1 Introduction
Based on the quantum key distribution (QKD) technology with the intrinsic characteristics of pointtopoint (P2P) bennett2014quantum , building a quantum secure communication network (QSCN) with multiple QKD devices is a prevailing solution to overcome the limits of node scale and the communication distance elliott2005current ; elliott2005current ; alleaume2009topological ; dianati2007architecture ; sasaki2011field ; chen2017experimental . Since the stateoftheart QKD technology has been able to support many applications at distances of several hundred kilometers in the P2P mode, those achievements have made it possible to establish a QSCN upon an existing complex classical network. For instance, the key distribution rate of one QKD device could reach 10 Mbps yuan201810 and 1Mbps dixon2010continuous at the distribution distance of 10 km and 100 km, respectively. Additionally, the key distribution distance of one QKD device could reach 404 km in optical fiber yin2016measurement and even reach 1200 km in free space liao2017satellite . As to the existing QSCNs, the node scale has expanded from 6 nodes peev2009secoqc ; sasaki2011field to 56 nodes razavi2018introduction , and the communication distance have extended from 19.6 kilometers peev2009secoqc to 2000 kilometers razavi2018introduction . With the growing scale and complexity of QSCNs,the aforehand modeling and simulation become crucial for the functional verification, the deployment optimization of QKD devices, the project time and cost control, the network quality assurance, etc. watanabe2006security ; dianati2008architecture ; diamanti2016practical .
Unlike the field of classical networks, the modeling and simulation in the field of QSCN have not drawn many attentions maurhart2013new ; yang2017qkd ; mehic2017implementation . A simple trust relaying salvail2010security ; scarani2009security based QSCN model was built by Yang et al. in 2017 yang2017qkd to calculate the key consumption cost of a dynamical routing scheme. In the literature yang2017qkd , the key generation capability was set to be endless when the key consumption of a pair of partners was evaluated, which is not realistic in a practical QSCN. Taking the limited key generation capability of QKD device into account, a relatively complete QSCN model mehic2017implementation was proposed and implemented by Mehic et al. based on the Network Simulatorversion 3 (NS3) henderson2008network in 2017. In the mehic2017implementation
, the key generation and traffic generation have been simulated to estimate network performance. However, the assumptions about the key generation capability and traffic demand are unreasonable. In addition, the network performance was only measured by routing cost and packet delivery ratio (PDR), which cannot indicate the characteristics of QSCN.
In a practical QSCN, the most important performance depends on whether the QKD key generation capability can meet the traffic demand gelfond2012key . However, the modeling of traffic demand, key generation capability and their relationship have not been studied thoroughly in previous studies on QSCN. The main defects in the existing studies include the following. Firstly, the endtoend (E2E) traffic demand is modeled by a constant which cannot describe the volatility of the network. Secondly, the P2P key generation capability is modeled by the performance of the QKD postprocessing system without taking into account the effects of QKD optical system performance. Thirdly, there are still lack of suitable performance indicators to measure the relationship between the E2E traffic demand and P2P key generation capability. Fourthly, only one pair of terminal partners communicate in the simulation, which fails to reflect the whole status of a practical multiparty network.
In this paper, a practical QSCN model is proposed, in which the volatility of the E2E traffic demand is modeled by the Poisson stochastic process, and the P2P key generation capability is modeled by the GLLP theory. In addition, two performance indicators: ITS communication capability and ITS communication efficiency are proposed to evaluate the special allround performance of a QSCN. Finally, a QSCN simulation in the view of the whole network is designed to verify the accuracy of the proposed QSCN model and the necessity of the proposed performance indicators.
The rest of this paper is organized as follows: Sec. 2 gives the definition and basic characteristics of QSCN. Sec. 3 describes the practical QSCN model by proposes traffic generation module, key generation module and two performance indicators. Sec. 4 designs a simulation to analyze the network performance in detail based on the QSCN model. Sec. 5 concludes this study and outlines the future works.
2 Definition of quantum secure communication network
In many studies, both terms of QSCN and QKD network are used to indicate the communication network based on QKD device. For the sake of better argument, QKD network is defined as a set of infrastructures for generating ITS key based on the laws of quantum mechanics poppe2008outline
in this paper. The QSCN is defined as a network that provides the secure communication service utilizing the keys generated by QKD network. In order to achieve the ITS secure communication, the onetimepad (OTP) encryption algorithm is adopted in the performance analysis in this paper. If ITS is not pursued in an application, the popular encryption algorithms, such as AES, DES and etc., are also acceptable. The QSCN consists of two parts: QKD network and classical network
mehic2017analysis , shown as Fig. 1.Similar to the traditional classical network, QSCN mainly consists of terminals, switches, links, and protocols mchale1997communication . The functions of each component are introduced as follows.

The terminal is the interface between a user and a communication network, which is mainly used to transmit and receive data. In the QSCN, the terminal is abstracted as a node, which can be a source node for data transmission or a destination node for data reception.

The switch is the network device with the function of finding the next receiver and forwarding the data. In the QSCN, the switch needs to be completely trustable and can be abstracted as a trusted relay, which is used to forward data.

The link refers to the medium of data communication between terminals. In fact, it includes not only a physical channel but also various communication devices, such as modulators and controllers. In the QSCN, it is abstracted as a P2P channel.

The protocol defines the series of rules that enable the network to work properly. In the QSCN, it mainly includes packet protocol and routing protocol.
3 Quantum secure communication network model
The biggest difference between the QSCN and classical network is that the classical communication of QSCN consumes the keys generated by QKD layer. This leads to the performance of the QSCN ia closely limited by the matching degree between the traffic demand and key generation capability. In fact, the traffic demand in the QSCN is from E2E partners, while the key generation capability is decided by P2P links. In order to describe the network performance more accurately, this paper proposes a practical QSCN model, shown as Fig. 2.
In the QSCN model, the function of Traffic generation module is to model the E2E traffic demand of classical network, and the function of Key generation module is to model the P2P key generation capability of the QKD network. In addition, the relationship between these two functions will be measured by two proposed performance indicators. The schemes of other modules, such as routing protocols, data encryption/decryption, etc., can be borrowed from the traditional classical network model.
3.1 Traffic generation module
Due to the neglect of the relationship between key generation and key consumption, the traffic demand of the classical communication weigle2006tmix ; varet2014generate ; bonelli2005brute ; ammar2011new ; botta2012tool has not attracted enough attentions in the field of QSCN. A reasonable traffic demand model of the classical network is designed in this section.
The packet transmission process can be assumed to satisfy the following three conditions weigle2006tmix :

In the nonoverlapping time period, the numbers of transmitted packets are independent variables.

In an arbitrarily short time
, the probability of transmitting a packet is independent of the starting time and only proportional to the length of the time period.

In an arbitrarily short time , the number of transmitted packets is either 1 or 0.
It can be proved that the packet transmission process follows a Poisson stochastic process gardiner2009stochastic . Let be the average number of transmitted packets per second, and denotes the probability of transmitting packets within the time period . According to the conditions as above, in an arbitrarily short time ,the average number of transmitted packets is . Dividing the finite time period into small time slices , i.e., , then the packets transmitted in the time period can be divided into parts. Let , then the probability of transmitting packets in time period is
(1) 
The Eq.1 states that, the probability of transmitting packets in time period
obeys the Poisson distribution under the above three conditions
gardiner2009stochastic. According to the basic properties of probability theory, it can be derived that:

The probability density function of the packet transmission interval is
. In other words, the packet transmission interval is subject to the exponential distribution.

The average number of transmitted packets during the time period is . Therefore, the average number of transmitted packets per second is , and the average transmitted packets interval is . Set the packet size to , the average communication rate is .

Let denote a random number sequence of multiple packet transmission intervals, which satisfies the exponential distribution with a mean of
. Therefore, its cumulative distribution function is
. Supposeis a random number sequence with uniformly distributed in
, can be produced as follows,(2)
According to the analysis above, if the average number of transmitted packets per second is , the packet transmission process can be simulated into an exponential distribution with the average transmission interval of . Therefore, the traffic generation module is constructed by the exponential distribution based packet transmission interval.
3.2 Key generation module
A QKD system consists of the optical subsystem and the postprocessing subsystem. The key generation capability is determined by the performances of the both subsystems tamaki2018information . Therefore, it is not suitable to characterize the key generation capability only by the performance of the postprocessing procedure as in the literature mehic2017implementation .
In 2004, Gottesman et al. proposed the GLLP theory to calculate the lower bound of the secret key rate of QKD system with imperfect devices gottesman2004security , which has been adopted in most practical QKD systems tang2016experimental ; zhou2016making ; tang2016measurement ; lucamarini2018overcoming ; rosenberg2007long ; zhao2006experimental ; gisin2006trojan ; sasaki2011field ; lo2012measurement ; schmitt2007experimental ; deng2004secure . Therefore, we use the GLLP theory to model the key generation module. The formula to calculate the key generation rate is as follows,
(3) 
where
The related symbols are explained as follows.
the system clock frequency  the distribution length  

the sifting coefficient  the attenuation coefficient per kilometer of fiber  
the transmission rate of the optical system of Bob  the detection probability  
the photon fluxes for signal pulses  the photon fluxes for decoy pulses  
the dark count rate  the bit error rate of dark counts  
the coefficiency of the error correction algorithm  the binary Shannon entropy 
3.3 Performance indicators
To meet the requirement of ITS, it is necessary to utilize the OTP algorithm in the QSCN for data encryption and decryption. The key generation capability of the network is based on the P2P links, however the traffic demand is based on the E2E partners. Under this condition, if the key generation capability cannot meet the traffic demand, i.e. if the QSCN will paralyze at some point, directly affects the performance of a QSCN. However, there is no counterpart in classical network, and there is no appropriate indicator in classical network to measure such performance of QSCN either. In this paper, two performance indicators are proposed: ITS communication capability and ITS communication efficiency, as a necessary supplements to evaluate a QSCN except for those traditional performance indicators of classical networks.
3.3.1 ITS communication capability
For a given topology , let be the key generation capability of the link which is timeindependent and can be calculated according to GLLP theory. indicates the total traffic demand of all pairs of partners and means the average traffic demand of node and node , which can be modeled by a Poisson stochastic process and can be calculated according to the average packet interval. indicates whether the communication of node and node requires link . In addition, represents the average number of keys consumed by routing data on the link .
To guarantee the stable operation of the network, the key consumption of each link needs to be less than or equal to its key generation. The key consumption mainly includes communication data consumption and routing data consumption. When the OTP algorithm is used, the key consumption of communication data is equal to the traffic.
(4) 
The ITS communication capability of the QSCN is defined as the maximum traffic demand that enables all links to work stably. It is represented by a symbol .
(5) 
It can be seen from the formula that the ITS communication capability is mainly related to the traffic demand, key generation capability and routing protocol.
3.3.2 ITS communication efficiency
When the traffic demand is higher than the ITS communication capability, the QSCN will inevitably paralyze after running for a certain period of time. The time span before the QSCN paralyzes is defined as ITS operation time, represented by the symbol . Let be the initial number of keys on each link in the network and be the traffic demand of node and node at the time of . In addition, indicates whether the communication of node and node requires link at the time of and indicates the number of keys consumed by routing data on the link at the time of . Then the network ITS operation time must meet the following requirement:
(6) 
When the network paralyzes, the number of remaining keys on the link is:
(7) 
The ITS recovery time is defined as the length of time required for the numbers of keys on all links recover to , represented by the symbol .
(8) 
In order to ensure stable operation based on the OTP algorithm in any traffic demand environment, the ITS operation time and ITS recovery time of the QSCN must meet the preset requirement. The ratio of the ITS operation time to the sum of ITS operation time and ITS recovery time is defined as ITS communication efficiency as in the Eq. 9.
(9) 
The ITS communication efficiency, which is mainly related to the traffic demand, key generation capability and routing protocol, can be used to guide the actual working policy of the QSCN.
It can be seen from the formulas that when the network scale becomes large, it is quite difficult to theoretically analyze the QSCN performance. In this case, the network simulation becomes the most important, convenient and economical solution for the performance analysis of the QSCN.
4 Simulation and results analysis
In this section, a QSCN simulation using Network Simulatorversion 3 (NS3) henderson2008network is designed to analyze the network performance.
4.1 Simulation design
The simulation design mainly includes the traffic generation, key generation, topology and routing protocol, which can directly affect the performance of a QSCN.
4.1.1 Traffic generation
To simplify the analysis, the traffic demand between any two partners in our simulation are assumed to be the same scale. Based on the analysis in Sec. 3.1, the packet transmission intervals follow an exponential distribution. In order to find out the performance bottleneck of QSCN , two comparison simulations are conducted with communication rates of 100 Kbps and 10 Kbps. In the case where the packet size is set to 500 bytes, the average packet transmission intervals are set to 40 milliseconds and 400 milliseconds.
In a practical network, a classical link often needs to serve multiple partners, which will lead to two kinds of problems. Firstly, when the traffic demand of a pair of terminal partners is met, it may reduce the communication performance of another pair of terminal parties. Secondly, the change of paths for a certain pair of terminal partners may improve the communication performance of others. Therefore, it is not reasonable to only analyze the traffic demand of one pair of terminal partners as in the literature mehic2017implementation . Therefore, we should consider the traffic demand of all pairs of partners at the same time, as shown in Algorithm 1.
4.1.2 Key generation
To simplify the analysis, we assume that only one QKD device is configured on each link and the parameters of all QKD devices are the same. The parameters of QKD device in our simulation are shown in Table 1, referring to the literature yuan201810 . It should be noted that the QSCN model supports the configuration of multiple QKD devices for each link and the different parameter setting for each QKD device.
Parameter  

Value  1GHz  0.9  0.2  0.5  0.01  0.4  0.1  2.1E5  0.525  1.15 
According to the parameters as above, the key generation rate of each link can be calculated. In order to find out the performance bottleneck of the whole network, we make all QKD devices with different distribution distances start generating keys at the same time, and simulate the process of key generation, as shown in Algorithm 2.
4.1.3 Topology
To the best of our knowledge, the most comprehensive study on QSCN performance appears in the literature mehic2017implementation . For comparison, the topology of SECOQC network poppe2008outline used in mehic2017implementation , as shown in Fig. 3. Besides, the trusted relays adopted in our simulation work on the basis of the hopbyhop poppe2008outline . Each node in the topology is a communication user and acts as a trusted relay. In another word, each node should be configured with the classical communication equipment, the QKD device, encryption/decryption module, key management module, traffic monitoring module.
4.1.4 Routing protocol
The traffic demand that the network needs to meet is E2E based, however, the key consumption is P2P based. Through the design of better routing protocol, it is expected to maximize the utilization of the P2P key generation capability to satisfy the E2E traffic demand, thereby improving network performance. Due to the frequent changes of the number of keys during the simulation process, the connected/broken state of a link may change as well, which leads to frequent changes of the network topology. It means that the selected routing protocol should be able to perceive the network topology changes in time. Therefore, the DSDV routing protocol perkins1994highly , which is commonly used in the wireless ad hoc network, is adopted. The DSDV protocol updates routing table regularly.
4.2 Performance of traditional indicators
In this section, four most important performance indicators of classical network are evaluate to analyze the QSCN performance, which are: oneway delay (OWD) almes2016one , throughput burgess2004rfc , packet delivery rate (PDR) mehic2017implementation and routing cost (RCost) evans2009routing . OWD is the required time of data packet transmission across the network, which may be affected by any component of the related links. Throughput is defined as the rate of successful message delivery over a communication channel. PDR refers to the ratio of the received packets by the destination to the generated packets by the source. RCost refers to the amount of routing data generated during network operation.
Based on the QSCN model and the foregoing parameters, the simulation results of OWD , throughput , PDR , and RCost of whole network with the average packet interval of 400 millisecond (communication rates of 10 Kbps) and 40 millisecond (100 Kbps) are shown in Fig. 4 and Fig. 5 respectively.
From Fig. 4 and Fig. 5, it can be seen that there is almost no difference in OWD, throughput, and PDR between the two communication rates before the 45th second. However, after the 45th second, the performance in Fig. 4 remains stable. Conversely, the sharp rise of OWD, sharp drop of throughput and PDR in Fig. 5 indicates that the node cannot accept any packet from the node . In other words, the network is paralyzed at the 45th second.
4.3 Performance of proposed indicators
4.3.1 ITS communication capability
The simulation results of traditional evaluation indicators show that when the traffic demand exceeds a certain value, the network will paralyze after a certain period of continuous operation. To find out the maximum traffic demand that the QSCN can support stably is very important for the QSCN designer and manager. Therefore, ITS communication capability is proposed and simulated.
In order to explore the reasons for paralysis, the key consumption at the communication rate of 100 Kbps is simulated, as shown in Fig. 6(a). Each curve in the figure reflects the key consumption process of a link. Meanwhile, the slope of the curve represents the consumption rate. The initial number of keys of each key pool is set to be 40 Mb. The partners need a small number of preshared keys before a new key generation process is established dodson2009updating ; cederlof2008security . The preshared keys are used to guarantee the integrity of the protocol in the first transaction and it should not be used for any other purposes except to establish a new key generation process. In our simulation, the minimal threshold is set to 2 Mb. From the Fig. 6(a), it can be concluded that the link with the fastest key consumption rate is . At the 45th second, because the remaining number of keys is below the minimum threshold, this link is “broken”.
DSDV routing protocol finds the optimal path based on the principle of minimum hop count. Therefore, the key generation of link needs to satisfy the communication traffic demand of five pairs of communication partners , , , and . Considering that the communication process is bidirectional, the link will load 5 * 2 = 10 times of the oneway traffic demand of one pair of communication partners. According to the topology in Fig. 3, the length of link is 85 km. By substituting the length into the GLLP theory, the calculated key generation rate is about 254 Kbps. From Fig. 5, the consumption rate of DSDV protocol routing data of whole network is about 3 Kbps. There are 8 links in the network, we can deduce that the routing data consumption of link is about Kbps. Therefore, in order to implement ITS transmission in the QSCN directly, the traffic demand that link can afford is only about Kbps.
Fig. 6(b) shows the key consumption when the communication rate is 25 Kbps. It can be seen that the number of keys of link maintains the original amount basically. The results demonstrate that the key consumption and key generation on the link are balanced, which is consistent with the theoretical analysis as above.
4.3.2 ITS Communication Efficiency
ITS communication capability can indicate the maximal traffic demand that the QSCN is able to support stably. However, when the traffic demand exceeds the ITS communication capability, the QSCN must need a certain recovery time after it operate for some time to maintain a stable communication. The less proportion of recovery time means higher performance. Therefore, the ITS communication efficiency is proposed and simulated, which is the ratio of the ITS operation time to the sum of ITS operation time and ITS recovery time.
The simulation results previously show that, due to the insufficient key generation capability of the QSCN, the communication process can only last 45 seconds at the communication rate of 100 Kbps. It needs to make clear that the 45 seconds is the network ITS operation time at the communication rate of 100 Kbps.
(10) 
The simulation results previously show that the first paralyzed link is the link . It can be seen from the topology that the key generation rate of the link . Therefore, in this simulation, the ITS recovery time of the network depends on the ITS recovery time of the link , which can be calculated as Eq.11.
(11) 
(12) 
From the analysis above, the ITS communication capability and ITS communication efficiency of this QSCN is 25 Kbps and 23% respectively. Therefore, the QSCN can work stable when the traffic demand is lower than 25 Kbps, such as short message, audio communication, etc. In addition, when the traffic demand is higher than the ITS communication capability, such as realtime video communication, suitable key management mechanism or QKD network improvement need to be designed accordingly.
5 Conclusion
In this paper, a practical QSCN model is proposed and the three major improvements include: (I) the volatility of traffic demand of classical network is modeled by the Poisson stochastic process; (II) the capability of key generation in QKD network is calculated by the GLLP theory; (III) two performance indicators are proposed, which are ITS communication capability and ITS communication efficiency. In addition, the simulation is designed based on the QSCN model with the topology of the SECOQC network and the DSDV routing protocol. The plentiful simulation results verified the accuracy of the proposed QSCN model, and the necessity of the proposed performance indicators. In the further, we plain to design better QKD device deployment and routing protocols to improve the ITS communication capability and the ITS communication efficiency.
Acknowledgements.
This work is supported by the National Natural Science Foundation of China (Grant Number: 61771168, 61702224), Space Science and Technology Advance Research Joint Funds (6141B06110105).
References
 (1) Bennett, C.H., Brassard, G.: Quantum cryptography: Public key distribution and coin tossing. Theor. Comput. Sci. 560(P1), 711 (2014).
 (2) Elliott, C., Colvin, A., Pearson, D., Pikalo, O., Schlafer, J., Yeh, H.: Current status of the DARPA quantum network. In: Quantum Information and computation III, 138150 (2005).
 (3) Elliott, C., Yeh, H.: DARPA quantum network testbed. BBN TECHNOLOGIES CAMBRIDGE MA (2007).
 (4) Dianati, M., Alléaume, R.: Architecture of the Secoqc quantum key distribution network. In: First International Conference on Quantum, Nano, and Micro Technologies (ICQNM¡¯07) 2007, pp. 1313.
 (5) Alléaume, R., Roueff, F., Diamanti, E., Lütkenhaus, N.: Topological optimization of quantum key distribution networks. New Journal of Physics, 11(7) (2009).
 (6) Sasaki, M., Fujiwara, M., Ishizuka, H., Klaus, W., Wakui, K., Takeoka, M., Miki, S., Yamashita, T., Wang, Z., Tanaka, A.: Field test of quantum key distribution in the Tokyo QKD Network. Optics express 19(11), 1038710409 (2011).
 (7) Chen, L.K., Yong, H.L., Xu, P., Yao, X.C., Xiang, T., Li, Z.D., Liu, C., Lu, H., Liu, N.L., Li, L., others: Experimental nested purification for a linear optical quantum repeater. Nature Photonics 11(11), 695 (2017).
 (8) Shannon, C.E.: Communication theory of secrecy systems. Bell system technical journal 28(4), 656715 (1949).
 (9) Alléaume, R., Branciard, C., Bouda, J., Debuisschert, T., Dianati, M., Gisin, N., Godfrey, M., Grangier, P., L?nger, T., Lütkenhaus, N.J.T.C.S.: Using quantum key distribution for cryptographic purposes: a survey. Theoretical Computer Science 560, 6281 (2014).
 (10) Yuan, Z., Plews, A., Takahashi, R., Doi, K., Tam, W., Sharpe, A., Dixon, A., Lavelle, E., Dynes, J., Murakami, A.: 10Mb/s Quantum Key Distribution. Journal of Lightwave Technology 36(16), 34273433 (2018).
 (11) Dixon, A.R., Yuan, Z.L., Dynes, J.F., Sharpe, A.W., Shields, A.J.: Continuous operation of high bit rate quantum key distribution. Applied Physics Letters 96(16) (2010).
 (12) Yin, H.L., Chen, T.Y., Yu, Z.W., Liu, H., You, L.X., Zhou, Y.H., Chen, S.J., Mao, Y., Huang, M.Q., Zhang, W.J.: Measurementdeviceindependent quantum key distribution over a 404 km optical fiber. Physical review letters 117(19), 190501 (2016).
 (13) Liao, S.K., Cai, W.Q., Liu, W.Y., Zhang, L., Li, Y., Ren, J.G., Yin, J., Shen, Q., Cao, Y., Li, Z.P.: Satellitetoground quantum key distribution. Nature 549(7670), 43 (2017).
 (14) Peev, M., Pacher, C., Alléaume, R., Barreiro, C., Bouda, J., Boxleitner, W., Debuisschert, T., Diamanti, E., Dianati, M., Dynes, J.: The SECOQC quantum key distribution network in Vienna. New Journal of Physics 11(7), 075001 (2009).
 (15) Razavi, M.: An Introduction to Quantum Communications Networks. (2018).
 (16) Watanabe, S., Matsumoto, R., Uyematsu, T.: Security of quantum key distribution protocol with twoway classical communication assisted by onetime pad encryption. arXiv preprint (2006).
 (17) Dianati, M., Alléaume, R., Gagnaire, M., Shen, X.: Architecture and protocols of the future European quantum key distribution network. Security and Communication Networks 1(1), 5774 (2008).
 (18) Diamanti, E., Lo, H.K., Qi, B., Yuan, Z.: Practical challenges in quantum key distribution. npj Quantum Information 2, 16025 (2016).
 (19) Maurhart, O., Pacher, C., Happe, A., Lor, T., Tamas, C., Poppe, A., Peev, M.: New release of an open source QKD software: design and implementation of new algorithms, modularization and integration with IPSec. In: Proc. Qcrypt (2013).
 (20) Yang, C., Zhang, H., Su, J.: The QKD network: model and routing scheme. Journal of Modern Optics 64(21), 23502362 (2017).
 (21) Mehic, M., Maurhart, O., Rass, S., Voznak, M.: Implementation of quantum key distribution network simulation module in the network simulator NS3. Quantum Information Processing 16(10), 253 (2017).
 (22) Scarani, V., BechmannPasquinucci, H., Cerf, N.J., Dušek, M., Lütkenhaus, N., Peev, M.: The security of practical quantum key distribution. Reviews of modern physics 81(3), 1301 (2009).
 (23) Salvail, L., Peev, M., Diamanti, E., Alléaume, R., Lütkenhaus, N., L?nger, T.: Security of trusted repeater quantum key distribution networks. Journal of Computer Security 18(1), 6187 (2010).
 (24) Henderson, T.R., Lacage, M., Riley, G.F., Dowell, C., Kopena, J.: Network simulations with the ns3 simulator. SIGCOMM demonstration 14(14), 527 (2008).
 (25) Gelfond, R., Berzanskis, A.: Key management and user authentication for quantum cryptography networks. In. Google Patents, (2012)
 (26) Poppe, A., Peev, M., Maurhart, O.: Outline of the SECOQC quantumkeydistribution network in Vienna. International Journal of Quantum Information 6(02), 209218 (2008).
 (27) McHale, J.F.: Communication server apparatus and method. In. Google Patents, (1997).
 (28) Mehic, M., Maurhart, O., Rass, S., Komosny, D., Rezac, F., Voznak, M.: Analysis of the public channel of quantum key distribution link. IEEE Journal of Quantum Electronics 53(5), 18 (2017).
 (29) Weigle, M.C., Adurthi, P., HernándezCampos, F., Jeffay, K., Smith, F.D.: Tmix: a tool for generating realistic TCP application workloads in ns2. ACM SIGCOMM Computer Communication Review 36(3), 6576 (2006).
 (30) Varet, A., Larrieu, N.: How to generate realistic network traffic? In: Computer Software and Applications Conference (COMPSAC), 2014 IEEE 38th Annual, 299304 (2014).
 (31) Bonelli, N., Giordano, S., Procissi, G., Secchi, R.: Brute: A high performance and extensible traffic generator. In: Proc. of SPECTS, 839845 (2005).
 (32) Ammar, D., Begin, T., GuerinLassous, I.: A new tool for generating realistic internet traffic in ns3. In: Proceedings of the 4th International ICST Conference on Simulation Tools and Techniques, 8183 (2011).
 (33) Botta, A., Dainotti, A., Pescapé, A.: A tool for the generation of realistic network workload for emerging networking scenarios. Computer Networks 56(15), 35313547 (2012).
 (34) Gardiner, C.: Stochastic methods, vol. 4. springer Berlin (2009).
 (35) Tamaki, K., Lo, H.K., Wang, W., Lucamarini, M.: Information theoretic security of quantum key distribution overcoming the repeaterless secret key capacity bound. arXiv preprint (2018).
 (36) Gottesman, D., Lo, H.K., Lütkenhaus, N., Preskill, J.: Security of quantum key distribution with imperfect devices. In: Information Theory (2004).
 (37) Tang, Z., Wei, K., Bedroya, O., Qian, L., Lo, H.K.: Experimental measurementdeviceindependent quantum key distribution with imperfect sources. Physical Review A 93(4), 042308 (2016).
 (38) Zhou, Y.H., Yu, Z.W., Wang, X.B.: Making the decoystate measurementdeviceindependent quantum key distribution practically useful. Physical Review A 93(4), 042324 (2016).
 (39) Tang, Y.L., Yin, H.L., Zhao, Q., Liu, H., Sun, X.X., Huang, M.Q., Zhang, W.J., Chen, S.J., Zhang, L., You, L.X.: Measurementdeviceindependent quantum key distribution over untrustful metropolitan network. Physical Review X 6(1), 011024 (2016).
 (40) Lucamarini, M., Yuan, Z.L., Dynes, J.F., Shields, A.J.: Overcoming the ratedistance limit of quantum key distribution without quantum repeaters. Nature 557(7705), 400 (2018).
 (41) Rosenberg, D., Harrington, J.W., Rice, P.R., Hiskett, P.A., Peterson, C.G., Hughes, R.J., Lita, A.E., Nam, S.W., Nordholt, J.E.: Longdistance decoystate quantum key distribution in optical fiber. Physical review letters 98(1), 010503 (2007).
 (42) Zhao, Y., Qi, B., Ma, X., Lo, H.K., Qian, L.: Experimental quantum key distribution with decoy states. Physical review letters 96(7), 070502 (2006).
 (43) Gisin, N.a.F., Sylvain and Kraus, Barbara and Zbinden, Hugo and Ribordy, Grégoire: Trojanhorse attacks on quantumkeydistribution systems. Physical Review A 73(2), 022320 (2006).
 (44) Lo, H.K., Curty, M., Qi, B.: Measurementdeviceindependent quantum key distribution. Physical review letters 108(13), 130503 (2012).
 (45) SchmittManderbach, T., Weier, H., Fürst, M., Ursin, R., Tiefenbacher, F., Scheidl, T., Perdigues, J., Sodnik, Z., Kurtsiefer, C., Rarity, J.G.: Experimental demonstration of freespace decoystate quantum key distribution over 144 km. Physical Review Letters 98(1) (2007).
 (46) Deng, F.G., Long, G.L.: Secure direct communication with a quantum onetime pad. Physical Review A 69(5) (2004).
 (47) Yang, S.S., Bai, Z.L., Wang, X.Y., Li, Y.M.: FPGAbased implementation of sizeadaptive privacy amplification in quantum key distribution. IEEE Photonics Journal 9(6), 18 (2017).

(48)
Perkins, C.E., Bhagwat, P.: Highly dynamic destinationsequenced distancevector routing (DSDV) for mobile computers. In: ACM SIGCOMM computer communication review, 234244 (1994).
 (49) Almes, G., Kalidindi, S., Zekauskas, M., Morton, A.: A oneway delay metric for IP performance metrics (IPPM). White paper (2016).
 (50) Burgess, N.: Rfc 2544 testing of ethernet services in telecom networks. White paper 6 (2004).
 (51) Evans, S.C., Pearlman, M.R., Hartman, M.J., Rothe, A., Leiva, M.A., Egan, M.W.: Routing cost based network congestion control for quality of service. In. Google Patents, (2009).
 (52) Dodson, D., Fujiwara, M., Grangier, P., Hayashi, M., Imafuku, K., Kitayama, K.i., Kumar, P., Kurtsiefer, C., Lenhart, G., Luetkenhaus, N., others: Updating quantum cryptography report ver. 1. arXiv preprint arXiv:0905.4325 (2009).
 (53) Cederlof, J.O.r., Larsson, J.A.A.k.: Security aspects of the authentication used in quantum cryptography. IEEE transactions on Information Theory 54(4), 17351741 (2008).
Comments
There are no comments yet.