由於計算能力的飛速發展，特別是在量子計算的興起，傳統密碼學的安全性逐漸受到威脅。與此相反，量子密鑰分發（QKD）利用量子特性，提供無可匹敵的安全保障。QKD系統的一個關鍵組件是密鑰提煉引擎，該引擎從量子信號中提取出秘密密鑰。這一提煉過程及其信號處理組件負責通過經典通道管理可靠的密鑰協商過程，並包含對密鑰位元進行必要的後處理，以防止秘密密鑰信息泄露給潛在的竊聽者。

本論文詳細介紹了一個基於相干單向（COW）協議的QKD系統的密鑰提煉引擎的開發。這個引擎的功能包括量子位檢測協議（篩選）、用於信息協調的錯誤更正、參數估計以及通過安全通道的隱私放大。文章討論了結合這些過程的系統架構，並探討了每個模組的設計考量。此外，還評估了引擎的性能，重點關注處理速度、錯誤更正能力和資源利用率。最後在AMD Kintex UltraScale+ FPGA KCU116 Evaluation Kit FPGA板上實現了密鑰提煉引擎，整體系統可支援到最高7 Mbps的密鑰產率。

The security of conventional cryptography is increasingly vulnerable due to advancements in computational power, especially with the advent of quantum computing. In contrast, quantum key distribution(QKD) utilizes quantum properties, offering unparalleled security. A key component in QKD is the secret key distillation engine, which extracts the secret key from quantum signals. This distillation procedure, along with its signal processing components, manages the dependable key agreement process via the classical channel. It also incorporates vital post-processing steps for key bits, crucial for preventing secret key information from being exposed to potential eavesdroppers.

This thesis details the development of a key distillation engine for QKD system, specifically using the coherent one-way (COW) protocol. The engine's functions encompass quantum bit detection agreement (sifting), error correction for information reconciliation, parameter estimation, and privacy amplification through a secure channel. The paper discusses the architecture, integrating these processes, and explores design considerations for each module. Additionally, it evaluates the engine's performance, focusing on throughput, error correction efficacy, and resource use. The secret key distillation engine was successfully implemented on the AMD Kintex UltraScale+ FPGA KCU116 Evaluation Kit, achieving a maximum distilled key generation rate of up to 7 Mbps.

Abstract (Chinese) II
Acknowledgements (Chinese) IV
Abstract VI
1 Introduction 1
1.1 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.3 Main Contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.4 Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2 Background Knowledge and Literature Survey 6
2.1 Quantum Key Distribution System Overview . . . . . . . . . . . . . . 6
2.2 Secret Key Distillation Process Overview . . . . . . . . . . . . . . . . 7
2.2.1 Sifting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.2.2 Error Reconciliation . . . . . . . . . . . . . . . . . . . . . . . 9
2.2.3 Privacy Amplification . . . . . . . . . . . . . . . . . . . . . . 11
2.2.4 Decrease in Key Size Following Each Distillation Process . . . 11
2.3 Related Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3 Proposed FPGA-Based Secret Key Distillation Engine 15
3.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
3.2 Sifting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
3.3 Error Reconciliation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
3.3.1 Cascade Protocol Error Correction . . . . . . . . . . . . . . . . 28
3.3.2 Error Verification . . . . . . . . . . . . . . . . . . . . . . . . . 37
3.4 Privacy amplification . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
3.5 Toeplitz hashing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
3.5.1 Two Types of Toeplitz Hashing . . . . . . . . . . . . . . . . . 46
3.5.2 Proposed Architecture for Matrix Multiplication . . . . . . . . 46
3.6 Packet and Unpacket . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
3.6.1 Packet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
3.6.2 Unpacket . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
3.6.3 Behavioral Model of Network Connection . . . . . . . . . . . . 53
3.7 Distillation Process Control . . . . . . . . . . . . . . . . . . . . . . . . 54
3.8 AXI BRAM Controller . . . . . . . . . . . . . . . . . . . . . . . . . . 56
3.9 AXI Manager IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
3.10 Host Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
3.11 Vivado Storage Element IP . . . . . . . . . . . . . . . . . . . . . . . . 65
4 Implementation and Evaluation Results 67
4.1 Utilization of Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . 67
4.2 Verification Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
4.2.1 Sifting Module . . . . . . . . . . . . . . . . . . . . . . . . . . 69
4.2.2 Error Reconciliation . . . . . . . . . . . . . . . . . . . . . . . 70
4.2.3 Privacy Amplification . . . . . . . . . . . . . . . . . . . . . . 71
4.3 Error Correction Evaluation . . . . . . . . . . . . . . . . . . . . . . . 71
4.4 Processing Rate Evaluation . . . . . . . . . . . . . . . . . . . . . . . . 74
5 Conclusion and Future Works 77
5.1 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
5.2 Future Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Bibliography 79

[1] H.-K. Lo and H. F. Chau, “Unconditional security of quantum key distribution over arbitrarily long distances,” science, vol. 283, no. 5410, pp. 2050–2056, 1999.
[2] S. Barz, E. Kashefi, A. Broadbent, J. F. Fitzsimons, A. Zeilinger, and P. Walther, “Demonstration of blind quantum computing,” science, vol. 335, no. 6066, pp. 303–308, 2012.
[3] R. A. Qamar, M. A. Maarof, and S. Ibrahim, “First tour to quantum cryptography,” International Journal of Research and Reviews in Computer Science, vol. 2, no. 2, p. 326, 2011.
[4] Q. Li, S. Ma, H. Mao, and L. Meng, “An FPGA-based communication scheme of
classical channel in high-speed QKD system,” in 2014 Tenth International Conference on Intelligent Information Hiding and Multimedia Signal Processing. IEEE, 2014, pp. 227–230
[5] F. Xu, X. Ma, Q. Zhang, H.-K. Lo, and J.-W. Pan, “Secure quantum key distribution with realistic devices,” Reviews of Modern Physics, vol. 92, no. 2, p. 025002, 2020.
[6] S.-K. Liao, W.-Q. Cai, W.-Y. Liu, L. Zhang, Y. Li, J.-G. Ren, J. Yin, Q. Shen, Y. Cao, Z.-P. Li et al., “Satellite-to-ground quantum key distribution,” Nature, vol. 549, no. 7670, pp. 43–47, 2017.
[7] Q. Li, Z. Lin, D. Le, and H. Liu, “An FPGA-based design of efficient QKD sifting module,” in 2014 Tenth International Conference on Intelligent Information Hiding and Multimedia Signal Processing. IEEE, 2014, pp. 219–222.
[8] H.-F. Zhang, J. Wang, K. Cui, C.-L. Luo, S.-Z. Lin, L. Zhou, H. Liang, T.-Y. Chen, K. Chen, and J.-W. Pan, “A real-time QKD system based on FPGA,” Journal of Lightwave Technology, vol. 30, no. 20, pp. 3226–3234, 2012.
[9] A. Tanaka, M. Fujiwara, K.-i. Yoshino, S. Takahashi, Y. Nambu, A. Tomita, S. Miki, T. Yamashita, Z. Wang, M. Sasaki et al., “High-speed quantum key distribution system for 1-Mbps real-time key generation,” IEEE Journal of Quantum Electronics, vol. 48, no. 4, pp. 542–550, 2012.
[10] C. H. Bennett and G. Brassard, “Quantum cryptography: Public key distribution and coin tossing,” Theoretical computer science, vol. 560, pp. 7–11, 2014.
[11] D. Stucki, N. Brunner, N. Gisin, V. Scarani, and H. Zbinden, “Fast and simple oneway quantum key distribution,” Applied Physics Letters, vol. 87, no. 19, 2005.
[12] D. Stucki, S. Fasel, N. Gisin, Y. Thoma, and H. Zbinden, “Coherent one-way quantum key distribution,” in Photon Counting Applications, Quantum Optics, and Quantum Cryptography, vol. 6583. SPIE, 2007, pp. 194–197
[13] J. Constantin, R. Houlmann, N. Preyss, N. Walenta, H. Zbinden, P. Junod, and A. Burg, “An FPGA-based 4 Mbps secret key distillation engine for quantum key distribution systems,” Journal of Signal Processing Systems, vol. 86, pp. 1–15, 2017.
[14] J. Martinez-Mateo, C. Pacher, M. Peev, A. Ciurana, and V. Martin, “Demystifying the information reconciliation protocol cascade,” arXiv preprint arXiv:1407.3257, 2014.
[15] H. Yan, T. Ren, X. Peng, X. Lin, W. Jiang, T. Liu, and H. Guo, “Information reconciliation protocol in quantum key distribution system,” in 2008 Fourth International Conference on Natural Computation, vol. 3. IEEE, 2008, pp. 637–641.
[16] H. Krawczyk, “LFSR-based hashing and authentication,” in Annual International Cryptology Conference. Springer, 1994, pp. 129–139.
[17] A. Tanaka, W. Maeda, S. Takahashi, A. Tajima, and A. Tomita, “Ensuring quality of shared keys through quantum key distribution for practical application,” IEEE Journal of Selected Topics in Quantum Electronics, vol. 15, no. 6, pp. 1622–1629, 2009.
[18] L. E. Bassham III, A. L. Rukhin, J. Soto, J. R. Nechvatal, M. E. Smid, E. B. Barker, S. D. Leigh, M. Levenson, M. Vangel, D. L. Banks et al., Sp 800-22 rev. 1a. a statistical test suite for random and pseudorandom number generators for cryptographic applications. National Institute of Standards & Technology, 2010.
[19] E. O. Kiktenko, A. O. Malyshev, M. A. Gavreev, A. A. Bozhedarov, N. O. Pozhar, M. N. Anufriev, and A. K. Fedorov, “Lightweight authentication for quantum key distribution,” IEEE Transactions on Information Theory, vol. 66, no. 10, pp. 6354–6368, 2020.