Design principles of network quantum key distribution protocols

In this paper, we consider design principles of network quantum key distribution protocols based on the usage of trusted intermediate nodes. Quantum networks in practice are not able to produce quantum keys for an arbitrary pair of nodes. This implies the concept of the so-called quantum-protected keys. Basic protocol for making quantum-protected key distribution is a secure transfer of random key components. We generate from these components the final pairwise key using suitable key derivation functions. Component transfer is secured by quantum keys obtained for each network segment by some QKD-rotocol. To avoid additional threats the basic protocol is symmetrized providing an equal participation of both nodes in a pair. This essentially contributes to a key agreement. More secure protocols are achieved in the process of mixing components obtained from different secure paths. Namely, the pairwise keys are derived not only from the components protected by quantum keys, but also from those transmitted by alternative secure channels. Thus the cryptoagility is implemented.