[Qirg] Re: questions about QKD

John Mattsson <john.mattsson@ericsson.com> Tue, 04 June 2024 06:47 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: qirg@ietfa.amsl.com
Delivered-To: qirg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 143CFC14F75F for <qirg@ietfa.amsl.com>; Mon, 3 Jun 2024 23:47:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C8Mh4K3riRmf for <qirg@ietfa.amsl.com>; Mon, 3 Jun 2024 23:47:22 -0700 (PDT)
Received: from EUR02-DB5-obe.outbound.protection.outlook.com (mail-db5eur02on20600.outbound.protection.outlook.com [IPv6:2a01:111:f403:2608::600]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6CCE0C14F70F for <qirg@irtf.org>; Mon, 3 Jun 2024 23:47:22 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Eef09EJmgB1T0GzCiuALArzQ/qhAiBfk5/+0lsPXdDGnDlI52M/fwNl6dICEHHXc/Ory4bwrq0YeHt0HjlOX0agpdMP54feJrNvRBEveEklximOAux4dKHs64B3WGYihqcaYVoRzMx12tUpB7KPKmoyLG2xyHB+87wKp30N2bUumFy8tCsPY8326QnjARzIMXZp6Ql78HiOCwDNRmQkI//xYvI1zfVrIKQlKtzXG7LPhCiaWW7Sg42AwsP1VudkvGtkKfibPd/CxtVXUzwCX5+6qz2rSL/YFd3EaIt7iTFlqmzGBuIocWIQe1KQkS/3NMXNQ94a0hLVu//whTXzIkw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=QrIP1yK/eWcukoFMrsI39mY172c4NBiKQgZ1esuWe/E=; b=OXlWP1XOZqXQ7UK8JXoyxpDCa9pRct2IGE74sm/jA+iQlGcc2XqGHxVlwBFj1Ebk7tXGllF9kFJRakMCqZamBhUx2uv88FauCT7L7+TqX/2PksEypT4gZA03femo6h0qWsdr6N+l5u7ND2aRiRut26hxvIlNBDuff/njVjK5gTSA2o/VK80uja43UF6B9gT0yPEzFBlBplP8ZXJzijzIvuTA6bISJK5eEQdKumfA6sJ6NeyK482sap+p+mkfDUCp+LweIQ8aheSvVHztycanxbv7URwAXBI2OpZwiH1J1Lt6lozi0sMceWDJgAvBjXk3FjtItkibVftjV1jJP0PkPg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QrIP1yK/eWcukoFMrsI39mY172c4NBiKQgZ1esuWe/E=; b=krPiSQ6+HScJT8fYuP+avG+KY3W5I9L9CvVV5yTA/W7f54hNyntoEN3bpxj47RYyYDOO8nQgYYPyP27WFRDJvBZrav9VT1/Eg64CL/mecHCuJR0mcItdy8EwrZ5mWpF91u8Xai+FfAgQ4nFSn94aVvFLz1xxZiVAPE3HgwyFXcxZO01QMUh7Sm7YFpC1QdC0hXMhtR50YJjkEZcH6oxehKOcLrJCvBNoKdjLa2daDv3K5k2wN7gC2h2CERG9J7reUYQsgSxLxR8jxcPavf3wDmLSmH/fUQF71yylTfhHfIsDeArmhamC5rol9Nqbt7nDpSE+5KSdJ3EwuJ3ZjkZUwA==
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com (2603:10a6:150:114::10) by PR3PR07MB6937.eurprd07.prod.outlook.com (2603:10a6:102:77::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.26; Tue, 4 Jun 2024 06:47:18 +0000
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::bcf3:3f45:888e:a4b8]) by GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::bcf3:3f45:888e:a4b8%3]) with mapi id 15.20.7633.021; Tue, 4 Jun 2024 06:47:18 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: Rod Van Meter <rdv=40sfc.wide.ad.jp@dmarc.ietf.org>, "qirg@irtf.org" <qirg@irtf.org>
Thread-Topic: [Qirg] questions about QKD
Thread-Index: AQHatkHgQYbvTmMnWk6r0eH7U62W4rG3KP0K
Date: Tue, 04 Jun 2024 06:47:18 +0000
Message-ID: <GVXPR07MB96788AB065A0C97E6A976E7589F82@GVXPR07MB9678.eurprd07.prod.outlook.com>
References: <6fb0218c-1ce0-4fb8-a0ee-14347c357f29@sfc.wide.ad.jp>
In-Reply-To: <6fb0218c-1ce0-4fb8-a0ee-14347c357f29@sfc.wide.ad.jp>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: GVXPR07MB9678:EE_|PR3PR07MB6937:EE_
x-ms-office365-filtering-correlation-id: 20f7ef6d-f47f-4c5d-9201-08dc84622d95
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230031|1800799015|366007|376005|38070700009;
x-microsoft-antispam-message-info: pn4HvE2hyI5NaClXwlZBvZEv39TLfaR5z9SekNHKtMXQAC63N3z+H3qsOBQSgO70h6iJSuVru3i7P8F5HHs9uwMaP3WknaOp4hHInooBx1UtFtd4Rou1hGURmvUcagrw3ZzFqqqkY0oSl0dhyb6fFLOX9+PzOhxTv2MqfAet2ChbIJsBBWpaoGCdxxUYlkYni0/sjZxFOaH9y+CL1hm1UFL/DWcvvy1QF9PaZB/vPuwvbkuYNd8uiQAERxlTJY3CV1Gxz0RHInh/f+gJnLhLSxsgb5rCXbAXamLjXcurl1WdK39wg+IFda24ytvphZb7TxI2Q6if+EOq/9nhgOVbDXDQVhO0XDkhB+k8qCQadwo5SrRi8paC32Wq26ggMFuitEeKgte+awnsTgZlIBJIH+ex6Lsj/dXrHlCPg+f8C36zNRj+TY3pQyLtCU6Zy4+W215Dl1xmgafcFwlQnA62CDLf2uOEj1dhAsQT1KxuT+jmGfTmlNv2LSpNdc1tEE9ELGoP7vpNVF/GVd8DCapIWG/+/NIiSDhFCintxs0vnMYRkvtsRcNx82FE8WSGTUM+TMj/Lm9C1n3PnTBNsXRpyzmH2EmiHuFXZ9/wPL4N9dH4L2/4M+HHwYQZjs8Xk4OViUGWRzkPsPfvI/tiNlePL0B25Qjv53yf7vbhmf5nZE/Ee7faKT7kpulO1/Dv+MvYnWZMS8xjSaIUq1v0BGIaaiNUU8te8Q3KcyPU7ZA0Eq38PbJKQrfcaiDU3dXvpbHmCL1ThHGycjYFCuAQ4LdemhrvFg9tkY0j4vi9j+hEOBTIDpnTh7Mi9RiWhvp05SDtkLTulmbvI3BfPtA69Qm4dvw80g9Y8vMkYRynejJldep8046URIzzo7zQBrsGq0Dp3Sl+qVrFXcqWYaL3dN97cCmrpzdXViXXpZBeXXaWOKtVwZTI5Hcm2J8bvkKYdxL2iw5TC1MYnLtkkv6iaoe0Fz7j1uigZLwCkC0oFnmLRxYP4AeltiPgjBqUQqpU1b9CjdsHDOTRc6QQ7K3wWjllNQ7328smul8eJsXNB1+awZD0YHaaILUC6+jpt2iPVWljmZ65Tadda1SHrzkNBNANsZHB9ag5TAoQT1lCAVcaE56lpcP600+tadCauxeKKoYxsUPrn9OwmFrFcWmQ5QbJloJ1ubM/GrUYbpiaYONLO7XCtpm+tt/vaDHXIUN558ZrdgK40W1bQZeQm0GGlzc3drwcAZtrqjH0Z9R/f4D9sIASCaFRMW9l/BKBQG+KTZ/NU31iIEuIn3d4yW6JWpJdHTpaCXbkEaJpZUvRRGkrbbEpzzs1Kd9jOKgAExs0JXsa
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GVXPR07MB9678.eurprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(1800799015)(366007)(376005)(38070700009);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: qplWianKtce8DxaZrlcylfBN4WHOLtHOiEI0NtalGm6Av1iLW1yDAzduHK0gB3EHyTiHUydn8wG0tO4JDTBVjtQw2BSa1TEzZBYavEkUZCbdI/RCb+bItFo6YErfwcoM8PDX86zgi9Zi0L2N6uh0HNNbZzRmofM8LDpK7jarbILo5CwAnip1u1sCRqYswbqFJlRRoihrWzwUZksOUWDRa35X5ZpwUq67CUo3lTRScqb1tmL+H84u8r/xWvUpxyuxFAREose46nymmpkY+0rGLOLDiOe/HCaWFs5d7OZ5VwmGxLHk2zr8QrcZ/z8P7uWJsF3e3LBaqByAMMbxvTWt2aNx3Zl1rXGEeWgkFW+e+MNtHP7/GZ+R3ZEXg6cL6h9osPd/uWF9Q4Rt6SCTrSswrJJNvmNW49bh96QpMfwoMkHdACCaVsDF65aWlb0EBeM2Oh4uea174x4dwuuyB7zAi5dDPWj4AxAwXiuMtA/mqj35ehnxDnmlLGakcjgX+EJ3Zqw07anpO9eMZDyY87XXB4Q5pOfBY0d7hG7NEQA/cWhGQTWo5CHwdfIPP9PrjGyp2l7DWjCYYH+xwqMJSj8jVTEzm5Kta/QMI3LUWy2YW9akrQuBo38FSFYK7fCdXELwh/MvRyYOnGZm+JwUqiWeAspzhdx/Vwm3CdU7P3I7ERaGVVJS/Y3sJGcJXl5VrCOSwb1MEwo/ktcTFLG6LvfMCP+G90a7U7RYd/cOtwhLrsUnoy0OL/51TuGFvxxzbSfbi4NZPeNFUMsE3S169cRx+iD0OFseQUEDUJ5tD1nJyDLrBNzUm8VoXNjfLmXt3x+MNrvfIC3htx1Nn77OVkrqjqhYpJAttPmZprtwbuJfEn4EtxaXh4aHn3pReCcl5f0fp/YY1I1yl5kPpri1Zt7A2l6fmfY7PtD7GL4xe9IBDwVWPpVKJwkZpNm2PKJkDfGA+/TSXy3KiAeX93WrtGFMs6EKK2cdKGX2vj0aQvE3lO52CWAP+HRodK6jW70YTLqt0lmDyLmkgHRl7wfxR/O8BT7GpseTqFddBmo7tufefMiMbhUzSxBPp5zQagL7Ny3nHm4jLfSuaSXDbRYcYMfY5qUjTGD380xv3N7D3ev+NN7p/U0R3ZIHq1iApcYDdCjY8vMUH379gXGr8hYNIGaHhHKdRN3Rx5I4q3R9v+WSqC0mJQFXJMJDuuzghvRuFG/Yv/VUvx5h22g3oaX6IlISXHYBflFt3Xrx89fHgRh+nmxmqi/XzrYnWwB/1QY+Eg8ItSH2RPgT20sX6ra3jf0tddx5hKWUNzE8FSIiyn00jvgr7zFxpHfcfZg9kH6QD4Zq5Fm6pM/94F8/g6kZAd0G+LjxtPFaZCzU1DuvkUnUhqd7TR5UFzAR4xXSYsQQxBubbEyngyJVCZV4pWksnwOjqGkWi16ZVZ39Py8y1YVqqDv+N1reOTJSqyP8oxe2LHUu6AfA9zFE2/PfnhGZxT7uG5EXe74mGBH/S6dMq6YsiXw/o9fbs/CwsAhUaoqGWaX+mw9JDOIeVrSyFwJPl5wwe7PqamDgdeUMTHrpN1F28P7vHwvdT1HgdYxkYv5dhUWEafew1rnd7zm7kfMQKkJ4RQ==
Content-Type: multipart/alternative; boundary="_000_GVXPR07MB96788AB065A0C97E6A976E7589F82GVXPR07MB9678eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GVXPR07MB9678.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 20f7ef6d-f47f-4c5d-9201-08dc84622d95
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Jun 2024 06:47:18.5690 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: FLXS95M2UVi3HqGJKK32ZfG4hWbhYzry/hyNZ+5dZuXXt9cUy2SJfGQka6iigGNA8fCeduUZ0rMu208yyNZTXoyajApIX4iPBpsE1GecdzY=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3PR07MB6937
Message-ID-Hash: YDD4L4UCEL6ISRGI3OJZAID7A3BUEYMQ
X-Message-ID-Hash: YDD4L4UCEL6ISRGI3OJZAID7A3BUEYMQ
X-MailFrom: john.mattsson@ericsson.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-qirg.irtf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Qirg] Re: questions about QKD
List-Id: Quantum Internet RG <qirg.irtf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/qirg/dg1akw5Pf-KxRsFmwoTmGIay9n8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/qirg>
List-Help: <mailto:qirg-request@irtf.org?subject=help>
List-Owner: <mailto:qirg-owner@irtf.org>
List-Post: <mailto:qirg@irtf.org>
List-Subscribe: <mailto:qirg-join@irtf.org>
List-Unsubscribe: <mailto:qirg-leave@irtf.org>

Thanks Rod!

I think this is a very good summary. I think wide-area, multipurpose, generally entangled quantum networks will be useful to connect quantum computers and quantum sensors. Except some very niche military use cases where QKD could serve as a defense-in-depth for ML-KEM, Classic McEliece, or FrodoKEM, it is hard to see practical use for QKD even if the problems you list are solved. As a person how studied physics and then switched to computer science, I am very disappointed in a lot of quantum people making public statements about QKD as practical security. Relying on current QKD systems would be very dangerous security wise.

One comment:
"because the problem it solves -- generating shared random or near-random bits secure enough to be used as encryption keys"

While quantum researchers think QKD solves that problem, I don't think this is correct. It is well-established security practice to never use TRNG output directly and I don't think that will ever change. QKD is providing unauthenticated key exchange. If QKD is ever practically used, the output (secret entropy) of QKD would be input to a classical KDF/CSPRNG. The output from the KDF/CSPRNG would be used in an AEAD with information-theoretic or computational-theoretic security. See e.g., BSI TR-02102-1 [1]:  "Irrespective of this, the BSI does not and will not recommend the use of the one-time pad alone with keys obtained via QKD or via other key agreement mechanisms in the future."

https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-1.pdf?__blob=publicationFile&v=7

Cheers,
John Preuß Mattsson

From: Rod Van Meter <rdv=40sfc.wide.ad.jp@dmarc.ietf.org>
Date: Tuesday, 4 June 2024 at 07:41
To: qirg@irtf.org <qirg@irtf.org>
Subject: [Qirg] questions about QKD

After months of QIRG mostly being quiet, my apologies for several emails in a hour, but forgot to mention this one...

QIRG is *NOT* primarily about quantum key distribution (QKD), it is more about wide-area, multipurpose, generally entangled quantum networks, but QKD does of course come up. I recently had a good discussion with a visitor about what it means to work on QKD as a researcher these days, and we wound up writing on the whiteboard, coming up with a list of questions/research topics. This is on my blog at
https://rdvlivefromtokyo.blogspot.com/2024/05/questions-about-qkd.html
but I think it's short enough to be worth quoting here in full:

I think quantum key distribution is fascinating, but unlikely by itself to serve as reason enough to build a Quantum Internet. Keeping in mind that I am not directly a QKD researcher, in my opinion there are several major hurdles limiting adoption of QKD today:
·                     Range of QKD is limited (until we build a multihop, long-distance network).
·                     Boxes are expensive, not robust, and require a lot of operational expertise.
·                     Attacking QKD deployments is trivial; it's designed to detect eavesdroppers, so by its very nature acting as an eavesdropper is equivalent to launching a DDoS attack.
·                     Interoperability, standards and global operational confidence are still works in progress.
·                     Market pull is still limited, because the problem it solves -- generating shared random or near-random bits secure enough to be used as encryption keys -- still isn't tops on the list of pain points for Chief Security Officers, AND there is a classical solution in the offing (PQC) that requires "only" software and protocols, no new hardware.
·                     Latency to start up a connection is orders of magnitude too high to be useful at the e.g. HTTPS level, so it has at best a specific and limited role in systems, e.g. like network-to-network IPSec tunnels.
With that in mind, I recently had a discussion with a QKD researcher about how to evaluate new ideas in the area. We came up with about thirteen questions/concerns/metrics answering the question, "What do we want to improve?":
1.            Steady-state key generation rate
2.            Robustness against noise
3.            Fraction of raw resources dedicated to detecting an eavesdropper
4.            Robustness against some known attack (e.g., detector blinding or entangling with qubits)
5.            Required classical communication bandwidth/latency
6.            Simplicity of quantum hardware implementation
7.            Startup time
8.            Preconditions (e.g., pre-shared key for authentication)
9.            Classical resources required, esp. randomness
10.          Ease of integration into classical security systems
11.          Ability to use in a heterogeneous quantum network environment (e.g., full end nodes with memory v. measurement-only end nodes)
12.          Demands on or benefits to quantum network operations (e.g., link tomography or network routing)
13.          Extension to multi-party protocols
Simply playing with ideas, such as "I found this cool thing while looking at quantum graph states...", is great, and important, and that's where highly original stuff comes from. But if you bring me an idea, I'm pretty likely going to ask which of the above things it improves, or if you think it has value for some additional reason.

--Rod