On the Transmission Capacity of Quantum Networks

—We provide various results about the transmission capacity of quantum networks. Our primary focus is on algorithmic methods to efficiently compute upper-bounds to the traffic that the network can handle at most, and to compute lower-bounds on the likelihood that a customer has to wait for service due to network congestion. This establishes analogous assertions as derived from Erlang B or Erlang C models for standard telecommunications. Our proposed methods, while specifically designed for quantum networks, do neither hinge on a particular quantum key distribution technology nor on any particular routing scheme. We demonstrate the feasibility of our approach using a worked example. Moreover, we explicitly consider two different architectures for quantum key management, one of which employs individual key-buffers for each relay connection, the other using a shared key-buffer for every transmission. We devise specific methods for analyzing the network performance depending on the chosen key-buffer architecture, and our experiments led to quite different results for the two variants. I. INTRODUCTION It took about two decades ever since quantum key distribution (QKD) has been proposed by [1] (the famous BB84 protocol) until the first experimental implementations of a quantum network were presented by the DARPA [2] and the European Union [3]. While the theory behind secure key-delivery between Alice and Bob is well-understood (see e.g. [4] for a proof regarding the security of BB84), the theory of network design and performance analysis has apparently seen rather limited attention over the last years. The works of [5] and [6] both considered the design of a network from the topological point of view, and in terms of optimal security and performance. In this work, we go the other way, asking for the best performance that we can get from a given quantum network infrastructure. In particular, we provide algorithmic means to answer two questions:


I.
INTRODUCTION It took about two decades ever since quantum key distribution (QKD) has been proposed by [1] (the famous BB84 protocol) until the first experimental implementations of a quantum network were presented by the DARPA [2] and the European Union [3].While the theory behind secure keydelivery between Alice and Bob is well-understood (see e.g.[4] for a proof regarding the security of BB84), the theory of network design and performance analysis has apparently seen rather limited attention over the last years.The works of [5] and [6] both considered the design of a network from the topological point of view, and in terms of optimal security and performance.In this work, we go the other way, asking for the best performance that we can get from a given quantum network infrastructure.In particular, we provide algorithmic means to answer two questions: 1. What is the maximal transmission capacity achievable in the network (using any classical routing scheme)?
2. What is the likelihood of local congestion that would temporarily disconnect the (logical) channel between any two peers in the network?
The second question can be rephrased into asking how likely a customer is to wait when asking the network for a secure delivery of payload from one point to another.
Our results are hence related to the field of communication theory, channel capacity and network coding.Particularly the latter has led to valuable insights (cf.e.g.[7], [8], [9]) regarding the rate at which information can be send through the network.Contrary to these (and many other related) approaches, we do not employ classical information theory to quantify the capacity, but rather work with the directly known performances of each link in the network.Similar to our work, network outage probabilities are as well discussed in [10], [11], [12] and [13], where most research effort, as it seems, has been put on wireless networks.So far, the problem appears hardly considered in (hard-wired) networks or quantum networks.In the quantum computing domain, the work of [14], [15], [16] and [17] is closely related.Contrary to ours, however, it strongly relies on quantum techniques and is less focused on algorithmic methods to analyze a given infrastructure.The work of [16] is particularly interesting as it employs percolation theory (which is rarely used in the related literature).The problem is studied elsewhere in [18], which comes up with proposals on how to enhance the existing capabilities once they are known.Here, we work out the limits similarly to the Erlang B and Erlang C models, so as to be able to improve them based on this related research.In the wireless domain, the interesting work of [19] deals with spreadspectrum techniques and uses Poissonian processes for determination of the network capacity, but is specific for this particular encoding technique.We explicitly avoid such restrictions here, but adopt some assumptions on the quantum key-management models (following the proposals of [20]; cf. also [21] for another discussion related to quantum key-and network-management).Finally, we mention the work of [22], who attempts to solve the problem of end-to-end quantum communication using a three-party protocol.This architecture is essentially different from what has been implemented nowadays, and thus subject of future considerations.
Among the sales arguments for quantum key distribution is its capability of running over existing fibre-optic lines.This claim has been substantiated in the demonstration of the SECOQC-and DARPA-Networks [2], [3].Hence it is fair to assume that the topology of the network is fixed and that the individual key-generation rates on each link are known (cf.[3] for examples).Moreover, following the so-far proposed architectures of relay devices in a quantum network (see [2], [3],and [20]), it is reasonable to consider a quantum network as a system of interconnected buffers, where the secret message is repeatedly decrypted and re-encrypted before forwarding it to the next hop.The key-buffers in each relay node are constantly refilled by QKD protocols running in the background 24/7 and www.ijacsa.thesai.orgendlessly generating key-material for later usage.This transmission regime, in its simplest form, is known as trusted relay, and is widely used in nowadays demonstration networks (cf.[2] and [3]).A transmission of a message from Alice to Bob along a sequence of nodes that share keys is displayed in Figure 1.
Organization of this work: in Section II, we describe the graph-and queuing model (Section II.A) used to analyze a quantum network.In particular, we will use maximal flows (briefly introduced in Section II.B) to compute bounds on the payload that the network can handle.Section III is divided into two main parts, giving algorithms for computing end-to-end transmission capacity (Section III.A) and waiting probability if a chosen path through the network is blocked due to congestion (Section III.B).In both cases, we show how to use standard maximum flow and shortest path algorithms to compute the desired quantities easily and efficiently from the known link capacities in the underlying graph model.The process is illustrated by an example (Section III.C), before conclusions follow in Section IV.

II. MATHEMATICAL MODEL
We will not burden ourselves with the details of any particular quantum key distribution (QKD) facility, but restrict our attention to the following model of a quantum network (QNet): let a QNet be modeled as an undirected graph with adjacent nodes sharing secret keys thanks to QKD.That is, on any line (with ) maintain key-buffers on either side to store QKD key material for subsequent transmissions.These key-buffers are nothing else than queues, in which key-bits are inserted on a deterministic basis (we assume the QKD-devices to generate key-bits at constant rate).key-bits are used up on a random basis, depending on incoming payload for secret transmission.Based on this view, we can cast the QNet into a standard queuing network.

A. Quantum Networks as Queuing Networks
An open queuing network is a system in which a customer enters the network at some node, and moves onwards through the links, where he occasionally has to wait (queue) until he is served at the next node (i.e. he can enter the next node).Central questions in queuing theory regard the average time to wait until the customer reaches his destination point, or the average number of customers lining up in any given queue (link) in the network.For a quantum network, we can equally well set up such a model, based on the following correspondence: 1. incoming customers equal newly generated key-bits 2. leaving customers equal the (one-time) use of key-bits for Vernam-encryption of messages 3. a queue equals a key-buffer (storing bits for subsequent usage, or equivalently, hosting customers for subsequent service) Observe that the generation of key-bits is deterministic, while the arrival of messages is non-deterministic.If we consider the QNet as a backbone network, then it is reasonable to consider the event of an incoming message bit as a Poissondistributed random variable.In Kendall-notation, the link in a QNet therefore is nothing else than a -queue, disregarding physical size limits of the key-buffers for now.The graph modeling the QNet thus constitutes a network of queues, and we are interested in its stationary distribution (so it exists).
Remark: an alternative view yielding equivalent results is by associating incoming payload bits with customers, who get served (encrypted) based on how much key-material is available in the buffer.In this case, we would have to think of the message-queue as the physical incarnation of the queue model under consideration.For simplicity, and because reallife implementations work with a key-buffer too, we shall consider the first of these two views, keeping the second view in mind whenever needed.
Sufficient conditions for the existence of stationary distributions in queuing networks are well-known, such as Jackson's theorem for Jackson-networks or one of its generalizations, such as the BCMP-theorem.Openness of the network is assured, since the graph is a mere transportation medium and messages necessarily leaving the network at some stage.Still, we cannot make any generally valid assertions on the routing algorithms implemented within the system.In lack of such information, we will try to find upper bounds to the transmission capacity by invoking maximum flow theory.This has the additional advantage of our results applying to conventional routing as well as network coding approaches for transmission.www.ijacsa.thesai.org

B. Flows
To illustrate the approach, consider the example network topology shown in Figure 2. Assume that after start-up, all keybuffers are empty and the QKD-protocol on link start producing key-material at constant rate per time unit.It follows that after one unit of time, the maximal transmission capacity of the network is determined by the maximum flow, constrained by the existing key-material on each link.As all links regenerate key-bits at constant rate, the minimum cut will not change over time.Let be the minimum edge cut, then the maximum flow has capacity ∑ ( ) after the first unit of time.After units, we have the capacity ∑ ( ) The consumption of key-bits happens upon arrival of payload to be transmitted secretly from the sender to the receiver .Hence, we can consider the entire network as one large queue, whose internal servicing is done by routing, network coding, or otherwise.From outside, we have as the deterministic rate at which key-bits arrive for later consumption, and we are back at the -queue.Considering multiple access-points to the network is trivial by switching to a multi-source-multisink flow.Unlike standard queueing disciplines, optimality in our context means the incoming amount of key-material outweighing the arrival of messages, i.e. an "unstable" queue whose expected length is infinite

C. Key-Buffer Architectures
It is easy to set up the devices so as to realize a single-path transmission as illustrated in Figure 1.However, it would not be reasonable to assume nodes to have only two ports, so the internal management of quantum keys is slightly more involved.Going back to Figure 1, we can instantly fix the problem of the message popping up in plaintext within each relay node by simply XOR-combining both, the incoming-and outgoing key into a single "relay-key" [20].Figure 4 illustrates the idea: for the relay from node A to node B over node R, the latter would XOR-combine (-operation) and into .Consequently, we would only store in an individual buffer for this link (see Figure 3; right).If the relay is trusted, then it may alternatively decrypt the incoming message and re-encrypt it before passing it onwards (as shown in Figure 1).Consequently, we would have to maintain shared buffers for each I/O-port, as displayed in Figure 3 (left) .

III. RESULTS
We are now ready to present our main results.

A. End-to-End transmission capacity
Given the (constant) rate of key-bits generated on link , we can ask for the maximal average rate of arriving messages that we are able to encrypt.Or stated differently: if we know the service rate, what is the highest rate of incoming customers that we can handle?Obviously, a necessary condition is the rate of arriving customers not exceeding the service rate.This is almost sufficient, as the following result shows: Proposition 1.Let a -queue be given and denote the average arriving rate by .For a given constant service rate , any arrival rate leads to a stable system.
So although the case may be fine for a system with deterministic arrival, it is not appropriate for random systems.
Proof: Denote by the number of customers in the system and by the probability of being in state .In a stable situation, the total rate out of this state equals the sum of the incoming rates from states and , which yields for every , .
This recursive formula can be rewritten as and since probabilities sum up to one we get This is simply a geometric series, which converges if and only if , as stated. The above proof also shows that the probabilities can be calculated via for any (by using where .
Putting this to practice within a quantum network is straightforward in two steps: 1. Upon given key-generation rates on each link, use www.ijacsa.thesai.orgthese rates as edge-weights in an undirected graph and determine a maximal flow from the source node to the sink node.Call the value of this flow .

By Proposition 1, a payload of up to
bits per time unit can be handled by the quantum network in a perfectly secure manner (assuming trusted relay).

B. Waiting probability
Here, we need to distinguish two architectures in our theoretical considerations: let a node be given, whose neighbors are eg , where denotes 's degree.Either each route passing through is associated with its individual key-buffer (perhaps via logically partitioning the overall key-material somehow; cf. the right side of Figure 3), or all incoming and outgoing flow draws from the same keybuffer (Figure 3; left), in which case a very busy line can affect the capacities of other routes through .However, short-term traffic peaks are easier to handle with this architecture.We consider both variants separately.

Individual key-buffers
To estimate the probability that one has to wait to get the key-bits needed for encryption anywhere along its way from the sender to the receiver, we first focus on the waiting probability in one particular node .Observe that since the key-buffers are not shared, distinct links from a node to any of its neighbors act independently.So we can restrict our considerations to any (arbitrary) key-buffer within .Notice, however, that a link from to its neighbor has to be treated differently than the link from to , since we are concerned with forwarding packets.

Let
be any node, and denote its neighbors by .Pick any key-buffer within that refers to the connection , where .Let the incoming traffic per time unit on the route from to be distributed, and assume the QKD protocol between and to reproduce an amount of bits per time unit.Finally, assume the key-buffer to be full at the beginning.Let be a sequence of i.i.d.random variables where is the traffic at time unit .The corresponding filling level of the key-buffer at time can never exceed the capacity and is thus given by assuming that we start off with the full key-buffer and re-fill it at rate after the first time-unit (i.e.we do no refill within the first time-unit because the buffer is full already).
We are interested in the probability for the link being blocked, i.e. the likelihood of an empty key-buffer at time unit .Hence, we ask for where Proof: The argument is merely a matter of noticing that it takes a period of time units to entirely empty the keybuffer, if bits are used up with bits growing back per time unit (the time for encryption is considered negligible).Hence, the average expenditure is . www.ijacsa.thesai.orgThe alert reader might utter concerns about the stochastic independence of incoming traffic over different time-units.There are (at least) two ways to justify this assumption:  Considering the transmission as a process resting on various routing protocols, we can reasonably assume the network's routing regime to rearrange, encode and decode, and to partition the messages in a way that stochastic correlations between packets are negligible.Notice that this in no way rules out the possibility of linking packets to each other via sequence numbers or matching delivery addresses.However, this "weaker" type of correlation does not necessarily imply dependencies among the payloads of different packets, e.g. when a long sequence of independent cryptographic key-material is transmitted.
 In case that the network is merely used for continuous shared key establishment (in fact, this is the way in which a quantum link is generally supposed to be used [3]), we can safely assume incoming traffic packets as stochastically independent, for otherwise we would have interdependence among key-bits.This is undesired for cryptographic keys, particularly for quantum keys (as it reduces the key's entropy).
 While Proposition 2 refers to only a single node, it is more interesting to find out how likely a blockage along a path from any node to any other node is.In the model of individual key-buffers, this problem boils down to identifying a path whose blockage probability is minimal.We can simply invoke any shortest-path algorithm for that matter, if we assume blockages to happen independently of each other.Consider a node having neighbors .
Observe that Proposition 2 is concerned with the likelihood of blockage when forwarding a message from onwards.Hence, we need to cast the undirected network model graph into a directed graph by converting an undirected edge into two directed edges (with opposite directions).

Each link
for maintains its own key-buffer with blocking probability as given by Proposition 2. We transform the undirected graph into a weighted directed graph such that 1.Each link is carried over into two links with cost .

Each node having a number | | of neighbors is expanded into a complete graph with nodes
, each of is connected by two directed edges in either direction.Each edge is added to with the cost according to Proposition 2. The set of edges joining to its neighbors in , i.e. the set { } is carried over to as with weights all zero.

On
, we can run any shortest-path algorithm, to determine the minimum likelihood of blockage using single-path routing.For any given sender and receiver , let their most reliable interconnecting path have "weight" in .Then, regardless of the routing, we have message ill e lo ke because is the weight of the shortest path in , i.e. the most reliable path in .No matter what the routing actually does, it cannot do better than choosing the best path possible, hence the value at least one no e is lo ke is a lower-bound to the actual likelihood.

Shared key-buffers
In the case of shared key-buffers we assume the incoming flows from different nodes to be independent.Then the distribution of the total flow trough at time follows a Poisson distribution with parameter ∑ , where denotes the incoming traffic flow from node to its neighbor .Similarly, all neighboring links contribute bits of fresh key-material to the common key-buffer, giving a total refreshing rate of ∑ .With we can invoke proposition Proposition 2 again to calculate the probability of a node being blocked in this case.
A little more care is to be taken when asking for the chance of blocking somewhere across the network as a whole.In this case, we use a transformation that is normally used to calculate maximal flows with vertex capacities.The transformation from the undirected graph (see Figure 6a for an example) to the directed weighted graph is now specific for a sender and receiver , and proceeds as follows (cf.[23]): 1.Each node including and is replaced by two nodes in out , and a directed edge from in to out is placed to .This link in out gets assigned the cost , where is the blocking probability calculated as described above.

Each undirected edge
is replaced by two directed edges out in and out in .See Figure 6b and Figure 6c for an illustration.
3. The nodes in and out are deleted, as well as all edges going into in and out of out .
4. Those nodes who remain to be assigned a cost receive zero cost.The resulting graph is shown in Figure 6d.www.ijacsa.thesai.orgOnce having found the shortest path in between and , we can draw exactly the same conclusion as above: if is the weight of this path in , then the chance of this path being blocked for any path-based routing-scheme is lower-bounded by .

C. Example
To get a more intuitive understanding of the above results, we give a simple example.Consider a modified version of the graph from Figure 2, with six nodes but with neither an edge between vertices 2 and 3 nor between 2 and 4. We call node 0 the sender and the receiver shall be node 5 (cf. Figure 7).We let be 5000 kbits and choose the rates (at which new keymaterial is produced) randomly between 280 and 320 kbits and let the rate of the incoming message bits be (see Table 1(a)), where is a positive constant ( in this specific example).Under this setting, we get the average probabilities shown in Table 1(a) for the incident of waiting between and where the average was taken over calculations.
Using the transformation described above we get that the probability of getting stuck is lower bounded by 0.9137 in the case of individual key-buffers and by 0.9929 in the case of shared key-buffers; again averaged over trials.This means that the individual link performances are indeed sharp bounds to the true bandwidth, as even slightly overshooting (by kbit/sec in out example) makes congestions highly likely.If we just look at a single evaluation of the two different methods mentioned above, we also see that the paths yielding the minimal value may differ: while working with the design of individual buffers the algorithm takes route in the original graph, it does prefer under the shared buffer design.
An illustration and interpretation of Proposition 1 is the following: with link performance values as given in Figure 7, a maximal flow is found at 607.54 kbit/sec.So this is the maximal traffic load that the network can handle.
Better performance is obtained when we double the size of the key-buffer in each link.Under the same set up as before, but with Mbit of key-buffer and the -values as listed in Table 1(b), we get the blocking probabilities shown in the right column of Table 1(b).The blocking probability for an end-to-end communication in this case is when individual key-buffers are used, and when a shared buffer is employed.Finally, Proposition 1 tells that the overall end-to-end traffic from 0 to 5 is bounded above by 608.52 kbit/sec (which is the maximal flow under the respective capacities for each link).
It is important to observe that Proposition 2 explicitly is concerned with situations in which the traffic load exceeds the key-(re-)generation rate on the links.The converse case in which there is a positive surplus of key-material produced on each link is obviously not interesting in terms of congestion likelihoods (as the key-buffers cannot run empty in that case).

A. Future Work
We focused on two specific architectures for key-buffers.Our approach and results are extensible towards more general ar hite tures (as e onsi ere only t o "extreme" ases here) for the key-buffers as well as for the relay-regime as such (cf.[22], who propose a novel three-party quantum communication approach).It is well known that classical routing regimes face difficulties when trying to attain the upper bounds to the transmission capacity as implied by the max-flow approach (network coding is one way to resolve this dilemma).Consequently, our bounds are not necessarily tight.A closer investigation of this is subject of future work.Finally, since quantum networks have hardly reached a level of maturity beyond prototypes or lab demonstrators, reports on comparisons of our results to other competing approaches are part of future research.

B. Summary
Our analysis is entirely based on the physical topology of the network and the known key-generation rates on each link.In this work, we focused on single-path (classical) routing schemes, leaving analogous research in the field of multipath routing and network coding for future work.Our results are easy to implement with off-the-shelf algorithms, hence the proposed analysis technique is efficient in terms of computational, modeling and implementation efforts.Despite quantum networks not having evolved beyond demonstrator prototypes yet, the possibility of setting up a high-security transmission network over existing fibre-optic lines is quite interesting.Our research here is meant as a starting point towards the construction of such infrastructures in an effective and appealing manner for the potential customer.Quality of service and service level agreements in quantum networks, unfortunately, have by now not seen the necessary attention to really bring the QKD technology to the market.Although ingenious solutions and brilliant theoretical achievements have been made, the "last mile" between lab implementation and large-scale practical business implementation needs more attention.

Figure 2 Figure 1
Figure 2 Network with link performances

Figure 3 Figure 4
Figure 3 Shared vs. individual key-buffers

Figure 5
Figure 5 Transformation of a node with individual key-buffers

Figure 5
Figure 5 illustrates this transformation.

Figure 7
Figure 7 Example network (link performances  shown in kbit/sec)

Figure 6
Figure 6 Transformation for shared key-buffer IV. CONCLUSIONSGiven a quantum network, we have shown how to efficiently compute bounds to the transmission capacity and the likelihood of blocked paths due to local congestions.

TABLE 1 BLOCKING
PROBABILITIES EXAMPLES