Re: [Qirg] I-D Action: draft-irtf-qirg-quantum-internet-use-cases-03.txt

[Joey S <joeysalazar@article19.org>]

Dear qirg, Chonggang Wang,

I have yet to fully read the latest v3 of the draft but after reviewing the minutes from the last meeting (attached), wanted to follow up on my conversations with Chonggang during IETF108-109 regarding anonymization in general, and particularly, in section "5.1. Secure Communication Setup: One requirement for this secure communication setup process is that it should not be vulnerable to any classical or quantum computing attack."

As mentioned in our chat, since a user can be potentially identified at the stage where they are setting up the connection, anonymization mechanisms to prevent user identification and potential tracking is something that we should definitely consider at some point.

Since, as Wojciech kindly explained, "Anonymity is difficult to guarantee for QKD, but may be possible for other applications" then I think a baseline would be to include this type of consideration in the next version of the draft; if not to explicitly address it, then to define it as a potential vulnerability that will be looked at later stages.

Looking forward to your thoughts, and wishing you all happy holidays,

--
Joey Salazar
Digital Sr. Programme Officer
ARTICLE 19
6E9C 95E5 5BED 9413 5D08 55D5 0A40 4136 0DF0 1A91

On 29-Oct-20 8:55 PM, internet-drafts@ietf.org wrote:

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Quantum Internet Research Group RG of the IRTF.

        Title           : Applications and Use Cases for the Quantum Internet
        Authors         : Chonggang Wang
                          Akbar Rahman
                          Ruidong Li
                          Melchior Aelmans
	Filename        : draft-irtf-qirg-quantum-internet-use-cases-03.txt
	Pages           : 23
	Date            : 2020-10-29

Abstract:
   The Quantum Internet has the potential to improve application
   functionality by incorporating quantum information technology into
   the infrastructure of the overall Internet.  In this document, we
   provide an overview of some applications expected to be used on the
   Quantum Internet, and then categorize them using various
   classification schemes.  Some general requirements for the Quantum
   Internet are also discussed.  The intent of this document is to
   provide a common understanding and framework of applications and use
   cases for the Quantum Internet.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-irtf-qirg-quantum-internet-use-cases/" rel="nofollow">https://datatracker.ietf.org/doc/draft-irtf-qirg-quantum-internet-use-cases/

There are also htmlized versions available at:
https://tools.ietf.org/html/draft-irtf-qirg-quantum-internet-use-cases-03" rel="nofollow">https://tools.ietf.org/html/draft-irtf-qirg-quantum-internet-use-cases-03
https://datatracker.ietf.org/doc/html/draft-irtf-qirg-quantum-internet-use-cases-03" rel="nofollow">https://datatracker.ietf.org/doc/html/draft-irtf-qirg-quantum-internet-use-cases-03

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-irtf-qirg-quantum-internet-use-cases-03" rel="nofollow">https://www.ietf.org/rfcdiff?url2=draft-irtf-qirg-quantum-internet-use-cases-03


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/" rel="nofollow">ftp://ftp.ietf.org/internet-drafts/


_______________________________________________
Qirg mailing list
Qirg@irtf.org
https://www.irtf.org/mailman/listinfo/qirg" rel="nofollow">https://www.irtf.org/mailman/listinfo/qirg

--- Begin Message ---

Here are my notes for the QIRG meeting.

For the sake of clarity and brevity I have paraphrased many of the questions and answers. If I have misrepresented anything, let me know, and I will fix it.

-- Bruno


MEETING MINUTES
===============

IETF 109 (online)
Quantum Internet Research Group (QIRG)
Monday 16 November

(1) Agenda bashing
------------------


(2) Status of the research group
--------------------------------

- The USA department of energy announced the Quantum Internet blueprint: https://www.energy.gov/sites/prod/files/2020/07/f76/QuantumWkshpRpt20FINAL_Nav_0.pdf

- Rodney van Meter and Wojciech Kozlowski wrote blog post to promote QIRG working group: https://www.ietf.org/blog/quantum-internet/

- The principles draft is basically ready for last call; this will be discussed in this meeting.

- The use cases draft is almost ready for last call as well.

- There are three expired drafts: we need to determine whether to pick them up again (there is still interest in them):

- Proposal for next steps: 
  - Focus on education (e.g. talks)
  - We might shift to fewer IETF meetings and more (shorter) interim meetings
  - Keep working on drafts


(3) Presentation on "Measurement Device Independent (MDI) Quantum Key Distribution (QKD)" by Joshua Slater
----------------------------------------------------------------------------------------------------------

- Slides at https://datatracker.ietf.org/meeting/109/materials/slides-109-qirg-mdi-qkd-quantum-internet-00

- Questions and comments:

- Bruno Rijsman: Can you explain why we need QKD (or PQC) to replace classical PKI in the first place? Josh Slater: The danger of Shor's algorithm breaking public key infrastructure (PKI) once we have sufficiently large quantum computers.

- Rodney van Meter: How long are the links that QuTech is installing in the 4 node quantum network? Josh Slater: Only the 1st fiber has been installed, it has 20 dB loss. The loss for the other 3 links is not yet known. Fibers are never straight-line and always have connection points that cause extra loss.

- Shota Nagayama: Do QKD networks have end-to-end conventional keys? Josh Slater: QKD networks securely generate end-to-end conventional keys.

- Shota Nagayama: Does QKD need trusted intermediate nodes? Josh Slater: The MDI QKD middle node does not need to be trusted [see also question from Kireeti Kompella later on].

- Philip Hallam-Baker: What about traffic analysis attacks? Josh Slater: An attacker can see when keys are generated, but cannot know the keys values or when the keys are actually used to encrypt.


(4) Status and recent updates on the use cases draft by Chonggang Wang
----------------------------------------------------------------------

- "Applications and Use Cases for the Quantum Internet" draft at https://www.ietf.org/archive/id/draft-irtf-qirg-quantum-internet-use-cases-03.txt

- Presentation slides at https://datatracker.ietf.org/meeting/109/materials/slides-109-qirg-draft-irtf-qirg-quantum-internet-use-cases-01

- Questions and comments:

- Wojciech Kozlowski: I am still confused about quantum control plane versus data plane. It's clear for classical networks, but what does it mean for quantum networks? Chonggang Wang: Discusses table (figure 1) in the use cases draft. The data plane is actual user traffic, the control plane is not actual user traffic but facilitates user traffic exchange. The control traffic may be classical (e.g. setup protocols) or quantum (e.g. quantum ping).

- Michelle Victoria: Is the goal of the use cases document to guide the layman (rather than the quantum expert)? Chonggang Wang: There are two purposes. The document is intended for those who are interested to gain a high-level overview of applications before diving into the details. It is intended as starting point for later more detailed standards documents. Wojciech Kozlowski: It is intended for classical networking experts, not for complete laymen.

- Michelle Victoria: Should the draft include examples of benefits gained from distributed quantum computing? Chonggang Wang: Yes, it would be good to include some benefits in the next version. Wojciech Kozlowski: I provided similar feedback by e-mail. 

- Rodney van Meter: Suggestion to merge last two columns in figure 1 into a single column.

- Chonggang Wang: Is document ready for last call?  Wojciech Kozlowski + Rodney van Meter + Bruno Rijsman: Think it will be a very useful document but it needs at least one more iteration.

- Philip Hallam-Baker: The drafts and presentations should be careful not to equate transmission security with cryptography in general. QKD provides transmission security (encryption of data in flight); it does not provide a solution for encryption of data at rest. Presenting QKD as a general solution for Shor's attack on PKI is not appropriate. Not being able to protect data at rest for 30+ years is the scariest part of Shor. There are also other solutions, e.g. Kerberos is quantum resistant and Philip Hallam-Baker's work on "Threshold Key Infrastructure" (a generalization of PKI for data at rest). Rodney van Meter: Which specific parts of the draft need to be changed? Philip Hallam-Baker: The security section. 

- Philip Hallam-Baker: Also concerned about the traffic analysis point raised during the Q&A after Josh Slater's presentation.


(5) Status and recent updates on the principles draft, presented by Wojciech Kozlowski
--------------------------------------------------------------------------------------

- "Architectural Principles for a Quantum Internet" draft at https://www.ietf.org/archive/id/draft-irtf-qirg-principles-05.txt

- Presentation slides at https://datatracker.ietf.org/meeting/109/materials/slides-109-qirg-draft-irtf-qirg-principles-00

- Questions and comments:

- Wojciech Kozlowski: Is the draft ready for QIRG last call? Rodney van Meter: I submitted a list of comments in February; have all been addressed?  Wojciech Kozlowski: kept track of each individual issue on the mailing list and believes all have been addressed. Rodney van Meter: Has a discussion on 1st, 2nd, and 3rd generation networks been added? Wojciech Kozlowski: Yes, in the error management section (4.4.3). Rodney van Meter: Before last call, we need to read both drafts in parallel, and make sure they agree on terminology etc. Wojciech Kozlowski: we need to be alignment on the control plane in both drafts. Rodney van Meter: would like one more end-to-end parallel reading before signing off on last call (as author and chair). Wojciech Kozlowski: Let's keep question of last call for the mailing list.

- Rodney van Meter: how many people have read the draft recently (say version 4 or 5). The "show of hands tool" shows 12 raised hands, 6 not raised, 51 participants. 2 comments in the chat explicitly liked the draft and found it useful. Conclusion: decent number of people have had good read. Would like to initiate last call in the next couple of weeks, contingent on more round of reading.


(6) Open mike questions and discussion
--------------------------------------

Colin Perkins: Are prototyping and experimental implementations part of the next steps? Wojciech Kozlowski and Josh Slater: The work that is being done in QuTech on building the first quantum Internet has indeed taken inspiration from the QIRG work. The first network link is planned to be online in 2021. Next year it will be upgraded to include quantum repeaters. A recent paper on the quantum internet network layer protocol (https://arxiv.org/pdf/2010.02575.pdf) is specifically inspired on QIRG discussions. A paper on the quantum internet datalink layer (https://arxiv.org/abs/1903.09778) was already published earlier. There is a plan to publish the Quantum Network Experience (QNE) which will be a web-based front-end to run quantum distributed applications on the first prototype quantum network.

Rodney van Meter: Can you clarify whether the MDI QKD node needs to be trusted or not? I suppose it depends on how you define a "node"; in the context of quantum network architecture we went back and forth on the question whether a Bell state measurement middle-point should count as a separate node or as part of the link (the initial inclination was the latter). Bruno Rijsman: In the case of MDI QKD the middle node facilitates star shaped topologies, so it also includes (for example) MEMS cross-connects; it is more than just a BSM. Rodney van Meter: This is also applies to networks that create graph entangled states. Josh Slater: I feel that the midpoints / center nodes should be an active participant if it's acting to bring point-to-multi-point functionality. 
Wojciech Kozlowski: a useful analogy with classical networks may be to compare BSM midpoints with layer-2 local area networks, and true quantum repeaters / quantum routers with layer-3 wide area networks. Agrees that the midpoint can be an active element.

Kireeti Kompella: Can one cascade midpoints? Bruno Rijsman: For MDI QKD networks, if there is a single midpoint it can be untrusted. For multi-hop MDI QKD networks (a series of >= 2 midpoints) one needs either quantum repeaters or trusted midpoints.

Josh Slater: The Chinese QKD network is long chain of "super nodes" which are trusted, each midpoint has its own star network around it. The USA Quantum Xchange network between NY and New Jersey will have a similar topology. This supports the case for viewing midpoints as separate active nodes.

Joey Salazar: Does QKD provide anonymity? In other words, can the users that exchange keys be identified / tracked? Wojciech Kozlowski: No, QKD is currently not anonymous. Anonymity is difficult to guarantee for QKD, but may be possible for other applications.

Rodney van Meter: What is the process for finalizing the draft? The group and chairs conclude is work is done and submit it. The IRSG will review, check for conflicts with IETF, and provide  feedback. Most likely there will be comments. Then gets published as RFC.

_______________________________________________
Qirg mailing list
Qirg@irtf.org
https://www.irtf.org/mailman/listinfo/qirg

--- End Message ---