Objectives:

Contribute to the development of the standard library for quantum-safe algorithms, libOQS (O5.4)

Develop QRNG-based certificate authority solution and deploy it for concrete use cases (O4.2)

Develop QKD-based VPN solution and deploy it for concrete use cases (O4.3)

Develop QKD-based SSH solution and deploy it for concrete use cases (O4.4)

Description:

WP7 contains specific activities related to advanced use-case development contributing to O4 and O5 and it is led by UPT. As the consortium includes the top computer science and computer engineering university departments in the country, it is uniquely poised to carry on advanced use cases requiring dedicated software development. As such, WP7 is initiated in M10 with a task, T7.1, related to contributions to the main library for quantum-safe algorithms, namely libOQS on topics such as offline usage of QKD material, as well as developments related to postquantum algorithms, also contribute to OpenQKD. LibOQS is a gateway towards more advanced applications such as quantum-based VPN, SSH or PKCS X.509 web certificates and the consortium will use such opportunity to coordinate with other entities in member states and beyond in order to develop the future protocols that will underpin the future quantum Internet. A second task, T7.2, develops a solution to enable the integration of QRNG chips into X.509 certificate generation, which will be exploited in the third task, T7.3, to deploy certificate authorities at UPB, UB, UBB, UTC-N, UAIC, TUIasi, UPT, UVT, UCv and IFIN-HH. Another development task, T7.4, oversees the development of a VPN solution based on PQCrypto VPN that would allow users to utilize a wide array of applications such as video conferencing, which will be deployed in most use cases as part of the next task, T7.5. Finally, a third direction for advanced use cases deals with a solution for QKD-based SSH based on the libOQS implementation of OpenSSH, which will be exploited as part of the last task, T7.7, in distributed computing applications such as between UPB and IFINHH, between TUIasi and IMAGO-MOL, or between UCv and ClusterPower. The monitoring function for WP7 is provided by WP5 through RoNaQCI monitor which aggregates usage metrics from the developed applications and allows risk mitigation as controlled by WP1. Intended project exploitation will continue well beyond the scope of the project and thus WP completion occurs at the end of the project producing critical paths associated with the actual use case deployment in T7.3, T7.5 and T7.7. (see Fig. 2) Equipment involved in WP7 includes QRNG chips.

Tasks:

T7.1 LibOQS: Development Contributions Participate in libOQS and application stack development to further develop, integrate and test OpenQKD interface as well as postquantum algorithms complementing RoNaQCI.

T7.2 QRNG: X.509 Certification Authorities Solution Development - Develop, integrate and test a solution using a quantum random number generator as an entropy source for a hardware security module to provide a libCryptoki PKCS interface for higher level applications such as keytool. Deploy X.509 certification authorities by signing certificates with keys generated using the QRNG solution.

T7.3 QRNG: Secured Certificates - Deploy, test and use certificates for involved partners. Application/website issued by RoNaQCI QRNG-based X.509 CAs.

T7.4 VPN: OKD SSL OpenVPN Integration Solution Development - Design and develop software using OpenQKD to enable users to create, manage and use key buffers that are filled while connected to RoNaQCI and later exploited away from RoNaQCI, such as in a work-from-home scenario. Develop, integrate and test a solution using RoNaQCI network, OpenQKD and libOQS implementation of OpenSSL, and PQCrypto VPN fork of OpenVPN to enable users to create, manage and use VPN tunnels to secure arbitrary traffic using RoNaQCI.

T7.5 VPN: QKD VPN Secured Communication - Deploy, test and use QKD VPN tunnels to secure traffic for all involved use cases (all 19 metro qkd links will benefit).

T7.6 SSH: OKD OpenSSH Integration Solution Development - Develop, integrate and test a solution using RoNaQCI network, OpenQKD and libOQS implementation of OpenSSL, and OQS-OpenSSH fork of OpenSSH to enable users to create, manage and use SSH connections with an aim to secure shell traffic using RoNaQCI.

T7.7 SSH: OKD Quantum Security for distributed computing Integrate, test and use OpenSSH solution in distributed computing system for specific use cases: UPB-IFIN-HH, UCv-PowerCluster and TUIasi-Imago-Mol.

Lead beneficiary:

University Politehnica of Timisoara (UPB)