> On Jun 24, 2016, at 7:06 PM, David McGrew <[email protected]> wrote: > > > Because QKD is not a practical system for Internet security. It has serious > security issues/challenges and operational limitations on bitrate, range, and > physical media. It requires a point to point optical link, which is > typically dedicated fiber, which must be shorter than 60 miles. There are > security issues with QKD because it relies on a physical interaction across > the line between the encrypter and decrypter, thus giving an attacker the > opportunity to perform an attack on the physical process anywhere on that > line. See for instance Brassard et. al. Security Aspects of Practical > Quantum Cryptography, Lydersen et. al., Hacking commercial quantum > cryptography systems by tailored bright illumination, or Gerhardt et. al., > Full-field implementation of a perfect eavesdropper on a quantum cryptography > system.
All of these things are true for existing technology. > Another major security problem is the range limitation; it has been > proposed to extend the range of QKD by using a chain of trusted repeaters, > each connected by a QKD syst > em. These repeaters would greatly increase the attack surface, and require > the end user to trust the infrastructure provider(s); in contrast, the > Internet community wants end to end encryption, as described in RFC3365 and > RFC7624. The technology is evolving rapidly. We can now talk about the existence of a quantum IT industry; there are billions of dollars of government and VC and big company money, and at least a dozen startups that are out in the open, half in quantum computing and half in QKD. Over the next few years, a lot will happen. Most importantly in this context, it's very important to recognize that there is a YUUGE technological difference between networks that create and use long-distance quantum entanglement, versus those that use only quantum effects on single photons. Entanglement-based networks are way harder to build, but will solve the distance problems and enable many applications besides just QKD. If appropriate constraints on architecture (both hardware and protocols) are put into place at the beginning, I believe it is also possible to *guarantee* that the system avoids the kind of hacks that plague existing QKD systems; the keys are the need to perform certain quantum operations on quantum data (qubits) that are *optically isolated* from the (possibly compromised) inter-node channel, and to have adequate classical random number generators available each node. But that's an area where things are still kind of settling out, and it's not yet technically feasible. I gave a talk last year at Verisign on applications of quantum networks, focusing on *entangled* networks. I divide quantum networking apps into three areas: distributed cryptographic functions, sensor networks, and distributed digital computation. QKD sits at the border of dist crypto and sensors. If you know nothing about the topic, I suggest you start at the beginning, but if you want to skip the background (at any rate, all done without any serious math), scroll forward to the 20:30 mark, where the discussion of classes of applications of distributed entanglement begins. At 23:50, I begin discussing QKD. At about 27:00, I start discussing different usage scenarios in a way that I think is particularly relevant to this conversation. https://www.verisign.com/en_IN/innovation/verisign-labs/speakers-series/quantum-networks/index.xhtml Apologies, but one more plug for our work: in 2014, I published a book on Quantum Networking. http://as.wiley.com/WileyCDA/WileyTitle/productCd-1848215371.html (Apologies for the horrific price, I didn't set it and I'm appalled.) There is only a little discussion of QKD in it, but there is a lot of basic background on quantum teleportation and discussion of leading-edge work on quantum repeaters. The last third of the book is about quantum *networks* (as opposed to just chains of repeaters), an area where my research group is just about the only group in the world working. We recently published a paper on quantum *internetworking*, http://arxiv.org/abs/1508.04599. On a different topic, IEEE has recently started a standardization project aimed at interoperability at the network control level, using software defined networking (SDN for QKD), P1913 - Software-Defined Quantum Communication, https://standards.ieee.org/develop/project/1913.html. Enough for now, --Rod _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
