IETF 116 has just finished in Yokohama. A notable inclusion in this meeting, forming part of more than one Working Group and a keynote at Plenary, was the recurrent question of quantum networks — are they becoming real, are they coming, and are they coming soon? Well, depending on your perspective, there’s both good and bad news here.
What’s quantum all about then?
A quantum is a discrete amount of something. The Latin term is used to denote things in the field of science that do not come in arbitrary amounts but exist as defined amounts in a given context. Quantum physics is about the instances of these discrete amounts in sub-atomic physics. In the realm of physics, where quantum effects apply at atomic and sub-atomic levels, interactions between sub-atomic particles (which includes photons) are described by properties that are sometimes unlike those of the material world, composed of atoms and molecules with occasional interactions with sub-atomic particles (like light).
Some of the properties are very strange. The ones that matter for quantum networks and quantum computing are called ‘entanglement’ and ‘superposition’ — the apparent interaction of subatomic particles with each other, at a distance, into a shared state, and the apparent condition of being in ‘all the possible states’ at once.
Quantum computing leverages the ‘superposition’ property. The quantum system in a quantum computer, made up of so-called qubits (which are quantum analogues of binary bits, but really very different) is in an amalgam of all states expressing a problem at the same time and settling into a form designed to be the optimal state.
I like to think of it as being equivalent to how crystals freeze out of solution in aesthetically pleasing shapes — the shape tends to be the one that best fits the geometry that initially emerges, combined with the crystal lattice constraints of the chemical solution. For salt, it tends to be cubic. For other substances, they might be rod-shaped, star-shaped, or more complex forms.
In a quantum computer, the qubits are defined to represent a state, like the desired public-private key relationship for an RSA keypair. The public key and a body of encrypted text are examined, and the system settles into a statistically probable arrangement which is the best way for the private key to generate that state. Voila! The private key can now be found. Is it magic? No, it’s just the best ‘fit’ in all the possible combinations of values for the keypair, which works for the information provided.
If this system can be made to work, it will fundamentally destroy public-private cryptography as we know it. Because they are all amenable to Shor’s algorithm, almost all Internet private communications using RSA, ECC, and ECDSA keys in TLS, HTTPS, QUIC and related protocols will become insecure.
However, there is currently no functional, real-world scale, quantum computer implementing the mechanism defined in Shor’s algorithm to break real-world keys. For now, quantum computing is lab-bound, or applying highly specific optimizations to normal computing unrelated to the problems we’re discussing here.
I attended the Quantum Internet Research Group (QIRG) meeting at IETF 116. It had around 100 participants with five speakers presenting.
Jesse Robbers from the Netherlands presented QDNL, a testbed being operated by Delfte and Twente Universities in a collaboration between universities and industry. This group first demonstrated quantum links in 2015, and seek a position as a world leader in technology and policy. They are interested in securing networks for mobile use (protecting smart and self-driving car telemetry) as well as quantum key distribution (QKD).
Joaquin Chung from NWU Illinois presented their design and implementation for the Illinois Express Quantum Metropolitan Area Network. This is a system designed to test metro-scale Quantum networks over typical metro fibre between Fermilab, Argonne, Caltech and NWU in a collaboration between laboratories and industry. They particularly want to explore ‘repeaterless’ networks, using existing technology and have been looking at practical aspects of time management that are critical to quantum networking.
Shota Nagayama presented on the Japanese Quantum Internet Testbed, a consortium led by Keio University. Aware of the long-range aspect of emerging quantum networks, this group are focused on younger early career-stage researchers with an advisory board that includes Jun Murai. Their ‘moonshot’ goal is a fault-tolerant universal quantum computer framework encompassing data centre, networks to 200m, and inter-city communications.
This talk was also presented as a cross-IETF lunchtime series, with Rodney Van Meter who is co-chair of the QIRG working group and a professor at Keio University.
Practical deployment considerations were briefly discussed in a presentation by Melchior Aelmans, on quantum Internet use cases. The focus here was on cryptography and secure key sharing but extended into quantum computing state distribution and applications in sensing. The draft is at version 15 and heading to publication — a formalism called Working Group Last Call (WGLC) in IETF jargon.
Finally, Carlo Delle Donne presented an experimental demonstration of entanglement delivery using a quantum network stack. This leverages existing designs and uses what they call a ‘midpoint heralding station’ to flag if entanglement worked or not. Substantial compromise of practicality is made to implement a tractable configuration which is then hand mediated if needed, to schedule things in milliseconds, which really must happen in nanoseconds (quantum entanglement).
Their lab-built testbed nodes are using a real-time operating system (RTOS) and using some small devices, they have shown entanglement in the lab between two nodes with a measure of ‘fidelity of entanglement’ which suggest a speed/quality trade-off.
This group has used a Python3 development Software Development Kit (SDK) called NetQASM to convert a control language to machine instructions for the RTOS system. Their fidelity measurements show a massive increase in latency to get fidelity above 80%, exponentially increasing costs. Some of this may relate to the timeslot mechanisms.
View the session slides and recording online now.
Are quantum networks real?
Unlike quantum computing, quantum networks are ‘real’ because they have been demonstrated in the laboratory (as shown above) to show two disparate points can understand the state of a quantum system of photons and which specific sub-state it is ‘in’, as well as understanding if something else has interfered with the system. So, information can flow from one to the other, and whether it’s been intercepted. This is possible because, at the quantum scale, the effect of ‘observing’ something changes its state.
But the keywords here are ‘in the labs’. This behaviour has been demonstrated in laboratory-controlled conditions, and only now is beginning to emerge into packaged states where systems are available to perform the sending, receiving and validating processes on the optical signal, and at truly terrible levels of reliability. To increase the accuracy of the system, significantly more energy and information must be fed into it, which also requires more time. The design of these building block systems, how to program them, and how they fit into the TCP/IP model and the Internet architecture form the basis of most of the presentations at this last IETF meeting.
Because quantum communications are inherently time-based, they require highly synchronized clocks between the sender and receiver to specify the windows of time to ‘see’ quantum-defined events — they are not capable of sending high bitrate information. Therefore, their intended purpose is secure key exchange — sending a defined value in a way that can be verified as private or having been interfered with. It’s a ‘bootstrap’ mechanism for key sharing.
Even where these quantum communications have been demonstrated down fibre optic systems, they are mainly lab-bound systems or free-air lasers in constrained contexts. There are reports of quantum communications mechanisms being demonstrated ground-to-satellite, or in real deployed metro fibre, but they are at this point mostly un-validated, and remain lab bound at scale; nobody is selling systems that can do this.
Are they coming?
Based on the presentations at IETF 116, yes. These networks are going to emerge into worldwide deployment. There are a couple of reasons for this. Firstly, secure key distribution is a real problem, and having a mechanism that infers key leakage would enhance security over existing mechanisms that are prone to ‘passive tapping’ the signal without any external knowledge.
Secondly, quantum networks seem imminent due to the stage of development — the teams are publicly discussing Field Programmable Gate Arrays (FPGAs) and ASIC chipsets required to process quantum signals, and discussing the time/speed/distance/energy/reliability of their tests to date against real-world expectations. The basic physics and quantum effects of photons in free air, the vacuum of space, and inside a fibre optical system are now well understood. Connections across cities, economies, intercontinental, ground-to-satellite (and ultimately satellite-to-satellite) is a target the community clearly believes is achievable.
Are they coming soon?
In a word, no. Not soon. There is no evidence of a platform from any vendor being offered in the short to medium term. This remains a field of research moving from the lab to the production line slowly. A realistic target at this point is 2030, so they’re still in the seven- to ten-year window.
What’s the catch?
The good news is that there’s a very high desire for secure key distribution in an increasingly hostile worldwide network, so there is motivation. But, as quantum computing emerges from the lab into deployment at scale, work will need to refocus ‘post-quantum cryptography’ to counter quantum computing’s suitability to key findings. Post-quantum cryptography typically uses several cryptographic methods simultaneously, so this will mean more algorithms and more frequent key changes.
The bad news is that while quantum entanglement can detect interference, what it cannot do yet (if ever) is prevent that interference. In discussions with people in the field at IETF 116, observing a key exchange was said to be trivially easy in almost all expected approaches (fibre, air, and space).
This situation creates a low barrier to Denial-of-Service attack, where adversaries can prevent a key exchange from happening entirely, making secure communications impossible at the precise time they’re needed the most — when under attack.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.