Method and system for performing a secure key relay of an encryption key

Abstract

A method and system for performing a secure key relay of an encryption key, K, provided by an initial node, KN, and used by an encoding unit (ENC) of a first data transceiver for encoding plain data, P, to provide encrypted cipher data, C, transported via a data transport link, DTL, to a decoding unit (DEC) of a second data transceiver which decodes the transported cipher data, C, using the relayed encryption key, K, provided by a terminal node, KN, as a decoding key to retrieve the plain data, P, wherein the relay of the encryption key, K, from the initial node, KN, to the terminal node, KN, is performed by means of intermediate relay nodes, KN, KN. . . KN, and comprises the steps of sharing (S) QKD-keys, K, between the nodes via secure quantum channels, QCH, of a quantum key distribution network, QKDN; performing (S) encryption of shared QKD-KEYS, K, at the initial node, KN, and at each intermediate relay node, KN, KN. . . KN, and blinding them with a blinding value, S, of the respective node to provide an encrypted cipher key, CK, by the initial node, KN, and by each intermediate relay node, KN, KN. . . KN; distributing (S) or pre-distributing the blinding values, S, of the initial node, KN, and of each intermediate relay node, KN, KN. . . KN; transmitting (S) the encrypted cipher keys, CK, of the initial node, KN, and of each of the intermediate relay nodes, KN, KN. . . KN, to the terminal node, KN; performing (S) by the terminal node, KN, logic operations on reconstructed or pre-distributed blinding values, S, on the basis of the encrypted cipher keys, CK, received by the terminal node, KN, from the initial node, KN, and received from each of the intermediate relay nodes, KN, KN. . . KN, to provide the encryption key, K, used by the decoding unit (DEC) of the second data transceiver as a decoding key to retrieve the plain data, P.