Three papers with contribution of the AURORA KMS and SDN team were peer reviewed, accepted and presented at the QCNC 2026 conference.
The first paper is on SDN, proposes key relay path selection and proposes corresponding KPI calculations. The results are evaluated via a simulation, which is available open source (github.com/ait-crypto/sdn-path-finding-simulation). Presented at QCNC 2026 and published in IEEE, DOI: 10.1109/QCNC69040.2026.00115. Abstract:
This work addresses the orchestration of large-scale Quantum Key Distribution Networks (QKDNs) using Software Defined Networking (SDN). Building on ETSI and ITU specifications, common best practices and architectures are outlined. The main task of the SDN Controller is to aggregate technical key performance indicators (KPI) from the network and, based on these, select the optimal path. Multiple path selection algorithms, based on Dijkstra or a maximum-minimum capacity algorithm, with built-in load balancing are presented. The algorithms were tested in simulations and their performances, and tradeoffs, are discussed. Additional critical aspects related to SDN controlled QKDNs are discussed, such as query batching, multi-path selection and group key capabilities. An oblivious multi-party protocol is proposed for relay path selection in a multi-domain scenario, so providers don’t have to disclose sensitive information about their QKDN. These contributions aim to enhance scalability, resilience and interoperability in quantum-secure network infrastructures.
Noteworthy results of the Austrian QCI (QCI-CAT) are presented. Among them details on KMS performance. Presented at QCNC 2026 and published in IEEE, DOI: 10.1109/QCNC69040.2026.00025. Abstract:
The European Quantum Communication Infrastructure (EuroQCI) initiative is fostering the deployment of national quantum key distribution (QKD) testbeds across the European Union. In this context, we report on the design, implementation, and evaluation of the Austrian testbed, with a particular focus on advances in key management and applicationlevel integration of QKD. First, we introduce a hybrid key management system (KMS) that combines QKD-derived keys in a decentralized architecture with post-quantum authenticated key exchange, enabling end-to-end hybrid keys while reducing trust assumptions in intermediate nodes. Second, we present three QKD-enabled applications: (i) a secure secret-sharing-based storage system leveraging QKD-protected share distribution, (ii) a QKD-integrated extension of Jitsi employing ETSI GS QKD 014 group keys to reduce overhead in multi-party communication, and (iii) a hybrid QKD/PQC WireGuard-based VPN enabling QKD-secured HSM backup operations without requiring modifications to proprietary HSM protocols. Finally, we describe the deployment of these solutions in a national network comprising a four-node metropolitan testbed and a 200 km long-distance link with trusted nodes, and provide performance measurements for both the network and the hybrid KMS. Together, these results demonstrate the feasibility of integrating QKD into heterogeneous applications and hybrid cryptographic infrastructures.
Within the scope of the QCI-Days 2025 a QCI demonstrator was presented. Noteworthy results are published in that paper. Presented at QCNC 2026 and published in IEEE, DOI: 10.1109/QCNC69040.2026.00038. Abstract:
A multi-vendor, multi-domain Quantum Key Distribution network comprising 15 nodes across three independently managed domains was deployed and operated during QCI Days 2025 in Athens. The large-scale field trial integrated heterogenous QKD technologies, multi-layer Key Management Systems, and SDN-controlled infrastructures into a unified inter-domain architecture enabling cross-domain key exchange and coordination. The setup combined in-rack domain nodes extended to a 4-node field-deployed metropolitan QKD network segment, providing a realistic operational environment for validating end-to-end functionality. Multiple QKD-enabled services were successfully supported across the federated infrastructure, proving the technical feasibility and viability of scalable QKD deployments in inter-domain settings.