Hello 11bt members,
I presented the PPK proposal this week, and I appreciate the discussion and feedback. That said, I realize I didn’t address some of the raised questions as clearly as I could have during the session, so I’m writing to further elaborate on the proposal and continue this constructive conversation.
1. use case and motivation
A core use case of this proposal is straightforward: APs can leverage PPK obtained via QKD over fibre to enhance security between one another.
In many regions, PQC algorithm standardization is progressing slowly, while QKD devices have already seen real-world deployment across backbone networks, WAN, government scenarios and financial use cases, with proven practical applications.
That is the core motivation behind this proposal: when trusted PPK is available via fibre-based QKD between APs, and standardized PQC algorithms are not yet recognized locally, this trusted PPK can deliver effective security hardening for AP-to-AP communications.
2. PPK usage
By definition, PPK is an out-of-band distributed symmetric key with a minimum 256 bits of entropy. I believe its application can be highly flexible.
In the example included in my proposal, I integrated PPK into the PTK derivation process to enhance traditional and/or PQC algorithms. For reference, IKEv2 mentions PPK-only authentication as a form of authentication credential, but it’s worth noting this approach is insecure in group PPK scenarios.
3. PPK distribution
I want to clarify that this proposal does NOT aim to define PPK distribution mechanisms. PPK distribution relies on out-of-band methods, which fall fully outside the scope of this standard.
4. QKD extended applications
It seems to me that QKD devices can be paired with KDC to expand use cases to broader scenarios, including mobile devices, and several companies have already launched commercial products and solutions for this integration, such as QuantumCTek(https://www.quantum-info.com/solution/solutionq/qitalingyuyingyong/). But I think that is out of scope and I can’t dive deeper into this extension.
These are my limited thoughts on this topic, and I welcome any corrections, critiques, or further discussions from the group. Thank you again for your valuable input.
Best regards,
Chu-Meng Wang