All-Photonic Quantum Repeaters Could Lead To a Faster, More Secure Global Quantum Internet

"University of Toronto Engineering professor Hoi-Kwong Lo and his collaborators have developed a prototype for a key element for all-photonic quantum repeaters, a critical step in long-distance quantum communication," reports Phys.Org. This proof-of-principle device could serve as the backbone of a future quantum internet. From the report: In light of [the security issues with today's internet], researchers have proposed other ways of transmitting data that would leverage key features of quantum physics to provide virtually unbreakable encryption. One of the most promising technologies involves a technique known as quantum key distribution (QKD). QKD exploits the fact that the simple act of sensing or measuring the state of a quantum system disturbs that system. Because of this, any third-party eavesdropping would leave behind a clearly detectable trace, and the communication can be aborted before any sensitive information is lost. Until now, this type of quantum security has been demonstrated in small-scale systems. Lo and his team are among a group of researchers around the world who are laying the groundwork for a future quantum Internet by working to address some of the challenges in transmitting quantum information over great distances, using optical fiber communication.

Because light signals lose potency as they travel long distances through fiber-optic cables, devices called repeaters are inserted at regular intervals along the line. These repeaters boost and amplify the signals to help transmit the information along the line. But quantum information is different, and existing repeaters for quantum information are highly problematic. They require storage of the quantum state at the repeater sites, making the repeaters much more error prone, difficult to build, and very expensive because they often operate at cryogenic temperatures. Lo and his team have proposed a different approach. They are working on the development of the next generation of repeaters, called all-photonic quantum repeaters, that would eliminate or reduce many of the shortcomings of standard quantum repeaters. "We have developed all-photonic repeaters that allow time-reversed adaptive Bell measurement," says Lo. "Because these repeaters are all-optical, they offer advantages that traditional -- quantum-memory-based matter -- repeaters do not. For example, this method could work at room temperature."

Re:that's not the problem

[ledow]

That surely only applies if you are transmitting things unencrypted.

One of the prime reasons to use encryption is because it operates over even an insecure channel to secure it. Someone faking or stealing IP traffic still can't read your encrypted data because that's the entire point.

Obviously, if you're worried about it, you use proper cryptographic endpoint verification. Then it doesn't matter. You'll notice tampering immediately. You *EXPECT* your enemy to record every single byte of everything you send. Because it literally won't help them one jot. Not even if they know what you were sending at some point in the future (known-plain-text attacks aren't possible with modern encryption).

People fussing over DNS interception, BGP routing etc. are missing the critical point. They may affect *connectivity*. i.e. can you talk to the intended endpoint. What they can never affect is *veracity*. You are either talking to the chosen endpoint or you're not. People can't pretend to be the endpoint unless they've got the correct private key, etc. etc.

This is why SSH, TLS, IPSec, etc. all exist.

Treat the Internet as an untrusted network medium (why on Earth would you do anything else!?) and apply security accordingly. Pretending that a BGP announcement, even from your own ISP, is in any way secure is stupidity. You secure it IN SPITE of that. Even Google's inter-data-centre links weren't secure because they just assumed the medium was secure and didn't encrypt. Only when it was revealed that certain agencies were sniffing that traffic did they solve the problem - by encryption.

Sod the honour system, the honour system is in people assuming they are talking to the endpoint without checking, no matter who says.

BGP etc. routing attacks become useless precisely the second that you encrypt traffic by default. You can no more fake being "Facebook.com" than you can being some IP address. Without the right certificate the other end, the correct certificate signing chain, the correct certificate authority, the correct certificate pinning, etc. then modern sites and browsers will throw errors no matter what you do to try to pretend to be a secured endpoint, or act as a man-in-the-middle.

The problems come from people assuming security exists, rather than assuming it doesn't, and layering more on top anyway.

Hell, WPA2 isn't secure, because anyone can pretend to be the BSSID of any advertised Wifi point. It's secured by the endpoints layering over encryption. You should be VPN'ing over even internal wireless.

You can't secure something like the Internet en masse. So don't. Secure the endpoint, and just assume that EVERYONE can see every byte out of your connection.

Re:What problem is being addressed?

[gotan]

It doesn't work like that. The problem is, that public key algorithms rely on "trap door algorithms" that are "easy" to do in one direction (e.g. multiplying two prime numbers) but "very hard" in the other direction. "Easy" usually means "requires a number of operations that is polynomial in "N" (N=number of digits), "hard" means "requires a number of operations that goes exponential with N. E.g. counting up to the product (or its square root) and testing each number if it divides it is "hard". Public key cryptography relies on this, an attacker has to solve a "hard" problem to crack the key. What compromised some key length previously was not that "hard" became "easy", but that with better and more hardware and improved algorithms the "hard" problem became doable. This can be easily fixed by using a higher key length. (one problem with all that is, that AFAIK we don't have mathematical proof that "hard" problems are really "hard", see P=NP, but that's another subject entirely)

Now some problems that (we think) are "hard" to do in classical computing are "easy" in quantum computing, prime factoring is one example of this. With that the basic premise falls, and that can't be helped by adjusting the key length. Maybe there are trap door algorithms out there that can't be made "easy" by quantum computing, or maybe we'll find that some problems we previously thought to be hard really aren't.

But quantum key distribution could solve that problem, since it provides a way of generating a common one time pad and check if anyone eavesdropped. That one-time-pad can then be used to transmit a key for the symmetric encryption e.g. in place of RSA.

The OP is right, that that doesn't solve the problem of authentication. Still a secure (in the sense that eavesdropping can be detected) distribution of exactly two instances of a one-time pad on the basis that authentication has happened certainly has its uses.