Quantum Key Distribution—A New Target for CC Evaluation (A31a)
Quantum Key Distribution (QKD) provides a solution to expand a short but pre-shared key to establish a sufficiently long key enjoying information theoretic security. The key can then be used to achieve information theoretic or long-term secure communication. With the significant development over the last decades in theory, QKD has been gradually improved from the research stage to real applications (especially those scenarios with high-level security expectations). However, regarding the security evaluation and testing of QKD, though some specifications with other evaluation methodology (e.g., ISO/IEC 19790) are in development, less work has been done under the framework of ISO/IEC 15408, which is not commensurate to the potentially extensive application of QKD technology. By noticing the characteristics of QKD, this talk will discuss the speaker’s experience on security evaluation of QKD, including: How to characterize the assets, assumptions and threats from the view of quantum adversaries with unlimited computation power; How to put the security requirements on the classical crypto components and the optical components for resisting the known threats; How to combine the existing methodology for conformance test of classical crypto modules and vulnerability analysis of quantum components to do testing and give verdict. Furthermore, the presentation will cover the related ISO/IEC JTC1 SC27 standardization project launched in 2017, which is on the second study period currently. This report should inspire more interest in this topic and push the standardization project forward.