[Qirg] Re: questions about QKD

"Chung, Joaquin" <chungmiranda@anl.gov> Tue, 04 June 2024 14:17 UTC

Return-Path: <chungmiranda@anl.gov>
X-Original-To: qirg@ietfa.amsl.com
Delivered-To: qirg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 454F2C14F6A6 for <qirg@ietfa.amsl.com>; Tue, 4 Jun 2024 07:17:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.988
X-Spam-Level:
X-Spam-Status: No, score=-6.988 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=anl.gov
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vx46BqmWfE5Z for <qirg@ietfa.amsl.com>; Tue, 4 Jun 2024 07:17:21 -0700 (PDT)
Received: from GCC02-BL0-obe.outbound.protection.outlook.com (mail-bl0gcc02on2061a.outbound.protection.outlook.com [IPv6:2a01:111:f403:241a::61a]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DBF33C14F696 for <qirg@irtf.org>; Tue, 4 Jun 2024 07:17:20 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mO/GLfuJZbpnI7Gmp3lNX3BHXwLgUvFa0J6tW+qn+oYh3cyZxqsg1XGUdCweWBCiF0HchQ6/p0mPYx107inPlssYL8QSYiuq2/NXBdXu0EhYHoEFU2LMfkhHeKHi033tJWlRuhj3SyJMnVOhDNsaZIskBNlF/G9tD8+vXFCv50/wO+36cInr0LGZjCPOOXYtTdrrhwdkL2drQkDwUx4m3LG2SOJJPmF058U0crGC6Q/o+foZJYQzgW6PZeGQqKwvMKIsZjVO2hthGsQ/LBSTC6dhtJblPSdbSpp75glxC9lOozzWlLOrlmIHNNy04VFMdi6eji/N9nP00MrUe28MuQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=HH6cxxeyyDfAy28drxzCLc8ChT21Ob6DWwDVNXlotxQ=; b=WALOll3RoG06V4BhxHauHLYmDf1QhDGH9Q7SAuqKtvQIT1Mv5pH0gqLZdJVjJMDGr4XWGZjDnwAlKaMeAf8PY/p9oWkFWqXAijBantdEEpYP7jb7MIrbMv7GCyqpyLgxyTUVB/9GqKZesoBIyS5BlS3862DVvToj7zyzVi5g5S1ovDmyWftExsE8uomHr5ulWlc/sZtFK4WZToZp+/NzmnRc2mtE484uc3LIBtxbRQjD+IXHyoQQ/FE/rtp5fMurIWtbrpjWXTmqhZzUKI0ABJvs17XOKnBVbMld7sXF8op3LHmvLjUh8b8LHjYxNk1AT5M1wfStRVbLVLu7wPHq7A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=anl.gov; dmarc=pass action=none header.from=anl.gov; dkim=pass header.d=anl.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=anl.gov; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HH6cxxeyyDfAy28drxzCLc8ChT21Ob6DWwDVNXlotxQ=; b=J8/x6zkQGm9ujjDhTsZiCheNTjEG6tp26u17M3x+uafBKMP/zaSZubCGLTkR8ic491Zsj6KBzt4v3L9Xa3QT78sREgU1eLNeKi+R4QaRrIMFoYVxUPjNidLyKhwAFzdCY3qz+Cmj1lYJvGq/PaMmr3wVxEoh98KcAABZrTHgL0s7KodBNN9YTRuYbdhxUvP7OCBzNwOocsOWkuOspG3+qOJ/tkvqUVsrzETDg8uLSfxAreLYo793kmCSHpDLaIB/V3/yop5KrQv5KSkyz+mntTQNQbH+llmDBGPSEBYv0l0+inkWvjdH7sF5geJ1dK3wRKcFTqOgLcrvSkQVbtBPnQ==
Received: from SA1PR09MB8399.namprd09.prod.outlook.com (2603:10b6:806:171::6) by DS0PR09MB10435.namprd09.prod.outlook.com (2603:10b6:8:17b::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.27; Tue, 4 Jun 2024 14:17:17 +0000
Received: from SA1PR09MB8399.namprd09.prod.outlook.com ([fe80::3587:e3b4:13c:c806]) by SA1PR09MB8399.namprd09.prod.outlook.com ([fe80::3587:e3b4:13c:c806%2]) with mapi id 15.20.7633.021; Tue, 4 Jun 2024 14:17:17 +0000
From: "Chung, Joaquin" <chungmiranda@anl.gov>
To: Rod Van Meter <rdv=40sfc.wide.ad.jp@dmarc.ietf.org>, John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, "qirg@irtf.org" <qirg@irtf.org>
Thread-Topic: [Qirg] Re: questions about QKD
Thread-Index: AQHatkse3XtC+5clwESs/TmAZmg3xLG3PY2AgABpJSY=
Date: Tue, 04 Jun 2024 14:17:17 +0000
Message-ID: <SA1PR09MB83994AB1AFF725FDA56CB821C2F82@SA1PR09MB8399.namprd09.prod.outlook.com>
References: <6fb0218c-1ce0-4fb8-a0ee-14347c357f29@sfc.wide.ad.jp> <GVXPR07MB96788AB065A0C97E6A976E7589F82@GVXPR07MB9678.eurprd07.prod.outlook.com> <b856e6c3-709b-4eb5-8de6-1cff419a74e2@sfc.wide.ad.jp>
In-Reply-To: <b856e6c3-709b-4eb5-8de6-1cff419a74e2@sfc.wide.ad.jp>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=anl.gov;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SA1PR09MB8399:EE_|DS0PR09MB10435:EE_
x-ms-office365-filtering-correlation-id: 5a6ed4ab-d55a-45dd-a88f-08dc84a10a19
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230031|1800799015|366007|38070700009;
x-microsoft-antispam-message-info: qsl3kK2qdtMM20b6fgsTYjUYUCHteySi1pvlDcmXF2WcN+gUeZha5wNuwEO18vNO9rPu631l52e+HUd2howTjiGQ6Ynj8lTfEhirZh8JoifjC9wVqAnsM9z3LzT5yugRn4hupX/RYRkj+K//OH/+VNIOV0SSf9KQnfb7GrDhPLDjYlLMzyER5IXyly13dyudxItOa73ta4VogmXXDn2eyQbuhddfRiajsUmz+PTvw/Q/QM8iVtAiIqvf6JJ/Sv10hh3IEvpaVAG2Nc9/beNvBDCvaDQYDNp8vzrzu3bQkZRikMHQGjaEn62xiVs7E/Logn8SFNHI4dG2y7OGvqdImC5Q1QxPmT/i3n/RrC+roCj0zv+pe75QQ3y8Fb6MGqEBtSolHZ+H328DDWO2nURrMNaEFqFlu375w4AJ0Oi9l10gsVrvo6eUbssBDWJTL0FKzI4rSPfCQZw4B6m4fl4hY8rrHjQAT2ZbQcxMMEUfhgVYqWEfgsnGGZfrAOA+7J69lh5vZ4nPEGiLTSNDpp/OejLBF+ifOqnUjiq+soUF/MGtnKsVqLgAmE+flyWzkrF81M0jqJPPOnG97G98UvgOi/hZuhmuNpdmriBqS0Q8sKUw/G+1uR9b5CHsFVGCwj0hpekunExOCRrVtA8/mfZypWRMGa6jYJ7+Mevigq4dRgx/nPbBHsJeptVY8fqmXDCAdw9OkckHp/RhuAJMMUeAS/NlCL3f+ssV/0y8drlaWWdsMU1TqqOa60dB81sBIgoeioNS8iH/ea2xc1YUvLBI0suWsrtyjZYqquEX7rrteSA3zy3WKso06Cr0rUuOYVTCAmRZv8eC7ofbPYDFI5J1ni3/Rm2n2N4OQUHy3R/p784ei0dzoi1lLq/eWu3t/EGbiUglqyynUm/E5ja4MGVzRbwNxrqnoFmOugYZDuJsZZ7ibq/cjc8jXpsTZ2XyGw1+/x+BrtstdqM34lUvvJMK6bO/iQRVmJZN7mBfn6URLUCV2dhuUESd1WNS7rAXUPepNtqXEcm0I3/v3ebPxlxZEA2xFRx+ww1QjSuMU7OFIGQM9CpNAZCLWOT45iOyQVIoYGMFxrDCoGyX4hQ2R/taqFMTWYBLHFoVkwe1Px3kuidxaJOEDiYuKrQMPYkGg6AFeojq1HcPpg2Cw1tD0z0CwKiXvagTwFZIegIO3r6dDARPDCcUHFs50Au0FX5nFJlYtM1xOOWtggIHpXVPitZPkCwE6uTHkad0kyg1G+ByGr3rbXIRSx+kydJYzh/024jssjHYqIcDiTlMMilR9F89ew==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SA1PR09MB8399.namprd09.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(1800799015)(366007)(38070700009);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: GEjKHRHwMdPrHbySuV6WJ4daDvyTsKelSDwLpxxkSsthXyVbxPJ2M8A8z/Z6tmXgnGuaOgPfp/eiuF8CTlEcU1wVRHWqchf8Rcgg1hCseQYoelkutfnwac4iE/qXxpQ0EaCdnWwbadUkw+8ocO8DbsNCUhaZEKMxT69Twh8tH25nHTNfg9qweqYbxEwIbBrfMCI7K6YwvPFnAarpMUYbNvbONwYqS1UDGxg9HHOLyfeN8vYcbnmLQu9Vet8RLFth4ML25Zl/sHtiD23SK0LLZU4NYBhzUyrbKzMV6AzAupI0tgCGNst2ps9jso+rmacL0mPfKBDfY8TvkVGGLHk0tUkfs9YDOzWvNgpN24J5yv1OJmBCTJiKTzwhr7cOQPxQ1Ku0RCWbPJvotegp37K+0KhTooL0+UPCpGLswlQeeLzzb33SXafacZXbA3suFYoDSTkwRDj/7B6mEI5AN0QSGR/nROLn1fZEvPwTZ05u8UB7+51G7pqmf9FidhCIZQS/8G+O/WBe8aRJx5EWcnfqv7+CbiKMRQNlyJPoE8SoOAakIf4TbYROVPhEq4PvqYfCSAlPR72tKd/KD07U+g/ZBgdEARJQ1aqxHcF1P4d9mwL01LG7zPbAgpUGbXNJN6ATfnY+NsRSj2lN+bOFosij+guPDG4L+dGgSVnHyfRhWlqg1cAKp0nm8bWh5dUfRyCwrrHktYXPUVI2qi5Zumd9nWmGQ3MK3sw5gycgRuFIv2IZJQDm2Z/OxG+20+EauPrIgFN4OMInd+c3scyYhLKfkif9cc5Iw1j0bvfwbFL7oKFzctPxSzVDz8XFafJNn5es2BdsCRGskv5Yc/lrZPCkJ9/gOig5RcaY6AFXPh6DfXsVUIoBepYVtu3P6FHzLp4kYl0VVdkJwdTULB1iNqexo2TIO1hIccs0lI3w8ESP7UIfRJQ2Mi2kPFTJcWz02TMaKFdHDR8r2S3JdaF6OidOXgzbuvIYflBNvb7DC6yostmra4lcOhHi6PuGl7v9TEAYkaJajrxmqMMl+IC+nC3mvnlk1qYjQfzFED/RdHtghHqgK0Zgj+J//nJ6dGfaWZk/c3w/kOlkwyDfcF7lmMdiZ3Mn4g8T/QEsPrVNPrnuW/5pIz3kQrpF/1M0FvpwuTjBjfHwnAHzHhKgSMPf8RWIHKmkQPK09Y2woMkanGcZpspK7CgSGchTOFKM4HtFDKtxulYkNJS4i9RvJtTmUksodsx/QKfxJ5UYuCx0pieqfc0BD9POKzaGywz2jNIbrJkcqRb6LGqAY1eLuV8u0ATCpANQVsl8fyQmdAviliUCf96x0buEn4/dJUrU+hKGTb5SNOIYO3akIsALmEVfNYF4SwxQ0afUjC2adjH7nD/+B2pJHYhItO6lRx+6JCAV4MEP3TglgJ1uE7ROY1p2hINAMN8pglz4hRIwlP9rgEDvyP7nLkf6GtFD0mkZASSzPsFp0476ckrp2CxzeoYyF5blhnntzKAwtqE5jxVgkbIUpLuhpJww8oBWlXtvcaQAg22uy49OdClu2gJ2hjjFWcAQSxaaSFkKSyyoHJ4MTIySEGTOSYozpE2nY0IePsCfXUCh
Content-Type: multipart/alternative; boundary="_000_SA1PR09MB83994AB1AFF725FDA56CB821C2F82SA1PR09MB8399namp_"
MIME-Version: 1.0
X-OriginatorOrg: anl.gov
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA1PR09MB8399.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 5a6ed4ab-d55a-45dd-a88f-08dc84a10a19
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Jun 2024 14:17:17.3468 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0cfca185-25f7-49e3-8ae7-704d5326e285
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR09MB10435
Message-ID-Hash: M4L2J2BFKBCKMANCAUTJ3SO6PNEX4FAB
X-Message-ID-Hash: M4L2J2BFKBCKMANCAUTJ3SO6PNEX4FAB
X-MailFrom: chungmiranda@anl.gov
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-qirg.irtf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Qirg] Re: questions about QKD
List-Id: Quantum Internet RG <qirg.irtf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/qirg/A4Gm4GBMmVdCe0c_0zpR3mQ7KBQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/qirg>
List-Help: <mailto:qirg-request@irtf.org?subject=help>
List-Owner: <mailto:qirg-owner@irtf.org>
List-Post: <mailto:qirg@irtf.org>
List-Subscribe: <mailto:qirg-join@irtf.org>
List-Unsubscribe: <mailto:qirg-leave@irtf.org>

I have a very naive question. Can QKD tell me with certainty that the channel is being eavedropped? Can it differentiate between a squirrel eating a fiber vs. a spy cutting it?

Regards,

Joaquin
________________________________
From: Rod Van Meter <rdv=40sfc.wide.ad.jp@dmarc.ietf.org>
Sent: Tuesday, June 4, 2024 2:59 AM
To: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>; qirg@irtf.org <qirg@irtf.org>
Subject: [Qirg] Re: questions about QKD

On 2024/06/04 15: 47, John Mattsson wrote:   I think this is a very good summary. I think wide-area, multipurpose, generally entangled quantum networks will be useful to connect quantum computers and quantum sensors. We absolutely, unequivocally
ZjQcmQRYFpfptBannerStart
This Message Is From an External Sender
This message came from outside your organization.

ZjQcmQRYFpfptBannerEnd


On 2024/06/04 15:47, John Mattsson wrote:




I think this is a very good summary. I think wide-area, multipurpose, generally entangled quantum networks will be useful to connect quantum computers and quantum sensors.

We absolutely, unequivocally have to have networking at the data center level in order the scale quantum computers, so agreed.

Except some very niche military use cases where QKD could serve as a defense-in-depth for ML-KEM, Classic McEliece, or FrodoKEM, it is hard to see practical use for QKD even if the problems you list are solved.

I'm old enough to have been wrong about potential uses for technologies, so I'm a little more cautious about it, but by and large I agree; use cases for QKD are likely pretty narrowly defined.

As a person how studied physics and then switched to computer science, I am very disappointed in a lot of quantum people making public statements about QKD as practical security.

I think rather than deliberately disingenuous statements the problem is that the QKD community has too few serious security people (like you). I will say (just among us...er, well, this will go in the list archives for posterity, I suppose...) I have encountered quite a few physicists in the last twenty years who are, shall we say, not fully acquainted with the breadth and depth of computer science and computer engineering. They are EXTREMELY good at what they do, I just wish they paid a little more attention to what WE do!

The real forehead-slapper is when someone hacks a given QKD system and the response is, "Oh, well, that's just an implementation problem, it's still theoretically secure," as if "theoretically secure" or "it would have been secure if you had implemented it right" systems aren't one of our biggest source of headaches.

Relying on current QKD systems would be very dangerous security wise.

Despite what I just said, I think the actual QKD startups that are serious *are* trying to work within the crypto/security communities, at least as best they can figure out; there is quite a bit over on the ITU side.



One comment:

"because the problem it solves -- generating shared random or near-random bits secure enough to be used as encryption keys"



While quantum researchers think QKD solves that problem, I don't think this is correct. It is well-established security practice to never use TRNG output directly and I don't think that will ever change. QKD is providing unauthenticated key exchange. If QKD is ever practically used, the output (secret entropy) of QKD would be input to a classical KDF/CSPRNG. The output from the KDF/CSPRNG would be used in an AEAD with information-theoretic or computational-theoretic security. See e.g., BSI TR-02102-1 [1]:  "Irrespective of this, the BSI does not and will not recommend the use of the one-time pad alone with keys obtained via QKD or via other key agreement mechanisms in the future."

Thanks for all that! Noted and updated on the blog.



https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-1.pdf?__blob=publicationFile&v=7<https://urldefense.us/v3/__https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-1.pdf?__blob=publicationFile&v=7__;!!G_uCfscf7eWS!YDYr93hxH-ZH4PxNdGMvbvujzcderWBfNEDYLRHPDyMQJNFE2Qb7cPKzcqhF4zizBciL3u-cm1gP1aFXoOeaeAIhEMMuCRFWjw$>