ISO/IEC 23837-2:2023

INTERNATIONAL ISO/IEC
STANDARD 23837-2
First edition
2023-09
Information security — Security
requirements, test and evaluation
methods for quantum key
distribution —
Part 2:
Evaluation and testing methods
Sécurité de l'information — Exigences de sécurité, méthodes d'essais
et d'évaluation relatives à la distribution quantique de clés —
Partie 2: Méthodes d'essais et d'évaluation
Reference number
© ISO/IEC 2023
© ISO/IEC 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
© ISO/IEC 2023 – All rights reserved

Contents Page
Foreword . vi
Introduction .vii
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 3
5 Overview of the evaluation method for QKD modules . 4
5.1 General . 4
5.2 Scope of the evaluation method . 4
5.3 Overview of evaluation activities for SFRs . 5
5.3.1 General . 5
5.3.2 EAs for SFRs FTP_QKD.1 and FTP_QKD.2 . 6
5.3.3 EAs for SFRs on quantum optical components and parameter adjustment
procedure(s) . 6
5.3.4 EAs for SFRs on conventional network components . 7
5.3.5 Thresholds and input parameters related to the evaluation activities . 7
5.4 Overview of evaluation activities for SARs . 8
6 EAs for the evaluation of FTP_QKD . 8
6.1 General . 8
6.2 EA to test quantum state transmission and sifting procedures . 10
6.2.1 General aspects . 10
6.2.2 Test procedure.12
6.2.3 Pass/fail criteria . 14
6.3 EA to test other post-processing procedures . 14
6.3.1 General aspects . 14
6.3.2 Test procedure. 16
6.3.3 Pass/fail criteria . 17
6.4 EA to test parameter adjustment procedure(s) . 17
6.4.1 General aspects . 17
6.4.2 Test procedure. 19
6.4.3 Pass/fail criteria . 19
7 EAs for evaluating quantum optical components in the transmitter module .19
7.1 General . 19
7.2 EA to test the photon-number distribution of optical pulses .22
7.2.1 General aspects . 22
7.2.2 Test procedure. 24
7.2.3 Pass/fail criteria .25
7.3 EA to test the mean photon number and stability of optical pulses . 25
7.3.1 General aspects . 25
7.3.2 Test procedure.26
7.3.3 Pass/fail criteria .28
7.4 EA to test the independence of the intensities of optical pulses .28
7.4.1 General aspects .28
7.4.2 Test procedure.29
7.4.3 Pass/fail criteria .30
7.5 EA to test the accuracy of state encoding .30
7.5.1 General aspects . 30
7.5.2 Test procedure. 31
7.5.3 Pass/fail criteria . 32
7.6 EA to test the indistinguishability of encoded states . 32
7.6.1 General aspects . 32
7.6.2 Test procedure.34
iii
© ISO/IEC 2023 – All rights reserved

7.6.3 Pass/fail criteria . 35
7.7 EA to test the uniform distribution of the global phase of optical pulses .36
7.7.1 General aspects . 36
7.7.2 Test procedure. 37
7.7.3 Pass/fail criteria .38
7.8 EA to test the degree of optical isolation of the TX module .38
7.8.1 General aspects .38
7.8.2 Test procedure.40
7.8.3 Pass/fail criteria .40
7.9 EA to test the sensitivity of the injected light monitor in the TX module.40
7.9.1 General aspects .40
7.9.2 Test procedure. 41
7.9.3 Pass/fail criteria . 42
7.10 EA to test the robustness of the TX module against laser injection . 42
7.10.1 General aspects . 42
7.10.2 Test procedure.44
7.10.3 Pass/fail criteria .46
8 EAs for the evaluation of quantum optical components in the receiver module .47
8.1 General . 47
8.2 EA to test the consistency of detection probability in the RX module .49
8.2.1 General aspects .49
8.2.2 Test procedure. 51
8.2.3 Pass/fail criteria . 51
8.3 EA to test information leakage of back-flashes from the RX module . 52
8.3.1 General aspects . 52
8.3.2 Test procedure.53
8.3.3 Pass/fail criteria .54
8.4 EA to test the degree of optical isolation of the RX module .54
8.4.1 General aspects .54
8.4.2 Test procedure.55
8.4.3 Pass/fail criteria . 55
8.5 EA to test the sensitivity of the injected light monitor in the RX module .56
8.5.1 General aspects .56
8.5.2 Test procedure. 57
8.5.3 Pass/fail criteria . 57
8.6 EA to test the robustness of the RX module against bright light blinding .58
8.6.1 General aspects .58
8.6.2 Test procedure. 59
8.6.3 Pass/fail criteria .60
8.7 EA to test the appropriateness of dead time settings of SPDs .60
8.7.1 General aspect .60
8.7.2 Test procedure. 61
8.7.3 Pass/fail criteria . 62
8.8 EA to test the temporal profile of the detection efficiency for SPDs . 62
8.8.1 General aspects . 62
8.8.2 Test procedure.63
8.8.3 Pass/fail criteria .63
8.9 EA to test the robustness of the RX module against laser injection .64
8.9.1 General aspects .64
8.9.2 Test procedure.65
8.9.3 Pass/fail criteria .66
8.10 EA to test the detection limits of homodyne detectors in the RX module . 67
8.10.1 General aspects . 67
8.10.2 Test procedure. 67
8.10.3 Pass/fail criteria .68
8.11 EA to test the appropriateness of double-click event handling .68
8.11.1 General aspects .68
8.11.2 Test procedure.69
iv
© ISO/IEC 2023 – All rights reserved

8.11.3 Pass/fail criteria .69
9 EAs for the evaluation of parameter adjustment procedure(s) .69
9.1 General .69
9.2 EA to test the inducibility of detection probability mismatch . 70
9.2.1 General aspects . 70
9.2.2 Test procedure.73
9.2.3 Pass/fail criteria .74
9.3 EA to test the correctness of shot noise alignment .74
9.3.1 General aspects .74
9.3.2 Test procedure. 75
9.3.3 Pass/fail criteria .77
10 Supplementary activities for the evaluation of SFRs on conventional network
components .77
10.1 General .77
10.2 E valuation activities for FCS related SFRs overview . 78
10.3 E valuation activities for other SFRs overview . 78
11 Supplementary activities for SARs .78
11.1 General . 78
11.2 Supplementary activities for Class APE: Protection Profile evaluation .78
11.3 Supplementary activities for Class ASE: Security Target evaluation.80
11.4 Supplementary activities for Class ADV: Development .80
11.4.1 Supplementary activities for ADV_ARC .80
11.4.2 Supplementary activities for ADV_FSP .81
11.5 Supplementary activities for Class AGD: Guidance documents .82
11.5.1 Supplementary activities for AGD_OPE .82
11.5.2 Supplementary activities for AGD_PRE .83
11.6 Supplementary activities for Class ATE: Test .83
11.6.1 Supplementary activities for ATE_FUN .83
11.6.2 Supplementary activities for ATE_IND .84
11.7 Supplementary activities for Class AVA: Vulnerability assessment .85
12 Conformance statement .88
12.1 General .88
12.2 Conformance statement specific to evaluation activities for SFRs .88
12.3 Conformance statement specific to EAs for SARs .89
Annex A (informative) Guidance on the calculation of attack potential for the evaluation of
QKD modules .90
Annex B (informative) Rating examples for AVA attack potential computation .97
Annex C (informative) Thresholds collection . 100
Annex D (informative) Correspondence between EAs and known attacks to quantum
optical components and parameter adjustment procedure(s) of QKD modules . 104
Bibliography . 106
v
© ISO/IEC 2023 – All rights reserved

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work.
The procedures used to develop this document and those intended for its further maintenance
are described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria
needed for the different types of document should be noted. This document was drafted in
accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives or
www.iec.ch/members_experts/refdocs).
ISO and IEC draw attention to the possibility that the implementation of this document may involve the
use of (a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of
any claimed patent rights in respect thereof. As of the date of publication of this document, ISO and IEC
had not received notice of (a) patent(s) which may be required to implement this document. However,
implementers are cautioned that this may not represent the latest information, which may be obtained
from the patent database available at www.iso.org/patents and https://patents.iec.ch. ISO and IEC shall
not be held responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see
www.iso.org/iso/foreword.html. In the IEC, see www.iec.ch/understanding-standards.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 27, Information security, cybersecurity and privacy protection.
A list of all parts in the ISO/IEC 23837 series can be found on the ISO website.
Any feedback or questions on this document should be directed to the user’s national standards
body. A complete listing of these bodies can be found at www.iso.org/members.html and
www.iec.ch/national-committees.
vi
© ISO/IEC 2023 – All rights reserved

Introduction
The ISO/IEC 23837 series specifies security requirements, test and evaluation methods for quantum
key distribution (QKD) modules under the framework of the ISO/IEC 15408 series. This document
specifies an evaluation method and relevant evaluation activities for the security evaluation of QKD
modules in a relatively general way. The evaluation activities that are necessary for the security
evaluation of QKD modules include supplementary evaluation activities for the QKD-related security
functional requirements (SFRs) specified in ISO/IEC 23837-1 and the supplementary evaluation
activities for security assurance requirements (SARs) with security assurance levels ranging from
evaluation assurance level (EAL) 1 to EAL 5+.
Specifically, the evaluation activities for the testing and evaluation of implementations of QKD
protocols, quantum optical components in QKD transmitter modules, and QKD receiver modules are
described in detail. For SFRs specific to conventional network components, this document does not
specify concrete evaluation activities but mainly refers to existing methods for network devices. In
addition, supplementary activities for security assurance requirements are specified, and refinements
to the generic vulnerability analysis methodology in ISO/IEC 18045 are presented, including guidance
on the calculation of attack potentials.
This document is expected to provide a specification to help QKD manufacturers improve the design
and implementation security of QKD modules, and to guide evaluators in the testing and security
evaluation of QKD modules, thus reducing the risk of failure of security in operation.
vii
© ISO/IEC 2023 – All rights reserved

INTERNATIONAL STANDARD ISO/IEC 23837-2:2023(E)
Information security — Security requirements, test and
evaluation methods for quantum key distribution —
Part 2:
Evaluation and testing methods
1 Scope
This document specifies test and evaluation methods for the security evaluation of quantum key
distribution (QKD). It also describes evaluation activities that constitute the test and evaluation
methods for the security functional requirements on the implementation of QKD protocols, the
quantum optical components and conventional network components in QKD modules. Moreover,
supplementary evaluation activities for security assurance requirements are provided to support the
security evaluation of QKD with appropriate assurance levels.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 15408-4:2022, Information security, cybersecurity and privacy protection — Evaluation criteria
for IT security — Part 4: Framework for the specification of evaluation methods and activities
ISO/IEC 18045, Information security, cybersecurity and privacy protection — Evaluation criteria for IT
security — Methodology for IT security evaluation
ISO/IEC 23837-1:2023, Information security — Security requirements, test and evaluation methods for
quantum key distribution — Part 1: Requirements
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 23837-1 and the following
apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
attenuation
reduction in the intensity of a light beam relative to the distance travelled through a transmission
medium
3.2
attenuator
device used to reduce the power level of a light beam
© ISO/IEC 2023 – All rights reserved

3.3
back-flash
pulse of one or more photons emitted from a single-photon detector
Note 1 to entry: This phenomenon is also known as “backflash light” or “breakdown flash”.
Note 2 to entry: This phenomenon is due to radiative charge recombination, and is observed in devices such as
avalanche photodiodes where large populations of electron-hole pairs are created.
3.4
beam splitter
BS
device which can split an incident light beam at a designed ratio into two or more separate beams
3.5
correlation function
function used to characterize the statistical and coherence properties of light beams
3.6
dark count
detection event registered by an optical detector in the absence of optical illumination
3.7
dead time
time interval after a detection event when the detector as a whole is unable to provide an output in
response to incoming photons at the single photon level
[SOURCE: ETSI GR QKD 007 V1.1.1:2018]
3.8
density matrix
matrix that describes the state of a quantum system
3.9
detection probability
probability that a detector registers a detection event within a stated duration time
3.10
emulator
tool with a known and trusted implementation of the expected functionality under test
3.11
fidelity
measure of the closeness of two quantum states
3.12
injected light monitor
detector for monitoring the power of the laser light injected from the quantum channel
3.13
local oscillator
LO
strong optical signal that acts as a phase reference for interference with a weak optical signal (e.g.,
quantum state) in coherent detection
3.14
mean photon number
average number of photons per optical pulse
[SOURCE: ETSI GR QKD 007 V1.1.1:2018]
© ISO/IEC 2023 – All rights reserved

3.15
polarization
property of electromagnetic waves that describes the orientation of the oscillating electric field vector
[SOURCE: ETSI GR QKD 007 V1.1.1:2018]
3.16
polarization analyser
instrument designed to measure and display the polarization (3.15) of an optical pulse
3.17
quantum state analyser
instrument designed to measure optical states in one or more specified degrees of freedom
3.18
shot noise
noise which can be modelled by a Poisson process, describing the fluctuations of the number of photons
detected due to their occurrence independent of each other
3.19
spectrum analyser
instrument designed to measure and display the distribution of power of an optical source over a
specified wavelength span
4 Abbreviated terms
ATE assurance class of tests
AVA assurance class of vulnerability assessment
cPP collaborative PP
EA evaluation activity
EAL evaluation assurance level
EM evaluation method
IT information technology
NRBG non-deterministic random bit generator
PP protection profile
QKD quantum key distribution
RX receiver
SAR security assurance requirement
SFR security functional requirement
SPD single-photon detector
TOE target of evaluation
TSF TOE security functionality
TSFI TSF interface
TX Transmitter
© ISO/IEC 2023 – All rights reserved

5 Overview of the evaluation method for QKD modules
5.1 General
The primary objective of the security evaluation of QKD modules is to validate whether the
implementation of the core functionality and the IT-related security controls of QKD modules meet the
security requirements of an expected evaluation assurance level (EAL).
Since the high-level generic evaluation activities (EAs) specified in ISO/IEC 18045 do not directly
cover all aspects of the security evaluation of QKD modules, this document gives an evaluation method
(EM) to supplement ISO/IEC 18045, by considering the characteristics of QKD modules. In particular,
this EM includes some specific EAs for security functional requirements (SFRs), which are defined in
ISO/IEC 23837-1, and security assurance requirements (SARs), which are defined or refined based on
the work units in ISO/IEC 18045.
5.2 Scope of the evaluation method
The defined method for the security evaluation of QKD modules is based on the framework specified by
ISO/IEC 15408-4. Figure 1 gives the structure of the EM based on the following considerations.
Figure 1 — Structure of the specific EM for QKD modules and its constituent EAs
The EM includes a collection of EAs for SARs and SFRs. In particular, a set of EAs for some existing
SARs in ISO/IEC 18045 are supplemented to make their work units more specific for the evaluation of
QKD modules, in particular those related to the assurance Class ATE and Class AVA (see 11.6, 11.7 and
Annex A). In addition, a set of EAs for specific SFRs is defined, which addresses SFRs on the quantum
optical components (see ISO/IEC 23837-1:2023, 9.4) and the implementation of QKD protocols (i.e. FTP_
QKD). The EAs for SFRs are intended to help evaluators address evaluation actions required by the
SARs ATE_IND.1 and ATE_IND.2 that are specific to QKD modules (see Clauses 6 to 9 for further detail).
On the other hand, since the objective of this document is to provide a supplementary evaluation
methodology that is specific to QKD modules, EAs for common SFRs on conventional network
components (including SFRs in the classes of FCS, FIA, FDP, FMT defined in ISO/IEC 15408-2) are
not emphasized. As the corresponding methodology for those SFRs is relatively mature in the IT
security evaluation industry, evaluators may reference existing standards or methodologies to handle
© ISO/IEC 2023 – All rights reserved

such aspects. Clause 10 explains this in more detail, and existing standards and methodologies are
referenced to help evaluators select appropriate approaches.
Not all EAs in this document are required for the security evaluation of a specific TOE of QKD modules.
The selection of EAs depends on the implemented QKD protocols and the implementation strategy of
the TOE. Clause 12 describes the requirements of the conformance statement when a specific evaluation
process claims conformance with this document.
5.3 Overview of evaluation activities for SFRs
5.3.1 General
The objective of functional testing in a security evaluation is to verify whether the implementation
of the functionality and IT-related controls are consistent with the design specification, and that
the security requirements defined in the ST are satisfied by the TOE. The EAs for SFRs, as specified
mainly in Clauses 6, 7, 8, and 9, are intended to supplement the work units concerned with independent
functional testing of the TSF, especially the work units regarding the security assurance family of ATE_
IND in ISO/IEC 18045.
NOTE This includes the work units of ATE_IND.1–3, ATE_IND.1–4, ATE_IND.1–5, ATE_IND.1–6 and ATE_
IND.1–7 when ATE_IND.1 is chosen for the expected EAL, or the work units of ATE_IND.2–6, ATE_IND.2–7, ATE_
IND.2–8, ATE_IND.2–9 and ATE_IND.2–10 when ATE_IND.2 is chosen.
Although the EAs are intended to help evaluators of QKD modules, these EAs can also be used to help
developers of QKD modules perform functional testing (for security assurance family of ATE_FUN), and
ensure the evaluator that the tests have been performed and documented correctly, before applying for
security evaluation/certification.
ISO/IEC 15408-4:2022, Clause 6 explains that the content generally required for the specification of an
EA includes:
— objective of the evaluation activity;
— required inputs (from the developer);
— required tool types and setup;
— required evaluator competence;
— rationale (justification of their derivation from the work units in ISO/IEC 18045);
— dependencies (of the activities on other relevant EAs);
— test procedure (for performing the EA);
— pass/fail criteria (for deciding the outcome of the EA).
Regarding these EAs, the general inputs required by the evaluator (but mainly prepared by the
developers) for independent testing are defined in ISO/IEC 18045, and include at least:
a) if ATE_IND.1 is concerned in the evaluation, then the following inputs are required:
— the ST;
— the functional specification;
— the guidance documentation;
— the TOE suitable for testing;
b) if ATE_IND.2 is concerned in the evaluation, then the following additional evidence is required:
— the TOE design description;
© ISO/IEC 2023 – All rights reserved

— the configuration management documentation;
— the test documentation.
In addition, all the test tools required for the EAs shall be calibrated correctly against some specific
standards by default. Otherwise, the reason shall be justified in the corresponding EAs.
For each EA, it is necessary for the developer to present at least the general inputs listed in a) and b)
accordingly to the evaluator. On completion of the evaluation process, the evaluator shall report the
evaluation result of the EA.
The “dependencies” item specified in ISO/IEC 15408-4:2022, Clause 6 is not necessary for the
description of EAs that are independent of all other EAs. The item is therefore neglected from the
description of those EAs hereinafter.
5.3.2 EAs for SFRs FTP_QKD.1 and FTP_QKD.2
ISO/IEC 23837-1 defines an extended security functional family (i.e. FTP_QKD) to specify the
requirements on the FUN_QKD functionality (see ISO/IEC 23837-1:2023, 6.4.2 for the definition) of
QKD modules. Correspondingly, EAs related to the evaluation of the implementation of a QKD protocol,
or rather the implementation of raw data generation, post-processing and parameter adjustment
procedures are specified in 6.2, 6.3, and 6.4 respectively. These EAs are used to examine the correctness
of the implementation of FUN_QKD (or more precisely, the SFRs FTP_QKD.1 and FTP_QKD.2).
Each of the EAs provides the required content listed in 5.3.1, especially the following:
a) Test procedures for checking the correctness of the implementation of raw data generation, post-
processing and parameter adjustment procedure(s) of the TOE.
b) Pass/fail criteria (for the evaluation of an implementation of a QKD protocol).
5.3.3 EAs for SFRs on quantum optical components and parameter adjustment procedure(s)
The SFRs on quantum optical components and parameter adjustment procedure(s) mainly include FPT_
EMS.1/Quantum and FPT_PHP.3 (see ISO/IEC 23837-1:2023, 9.4). These requirements are imposed on
the relevant security functions that relate to quantum optical components of QKD modules and the
parameter adjustment procedure(s). The expectation is that, at the expected EAL, the TOE that meets
these SFRs can resist known attacks (
...