scope Scope of this report is to analyseopportunities and challenges in Hybrid security scenariosbased onthe combined use of QKD and PQC. Before that, a taxonomy of the meanings of the term“hybrid”has to be providedin the contextof security, in order to fix the analysisof this white paper.Having established this,weprovidean analysis of the state of art of the international activities carried out by existing projects,industry bodies and standard fora. Examples of analysisof hybrid security scenarios based on the combined used of QKD andPQCinclude the following questions: •to understandchallenges and opportunitiesof the combined used of QKD and PQC.•to get a picture of the state of the art and the experiments.•To provide a picture of current activities in the standards(e.g., ITU, ISO, IETF, ETSI,CEN-CENELEC…)with theaim at identifying gapsand proposingsynergies to avoidoverlapping efforts. 1.2.Intended audience Theintendedaudience for this documentincludes mainlystakeholders in the telecom industry,stakeholders in the supply chain, industry analysts, industry regulators,security policymakers,and security researche