
What the Quantum Internet Has in Store - jonbaer
https://www.scientificamerican.com/article/here-rsquo-s-what-the-quantum-internet-has-in-store/
======
CiPHPerCoder
> The first—which they say is a sort of stage 0 because it does not describe a
> true quantum internet—is a network that enables users to establish a common
> encryption key, so that they can share their (classical) data securely. The
> quantum physics occurs only behind the scenes: the service provider uses it
> to create the key. But the provider also knows the key, which means that
> users have to trust it.

I don't like where this is going.

> In stage 1, users will start getting into the quantum game, in which a
> sender creates quantum states, typically for photons.

Okay, it's going _exactly_ where I thought I was going!

\----

At the risk of falling victim to the Gell-Mann effect, I'm going to call
bullshit on this article.

It's overwhelmingly likely that _quantum cryptography_ will not be the next
iteration of network security technology in the real world. Rather, the focus
is on what's called _post-quantum cryptography_. Despite what you might think,
these are not two points on a timeline.

Post-quantum cryptography refers to asymmetric cryptography features that are
secure even in the presence of practical quantum computers. It's not a stage
that exists after quantum cryptography. There's no "intermediate" stage in
which we use quantum physics itself for encryption.

There will likely be a transition, wherein today's elliptic curve
cryptosystems are used in addition to a post-quantum cryptosystem (e.g. ECDH +
RLWE), until industry-wide confidence is gained in the security of the latter.
I expect a lot of interesting attacks to be found in PQ algorithms during that
time, and eventually we'll settle on constructions that are secure without
pre-quantum cryptography.

Note: Symmetric cryptography is largely unaffected by quantum computers. You
essentially halve the security levels (nitpick: which is an exponent, so
you'll effectively be taking the square root of the possible values rather
than just "halving it", which would just shave off one bit).

Quantum key distribution and other entangled photon madness? I doubt we'll see
widespread deployment of this.

EDIT: I see this article isn't the author's first inaccurate foray into this
topic. They might want to consult a cryptographer before publishing bunk
science. [https://www.scientificamerican.com/article/the-quantum-
inter...](https://www.scientificamerican.com/article/the-quantum-internet-has-
arrived-and-it-hasn-rsquo-t/)

~~~
krastanov
I think you are conflating two similarly named topics, or at least missing the
point of why one of them is useful. At the risk of saying stuff you already
know (do check the last paragraph for something you might not):

Quantum key exchange (only one of the applications of "quantum internet") is
completely orthogonal to post quantum encryption.

Quantum key exchange is a way to distribute keys, which will be used in some
symmetric encryption scheme that runs on classical computers. That scheme has
security that does not depend on any "difficulty" conjectures. It is
"information theoretically perfect" modulo implementation bugs. (Assuming
Schroedinger's equation is not wrong).

This does not require the creation of a quantum computer. Actually it is much
easier and already done in labs.

Post quantum encryption is just the name for asymmetric encryption algorithms
that run on classical computers and are difficult to break on both classical
and quantum computers.

Even though quantum key exchange is an exciting application of "quantum
internet", way more interesting would be its use for the establishment of
globe spanning entangled states. This can be used for the creation of sensors
that surpass the diffraction limit and other practical "science stuff".

~~~
bloomer
No. I think that is the exact point he was making that quantum key
distribution is orthogonal to post-quantum cryptography and that the consensus
is that poat-quantum cryptography will actually be used while quantum key
distribution is basically an academic exercise because it doesn't have
practical utility for the problem it is attempting to solve.

~~~
krastanov
I am confused. How is "security that does not depend on any 'difficulty'
conjectures / information theoretically perfect" not of practical utility?

~~~
NoKnowledge
The so called quantum key-exchange requires a shared secret, so it is actually
doing key-expansion. Besides that it has practical problems in side-channel
protection and cannot achieve a high enough bandwidth to be of interest in
most practical settings.

~~~
roywiggins
If you wanted to toss out public key cryptography as insecure, I guess you
could use QKE to make symmetric key cryptography more practical. You would
have a secure method of communicating your keys, and wouldn't have to worry
that your new post-quantum public key cryptography was broken- since symmetric
cryptography just isn't vulnerable in the same way.

------
jillesvangurp
I'm not an expert on this. Right now this looks like there's lots of stuff for
math and physics nerds to get excited about and not much else. Certainly words
like "quantum internet" sound like complete bullshit designed separate
investors from their cash rather than market any concrete products or
solutions.

All I'm hearing in terms of practical applications has exclusively to do with
hardening cryptography: safer ways to do key exchange basically. That's nice
and probably desirable long term but doesn't sound like it would cause most
people to get really excited about buying new computers and connecting to a
brand new "quantum internet" any time soon. As it is they barely notice or
care about stuff like https and equate the google search box with the
internet.

This crypto hardening would only be needed when quantum computing compromises
existing algorithms. So far, that is not yet practical to do. It seems we
first need some practical quantum computers that compromise security in a way
that could feasibly be used by malicious parties. I'm not talking proof of
concepts, I'm talking actually broken keys. My guess is that this is either
impossible or stupendously expensive to pull off and will be for the
foreseeable future.

Once this happens, there will basically be an arms race to upgrade existing
algorithms and deprecate the broken ones. Given people still happily use
known/suspected compromised ones today, I imagine this will take some time.
Decades basically.

~~~
NoKnowledge
When quantum computers break existing algorithms, we do not need to resort to
quantum key exchange, but we can make the switch to post-quantum crypto, as
also indicated by the other comment[0].

However, switching to the next generation of crypto only after the current
generation is broken is not a solution. Much data needs to be kept secret for
a long time. Internet traffic is currently being stored so that when the
current crypto is broken all data can be decrypted retroactively.

[0]:
[https://news.ycombinator.com/item?id=18327175](https://news.ycombinator.com/item?id=18327175)

------
tialaramex
Their "stage 0" seems like it's worse than not doing this at all.

------
neoeldex
> Physicists say this futuristic, super-secure network could be useful long
> before it reaches technological maturity. Isn't that what they also say
> about the internet atm?

