idnits 2.17.00 (12 Aug 2021)
/tmp/idnits36469/draft-irtf-qirg-quantum-internet-use-cases-11.txt:
Checking boilerplate required by RFC 5378 and the IETF Trust (see
https://trustee.ietf.org/license-info):
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/checklist :
----------------------------------------------------------------------------
No issues found here.
Miscellaneous warnings:
----------------------------------------------------------------------------
-- The document date (18 April 2022) is 26 days in the past. Is this
intentional?
Checking references for intended status: Informational
----------------------------------------------------------------------------
== Unused Reference: 'Hill' is defined on line 1220, but no explicit
reference was found in the text
== Unused Reference: 'I-D.dahlberg-ll-quantum' is defined on line 1229, but
no explicit reference was found in the text
== Unused Reference: 'RFC2119' is defined on line 1326, but no explicit
reference was found in the text
== Unused Reference: 'Wang' is defined on line 1363, but no explicit
reference was found in the text
Summary: 0 errors (**), 0 flaws (~~), 4 warnings (==), 1 comment (--).
Run idnits with the --verbose option for more detailed information about
the items above.
--------------------------------------------------------------------------------
2 QIRG C. Wang
3 Internet-Draft A. Rahman
4 Intended status: Informational InterDigital Communications, LLC
5 Expires: 20 October 2022 R. Li
6 Kanazawa University
7 M. Aelmans
8 Juniper Networks
9 K. Chakraborty
10 The University of Edinburgh
11 18 April 2022
13 Application Scenarios for the Quantum Internet
14 draft-irtf-qirg-quantum-internet-use-cases-11
16 Abstract
18 The Quantum Internet has the potential to improve application
19 functionality by incorporating quantum information technology into
20 the infrastructure of the overall Internet. This document provides
21 an overview of some applications expected to be used on the Quantum
22 Internet and categorizes them. Some general requirements for the
23 Quantum Internet are also discussed. The intent of this document is
24 to describe a framework for applications, and describe a few selected
25 application scenarios for the Quantum Internet. This document is a
26 product of the Quantum Internet Research Group (QIRG).
28 Status of This Memo
30 This Internet-Draft is submitted in full conformance with the
31 provisions of BCP 78 and BCP 79.
33 Internet-Drafts are working documents of the Internet Engineering
34 Task Force (IETF). Note that other groups may also distribute
35 working documents as Internet-Drafts. The list of current Internet-
36 Drafts is at https://datatracker.ietf.org/drafts/current/.
38 Internet-Drafts are draft documents valid for a maximum of six months
39 and may be updated, replaced, or obsoleted by other documents at any
40 time. It is inappropriate to use Internet-Drafts as reference
41 material or to cite them other than as "work in progress."
43 This Internet-Draft will expire on 20 October 2022.
45 Copyright Notice
47 Copyright (c) 2022 IETF Trust and the persons identified as the
48 document authors. All rights reserved.
50 This document is subject to BCP 78 and the IETF Trust's Legal
51 Provisions Relating to IETF Documents (https://trustee.ietf.org/
52 license-info) in effect on the date of publication of this document.
53 Please review these documents carefully, as they describe your rights
54 and restrictions with respect to this document. Code Components
55 extracted from this document must include Revised BSD License text as
56 described in Section 4.e of the Trust Legal Provisions and are
57 provided without warranty as described in the Revised BSD License.
59 Table of Contents
61 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
62 2. Terms and Acronyms List . . . . . . . . . . . . . . . . . . . 3
63 3. Quantum Internet Applications . . . . . . . . . . . . . . . . 6
64 3.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 6
65 3.2. Classification by Application Usage . . . . . . . . . . . 6
66 3.2.1. Quantum Cryptography Applications . . . . . . . . . . 7
67 3.2.2. Quantum Sensing/Metrology Applications . . . . . . . 7
68 3.2.3. Quantum Computing Applications . . . . . . . . . . . 8
69 4. Selected Quantum Internet Application Scenarios . . . . . . . 9
70 4.1. Secure Communication Setup . . . . . . . . . . . . . . . 9
71 4.2. Secure Quantum Computing with Privacy Preservation . . . 13
72 4.3. Distributed Quantum Computing . . . . . . . . . . . . . . 16
73 5. General Requirements . . . . . . . . . . . . . . . . . . . . 19
74 5.1. Background . . . . . . . . . . . . . . . . . . . . . . . 19
75 5.2. Requirements . . . . . . . . . . . . . . . . . . . . . . 21
76 6. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . 22
77 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 22
78 8. Security Considerations . . . . . . . . . . . . . . . . . . . 23
79 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 25
80 10. Informative References . . . . . . . . . . . . . . . . . . . 25
81 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 32
83 1. Introduction
85 The Classical Internet has been constantly growing since it first
86 became commercially popular in the early 1990's. It essentially
87 consists of a large number of end-nodes (e.g., laptops, smart phones,
88 network servers) connected by routers and clustered in Autonomous
89 Systems. The end-nodes may run applications that provide service for
90 the end-users such as processing and transmission of voice, video or
91 data. The connections between the various nodes in the Internet
92 include backbone links (e.g., fiber optics) and access links (e.g.,
93 WiFi, cellular wireless, Digital Subscriber Lines (DSLs)). Bits are
94 transmitted across the Classical Internet in packets.
96 Research and experiments have picked up over the last few years for
97 developing the Quantum Internet [Wehner]. End-nodes will also be
98 part of the Quantum Internet, in that case called quantum end-nodes
99 that may be connected by quantum repeaters/routers. These quantum
100 end-nodes will also run value-added applications which will be
101 discussed later.
103 The physical layer quantum channels between the various nodes in the
104 Quantum Internet can be either waveguides such as optical fibers or
105 free space. Photonic channels are particularly useful because light
106 (photons) is very suitable for physically realizing qubits. Qubits
107 are expected to be transferred across the Quantum Internet. The
108 Quantum Internet will operate according to quantum physical
109 principles such as quantum superposition and entanglement
110 [I-D.irtf-qirg-principles].
112 The Quantum Internet is not anticipated to replace, but rather to
113 enhance the Classical Internet and/or provide breakthrough
114 applications. For instance, quantum key distribution can improve the
115 security of the Classical Internet; the powerful computation
116 capability of quantum computing can expedite and optimize
117 computation-intensive tasks (e.g., routing modelling) in the
118 Classical Internet. The Quantum Internet will run in conjunction
119 with the Classical Internet. The process of integrating the Quantum
120 Internet with the Classical Internet is similar to, but with more
121 profound implications, as the process of introducing any new
122 communication and networking paradigm into the existing Internet.
123 The intent of this document is to provide a common understanding and
124 framework of applications and application scenarios for the Quantum
125 Internet.
127 This document represents the consensus of the Quantum Internet
128 Research Group (QIRG). It has been reviewed extensively by Research
129 Group (RG) members with expertise in both quantum physics and
130 Classical Internet operation.
132 2. Terms and Acronyms List
134 This document assumes that the reader is familiar with the quantum
135 information technology related terms and concepts that are described
136 in [I-D.irtf-qirg-principles]. In addition, the following terms and
137 acronyms are defined herein for clarity:
139 * Bell Pairs - A special type of two-qubits quantum states. The two
140 qubits show a correlation that cannot be observed in classical
141 information theory. We refer to such correlation as quantum
142 entanglement. Bell pairs exhibit the maximal quantum
143 entanglement. One example of a Bell pair is
144 (|00>+|11>)/(Sqrt(2)). The Bell pairs are a fundamental resource
145 for quantum communication.
147 * Bit - Binary Digit (i.e., fundamental unit of information in
148 classical communications and classical computing).
150 * Classical Internet - The existing, deployed Internet (circa 2020)
151 where bits are transmitted in packets between nodes to convey
152 information. The Classical Internet supports applications which
153 may be enhanced by the Quantum Internet. For example, the end-to-
154 end security of a Classical Internet application may be improved
155 by secure communication setup using a quantum application.
157 * Entanglement Swapping: It is a process of sharing an entanglement
158 between two distant parties via some intermediate nodes. For
159 example, suppose there are three parties A, B, C, and each of the
160 parties (A, B) and (B, C) share Bell pairs. B can use the qubits
161 it shares with A and C to perform entanglement swapping
162 operations, and as a result, A and C share Bell pairs.
164 * Fast Byzantine Negotiation - A Quantum-based method for fast
165 agreement in Byzantine negotiations [Ben-Or] [Taherkhani].
167 * Local Operations and Classical Communication (LOCC) - A method
168 where nodes communicate in rounds, in which (1) they can send any
169 classical information to each other; (2) they can perform local
170 quantum operations individually; and (3) the actions performed in
171 each round can depend on the results from previous rounds.
173 * Noisy Intermediate-Scale Quantum (NISQ) - NISQ was defined in
174 [Preskill] to represent a near-term era in quantum technology.
175 According to this definition, NISQ computers have two salient
176 features: (1) The size of NISQ computers range from 50 to a few
177 hundred physical qubits (i.e., intermediate-scale); and (2) Qubits
178 in NISQ computers have inherent errors and the control over them
179 is imperfect (i.e., noisy).
181 * Packet - A self-identified message with in-band addresses or other
182 information that can be used for forwarding the message. The
183 message contains an ordered set of bits of determinate number.
184 The bits contained in a packet are classical bits.
186 * Prepare-and-Measure - A set of Quantum Internet scenarios where
187 quantum nodes only support simple quantum functionalities (i.e.,
188 prepare qubits and measure qubits). For example, BB84 [BB84] is a
189 prepare-and-measure quantum key distribution protocol.
191 * Quantum Computer (QC) - A quantum end-node that also has quantum
192 memory and quantum computing capabilities is regarded as a full-
193 fledged quantum computer.
195 * Quantum End-node - An end-node hosts user applications and
196 interfaces with the rest of the Internet. Typically, an end-node
197 may serve in a client, server, or peer-to-peer role as part of the
198 application. If the end-node is part of a Quantum Network (i.e,
199 is a quantum end-node), it must be able to generate/transfer and
200 receive/process qubits. A quantum end-node must also be able to
201 interface to the Classical Internet for control purposes and thus
202 also be able to receive, process, and transmit classical bits/
203 packets.
205 * Quantum Internet - A network of Quantum Networks. The Quantum
206 Internet is expected to be merged into the Classical Internet.
207 The Quantum Internet may either improve classical applications or
208 may enable new quantum applications.
210 * Quantum Key Distribution (QKD) - A method that leverages quantum
211 mechanics such as no-cloning theorem to let two parties create the
212 same arbitrary classical key.
214 * Quantum Network - A new type of network enabled by quantum
215 information technology where quantum resources such as qubits and
216 entanglement are transferred and utilized between quantum nodes.
217 The Quantum Network will use both quantum channels, and classical
218 channels provided by the Classical Internet, referred to as a
219 hybrid implementation.
221 * Quantum Teleportation - A technique for transferring quantum
222 information via local operations and classical communication
223 (LOCC). If two parties share a Bell pair, then using quantum
224 teleportation a sender can transfer a quantum data bit to a
225 receiver without sending it physically via a quantum channel.
227 * Qubit - Quantum Bit (i.e., fundamental unit of information in
228 quantum communication and quantum computing). It is similar to a
229 classic bit in that the state of a qubit is either "0" or "1"
230 after it is measured, and is denoted as its basis state vector |0>
231 or |1>. However, the qubit is different than a classic bit in
232 that the qubit can be in a linear combination of both states
233 before it is measured and termed to be in superposition. Any of
234 several Degrees of Freedom (DOF) of a photon (e.g., polarization,
235 time bib, and/or frequency) or an electron (e.g., spin) can be
236 used to encode a qubit.
238 * Transmit a Qubit - An operation of encoding a qubit into a mobile
239 carrier (i.e., typically photon) and passing it through a quantum
240 channel from a sender (a transmitter) to a receiver.
242 * Teleport a Qubit - An operation on two or more carriers in
243 succession to move a qubit from a sender to a receiver using
244 quantum teleportation.
246 * Transfer a Qubit - An operation to move a qubit from a sender to a
247 receiver without specifying the means of moving the qubit, which
248 could be "transmit" or "teleport".
250 3. Quantum Internet Applications
252 3.1. Overview
254 The Quantum Internet is expected to be beneficial for a subset of
255 existing and new applications. The expected applications for the
256 Quantum Internet are still being developed as we are in the formative
257 stages of the Quantum Internet [Castelvecchi] [Wehner]. However, an
258 initial (and non-exhaustive) list of the applications to be supported
259 on the Quantum Internet can be identified and classified using two
260 different schemes. Note, this document does not include quantum
261 computing applications that are purely local to a given node (e.g.,
262 quantum random number generator).
264 3.2. Classification by Application Usage
266 Applications may be grouped by the usage that they serve.
267 Specifically, applications may be grouped according to the following
268 categories:
270 * Quantum cryptography applications - Refer to the use of quantum
271 information technology for cryptographic tasks such as quantum key
272 distribution and quantum commitment.
274 * Quantum sensors applications - Refer to the use of quantum
275 information technology for supporting distributed sensors (e.g.,
276 clock synchronization [Jozsa2000] [Komar] [Guo] ).
278 * Quantum computing applications - Refer to the use of quantum
279 information technology for supporting remote quantum computing
280 facilities (e.g., distributed quantum computing).
282 This scheme can be easily understood by both a technical and non-
283 technical audience. The next sections describe the scheme in more
284 detail.
286 3.2.1. Quantum Cryptography Applications
288 Examples of quantum cryptography applications include quantum-based
289 secure communication setup and fast Byzantine negotiation.
291 1. Secure communication setup - Refers to secure cryptographic key
292 distribution between two or more end-nodes. The most well-known
293 method is referred to as Quantum Key Distribution (QKD) [Renner],
294 which has been mathematically proven to be unbreakable.
296 2. Fast Byzantine negotiation - Refers to a Quantum-based method for
297 fast agreement in Byzantine negotiations [Ben-Or], for example,
298 to reduce the number of expected communication rounds and in turn
299 achieve faster agreement, in contrast to classical Byzantine
300 negotiations. A quantum aided Byzantine agreement on quantum
301 repeater networks as proposed in [Taherkhani] includes
302 optimization techniques to greatly reduce the quantum circuit
303 depth and the number of qubits in each node. Quantum-based
304 methods for fast agreement in Byzantine negotiations can be used
305 for improving consensus protocols such as practical Byzantine
306 Fault Tolerance(pBFT), as well as other distributed computing
307 features which use Byzantine negotiations.
309 3. Quantum money - The main security requirement of money is
310 unforgeability. A quantum money scheme aims to fulfill by
311 exploiting the no-cloning property of the unknown quantum states.
312 Though the original idea of quantum money dates back to 1970,
313 these early protocols allow only the issuing bank to verify a
314 quantum banknote. However, the recent protocols such as public-
315 key quantum money [Zhandry] allow anyone to verify the banknotes
316 locally.
318 3.2.2. Quantum Sensing/Metrology Applications
320 The entanglement, superposition, interference, squeezing properties
321 can enhance the sensitivity of the quantum sensors and eventually can
322 outperform the classical strategies. Examples of quantum sensor
323 applications include network clock synchronization, high sensitivity
324 sensing, etc. These applications mainly leverage a network of
325 entangled quantum sensors (i.e. quantum sensor networks) for high-
326 precision multi-parameter estimation [Proctor].
328 1. Network clock synchronization - Refers to a world wide set of
329 atomic clocks connected by the Quantum Internet to achieve an
330 ultra precise clock signal [Komar] with fundamental precision
331 limits set by quantum theory.
333 2. High sensitivity sensing - Refers to applications that leverage
334 quantum phenomena to achieve reliable nanoscale sensing of
335 physical magnitudes. For example, [Guo] uses an entangled
336 quantum network for measuring the average phase shift among
337 multiple distributed nodes.
339 3. Interferometric Telescopes using Quantum Information -
340 Interferometric techniques are used to combine signals from two
341 or more telescopes to obtain measurements with higher resolution
342 than what could be obtained with either telescope individually.
343 It can make measurements of very small astronomical objects if
344 the telescopes are spread out over a wide area. However, the
345 phase fluctuations and photon loss introduced by the
346 communication channel between the telescopes put a limitation on
347 the baseline lengths of the optical interferometers. This
348 limitation can be potentially avoided using quantum
349 teleportation. In general, by sharing EPR-pairs using quantum
350 repeaters, the optical interferometers can communicate photons
351 over long distances, providing arbitrarily long baselines
352 [Gottesman2012].
354 3.2.3. Quantum Computing Applications
356 In this section, we include the applications for the quantum
357 computing. Note that, for the next couple of years we will have
358 quantum computers as a cloud service. Sometimes, to run such
359 applications in the cloud while preserving the privacy, a client and
360 a server need to exchange qubits. Therefore, such privacy preserving
361 quantum computing applications require a Quantum Internet to execute.
363 Examples of quantum computing include distributed quantum computing
364 and secure quantum computing with privacy preservation, which can
365 enable new types of cloud computing.
367 1. Distributed quantum computing - Refers to a collection of remote
368 small-capacity quantum computers (i.e., each supporting a
369 relatively small number of qubits) that are connected and work
370 together in a coordinated fashion so as to simulate a virtual
371 large capacity quantum computer [Wehner].
373 2. Secure quantum computing with privacy preservation - Refers to
374 private, or blind, quantum computation, which provides a way for
375 a client to delegate a computation task to one or more remote
376 quantum computers without disclosing the source data to be
377 computed over [Fitzsimons].
379 4. Selected Quantum Internet Application Scenarios
381 The Quantum Internet will support a variety of applications and
382 deployment configurations. This section details a few key
383 application scenarios which illustrates the benefits of the Quantum
384 Internet. In system engineering, an application scenario is
385 typically made up of a set of possible sequences of interactions
386 between nodes and users in a particular environment and related to a
387 particular goal. This will be the definition that we use in this
388 section.
390 4.1. Secure Communication Setup
392 In this scenario, two banks (i.e., Bank #1 and Bank #2) need to have
393 secure communications for transmitting important financial
394 transaction records (see Figure 1). For this purpose, they first
395 need to securely share a classic secret cryptographic key (i.e., a
396 sequence of classical bits), which is triggered by an end-user banker
397 at Bank #1. This results in a source quantum node A at Bank #1 to
398 securely establish a classical secret key with a destination quantum
399 node B at Bank #2. This is referred to as a secure communication
400 setup. Note that the quantum node A and B may be either a bare-bone
401 quantum end-node or a full-fledged quantum computer. This
402 application scenario shows that the Quantum Internet can be leveraged
403 to improve the security of Classical Internet applications of which
404 the financial application shown in Figure 1 is an example.
406 One requirement for this secure communication setup process is that
407 it should not be vulnerable to any classical or quantum computing
408 attack. This can be realized using QKD which is unbreakable in
409 principle. QKD can securely establish a secret key between two
410 quantum nodes, using a classical authentication channel and insecure
411 quantum channel without physically transmitting the key through the
412 network and thus achieving the required security. However, care must
413 be taken to ensure that the QKD system is safe against physical side
414 channel attacks which can compromise the system. An example of a
415 physical side channel attack is to surreptitiously inject additional
416 light into the optical devices used in QKD to learn side information
417 about the system such as the polarization. Other specialized
418 physical attacks against QKD also use a classical authentication
419 channel and insecure quantum channel such as the phase-remapping
420 attack, photon number splitting attack, and decoy state attack
422 [Zhao2018]. QKD can be used for many other cryptographic
423 communications, such as IPSec and Transport Layer Security (TLS)
424 where involved parties need to establish a shared security key,
425 although it usually introduces a high latency.
427 QKD is the most mature feature of the quantum information technology,
428 and has been commercially released in small-scale and short-distance
429 deployments. More QKD use cases are described in ETSI documents
430 [ETSI-QKD-UseCases]; in addition, the ETSI document
431 [ETSI-QKD-Interfaces] specifies interfaces between QKD users and QKD
432 devices.
434 In general, the prepare and measure QKD protocols (e.g., [BB84])
435 without using entanglement work as follows:
437 1. The source quantum node A encodes classical bits to qubits.
438 Basically, the source node A generates two random classical bit
439 strings X, Y. Among them, it uses the bit string X to choose the
440 basis and uses Y to choose the state corresponding to the chosen
441 basis. For example, if X=0 then in case of BB84 protocol Alice
442 prepares the state in {|0>, |1>}-basis; otherwise she prepares
443 the state in {|+>, |->}-basis. Similarly, if Y=0 then Alice
444 prepares the qubit either |0> or |+> (depending on the value of
445 X), and if Y =1, then Alice prepares the qubit either |1> or |->.
447 2. The source quantum node A sends qubits to the destination quantum
448 node B via quantum channel.
450 3. The destination quantum node receives qubits and measures each of
451 them in one of the two basis at random.
453 4. The destination quantum node informs the source node of its
454 choice of basis for each qubit.
456 5. The source quantum node informs the destination node which random
457 quantum basis is correct.
459 6. Both nodes discard any measurement bit under different quantum
460 basis and remaining bits could be used as the secret key. Before
461 generating the final secret key, there is a post-processing
462 procedure over authenticated classical channels. The classical
463 post-processing part can be subdivided into three steps, namely
464 parameter estimation, error-correction, and privacy
465 amplification. In the parameter estimation phase, both Alice and
466 Bob use some of the bits to estimate the channel error. If it is
467 larger than some threshold value, they abort the protocol
468 otherwise move to the error-correction phase. Basically, if an
469 eavesdropper tries to intercept and read qubits sent from node A
470 to node B, the eavesdropper will be detected due to the entropic
471 uncertainty relation property theorem of quantum mechanics. As a
472 part of the post-processing procedure, both nodes usually also
473 perform information reconciliation [Elkouss] for efficient error
474 correction and/or conduct privacy amplification [Tang] for
475 generating the final information-theoretical secure keys.
477 7. The post-processing procedure needs to be performed over an
478 authenticated classical channel. In other words, the source
479 quantum node and the destination quantum node need to
480 authenticate the classical channel to make sure there is no
481 eavesdroppers or man-in-the-middle attacks, according to certain
482 authentication protocols such as [Kiktenko]. In [Kiktenko], the
483 authenticity of the classical channel is checked at the very end
484 of the post-processing procedure instead of doing it for each
485 classical message exchanged between the quantum source node and
486 the quantum destination node.
488 It is worth noting that:
490 1. There are some entanglement-based QKD protocols, such as
491 [Treiber][E91][BBM92], which work differently than the above
492 steps. The entanglement-based schemes, where entangled states
493 are prepared externally to the source quantum node and the
494 destination quantum node, are not normally considered "prepare-
495 and-measure" as defined in [Wehner]; other entanglement-based
496 schemes, where entanglement is generated within the source
497 quantum node can still be considered "prepare-and-measure"; send-
498 and-return schemes can still be "prepare-and-measure", if the
499 information content, from which keys will be derived, is prepared
500 within the source quantum node before being sent to the
501 destination quantum node for measurement.
503 2. There are many enhanced QKD protocols based on [BB84]. For
504 example, a series of loopholes have been identified due to the
505 imperfections of measurement devices; there are several solutions
506 to take into account these attacks such as measurement-device-
507 independent QKD [Zhang2019]. These enhanced QKD protocols can
508 work differently than the steps of BB84 protocol [BB84].
510 3. For large-scale QKD, QKD Networks (QKDN) are required, which can
511 be regarded as a subset of a Quantum Internet. A QKDN may
512 consist of a QKD application layer, a QKD network layer, and a
513 QKD link layer [Qin]. One or multiple trusted QKD relays
514 [Zhang2018] may exist between the source quantum node A and the
515 destination quantum node B, which are connected by a QKDN.
516 Alternatively, a QKDN may rely on entanglement distribution and
517 entanglement-based QKD protocols; as a result, quantum-repeaters/
518 routers instead of trusted QKD relays are needed for large-scale
519 QKD.
521 4. QKD provides an information-theoretical way to share secret keys
522 between two parties in the presence of Eve. However, this is true
523 in theory, and there is a significant gap between theory and
524 practice. By exploiting the imperfection of the detectors Eve
525 can gain information about the shared key [Xu]. To avoid such
526 side-channel attacks in [Lo], the researchers provide a QKD
527 protocol called Measurement Device-Independent (MDI) QKD that
528 allows two users (a transmitter "Alice" and a receiver "Bob") to
529 communicate with perfect security, even if the (measurement)
530 hardware they are using has been tampered with (e.g., by an
531 eavesdropper) and thus is not trusted. It is achieved by
532 measuring correlations between signals from Alice and Bob rather
533 than the actual signals themselves.
535 5. QKD protocols based on Continuous Variable (CV-QKD) have recently
536 seen plenty of interest as they only require telecommunications
537 equipment that is readily available and is also in common use
538 industry-wide. This kind of technology is a potentially high-
539 performance technique for secure key distribution over limited
540 distances. The recent demonstration of CV-QKD shows
541 compatibility with classical coherent detection schemes that are
542 widely used for high bandwidth classical communication systems
543 [Grosshans]. Note that we still do not have a quantum repeater
544 for the continuous variable systems; hence, this kind of QKD
545 technologies can be used for the short distance communications or
546 trusted relay-based QKD networks.
548 6. Secret sharing can be used to distribute a secret key among
549 multiple nodes by letting each node know a share or a part of the
550 secret key, while no single node can know the entire secret key.
551 The secret key can only be re-constructed via collaboration from
552 a sufficient number of nodes. Quantum Secret Sharing (QSS)
553 typically refers to the scenario: The secret key to be shared is
554 based on quantum states instead of classical bits. QSS enables
555 to split and share such quantum states among multiple nodes.
557 As a result, the Quantum Internet in Figure 1 contains quantum
558 channels. And in order to support secure communication setup
559 especially in large-scale deployment, it also requires entanglement
560 generation and entanglement distribution
561 [I-D.van-meter-qirg-quantum-connection-setup], quantum repeaters/
562 routers, and/or trusted QKD relays.
564 +---------------+
565 | End User |
566 |(e.g., Banker) |
567 +---------------+
568 ^
569 | User Interface
570 | (e.g., GUI)
571 V
572 +-----------------+ /--------\ +-----------------+
573 | |--->( Quantum )--->| |
574 | Source | ( Internet ) | Destination |
575 | Quantum | \--------/ | Quantum |
576 | Node A | | Node B |
577 | (e.g., Bank #1) | /--------\ | (e.g., Bank #2) |
578 | | ( Classical) | |
579 | |<-->( Internet )<-->| |
580 +-----------------+ \--------/ +-----------------+
582 Figure 1: Secure Communication Setup
584 4.2. Secure Quantum Computing with Privacy Preservation
586 Secure computation with privacy preservation refers to the following
587 scenario:
589 1. A client node with source data delegates the computation of the
590 source data to a remote computation node (i.e. a server).
592 2. Furthermore, the client node does not want to disclose any source
593 data to the remote computation node, which preserves the source
594 data privacy.
596 3. Note that there is no assumption or guarantee that the remote
597 computation node is a trusted entity from the source data privacy
598 perspective.
600 As an example illustrated in Figure 2, a terminal node can be a small
601 quantum computer with limited computation capability compared to a
602 remote quantum computation node (e.g., a remote mainframe quantum
603 computer), but the terminal node needs to run a more computation-
604 intensive task (e.g., Shor's factoring algorithm). The terminal node
605 can create individual qubits and send them to the remote quantum
606 computation node. Then, the remote quantum computation node can
607 entangle the qubits, calculate on them, measure them, generate
608 measurement results in classical bits, and return the measurement
609 results to the terminal node. It is noted that those measurement
610 results will look like purely random data to the remote quantum
611 computation node because the initial states of the qubits were chosen
612 in a cryptographically secure fashion.
614 As a new client/server computation model, BQC generally enables: 1)
615 The client delegates a computation function to the server; 2) The
616 client does not send original qubits to the server, but send
617 transformed qubits to the server; 3) The computation function is
618 performed at the server on the transformed qubits to generate
619 temporary result qubits, which could be quantum-circuit-based
620 computation or measurement-based quantum computation. The server
621 sends the temporary result qubits to the client; 4) The client
622 receives the temporary result qubits and transforms them to the final
623 result qubits. During this process, the server can not figure out
624 the original qubits from the transformed qubits. Also, it will not
625 take too much efforts on the client side to transform the original
626 qubits to the transformed qubits, or transform the temporary result
627 qubits to the final result qubits. One of the very first BQC
628 protocols such as [Childs] follows this process, although the client
629 needs some basic quantum features such as quantum memory, qubit
630 preparation and measurement, and qubit transmission. Measurement-
631 based quantum computation is out of the scope of this document and
632 more details about it can be found in [Jozsa2005].
634 It is worth noting that:
636 1. The BQC protocol in [Childs] is a circuit-based BQC model, where
637 the client only performs simple quantum circuit for qubit
638 transformation, while the server performs a sequence of quantum
639 logic gates. Qubits are transmitted back and forth between the
640 client and the server.
642 2. Universal BQC in [Broadbent] is a measurement-based BQC model,
643 which is based on measurement-based quantum computing leveraging
644 entangled states. The principle in UBQC is based on the fact the
645 quantum teleportation plus a rotated Bell measurement realizes a
646 quantum computation, which can be repeated multiple times to
647 realize a sequence of quantum computation. In this approach, the
648 client first prepares transformed qubits and sends them to the
649 server and the server needs first to prepare entangled states
650 from all received qubits. Then, multiple interaction and
651 measurement rounds happen between the client and the server. For
652 each round, the client computes and sends new measurement
653 instructions or measurement adaptations to the server; then, the
654 server performs the measurement according to the received
655 measurement instructions to generate measurement results (qubits
656 or in classic bits); the client receives the measurement results
657 and transforms them to the final results.
659 3. A hybrid universal BQC is proposed in [Zhang2009], where the
660 server performs both quantum circuits like [Childs] and quantum
661 measurements like [Broadbent] to reduce the number of required
662 entangled states in [Broadbent]. Also, the client is much
663 simpler than the client in [Childs]. This hybrid BQC is a
664 combination of circuit-based BQC model and measurement-based BQC
665 model.
667 4. It will be ideal if the client in BQC is a purely classical
668 client, which only needs to interact with the server using
669 classical channel and communications. [Huang] demonstrates such
670 an approach, where a classical client leverages two entangled
671 servers to perform BQC, with the assumption that both servers
672 cannot communicate with each other; otherwise, the blindness or
673 privacy of the client cannot be guaranteed. The scenario as
674 demonstrated in [Huang] is essentially an example of BQC with
675 multiple servers.
677 5. How to verify that the server will perform what the client
678 requests or expects is an important issue in many BQC protocols,
679 referred to as verifiable BQC. [Fitzsimons] discusses this issue
680 and compares it in various BQC protocols.
682 In Figure 2, the Quantum Internet contains quantum channels and
683 quantum repeaters/routers for long-distance qubits transmission
684 [I-D.irtf-qirg-principles].
686 +----------------+ /--------\ +-------------------+
687 | |--->( Quantum )--->| |
688 | | ( Internet ) | Remote Quantum |
689 | Terminal | \--------/ | Computation |
690 | Node | | Node |
691 | (e.g., A Small| /--------\ | (e.g., Remote |
692 | Quantum | ( Classical) | Mainframe) |
693 | Computer) |<-->( Internet )<-->| Quantum Computer)|
694 +----------------+ \--------/ +-------------------+
696 Figure 2: Secure Quantum Computing with Privacy Preservation
698 4.3. Distributed Quantum Computing
700 There can be two types of distributed quantum computing [Denchev]:
702 1. Leverage quantum mechanics to enhance classical distributed
703 computing. For example, entangled quantum states can be
704 exploited to improve leader election in classical distributed
705 computing, by simply measuring the entangled quantum states at
706 each party (e.g., a node or a device) without introducing any
707 classical communications among distributed parties [Pal].
708 Normally, pre-shared entanglement needs first be established
709 among distributed parties, followed by LOCC operations at each
710 party. And it generally does not need to transmit qubits among
711 distributed parties.
713 2. Distribute quantum computing functions to distributed quantum
714 computers. A quantum computing task or function (e.g., quantum
715 gates) is split and distributed to multiple physically separate
716 quantum computers. And it may or may not need to transmit qubits
717 (either inputs or outputs) among those distributed quantum
718 computers. Pre-shared entangled states may be needed to transmit
719 quantum states among distributed quantum computers without using
720 quantum communications, similar to quantum teleportation. For
721 example, [Gottesman1999] and [Eisert] have proved that a CNOT
722 gate can be realized jointly by and distributed to multiple
723 quantum computers. The rest of this section focuses on this type
724 of distributed quantum computing.
726 As a scenario for the second type of distributed quantum computing,
727 Noisy Intermediate-Scale Quantum (NISQ) computers distributed in
728 different locations are available for sharing. According to the
729 definition in [Preskill], a NISQ computer can only realize a small
730 number of qubits and has limited quantum error correction. In order
731 to gain higher computation power before fully-fledged quantum
732 computers become available, NISQ computers can be connected via
733 classical and quantum channels. This scenario is referred to as
734 distributed quantum computing [Caleffi] [Cacciapuoti2020]
735 [Cacciapuoti2019]. This application scenario reflects the vastly
736 increased computing power which quantum computers as a part of the
737 Quantum Internet can bring, in contrast to classical computers in the
738 Classical Internet, in the context of distributed quantum computing
739 ecosystem [Cuomo]. According to [Cuomo], quantum teleportation
740 enables a new communication paradigm, referred to as teledata
741 [VanMeter2006-01], which moves quantum states among qubits to
742 distributed quantum computers. In addition, distributed quantum
743 computation also needs the capability of remotely performing quantum
744 computation on qubits on distributed quantum computers, which can be
745 enabled by the technique called telegate [VanMeter2006-02].
747 As an example, scientists can leverage these connected NISQ computer
748 to solve highly complex scientific computation problems, such as
749 analysis of chemical interactions for medical drug development [Cao]
750 (see Figure 3). In this case, qubits will be transmitted among
751 connected quantum computers via quantum channels, while classic
752 control messages will be transmitted among them via classical
753 channels for coordination and control purpose. Another example of
754 distributed quantum computing is secure Multi-Party Quantum
755 Computation (MPQC) [Crepeau], which can be regarded as a quantum
756 version of classical secure Multi-Party Computation (MPC). In a
757 secure MPQC protocol, multiple participants jointly perform quantum
758 computation on a set of input quantum states, which are prepared and
759 provided by different participants. One of the primary aims of the
760 secure MPQC is to guarantee that each participant will not know input
761 quantum states provided by other participants. Secure MPQC relies on
762 verifiable quantum secret sharing [Lipinska].
764 For the example shown in Figure 3, qubits from one NISQ computer to
765 another NISQ computer are very sensitive and should not be lost. For
766 this purpose, quantum teleportation can be leveraged to teleport
767 sensitive data qubits from one quantum computer A to another quantum
768 computer B. Note that Figure 3 does not cover measurement-based
769 distributed quantum computing, where quantum teleportation may not be
770 required. When quantum teleportation is employed, the following
771 steps happen between A and B. In fact, LOCC [Chitambar] operations
772 are conducted at the quantum computers A and B in order to achieve
773 quantum teleportation as illustrated in Figure 3.
775 1. The quantum computer A locally generates some sensitive data
776 qubits to be teleported to the quantum computer B.
778 2. A shared entanglement is established between the quantum computer
779 A and the quantum computer B (i.e., there are two entangled
780 qubits: q1 at A and q2 at B). For example, the quantum computer
781 A can generate two entangled qubits (i.e., q1 and q2) and sends
782 q2 to the quantum computer B via quantum communications.
784 3. Then, the quantum computer A performs a Bell measurement of the
785 entangled qubit q1 and the sensitive data qubit.
787 4. The result from this Bell measurement will be encoded in two
788 classical bits, which will be physically transmitted via a
789 classical channel to the quantum computer B.
791 5. Based on the received two classical bits, the quantum computer B
792 modifies the state of the entangled qubit q2 in the way to
793 generate a new qubit identical to the sensitive data qubit at the
794 quantum computer A.
796 In Figure 3, the Quantum Internet contains quantum channels and
797 quantum repeaters/routers [I-D.irtf-qirg-principles]. This
798 application scenario needs to support entanglement generation and
799 entanglement distribution (or quantum connection) setup
800 [I-D.van-meter-qirg-quantum-connection-setup] in order to support
801 quantum teleportation.
803 +-----------------+
804 | End-User |
805 |(e.g., Scientist)|
806 +-----------------+
807 ^
808 |User Interface (e.g. GUI)
809 |
810 +------------------+-------------------+
811 | |
812 | |
813 V V
814 +----------------+ /--------\ +----------------+
815 | |--->( Quantum )--->| |
816 | | ( Internet ) | |
817 | Quantum | \--------/ | Quantum |
818 | Computer A | | Computer B |
819 | (e.g., Site #1)| /--------\ | (e.g., Site #2)|
820 | | ( Classical) | |
821 | |<-->( Internet )<-->| |
822 +----------------+ \--------/ +----------------+
823 Figure 3: Distributed Quantum Computing
825 5. General Requirements
827 5.1. Background
829 Quantum technologies are steadily evolving and improving. Therefore,
830 it is hard to predict the timeline and future milestones of quantum
831 technologies as pointed out in [Grumbling] for quantum computing.
832 Currently, a NISQ computer can achieve fifty to hundreds of qubits
833 with some given error rate. In fact, the error rates of two-qubit
834 quantum gates have decreased nearly in half every 1.5 years (for
835 trapped ion gates) to 2 years (for superconducting gates). The error
836 rate also increases as the number of qubits increases. For example,
837 a current 20-physical-qubit machine has a total error rate which is
838 close to the total error rate of a 7 year old two-qubit machine
839 [Grumbling].
841 On the network level, six stages of Quantum Internet development are
842 described in [Wehner] as follows:
844 1. Trusted repeater networks (Stage-1)
846 2. Prepare and measure networks (Stage-2)
848 3. Entanglement distribution networks (Stage-3)
850 4. Quantum memory networks (Stage-4)
852 5. Fault-tolerant few qubit networks (Stage-5)
854 6. Quantum computing networks (Stage-6)
856 The first stage is simple trusted repeater networks, while the final
857 stage is the quantum computing networks where the full-blown Quantum
858 Internet will be achieved. Each intermediate stage brings with it
859 new functionality, new applications, and new characteristics.
860 Figure 4 illustrates Quantum Internet application scenarios as
861 described in this document mapped to the Quantum Internet stages
862 described in [Wehner]. For example, secure communication setup can
863 be supported in Stage-1, Stage-2, or Stage-3, but with different QKD
864 solutions. More specifically:
866 In Stage-1, basic QKD is possible and can be leveraged to support
867 secure communication setup but trusted nodes are required to provide
868 end-to-end security. The primary requirement is the trusted nodes.
870 In Stage-2, the end users can prepare and measure the qubits. In
871 this stage, the users can verify classical passwords without
872 revealing it.
874 In Stage-3, end-to-end security can be enabled based on quantum
875 repeaters and entanglement distribution, to support the same secure
876 communication setup application. The primary requirement is
877 entanglement distribution to enable long-distance QKD.
879 In Stage-4, the quantum repeaters gain the capability of storing and
880 manipulating entangled qubits in the quantum memories. Using these
881 kind of quantum networks, one can run sophisticated applications like
882 blind quantum computing, leader election, quantum secret sharing.
884 In Stage-5, quantum repeaters can perform error correction; hence
885 they can perform fault-tolerant quantum computations on the received
886 data. With the help of these repeaters, it is possible to run
887 distributed quantum computing and quantum sensor applications over a
888 smaller number of qubits.
890 Finally, in Stage-6, distributed quantum computing relying on more
891 qubits can be supported.
893 +---------+----------------------------+------------------------+
894 | Quantum | Example Quantum | |
895 | Internet| Internet Use | Characteristic |
896 | Stage | Cases | |
897 +---------+----------------------------+------------------------+
898 | Stage-1 | Secure comm setup | Trusted nodes |
899 | | using basic QKD | |
900 |---------------------------------------------------------------|
901 | Stage-2 | Secure comm setup | Prepare-and-measure |
902 | | using the QKD with | capability |
903 | | end-to-end security | |
904 |---------------------------------------------------------------|
905 | Stage-3 | Secure comm setup | Entanglement |
906 | | using entanglement-enabled | distribution |
907 | | QKD | |
908 |---------------------------------------------------------------|
909 | Stage-4 | Secure/blind quantum | Quantum memory |
910 | | computing | |
911 |---------------------------------------------------------------|
912 | Stage-5 | Higher-Accuracy Clock | Fault tolerance |
913 | | synchronization | |
914 |---------------------------------------------------------------|
915 | Stage-6 | Distributed quantum | More qubits |
916 | | computing | |
917 +---------------------------------------------------------------+
919 Figure 4: Example Application Scenarios in Different Quantum
920 Internet Stages
922 5.2. Requirements
924 Some general and functional requirements on the Quantum Internet from
925 the networking perspective, based on the above application scenarios,
926 are identified as follows:
928 1. Methods for facilitating quantum applications to interact
929 efficiently with entangled qubits are necessary in order for them
930 to trigger distribution of designated entangled qubits to
931 potentially any other quantum node residing in the Quantum
932 Internet. To accomplish this, specific operations must be
933 performed on entangled qubits (e.g., entanglement swapping,
934 entanglement distillation). Quantum nodes may be quantum end-
935 nodes, quantum repeaters/routers, and/or quantum computers.
937 2. Quantum repeaters/routers should support robust and efficient
938 entanglement distribution in order to extend and establish high-
939 fidelity entanglement connection between two quantum nodes. For
940 achieving this, it is required to first generate an entangled
941 pair on each hop of the path between these two nodes, and then
942 perform entanglement swapping operations at each of the
943 intermediate nodes.
945 3. Quantum end-nodes must send additional information on classical
946 channels to aid in transferring qubits across quantum repeaters/
947 receivers. This is because qubits are transferred individually
948 and do not have any associated packet header which can help in
949 transferring the qubit. Any extra information to aid in routing,
950 identification, etc., of the qubit(s) must be sent via classical
951 channels.
953 4. Methods for managing and controlling the Quantum Internet
954 including quantum nodes and their quantum resources are
955 necessary. The resources of a quantum node may include quantum
956 memory, quantum channels, qubits, established quantum
957 connections, etc. Such management methods can be used to monitor
958 network status of the Quantum Internet, diagnose and identify
959 potential issues (e.g. quantum connections), and configure
960 quantum nodes with new actions and/or policies (e.g. to perform a
961 new entanglement swapping operation). New management information
962 model for the Quantum Internet may need to be developed.
964 6. Conclusion
966 This document provides an overview of some expected application
967 categories for the Quantum Internet, and then details selected
968 application scenarios. The applications are first grouped by their
969 usage which is a natural and easy to understand classification
970 scheme. This set of applications may, of course, naturally expand
971 over time as the Quantum Internet matures. Finally, some general
972 requirements for the Quantum Internet are also provided.
974 This document can also serve as an introductory text to readers
975 interested in learning about the practical uses of the Quantum
976 Internet. Finally, it is hoped that this document will help guide
977 further research and development of the Quantum Internet
978 functionality required to implement the application scenarios
979 described herein.
981 7. IANA Considerations
983 This document requests no IANA actions.
985 8. Security Considerations
987 This document does not define an architecture nor a specific protocol
988 for the Quantum Internet. It focuses instead on detailing
989 application scenarios, requirements, and describing typical Quantum
990 Internet applications. However, some salient observations can be
991 made regarding security of the Quantum Internet as follows.
993 It has been identified in [NISTIR8240] that once large-scale quantum
994 computing becomes reality that it will be able to break many of the
995 public-key (i.e., asymmetric) cryptosystems currently in use. This
996 is because of the increase in computing ability with quantum
997 computers for certain classes of problems (e.g., prime factorization,
998 optimizations). This would negatively affect many of the security
999 mechanisms currently in use on the Classical Internet which are based
1000 on public-key (Diffie-Hellman) encryption. This has given strong
1001 impetus for starting development of new cryptographic systems that
1002 are secure against quantum computing attacks [NISTIR8240].
1004 Interestingly, development of the Quantum Internet will also mitigate
1005 the threats posed by quantum computing attacks against Diffie-Hellman
1006 based public-key cryptosystems. Specifically, the secure
1007 communication setup feature of the Quantum Internet as described in
1008 Section 4.1 will be strongly resistant to both classical and quantum
1009 computing attacks against Diffie-Hellman based public-key
1010 cryptosystems.
1012 A key additional threat consideration for the Quantum Internet is
1013 pointed to by [RFC7258], which warns of the dangers of pervasive
1014 monitoring as a widespread attack on privacy. Pervasive monitoring
1015 is defined as a widespread, and usually covert, surveillance through
1016 intrusive gathering of application content or protocol metadata such
1017 as headers. This can be accomplished through active or passive
1018 wiretaps, traffic analysis, or subverting the cryptographic keys used
1019 to secure communications.
1021 The secure communication setup feature of the Quantum Internet as
1022 described in Section 4.1 will be strongly resistant to pervasive
1023 monitoring based on directly attacking (Diffie-Hellman) encryption
1024 keys. Also, Section 4.2 describes a method to perform remote quantum
1025 computing while preserving the privacy of the source data. Finally,
1026 the intrinsic property of qubits to decohere if they are observed,
1027 albeit covertly, will theoretically allow detection of unwanted
1028 monitoring in some future solutions.
1030 Modern networks are implemented with zero trust principles where
1031 classical cryptography is used for confidentiality, integrity
1032 protection, and authentication on many of the logical layers of the
1033 network stack, often all the way from device to software in the cloud
1034 [NISTSP800-207]. The cryptographic solutions in use today are based
1035 on well-understood primitives, provably secure protocols and state-
1036 of-the-art implementations that are secure against a variety of side-
1037 channel attacks.
1039 In contrast to conventional cryptography and Post-Quantum
1040 Cryptography (PQC), the security of QKD is inherently tied to the
1041 physical layer, which makes the threat surfaces of QKD and
1042 conventional cryptography quite different. QKD implementations have
1043 already been subjected to publicized attacks [Zhao2008] and the
1044 National Security Agency (NSA) notes that the risk profile of
1045 conventional cryptography is better understood [NSA]. The fact that
1046 conventional cryptography and PQC are implemented at a higher layer
1047 than the physical one means PQC can be used to securely send
1048 protected information through untrusted relays. This is in stark
1049 contrast with QKD, which relies on hop-by-hop security between
1050 intermediate trusted nodes. The PQC approach is better aligned with
1051 the modern technology environment, in which more applications are
1052 moving toward end-to-end security and zero-trust principles. It is
1053 also important to note that while PQC can be deployed as a software
1054 update, QKD requires new hardware.
1056 Regarding QKD implementation details, the NSA states that
1057 communication needs and security requirements physically conflict in
1058 QKD and that the engineering required to balance them has extremely
1059 low tolerance for error. While conventional cryptography can be
1060 implemented in hardware in some cases for performance or other
1061 reasons, QKD is inherently tied to hardware. The NSA points out that
1062 this makes QKD less flexible with regard to upgrades or security
1063 patches. As QKD is fundamentally a point-to-point protocol, the NSA
1064 also notes that QKD networks often require the use of trusted relays,
1065 which increases the security risk from insider threats.
1067 The UK's National Cyber Security Centre cautions against reliance on
1068 QKD, especially in critical national infrastructure sectors, and
1069 suggests that PQC as standardized by the NIST is a better solution
1070 [NCSC]. Meanwhile, the National Cybersecurity Agency of France has
1071 decided that QKD could be considered as a defense-in-depth measure
1072 complementing conventional cryptography, as long as the cost incurred
1073 does not adversely affect the mitigation of current threats to IT
1074 systems [ANNSI].
1076 9. Acknowledgments
1078 The authors want to thank Michele Amoretti, Mathias Van Den Bossche,
1079 Xavier de Foy, Patrick Gelard, Alvaro Gomez Inesta, Wojciech
1080 Kozlowski, John Mattsson, Rodney Van Meter, Joey Salazar, and Joseph
1081 Touch, and the rest of the QIRG community as a whole for their very
1082 useful reviews and comments to the document.
1084 10. Informative References
1086 [ANNSI] "Should Quantum Key Distribution be Used for Secure
1087 Communications?", Technical Position Paper, French
1088 National Cybersecurity Agency (ANSSI), 2020,
1089 .
1092 [BB84] Bennett, C. H. and G. Brassard, "Quantum Cryptography:
1093 Public Key Distribution and Coin Tossing", 1984,
1094 .
1097 [BBM92] Bennett, C.H., Brassard, G., and N.D. Mermin, "Quantum
1098 Cryptography without Bell's Theorem", Physical Review
1099 Letter, American Physical Society, 1992,
1100 .
1102 [Ben-Or] Ben-Or, M. and A. Hassidim, "Fast Quantum Byzantine
1103 Agreement", SOTC, ACM, 2005,
1104 .
1106 [Broadbent]
1107 Broadbent, A. and et. al., "Universal Blind Quantum
1108 Computation", 50th Annual Symposium on Foundations of
1109 Computer Science, IEEE, 2009,
1110 .
1112 [Cacciapuoti2019]
1113 Cacciapuoti, A.S. and et. al., "When Entanglement meets
1114 Classical Communications: Quantum Teleportation for the
1115 Quantum Internet", 2019,
1116 .
1118 [Cacciapuoti2020]
1119 Cacciapuoti, A.S. and et. al., "Quantum Internet:
1120 Networking Challenges in Distributed Quantum Computing",
1121 IEEE Network, January 2020, 2020,
1122 .
1124 [Caleffi] Caleffi, M. and et. al., "Quantum internet: From
1125 Communication to Distributed Computing!", NANOCOM, ACM,
1126 2018, .
1128 [Cao] Cao, Y. and et. al., "Potential of Quantum Computing for
1129 Drug Discovery", Journal of Research and Development, IBM,
1130 2018, .
1132 [Castelvecchi]
1133 Castelvecchi, D., "The Quantum Internet has arrived (and
1134 it hasn't)", Nature 554, 289-292, 2018,
1135 .
1137 [Childs] Childs, A. M., "Secure Assisted Quantum Computation",
1138 2005, .
1140 [Chitambar]
1141 Chitambar, E. and et. al., "Everything You Always Wanted
1142 to Know About LOCC (But Were Afraid to Ask)",
1143 Communications in Mathematical Physics, Springer, 2014,
1144 .
1147 [Crepeau] Crepeau, C. and et. al., "Secure Multi-party Quantum
1148 Computation", 34th Symposium on Theory of Computing
1149 (STOC), ACM, 2002,
1150 .
1152 [Cuomo] Cuomo, D. and et. al., "Towards a Distributed Quantum
1153 Computing Ecosystem", Quantum Communication, IET, 2020,
1154 .
1156 [Denchev] Denchev, V.S. and et. al., "Distributed Quantum Computing:
1157 A New Frontier in Distributed Systems or Science
1158 Fiction?", SIGACT News ACM, 2018,
1159 .
1161 [E91] Ekert, A.K., "Quantum Cryptography with Bell's Theorem",
1162 Physical Review Letter, American Physical Society, 1991,
1163 .
1165 [Eisert] Eisert, J. and et. al., "Optimal Local Implementation of
1166 Nonlocal Quantum Gates", Physical Review A, American
1167 Physical Society, 2000,
1168 .
1170 [Elkouss] Elkouss, D. and et. al., "Information Reconciliation for
1171 Quantum Key Distribution", 2011,
1172 .
1174 [ETSI-QKD-Interfaces]
1175 ETSI GR QKD 003 V2.1.1, "Quantum Key Distribution (QKD);
1176 Components and Internal Interfaces", 2018,
1177 .
1180 [ETSI-QKD-UseCases]
1181 ETSI GR QKD 002 V1.1.1, "Quantum Key Distribution (QKD);
1182 Use Cases", 2010, .
1185 [Fitzsimons]
1186 Fitzsimons, J. F., "Private Quantum Computation: An
1187 Introduction to Blind Quantum Computing and Related
1188 Protocols", 2017,
1189 .
1191 [Gottesman1999]
1192 Gottesman, D. and I. Chuang, "Demonstrating the Viability
1193 of Universal Quantum Computation using Teleportation and
1194 Single-Qubit Operations", Nature 402, 390-393, 1999,
1195 .
1197 [Gottesman2012]
1198 Gottesman, D., Jennewein, T., and S. Croke, "Longer-
1199 Baseline Telescopes Using Quantum Repeaters", Physical
1200 Review Letter, American Physical Society, 2012,
1201 .
1203 [Grosshans]
1204 Grosshans, F. and P. Grangier, "Continuous Variable
1205 Quantum Cryptography Using Coherent States", Physical
1206 Review Letters, American Physical Society, 2002,
1207 .
1209 [Grumbling]
1210 Grumbling, E. and M. Horowitz, "Quantum Computing:
1211 Progress and Prospects", National Academies of Sciences,
1212 Engineering, and Medicine, The National Academies Press,
1213 2019, .
1215 [Guo] Guo, X. and et. al., "Distributed Quantum Sensing in a
1216 Continuous-Variable Entangled Network", Nature
1217 Physics, Nature, 2020,
1218 .
1220 [Hill] Hill, R.M. and et. al., "A Tool for Functional Brain
1221 Imaging with Lifespan Compliance", Nature
1222 Communications 10, 4785(2019), 2019,
1223 .
1225 [Huang] Huang, H. and et. al., "Experimental Blind Quantum
1226 Computing for a Classical Client", 2017,
1227 .
1229 [I-D.dahlberg-ll-quantum]
1230 Dahlberg, A., Skrzypczyk, M., and S. Wehner, "The Link
1231 Layer service in a Quantum Internet", Work in Progress,
1232 Internet-Draft, draft-dahlberg-ll-quantum-03, 10 October
1233 2019, .
1236 [I-D.irtf-qirg-principles]
1237 Kozlowski, W., Wehner, S., Meter, R. V., Rijsman, B.,
1238 Cacciapuoti, A. S., Caleffi, M., and S. Nagayama,
1239 "Architectural Principles for a Quantum Internet", Work in
1240 Progress, Internet-Draft, draft-irtf-qirg-principles-10,
1241 14 February 2022, .
1244 [I-D.van-meter-qirg-quantum-connection-setup]
1245 Meter, R. V. and T. Matsuo, "Connection Setup in a Quantum
1246 Network", Work in Progress, Internet-Draft, draft-van-
1247 meter-qirg-quantum-connection-setup-01, 11 September 2019,
1248 .
1251 [Jozsa2000]
1252 Josza, R., Abrams, D.S., Dowling, J.P., and C.P. Williams,
1253 "Quantum Clock Synchronization Based on Shared Prior
1254 Entanglement", Physical Review Letter, American Physical
1255 Society, 2000,
1256 .
1258 [Jozsa2005]
1259 Josza, R. and et. al., "An Introduction to Measurement
1260 based Quantum Computation", 2005,
1261 .
1263 [Kiktenko] Kiktenko, E.O. and et. al., "Lightweight Authentication
1264 for Quantum Key Distribution", 2020,
1265 .
1267 [Komar] Komar, P. and et. al., "A Quantum Network of Clocks",
1268 2013, .
1270 [Lipinska] Lipinska, V. and et. al., "Verifiable Hybrid Secret
1271 Sharing with Few Qubits", Physical Review A, American
1272 Physical Society, 2020,
1273 .
1275 [Lo] Lo, H.-K. and et. al., "Experimental Demonstration of
1276 Phase-Remapping Attack in a Practical Quantum Key
1277 Distribution System", Physical Review Letters, American
1278 Physical Society, 2012,
1279 .
1281 [NCSC] "Quantum Security Technologies", White Paper, National
1282 Cyber Security Centre (NCSC), 2020,
1283 .
1286 [NISTIR8240]
1287 Alagic, G. and et. al., "Status Report on the First Round
1288 of the NIST Post-Quantum Cryptography Standardization
1289 Process", NISTIR 8240, 2019,
1290 .
1293 [NISTSP800-207]
1294 Rose, S. J., Borchert, O., Mitchell, S., and S. Connelly,
1295 "NIST, Zero Trust Architecture", Special Publication (NIST
1296 SP) - 800-207, National Institute of Standards and
1297 Technology (NIST), 2020,
1298 .
1300 [NSA] National Security Agency, "Post-Quantum Cybersecurity
1301 Resources", .
1304 [Pal] Pal, S.P. and et. al., "Multi-partite Quantum Entanglement
1305 versus Randomization: Fair and Unbiased Leader Election in
1306 Networks", 2003,
1307 .
1309 [Preskill] Preskill, J., "Quantum Computing in the NISQ Era and
1310 Beyond", 2018, .
1312 [Proctor] Proctor, T.J. and et. al., "Multiparameter Estimation in
1313 Networked Quantum Sensors", Physical Review
1314 Letters, American Physical Society, 2018,
1315 .
1318 [Qin] Qin, H., "Towards Large-Scale Quantum Key Distribution
1319 Network and Its Applications", 2019,
1320 .
1323 [Renner] Renner, R., "Security of Quantum Key Distribution", 2006,
1324 .
1326 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
1327 Requirement Levels", BCP 14, RFC 2119,
1328 DOI 10.17487/RFC2119, March 1997,
1329 .
1331 [RFC7258] Farrell, S. and H. Tschofenig, "Pervasive Monitoring Is an
1332 Attack", BCP 188, RFC 7258, DOI 10.17487/RFC7258, May
1333 2014, .
1335 [Taherkhani]
1336 Taherkhani, M.A., Navi, K., and R. Van Meter, "Resource-
1337 Aware System Architecture Model for Implementation of
1338 Quantum Aided Byzantine Agreement on Quantum Repeater
1339 Networks", Quantum Science and Technology, IOP, 2017,
1340 .
1342 [Tang] Tang, B. and et. al., "High-speed and Large-scale Privacy
1343 Amplification Scheme for Quantum Key Distribution",
1344 Scientific Reports, Nature Research, 2019,
1345 .
1347 [Treiber] Treiber, A. and et. al., "A Fully Automated Entanglement-
1348 based Quantum Cyptography System for Telecom Fiber
1349 Networks", New Journal of Physics, 11, 045013, 2009,
1350 .
1352 [VanMeter2006-01]
1353 Van Meter, R. and et. al., "Distributed Arithmetic on a
1354 Quantum Multicomputer", 33rd International Symposium on
1355 Computer Architecture (ISCA) IEEE, 2006,
1356 .
1358 [VanMeter2006-02]
1359 Van Meter, R. and et. al., "Architecture of a Quantum
1360 Multicompuer Optimized for Shor's Factoring Algorithm",
1361 2006, .
1363 [Wang] Wang, C. and et. al., "Quantum Secure Direct Communication
1364 with High-Dimension Quantum Superdense Coding", Physical
1365 Review A, American Physical Society, 2005,
1366 .
1368 [Wehner] Wehner, S., Elkouss, D., and R. Hanson, "Quantum internet:
1369 A vision for the road ahead", Science 362, 2018,
1370 .
1373 [Xu] Xu, F. and et. al., "Experimental Demonstration of Phase-
1374 Remapping Attack in a Practical Quantum Key Distribution
1375 System", New Journal of Physics, 12 113026, 2010,
1376 .
1379 [Zhandry] Zhandry, M., "Quantum Lightning Never Strikes the Same
1380 State Twice", 38th Annual International Conference on the
1381 Theory and Applications of Cryptographic Techniques,
1382 Darmstadt, Germany, May 19-23, 2019, Proceedings, Part
1383 III, 2019, .
1385 [Zhang2009]
1386 Zhang, X. and et. al., "A Hybrid Universal Blind Quantum
1387 Computation", Information Sciences, Elsevier, 2009,
1388 .
1391 [Zhang2018]
1392 Zhang, Q., Hu, F., Chen, Y., Peng, C., and J. Pan, "Large
1393 Scale Quantum Key Distribution: Challenges and Solutions",
1394 Optical Express, OSA, 2018,
1395 .
1397 [Zhang2019]
1398 Zhang, P. and et. al., "Integrated Relay Server for
1399 Measurement-Device-Independent Quantum Key Distribution",
1400 2019, .
1402 [Zhao2008] Zhao, Y., Fung, C.-H., Qi, B., Chen, C., and H.K. Lo,
1403 "Experimental Demonstration of Time-Shift Attack against
1404 Practical Quantum Key Distribution Systems", Physical
1405 Review A, American Physical Society, 2008,
1406 .
1408 [Zhao2018] Zhao, Y., "Development of Quantum Key Distribution and
1409 Attacks against it", Journal of Physics, J. Phys, 2018,
1410 .
1413 Authors' Addresses
1415 Chonggang Wang
1416 InterDigital Communications, LLC
1417 1001 E Hector St
1418 Conshohocken, 19428
1419 United States of America
1420 Email: Chonggang.Wang@InterDigital.com
1422 Akbar Rahman
1423 InterDigital Communications, LLC
1424 1000 Sherbrooke Street West
1425 Montreal H3A 3G4
1426 Canada
1427 Email: rahmansakbar@yahoo.com
1429 Ruidong Li
1430 Kanazawa University
1431 Kakuma-machi,
1432 Ishikawa Prefecture 920-1192
1433 Japan
1434 Email: lrd@se.kanazawa-u.ac.jp
1436 Melchior Aelmans
1437 Juniper Networks
1438 Boeing Avenue 240
1439 Schiphol-Rijk
1440 Email: maelmans@juniper.net
1441 Kaushik Chakraborty
1442 The University of Edinburgh
1443 10 Crichton Street
1444 Edinburgh
1445 EH8 9AB, Scotland
1446 United Kingdom
1447 Email: kchakrab@exseed.edu.ac.uk