QKD technology is being increasingly adopted inside the network core for protecting information transport against any form of computational attacks. However, the use of QKD for wide-area internetworking is still challenging and costly, due to its strong trust assumptions and the low achievable key rates in long QKD links. This paper presents a standards-driven design and implementation of a unified hybrid key delivery service for a network of isolated QKD domains (subnetworks using QKD as provider technology for secret key generation) connected via classical WAN links. The framework follows a distributed architecture and uses a hybrid approach where keys generated in a domain are securely relayed to other domains with PQC (Kyber), dynamically routed, and managed at the system level. The solution has been implemented in an operational testbed comprising three regional subnetworks. We present the design principles, the deployment, and the experimental performance results for this scalable key delivery service.

翻译：量子密钥分发（QKD）技术在网络核心中得到日益广泛的应用，以保护信息传输免受任何形式的计算攻击。然而，由于QKD在长距离链路上存在较强的信任假设且可实现的密钥率较低，其在广域互联中的使用仍具有挑战且成本高昂。本文提出了一种基于标准的统一混合密钥交付服务的设计与实现，该服务适用于通过经典广域网链路连接的隔离QKD域（将QKD作为密钥生成提供技术的子网）构成的网络。该框架采用分布式架构并运用混合方法：域内生成的密钥通过后量子密码（Kyber）安全中继至其他域，实现动态路由及系统级管理。该解决方案已在包含三个区域子网的运行测试平台上实施。我们阐述了该可扩展密钥交付服务的设计原则、部署方案及实验性能结果。