Hacker News new | comments | ask | show | jobs | submit login
Cambridge launches UK’s first quantum network (cam.ac.uk)
91 points by ColinWright 6 months ago | hide | past | web | favorite | 30 comments

This is using parts of Cambridge University’s 25-year-old dark fibre network, the GBN, which has a fun tube-style map: https://help.uis.cam.ac.uk/service/devices-networks-printing...

Heh - I recall back in 94 when I was one of the first handful of webmasters at BT we also had a tube map centered round Martlesham (Think UK Bell Labs) with of shoots to LSEC TSEC(my lonely I486 that ran occasionally when I don't need all the horse power of my pc) AND BSEC

We are going back to our ‘BT Labs’ brand soon :)

I always thought that adastral branding was rubbish - have they demolished the H blocks yet

still refurbishing

I wonder how intelligence services around the world are planning to combat the rise of these allegedly "unhackable" communication networks.

> allegedly "unhackable" communication networks

they are unhackable using classical methods. So the hacks would be QM based as well (so DefCon will be like QM physicists symposium). Like something along the lines of entangling with (yet not measuring) the signal and performing "shadow" ("counterfactual quantum communication") read of a that signal (entanglement transitivity/swapping, especially if the read/measurement is done after Alice&Bob had already got satisfied with the integrity of the signal as there are also interesting possibilities with that "entanglement in the future affecting the past". Or like this QM analog of NSA Google fiber splitter https://www.extremetech.com/extreme/156673-the-first-quantum... : the photon 4 would be injected back into the channel and Alice and Bob would never know the difference [between the pair 1,4 and the original pair 1,2] while the photon 3 would go into Eve's pocket ).

No, this kind of thing is ruled out by the protocol. There's a theorem called "monogamy of entanglement" which means that two maximally entangled qubits can't also be entangled (or even correlated) with a third. This means that Alice and Bob can guarantee that the key they're agreeing on wasn't intercepted. The theoretical argument is airtight. It doesn't rely on any assumptions about the adversary's computing power, or on whether the adversary has access to a quantum computer. The only way it fails is if physics works significantly differently to how we think it does.

Of course there can still be implementation errors or attacks at the endpoints. The strength of the chain is the strength of the weakest link. But the abstract protocol itself is a very strong link.

They don’t need to hack the network, just turn some people or beat them with rubber hoses.

Obligatory xkcd https://xkcd.com/538/

Here's a start (hint: they're not "unhackable" nor are they actually "guaranteed by the laws of physics")



Everything that paper says is true, but it's also incredibly obvious. It just points out that it's impossible to rule out side-channel attacks at the endpoints. If Eve has powerful enough equipment then she can just read the secret out of Alice's brain before Alice even types it into her computer. I don't think anyone saying or hearing the claim that quantum protocols are "guaranteed by the laws of physics" understands it to mean that the protocol protects against that kind of attack.

Same way they attack SSL and other cryptographic security systems, I'd suppose.

Via implementation bugs, or backdooring parts of the endpoints, you mean?

Yes! Attack everything around it, and any mistakes using it.

APT the computer hardware of the endpoints.

Can someone with more knowledge on this topic speak to whether this is likely to take off, or is it just a research toy?

Well, there's supposedly a much longer network in China:


The theory is sound and the technology is getting there. The question is really whether there's enough commercial interest. Joe Public doesn't care too much about this level of security, but governments, journalists, intelligence groups, and companies with a lot of intellectual property do.

I predict that there will be some commercial uptake of this tech in 20 or so years time, but I don't think it'll be that exciting in terms of practical application. It's already possible to be confident that the pure algorithm is secure, i.e. communications can't be read without some sort of social engineering, backdoors or the like.

It's not likely to take off.

Do you want pre-shared secrets and the expense of a quantum network to, in theory, have infinite security (in theory!), or are you okay with tried and tested RSA which gives you >1000000000 years security at a much cheaper cost, that actually works in practice?

Well not RSA, that will be broken by quantum computers. But there are some classical encryption methods that quantum computers are not known to break.

Yes. Can these be used in cases where traditional radio systems can't be used? Like deeply submerged submarines?

Having a bunch of entangled particles doesn't actually let you communicate. You still need to exchange particles with your interlocutor. If you can't communicate classically, you can't communicate with quantum states either- this is the no-communication theorem.

Quantum mechanics allows for superdense coding, where you get a bit more than one bit per particle, but it's probably not really helpful.

But you can then twiddle with these photons after exchange right? Use them to communicate after? Otherwise what's the point?

The theorem says that you specifically can't communicate with entanglement alone. It's spooky, but just non-spooky enough to forbid building an ansible. If you poke one part of an entangled pair, you can't actually force which state you will get. You will get a measurement, and the other can be measured as well and they will both be observed in some state- but you can't push one leftwards to get the other to go rightwards.

If you could, high speed traders would not bother with microwave links.

Quantum networks are (in theory) impossible to snoop on without detection, so they are useful for distributing cryptographic keys. They might be useful to pass quantum states around between quantum computers if they're reliable enough.

> Having a bunch of entangled particles doesn't actually let you communicate. [...] this is the no-communication theorem.

So the quantum part of this network is that it is doing quantum key distribution [1]. The idea is that messages are sent in a predictably lossy way and that further non-predicted losses correspond to the messages being observed (by the environment or by physics).

In particular messages (bits) are sent as photons with certain polarisations. The space of possible polarisations is roughly rays through the origin in the plane (ignoring circular polarisation). The only way to observe polarisation is to take two possible polarisations and ask which one the photon is. The answer depends probabilistically on the photon’s state and the polarisations chosen. For example a +45° polarisation when observed in the basis of {0°, 90°} corresponds to 50% chance of 0° and 50% chance of 90°. If a certain polarisation p is sent and then one observes with a basis of p or q, there is a 100% chance of observing state p. When a photon is observed it’s polarisation becomes whatever polarisation was observed (this it can’t be measured twice)

The algorithm used works roughly as:

0. Four polarisations are known in advance, made of two orthogonal bases, (but the four states are together orthogonal or linearly independent) and parties can send any polarisation down some channel[2], and observe any photon they receive with one of the bases, chosen before the photon arrives. A 0-state and 1-state is decided for each basis.

1. Alice produces some random data to send to Bob

2. For each bit she wishes to send, she chooses a basis at random and sends the corresponding 0-state or 1-state

3. For each photon he receives, bob chooses a basis at random and observes the photon, recording his basis choice and whether he got the 0-state or the 1-state.

4. Alice and bob compare notes on the bases they chose over a classical insecure channel. They should have picked the same basis 50% of the time.

5. Bob and Alice keep the bits where the basis matched. In these cases, bob should have perfectly received the data.

6. Some [random I think] subset is compared over the classical channel. Where these don’t match up, the photons must have been observed (potentially eavesdropped). An eavesdropper can get a 75% probability [I think] that they were eavesdropped but not noticed by Bob/Alice as an eavesdropper would have had to pick a basis and could have either got it right and sent on an equivalent photon or got it wrong and had Bob probabilistically get the right bit out.

7. If the error rate is suitably low then Alice and bob assume their data was safely transmitted and the rest of it can be used to make a random key.

Please correct me if I’m wrong on this as I’m not an expert and I’m not sure I’ve understood it correctly.

[1] https://en.m.wikipedia.org/wiki/Quantum_key_distribution

[2] optical fibre is this channel. I don’t really understand the physics of it but I thought reflection (inside the fibre) could cause polarisation to change or just loss of photon. I don’t know this is dealt with but I’d love to find out.

quantum computers arent real though are they

The amount of quantum technology needed for this protocol is much less than a full quantum computer. In fact all you need is fibre optic cable and polarising filters, both of which already exist.

One of the hard things about dealing with this, capacity wise in telecom, is that nothing single photon based works with known forms of cwdm or dwdm. It's not feasible to dedicate a dark fiber pair to every possible inter-site communication. For very important stuff that can pay for it, sure, but go price an inter city dark fiber IRU vs an inter city 100GbE...

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact