ISO, The International Organization for Standardization, just released the first QKD standard! It is ISO / IEC 23837-1 and soon also ISO / IEC 23837-2. As security researchers become more concerned with quantum computers being able to break cryptographic codes and create secure devices, security researchers have developed a security protocol using QKD or Quantum Key Distribution.
What is ISO and IEC?
The International Organization for Standardization (ISO) is an independent, non-governmental international organization that develops and publishes many international standards. These standards ensure the quality, safety, efficiency, interoperability, and consistency of products, services, and systems across various industries. National bodies of ISO or IEC members participate in developing International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in areas of mutual interest. Other governmental and non-governmental international organisations, in liaison with ISO and IEC, also participate in the work.
ISO/IEC 23837 standard
These standards are part of “Information technology security protocols. Security requirements, test and evaluation methods for quantum key distribution”, where 23837-1 is Part 1: Requirements and 23837-2 is Part 2: Evaluation and testing methods.
The proposal document specifies a general framework for the security evaluation of quantum key distribution (QKD) according to the ISO/IEC 15408 series. Specifically, it specifies a baseline set of standard security functional requirements (SFRs) for QKD modules, including SFRs on the conventional network components, the quantum optical components, and the entire implementation of QKD protocols. To facilitate the analysis of SFRs, security problems that QKD modules can face in their operational environment are analysed based on a structural analysis of the security functionality of QKD modules and the classification of QKD protocols.
The SFRs on conventional network components of QKD modules are mainly characterized under the framework of the ISO/IEC 15408 series and also refer to the methodology of ISO/IEC 19790 and relevant standards on the testing cryptographic modules and network devices.