Disaggregated Architecture of Post-Quantum Security for Optical and Packet Transport Equipment

Abstract

The advent of quantum computers has raised the risk of eavesdropping and made it essential to apply post-quantum security to most communication services. Encryption processing is not a single function as it includes key exchange functions (e.g., PQC and QKD) and encryption protocols (e.g., IPsec, MACsec, and L1 encryption), and it is necessary to combine these functions to suit the requirements of each service. However, the encryption protocols of existing optical & packet transport equipment are vertically integrated and cannot be altered easily. In this paper, we propose a disaggregation architecture of post-quantum security for optical and packet transport equipment. By separating key management functions from their implementation, the architecture enables more secure encrypted communication by using more secure key exchange methods and implemented encryption protocols. In addition, we also propose a key splitting method that eliminates the impact on communication in the event of a failure due to the functional separation provided by the method; it supports various encryption ciphers. By using this method, key update can be continued even after a communication break interrupts key exchange. We show that 96Gbps traffic can be encrypted without error.