
Declassified: The US Government’s Quantum Internet - bsmith
http://www.theconnectivist.com/2013/05/declassified-the-governments-quantum-internet/?utm_source=taboola
======
beloch
The theconnectivist article doesn't mention it, but the quantum network being
discussed is a trusted node network. If two users on the network communicate,
the central trusted hubs have access to the plain-text (There would have to be
multiple interconnected trusted hubs to overcome distance limitations). Other,
_far_ better documented networks of this kind already exist (e.g. SECOQ).

Trusted node networks are a viable option for corporations. Indeed, several
European banks are already using IDQuantique turnkey systems, as mentioned in
the article. These networks are not viable for private individuals, especially
those who are not comfortable with entrusting their plaintext to the
operator(s) of the trusted nodes.

There are ways to build quantum repeater networks that do not require the use
of trusted nodes, but these remain experimental because some of the underlying
technologies needed to overcome distance limitations in such networks (e.g.
Quantum memories) are still in their infancy. The quantum smart cards in this
article do not even attempt to address this.

Corporations interested in building a private trusted node quantum network
similar to IDQuantique's offerings may want to look into these quantum smart
cards. They are wildly inappropriate for civilian use however. Even plugging
in directly to your _local_ bank would require you to have a direct fiber link
to a node under the control of that bank. This would be prohibitively
expensive.

------
harshreality
The breakthrough claimed is that only one side (the router side) is equipped
with a qubit detector, and end nodes only have quantum transmitters, and
therefore the cost of deployment for each end node is much lower. This tech
doesn't change the basic limitations of what quantum cryptography requiring
trusted nodes can achieve: It only secures fiber links, and every router along
a path still has to be trusted (ISPs have to be trusted and incorruptible, for
instance). It also doesn't help prevent typical hacking, where nodes are
attacked, not network links.

See
[http://www.youtube.com/watch?v=UVzRbU6y7Ks](http://www.youtube.com/watch?v=UVzRbU6y7Ks)
for the quantum key exchange protocol. The protocol doesn't need a quantum
back-channel. What has been "declassified" about this approach?

 _Whenever you purchase something online and you hit the ‘buy’ button and your
computer seems to buffer, taking its sweet time to present you with the order
confirmation page and you begin to doubt that the order went through
successfully, “that’s because of the cryptography,” says Hughes. It takes time
to create a secure line to transmit sensitive information, like your card
number, between your laptop, eBay, and your bank. But “in our case that just
wouldn’t happen,” says Hughes, “in principle [our invention] could speed up
the Internet.”_

Bad journalism. That quote is probably taken way out of context. Website
delays usually have very little to do with cryptography, and everything to do
with the web apps and backend databases or credit card processors being slow
to process orders. The slow part of SSL encryption (key exchange) isn't that
slow, and is probably already done before you submit an order, if the site
uses a ssl session cache.

~~~
pygy_
_> Bad journalism._

And bad comment :-/

Nothing personal, this is intended as constructive criticism.

You completely ignore the main point of the article, and come quibbling about
an unrelated detail.

This kind of comment often ends up at the top of the comment thread and
obscures the comments that discuss the subject matter.

Your point is rather obvious, and I suppose that you end up being upvoted by
folks not knowledgeable enough to discuss TFA, but feel validated by the fact
that they also spotted the error.

~~~
sillysaurus
You should restate the main point of the article and then explain why the top
comment is a quibble about an unrelated detail. If the readers aren't as
knowledgeable as yourself, then you have an opportunity to change that rather
than complain about it.

~~~
pygy_
I'm not qualified to discuss the main point, but enough to separate chaff from
wheat in this case.

The article is about quantum cryptography. The author gives credit card
processing as a layman example of encrypted communication, and states,
erroneously, that the connection process is slow because of the SSL handshake.

It is true that SSL increases latency, but it is not the main factor, as
harshreality said.

However, the example is an aside, and the error is a small aside in the aside.
Not really worth discussing, and it definitely doesn't have its place at the
top of the thread, where it was when I first posted. It is still currently the
second comment.

Note that harshreality improved his post after the fact... or did I miss the
good bits when I first read it? Hoist with my own petard? If so, sincere
appologies.

~~~
harshreality
Nothing else _in the article_ was particularly worth discussing either; other
comments are detailing how this is not a breakthrough, or making minor
clarifications, with beloch's in particular highlighting an alternative that
might actually have interesting applications.

~~~
pygy_
Why comment, then?

------
scythe
This story was posted to Hacker News in May:

[https://news.ycombinator.com/item?id=5661576](https://news.ycombinator.com/item?id=5661576)

[http://arxiv.org/abs/1305.0305?utm_source=feedly](http://arxiv.org/abs/1305.0305?utm_source=feedly)

Read the arXiv paper: it's quite short and not very technical. The BB84
protocol used is described in a lower comment by 'harshreality. It is secure
against any purely classical attacker; Preskill and Shor give a (highly
involved) proof of security here:

[http://arxiv.org/pdf/quant-ph/0003004](http://arxiv.org/pdf/quant-ph/0003004)

However, the BB84 protocol used is susceptible in its original form to
_quantum_ man-in-the-middle attacks, eg:

[http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=523467...](http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=5234678&url=http%3A%2F%2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D5234678)

LANL probably thinks this is infeasible at the moment -- with good reason:
quantum computing equipment is extraordinarily difficult to obtain or produce,
and so it would be very hard indeed to carry out such an attack in secret.
There are approaches to dispelling quantum MitM, such as a paper I've posted
below.

------
andrewcooke
the useful info is here -
[http://www.technologyreview.com/view/514581/government-
lab-r...](http://www.technologyreview.com/view/514581/government-lab-reveals-
quantum-internet-operated-continuously-for-over-two-years/)

it's a star (radial) topology, with quantum links outwards only, which is
enough to distribute keys. end nodes only need quantum receivers so it's
cheaper than bi-directional systems.

~~~
adamgravitis
yep - and it's manifestly _not_ the "internet". It is, however, a network that
bears some hardware similarity to internet backbones.

------
moondowner
A quick search on the mentioned quantum smart card (a.k.a. generation-1 QKarD)
turned up this presentation: "Quantum Cryptography at Los Alamos National
Laboratory: QES & QKarD" (2010)
[http://www.lanl.gov/orgs/tt/pdf/techs/quantum_crypt.pdf](http://www.lanl.gov/orgs/tt/pdf/techs/quantum_crypt.pdf)

~~~
themoogle
[http://gyazo.com/318f8f103ab97c6df7d268d5d74950ca](http://gyazo.com/318f8f103ab97c6df7d268d5d74950ca)
Did the US govt just admit they can time travel, and have several methods to
do it? Page 13

------
yk
I think it should be noted explicitly, that this is just quantum encryption on
the link level, so the data is secure on the fibre, but apparently needs to be
decrypted at the router. So this is a nice application, but simply does not
solve most security needs. ( Except protecting against and adversary who is
willing to splice into the fibre, if you happen to control all endpoints and
the intermediate routers.)

------
walid
Quantum cryptography requires quantum correlation as far as I know. Einstein
called it "spooky action at a distance" and there is no mention of it here. I
think this is not exactly a scoop, to say the least.

------
at-fates-hands
>>>> the technology could also help to keep state secrets secret.

Not so sure about this one. As long as you have humans in charge, episodes
like the Edward Snowden affair will continue to occur.

------
frozenport
Idea: It is fine if somebody touches my data as long as they don't decrypt it.

------
Daniel_Newby
1\. Quantum crypto only helps with eavesdropping. To defend against man-in-
the-middle attacks you have to use a conventional message authentication code.
The system is no stronger than the MAC.

2\. Quantum nondemolition measurements have been used to detect macroscopic
objects with a vanishing probability of interaction. There is a good chance
the approach can be adapted to detect photons, breaking quantum crypto.

Basically, quantum crypto is at best snake oil and probably worthless.

~~~
scythe
> Quantum crypto only helps with eavesdropping. To defend against man-in-the-
> middle attacks you have to use a conventional message authentication code.
> The system is no stronger than the MAC.

False. See e.g. "Quantum protocols for the millionaire problem are trivial",
He 2012

[http://arxiv.org/pdf/1207.6739](http://arxiv.org/pdf/1207.6739)

> Quantum nondemolition measurements have been used to detect macroscopic
> objects with a vanishing probability of interaction. There is a good chance
> the approach can be adapted to detect photons.

Interaction-free measurement has certainly been demonstrated, but it doesn't
do what you think it does. It is provably impossible to measure a state
without forcing it to be expressed in the basis of measurement, but this _is
not the same thing as interaction_. I.e. if you measure the position of a
particle, you will always find it has a definite position, but you cannot find
that it was previously in a state without a definite position. See:

[http://en.wikipedia.org/wiki/Elitzur-
Vaidman_bomb_tester](http://en.wikipedia.org/wiki/Elitzur-Vaidman_bomb_tester)

~~~
Daniel_Newby
How can #1 be false? No optical measurement can distinguish between good and
evil photons. Eve can simply cut the cable, hook a pair of quantum machines up
to the ends, and proxy the data between Alice and Bob.

~~~
anologwintermut
There are information theoretically unbreakable message authentication
codes[1]

The main point of quantum crypto deployments (at least now) is to protect
against future offline attacks (possibly using quantum computer). So in
practice, I don't believe these authentication schemes are deployed.

[1][https://wiki.cc.gatech.edu/theory/images/9/9e/Lec11.pdf](https://wiki.cc.gatech.edu/theory/images/9/9e/Lec11.pdf)

------
microcolonel
So much bullshit.

~~~
AsymetricCom
I was just thinking yesterday that this may be a foregone conclusion after
thinking about the state of military and intelligence technology (along with
some other insights). I doubt this is bullshit. Wish I could have done some
investing to take advantage of it somehow.

