Combining Digital Signatures and Key Recycling in QKD Authentication: A Performance and Security Analysis

Quantum key distribution (QKD) offers a secure mechanism for sharing encryption keys, grounded in the principles of quantum physics, and remains resilient even in the presence of quantum computing capabilities. However, a fundamental challenge in QKD is authentication, which currently depends on classical cryptographic techniques. Post-quantum cryptography (PQC) and public key infrastructure (PKI) are frequently proposed for QKD authentication due to their scalability and efficient node verification, which eliminates the need for pre-shared key pairs across individual links. The practicality of PKI, however, hinges on the current assumption that no known attacks can significantly accelerate the compromise of underlying post-quantum digital signatures, and that public-private key pairs can be refreshed at a manageable rate. This paper investigates a scenario in which post-quantum digital signature algorithms offer only transient security, valid for a limited number of generated signatures. This work analyzes the volume of authentication key renewal data that would need to traverse the network under such conditions to preserve algorithmic security, demonstrating that digital signatures lose their advantage when their usage period is severely constrained. To address this limitation, a novel approach is proposed: integrating PKI with key recycling in QKD reduces the volume of authentication key renewal data required in QKD networks. The security analysis reveals that, given the stringent requirements of post-quantum digital signatures, the overall authentication security is likely to be dominated by the inherent vulnerabilities of QKD sessions, particularly when conventional security parameters on the order of ∼10^-10 are employed. These findings provide insights for the future-proof design of QKD networks.