Drabrh Quantum Dots Long Term Evolution Internet Protocol For Mobile Telephony by DR A B Rajib Hazarika PHD FRAS AES

QUANTUM DOTS
LONG TERM
EVOLUTION INTERNET
PROTOCOL FOR
MOBILE TELEPHONY
Dr.A.B.RAJIB HAZARIKA,PhD,FRAS,AES
Copyright © 2020 Dr.A.B.RAJIB HAZARIKA,PhD,FRAS,AES
All rights reserved.
ISBN:
978-1-71680-964-4
Imprint: Lulu.com
DEDICATED
TO MY PARENTS
ROSMAT ALI HAZARIKA AND ANJENA HAZARIKA
MY WIFE
HELMIN HAZARIKA
MY KIDS
LAQUIT ALI HAZARIKA AND DANISHA BEGUM HAZARIKA
MY SISTER AND BROTHER IN LAW

SHAMIM ARA RAHMAN AND WAZUR RAHMAN
MY NIECE
KASMIRA RAHMAN
.
CONTENTS
About the Author i
1 INTRODUCTION TO QUANTUM CRYPTOGRAPHY 4
2 Types of Quantum Cryptography 19
3 Quantum Cryptography Dmystified 28
4 Quantum Communications 34
5 Future of Security 41
6 Code Breaker or Hacker and Payment System 44
7 Quantum Cryptosystem 47
8 Cryptography in Quantum Age 51
9 Internet of Things Security 60
10 Post Quantum Cryptography 75
11 Quantum Communication Protocol 107
12 Quantum Information an Measurement Technology 175
13 Quantum Secure direct communication security analysis189
14 Quantum Phone 224
15 Quantum Dots Internet Protocol 232
16 Road Map to Quantum Internet Protocol 252
17 AI and Quantum Computing 296

ABOUT THE AUTHOR
Author
Dr.A.B.Rajib Hazarika,PhD,FRAS,AES
Assistant Professor,
Department of Mathematics,
Diphu Government College, Diphu
Assam, India-782462
[email protected] ; [email protected]
+91-9435166881 , +91-9101873618
Dr.A.B.Rajib Hazarika,PhD,FRAS,AES is a Assitant Professor ,Department

of Mathematics,Diphu Government College,Diphu,Assam,India .He did
PhD in Mathematics in space plasmas from Jai Narain Vyas
University,Jodhpur,Rajasthan in 1995 being Triple Gold medallist for Best
thesis in Mathematics, Best thesiss in Science stream, Best thesis in All of
streams from Association of Indian Universities,Delhi , during PhD was
Junior Research Fellowship(UGC-NET),Senior Research Fellowship (UGC-
NET) was Post-Doctoral Fellow in Plasma Physics Division ,Instititute of
i
Advanced study in science and technology(IASST) in 1998-99 as Research

Associate (DST), Government of India. He is teacing and in Reaseach for
last 27 years. From 2004 onwards in Diphu Govt. College. In 2010 elected
as Fellow of Royal Astronomical Society (FRAS) ,London ,Elected Foeriegn
Member of International Association of Mathematical
Physics(MIAMP),Germany,Elected Member of World Academy of
Science,Engineering and Technology (WASET) and member of
International Scientific committee of WASET,Elected Member of Outer
cirlce of Advisory committee for Mathematcs Education (ACME),Royal
Society,London (2011-2016).Elected member of Max-Planck Society
,germany,Elected Member of Physics Division,International Atomic
Energy Agency,Vienna,Member of Comphrehensive Test Ban Treaty
Organisation (CTBTO) ,Member of Focus Fusion Society,Dense Plasma
Society,Asia-Pacific Society for Physical Reasearch
(APSPR),Japan,Forchezunge Fusion Secretriate,France, Society of
Industrial Applied Mathematics,IEEE,TWAS,Assam Science Society,Assam
Academy of Mathematics,Plasma Science Society of India
(PSSI),International Biographical Centre,UK and so on.Dr.Hazarika’s
name is included in ecnylopedia of Worlcat , Marqui’s who’s who in the
world.He has won lot of awards Leading Scientist of the world 2010,Top
100 scientist 2012,Glory of India with medal ,Best Citizen of India 2013
Best Educanistaward, Life time award for Education 2015,Rastriya gaurav
award with gold medal and so on. He has written 16 books so far best
being Internet Protocol version 12 (IPv12) ,Invention of Dr.A.B.Rajib
Hazarika’s devices,VASIMR-DANISHA: A hall thruster space
oddsey,Strategic and thermonuclear devices,Fractional derivatives
simulation, Cybernetics and cryptography , Astronomy with home
computer,Fuzzy differential inclusion (FDI) simulation code,Green
Technology for next generation ,Pattern recognition for
fusion,AzadBinRajib (ABR) Quantum gate for quantum computing and
quantum information etc .He has supervised two students for MPhil
degree. His invention are described in the on Double Tokomak
Collider(DTC) , Magnetic confinement Tokomak Collider (MCTC), Duo
triad Tokomak Collider (DTTC) ,VASIMR –DANISHA Hall thruster,Fuzzy
Differential Inclusion(FDI) Simulation code , ABR Quantum gate for
quantum computing, 12 cavity toroidal Klystron, Quantum dots based
internet protocol for mobile telephony with 103 Gbps (Giga bits per
seconds)
ii
1 INTRODUCTION TO QUANTUM
CRYPTOGRAPHY
Quantum dots for microwave propagation for future
quantum internet protocol: A novel theory
Abstract of Book as conceived by Dr.A.B.Rajib Hazarika,PhD,FRAS,AES
As Quantum dots are made of ZnS are trending in displays as TV panels

and laser will be used to study the faster microwave propagation in space
and on earth which will be difficult to bypass as quantum key encryption
decryption is difficult to decode. Quantum internet protocol is much
faster , safer and secure in microwave propagation than the present
Internet Protocol v6, which forms the aspect of our study. Assimilation of
hardware, Quantum dots with Quantum protocol theory beautifies the
aspect of study.
Earlier Internet protocol version 12 (IPv12) was studied by Hazarika
4
QUANTUM DOTS LONG TERM EVOLUTION PROTOCOL FOR MOBILE
TELEPHONY
[1].Cryptographic Key Management in Delay Tolerant Network was
studied by Menesidou et al [2].Cryptographic key management in
deploying IPv6 was studied by Zamani et al [3],Quantum information
theory, From classical to quantum Shannon theory was given by Wilde [4]
Methodology Summary
 The aspect is to study the Quantum dots use in microwave

propagation leading to difficult to decode without proper key set
as it requires spin which changes without proper key.
 Module by module full package involving Quantum dots use in
mobile tower microwave transceivers (Quantum dots Klystron).
 Mobile sim and tower communication using quantum microwave
propagation (Phase bunching theory)
 Quantum dots used for communication using Quantum Time
Division Multiple Access (QTDMA)
 Quantum internet protocol connectivity with modalities of
Quantum dots
The Quantum Reflex klystron equations are given as
V =V e i 0
⃗
Alternating gap Voltage equation
π
i( −2 πN)
4
I 1=2 p I i 0 J 1 (X ) e
⃗
Driving induced current
The electronic admittance is ratio of driving current to alternating

gap voltage
i ( π4 −2 πN )
Y 1= ⃗
I 1 /V =2 p I i 0 J 1 ( X ) e /V
5
π
(4
i −2 πN )
Y 1= ⃗
I 1 /V =2 NGa J 1 ( X ) e /X
Where
Ga=πp k 2 I 0 /V
Electronic conductance
Phase bunching model

π
dp ( −2 πN)
=F f ( r ) e 4
dr
dθ
=−( ∆+ p2−1 ) −Ff ( r )
dr
π
i( −2 πN )
π
(
i −2 πN . e
4
4
)
γ β1
Where p=
γ∎ β ⊥0
π
θ=φ+ −2 πN −ω t 0=phase
4
π β 2⊥ 0
r= =axial position
β ∥0 λ
v⊥
β ⊥=
c
v∥
β ∥=
c
φ=fast time scale length angle
6
TELEPHONY
γ =relativi stic factor
2
f ( r )=e−(2 r / μ) =RF factor
nn −1
F=E0 β n−4
⊥0 ( 2n−1 n! )
J m±n (k ⊥ r ⊥ )
π β2⊥ 0 L 2 n ω e0
μ=
β ∥0 λ
,∆= 2 1−
β⊥ 0 ω ( )
The field amplitude F, length of the output cavity μ and frequency
detuning parameter Δ, are the normalized device parameters and defined
Quantum dots Microwave propagation Swap
π
Reaplacingi( −2 πN ) by −iφ S L S R where
4
dt
φ=∫ J (t) =π
h
S L=¿ ( ¿ Laser )=e ¿¿ ¿
S R=¿ ( ¿ Laser ) =e¿ ¿ ¿
Intensity of quantum microwave
1
I = a2 ¿
2
Where a=amplitude of signals of quantum microwave
A Billion Dollar deal for 103 Gbps Quantum internet speed
Indian government have invested in QuEST( Quantum Enviornment

Science and Technology) $1.12 Billion (aprox. Rs 8000 Crore),Department
of Scienc and Technology,Government of India
References :
7
[1] Dr.A.B.Rajib Hazarika : (2015),Internet protocol version 12

(IPv12),http://lulu.com,ISBN 9781329153387
[2]Sofia Anna Menesidou ,VasiliosKatos and GeorgiosKambourakis:Future

Internet (2017), 3, p26; doi:10.3390/fi9030026,
www.mdpi.com/journal/futureinternet
[3] A. T. Zamani and S. Zubair: International Journal of advanced studies in

Computer Science and Engineering IJASCSE Volume 3, Issue 4, 2014
[4] Mark M Wilde: arXiv:1106.1445v7(2016) ,Quantum information

theory, Cambridge
Now Everything involved in the theory is discussed in detail
What is Quantum cryptography?
Quantum cryptography is the latest trending topic nowadays. Sometimes

quantum cryptography is known as quantum entanglement. It applies
quantum mechanics to encrypt any message so that nobody can read
other than the intended recipient, as , he will have the key to decode the
message. We know that quantum is in more one state at a time. It not
remains in 1 and 0 but simultaneously in both states with spin. It applies
“no change theory” so that it cannot be interrupted and decode without
the keys.
Cryptography is the process of encrypting data, or converting plain text

into scrambled text so that only someone who has the right “key” can
read it. Quantum cryptography, by extension, simply uses the encryption
of data and transmits it in a way that cannot be hacked.
While the definition sounds simple, the complexity lies in the principles of
quantum mechanics behind quantum cryptography, such as:
8
TELEPHONY
 The particles that make up the universe are inherently uncertain
and can simultaneously exist in more than one place or more than
one state of being.
 Photons are generated randomly in one of two quantum states.
 You can’t measure a quantum property without changing or
disturbing it.
 You can clone some quantum properties of a particle, but not the
whole particle. It follows “no cloning “theory.
All these principles play a role in how quantum cryptography works.
Another definition of Quantum cryptography
Quantum cryptography is NOT a new algorithm to encrypt and decrypt

data. Rather it is a technique of using photons to generate a cryptographic
key and transmit it to a receiver using a suitable communication channel.
A cryptographic key plays the most important role in cryptography; it is
used to encrypt/decrypt data.
Quantum Cryptography, Explained
Quantum cryptography though sounds fairly complex – probably because

it is little bit. That’s why we put together this “encryption guide for
dummies” as a way of explaining what quantum cryptography is and
taking some of the complexity out of it.
Although the subject has been around for a couple of decades, quantum
cryptography (not to be confused with post-quantum cryptography) is
quickly becoming more critically relevant to our everyday lives because of
how it can safeguard vital data in a way that current encryption methods
can’t do it.
1.History of Quantum cryptography
Quantum cryptography goes back by the work of Stephen Wiesner and

Gilles Brassard. In the early 1970s, Wiesner, then at Columbia University in
New York, introduced the concept of quantum conjugate coding. His
seminal paper titled "Conjugate Coding" he showed how to store or
transmit two messages by encoding them in two "conjugate observables",
9
such as linear and circular polarization of photons, so that either, but not
both, of which may be received and decoded. It was not until Charles H.
Bennett, of the IBM's and Gilles Brassard met in 1979 at a conference
held in Puerto Rico, that they discovered how to incorporate the findings
of Wiesner. "The main breakthrough came when we realized that photons
were never meant to store information, but rather to transmit it" In 1984,
building upon this work Bennett and Brassard proposed a method for
secure communication, which is now called BB84. Following a proposal by
David Deutsch for using quantum non-locality and Bell's inequalities to
achieve secure key distribution Artur Ekert analysed entanglement-based
quantum key distribution in more detail in his 1991 paper.
Random rotations of the polarization by both parties have been proposed

in Kak’s three-stage protocol discussed in later on chapeter. In principle,
this method can be used for continuous, unbreakable encryption of data if
single photons are used. The basic polarization rotation scheme has been
implemented. This represents a method of purely quantum-based
cryptography as opposed to quantum key distribution where the actual
encryption is classical.
The BB84 method is at the basis of quantum key distribution methods.

Companies that manufacture quantum cryptography systems include
these methods.
Considering the trust you place in banks and commercial enterprises to

keep our credit companies – using current encryption methods – could no
longer guarantee us the security of our private information? Whereas the
cybercriminals are always trying to get access to secure data, but when
quantum computers come online, that information will be even more
vulnerable to being hacked. In fact, hackers don’t even need to wait for
quantum computers to start the process because they’re collecting
encrypted data now to decrypt later when the quantum computers are
ready. With quantum encryption, that’s not the case because your
information will be unhackable. Let’s explain.card and other information
safe while conducting business transactions online. What if those
performing these tasks requires a quantum computer, which have
the immense computing power to encrypt and decrypt data. A
quantum computer can quickly crack current public-key encryption.
10
TELEPHONY
With the popularization and rapid development of the Internet, human
society has entered the quantum information age. Nowadays, all walks of
people and all aspects of life can not be separated from the network. In
1990s, the term “cyberspace” was used to represent many new ideas and
phenomena in the Internet, networking, and digital communication [1].
Nowadays, this term is used to describe the domain of the global
technology environment by experts and researchers of technical strategy,
security, government, military, and industry and enterprises. Also, this
term is used to refer to anything associated with the Internet. Using this
global network, people can engage in all kinds of activities such as
communicating ideas, sharing information, providing social support,
conducting business, directing actions, creating artistic media, playing
games, and engaging in political discussion. Typical applications based on
cyberspace include cloud computing [2, 3] and personalized recommender
systems [4].
Despite all benefits and advantages of cyberspace, it is regarded as the

largest unregulated and uncontrolled field in human history. Therefore,
the problem of information security is the primary problem of cyberspace.
On the one hand, information technology and industry have entered an
unprecedented stage of prosperity. On the other hand, the means of all
kinds of attacks emerge in an endless stream. Attacks, like hacker attacks,
malicious software invade, and computer viruses, pose a great threat to
cyberspace information security. Moreover, the progress of science and
technology also poses new challenges to cyberspace security.
Due to the characteristics of the quantum computer, many existing public

key cryptography (RSA [5, 6], ELGamal [7], elliptic curve cryptography
(ECC) [8], and so on) will be no longer safe in the quantum computer.
Namely, the well-known discrete logarithm problem (DLP) or the integer
factorization problem will no longer be difficult under quantum computer.
This suggests that in order to resist quantum computers, new
cryptosystems that are not based on discrete logarithms problem or the
large factor decomposition problem should be explored. Only in this way
the information security of cyberspace be ensured in the future Internet.
Taking protective measures at all levels and scope of the network is the
basic idea of the cyberspace security [9]. These measures aim at detecting
11
and discovering all kinds of network security threats and taking

corresponding response actions.
Quantum cryptography is still in its infancy. But we can not ignore the
challenges it brings to the security of existing cyberspace. In 1994,
mathematician Peter Shor has proposed the quantum algorithm [10] by
which the integer factorization problem and the discrete logarithm
problem can be efficiently solved in polynomial time. Note that so far
researchers have not found the classical algorithm to solve the large
integer decomposition and the discrete logarithm problem efficiently
under the Turing machine model. Therefore, the challenge of the
emergence of quantum computers to the traditional cryptosystems can
not be ignored even if it is still in its infancy.
Cryptography and network security are the key technologies to ensure the
security of the information system [11]. Quantum cryptography is an
important branch of cryptography, which is the combination of quantum
mechanics and classical cryptography. The security of communication can
be guaranteed by Heisenberg’s uncertainty principle and quantum no-
cloning theory [12]. The main goal of the study of quantum cryptography
is to design cryptographic algorithms and protocols, which is against
quantum computing attacks.
As stated previously, exploring quantum cryptographic protocols will be

an essential part of cyberspace security issues for future Internet. In this
paper, we concentrate on analyzing and exploring the quantum key
distribution protocol target for cyberspace security for the future Internet.
Quantum cryptography stems from the concept of quantum money, which

was proposed by Wiesner in 1969. Limited by the level of technology in
history, this novel and creative idea cannot be realized, which makes it
remain unpublished until 1983 [13].
The first practical QKD protocol [14] was proposed by Bennett and
Brassard, in 2011. By leveraging single photon polarization, they
pioneered the implementation of the quantum key distribution protocol.
After that, a lot of effort was put into QKD in order to improve security
and efficiency. In 1991, Atur Ekert proposed the protocol [15] that is based
on Bells theorem. Note that [15] employs a pair of quantum bits (i.e., an
12
TELEPHONY
Eienstein-Podolsky-Rosen(EPR) pair), which is essentially the same as [14].
Subsequently, in 1992, the improvement [16] of the scheme [14] was put
forward by Bennett. Employing any two non-orthogonal states, the
improvement is more efficient and simple. After that, many QKD protocols
[17, 18] using the basic principles of quantum mechanics have been
proposed successively.
As an important cryptographic basic protocol, the oblivious transfer

protocol is one of the key technologies for privacy protection in
cryptography [19]. The oblivious transfer protocol is a protocol, where the
sender sends much potential information to the receiver, but the sender
itself is not aware of the specific content of the transmission. The concept
of Quantum Oblivious Transfer (QOT) [20] was first put forward by
Crépeau in 1994. After that, many works have been devoted to the QOT
protocol. In 1994, the “oblivious transfer” security of [21] against any
individual measurement allowed by quantum mechanics was proved by
Mayers and Salvail in [22]. In 1998, the protocol [23] was proposed, which
proves the security of the QOT protocol under an eavesdropper. Other
protocols [24, 25] were proposed to improve QOT protocol to varying
degrees.
Quantum authentication (QA) protocol is also one of the quantum

cryptographic protocols. It was proposed in [26] in 2001. After that, many
QA protocols [27, 28] have been proposed one after another.
The quantum cryptography protocol has developed many branches now.

In addition to the protocols (i.e., QKD protocol, QOT protocol, and QA
protocol) we discussed above, quantum cryptography protocols also
include quantum bit commitment (QBC) protocols [29, 30] and quantum
signature (QS) protocols [31, 32].
In many respects, quantum communication and information processing

are superior to that of classical, which is rooted in the characteristics of
quantum information.
1.1. Properties of Quantum Information
Properties of quantum information mainly includes uncertainty principle,

quantum no-cloning theory, the quantum teleportation, and the hidden
13
characteristics of quantum information, which can be employed to resist

attack (passive or active attack [33]) in cyberspace communication.
Heisenberg’s “uncertainty principle” and quantum “no-cloning theory”

[12].
(i)Uncertainty principle: it was introduced in 1927 by the German

physicist Heisenberg [34]. The main idea of uncertainty principle is that
the particle position in the micro world is impossible to be determined,
and it always exists in different places with different probability.
(ii)Quantum no-cloning theory [12]: It is the uncloned and undeleting

properties of the unknown quantum state. Cloning means producing a
completely identical quantum state in another system. Scientists have
proved that machines capable of replicating quantum systems do not exist
[35]. The undeleting principle can guarantee that any deleting and
damaging effect of the enemy on the quantum information will leave a
trace in secure communication. It was proposed in [36] in Nature that
deleting a copy of an arbitrary quantum state is not allowed by linearity of
quantum theory.
(iii)Quantum teleportation: The classic information is obtained by the

sender measuring the quantum state of the original, which will be told by
the sender in the way of classical communication. Quantum information is
the rest of the information that the sender does not extract in the
measurement, and it is passed to the recipient by measurement. In 1993,
the scheme that teleports an unknown quantum state was proposed in
[37].
(iv)Hidden characteristics of quantum information: Quantum information

has unique properties that classical information does not possess.
Specifically, the information of the quantum code in the entangled state
can not be obtained by the local measurement operation, which can only
be revealed by joint measurement. The works about quantum information
concealment was proposed in 2001 by Terhal et al. in [38].
14
TELEPHONY
1.2. Quantum Communication System
The quantum communication can be divided into quantum direct

communication and quantum teleportation communication. Quantum
direct transmission model is the simplest mode to realize the transmission
of quantum signals in different places. .
Quantum direct communication model
Alice wants to communicate with Bob through a quantum channel. In the

quantum direct transmission model, Alice first needs to produce a series
of photons through the preparation device according to the message she
wants to share with Bob. After the generation of the quantum source, this
information also needs to be processed by quantum source encoder and
Quantum Error Correcting Code (QECC) encoder. Then, the quantum
information can be transmitted directly to the quantum channel (optical
fiber or atmosphere). Here, the quantum channel is easily disturbed by
external noise. Therefore, the receiver Bob first performs QECC encoding
to the received signal and then performs quantum source encoding.
Finally, Bob obtains the initial quantum message.
The other quantum communication is the quantum teleportation. Unlike

the classical communication, the qubits not only can be in a variety of
orthogonal superposition states but also can be in the entangled state.
The principle of quantum teleportation is to establish a quantum channel
by using the maximum entangled state of two particles. Then the message
is transmitted by the quantum operation. Note that selection of
communication channels is the difference between the teleportation and
the direct communication.
Quantum teleportation
15
In this model, Alice who wants to transmit one-bit quantum with Bob on
other place. Firstly, an EPR pair is generated by the EPR entanglement
source. Secondly, one of the particles is sent to Alice and the other is sent
to the receiver Bob through the quantum channel ,which is known as
“public key”. Thirdly, in order to transmit information, Alice needs to
measure the particles in the EPR entangled pairs and the pending bits she
holds. And then, Alice informs Bob of measurement results. Finally, based
on the measurement results of Alice and the measurement of the EPR pair
of himself, Bob can obtain information about the particles to be
transmitted,whichis known as “private key”.
2. Quantum Cryptography for Future Internet
Security for cyberspace in the future Internet should be guaranteed as it is

the collection of all information systems and the information environment
for human survival. For the growing security problem in cyberspace,
quantum cryptography becomes the ardent need for first consideration.
2.1. Unconditional Security
Cable and light are the main carriers of today’s Internet communication.
This communication system model where Alice and Bob are legitimate
users in the system while Eve is an “eavesdropper”. In order to ensure
security, they encrypt messages and then transmit it on the public
channel. The classical cryptosystem is roughly divided into two kinds,
which are symmetric key cryptosystems and asymmetric key
cryptosystems. For these two cryptosystems, their security is mostly based
on the complexity of computing. However, the rapid development of
hardware equipment and the proposed new advanced algorithms have
brought unprecedented challenges to the security of classical
cryptosystems. Moreover, the rapid development of quantum computing
has also made many difficult problems in classical mathematics have the
solvability in the field of quantum physics. For example, the Discrete
Logical Programming (DLP) and the integer factorization problem have
been solved in [10] in 1994. Therefore, exploring quantum cryptographic
protocols will be an essential part of cyberspace security issues for future
Internet.
Classical communication model
16
TELEPHONY
Shannon, the founder of the information theory, made a pioneering study
of unconditional security in the 50s of last century [39]. In this study,
unconditional security conditions of “one-time-pad” were given. Namely,
rather than the pseudo-random number, the encryption/decryption key is
real random. And this key is used only once. Furthermore, the key length
is equal to the plaintext and performs the exclusive or operation with the
plaintext by bit. However, the problem of key distribution at one-time pad
has never been solved. It is worth noting that this problem of key
distribution can be solved by the principle of quantum mechanics with
QKD protocol [14].
Model of QKD protocol
In this model, sender wants to share a common conference key with

his/her counterpart, which can be used to encrypt/decrypt messages they
communicate. In this QKD protocol, the real randomness of the key is
guaranteed by the essential properties of the quantum: uncertainty
principle. Moreover, an attacker is definitely detected if it exists.
2.2. Sniffing Detection
In this method Alice and Bob exchange information in public channel. In

order to ensure confidentiality, their information is encrypted, but they
cannot prevent an attacker from eavesdropping on the channel.
Moreover, because of the characteristics of the device itself, the
eavesdropper can not be detected whether it is in cable communications
or in optical fiber communications. In cable communications, the listener
can use a multimeter or oscilloscope to monitor. In optical fiber
communications, the eavesdropper can get information from a part of the
light signal. Note that the fiber loss is influenced by environmental factors,
such as temperature and pressure, which makes the loss caused by
eavesdropping not be perceived.
In quantum communication, the eavesdropper is sure to be detected

owing to quantum no-cloning theory. Specifically, if an eavesdropper
monitors the quantum channel, for a bit of quantum information, he will
choose the same measuring base with the sender with a 50% probability.
Therefore, the eavesdropper will be detected at a 50% probability for a bit
17
of quantum information. Note that, for the quantum information of one -

bit, the probability of the eavesdropper being detected .
2.3. Security of the QKD
In order to simulate real situations in the future Internet, we first analyze

the quantum key distribution protocol in noise-free channel. Moreover,
we further search the quantum key distribution protocol in noisy channel.
In order to analysis security of QKD protocol, we list the encoding of

quantum information and the measurement results under different
measurement bases. The two parties agree in advance that the horizontal
and oblique downwards polarization represents “1” while the vertical and
oblique upward polarization represents “0.”
References
1. L. Strate, “The varieties of cyberspace: Problems in definition and

delimitation,” Western Journal of Communication, vol. 63, no. 3,
pp. 382–412, 1999.
2. J. Shen, J. Shen, X. Chen, X. Huang, and W. Susilo, “An efficient
public auditing protocol with novel dynamic structure for cloud
data,” IEEE Transactions on Information Forensics and Security,
vol. 12, pp. 2402–2415, 2017.
3. J. Li, Y. Zhang, X. Chen, and Y. Xiang, “Secure attribute-based data
sharing for resource-limited users in cloud computing,”
Computers & Security, 2017.
4. T. Zhou, L. Chen, and J. Shen, “Movie Recommendation System
Employing the User-Based CF in Cloud Computing,” in Proceedings
of the 2017 IEEE International Conference on Computational
Science and Engineering (CSE) and IEEE International Conference
on Embedded and Ubiquitous Computing (EUC), pp. 46–50,
Guangzhou, China, July 2017.
5. R. L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining
digital signatures and public-key cryptosystems,” Communications
of the ACM, vol. 21, no. 2, pp. 120–126, 1978.
6. Shen, T. Zhou, X. Chen, J. Li, and W. Susilo, “Anonymous and
Traceable Group Data Sharing in Cloud Computing,” IEEE
18
TELEPHONY
Transactions on Information Forensics and Security, vol. 13, no. 4,
pp. 912–925, 2018.
7. T. ElGamal, “A public key cryptosystem and a signature scheme
based on discrete logarithms,” IEEE Transactions on Information
Theory, vol. 31, no. 4, pp. 469–472, 1985.
8. Y.-M. Tseng, “An efficient two-party identity-based key exchange
protocol,” Informatica, vol. 18, no. 1, pp. 125–136, 2007.
9. J. Shen, T. Miao, Q. Liu, S. Ji, C. Wang, and D. Liu, “S-SurF: An
Enhanced Secure Bulk Data Dissemination in Wireless Sensor
Networks,” in Security, Privacy, and Anonymity in Computation,
Communication, and Storage, vol. 10656 of Lecture Notes in
Computer Science, pp. 395–408, Springer International Publishing,
Cham, 2017.
10. P. W. Shor, “Algorithms for quantum computation: discrete
logarithms and factoring,” in Proceedings of the 35th Annual
Symposium on Foundations of Computer Science (SFCS '94), pp.
124–134, IEEE, 1994.
11. J. Shen, T. Zhou, F. Wei, X. Sun, and Y. Xiang, “Privacy-Preserving
and Lightweight Key Agreement Protocol for V2G in the Social
Internet of Things,” IEEE Internet of Things Journal, pp. 1–1.
12. A. Peres, Quantum Theory: Concepts And Methods, Springer
Science & Business Media, 2006.
13. S. Wiesner, “Conjugate coding,” ACM SIGACT News, vol. 15, no. 1,
pp. 78–88, 1983.
14. C. H. Bennett and G. Brassard, “WITHDRAWN: Quantum
cryptography: Public key distribution and coin tossing,”
Theoretical Computer Science, 2011.
15. A. K. Ekert, “Quantum cryptography based on Bellâs theorem,”
Physical Review Letters, vol. 67, no. 6, pp. 661–663, 1991.
16. C. H. Bennett, “Quantum cryptography using any two
nonorthogonal states,” Physical Review Letters, vol. 68, no. 21, pp.
3121–3124, 1992.
17. B. Huttner, N. Imoto, N. Gisin, and T. Mor, “Quantum
cryptography with coherent states,” Physical Review A: Atomic,
Molecular and Optical Physics, vol. 51, no. 3, pp. 1863–1869, 1995.
18. D. Bruß, “Optimal eavesdropping in quantum cryptography with
six states,” Physical Review Letters, vol. 81, no. 14, pp. 3018–3021,
1998.
19
19. P. Li, J. Li, Z. Huang, C.-Z. Gao, W.-B. Chen, and K. Chen, “Privacy-
preserving outsourced classification in cloud computing,” Cluster
Computing, pp. 1–10, 2017.
20. C. Crépeau, “Quantum oblivious transfer,” Journal of Modern
Optics, vol. 41, no. 12, pp. 2445–2454, 1994.
21. C. H. Bennett, G. Brassard, C. Crépeau, and M.-H. Skubiszewska,
“Practical quantum oblivious transfer,” in Annual International
Cryptology Conference, pp. 351–366, Springer.
22. D. Mayers and L. Salvail, “Quantum oblivious transfer is secure
against all individual measurements,” in Proceedings of the
Workshop on Physics and Computation. PhysComp '94, pp. 69–77,
Dallas, TX, USA.
23. D. Mayers, “On the security of the quantum oblivious transfer and
key distribution protocols,” Lecture Notes in Computer Science
(including subseries Lecture Notes in Artificial Intelligence and
Lecture Notes in Bioinformatics): Preface, vol. 963, pp. 124–135,
1995.
24. S. Winkler and J. Wullschleger, “On the efficiency of classical and
quantum oblivious transfer reductions,” Lecture Notes in
Computer Science (including subseries Lecture Notes in Artificial
Intelligence and Lecture Notes in Bioinformatics): Preface, vol.
6223, pp. 707–723, 2010.
25. A. Chailloux, I. Kerenidis, and J. Sikora, “Lower bounds for
quantum oblivious transfer,” Quantum Information &
Computation, vol. 13, no. 1-2, pp. 0158–0177, 2013.
26. M. Curty and D. J. Santos, “Quantum authentication of classical
messages,” Physical Review A: Atomic, Molecular and Optical
Physics, vol. 64, no. 6, 2001.
27. B.-S. Shi, J. Li, J.-M. Liu, X.-F. Fan, and G.-C. Guo, “Quantum key
distribution and quantum authentication based on entangled
state,” Physics Letters A, vol. 281, no. 2-3, pp. 83–87, 2001.
28. D. Zhang and X. Li, “Quantum authentication using orthogonal
product states,” in Proceedings of the 3rd International
Conference on Natural Computation, ICNC 2007, pp. 608–612,
China, August 2007.
29. G. Brassard and C. Crépeau, “Quantum bit commitment and coin
tossing protocols in,” in Proceedings of the Conference on the
Theory and Application of Cryptography, pp. 49–61, Springer.
30. N. K. Langford, R. B. Dalton, M. D. Harvey et al., “Measuring
entangled qutrits and their use for quantum bit commitment,”
20
TELEPHONY
Physical Review Letters, vol. 93, no. 5, Article ID 053601, pp. 1–
53601, 2004.
31. G. Zeng and C. H. Keitel, “Arbitrated quantum-signature scheme,”
Physical Review A: Atomic, Molecular and Optical Physics, vol. 65,
no. 4, 2002.
32. X. Lü and D. Feng, “An Arbitrated Quantum Message Signature
Scheme,” in Computational and Information Science, vol. 3314 of
Lecture Notes in Computer Science, pp. 1054–1060, Springer Berlin
Heidelberg, Berlin, Heidelberg, 2004.
33. J. Shen, T. Zhou, D. He, Y. Zhang, X. Sun, and Y. Xiang, “Block
design-based key agreement for group data sharing in cloud
computing,” IEEE Transactions on Dependable and Secure
Computing, vol. PP, no. 99, 2017.
34. W. Heisenberg, “Über den anschaulichen inhalt der
quantentheoretischen kinematik und mechanik,” in Original
Scientific Papers Wissenschaftliche Originalarbeiten, pp. 478–504,
Springer, 1985.
35. A. Peres and L. E. Ballentine, “Quantum Theory: Concepts and
Methods,” American Journal of Physics, vol. 63, no. 3, pp. 285-286,
1995.
36. A. K. Pati and S. L. Braunstein, “Impossibility of deleting an
unknown quantum state,” Nature, vol. 404, no. 6774, pp. 164-165,
2000.
37. C. H. Bennett, G. Brassard, C. Crépeau, R. Jozsa, A. Peres, and W. K.
Wootters, “Teleporting an unknown quantum state via dual
classical and Einstein-Podolsky-Rosen channels,” Physical Review
Letters, vol. 70, no. 13, pp. 1895–1899, 1993.
38. B. M. Terhal, D. P. DiVincenzo, and D. W. Leung, “Hiding bits in bell
states,” Physical Review Letters, vol. 86, no. 25, pp. 5807–5810,
2001.
39. C. E. Shannon, “Communication theory of secrecy systems,” Bell
Labs Technical Journal, vol. 28, no. 4, pp. 656–715, 1949.
40. J. Shen, D. Liu, J. Shen, Q. Liu, and X. Sun, “A secure cloud-assisted
urban data sharing framework for ubiquitous-cities,” Pervasive
and Mobile Computing, vol. 41, pp. 219–230, 2017.
21
22
TELEPHONY
23
2 TYPES OF QUANTUM CRYPTOGRAPHY
There are two types of cryptography:
1. Symmetric Cryptography
2. Asymmetric Cryptography
Symmetric Key Cryptography is also known as Secret Key Cryptography

(SKC) where a key (any text, numbers, etc.) is used to encrypt data, and
the same key is used to decrypt that data. The smallest change in the
secret key will fail to decrypt an encrypted message. For example, text
that is encrypted using AES encryption with key Infosec will fail to decrypt
another cipher text which was encrypted using key INFOSEC.
Asymmetric Key Cryptography is also known as Public Key Cryptography

(PKC) where two sets of keys are generated. One is called a public key and
other is called a private key. A public key is used to encrypt data whereas a
private key is used to decrypt that data. Similar to symmetric
cryptography, the smallest change in any of the two keys will make them
useless to get the original data. A benefit of asymmetric cryptography is
that you can share the public key with the whole world so that they can
use it to send you encrypted data. And the private key is stored safely with
the owner and is used for decryption. One disadvantage of this type of
cryptography is that if your private key is lost or leaked then you will have
to generate a new pair of public and private keys.
What’s the difference between post-quantum cryptography and quantum

cryptography?
Post-quantum cryptography refers to cryptographic algorithms (usually

public-key algorithms) that are thought to be secure against an attack by
a quantum computer. These complex mathematical equations take
traditional computers months or even years to break. However, quantum
24
TELEPHONY
computers running Shor’s algorithm will be able to break math-based
systems in moments.
Quantum cryptography, on the other hand, uses the principles of quantum

mechanics to send secure messages, and unlike mathematical encryption,
is truly un-hackable.
Unlike mathematical encryption, quantum cryptography uses the

principles of quantum mechanics to encrypt data and making it virtually
un-hackable.
How Quantum Cryptography Works
Quantum cryptography, or quantum key distribution (QKD), uses a series

of photons (light particles) to transmit data from one location to another
over a fiber optic cable (OFC). By comparing measurements of the
properties of a fraction of these photons, the two endpoints can
determine what the key is and if it is safe to use.
Describing the process further helps to explain it better.
1. The sender transmits photons through a filter (or polarizer) which

randomly gives them one of four possible polarizations and bit
designations: Vertical (One bit), Horizontal (Zero bit), 45 degree
right (One bit), or 45 degree left (Zero bit).
2. The photons travel to a receiver, which uses two beam splitters
(horizontal/vertical and diagonal) to “read” the polarization of
each photon. The receiver does not know which beam splitter to
use for each photon and has to guess which one to use.
3. Once the stream of photons has been sent, the receiver tells the
sender which beam splitter was used for each of the photons in
the sequence they were sent, and the sender compares that
information with the sequence of polarizers used to send the key.
The photons that were read using the wrong beam splitter are
discarded, and the resulting sequence of bits becomes the key.
If the photon is read or copied in any way by an eavesdropper, the

photon’s state will change. The change will be detected by the endpoints.
25
In other words, this means you cannot read the photon and forward it on
or make a copy of it without being detected.
An example of how quantum encryption works:
Imagine you have two people, Alice and Bob, who want to send a secret to
each other that no one else can intercept. With QKD, Alice sends Bob a
series of polarized photons over a fiber optic cable. This cable doesn’t
need to be secured because the photons have a randomized quantum
state.
If an eavesdropper, named Eve, tries to listen in on the conversation, she

has to read each photon to read the secret. Then she must pass that
photon on to Bob. By reading the photon, Eve alters the photon’s
quantum state, which introduces errors into the quantum key. This alerts
Alice and Bob that someone is listening and the key has been
compromised, so they discard the key. Alice has to send Bob a new key
that isn’t compromised, and then Bob can use that key to read the secret.
The Solution We Need For Future
The need for unbreakable encryption is staring us in the face. With the
development of quantum computers looming on the horizon, the integrity
of encrypted data is at risk now. Fortunately, quantum cryptography,
through QKD, offers the solution we need to safeguard our information
well into the future – all based on the complex principles of quantum
mechanics.
As the need for unbreakable encryption looms in networks around the

world, quantum cryptography is the solution that will safeguard and
future-proof sensitive information.
The private key is stored safely with the owner and is used for decryption.
One disadvantage of this type of cryptography is that if your private key is
lost or leaked then you will have to generate a new pair of public and
private keys.
1. Horizontal
2. Vertical
26
TELEPHONY
3. Diagonal (Right and Left)
A photon has the capability to spin in all three states at the same time.
How do we use it in cryptography? Another part of physics and photons is
polarization. Polarization can be used to polarize (pass through a filter) a
photon so that it has a particular spin, vertical or horizontal or diagonal.
Polarization of a photon is performed using polarization filters.
Now comes Heisenberg’s Uncertainty Principle, which states that it is

impossible to measure together the speed and position of a particle with
highest accuracy, and its state will change when measured. In other
words, if an eavesdropper intercepts the transmitted photons and passes
it through its polarizer, if it is wrong it will make the receiver get the
wrong photon. Hence the interception of communication will get
detected. Why do we need quantum cryptography?
Every new solution is made because of some problem occurred in the

current solution. The case is no different with this one. Let us see the
problem first.
The problem with symmetric cryptography is that the same key is used to
both encrypt and decrypt the messages. If for some reason that key is
leaked to some third party, then it can be used to decrypt communication
between two trusted devices or persons. In the worst case, the
communication can be intercepted and altered. Today’s huge computing
power (these days even Xbox and PlayStation at homes have huge power)
can be used to crack a key used in symmetric cryptography. Another major
problem with this type of cryptography is how to decide which key to use
and how to share between trusted devices or persons. Imagine a key has
to be shared between India and America, then that communication too
has to be secured before sharing the key.
Coming to the problem of asymmetric cryptography, it is not something

we are facing right now, but seeing the pace of changing technology, we
will be facing it soon. Most of the keys used in public key cryptography are
at least 128-bit keys which are considered to be very strong. An attacker
can easily get hold of the public key because it is shared by the user. But
to generate a private key for that public key involves huge amounts of
calculations with permutations and combinations. At present a
27
supercomputer is what you need to crack a PKC and many years to

complete it. But it will become pretty much possible with the use of
quantum computers which use quantum physics to operate and have very
high efficiency and computation speed. A quantum computer is a
theoretical concept right now and will utilize atoms and molecules to
perform computing at a very high speed.
According to Moore’s Law, in an integrated circuit the number of

transistors doubles every 2 years. It means that the speed of computing
will increase to a very high level every two years. Right now Intel i7
processor integrated circuit has 1.4 billion transistors. Clearly, in the
coming decades computing speed will increase and the age of quantum
computers will become a reality.
Now from our above discussion it is very clear that the biggest problem
with the current cryptographic techniques is keys and their security in
transmission.
Ethical Hacking Training – Resources (InfoSec)
How does quantum cryptography work?
In quantum cryptography, the source sends a key to the receiver, and this
key can be used to decrypt any future messages that are to be sent. When
the key has been successfully sent and received, the next step is to send
encrypted data to the receiver and let it decrypt and process that data.
Important: the key is the main part of cryptography and should be sent in
a very secure manner.
Quantum cryptography has a different way of sending the key to the

receiver. It uses photons to send a key.
What is a photon, and how it is used?
A photon is the smallest particle of light. It has three types of spins:
28
TELEPHONY
It means that if a photon is polarized using say X filter (Diagonal
Polarization), then to get the original spin of the photon only X filter can
be used. If a + filter (Rectilinear Polarization) is used on the photon, then it
will either be absorbed by the filter or the polarized photon, will be of
different spin than the original photon. For example, a horizontal spinning
photon when passed through a wrong filter will lead to diagonal spin,
which is incorrect.
The below table shows output spin for used polarization:
Polarization Output Spin

Rectilinear Horizontal Spin
Vertical Spin (|)
Polarization (+) (–)
Diagonal Polarization Left Diagonal Right Diagonal

(X) Spin (\) Spin (/)
How to send data using photons
One of the major concerns before using quantum cryptography is how to

associate data with photons. This problem can be easily solved by
assigning the spin of every photon as 0 or 1. Please see the sample table
below:
Horizontal Vertical Left Diagonal Right

Spin Spin Spin Spin Diagonal Spin
(–) (|) (\) (/)

Valu
e 0 1 0 1
Imagine Alice applies polarizations on photons and gets the spin and keeps
a note of it. Every spin has a value associated with it. Please refer to the
table below:
29
Do note that Alice is able to find the spin of photon after polarization using
four detectors (horizontal, vertical, right diagonal, left diagonal).
Now the key in binary format is: 0101100110101011
This binary data can be converted into other formats like string and
integer, depending upon choice of the users involved in the
communication. Let us assume Alice wants the key to be in integer format,
so the key will be:
In real world implementation, the key should not be this short in length.
How to share and verify the key
In the above section, Alice applied polarization and calculated the value of
the key, which will be transmitted to Bob. Note that transmission of these
photons takes place in optical fiber cables.
Alice sends the polarized photons to Bob using a suitable communication

channel. Bob is listening for incoming photons and randomly applies any
polarization (rectilinear or diagonal) and keeps a note of applied
polarization, spin and its value.
Now when the transmission has completed, Alice and Bob communicate
on a public channel which needs not be encrypted. Bob tells Alice only the
polarizations (not the spin or value) he applied in the exactly same
sequence, and Alice only says YES/NO. This communication will be
something like this:
30
TELEPHONY
In the above communication, Bob gets to know the wrong polarizations.

But do note that we have a problem here which is highlighted in orange
color. See that Alice said polarization applied is wrong but the spin Bob
received had the same bit value (1) as Alice’s. But Bob has no way to find
what value Alice has so he has no other way but to discard his results for
wrong polarization.
After successful key transmission and fixing of wrong polarization,

encrypted data can be sent and decrypted when received.
Communication interception
If a user is intercepting the communication between sender and receiver,

then he will have to randomly apply polarization on the photons sent.
After polarization, he will forward it to the original sender. But it is
impossible for the eavesdropper to guess all polarizations correctly. So
when Bob and Alice validate the polarizations, and Bob fails to decrypt the
data, then the interception of communication will get detected.
Conclusion
Privacy and data security is right now of utmost importance to people.

With quantum cryptography, secure transmission of data is possible, and
chances of it being intercepted and altered are very low. This technology
has been implemented in some areas. But is still under deeper research
before being widely implemented.
Guide for Implementing Quantum-Safe Key Distribution
31
 Quantum Cryptography Demystified: How It Works in Plain

Language in next chapter
32
33
3 QUANTUM CRYPTOGRAPHY DEMYSTIFIED
Quantum Cryptography Demystified: How does It Works in Plain Language:

already covered the basics of quantum computing in our article on How
does quantum computing work, so now it’s time to dive into one of its
most publicized applications: quantum cryptography. Quantum
cryptography holds both promises and threats for our current
cryptographic infrastructure. The most obvious threat is quantum
computers could decrypt data that’s been encrypted using many of our
current systems. But it also holds the promise of secure communications
channels for key distribution. Eventually, using quantum technology, it
may even be possible to build entire encryption systems that are
considered unbreakable.
Quantum Computing Decryption: Looming Crisis Or Another Y2K Blind

Panic?
34
TELEPHONY
Coutesy:Enigma machine-Museum of Science,Milan,Italy
Almost all widely used encryption systems rely on keys — typically large,
random, numbers that can be used to encrypt or decrypt data. Current
encryption packages are most often built using either symmetric or
asymmetric keys — many using asymmetric keys to transmit a shared,
symmetric key for doing the actual data encryption. Both types of keys
would be vulnerable to hacking using quantum computers. Symmetric
systems rely on a shared secret key, and cracking the key requires about
double the computing work for each additional bit. With that kind of
scaling, it’s been possible to keep using larger keys as computers get more
powerful. However, by implementing Grover’s algorithm, quantum
computers can essentially cut the key length in half — a nearly
inconceivable reduction in the amount of time required to crack a key. The
good news is that now that we’re aware of the challenge, doubling the key
lengths in use should be an excellent defense.
Asymmetric systems (like Public Key Infrastructure — PKI) use

public/private key pairs that are mathematically generated. In the case of
the widely-used RSA family of algorithms, the math is fairly complex. But
it’s possible to crack if you can factor a very large number into its two
prime number factors. If a key with enough bits is used, this is a nearly
35
intractable problem for conventional computers, but quantum computers

can use something called Shor’s algorithm to find the factors much more
quickly. A rough estimate of the compute power needed is two qubits per
bit length of the key. So a 1,024-bit (Kb) key would require a quantum
computer with 2,048 bits. Experts expect those to be possible within a
decade, and some think sooner. Note that today 1,024-bit keys are already
considered potentially unsafe, as they can be cracked given enough time
on a large computer, but once a quantum computer can handle the task it
will take very little time.
Much like the situation with the software migration required by Y2K, there
are other encryption techniques that aren’t easily cracked with quantum
computers. Examples of (non-quantum) encryption systems resistant to
quantum attacks include McEliece and NTRUEncrypt. That means the
problem is migrating the large number of systems and data already in
place to newer ones. Also, like Y2K, it remains to be seen how real, and
how widespread, the threat will be, as sufficiently large quantum
computers will be expensive when they are finally available. That means
they’re unlikely to get used for trying to hack information unless it’s
considered extremely valuable. To run all of Shor’s algorithm, a quantum
computer also needs to be paired with a powerful conventional computer,
which will drive the cost of a key cracking system up even further.
Secure Communications Using Quantum Key Distribution
When you hear the term quantum cryptography, more often than not
what is being referred to is Quantum Key Distribution (QKD). QKD doesn’t
actually encrypt user data but makes it possible for users to securely
distribute keys to each other, which can then be used for subsequent
encrypted communication.
Whatever encryption system is used, there is almost always some type of

private information that must be kept secret. For symmetric key systems,
it is shared information in the form of a key, while in asymmetric systems
each node has its own secret key while sharing a matching public key. In
both cases, there are vulnerabilities when initializing communication.
Symmetric key systems often rely on physical sharing of keys — some
financial institutions use actual couriers with portable storage devices —
to bootstrap. Or they may rely on a connection secured using an
36
TELEPHONY
asymmetric system to share the encryption key needed for subsequent
use. One reason for that is asymmetric systems like Public Key don’t
require sending the secret (in this case private keys) over the channel,
while symmetric systems are more efficient, and often more secure, for
large volumes of data once keys have been exchanged.
Coutesy:EPB control centre
While QKD isn’t in widespread use, it has been in commercial use in

Europe since 2007, and in the US since 2010. For high-value transactions
like inter-bank communication and election result transmission, the
benefits of QKD are sometimes worth the cost. Another impediment to
the wider adoption of QKD is that current systems aren’t interoperable
between different vendors. Fortunately, that’s starting to change. In a
research effort directed at finding ways to secure the power grid, teams at
Oak Ridge and Los Alamos National Laboratories have demonstrated the
first successful use of QKD between different implementations. The
University of Bristol has also just published research on doing something
similar to help secure multi-vendor 5G wireless networks.
But What About True Quantum Cryptography?
While harder than QKD, it will eventually be possible to encrypt data using
quantum computing techniques that are particularly resistant to
eavesdropping and various other forms of hacking. The most popular
approach currently is the Kak protocol. Essentially it’s a quantum version
of the well-known double-lock algorithm, which allows two users to
securely exchange data without sharing any keys.
37
The double-lock protocol is remarkably simple. We’ll use common

convention, and assume Alice and Bob want to exchange information,
without it being modified by an eavesdropper, Eve. They also want to
know if anyone is successfully eavesdropping on their communication
channel. To do this they trade locks in a three-step process.
In Kak’s protocol, Alice and Bob use encryption functions U A and UB as

proxies for the physical locks of a traditional two-lock protocol.
As the first step, Alice locks her data (in the digital case, encrypts it using a
secret key), and sends it to Bob. Bob, in turn, adds his lock (encrypting
Alice’s already encrypted data with his own secret key), and sends it back
to Alice. Alice removes her lock and sends the result back to Bob. Bob can
then remove his lock, and read the original data.
This works well with physical locks and keys, but it’s a little more complex
when digital encryption is involved. For the protocol to work, the
encryption processes have to be commutative (because the encryptions
are applied in the order Alice, Bob, but then Alice needs to be able to
remove her encryption before Bob removes his). An example of one
possible, and popular, encryption, is multiplying by a large number. So far,
so good. But now imagine that Eve is listening. As the data goes back and
forth, she will be able to see the data multiplied by Alice’s key, the data
multiplied by both keys, and the data multiplied by Bob’s key. From that,
she can compute the supposedly secret keys of Alice and Bob.
Subhash Kak proposed using certain quantum rotations as a way to create

a version of the double-lock protocol that couldn’t be eavesdropped. The
rotations he proposed could be applied in either order, but any attempt to
38
TELEPHONY
listen in by reading out intermediate data would result in corrupted data.
Other researchers have continued to evolve the protocol with features to
make it even more tamper-resistant, but unlike QKD, there aren’t any
commercial implementations yet. While it is going to require much more
powerful quantum computers to make true quantum-based encryption a
reality, researchers are getting closer.
A team of Chinese researchers successfully used quantum-entangled

photons to create and share one-time pads between a satellite and a
ground station in Austria in 2017,which is discussed in later on chapter on
Quantum phone. Encryption using one-time pads is provably secure as
long as the pad is not compromised, is random, is used only once, and is
longer than the data being transmitted. Quantum technology helps with
the first three of these, but its performance is still quite slow. Still, the
team was able to encrypt, transmit, and decrypt over 2GB of data using
their quantum system.
In the meantime, quantum computers can do one simple task that’s

important for encryption quite well: They can generate truly random
numbers. It’s unlikely ultra-expensive quantum computers will be
deployed just for that purpose, but once they’re in use, it will be a useful
capability.
39
40
TELEPHONY
4 QUANTUM COMMUNICATIONS
Quantum cryptography is a new method for secret communications
offering the ultimate security assurance of the inviolability of a Law of
Nature. We shall describe the theory of quantum cryptography, its
potential relevance and the development of a prototype system at Los
Alamos, which utilises the phenomenon of single-photon interference to
perform quantum cryptography over an optical fiber communications link.
“I am fairly familiar with all forms of secret writings, and am myselfthe
author of a trifling monograph upon the subject, in which I analyse one
hundred and sixty separate ciphers; but I confess that this one isentirely
new to me. The object of those who invented the system hasapparently
been to conceal that these characters convey a message ...”(Sherlock
Holmes.1)
1. Introduction to Cryptology, the mathematical science of secret
communications, has a longand distinguished history of military
and diplomatic uses dating back to theancient Greeks.
2. In World War II, Allied successes in breaking the ciphers
ofGermany and Japan played an important part in the outcome of
the conflict andthe development of the modern computer.
3. Today, the ability to ensure thesecrecy of military or diplomatic
communications is as vital as ever, butcryptography is also
becoming more and more important in everyday life. Withthe
growth of computer networks for business transactions and
communication of confidential information there is an ever
increasing need for encryption to ensurethat this information
cannot be acquired by third parties.
41
Remarkably, the seemingly unrelated philosophical foundations of

quantum mechanics are nowbeing brought to bear directly on the
problem of communications security in thepotentially practical emerging
technology of quantum cryptography.the theory of quantum
cryptography, its potential applications and the development of an
experimental prototype at Los Alamos. We shall answer the questions:
What is “quantum” about quantum cryptography? Will we need it? or,
what if anything is “wrong” with conventional cryptography? What are the
limitations imposed by “practical” issues such as losses and noise? What
are the prospects for future improvements? What hardware
developments are desirable? and, What kind of secure communications
problem could it be used for?The two main goals of cryptography are for a
sender and an intended recipient to be able to communicate in a form
that is un-intelligible to third parties,and for the authentication of
messages to prove that they were not altered in transit. Both of these
goals can be accomplished with provable security if senderand recipient
are in possession of shared, secret “key” material. Thus, key material,
which is a truly random number sequence, is a very valuable commodity
even though it conveys no useful information itself. One of the principal
problems of cryptography is therefore the so-called “key distribution
problem.” How do the sender and intended recipient come into
possession of secret key material while being sure that third parties
(“eavesdroppers”) cannot acquire even partial information about it? It is
provably impossible to establish a secret key with conventional
communications, and so key distribution has relied on the establishment
of a physically secure channel (“trusted couriers”) or the conditional
security of “difficult” mathematical problems in public key cryptography.
However, provably secure key distribution becomes possible with
quantum communications. It is this procedure of key distribution that is
accomplished by quantum cryptography, and not the transmission of an
encryptedmessage itself. Hence, a more accurate name is quantum key
distribution (QKD).The most obvious security feature of QKD is that it is
impossible to “tap”single quantum signals in the conventional sense. At a
deeper level, QKD resists interception and retransmission by an
eavesdropper because in quantummechanics, in contrast to the classical
world, the result of a measurement cannotbe thought of as revealing a
“possessed value” of a quantum state. Moreover,Heisenberg’s uncertainty
principle ensures that the eavesdropper’s activities must produce an
irreversible change in the quantum states (“collapse of thewavefunction”)
before they are retransmitted to the intended recipient. These changes
42
TELEPHONY
will introduce an anomalously high error rate in the transmissionsbetween
the sender and intended recipient, allowing them to detect the attempted
eavesdropping. Thus, the two important security features of QKD are that
eavesdroppers cannot reliably acquire key material, and any attempt to do
so will be detectable. The origins of quantum cryptography can be traced
to the work of Wiesner, who proposed that if single-quantum states could
be stored for long periods of time they could be used as counterfeit-proof
money. Wiesner eventually published his ideas in 1983, but they were of
largely academic interest owing to the impracticality of isolating a
quantum state from the environment for long time periods. However,
Bennett and Brassard realized that instead of using single quanta for
information storage they could be used for information transmission. In
1984 they published the first quantum cryptography protocol now known
as “BB84”.5 A further advance in theoretical quantum cryptography took
place in 1991 when Ekert proposed6 that Einstein-Podolsky-Rosen
(EPR)entangled two-particle states could be used to implement a quantum
cryptography protocol whose security was based on Bell’s inequalities.7
Also in 1991, Bennett and collaborators demonstrated that QKD was
potentially practical by constructing a working prototype system for the
BB84 protocol, using polarisedphotons.8In 1992 Bennett published a
“minimal” QKD scheme (“B92”) and proposed that it could be
implemented using single-photon interference with photons propagating
for long distances over optical fibers.9 Since then, other QKD protocols
have been published10 and experimental groups in the
UK,11Switzerland12 and the USA13 have developed optical fiber-based
prototype QKD systems. The aim of these experiments has been to show
the conceptual feasibility of QKD, rather than to produce the definitive
system, or to address a particular cryptographic application. Thus, we can
expect that the experiences with the current generation of systems will
lead to improvements towards demonstrating the practical feasibility of
QKD as well as a definition of the applications where it could be used. The
remainder of this paper is organized as follows. In Sections 2 and 3
introduced some important ideas from cryptography to explain the
significance of QKD. In Section 4 we shall describe the B92 QKD protocol in
detail, and then we shall illustrate the immunity of QKD to eavesdropping.
we describe some of the practical issues that arise in implementing QKD
and we shall give some details about the QKD prototype that we
havedeveloped at Los Alamos. Finally, we shall present some conclusions
and discuss the future possibilities for QKD development. Cryptography to
explain the significance of quantum cryptography it is necessary to
43
describe some of the important features (and perils) of cryptography in

general.These points can be illustrated with one of the most famous
literary examples of a cipher: Sir Arthur Conan Doyle’s “The Adventure of
the Dancing Men.”1 In this story, Elsie, the American wife of an English
gentleman, Hilton Cubbitt, is terrorised by the appearance of chalked
stick-figures outside her house. (SeeFigure 1.) Sherlock Holmes is called in
and quickly realizes that the figures are not the scribbling of children, but
rather are a form of cryptography, in which each letter of the alphabet has
been substituted with a stick figure, known only to the sender (Abe
Slaney, “the most dangerous crook in Chicago”) and the intended
recipient, Elsie. This cryptosystem yields to the crypt analytical powers of
Sherlock Holmes, who breaks the cipher after collecting only 62
characters, by observing the relative frequencies of the different
characters, identifying the most frequent with the letter “E” and using
intuition.2 With this information the master detective is able to compose
his own cryptogram summoning Abe Slaney to Elsie’s 470906 .
The great promise of quantum communication is perfect privacy: the

ability to transfer a message from one point in the universe to another
in such a way that the very laws of physics prevent an eavesdropper from
listening in.
For hackers, that kind of promise is like a red flag to a bull. Since the first
commercial quantum cryptography systems became available in the early
2000s, people have repeatedly attempted to bring them down—with
significant success. The attacks have ruthlessly exploited imperfections in
the equipment used to send quantum information. In doing so, hackers
have shown that even if the laws of physics offer perfect security,
equipment can never be perfect. And these imperfections create
loopholes that can be exploited.
Quantum physicists were forced to respond quickly, developing new

protocols that do not depend on equipment. So-called device-
independent quantum cryptography offers perfect security even when the
equipment is less than perfect. At least in theory.
44
TELEPHONY
But the frightening truth about implementing quantum cryptography is

that somebody, somewhere may always be found to have overlooked
something important. And this oversight will enable a hack.
Today, Xiao-Ling Pang and colleagues at Shanghai Jiao Tong University in

China say they’ve found one of those overlooked factors. Thanks to that
discovery, the team has managed to hack device-independent quantum
cryptography with a frighteningly high success rate.
First some background. Most quantum encryption systems encode

information using photons. Alice sends the photons to Bob, who measures
them to reveal the information.
This process relies on the fact that measuring the quantum properties of a

photon always changes the information it carries. So if any eavesdropper
is tuning in, Alice and Bob can spot Eve’s presence by the changes she
introduces to the original message. If they find evidence of eavesdropping,
they begin again. Indeed, they keep re-sending the data until they can be
sure nobody has overheard it.
Of course, Alice can’t use this technique to send a private message,

because it’s only possible to detect Eve after she has listened in. Instead,
Alice uses it to send Bob a key—a one-time pad—that he can use to
encrypt a message and send it over a classical channel. A one-time pad is
provably secure, provided nobody else knows the key.
45
Various cyber security researchers have found ways to hack this kind of
system. A shortcoming they’ve exploited is that the data is often encoded
in the polarization of a photon: a vertically polarized photon might encode
a 1 and a horizontal polarization a 0.
One hack is to shine a high-powered laser into the equipment so that it

reflects off the polarisers inside. The reflections reveal the orientation
used to polarize and encode the outgoing photons. And that reveals the
code. To counter this, physicists have developed ways to prevent these
reflections.
Enter Pang and colleagues, who say they’ve found an entirely new way to
attack quantum communication that doesn’t rely on reflections. The new
technique hinges instead on an effect called injection locking. This is a
method of changing the frequency of a laser by injecting photons with a
different seed frequency into the lasing cavity. Provided the difference in
frequency is small, the laser eventually resonates with the seed frequency.
Pang and co inject photons into Alice’s laser so that they change the
output frequency. But this only works if Pang’s photons can pass through
the polarizer into the lasing cavity. To ensure that this happens, Pang and
co inject four photons, each with a different orientation—horizontal,
vertical, and plus or minus 45 degrees. They then wait to see whether this
changes the frequency of Alice’s outgoing photon. If the frequency is
altered, then the polarization of the incoming photon must have matched
the outgoing one.
And that reveals the code without measuring the polarization of the
outgoing photon. Pang and co then change the frequency of this photon
back to the intended frequency and send it on to Bob, who is none the
wiser.
Voilà! A hack that reveals the quantum information to Eve without Alice or
Bob’s knowledge.
Pang and co say they’ve tested the approach with remarkable results. “We
demonstrate that Eve can control Alice’s source by forcing her laser
resonant at a designed frequency,” they say. “We obtain a hacking success
rate reaching 60.0%.”
46
TELEPHONY
That’s interesting work that outlines yet another step in the cat-and-
mouse game of quantum hacking.
Obviously, the next step is to find ways to prevent injection locking, and
Pang and co have made the first attempts. They say an obvious
countermeasure is to use devices known as isolators, which allow photons
to travel in one direction but not the other.
However, these devices are by no means perfect. They usually allow

photons to travel in one direction but merely reduce the number that can
travel in the other.
Pang and co include isolators in their setup that reduce the transmission
of unwanted photons by up to 3 decibels. This reduces the hacking success
rate to 36%, which they describe as “still considerably high information
leakage.”
Of course, it’s not hard to think of other ways to reduce the effectiveness
of this kind of attack. But there is a bigger message here: that flaws in
device-independent quantum cryptography are still coming to light. “The
main message we would like to deliver here is that there may exist many
other physical loopholes,” say Pang and co.
Quantum audio
Let's try to understand the concepts of quantum audio with a flute having
two holes. Let us consider the open state as 0th state |0> and when holes
are closed as the 1th state |1>. And when one opened and other closed
simultaneously be a superposition statef. That means both holes open
and closed forms our required set of qubit. Now, let us try to play the flute
with both open as |00>,both closed as |11>, first open second closed as |
01>, first closed second open as |10>. We are now for 2 qubits required
states which will be put in the form of the register as the linear
combination as
F =A 1 |00>+ A 2 |01> + A 3 |10> + A 4 |11>
47
Hereby can see that the coefficients of kets ] are the frequency or the
probability amplitude of the states, which in layman language will be the
time of pause or use of the holes. Now let's consider a flute or a trumpet
which have only three keys. We can play full Sargam of Indian classical
music or solfege DoReMi of Western classical music for octanic scale and
C-major as our quantum music
Sa = |000> = Do =C
Re = |001> = Re=D
Ga = |010> = Me= E
Ma = |011> = La = F
Pa = |100> = Fa = G
Dha = |101> = So =A
Ni = |110> = Ti = B
Sa = |111> = Do =C
Now the register or the linear combination is “octave” goes on the basis of
the earlier case with two keys for three keys
F = A1 |000> + A2 |001> +A3 |010> + A4 |011> + A5|100>+A6|101>+A7|

110>+A8|111>
For 4 qubits it will show all range of Major and Minor scales as whole tone
Sa = |0000> = Do =C major
Re = |0001> = Re=D major
Ga = |0010> = Me= E major
Ma = |0011> = La = F major
48
TELEPHONY
Pa = |0100> = Fa = G major
Dha = |0101> = So =A major
Ni = |0110> = Ti = B major
Sa = |0111> = Do = C –flat major
Sa = |1000> = Do =C minor
Re = |1001> = Re=D minor
Ga = |1010> = Me= E minor
Ma = |1011> = La = F minor
Pa = |1100> = Fa = G minor
Dha = |1101> = So=A minor
Ni = |1110> = Ti = B minor
Sa = |1111> = Do = C-flat minor
Then the register or digest or set of sounds as
F = A1 |0000> + A2 |0001> +A3 |0010> + A4 |0011> +
A5|0100>+A6|0101>+A7|0110>+A8|0111> + A9 |1000>
+ A10 |1001> +A11 |1010> + A12 |1011> +
A13|1100>+A14|1101>+A15|110>+A16|1111>
Hence on one can play the quantum music.
A group of scientists working in School of Humanities and Sciences of

Stanford auniversity have worked on Singing qubits in their article
published in Nature (journal) [1] They formed a circuit ] with quantum bit,
49
or qubit, that can exist in two states at once and has a natural frquency,
which can be read electronically. When the mechanical resonators vibrate
like a drumhead, they generate phonon in different states.
Watermarking scheme using quantum Discrete Cosine Transform for

quantum audio signal processing in encoded Flexible representation of
quantum audio form done for change in time domain to frequency
domain [2].
References
[1] Arrangoiz-Arriola, Patricio; Wollack, E. Alex; Wang, Zhaoyou;

Pechal, Marek; Jiang, Wentao; McKenna, Timothy P.; Witmer, Jeremy
D.; Van Laer, Raphaël; Safavi-Naeini, Amir H. (24 July 2019).
"Resolving the energy levels of a nanomechanical oscillator". Nature.
571 (7766): 537–540. arXiv:1902.04681.
Bibcode:2019Natur.571..537A. doi:10.1038/s41586-019-1386-x.
PMID 31341303. Lay summary.
[2] Chen, Kehan; Yan, Fei; Iliyasu, Abdullah M.; Zhao, Jianping (2018).
"A Quantum Audio Watermarking Scheme". 2018 37th Chinese Control
Conference (CCC). pp. 3180–3185. doi:10.23919/chicc.2018.8483507.
ISBN 978-988-15639-5-8.
50
51
5 FUTURE OF SECURITY
Thieves steal data constantly, so protecting it is an ongoing challenge.

There are more than 6,000 banks with 280,000 branches in the world,
nearly 10,00000 hospitals and thousands of insurance companies, all with
data that they wants to keep private. Traditionally, their valued data is
protected by “keys,” which are transmitted between sender and receiver.
These secret keys are protected by unproven mathematical assumptions
and can be intercepted, corrupted and exposed if a hacker “eavesdrops”
on these keys during transmission. Specific problems with current
encryption technology include:
 Potential backdoors inserted into at least one of the

recommended random number generators
 Improvement s in quantum computing, which will nullify the
security of all approved encryption key transfer methods
 At least two different types of side channel attacks on the most
popular key exchange methods that can break key exchange
methods as powerful as RSA-40963
Standard methods for exchanging cryptographic keys are in jeopardy. RSA-

1024, once commonly used to exchange keys between browsers and web
servers, has probably been broken; though RSA-2048 is still approved. This
and other public-key infrastructure technologies perhaps haven’t been
broken yet but soon will be by bigger, faster computers. And once
52
TELEPHONY
quantum computers are mainstream, data encrypted using existing key
exchange technologies will become even more vulnerable.
Researchers are working on methods to improve the security of software-

based key exchange methods using what is known as post quantum
cryptography which is discussed in later on chapter — methods that will
continue to be effective after quantum computers are powerful enough to
break existing key exchange methods. These are all based on the
unprovable assertion that certain numerical algorithms are difficult to
reverse. But the question that remains is — difficult for whom? How do
we know that an unpublished solution to these exact problems hasn’t
been discovered? The answer is — we don’t.
Quantum cryptography is the only known method for transmitting a secret

key over long distances that is provably secure in accordance with the
well-accepted and many-times-verified laws that govern quantum physics.
It works by using photons of light to physically transfer a shared secret
between two entities. While these photons might be intercepted by an
eavesdropper, they can’t be copied, or at least, can’t be perfectly copied
(cloned). By comparing measurements of the properties of a fraction of
these photons, it’s possible to show that no eavesdropper is listening in
and that the keys are thus safe to use; this is what we mean by “provably
secure”. Though called quantum cryptography, we are actually only
exchanging encryption keys, so researchers prefer the term “quantum key
distribution”, to describe this process. The no-cloning theorem is one of
the fundamental principles behind QKD, and why we think that this
technology will become a cornerstone of network security for high value
data.
While products based on QKD already are being used by banks and
governments in Europe — especially Switzerland — they have not been
deployed commercially in the United States to any great extent. In India Rs
8000 crore (1.2 billion dollars) are earmarked for implementation of
Quantum technology. Current technological breakthroughs are pushing
the distance over which quantum signals can be sent.Trials are donewith
optical fibers laid down by telecommunications companies but lying
unused — have sent quantum signals three hundred kilometers, but
practical systems are currently limited to distances of about 100
kilometers. A scalable architecture that includes a Trusted Node to bridge
53
the gap between successive QKD systems can both extend the practical
range of this technology and allow keys to be securely shared over a wide
ranging network, making large scale implementation possible and
practical. Cybersecurity is making progress toward the future reality of
sending data securely over long distances using quantum physics.
As an example, a team at Battelle, together with ID Quantique, has started

to design and build the hardware required to complete a 650-kilometre
link between Battelle’s headquarters and our offices in Washington DC.
They are planning a network linking major U.S. cities, which could exceed
10,000 kilometers and are currently evaluating partners to work with
them on this effort. QKD is used to protect the networks at Columbus,
Ohio headquarters. But they are not alone when it comes to quantum-
communication efforts. Last month, China started installing the world’s
longest quantum-communications network, which includes a 2,000-
kilometre link between Beijing and Shanghai.
Many nations acknowledge that zeroing in on un-hackable data security is

a must, knowing that even the best standard encryption that’s considered
unbreakable today will be vulnerable at some point in the future — likely
the near future. QKD is the best technically feasible means of generating
secure encryption. Yes, it has its challenges, but continued innovation is
tackling these issues and bringing us closer to the reality of long-distance
quantum rollouts and truly secure and future-proofed network
technology.
Does this mean that software-based methods won’t have any value for
network security applications? Of course not. One must always evaluate
the cost of the protection against the cost associated with the loss of your
data. But part of that evaluation must include the certainty of the security
solution. So, while post-quantum cryptography and QKD may both be
secure enough for a particular application, we use QKD when we want to
“know” that our data is secure, without having to rely on unproven
assumptions that it is.
In the long run, we envision an integrated network that includes software-

based methods, which we call Tier III (cost conscious), alongside higher-
security and commercially viable QKD (Tier II) solutions that use quantum
methods with Trusted Nodes to distribute keys, but conventional
54
TELEPHONY
encryption (AES, for example) to protect actual data. In this vision, there
is also one higher level — Tier I (very secure, very expensive) — that uses
quantum repeaters to transmit long, quantum-based keys and one-time-
pad encryption to protect our highest value data, mostly government and
military information.
QKD is an attractive solution for companies and organizations that have

very high-value data. If you have data that you want to protect for years,
QKD makes a lot sense. I think you’ll see this distributed across the
country to protect that high-value, long-duration data. This is the future.
55
56
TELEPHONY
6 CODE BREAKER OR HACKER AND

PAYMENT SYSTEM
Every time you buy something online, you put your faith in math – simple
math that's easy to do in one direction but difficult to do in reverse. That’s
what protects your credit card information from would-be thieves. But the
system can be hacked.
One popular encryption scheme, for instance, can be undone only by

factoring a huge random number, a “key” unlocking encoded information,
into two prime numbers. It’s a task that today is extraordinarily difficult,
but not impossible. With enough computing power, a spying government
could break the key. Or some clever mathematician could find an easy way
to factor large numbers and do it tomorrow, in theory.
In search of greater security from code breakers, a new generation of code

makers has been turning from math to physics. Experts in atoms and other
particles, these cryptologists want to exploit the laws of quantum
mechanics to send messages that are provably unhackable. They are the
architects of a new field called quantum cryptography, which has come of
age only in the past few decades.
Quantum cryptography draws its strength from the weirdness of reality at

small scales. The particles making up our universe are inherently uncertain
creatures, able to simultaneously exist in more than one place or more
than one state of being. They choose how to behave only when they bump
into something else or when we measure their properties.
57
Quantum cryptography draws its strength from the weirdness of reality at

small scales
The most popular cryptographic application yet for this strange behavior is
quantum key distribution, aka QKD. A quantum key encodes and sends the
information needed to decrypt a message in the fuzzy properties of
particles, typically light particles. Eavesdroppers trying to steal the key
must make measurements of those particles to do so. Those
measurements change the particles’ behavior, introducing errors that can
be detected and alert users that a key has been compromised and should
not be used to encode information.
Many variations on QKD exist, some of which employ an unusual long-

distance quantum connection called entanglement to protect information.
Entanglement allows two particles to behave like a single entity, no matter
how far apart they are. Meddle with one particle, and its partner instantly
reacts, even at the opposite end of the universe, revealing the presence of
a hacker.
QKD systems are becoming a reality. The first quantum transaction took
place in 2004, when researchers in Vienna used entangled photons to
transfer a 3000 Euro deposit into their bank account. Commercial QKD
systems came to the United States in 2013, when R&D nonprofit Battelle
installed a fiber optic network protected by encrypted photons. The
system, developed by ID Quantique, had already used its technology to
protect the results of an election in Geneva in 2007.
Quantum cryptography at work

The miniature transmitter communicates with a trusted authority to
generate random cryptographic keys to encode and decode information.
In 2013, researchers used devices like this to send information securely
58
TELEPHONY
over the electric grid. Los Alamos National Laboratory
“There is still a way to go before it becomes a standard commercial

proposition, but we are getting there faster than I expected,” says
quantum cryptographer Artur Ekert, a professor at the University of
Oxford and director of the Centre for Quantum Technologies at the
National University of Singapore.
Meddle with one particle, and its partner instantly reacts, even at the
opposite end of the universe, revealing the presence of a hacker
Entanglement can allow for extra security compared to other QKD

schemes. While the latter requires the device being used to be trusted,
entanglement opens the door to device-independent cryptography that
remains secure even on untrusted equipment.
The quantum-ness of an entanglement based system, which guarantees

its privacy, can be verified using a set of statistics that describe how
similarly the particles behave, called Bell inequalities.
And while QKD has become nearly synonymous quantum cryptography, it

is only one of many ideas in the field in various states of development. In
the 1960s, a professor at Columbia University developed the idea of a
quantum money that would impossible to counterfeit; each bill would
house trapped particles whose properties could be verified by banks. And
quantum random number generators can now spit out numbers based not
on computer algorithms, which can never be truly random, but on really
random quantum fluctuations.
Others are working on secure ways to send tasks from a normal computer
to the quantum computers of the future – devices that promise to be
better at certain jobs than today’s computers – among them, ironically,
the factoring of the very large numbers protecting your credit card
transactions today.
The future of code makers and code breakers is entangled, and it may be
quantum on both sides.
59
60
TELEPHONY
7 QUANTUM CRYPTOGRAPHY SYSTEM
61
Quantum cryptography uses physics to develop a cryptosystem

completely secure against being compromised without knowledge of the
sender or the receiver of the messages. The word quantum itself refers to
the most fundamental behaviour of the smallest particles of matter and
energy.
Quantum cryptography is different from traditional cryptographic systems

in that it relies more on physics, rather than mathematics, as a key aspect
of its security model.
Essentially, quantum cryptography is based on the usage of individual

particles/waves of light (photon) and their intrinsic quantum properties to
develop an unbreakable cryptosystem (because it is impossible to
measure the quantum state of any system without disturbing that system.)
Quantum cryptography uses photons to transmit a key. Once the key is

transmitted, coding and encoding using the normal secret-key method can
take place. But how does a photon become a key? How do you attach
information to a photon’s spin?
This is where binary code comes into play. Each type of a photon’s spin
represents one piece of information -usually a 1 or a 0, for binary code.
This code uses strings of ones and zeros to create a coherent message. For
example, 11100100110 and 110000111 could correspond with “h-e-l-l-o”,
“w-o-r-l-d”. So a binary code can be assigned to each photon, for example,
a photon that has a vertical spin ( | ) can be assigned a 1. Hazarika [1]
depicts how this can be done with ABR quantum gate for quantum
communication in chapter 6 “quantum teleportation “of his book
“AzadBinRajib (ABR) quantum gate quantum computing and quantum
information”
62
TELEPHONY
“If you build it correctly, no hacker can hack the system. The question is
what it means to build it correctly”, Renato Renner, the Institute of
Theoretical Physics in Zurich.
Regular, non-quantum encryption can work in a variety of ways but

generally a message is scrambled and can only be unscrambled using a
secret key. The trick is to make sure that whomever you’re trying to hide
your communication from doesn’t get their hands on your secret key.
Cracking the private key in a modern crypto system would generally
require figuring out the factors of a number that is the product of two
insanely huge prime numbers. The numbers are chosen to be so large
that, with the given processing power of computers, it would take longer
than the lifetime of the universe for an algorithm to factor their product.
But such encryption techniques have their vulnerabilities. Certain products

– alled weak keys– happen to be easier to factor than others. Also,
Moore’s continually ups the processing power of our computers. Even
more importantly, mathematicians are constantly developing new
algorithms that allow for easier factorization.
63
Quantum cryptography avoids all these issues. Here, the key is encrypted
into a series of photons that get passed between two parties trying to
share secret information. The Heisenberg Uncertainty principle dictates
that an adversary can’t look at these photons without changing or
destroying them.
“In this case, it doesn’t matter what technology the adversary has, they’ll
never be able to break the laws of physics,” said physicist Richard Hughes
of Los Alamos National Laboratory in New Mexico, who works on quantum
cryptography.
Problems with using Quantum Cryptography
But in practice, quantum cryptography comes with its own load of

weaknesses. It was recognized in 2010, for instance, that a hacker could
blind a detector with a strong pulse, rendering it unable to see the secret-
keeping photons.
Renner points to many other problems. Photons are often generated using
a laser tuned to such a low intensity that it’s producing one single photon
at a time. There is a certain probability that the laser will make a photon
encoded with your secret information and then a second photon with that
same information. In this case, all an enemy has to do is steal that second
photon and they could gain access to your data while you’d be none the
wiser.
Alternatively, noticing when a single photon has arrived can be tricky.

Detectors might not register that a particle has hit them, making you think
that your system has been hacked when it’s really quite secure.
“If we had better control over quantum systems than we have with
today’s technology” then perhaps quantum cryptography could be less
susceptible to problems, said Renner. But such advances are at least 10
years away.
Still, he added, no system is 100 percent perfect and even more advanced
technology will always deviate from theory in some ways. A clever hacker
will always find a way to exploit such security holes.
64
TELEPHONY
Any encryption method will only be as secure as the humans running it,
added Hughes. Whenever someone claims that a particular technology “is
fundamentally unbreakable, people will say that’s snake oil,” he said.
“Nothing is unbreakable.”
Reference
[1]Hazarika, Dr.A.B.Rajib :( 2020)” AzadBinRajib (ABR) quantum gate
quantum computing and quantum information “, Amazon Kindle
publisher.ISBN-9798638145231
65
66
TELEPHONY
8 CRYPTOGRAPHY IN QUANTUM AGE
Cryptography in the Quantum Age
All hope is not lost, thanks to two developments: quantum cryptography

and post-quantum encryption.
The quantum world has additional tricks up its sleeve, in addition to

superposition and entanglement, which can provide protections against
code-breaking abilities.
In the 1920s, physicist Werner Heisenberg showed that it’s impossible to

fully measure anything, such as an atom, with complete precision. When
you measure a property in an atom, such as position, you disturb it and
sacrifice the precision with which you can measure a complementary
property, such as its momentum—its velocity multiplied by its mass.
But the uncertainty principle is not only about limits in precision.

Physicists have exploited it to create something known as quantum
cryptography. With it, they have made the most secure encryption codes
that humans have ever devised.
67
Physicist Joshua Bienfang in Gaithersburg, Maryland with the NIST

quantum key distribution system.
Credit: ©Robert Rathe

Alan Mink works on a programmable printed circuit board used to process
data for the NIST quantum key distribution system.
68
TELEPHONY
Credit: ©Robert Rathe

Xiao Tang of NIST's Information Technology Laboratory and colleagues
conduct research on quantum communications over optical fiber
channels.
The uncertainty principle indicates that measuring any object will disturb
it. Quantum encryption relies on the fact that eavesdropping—trying to
gain information on a message—is a form of measurement and will
disturb a system in a way that can be detected.
Now the amount of disturbance is very small—proportional to Planck’s

constant, one of the smallest quantities in physics. But if you use very
small objects, or very small packets of energy such as photons to help
establish cryptographic keys, then it’s possible to create a cryptography
system that will detect any eavesdropper.
Fortunately for online banking and the internet, quantum cryptography

was proposed in the 1980s, before Shor suggested his algorithm capable
of breaking encryption. NIST has been involved in many areas of research
in quantum cryptography, such as establishing cryptographic keys using
streams of single photons, known as quantum-key distribution (QKD), and
using these to create cryptography networks. And commercial devices
started appearing in the 1990s. QKD systems have been implemented in
the real world and have been used successfully in limited applications in
government and the banking industry.
Quantum cryptography also has applications in secure communication.

Researchers in China recently used the technique.
To make a secure video call to colleagues in Austria who were 2,500
69
kilometers (approximately 1,600 miles) away.
Most QKD systems use photons that travel through fiber-optic cables. The
photons carry 0s and 1s of information. The information includes the
secret key that the sender (usually dubbed “Alice” in descriptions of
quantum cryptography) transmits to a receiver (named “Bob”). Then Alice
uses the secret key to encrypt the message she wants to transmit. Bob
uses the same key to decrypt the message. If an eavesdropper (named
“Eve”) tries to intercept the key, the photons are disturbed in a way that
Alice and Bob can detect. So, in the event of eavesdropping, Alice simply
creates a brand new key and waits until one is successfully transmitted to
Bob without eavesdropping. Then Alice transmits the message, scrambled
in a way that can only be unscrambled with the key.
Credit: E. Edwards/JQI
Quantum cryptography employs the properties of the quantum world,
such as the wavelike nature of all matter.
However, quantum cryptography systems have been expensive, and it has

been challenging to make them widespread and practical. Even though
quantum physics can provide the most fundamentally secure form of
encryption, it has been shown that even cryptography systems based on
quantum properties can be hacked.
Under real-world conditions; for example, when electrical static or noise—

governed by the rules of classical physics—inevitably gets introduced in
the system. Basically, the components of a quantum cryptographic system
can generate noise such as electrical static, whose behavior is governed by
70
TELEPHONY
the rules of classical physics. This noise can give away what the system is
doing, and thereby, make it insecure.
More fundamentally, however, quantum cryptography isn’t solving the

most important cyber security problem that we are facing today.
Quantum cryptography is designed to protect communications between
two trustworthy parties from being intercepted by an eavesdropper.
But what if the person on the other side is a cyber attacker?

Eavesdroppers are currently not the biggest concern in cyber security.
Researchers are looking for methods of public-key encryption that will be

secure well into the future.
Secure encryption methods must be in place if and when a quantum

computer that can run Shor’s algorithm is introduced. Quantum
cryptography devices could serve part of this need, but they may be too
impractical to implement on a major scale. So, researchers have
developed a new field, called post-quantum encryption, which is exploring
a whole range of alternatives.
“When quantum computers are a reality, our current public key

cryptography won’t work anymore,” says NIST computer scientist Matt
Scholl. “So, we need to start designing now what those replacements will
be.”
The road to post-quantum encryption will be a long one, but NIST has
already begun work in this endeavor. Shor’s algorithm would crack
cryptographic keys that rely on the factoring of large numbers. But there
are many ways of encrypting data, using mathematical functions that do
not involve factoring. And for some of these mathematical functions,
quantum computers wouldn’t be much better than ordinary computers at
trying to break them. Despite their name, many post-quantum algorithms
are based on classical mathematics techniques that predate quantum
information.
71
“You can use classical to stop quantum,” says Scholl.
NIST has been anticipating the quantum threat for a while. Researchers
are already developing post-quantum algorithms, in case quantum
computers become a reality. NIST is even calling upon the public for
assistance in developing strategies and approaches for post-quantum
algorithms.
Quantum Key Distribution
Quantum Key Distribution (QKD) is a mechanism for agreeing encryption

keys between two or more remote parties, relying on the properties of
quantum mechanics to ensure that key has not been observed or
tampered with in transit. And also by using the theory of contact mapping
for nodes of network for communication.
Since traditional public key cryptography algorithms may be vulnerable to

a future large-scale quantum computer, new approaches are required that
do not share this vulnerability. QKD claims to offer a potential mitigation
since its security properties are based on the laws of physics rather than
the hardness of some underlying mathematical problems.
QKD protocols provide a mechanism for two remote parties to agree a

shared secret key, where the key cannot be observed or tampered with by
an adversary without alerting the original parties. However, because QKD
protocols do not provide authentication, they are vulnerable to physical
man-in-the-middle attacks in which an adversary can agree individual
shared secret keys with two parties who believe they are communicating
with each other.
For this reason, QKD protocols must be deployed alongside cryptographic

mechanisms that ensure authentication. These cryptographic mechanisms
must also be secure against the quantum threat.
QKD is not the only mitigation against the threat of quantum computers.
Work towards standardising quantum-safe cryptographic algorithms is
underway in international standards bodies such as NIST. These
algorithms can be implemented on today’s classical computers, and,
unlike QKD solutions, do not require dedicated or specialist hardware.
72
TELEPHONY
Quantum-safe cryptographic algorithms allow two remote parties to agree
a shared secret key with authentication, hence without the risk of man-in-
the-middle attacks.
Agreeing encryption keys is just one mechanism of many that must be

employed to secure a complex system. More research is needed to
understand how QKD protocols can be implemented and integrated into
these complex systems of classical components, such that the whole
system is secure against an appropriate threat model. However, we
welcome the ongoing research and assurance work currently underway in
this area.
NCSC Position
Given the specialised hardware requirements of QKD over classical

cryptographic key agreement mechanisms and the requirement for
authentication in all use cases, the NCSC does not endorse the use of QKD
for any government or military applications, and cautions against sole
reliance on QKD for business-critical networks, especially in Critical
National Infrastructure sectors.
In addition, we advise that any other organisations considering the use of

QKD as a key agreement mechanism ensure that robust quantum-safe
cryptographic mechanisms for authentication are implemented alongside
them.
NCSC advice is that the best mitigation against the threat of quantum
computers is quantum-safe cryptography.
Quantum Random Number Generation
Cryptographic algorithms often require random values; these values may

be used, for example, for cryptographic keys, initialisation vectors, salts
and nonces. Implementations of these algorithms need access to a
Random Number Generator (RNG) which will provide good quality random
numbers when required.
A Quantum Random Number Generator (QRNG) is an RNG that relies on

constructions based purely on quantum mechanics for its entropy. QRNGs
73
do not provide any new mitigation against the threat from quantum
computers to traditional public key cryptography; however, they can
generate random numbers at very high speed, and, in their ideal state, the
constructions produce truly unpredictable numbers.
QRNGs are often defined in contrast with classical RNGs, where numbers
are derived from measurements of the behaviour of higher-level
components. However, in many classical RNGs, the dominant hardware
noise source is also a consequence of quantum processes. Methods for
integrating these RNGs into larger systems and assessing their behaviour
are well established.
In practice, the unpredictability that QRNGs can potentially offer is hard to

realise. A significant reason for this is that QRNGs will necessarily sit inside
classical circuitry for collection and processing, and this classical circuitry
adds noise to the measurement of the quantum state.
The embedding within classical circuitry also means that QRNGs are
potentially subject to a similar range of implementation-level attacks as
classical RNGs, as well as those specific to the quantum technology. This
leads to some future research challenges, including (but not exclusively):
 Modeling and evidencing the real-world properties of physical

QRNGs.
 Engineering and integration of QRNGs into larger systems.
 Understanding changes in behavior of QRNGs under various
physical stresses and through aging.
 Vulnerability research to explore new technical risks.
74
TELEPHONY
75
9 INTERNET OF THINGS SECURITY
Quantum Cryptography for Internet of Things Security
Summary
Internet of things (IoT) is a developing technology with a lot of scope in

the future. It can ease various different tasks for us. On one hand, IoT is
useful for us, on the other hand, it has many serious security threats, like
data breaches, side-channel attacks, and virus and data authentication.
Classical cryptographic algorithms, like the Rivest-Shamir-Adleman (RSA)
algorithm, work well under the classical computers. But the technology is
slowly shifting towards quantum computing, which has immense
processing power and is more than enough to break the current
cryptographic algorithms easily. So it is required that we have to design
quantum cryptographic algorithms to prevent our systems from security
breaches even before quantum computers come in the market for
commercial uses. IoT will also be one of the disciplines, which needs to be
secured to prevent any malicious activities. In this paper, we review the
common security threats in IoT and the presently available solutions with
their drawbacks. Then quantum cryptography is introduced with some of
its variations. And finally, the analysis has been carried out in terms of the
pros and cons of implementing quantum cryptography for IoT security.
1. Introduction
Computers these days offer all types of services for us. Having and using
computers ease up so many tasks in our lives. But computers also have a
risk of security with every each task that they perform [1]. Hence it is
important for us to ensure the total security of our valuable and personal
information. Sustaining computer security comprises of employing
76
TELEPHONY
suitable anticipatory measures, detecting budding vulnerabilities, possible
coercion, and compromised systems, and handling incidents [2]. The
computer security is growing as a more and more important field due to
the widespread use of the Internet, Wi-Fi, and Bluetooth. There are many
different types of misuse that can occur over a computer network like
hacking, phishing, spreading computer viruses, worms, or Trojans. Misuse
may also include the damage to the hardware, software, or electronic data
sources.
With the development in technologies, a new field of interest called the

Internet of things (IoT) is undergrowth, in which more processes are being
automated and more user data are available on the Internet. Hence the
need for security has increased nowadays.
Convergence of multiple technologies, machine learning, goods sensors,

wireless detector networks, management systems, and automation
(including home and building automation), all contribute to facultative IoT
[3], [30]. IoT involves the extending web property on the far side
customary devices, from desktops, laptops, smart phones, and tablets, to
any variation of historically non-internet-enabled physical devices and
everyday objects. Embedded with technologies, these devices will
communicate and move over the net, and that they will be remotely
monitored and controlled. Having such widespread applications makes IoT
prone to many security attacks and breaches. So we have to be careful
while developing or using the IoT applications.
2. Security Issues in IoT Systems
This section will describe the various security issues in IoT systems [4], [5].
•Data breaches
The IoT applications collect tons of users’ data to operate and function
properly. Also, most of the data consist of the user’s personal information.
So it must be protected by encryption.
•Data authentication
Even when data are successfully encrypted, likelihoods of the device itself
77
being hacked are still there. If there is no way to establish the authenticity
of the data communicated to and from an IoT device, the security is
conceded.
•Side-channel attacks
These are the attacks which are based on the data and information gained
from the implementation of a system, rather than the weaknesses in the
algorithm of implementation. Power consumption, electromagnetic leak,
or sound can be enough to exploit the system.
•Irregular/no updates
There are plenty of IoT devices in the world and the number is expected to
increase in the near future. While developing the devices, the developers
often do not pay much attention to the future updates of the device and
hence a device considered to be secure when it was manufactured may
not be secure any more after 2 years to 3 years or less if it is not updated
regularly.
•Malware and ransom ware
An example of malware can be the Mirai Botnet which infects the IoT
devices that run on Argonaut reduced instruction-set computer core (ARC)
processors. If the default username and password combination is not
changed for the device, it is very easy for Mirai to infect the device.
Ransom ware is malevolent software that tends to lock the users out of
their devices and threaten the users to leak out their personal data unless
a ransom amount is paid.
2.1. Traditional Security Techniques
IoT also comes with many benefits and various risks. As security is the
prime concern for any communications, the traditional security techniques
are described in this section [6], [7].
•Hashed passwords
Hashing is a common technique to encrypt the passwords for devices.
78
TELEPHONY
Hash is a function which takes a string as input and produces a unique and
consistent set of bits. The Hash code can be cracked using a technique
called rainbow table. It is a table which contains the Hash key for the very
common password strings, which lets anyone, do quick look-up to crack
the password. The reverse look-up of the rainbow table can be avoided
using an entity called salt. It is a small string of random characters which is
appended to every Hash key and is unique for each key. Creating a
rainbow table for such long sequences is a time taking and expensive task.
•Private Key authentication
Private Key cryptography is asymmetric encryption which provides two

keys, one public and one private. If data are encrypted with the private
key, it can only be decrypted with the public key, and vice versa. Doing so
preserves the security of the system and makes communications with
other devices safer. This can be useful when a new device needs to
connect to the IoT network and in the verification of messages passed
between devices.
•Signed firmware
While creating the firmware, the developer puts a secret digital signature
with it, preventing hackers from replacing the actual firmware with a
malicious one as they will not be able to replicate authenticated
signatures. Also, a technique called secure boot is used to check if each
code that runs on the device is signed appropriately.
All these techniques mentioned above are not realizable to a very good
extent in real-life systems due to resource constraints. A restricted
amount of processing power and memory poses a big hurdle for
developers. These techniques may be theoretically perfect but there are
various different examples where we can still see security breaches in IoT
systems. Examples of some malicious attacks are:
•The Mirai Botnet or Dyn attack;

•hackable cardiac monitoring devices from St. Jude;
•the owlet Wi-Fi baby monitor vulnerabilities;
•the TRENDnet webcam hack;
•Stuxnet.
79
This clearly signifies that we need some more powerful cryptographic and
security algorithms to prevent the threats discussed above.
3. Quantum Cryptography
Quantum cryptography is a very interesting field that makes use of the

rules of quantum mechanics to develop a cryptosystem that is believed to
be the most secure system [8]. It cannot be breached by anyone without
getting noticed by the sender or the receiver of the message. Quantum
cryptography is based on using photons and their fundamental quantum
properties to develop an indestructible cryptosystem because it is not
possible to measure the quantum state of any system without alarming
the system [9].
Currently, the cryptographic algorithms are using the principles of

mathematics to try and develop efficient cryptosystems. An example of a
mathematics based cryptographic algorithm is where the ‘key’ is a
combination of a large set of prime factors of large numbers generated at
random. Cracking such keys may be an extraordinary task for a normal
computer but it is not impossible.
So, scientists are now moving from mathematics towards physics and
trying to develop systems which will replace the currently used systems
for the better. Using quantum mechanics to send/receive messages is
believed to be 100% unhackable and secure [10].
The root of quantum cryptography lies in the fact that it uses the smallest
individual particles that exist in nature, i.e. photons. These photons have a
property to exist in more than one state simultaneously and they change
their states only when they are measured. That is the main property
exploited by the quantum cryptography algorithms. Whenever a message
is travelling through a channel from the sender to the receiver and any
malicious entity tries to intercept the communications, the change in the
state of the photon is immediately visible to the sender/receiver.
Also, there is a variation of a technique which makes use of a property

called quantum entanglement [11], [12]. Quantum entanglement is a
property in which even if two quantum particles/photons are separated by
a physical distance, a change in any one of the photons leads to a change
80
TELEPHONY
in another one, making it easy to detect the intruder in a network.
3.1. Shor’s Algorithm for Factoring
Shor’s algorithm is one of the most famous algorithms in the field of

quantum computing. It shows the efficient way of factoring large non-
prime numbers in polynomial time which takes up exponential time when
performed in a classical way.
The motivation behind this algorithm is that the current cryptographic

algorithms, like the Rivest-Shamir-Adleman (RSA) algorithm, are based on
the principle of factoring large numbers and the inability of classical
computers to solve the problem in polynomial time is the main reason of
the success of such algorithms. But quantum computers are very fast and
efficient in calculating the factors and hence these algorithms can be easily
breached soon. So, to avoid this we need some algorithms that are based
on the quantum background.
Generally, classical algorithms take up the time of O ((logN)k) and the

quantum algorithm takes up the time of O(logN). Also, the run time differs
largely: The classical computers take up the run time of O (exp
(L1/3(logL)2/3) and the quantum computers take up the run time of O((L)3),
where L is the length of the number N in bits [13].
The algorithm depends on three main factors:
•Modular arithmetic;
•quantum parallelism;
•quantum Fourier transform.
The problem statement for the algorithm is: Given an odd composite
number N, find an integer d, strictly between 1 and N, which divides N.
There are 2 parts of this algorithm:
•Conversion of the problem of factoring to the problem of finding the

period. This can be solved classically.
•Finding the period using the quantum Fourier transform which is
responsible for quantum speedup.
81
3.2. Quantum Key Distribution (QKD)
Quantum key distribution is a very basic technique used in quantum

cryptography. As we know that quantum computing uses a stream of
photons to transmit data. These photons have a property called a ‘spin’.
There are basically 4 types of spins: Horizontal, vertical, 45° diagonal, and
−45° diagonal. The horizontal and vertical filters are put under the
rectilinear scheme and the 2 diagonal filters are put under the diagonal
scheme. Generally, the horizontal and 45° filters represent the binary 1
and the vertical and −45° filters represent the binary 0 [14].
A very interesting principle in physics known as the Heisenberg

uncertainty principle states that we cannot measure all the properties of a
particle without disturbing its current state. This principle applies to the
photons, too. If we try to measure the spin of the photons, the spin will
change, which may change the value of the photon. Thus we can know
that the stream of communicating photons is interrupted by an unwanted
entity [15], [16], [17]. [18].
Alice sends to Bob a stream of polarized photons, selecting in random

between the polarizations. Once receiving a photon, Bob chooses in
random between + and x bases. Once the transmission is complete, Bob
sends Alice the sequence of bases he used to measure the photons. These
communications will be utterly public. Alice tells Bob that which of the
bases was similar ones she used. These communications may be public.
Alice and Bob discard the measurement that Bob used a different basis
[19], [20]]. On average, Bob can guess the proper basis with the possibility
of 50%, and can thus get a similar polarization as Alice sent. The key is
then the interpretation of the sequence of remaining photons as 0s and
1s. Eve will hear the messages between Alice and Bob about the
sequences of bases they used and learn the bases that Bob guessed
properly. However, this tells her nothing regarding the key, because
Alice’s polarizations were chosen at random. If Bob guessed + as the
correct polarization, Eve does not understand whether or not Alice sent a
0 or a 1 polarized photon, and so is aware of nothing regarding the key bit
the photon represents. Once Eve measures a photon, its state is altered to
evolve to the basis Eve used, thus Bob can get the incorrect end in some
similar basis with the possibility of 50%, Eve’s measurement adds an error
of 25%[20],[21].
82
TELEPHONY
3.3. Device-Independent Quantum Cryptography
In general communications networks, it is often seen that two computers

do not communicate directly. There are always some intermediate
measurement devices that help the message to go from the source to the
destination. Now in such a case, we cannot trust the third-party devices to
be completely safe and secure. They may be tampered with by some
malicious entity or by the developers themselves. Also, the risk of side-
channel attacks is to be worried [22]. The device-independent quantum
key distribution aims at modifying the original quantum key distribution to
be safe in case of untrusted third-party devices. The aim of quantum key
distribution is for two computers, Alice and Bob, to share a common
cryptographic key through communications over public channels. It is
known that the BB84 protocol (the quantum cryptographic protocol) is
safe even under the channel noise and possible detector faults at the end
of Bob, with the assumption that the apparatus used at Alice’s side are
perfectly working to produce photons. But when we work in reality, this
assumption does not hold good because there are high possibilities of
faulty apparatus at Alice’s side, too, which could hamper the security of
the private string shared by Alice and Bob for communications.
For the solution of this problem, we need some devices which have the
capabilities of self-testing. After passing these tests the device is said to be
secure for communications [23]. Also, cross-checking the polarizations and
their probability distributions can be a solution. There are various
implementations for the solution of these problems.
4. Quantum Cryptography Implementation with IoT
IoT devices have many loopholes in terms of the security of the devices,
users, or the network. The current classical architecture of the IoT does
not provide any provisions to detect the eavesdropper in the
communications channel [24]. Also, there can be some attacks wherein
only one device in the whole IoT network can be infected with some virus
and other devices trust the infected device and continue communications
until it is detected. The fault might not be detected until a late time point
and by then a sufficiently large amount of information could be
transmitted to any malicious entity [25]. Some viruses may affect the
systems in a manner that they can only be removed by rebooting the
83
systems and the industrial and enterprise systems are not rebooted for a
very long time. Hence, there are multiple different points of vulnerability
and IoT systems are highly susceptible to attacks. Here, we study the
possible solution of IoT security through quantum cryptography [26].
A very basic aspect of the quantum cryptography is a quantum key

distribution which is discussed above [27]. The best feature in the
quantum key distribution is the ability of the channel to detect the
presence of any eavesdropper in the architecture of the system. This is in
sharp contrast to classical algorithms for cryptography.
There are several variations of the quantum cryptographic protocol, BB84,

but the main problem in the physical implementation of these protocols is
the maximum distance that can be traveled by the photons. Photons are
essentially light particles and they can easily be distorted by the
environmental or natural calamities. The photons need to travel a very
long distance in cases where the IoT networks are wide and stretch across
many cities/countries. Here, quantum computing fails to do so. Also,
quantum devices are very big, bulky, and expensive. These cannot be
afforded by every organization. The existing quantum key distribution
protocol is designed to work with only 2 devices. This is not possible in
actual IoT systems which connect hundreds of devices together to
communicate [28].
So to cure these problems we can give a solution wherein we combine

both the classical and quantum approaches. One solution is proposed,
which keeps the current semiconductor chips but uses quantum
techniques to create a long and unique cryptographic key for each device.
This can be done using quantum random number generation (QRNG),
which generates a noise source with a high level of randomness. Quantum
computing is capable of generating such large numbers quite efficiently
and at a fast speed. Thus, it will be very difficult to guess the key and each
device will have its unique key. The only way to get the key is to access the
physical device configuration and trying to do so without getting noticed is
very difficult. Hence, the key can be secured and the communications can
be safe [29].
Additionally, the device-independent quantum cryptography can be used

to ensure that the manufactured devices are trustworthy.
84
TELEPHONY
5. Conclusions
Finally, it has been concluded that although quantum computing and

quantum cryptography have developed very efficiently, there is some
more advancement that is required for them to become a reality in the
commercial systems. Many algorithms are an advanced version of the
quantum key distribution, like the coherent one way (COW) quantum key
distribution, which aim at amending the drawbacks of the original
quantum key distribution algorithm. But to implement quantum systems
in the commercial use for IoT is a big challenge due to the large scale and
expensive quantum apparatus which cannot be afforded by every
organization. Also, the distance which quantum communications can be
done is very less due to the properties of photons, which restrict them to
travel long distances. If these issues are resolved, we can have successful
IoT systems with quantum cryptography applied to them, making them
the most secure systems to date.
References
[1] V. Kharchenko, M. Kolisnyk, I. Piskachova, and N. Bardis: Reliability and

security issues for IoT-based smart business center: Architecture and
markov model Proc. of the 3rd Intl. Conf. on Mathematics and Computers
in Sciences and in Industry, Chania (2016), pp. 313-318
[2] J.A. Stankovic: Research directions for the internet of things,IEEE

Internet of Things Journal, 1 (1) (2014), pp. 3-9
Feb.
[3]IEEE. (2017). Internet of things—IEEE standards enabling products with

real-world applications. [Online]. Available:
https://standards.ieee.org/initiatives/iot/stds.html
[4] SecureRF. (February 2019).: Will enterprise prioritize IoT security over
innovation in 2019? [Online]. Available: https://www.securerf.com/will-
enterprise-prioritize-iot-security-over-innovation-in-2019/
[5] Y.-C. Yang, L.-F. Wu, G.-S. Yin, L.-J. Li, H.-B. Zhao: A survey on security
and privacy issues in Internet-of-things ,IEEE Internet of Things Journal, 4
(5) (2017), pp. 1250-1258
85
Oct.
[6]Internet Security Threat Report

Symantec, Cupertino (2016)
[7] J. Shen, T.-Q. Zhou, X.-C. Chen, J. Li, W. Susilo :Anonymous and
traceable group data sharing in cloud computing ,IEEE Trans. on
Information Forensics and Security, 13 (4) (2018), pp. 912-925A pr.
[8]R.P. Feynman: Simulating physics with computers ,Intl. Journal of

Theoretical Physics, 21 (6-7) (1982), pp. 467-488,Jun.
[9]C.H. Bennett, G. Brassard : Quantum cryptography: Public key

distribution and coin tossing ,Proc. of IEEE Intl. Conf. Computers, Systems
and Signal Processing, Bangalore (1984), pp. 175-179
[10]D. Deutsch, A. Barenco, A. Ekert : Universality in quantum

computation ,Proc. of the Royal Society A: Mathematical and Physical
Sciences, 449 (1937) (1995), pp. 669-677,Jun.
[11]A. Ekert, C. Macchiavello: Quantum error correction for

communication,Physical Review Letters, 77 (12) (1996), pp. 2585-
2588,Sept.
[12]E. Rieffel, W. PolakAn introduction to quantum computing for non-

physicists ,ACM Computing Surveys, 32 (3) (2000), pp. 300-335 ,Sept.
[13]N. Gisin, G. Ribordy, W. Tittel, H. Zbinden : Quantum

cryptography ,Reviews of Modern Physics, 74 (1) (2002), pp. 145-195,Jan.
[14]W.-Y. Hwang : Quantum key distribution with high loss: Toward global
secure communication ,Physical Review Letters, 91 (5) (2003), p. 057901 ,
1-4, Aug.
[15]D. Stucki, N. Brunner, N. Gisin, V. Scarani, H. ZbindenFast and simple

one-way quantum key distribution ,Applied Physics Letters, 87 (19) (2005),
p. 194108 ,1-3, Nov.
[16] N. Gisin, R. ThewQuantum communication ,Nature Photonics, 1 (3)

(2007), pp. 165-171,Mar.
86
TELEPHONY
[17]A. Sharma, R.C. Belwal, V. Ojha, G. Agarwal : Password based

authentication: Philosophical survey ,Proc. of 2010 IEEE Intl. Conf. on
Intelligent Computing and Intelligent Systems, Xiamen (2010), pp. 619-622
[18]A. Sharma, V. Ojha, V. GoarSecurity aspect of quantum key

distribution ,Intl. Journal of Computer Applications, 2 (2) (2010), pp. 58-
62 ,May
[19] M.M. WildeQuantum Information Theory ,(2nd ed.), Cambridge

University Press, Cambridge (2017)
[20] T. Cubitt, D. Elkouss, W. Matthews, et al.Unbounded number of

channel uses may be required to detect quantum capacity ,Nature
Communications, 6 (2015), p. 6739,1-4, May
[21] V. Ojha, A. Sharma, V. Goar, P. Trivedi : Limitations of practical

quantum cryptography ,Intl. Journal of Computer Trends and Technology,
1 (1) (2011), pp. 90-93
[22]S. Pirandola, C. Ottaviani, G. Spedalieri, et al. : High-rate

measurement-device-independent quantum cryptography ,Nature
Photonics, 9 (6) (2015), pp. 397-402,May
[23] F.-H. Xu, M. Curty, B. Qi, H.K. Lo : Measurement-device-independent

quantum cryptography ,IEEE Journal of Selected Topics in Quantum
Electronics, 21 (3) (2015), p. 6601111,1-11, May
[24] A.P. Bhatt, T. Babuta, A. Sharma : Quantum information processing

and communication: Asian perspective ,Intl. Journal of Computer and
Mathematical Sciences, 7 (2) (2018), pp. 616-621
Feb.
[25] L. S. Bishop, S. Bravyi, A. Cross, J. M. Gambetta, and J. Smolin. (March

2017). Quantum volume. [Online]. Available:
https://pdfs.semanticscholar.org/650c/3fa2a231cd77cf3d882e1659ee141
75c01d5.pdf
[26]Nicola Jones. (June 2013). Computing: The quantum company. Nature.

[Online]. Available: https://www.nature.com/news/computing-the-
87
quantum-company-1.13212
[27] Timothy Hollebeek. (May 2019). Future-proofing security in a post-

quantum cryptography world. [Online]. Available:
https://securityboulevard.com/2019/05/futureproofing-security-in-post-
quantum-cryptography-world/
[28] S. Gupta, C. Dutta : Internet of things security analysis of networks

using quantum key distribution ,Indian Journal of Science and Technology,
9 (48) (2016), pp. 105551:1-105551:11
[29]R. Pell. (January 2018). IoT security algorithm accepted by NIST for
quantum cryptography project. [Online]. Available:
https://www.eenewseurope.com/news/iot-security-algorithm-accepted-
nist-quantum-cryptography-project
[30] Dr.A.B.Rajib Hazarika (2012): Internet Protocol version 12 (IPv12),

Lulu.com, Google book, ISBN - 9781329153387
88
TELEPHONY
89
10 POST QUANTUM CRYPTOGRAPHY
Research in quantum computers is advancing quickly and researchers

recently claimed for quantum supremacy, in other words, the ability of
quantum computers to perform a calculation out of reach of even the
most powerful classical supercomputers.
However, any claims that quantum computers are close to cracking any
practically used cryptosystems are highly exaggerated. Such powerful
quantum computers are very likely several decades away, if indeed they
will ever be built. Many significant technicalities are required before a
large-scale, practical quantum computer can be achieved, and some
commentators even doubt whether such a scenario ever is possible.
What we do know, however, is that large-scale cryptography-breaking

quantum computers are highly unlikely to develop during the next
decade. Yet, in spite of this, systems which need very long-term
protection such as government systems with classified information or root
certificates with very long lifetimes must nevertheless start preparing to
replace today’s asymmetric algorithms.
Impact of quantum on asymmetric cryptography
In traditional cryptography, there are two forms of encryption: symmetric

and asymmetric.
Most of today's computer systems and services such as digital identities,

the Internet, cellular networks, and crypto currencies use a mixture of
symmetric algorithms like AES and SHA-2 and asymmetric algorithms like
RSA (Rivest-Shamir-Adleman) and elliptic curve cryptography.
The asymmetric parts of such systems would very likely be exposed to

significant risk if we experience a breakthrough in quantum computing in
the coming decades.
90
TELEPHONY
What is post-quantum cryptography?
In anticipation of such a quantum computing paradigm, cryptography is

being developed and evolved by using so-called “quantum-safe”
algorithms. They run on classical computers and are believed to withstand
attacks from powerful quantum computers.
When we compare post-quantum cryptography with the currently used

asymmetric algorithms, we find that post-quantum cryptography mostly
have larger key and signature sizes and require more operations and
memory. Still, they are very practical for everything except perhaps very
constrained Internet of Things devices and radio.
Large-scale cryptography-breaking quantum computers are highly unlikely

to develop during the next decade
Standardizing post-quantum cryptographic algorithms
The US National Institute of Standards and Technology (NIST) are currently

standardizing stateless quantum-resistant signatures, public-key
encryption, and key-establishment algorithms and are expected to release
the first draft publications between 2022–2024. After this point, the new
standardized algorithms will likely be added to security protocols like
X.509, IKEv2, TLS and JOSE and deployed in various industries. The IETF
crypto forum research group has finished standardizing two stateful hash-
91
based signature algorithms, XMSS and LMS which are also expected to be
standardized by NIST. XMSS and LMS are the only post-quantum
cryptographic algorithms that could currently be considered for
production systems e.g. for firmware updates.
The US government is currently using the Commercial National Security

Algorithm Suite for protection of information up to ‘top secret’. They have
already announced that they will begin a transition to post-quantum
cryptographic algorithms following the completion of standardization in
2024.
Why should the industry be taking note of this decision? ‘Top secret’
information is often protected for 50 to 75 years, so the fact that the US
government is not planning to finalize the transition to post-quantum
cryptography until perhaps 2030 seems to indicate that they are quite
certain that quantum computers capable of breaking P-384 and RSA-3072
will not be available for many decades.
Symmetric cryptography and quantum computers
When we turn our focus to symmetric cryptography as opposed to

asymmetric cryptography, we see that the threat is even more
exaggerated. In fact, even a quantum computer capable of breaking RSA-
2048 would pose no practical threat to AES-128 whatsoever, can be used
for this purpose AES-256 [1].
Grover’s algorithm applied to AES-128 requires a serial computation of

roughly 265 AES evaluations that cannot be efficiently parallelized. As
quantum computers are also very slow (operations per second), very
expensive, and quantum states are hard to transfer from a malfunctioning
quantum computer, it seems highly unlikely that even clusters of quantum
computers will ever be a practical threat to symmetric algorithms. AES-
128 and SHA-256 are both quantum resistant according to the evaluation
criteria in the NIST PQC (post quantum cryptography) standardization
project.
92
TELEPHONY
Other alternatives within quantum cryptography
In addition to post-quantum cryptography running on classical computers,

researchers in quantum networking are looking at quantum key
distribution (QKD), which would theoretically be a provably secure way to
do unauthenticated key exchange.
QKD is however not useful for any other use cases such as encryption,
integrity protection, or authentication where cryptography is used today
as it requires new hardware and is also very expensive compared to
software-based algorithms running on classical computers.
In a well-written white paper, the UK government is discouraging use of

QKD stating that it seems to be introducing new potential avenues for
attack, that the hardware dependency is not cost-efficient, that QKD’s
limited scope makes it unsuitable for future challenges, and that post-
quantum cryptography is a better alternative. QKD will likely remain a
niche product until quantum networks are needed for non-security
reasons.
Standardization of stateless quantum-resistant signatures, public-key

encryption and key-establishment algorithms is ongoing and first draft
publications are expected no earlier than 2022
93
Recent quantum supremacy claims
The calculation recently used to show quantum supremacy was not very
interesting in it and was contrived to show quantum supremacy. The claim
was also criticized by competing researchers who claim that the
corresponding classical calculation could be done over a million times
faster. Quantum computers able to solve any practical problems more
cost-effectively than classical computers are still years away.
The “quantum supremacy” computer consists of 54 physical qubits

(quantum bit), which after quantum error correction corresponding to
only a fraction of a single logical qubit. This is very far away from quantum
computers able to break any cryptographic algorithm used in practice
which would require several thousand logical qubits and hundreds of
billions gates. Scaling up the number of qubits will not be easy, but some
researchers believe that the number of qubits will follow a quantum
equivalent of Moore’s law called Neven’s law. We will likely see
undisputed claims of quantum supremacy in the coming years.
What can we expect next?
In 2017 about post quantum cryptography in mobile phones networks

shown by Hazarika [2 ]in PLASMA-2017 , the hype around quantum
computers and the worries about their security impacts have been more
nuanced, aligning with our previous analysis.
Recent reports from academia and industry now says that large-scale
cryptography-breaking quantum computers are highly unlikely during the
next decade. There has also been general agreement that quantum
computers do not pose a large threat to symmetrical algorithms.
Standardization organizations like IETF and 3GPP and various industries
are now calmly awaiting the outcome of the NIST PQC standardization.
Quantum computers will likely be highly disruptive for certain industries

but probably not pose a practical threat to asymmetric cryptography for
many decades and will likely never be a practical threat to symmetric
cryptography. Companies that need to protect information or access for a
very long time should start thinking about post-quantum cryptography.
94
TELEPHONY
But as long as US government protects ‘top secret’ information with
elliptic curve cryptography and RSA, they are very likely good enough for
basically any other non-military use case.
Courtesy: Patrik Ekdahl, Alexander Maximov
Encryption in virtualizes 5G environments
Innovation, Research, Security
Courtesy | Remi Robert
95
Building a decentralized marketplace using Hyper ledger Fabric
Automation, Digital transformation, Research
Courtesy| Icaro Leonardo Da Silva, Cecilia Eklöf, Julien Muller
Quantum-Safe Security
The world leader in Quantum Key Distribution & Quantum Key Generation
Overview
Providing the ultimate, long-term data protection in a post-quantum

world
By harnessing the unique properties of quantum mechanics, ID Quantique

has developed a portfolio of quantum-safe security solutions. Our
Quantum Key Distribution, Quantum cryptography, Quantum Key
Generation and Quantum Safe Network Encryption solutions offer
unparalleled protection for data with long-term sensitivity and value.
It is designed to help governments, financial service companies,

healthcare organizations, cloud service providers and commercial
enterprises worldwide protect mission-critical data into, and beyond, the
era of large scale quantum computers.
96
TELEPHONY
The Quantum Computing era
Computing technology stands on the brink of a major milestone in its

evolution. As the worlds of academia and business prepare themselves for
the dawning of the age of the quantum computer, there is naturally
uncertainty as to what lies ahead.
On the brighter side, the quantum computer will unleash a qualitatively

different computational power. On the darker side, this very power will
destroy existing crypto-systems and expose our secret data.
At ID Quantique, they plan for the future and become quantum-ready.
The value of quantum cryptography
With the age of quantum computing drawing ever-closer, traditional

encryption methods are at risk. While brute force attacks can take months
to break through security, quantum attacks can use more advanced
techniques to break standard public key cryptography in a much shorter
timeframe.
Even if quantum computers only appear in the next decade, as is widely

held to be the case, today’s public key cryptography is still not proven to
be secure against mathematical attacks. Moreover, the threat posed by
future quantum computers still affects data today – the “download now,
decrypt later” attack vector means that (encrypted) sensitive data can be
downloaded today & analyzed offline when a quantum computer appears.
The only solution to provide proven secrecy of encryption keys and to

reach long-term evolution is to implement quantum-safe encryption
today. Using quantum cryptography now will provide immediate
protection to your data in the face of today’s brute force attacks, ensure
that data with a long shelf life is protected against future attacks and
safeguard high-value data in a post-quantum computing world.
97
Quantum-Safe Network Encryption
High performance, quantum-safe network encryption solutions for the

protection of data in transit.
Quantum Key Distribution
The ultimate in quantum-safe security for long-term data protection;

guaranteeing provably secure key exchange for encryption and other
security devices on point-to-point backbone and storage networks.
A team of engineers and researchers are working to tap quantum

cryptography technology to enhance network encryption tools, so these
can be ready to mitigate security risks when quantum computing becomes
mainstream. ST Engineering and National University of Singapore (NUS)
used "measurement-device-independent" quantum key distribution (MDI
QKD) technology in their efforts to build cyber security defense against
increasingly sophisticated threats.
Supported under National Research Foundation's Quantum Engineering

Programme, the partnership aims to make advanced quantum
cryptography accessible to the wider industry and drive the advancement
of a technology that can lead to a new class of "quantum-resilient
encryptors".
They added these encryptors provided a highly scalable and cost-effective

tool that could be deployed with minimal disruption to existing digital
infrastructure. "This addresses the current limitations in the market
[where] products are designed for point-to-point communication and are
not scalable," they said. "This will also accommodate a larger number of
users and benefit numerous applications, from financial services
institutions, to government agencies, and hospitals."
98
TELEPHONY
Courtesy: Singapore govt.
AI skills for quantum economy
Country's government in India has introduced initiatives to train 15,000

people in artificial intelligence skill sets, including industry professionals
and secondary school students under the programmed “Quantum Enabled
Science and Technology (QuEST) by spending $1.12 Billon.
Furthermore, existing security standards such as those used in ATMs and

online transactions did not use quantum technology. This could result in
added security risk when quantum computing technology became readily
available. The partners said current encryption keys still could safeguard
digital communication adequately, but noted there had been reports of
breaches and alternative technologies should be explored.
With QKD technology, the laws of quantum theory -- with the highly
sensitive nature of quantum signals -- are tapped to distribute private keys
over an insecure network. They can detect any attempts on
eavesdropping, offering a secure form of encrypted communication, are
used by the Singapore organizations.
"The secret key is transmitted using a sequence of carefully prepared

single-photon quantum signals. If the secret key is intercepted, the
quantum signals will be disturbed and keys will be rendered useless," they
explained. "This enhances the security of digital communication as data
cannot be intercepted or eavesdropped."
The partnership would explore the feasibility of further improving this

through MDI-QKD technology, which also could operate under real-world
conditions.
99
ST Engineering's president of cyber security systems group, Goh Eng

Choon, said: "The threat landscape is evolving very rapidly and we must be
prepared for challenges to come in the post-quantum computing era.
While QKD technology can be used to secure digital communications, it
can also be used to mitigate future quantum computers being used to
exploit and maliciously target weak links and disrupt the global encryption
ecosystem.
"This research into quantum cryptography and the co-development of the

industry's first solution will allow us to explore the potential of this
technology, further strengthen our arsenal of advanced cyber security
solutions, and gain a foothold in the QKD market," Goh said.
National University of Singapore (NUS) currently is working with

nanoelectronics institute companies to jointly develop new chip-based
quantum crypto devices, which can be applied to the new MDI-QKD
technology and broader quantum cryptography technology due to their
smaller device footprint and lower cost.
NUS' assistant professor Charles Lim Ci Wen, who leads the joint project
with ST Engineering, said: "As quantum computing becomes more
prevalent worldwide, information security threats will also become more
advanced. This collaboration, which leverages MDI-QKD, will lead to
quantum-resilient encryptors that are not only secure against channel
attacks, but also against detection side-channel attacks."
Lim added that the partnership would explore how chip-based quantum
devices could be integrated into commercial network encryption
equipment, hence, reducing the cost of QKD technology.
To understand the difference between quantum cryptography and post-

quantum cryptography, it’s helpful to go back in time: In the early 1990s,
Peter Shor of AT&T Bell Laboratories discovered an algorithm that could
defeat the RSA encryption algorithm — with the aid of a large enough
quantum computer. The race has been on ever since to develop just such
a machine.
100
TELEPHONY
Quantum computers offer orders of magnitude more computing power
than even the most powerful supercomputers, making them capable of
solving complex challenges that would otherwise be impossible.
Rather than using 0s and 1s, as traditional computers do, quantum

computers use the fundamental laws of quantum mechanics to process
information in quantum bits, or qubits. These can be combinations or
superpositions of 0s and 1s, giving them the potential for exponentially
growing compute states. Therefore, a quantum computer can store many
more variables in a small space and can process them faster.
How Quantum Computing Can Be Used for Cryptography
One particular element of quantum computing that can be seen as both a

positive and a negative is its ability to build and break encryption
algorithms. This is especially troubling to the government and could have
special implications for the military.
Early applications of quantum computing have included material design,

financial risk management and MRI technology. According to Microsoft, as
the global community of researchers, scientists, engineers and business
leaders continues to collaborate to advance the quantum ecosystem.
At the moment, a quantum computer with enough stable qubits to use

Shor’s algorithm to break current public-key cryptography has not been
created and may not be for some time. However, experts agree that day is
coming.
And while that particular threat is still on the horizon, there is a very real
risk today that individuals may be intercepting and storing encrypted
internet traffic now for decryption later, when a large enough quantum
computer is available.
What Is Quantum Cryptography?
In the face of this looming threat, IT leaders should be thinking about the
world of post-quantum cryptography, where cryptographic algorithms
(usually public-key algorithms) would be secure against an attack by a
quantum computer.
101
“Research into quantum-safe encryption will help secure data that needs
to be protected over a long period of time, such as health records,” says
Bob Sutor, vice president of IBM Quantum ecosystem development at IBM
Research. “It’s why we’re working alongside others in industry and
academia to standardize these quantum-safe protocols with the National
Institute of Standards and Technology,” or NIST.Quantum communication
or quantum security, offers a theoretically secure solution to the key
exchange problem, namely quantum key distribution (QKD).
“Quantum cryptography utilizes the principles of quantum mechanics to

encrypt data and transmit it in a way that theoretically cannot be hacked,”
says a Microsoft spokesperson.
The practice takes advantage of the “no change theory,” which dictates
that no quantum presence can be interrupted without the interruption
being detected. Photon particles generate encryption keys through their
properties.
In quantum cryptography, a pair of photons is entangled to ensure that

whatever happens to one affects the state of the other. A sender would
transmit one of these photons to a recipient, who performs a previously
agreed-upon measurement, which will also be reflected in the proton kept
by the sender, thanks to quantum entanglement. If the calculation is
correct, both parties know that their communication is encrypted. To
break the key and steal the message, a hacker would need to measure the
particles, which would alter their behaviour. This would serve as an alert
that the key had been compromised and rendered useless.
“If someone intercepts the photon and performs something other than
the agreed-upon calculation or measurement, you will immediately know
it didn’t reach its intended target and you can stop communicating,” says
Tiago Mata, a lecturer in science and technology studies at University
College London.
If quantum cryptography makes it a hundred times more difficult for “bad

guys” to crack systems and steal the data — or an improvement of
exponentially more profound impact — then federal IT decision-makers
have a duty as public servants to seriously explore and invest in this
technology.
102
TELEPHONY
While still an emerging technology in terms of quantum cryptography,
QKD, while limited, does exist today in solutions like IBM’s lattice-based
cryptographic suite, known as CRYSTALS, Sutor says.
“We also offer a Quantum Security Risk Assessment, where companies can
learn more about quantum-safe and other cyber security strategies and
implementations,” he says.
What Is Post-Quantum Cryptography?
In short, post-quantum cryptography consists of algorithms designed to

withstand cyber attacks should quantum computers become powerful
enough. Once that happens, says Dustin Moody, a mathematician at NIST,
post-quantum encryption will come into play on a large scale.
“For most organizations, quantum encryption or QKD is not what they’re

going to need. It’s most likely going to be post-quantum encryption,”
Moody says.
According to Mata, work began on developing post-quantum

cryptography almost immediately once the algorithm that could enable
quantum computing was created.
“The day after Shor’s paper was published, people started asking, ‘Is there
something we can do about this?’” he says.
In 2015, the National Security Agency made a public statement about the
quantum threat and and announced for its transition, something Moody
says was not only a surprise but also underscored the need to take post-
quantum cryptography seriously.
“That caught a lot of people off guard because the NSA doesn’t usually talk
about crypto. But it also reinforced that the quantum threat is real if the
NSA is taking this seriously and they’re talking about it,” Moody says.
103
Standardization of Post-Quantum Cryptography
One of the next important steps to make quantum-safe cryptography

more widely adopted by government and industry, says Sutor, is
standardization, which NIST is currently undertaking.
Today, NIST is evaluating post quantum algorithms with an eye toward

choosing a standard for all post-quantum cryptography. In 2016, the
organization announced an international contest that resulted in 82
algorithms submitted for consideration, 69 of which met the
predetermined requirements. In 2019, the 26 most promising submissions
were chosen to move on to the next round of evaluations and testing,
including those from Microsoft and IBM. NIST hopes to narrow that list
even further by June for a third round of evaluation. The institute is aiming
to have a standard released for public comment by 2022.
“We will continue to evaluate the security characteristics and the

performance characteristics before we select standards,” Moody says.
“We’re trying to move quickly because we know this already exists, but at
the same time, we want to have absolute confidence in whatever we
select to standardize.”
Until there are standards for post-quantum cryptography, it does no good

to go all-in on a particular algorithm. But that doesn’t mean there’s no
work to be done in the meantime.
“The best way to start preparing is to ensure that all current and future
systems have cryptographic agility — the ability to be easily reconfigured
to add quantum-resistant algorithms,” says Brian LaMacchia, distinguished
engineer and head of the security and cryptography group at Microsoft
Research.
This preparation will be critical once NIST completes its standards.

“Agencies should at least be thinking about readiness, so that once an
algorithm is standardized, they can update at a moment’s notice,” Mata
says. As for how to approach this readiness, Moody says the best way to
start is to consume as much information as possible about post-quantum
cryptography.
104
TELEPHONY
“First off, be aware and do some basic information gathering and reading.
Also, know that quantum computers have a potentially positive effect as
well as a possible negative effect with regards to cryptography,” Moody
says.
The next step, he says, is for agencies to analyze the cryptography they are
using, look at how it is being used and determine if their cryptography can
be broken by a quantum computer. This will help determine how the
agency moves forward.
“Starting to come up with a plan, knowing you’re going to have a

transition at some point. Within five to 10 years, these algorithms will be
standardized and we’re going to have to switch. So, let’s start planning
how we’re going to do that or setting aside money to have someone in
charge of that,” Moody says. “The main message would be that this is a
real threat. We are working on it. There will be a transition in the future,
and the sooner they can start learning and preparing for it, the better it
will go for them.”
Reference
[1] Dr.A.B.Rajib Hazarika (2012): Internet Protocol version 12 (IPv12),

Lulu.com, Google book, ISBN – 9781329153387
[2] Dr.A.B.Rajib Hazarika (2017): 33rd National symposium of Plasma
Science and Technology, IPR, Gandinagar, India
And Scribd http://scribd.com/drabrajibh
105
11 QUANTUM COMMUNICATION PROTOCOL
Realization of quantum communication protocols in

programmable quantum computers provides a deep benchmark
for capabilities of real quantum hardware. Particularly, it is
prospective to focus on measurements of entropy-based
characteristics of the performance and to explore whether a
”quantum regime” is preserved. Proof-of-principle
implementations of superdense coding and quantum key
distribution BB84E.
106
TELEPHONY
A. A. Zhukov et al.using 5- and 16-qubit superconducting
quantum processors of IBM Quantum Experience.The ability
of these quantum machines to providean efficient transfer of
information between distant parts of the processors by
placing Alice and Bob at different qubits of the devices. The
ability of quantum devices to serve as quantum memory and
to store entangled states used in quantum communication.
Another issue of an error mitigation is addressed. Although it
is at odds with benchmarking, this problem is nevertheless of
importance in a general context of quantum computation with
noisy quantum devices. A mitigation and noticeably improve
some results.
Quantum channel estimation and discrimination are

fundamentally related infor-mation processing tasks of interest in
quantum information science. It is analyzed by employing the
right logarithmic derivative Fisher information and the geometric
R ́enyi relative entropy, respectively, and we also identify
connections between these distinguishability measures. A key
result is that a chain-rule property holds for the right logarithmic
derivative Fisher information and the geometric R é nyi relative
entropy for the interval α∈(0,1) of the Renyi parameter α. In
channel estimation, these results imply a condition for the
unattainabilityof Heisenberg scaling, while in channel
discrimination, they lead to improved bounds on error rates in the
Chernoff and Hoeffding error exponent settings. More
generally,we introduce the amortized quantum Fisher information
as a conceptual framework for analyzing general sequential
protocols that estimate a parameter encoded in a quantum
channel, and we use this framework, beyond the afore mentioned
application, to show that Heisenberg scaling is not possible when
a parameter is encoded in a classical–quantum channel. Then by
identifying a number of other conceptual and technical
connections between the tasks of estimation and discrimination
and the distinguishability measures involved in analyzing each. A
detailed overview of the geometric R ́enyi relative entropy of
quantum states and channels, as well as its properties, which may
be of independent interest.
107
Quantum communication protocols based on entanglement

swapping studied by Guillermo Morales-Luna Recall several
cryptographic protocols based on entanglement alone and also on
entanglement swapping. An exposition in terms of the
geometrical aspects of the involved Hilbert spaces, and the formal
nature of the used transformations.
1. Introduction
The Entanglement has been widely exploited in the design of

protocols and procedures for communication, cryptography and
computation within quantum contexts. Quantum codes guarantee
that information has been transmitted without any alteration.
Cryptographic protocols aid for key agreement for secure
communication, namely unconditionally secure information
exchange. Entanglement has been used to implement and to
speed-up paradigmatic quantum algorithms [1,2].Entanglement
swapping may entangle two quantum systems without direct
interaction among them, and this fact is exploited within several
quantum cryptography schemes.Here, recalling several well
known cryptographic protocols using entanglement, alone, and
entanglement swapping: the Quantum Secure Direct
Communication Protocol (see Table 3 below) communicates
securely bit strings with an even length, the Quantum
Bidirectional Communication Protocol (see Table 4 below) is a
generalization of the above protocol in which the communicating
parts exchange simultaneously messages of even bit length, the
Quantum Multidirectional Communication Protocol (see Table 8
below) allows the message exchange among three parts using the
maximally entangled GHZ states, at Table 9 we recall a three
parties protocol in which two correspondents communicate
securely just after the authorisation of a third party (who does not
catch the message exchange), and finally, the Key Agreement
Protocol Using Entanglement Swappingis sketched at Table 10 in
order to illustrate the use of entanglement swapping in
cryptographic protocols.The algebraic aspect of the Hilbert space
nature of all the involved protocols established a correspondence
among unitary transforms, obtained as tensor products of Pauli
maps,and permutations of basic vectors in the Hilbert spaces.
These correspondence are summarized at Tables 2 and 6. Also,
108
TELEPHONY
explicit expressions of the Bell basis, in terms of the Hadamard
basis are given.For any two integer numbers i, j ∈ Z+, with i ≤j, let
us write [i, j] ={i, i+1,...,j−1,j}.
2. Qubits and Pauli transforms

3. Let H1=C2 be the two-dimensional complex Hilbert space.
The unit sphere of H1 is the set of qubits.The canonical basis
consists of the vectors e0=[10]T and e1=[01]T. Usually, itis
written|0 〉 =e0 and |1 〉 =e1 .Let h0=1/√2(|1 〉 ) and
h1=1/√2(|0〉+|1〉) be the vectors forming the ABR basis at
H1. Let us consider the Pauli operators
σ0=(1001), σx=(0110) σy=(0110), σz=(1001) (1)
and let us number them as [σ0 σ1 σ2 σ3]=[σ0 σx σy σz]. The action

of these operators over the vectors at the canonical and the ABR
basis is sketched at Table 1. At each entry is located the value of σi
at the vector labeling the corresponding column. We see that, up
to aTable 1.Action of the Pauli operators on basis vectors |0 〉 |
1 〉 h0h1σ0 |0 〉 |1 〉 h0h1σ1 |1 〉 |0 〉 h0−h1σ2−i|1 〉 i|
0〉ih1−ih0σ3|0〉−|1〉h1 h0 factor which is a unitary complex
number, the canonical basis remains fixed by σ0 and σ3 and is
switched by σ1 and σ2 while the Hadamard basis remains fixed by
σ0 and σ1 and is switched by σ2 and σ3. Thus, the operator σ2 is
switching both basis.Let H2=H1⊗H1 be the Hilbert space
containing the 2-quantum registers. Any 2-quregisterx has two
components x0 and x1, each at the factor space H1, they are
qubits. Let for i, j ∈ [ 0,1], bij=1/√2(|0i 〉 +(−1)j∣∣1i〉), here the
overline denotes complement modulus 2. Then B=(bij) i,j ∈ [ 0,1]
is the Bell basis of H2 and consists of four maximally entangled
states. In terms of the Hadamard basis, the Bell vectors are
expressed as follows:
b00=1/√2(h0⊗h0+h1⊗h1)
b01=1/√2(h1⊗h0+h0⊗h1)
b10=1/√2(h0⊗h0−h1⊗h1)
b11=1/√2(h1⊗h0−h0⊗h1)
Any sequence C=(ck) k≥0 whose terms are elements of B

determines two sequences of qubits C0=(ck0) k≥0 and C1=(ck1)
109
k≥0. Through the radix expression of an index in base 2, we may

number the Bell basis as B=(bk)k ∈ [ 0,22−1]. The tensor products
σij=σi⊗σj determine bijections αij:B→B,such that ∀ (i, j) ∈ [ 0,3] 2
∀ k ∈ [ 0,22−1] :σij(bk) ∈ L(bαij(k)).
(2) Let A2:σij→αij be the map that associates to each tensor

product σij the corresponding permutation that it defines at the
Bell basis. The image of A2 consists of just 4 = 22 permutations
(β)∈[ 0,1], and each permutation is defined by 4 tensor products
σij as summarized at the Table 2: the first column displays the
index, the second column the permutation β and the third
column the list of tensor product maps σij producing β under the
map A2.Table 2.Correspondence on permutations of the Bell basis
and tensor products of Pauli operators βA−12(β)0[0 1 2 3]
{σ00,σ01,σ02,σ03} 1[2 3 0 1]{σ01,σ00,σ03,σ02} 2[3 2 1 0]
{σ02,σ03,σ00,σ01} 3[1 0 3 2]{σ03,σ02,σ01,σ00}Table 2 can in turn
be summarized as∀ I ∈ [ 0,3] :A2(σiβ0(i))=β0, A2(σiβ3(i))=β1,
A2(σiβ1(i))=β2, A2(σiβ2(i))=β3.
(3)By looking at relation (2), we see that if i and k remain fixed,

then the index j can be encoded by the value αij(k). This property
can be exploited for secure communication purposes.In Table 3 a
Quantum Secure Direct Communication Protocol [3] is sketched.
The purpose of this protocol is to communicate securely a word in
[0,3]∗. Alice should communicate a message [μκ]m−1κ=0 ∈
[ 0,3]m. Alice and Bob fix a Pauli transform σi, a Bell quregister bk
∈ B, an integer n > m and an index set J ∈ [ 0,n−1](m). They share
initially a constant sequence C=(cκ)n−1 κ=0 whose terms coincide
with bk∈B.Using sequences of entangled quregisters it is also
possible to build bidirectional communication protocols. In Table 4
a Quantum Bidirectional Communication Protocol is sketched [4].
The purpose of this protocol is to communicate securely two
words in [0,3]∗,one going from Alice to Bob and the other in the
opposite direction. Alice and Bob should interchange messages in
[0,1] 2n, and they share initially a constant
sequenceC=(cκ)n−1κ=0.
4. Entanglement swapping
Entanglement swappingis a phenomenon which allows to put two
particles into entangled states although these particles have not
110
TELEPHONY
been close at any time. Departing from two pairs of entangled
particles, a particle is chosen from each pair, then the joint pair of
selected particles is measured with respect to the Bell basis,
resulting in an entangled state. As a consequence, the
pairconsisting of the two partner particles is also entangled. This
last pair is the result of the entanglement swapping beginning
from the original two pairs.In two 2-quregisters there are involved
4 qubits, let us identify them with the four indexes in the integer
interval [0,3]. Let us write|ε〉μ,for ε ∈ {0,1}, μ ∈ [ 0,3]].
 Table 3.Quantum Secure Direct Communication Protocol Alice Bob

pads the message [μκ]m−1κ=0 into a sequence [jκ]n−1κ=0 by
inserting the message into the positions at J codifies the message
[jκ]n−1κ=0 by calculating D1=(σjκ(cκ1))n−1κ=0 sends D1 through a
quantum chan-nel D1−→receives D1 calculates
D0=(σi(cκ0))n−1κ=0,which actually completes the calculation of
D=((σi⊗σjκ)(cκ))n−1κ=0 calculates E by measuring each term at D
with respect to the Bell basis recovers the sequence
(αijκ(k))n−1κ=0,consequently the padded sequence[jκ]n−1κ=0,
and the original message[μκ]m−1κ=0Table
4.Quantum Bidirectional Communication Protocol Alice Bobby

taking pairs of contiguous bits,she writes her message as a word
(iκ)n−1κ=0 ∈ [ 0,3]n by taking pairs of contiguous bits,he writes his
message as a word (jκ)n−1κ=0 ∈ [ 0,3]n codifies her message by
calculating D0=(σiκ(cκ0))n−1κ=0 codifies his message by
calculating D1=(σjκ(cκ1))n−1κ=0 sends D0 through a quantum
channel D0−→receives D0 receives D1 D1←−sends D1 through a
quantum channel for each κ ∈ [ 0,n−1] she measures the
entangled quregisterdκ with respect to the Bell basis for each κ ∈
[ 0,n−1] he measures the entangled quregisterdκ with respect to
the Bell basis since she knows iκ, using (2), she recovers jκ since he
knows jκ, using (2), here covers iκ the μ-th qubit. For any two
different indexes μ, ν ∈ [ 0,3], let the respective Bell basis of the
Hilbert space H2 be (b(μν)ij=1√2(|0i 〉 μν+(−1)j∣∣1i〉μν) ) i.j
[ 0,1].Let us assume that the 2-quregister consisting of the qubits
0 and 1 is entangled as well as the pair of qubits 2 and 3. Then a
basis of the space H4 is B(01)
(23)=(zi0j0i1j1=b(01)i0j0⊗b(23)i1j1)i0,j0,i1,j1∈[0,1]
111
where∀i0,j0,i1,j1∈[[0,1]:zi0j0i1j1=12(|0i00i1 〉 0123+
(−1)j1∣∣0i01i1〉0123+(−1)j0∣∣1i00i1〉0123+(−1)j0+j1∣∣1i01i1〉0123).
(5)By rearranging the pairs and considering the pairs (0,2) and
(1,3), we have that a second basis of H4 is B(02)
(13)=(b(02)i0j0⊗b(13)i1j1)i0,j0,i1,j1∈[[ 0,1]],
(6)where∀i0,j0,i1,j1∈[[ 0,1]]:b(02)i0j0⊗b(13)i1j1=12(|
0i00i1 〉 0213+(−1)j1∣∣0i01i1〉0213+(−1)j0∣∣1i00i1〉0213+
(−1)j0+j1∣∣1i01i1〉0213).By swapping the middle qubits, the
following 4-quregisters result:∀i0,j0,i1,j1∈[[ 0,1]],yi0j0i1j1=12(|
00i0i1 〉 0123+(−1)j1∣∣01i0i1〉0123+(−1)j0∣∣10i0i1〉0123+
(−1)j0+j1∣∣11i0i1〉0123).(7)Each 2-quregisterzi0j0i1j1given by
relation (5) can be expressed in terms of the 2-
quregistersyi0j0i1j1given by relation (7),
namely:zi0j0i1j1=12(yi0j0i1j1+(−1)j1yi0j0i1j1+(−1)j0yi0j0i1j1+
(−1)j0+j1yi0j0i1j1),(8)and this relation is
symmetric:yi0j0i1j1=12(zi0j0i1j1+(−1)j1zi0j0i1j1+(−1)j0zi0j0i1j1+
(−1)j0+j1zi0j0i1j1),(9)In this way, the entanglement of the 4-
registerszis reflected by the entanglement of the 4-registersy, in
other words, the entanglement of the pairs (0,1) and (2,3) is
swapped into theentanglement of the pairs (0,2) and (1,3), and
conversely.4. Three-entanglementLet us consider multi-party
bidirectional protocols. In particular, we will illustrate
theseprocedures with three communicating parties. A proper
protocol considers maximally entangled3-quregisters, members
ofH3=H1⊗H2. Any 3-quregisterxhas three
componentsx0,x1andx2, each at the factor spaceH1, they are
qubits. Forε1,ε2,ε3∈[[ 0,1]] let bε1ε2ε3=1/√2(|0ε1ε2 〉 +(−1)ε3|
1ε1ε2 〉 ).These vectors form a basis,B3, analogous to the Bell
basis inH3, but they are calledGreensberger-Horne-
Zeilinger(GHZ)states. In terms of the Hadamard vectors, the GHZ
statesare expressed as shown at the Table 5.

Table 5.The GHZ states in terms of the ABR basis of
qubits.b000=12(h0⊗(h0⊗h0+h1⊗h1)+h1⊗(h0⊗h1+h1⊗h0))
b001=12(h1⊗(h0⊗h0+h1⊗h1)+h0⊗(h0⊗h1+h1⊗h0))
b010=12(h0⊗(h0⊗h0−h1⊗h1)+h1⊗(−h0⊗h1+h1⊗h0))
b011=12(h1⊗(h0⊗h0−h1⊗h1)+h0⊗(−h0⊗h1+h1⊗h0))
112
TELEPHONY
b100=12(h0⊗(h0⊗h0−h1⊗h1)+h1⊗(h0⊗h1−h1⊗h0))
b101=12(h1⊗(h0⊗h0−h1⊗h1)+h0⊗(h0⊗h1−h1⊗h0))
b110=12(h0⊗(h0⊗h0+h1⊗h1)+h1⊗(−h0⊗h1−h1⊗h0))
b111=12(h1⊗(h0⊗h0+h1⊗h1)+h0⊗(−h0⊗h1−h1⊗h0))
Through the radix expression of an index in base 2, we may

number the Bell basis as B3=(bk)k∈[[ 0,23−1]]. The tensor
products σijk=σi⊗σj⊗σk determine bijections αijk:B3→B3 in an
analogous way as in (2):∀(i, j, k)∈[ 0,3]3
∀∈[ 0,23−1] :σijk(b)∈L(bαijk()).(10)
Let A3:σijk→αijk be the map that associates to each tensor

product σijk the corresponding permutation at the Bell basis. The
image of A3 consists of just 8 = 23 permutations (βμ)μ ∈
[ 0,23−1], and each permutation is defined by 8 tensor products
σijk as summarized inTable 6. As seen at the beginning of section
2, the operator σ2 switches the canonical and theTable
6.Correspondence on permutations of the Bell basis and tensor
products of Pauli operators μβμA−13(βμ)0[01234567]
{σ000,σ033,σ111,σ122,σ212,σ221,σ303,σ330}1[23016745]
{σ003,σ030,σ112,σ121,σ211,σ222,σ300,σ333}2[32107654]
{σ001,σ032,σ110,σ123,σ213,σ220,σ302,σ331}3[10325476]
{σ002,σ031,σ113,σ120,σ210,σ223,σ301,σ332}4[45670123]
{σ010,σ023,σ101,σ132,σ202,σ231,σ313,σ320}5[67452301]
{σ013,σ020,σ102,σ131,σ201,σ232,σ310,σ323}6[76543210]
{σ011,σ022,σ100,σ133,σ203,σ230,σ312,σ321}7[54761032]
{σ012,σ021,σ103,σ130,σ200,σ233,σ311,σ322} ABR basis. Let us
consider just operators of the form σijk where I ∈ [ 0,3], j, k ∈
{0,2}. Then, the restriction of Table 6 to operators at the set
S={σijk|I ∈ [ 0,3], j,k ∈ {0,2}} is shown at Table 7.In Table 8 a
Quantum Multidirectional Communication Protocol is sketched [4,
5]. The purpose of this protocol is to communicate securely four
classical bits, two emitted by Alice,
Table 7.Correspondence on permutations of the Bell basis and

tensor products of Paulioperators at the setS, in alphabetical
113
order according to the first element at S∩A−13(βμ).Observe that if

one index i, j, k is known, the other two can be deduced form this
index and the 3-quregister
σijk(b).μS∩A−13(βμ)0{σ000,σ122}3{σ002,σ120}5{σ020,σ102}6{σ0
22,σ100}7{σ200,σ322}4{σ202,σ320}2{σ220,σ302}1{σ222,σ300}
one by Bob and another by Claire. By repeating the protocol the
parties may exchange longerbit-strings. Alice, Bob and Claire
should interchange four classical bits, two emitted by Alice,one by
Bob and another by Claire. The parties share two GHZ
states,c0=c1=b ∈ H3 with respective components c00,c10,c20 and
c01,c11,c21. The components c0k,c1k,c2k are in possession of
Alice, Bob and Claire respectively,k∈[ 0,1]. The quregister c0 is a
record of the initial state b, while the quregister c1 is to be
transformed during the protocol.Table 8.Quantum
Multidirectional Communication Protocol
(i) The two bits of Alice determine an index I A∈ [ 0,3]. She

applies σi A to her qubit c01.
(ii) Bob applies either σ0 or σ2 to his qubit c11 according to
the value of his bit.
(iii) Claire applies either σ0 or σ2 to her qubit c21 according
to the value of her bit.
(iv) They take a measure of the transformed quregister with
respect to the Bell basis.
(v) Using table 7, since each participant knows his/her own
message, they recover thetransmitted bits.Another
bidirectional protocol [6] consists of three participants:
Alice and Bob are thecorrespondents and Claire is the
controller. The correspondents are able to communicate
onlyafter the authorization of the controller, but their
correspondence should be kept in secret againstthe
controller. The protocol is sketched at Table 9. Alice and
Bob should interchange messages at [0,3]m after the
authorization granted by Claire. The parties share a
constant sequence (cν)n−1ν=0 whose entries coincide
with a GHZ initial state b. The component sequence
(c0ν)n−1ν=0,let us say for ease of explanation, is owned
by Claire, the component sequence (c1ν)n−1ν=0 by Alice
and the component sequence (c2ν)n−1ν=0by Bob.A Key
Agreement Protocol Using Entanglement Swappingis
114
TELEPHONY
obtained [7] as follows. Let B(μν)2 be the Bell basis
considering two qubits μ, ν ∈ [ 0,3], μ=ν. Let c(01),c(23) be
two Bell 2-quregisters with respective components
c(0),c(1) and c(2),c(3).Alice may act on the pair
(c(01),c(23))=[c(0),c(1),c(2),c(3)] either by (A0:) doing
nothing or by (A1:) swapping the middle qubits, obtaining
thus [c(0),c(2),c(1),c(3)].Bob may act on the pair
(c(01),c(23))=[c(0),c(1),c(2),c(3)] either by (B0:) measuring
[c(0),c(1)] with respect to the Bell basisB(01)2 and
measuring [c(1),c(2)] with respect to the BellMielnik50IOP
PublishingJournal of Physics: Conference Series624(2015)
012003doi:10.1088/1742-6596/624/1/0120037
 Table 9.Quantum Controlled Bidirectional Communication
Protocol(i) Alice and Bob agree a setJ⊂[[ 0,n−1]] ofmpositions
among the index set [[0,m−1]].(ii) Alice codifies her message
(aμ)m−1μ=0∈[[ 0,3]]m−1by applyingσaμto her
correspondentqubitc1νμ,withνμ∈J, and she applies arbitrary Pauli
operators at her qubits withindexes not inJ. Alice sends her
codified sequence to Claire.(iii) Bob codifies his message
(bμ)m−1μ=0∈[[ 0,3]]m−1by applyingσbμto his
correspondentqubitc2νμ,withνμ∈J, and he applies arbitrary Pauli
operators at his qubits withindexes not inJ. Bob sends his codified
sequence to Claire.(iv) Claire receives the component
sequences(c1νμ)n−1ν=0and(c2νμ)n−1ν=0, and she measuresthe
whole sequence(cνμ)n−1ν=0with respect to the basisB3. She
sends her results toAlice and Bob as an authorization to proceed
the transaction.(v) Using the table 6, her knowledge of her own
message and the index setJ, Alice recoversBob’s message
(bμ)m−1μ=0∈[[ 0,3]]m−1.(vi) Using the table 6, his knowledge of
his own message and the index setJ, Bob recoversAlice’s message
(aμ)m−1μ=0∈[[ 0,3]]m−1.basis B(23)2 or (B1:) by measuring
[c(0),c(2)] with respect to the Bell basis B(02)2 and measuring
[c(1),c(3)] with respect to the Bell basis B(13)2.If the chosen
actions are (A0,B0) or (A1,B1), the actions are said to be
correlated, otherwise,they are anticorrelated.Table 10.Key
Agreement Protocol Using Entanglement Swapping
(i) Alice selects a sequence B=(bα(k))2m−1k=0 of
entangled states at the Bell basis. Each pair of two
such states (bα(2k), bα(2k+1)),k∈[ 0,m−1], involves 4
qubits, say [c(0k),c(1k),c(2k),c(3k)]
115
(ii) For each k∈ [ 0,m−1], Alice applies an operation A0 or

A1 to the current pair (bα(2k),bα(2k+1)). She obtains
the sequence C and she sends this sequence to Bob
through a public quantum channel.
(iii) Bob receives the sequenceCand for any block of 4
consecutive qubits, say[d(0k),d(1k),d(2k),d(3k)], he
selects randomly an operationB0orB1and he appliesit
to [d(0k),d(1k),d(2k),d(3k)].
(iv) Alice and Bob exchange through a classic channel the
lists of their correspondingselected operations.
(v) The common key is established by selecting the 4
blocks measurements correspondingto the correlated
pairs of operations.
(vi) It is worth to remark that at the anticorrelated
positions, both Alice and Bob mayrecover two
common bits, corresponding to the initial state of
Alice for the current 4-block.In the protocol, the
agreed common key is the juxtaposition of the
measures obtained atthe positions in which correlated
operators do occur. When looking for a greater
efficiency it is possible to recover also not 4, for 2 bits
at any block corresponding to an anti correlated
operator.
References
[1] Gisin N, Ribordy G, Tittel W and Zbinden H 2002Rev. Mod.
Phys.74(1) 145–195
URLhttp://link.aps.org/doi/10.1103/RevModPhys.74.145
[2] Lanyon B P, Weinhold T J, Langford N K, Barbieri M, James D F
V, Gilchrist A and White A G 2007Phys.Rev. Lett.99(25) 250505
URLhttp://link.aps.org/doi/10.1103/PhysRevLett.99.250505
[3] Deng F G, Long G L and Liu X S 2003Phys. Rev. A68
(4) 042317
URLhttp://link.aps.org/doi/10.1103/PhysRevA.68.042317[4] Gao
Fei, Guo FenZhuo, Wen QiaoYan and Zhu FuChen 2008Science
China Physics, Mechanics & Astronomy51559
Summary
116
TELEPHONY
In quantum mechanics, a fundamental law prevents quantum
communications to simultaneously achieve high rates and long distances.
This limitation is well known for point-to-point protocols, where two
parties are directly connected by a quantum channel, but not yet fully
understood in protocols with quantum repeaters. Here we solve this
problem bounding the ultimate rates for transmitting quantum
information, entanglement and secret keys via quantum repeaters. We
derive single-letter upper bounds for the end-to-end capacities achievable
by the most general (adaptive) protocols of quantum and private
communication, from a single repeater chain to an arbitrarily complex
quantum network, where systems may be routed through single or
multiple paths. We analytically establish these capacities under
fundamental noise models, including bosonic loss which is the most
important for optical communications. In this way, our results provide the
ultimate benchmarks for testing the optimal performance of repeater-
assisted quantum communications.
Introduction
Today quantum technologies are being developed at a rapid pace [1],[2],

[3],[4]. In this scenario, quantum communications are very advanced, with
the development and implementation of a number of point-to-point
protocols of quantum key distribution (QKD) [5], based on discrete
variable (DV) systems [6],[7],[8], such as qubits, or continuous variable
(CV) systems, such as bosonic modes[9],[10]. Recently, we have also
witnessed the deployment of high-rate optical-based secure quantum
networks [11],[12]. These are advantageous not only for their multiple-
user architecture but also because they may overcome the fundamental
limitations that are associated with point-to-point protocols of quantum
and private communication.
After a long series of studies that started back in 2009 with the
introduction of the reverse coherent information of a bosonic channel
[13],[14], ref. [15] finally showed that the maximum rate at which two
remote parties can distribute quantum bits (qubits), entanglement bits
(ebits), or secret bits over a lossy channel (e.g., an optical fiber) is equal to
−log2(1 − η), where η is the channel’s transmissivity. This limit is the
Pirandola–Laurenza–Ottaviani–Banchi (PLOB) bound [15] and cannot be
surpassed even by the most powerful strategies that exploit arbitrary local
117
operations (LOs) assisted by two-way classical communication (CC), also

known as adaptive LOCCs[16].
To beat the PLOB bound, we need to insert a quantum repeater 17 in the

communication line. In information theory [18],[19],20],[21], a repeater or
relay is any middle node helping the communication between two end-
parties. This definition is extended to quantum information theory, where
quantum repeaters are middle nodes equipped with both classical and
quantum operations, and may be arranged to compose linear chains or
more general networks. In general, they do not need to have quantum
memories (e.g., see ref.[22]) even though these are generally required for
guaranteeing an optimal performance.
To beat the PLOB bound, we need to insert a quantum repeater 17 in the

communication line. In information theory[18],[19],[20],[21], a repeater or
relay is any middle node helping the communication between two end-
parties. This definition is extended to quantum information theory, where
quantum repeaters are middle nodes equipped with both classical and
quantum operations, and may be arranged to compose linear chains or
more general networks. In general, they do not need to have quantum
memories (e.g., see ref.[22]) even though these are generally required for
guaranteeing an optimal performance.
In all the ideal repeater-assisted scenarios, where we can beat the PLOB
bound, it is fundamental to determine the maximum rates that are
achievable by two end-users, i.e., to determine their end-to-end capacities
for transmitting qubits, distributing ebits, and generating secret keys.
Finding these capacities not only is important to establish the boundaries
of quantum network communications but also to benchmark practical
implementations, so as to check how far prototypes of quantum repeaters
are from the ultimate theoretical performance.
Here we address this fundamental problem. By combining methods from

quantum information theory [6],[7],[8],[9],[10] and classical networks
[18],[19],20],[21], we derive tight single-letter upper bounds for the end-
to-end quantum and private capacities of repeater chains and, more
generally, quantum networks connected by arbitrary quantum channels
(these channels and the dimension of the quantum systems they transmit
may generally vary across the network). More importantly, we establish
118
TELEPHONY
exact formulas for these capacities under fundamental noise models for
both DV and CV systems, including dephasing, erasure, quantum-limited
amplification, and bosonic loss which is the most important for quantum
optical communications. Depending on the routing in the quantum
network (single- or multi-path), optimal strategies are found by solving the
widest path [23],[24],[25] or the maximum flow problem [26],[27],[28],
[29] suitably extended to the quantum communication setting.
Our results and analytical formulas allow one to assess the rate
performance of quantum repeaters and quantum communication
networks with respect to the ultimate limits imposed by the laws of
quantum mechanics.
Results
Ultimate limits of repeater chains
Consider Alice a and Bob b at the two ends of a linear chain of N quantum
repeaters, labeled by r1, …, rN. Each point has a local register of quantum
systems which may be augmented with incoming systems or depleted by
outgoing ones. As also depicted in Fig. 1, the chain is connected by N + 1
quantum channels through which
systems are sequentially transmitted. This means that Alice transmits a
system to repeater r1, which then relays the system to repeater r2, and so
on, until Bob is reached.
Fig. 1
Linear chain of N quantum repeaters between the two end-

users, Alice and Bob The chain is connected by N
+ 1 quantum channels
Note that, in general, we may also have opposite directions for some of
119
the quantum channels, so that they transmit systems towards Alice; e.g.,
we may have a middle relay receiving systems from both Alice and Bob.
For this reason, we generally consider the “exchange” of a quantum
system between two points by either forward or backward transmission.
Under the assistance of two-way CCs, the optimal transmission of
quantum information is related to the optimal distribution of
entanglement followed by teleportation, so that it does not depend on the
physical direction of the quantum channel but rather on the direction of
the teleportation protocol.
In a single end-to-end transmission or use of the chain, all the channels

are used exactly once. Assume that the end-points aim to share target
bits, which may be ebits or private bits[30],[31]. The most general
quantum distribution protocol involves transmissions which are
inter leaved by adaptive LOCCs among all parties, i.e., LOs assisted by two-
way CCs among end-points and repeaters. In other words, before and
after each transmission between two nodes, there is a session of LOCCs
where all the nodes update and optimize their registers.
After n adaptive uses of the chain, the end-points share an output state
with nRn target bits. By optimizing the asymptotic rate lim nRn over all
protocols we define the generic two-way capacity of the chain
If the target are ebits, the repeater-assisted capacity is an
entanglement-distribution capacity D2. The latter coincides with a
quantum capacity Q2, because distributing an ebit is equivalent to
transmitting a qubit if we assume two-way CCs. If the target are private
bits, is a secret-key capacity K ≥ D2 (with the inequality holding because
ebits are specific private bits). Exact definitions and more details are given
in Supplementary Note 1.
To state our upper bound for we introduce the notion of

channel simulation, as generally formulated by ref.[15] (see also refs. [32],
[33],[34],[35],[36],[37] for variants). Recall that any quantum channel
{\cal{E}} is simulable by applying a trace-preserving LOCC to the input
state ρ together with some bipartite resource state σ, so that
The pair represents a possible “LOCC
simulation” of the channel. In particular, for channels that suitably
commute with the random unitaries of teleportation [4], called
120
TELEPHONY
“teleportation-covariant” channels [15], one finds that is teleportation
and σ is their Choi matrix where Φ is a maximally
entangled state. The latter is also known as “teleportation simulation”.
For bosonic channels, the Choi matrices are energy-unbounded, so that

simulations need to be formulated asymptotically. In general, an
asymptotic state σ is defined as the limit of a sequence of physical states
σμ, i.e., The simulation of a channel {\cal{E}} over an
asymptotic state takes the form where

the LOCC may also depend on μ in the general case[15]. Similarly, any
relevant functional on the asymptotic state needs to be computed over
the defining sequence σμ before taking the limit for large μ. These
technicalities are fully accounted in the Methods section.
The other notion to introduce is that of entanglement cut between Alice

and Bob. In the setting of a linear chain, a cut “i” disconnects channel
{\cal{E}}_i between repeaters ri and ri+1. Such channel can be replaced by a
simulation with some resource state σi. After calculations (see Methods),
this allows us to write
(1)
where ER(·) is the relative entropy of entanglement (REE). Recall that the
REE is defined as [38],[39,[40]
(2)
where SEP represents the ensemble of separable bipartite states and
is the relative entropy. In general, for any asymptotic state defined by the
limit
121
we may extend the previous definition and consider
(3)
where γμ is a converging sequence of separable states [15].
By minimizing Eq. (1) over all cuts, we may write
(4)
which establishes the ultimate limit for entanglement and key distribution
through a repeater chain. For a chain of teleportation-covariant channels,
we may use their teleportation simulation over Choi matrices and write
(5)
Note that the family of teleportation-covariant channels is large, including

Pauli channels (at any dimension) 7 and bosonic Gaussian channels9. Within
such a family, there are channels whose generic two-way capacity
D2 or K satisfies
(6)
where is the one-way distillable entanglement of the Choi matrix

(defined as an asymptotic functional in the bosonic case[15]).
These are called “distillable channels” and include bosonic lossy channels,
quantum-limited amplifiers, dephasing and erasure channels [15].
For a chain of distillable channels, we therefore exactly establish the

repeater-assisted capacity as
(7)
In fact the upper bound (≤) follows from Eqs. (5) and (6). The lower bound
(≥) relies on the fact that an achievable rate for end-to-end entanglement
122
TELEPHONY
distribution consists in: (i) each pair, ri and , exchanging

ebits over ; and (ii) performing entanglement swapping on the distilled
ebits. In this way, at least ebits are shared between Alice
and Bob.
Lossy chains
Let us specify Eq. (7) to an important case. For a chain of quantum

repeaters connected by lossy channels with transmissivities we
find the capacity
(8)
Thus, the minimum transmissivity within the lossy chain establishes the
ultimate rate for repeater-assisted quantum/private communication
between the end-users. For instance, consider an optical fiber with
transmissivity η and insert N repeaters so that the fiber is split into N + 1
lossy channels. The optimal configuration corresponds to equidistant
repeaters, so that \eta _{{\mathrm{min}}} = \root {{N + 1}} \of {\eta } and
the maximum capacity of the lossy chain is
(9)
This capacity is plotted in Fig. 2 and compared with the point-to-point

PLOB bound A simple calculation shows that if we
want to guarantee a performance of 1 target bit per use of the chain, then
we may tolerate at most 3 dB of loss in each individual link. This “3dB rule”
imposes a maximum repeater-repeater distance of 15 km in standard
optical fiber (at 0.2dB/km).
Fig. 2
123
Optimal performance of lossy chains. Capacity (target bits per chain use)
versus total loss of the line (decibels, dB) for N = 1,2,10 and 100
equidistant repeaters. Compare the repeater-assisted capacities (solid
curves) with the point-to-point repeater-less bound 15 (dashed curve)
Quantum networks under single-path routing
A quantum communication network can be represented by an undirected

finite graph18 where P is the set of points and E the set of all
edges. Each point p has a local register of quantum systems. Two points pi
and pj are connected by an edge in E if there is a quantum
channel between them. By simulating each channel with
a resource state we simulate the entire network with a set of
resource states A route is an undirected path
between the two end-points, Alice a and Bob
b. These are connected by an ensemble of possible routes
with the generic route ω involving the
transmission through a sequence of channels
Finally, an entanglement cut C is a bipartition (A, B) of P such that
Any such cut C identifies a super Alice A and a super
Bob B, which are connected by the cut-set
124
TELEPHONY
See the example in Fig. 3 and

more details in Supplementary Notes 2 and 3.
Fig. 3
Courtesy :Nature journal
Diamond quantum network {\cal{N}}^\diamondsuit. a This is a quantum

network of four points with end-points
(Alice) and (Bob). Two points pi and pj are connected
by an edge if there is an associated quantum channel This
channel has a corresponding resource state in a simulation of the
network. There are four (simple) routes:
A
s an example, route 4 involves the transmission through the sequence of
quantum channels which is defined by
. b We explicitly show route ω

= 4. In a sequential protocol, each use of the network corresponds to using
a single route ω between the two end-points, with some probability
p_\omega. c We show an entanglement cut C of the network, with super
Alice A and super Bob B made by the points in the two clouds. These are
connected by the cut-set \tilde C composed by the dotted edges
Let us remark that the quantum network is here described by an

undirected graph where the physical direction of the quantum channels
{\cal{E}}_{ij} can be forward (pi → pj) or backward (pj → pi). As said before
for the repeater chains, this degree of freedom relies on the fact that we
consider assistance by two-way CC, so that the optimal transmission of
qubits can always be reduced to the distillation of ebits followed by
teleportation. The logical flow of quantum information is therefore fully
125
determined by the LOs of the points, not by the physical direction of the
quantum channel which is used to exchange a quantum system along an
edge of the network. This study of an undirected quantum network under
two-way CC clearly departs from other investigations[41],[42],[43].
In a sequential protocol the network is initialized by a preliminary

network LOCC, where all the points communicate with each other via
unlimited two-way CCs and perform adaptive LOs on their local quantum
systems. With some probability, Alice exchanges a quantum system with
repeater pi, followed by a second network LOCC; then repeater pi
exchanges a system with repeater pj, followed by a third network LOCC
and so on, until Bob is reached through some route in a complete
sequential use of the network (see Fig.4). The routing is itself adaptive in
the general case, with each node updating its routing table (probability
distribution) on the basis of the feedback received by the other nodes. For
large n uses of the network, there is a probability distribution associated
with the ensemble Ω, with the generic route ω being used .
Alice and Bob’s output state will approximate a target state with
nR_n bits. By optimizing over and taking the limit of large n, we
define the sequential or single-path capacity of the network
whose nature depends on the target bits.
Fig. 4
Coutesy:nature journal
Network protocols of quantum and private communication. a In a

sequential protocol, systems are routed through a single path
126
TELEPHONY
probabilistically chosen by the points. Here it is

Each transmission occurs between two adaptive LOCCs, where all points of
the network perform LOs assisted by two-way CC. b In a flooding protocol,
systems are simultaneously routed from Alice to Bob through a sequence
of multipoint communications in such a way that each edge of the
network is used exactly once in an end-to-end transmission. Here we show
a possible sequence
Each multipoint
communication occurs between two adaptive LOCCs
To state our upper bound, let us first introduce the flow of REE through a
cut. Given an entanglement cut C of the network, consider its cut-set .
For each edge (x, y) in , we have a channel and a corresponding
resource state associated with a simulation. Then we define the
single-edge flow of REE across cut C as
(10)
The minimization of this quantity over all entanglement cuts provides our
upper bound for the single-path capacity of the network, i.e.,
(11)
which is the network generalization of Eq. (4). For proof see Methods and
further details in Supplementary Note 4..
In Eq. (11), the quantity represents the maximum entanglement

(as quantified by the REE) “flowing” through a cut. Its minimization over all
the cuts bounds the single-path capacity for quantum communication,
entanglement distribution and key generation. For a network of
teleportation-covariant channels, the resource state in Eq. (10) is the
Choi matrix of the channel . In particular, for a network of distillable
channels, we may also set
(12)
127
for any edge (x, y). Therefore, we may refine the previous bound of Eq.
(11) into where
(13)
is the maximum (single-edge) capacity of a cut.
Let us now derive a lower bound. First we prove that, for an arbitrary
network, where
is the capacity of route ω (see Methods and
Supplementary Note 4 for more details). Then, we observe that is
an achievable rate. In fact, any two consecutive points on route ω may
first communicate at the rate the distributed resources are then
swapped to the end-users, e.g., via entanglement swapping or key
composition at the minimum rate For a distillable
network, this lower bound coincides with the upper bound, so that we
exactly establish the single-path capacity as
(14)
Finding the optimal route \omega _ \ast corresponds to solving the widest
path problem24 where the weights of the edges are the two-way
capacities Route ast can be found via modified Dijkstra’s
shortest path algorithm[25], working in time where
is the number of edges and \left| P \right| is the number of points.
Over route \omega _ \ast a capacity-achieving protocol is non adaptive,
with point-to-point sessions of one-way entanglement distillation followed
by entanglement swapping4. In a practical implementation, the number of
distilled ebits can be computed using the methods from ref. 44. Also note
that, because the swapping is on ebits, there is no violation of the
Bellman’s optimality principle45.
An important example is an optical lossy network where any route
128
TELEPHONY
ω is composed of lossy channels with transmissivities . Denote by

the end-to-end transmissivity of route ω. The single-
path capacity is given by the route with maximum transmissivity
(15)
In particular, this is the ultimate rate at which the two end-points may
generate secret bits per sequential use of the lossy network.
Quantum networks under multi-path routing
In a network we may consider a more powerful routing strategy, where

systems are transmitted through a sequence of multipoint
communications (interleaved by network LOCCs). In each of these
communications, a number M of quantum systems are prepared in a
generally multipartite state and simultaneously transmitted to M receiving
nodes. For instance, as shown in the example of Fig. 4, Alice may
simultaneously sends systems to repeaters p1 and p2, which is denoted by
Then, repeater p2 may communicate with repeater p1
and Bob b, i.e., Finally, repeater p1 may communicate
with Bob, i.e Note that each edge of the network is used
exactly once during the end-to-end transmission, a strategy known as
“flooding” in computer networks[46]. This is achieved by non-overlapping
multipoint communications, where the receiving repeaters choose unused
edges for the next transmissions. More generally, each multipoint
communication is assumed to be a point-to-multipoint connection with a
logical sender-to-receiver(s) orientation but where the quantum systems
may be physically transmitted either forward or backward by the quantum
channels.
Thus, in a general quantum flooding protocol {\cal{P}}_{{\mathrm{flood}}},

the network is initialized by a preliminary network LOCC. Then, Alice a
exchanges quantum systems with all her neighbor repeaters
{\mathbf{a}} \to \{ {\mathbf{p}}_k\}. This is followed by another network
LOCC. Then, each receiving repeater exchanges systems with its neighbor
repeaters through unused edges, and so on. Each multipoint
communication is interleaved by network LOCCs and may distribute multi-
129
partite entanglement. Eventually, Bob is reached as an end-point in the

first parallel use of the network, which is completed when all Bob’s
incoming edges have been used exactly once. In the limit of many uses n
and optimizing over {\cal{P}}_{{\mathrm{flood}}}, we define the multi-path
capacity of the network
As before, given an entanglement cut C, consider its cut-set . For each

edge (x, y) in \tilde C, there is a channel with a corresponding
resource state We define the multi-edge flow of REE through C as
(16)
which is the total entanglement (REE) flowing through a cut. The

minimization of this quantity over all entanglement cuts provides our
upper bound for the multi-path capacity of the network, i.e.,
(17)
which is the multi-path generalization of Eq. (11). For proof see Methods
and further details in Supplementary Note 5. In a teleportation-covariant
network we may simply use the Choi matrices Then, for a
distillable network, we may use from Eq. (12), and
write the refined upper bound where
(18)
is the total (multi-edge) capacity of a cut.
To show that the upper bound is achievable for a distillable network, we

need to determine the optimal flow of qubits from Alice to Bob. First of all,
from the knowledge of the capacities the parties solve a classical
problem of maximum flow[26],[27],[28],[29] compatible with those
capacities. By using Orlin’s algorithm[47], the solution can be found in
130
TELEPHONY
time. This provides an optimal orientation for the network

and the rates to be used. Then, any pair of neighbor
points, x and y, distill ebits via one-way CCs. Such ebits are used to
teleport qubits from x to y according to the optimal orientation. In
this way, a number nR of qubits are teleported from Alice to Bob, flowing
as quantum information through the network. Using the max-flow min-cut
theorem[26],[27],[28],[29],[47],[48],[49],[50],[51],[52],[53], we have that
the maximum flow is where is the minimum
cut, i.e., Thus, that for a distillable
we find the multi-path capacity
(19)
which is the multi-path version of Eq. (14). This is achievable by using a

non adaptive protocol where the optimal routing is given by Orlin’s
algorithm[47].
As an example, consider again a lossy optical network whose

generic edge (x, y) has transmissivity Given a cut C, consider its
and define the total loss of the

network as the maximization . We find that the multi-
path capacity is just given by
(20)
It is interesting to make a direct comparison between the performance of

single- and multi-path strategies. For this purpose, consider a diamond
network whose links are lossy channels with the same

transmissivity η. In this case, we easily see that the multi-path capacity
doubles the single-path capacity of the network, i.e.,
(21)
131
As expected the parallel use of the quantum network is more powerful

than the sequential use.
Formulas for distillable chains and networks
Here we provide explicit analytical formulas for the end-to-end capacities

of distillable chains and networks, beyond the lossy case already studied
above. In fact, examples of distillable channels are not only lossy channels
but also quantum-limited amplifiers, dephasing and erasure channels. First
let us recall their explicit definitions and their two-way capacities.
A lossy (pure-loss) channel with transmissivity in (0,1) corresponds to a

specific phase-insensitive Gaussian channel which transforms input
quadratures , where E is
the environment in the vacuum state 9. Its two-way capacities (Q2, D2 and
K) all coincide and are given by the PLOB bound[15]
(22)
A quantum-limited amplifier with an associated gain g > 1 is another

phase-insensitive Gaussian channel but realizing the transformation
, where the environment E is in the vacuum

state9. Its two-way capacities all coincide and are given by[15]
(23)
A dephasing channel with probability p ≤ 1/2 is a Pauli channel of the form

where Z is the phase-flip Pauli operator 7. Its
two-way capacities all coincide and are given by 15
(24)
where is the binary

Shannon entropy. Finally, an erasure channel with probability p is
a channel of the form where is an orthogonal state living in an
7
extra dimension . Its two-way capacities all coincide to[15],[54],[55]
132
TELEPHONY
.(25)
Consider now a repeater chain where the channels are

distillable of the same type (e.g., all quantum-limited amplifiers with
different gains gi). The repeater-assisted capacity can be computed by
combining Eq. (7) with one of the Eqs. (22)–(25). The final formulas are
shown in the first column of Table 1. Then consider a quantum network
where each edge is described by a distillable
channel of the same type. For network we may consider both a
generic route with sequence of channels and a
entanglement cut C, with corresponding cut-set \tilde C. By combining
Eqs. (14) and (19) with Eqs. (22)–(25), we derive explicit formulas for the
single-path and multi-path capacities. These are given in the second and
third columns of Table 1 where we set
(26)
(27)
(28)
(29)
(30)
Analytical formulas for the end-to-end capacities of distillable chains and

networks
Let us note that the formulas for dephasing and erasure channels can be
easily extended to arbitrary dimension d. In fact, a qudit erasure channel is
formally defined as before and its two-way capacities are[15],[54],[55]
133
.(31)
Therefore, it is sufficient to multiply by the corresponding

expressions in Table 1. Then, in arbitrary dimension d, the dephasing
channel is defined as
(32)
where pk is the probability of k phase flips and
Its generic two-way capacity is [15]
(33)
where is the Shannon entropy.

Here the generalization is also simple. For instance, in a chain of
such d-dimensional dephasing channels, we would have N + 1 distributions
We then compute the most entropic distribution, i.e., we take the
maximization . This is the bottleneck that determines

the repeater capacity, so that
(34)
Generalization to dimension d is also immediate for the two network

capacities and .
The ultimate boundaries of quantum and private communications assisted

by repeaters is established, from the case of a single repeater chain to an
arbitrary quantum network under single- or multi-path routing. Assuming
arbitrary quantum channels between the nodes, we have shown that the
end-to-end capacities are bounded by single-letter quantities based on the
relative entropy of entanglement. These upper bounds are very general
134
TELEPHONY
and also apply to chains and networks with untrusted nodes (i.e., run by
an eavesdropper). Our theory is formulated in a general information-
theoretic fashion which also applies to other entanglement measures, as
discussed in our Methods section. The upper bounds are particularly
important because they set the tightest upper limits on the performance
of quantum repeaters in various network configurations. For instance, our
benchmarks may be used to evaluate performances in relay-assisted QKD
protocols such as MDI-QKD and variants [56],[57],[58]. Related literature
and other developments [59],[60],[61],[62],[63],[64],[65],[66] are
discussed in Supplementary Note 6.
For the lower bounds, we have employed classical composition methods

of the capacities, either based on the widest path problem or the
maximum flow, depending on the type of routing. In general, these simple
and classical lower bounds do not coincide with the quantum upper
bounds. However this is remarkably the case for distillable networks, for
which the ultimate quantum communication performance can be
completely reduced to the resolution of classical problems of network
information theory. For these networks, widest path and maximum flow
determine the quantum performance in terms of secret key generation,
entanglement distribution and transmission of quantum information. In
this way, we have been able to exactly establish the various end-to-end
capacities of distillable chains and networks where the quantum systems
are affected by the most fundamental noise models, including bosonic
loss, which is the most important for optical and telecom communications,
quantum-limited amplification, dephasing and erasure. In particular, our
results also showed how the parallel or “broadband” use of a lossy
quantum network via multi-path routing may greatly improve the end-to-
end rates.
Methods
We present the main techniques that are needed to prove the results of
our main text. These methods are here provided for a more general
entanglement measure EM, and specifically apply to the REE. We consider
a quantum network under single- or multi-path routing. In particular, a
chain of quantum repeaters can be treated as a single-route quantum
network.
135
For the upper bounds, our methodology can be broken down in the
following steps: (i) Derivation of a general weak converse upper bound in
terms of a suitable entanglement measure (in particular, the REE); (ii)
Simulation of the quantum network, so that quantum channels are
replaced by resource states; (iii) Stretching of the network with respect to
an entanglement cut, so that Alice and Bob’s shared state has a simple
decomposition in terms of resource states; (iv) Data processing,
subadditivity over tensor-products, and minimization over entanglement
cuts. These steps provide entanglement-based upper bounds for the end-
to-end capacities. For the lower bounds, we perform a suitable
composition of the point-to-point capacities of the single-link channels by
means of the widest path and the maximum flow, depending on the
routing. For the case of distillable quantum networks (and chains), these
lower bounds coincide with the upper bounds expressed in terms of the
REE.
General (weak converse) upper bound
This closely follows the derivation of the corresponding point-to-point

upper bound first given in the second 2015 arXiv version of ref.[15] and
later reported as Theorem 2 in ref.[16]. Consider an arbitrary end-to-end
network protocol {\cal{P}} (single- or multi-path). This outputs
a shared state \rho _{{\mathbf{ab}}}^n for Alice and Bob after n uses,
which is ε-close to a target private state [30],[31] ϕn having
nR_n^\varepsilon secret bits, i.e., in trace norm we have
. Consider now an entanglement measure EM which

is normalized on the target state, i.e.,
.
(35)
Assume that EM is continuous. This means that, for d-dimensional states ρ

and σ that are close in trace norm as , we may write
(36)
with the functions g and h converging to zero in ε. Assume also that EM is
136
TELEPHONY
monotonic under trace-preserving LOCCs \bar \Lambda, so that
(37)
a property which is also known as data processing inequality. Finally,

assume that EM is subadditive over tensor products, i.e.,
(38)
All these properties are certainly satisfied by the REE ER and the squashed
entanglement (SQ) ESQ, with specific expressions for g and h (e.g., these
expressions are explicitly reported in Sec. VIII.A of ref.[15]).
Using the first two properties (normalization and continuity), we may

write
(39)
where d is the dimension of the target private state. We know that this
dimension is at most exponential in the number of uses, i.e.,
for constant α (e.g., see ref.[15] or Lemma 1 in ref.
[16]). By replacing this dimensional bound in Eq. (39), taking the limit for
large n and small ε (weak converse), we derive
(40)
Finally, we take the supremum over all protocols {\cal{P}} so that we can
write our general upper bound for the end-to-end secret key capacity
(SKC) of the network
(41)
In particular, this is an upper bound to the single-path SKC if are
137
single-path protocols, and to the multi-path SKC are multi-path

(flooding) protocols.
In the case of an infinite-dimensional state , the proof can be

repeated by introducing a truncation trace-preserving LOCC T, so that
is a finite-dimensional state. The proof is repeated for
and finally we use the data processing to
write the same upper bound as in Eq. (41). This follows the same steps of
the proof given in the second 2015 arXiv version of ref.[15] and later
reported as Theorem 2 in ref.[15]. It is worth mentioning that Eq. (41) can
equivalently be proven without using the exponential growth of the
private state, i.e., using the steps of the third proof given in the
Supplementary Note 3 of ref.[15].
Network simulation
Given a network with generic point and edge

, replace the generic channel with a simulation over a
resource state σxy. This means to write for
any input state ρ, by resorting to a suitable trace-preserving LOCC
(this is always possible for any quantum channel [15]). If we perform this
operation for all the edges, we then define the simulation of the network
where each channel is replaced by a
corresponding resource state. If the channels are bosonic, then the
simulation is typically asymptotic of the type
where for some sequence of simulating
LOCCs and sequence of resource states .
Here the parameter μ is usually connected with the energy of the resource
state. For instance, if is a teleportation-covariant bosonic channel,
then the resource state is its quasi-Choi matrix
being a two-mode squeezed
138
TELEPHONY
vacuum state (TMSV) state [9] whose parameter is

related to the mean number \bar n of thermal photons. Similarly, the
simulating LOCC is a Braunstein-Kimble protocol [67],[68] where the

ideal Bell detection is replaced by the finite-energy projection onto α-
displaced TMSV states with D being the phase-space
displacement operator [9].
Given an asymptotic simulation of a quantum channel, the associated

simulation error is correctly quantified by employing the energy-
constrained diamond distance [15], which must go to zero in the limit, i.e.,
(42)
Recall that, for any two bosonic channels {\cal{E}} and {\cal{E}}', this
quantity is defined as
(43)
where is the compact set of bipartite bosonic states with mean

number of photons (see ref.[69] for a later and slightly different definition,
where the constraint is only on the B part). Thus, in general, if the network
has bosonic channels, we may write the asymptotic simulation
Stretching of the network
Once we simulate a network, the next step is its stretching, which is the
complete adaptive-to-block simplification of its output state (for the exact
details of this procedure see Supplementary Note 3). As a result of
stretching, the n-use output state of the generic network protocol can be
decomposed as
139
(44)
where \bar \Lambda represents a trace-preserving LOCC (which is local

with respect to Alice and Bob). The LOCC includes all the adaptive
LOCCs from the original protocol besides the simulating LOCCs. In Eq. (44),
the parameter nxy is the number of uses of the edge (x, y), that we may
always approximate to an integer for large n. We have nxy ≤ n for single-
path routing, and nxy = n for flooding protocols in multi-path routing.
In the presence of bosonic channels and asymptotic simulations, we

modify Eq. (44) into the approximate stretching
(45)
which tends to the actual output for large μ. In fact, using a

“peeling” technique [15],[16] which exploits the triangle inequality and
the monotonicity of the trace distance under completely-positive trace-
preserving maps, we may write the following bound
(46)
which goes to zero in μ for any finite input energy
finite number of uses n of the protocol, and finite number of edges |

E| in the network (the explicit steps of the proof can be found in
Supplementary Note 3).
Stretching with respect to entanglement cuts
The decomposition of the output state can be greatly simplified by

introducing cuts in the network. In particular, we may drastically reduce
the number of resource states in its representation. Given a cut C of
140
TELEPHONY
with cut-set , we may in fact stretch the network with respect to that
specific cut (see again Supplementary Note 3 for exact details of the
procedure). In this way, we may write
,
(47)
where is a trace-preserving LOCC with respect to Alice and Bob

(differently from before, this LOCC now depends on the cut C, but we
prefer not to complicate the notation). Similarly, in the presence of
bosonic channels, we may consider the approximate decomposition
(48)
which converges in trace distance to for large μ.
Data processing and subadditivity
Let us combine the stretching in Eq. (47) with two basic properties of the
entanglement measure EM. The first property is the monotonicity of EM
under trace-preserving LOCCs; the second property is the subadditivity of
EM over tensor-product states. Using these properties, we can simplify the
general upper bound of Eq. (41) into a simple and computable single-letter
quantity. In fact, for any cut C of the network we write
(49)
(50)
where has disappeared. Let us introduce the probability of using the

generic edge (x, y)
141
(51)
so that we may write the limit
(52)
Using the latter in Eq. (41) allows us to write the following bound, for any
cut C
(53)
In the case of bosonic channels and asymptotic simulations, we may use

the triangle inequality
(54)
Then, we may repeat the derivations around Eqs. (39)–(41) for
instead of , where we also include the use of a suitable truncation of

the states via a trace-preserving LOCC T (see also Sec. VIII.D of ref.[16] for
a similar approach in the point-to-point case). This leads to the μ-
dependent upper-bound
(55)
Because this is valid for any μ, we may conservatively take the inferior
limit in μ and consider the upper bound
(56)
142
TELEPHONY
Finally, by introducing the stretching of Eq. (48) with respect to an
entanglement cut C, and using the monotonicity and subadditivity of EM
with respect to the decomposition of we may repeat the

previous reasonings and write
(57)
which is a direct extension of the bound in Eq. (53).
We may formulate both Eqs. (53) and (57) in a compact way if we define
the entanglement measure EM over an asymptotic state
(58)
It is clear that, for a physical (non-asymptotic) state, we have the trivial

sequence σμ = σ for any μ, so that Eq. (58) provides the standard
definition. In the specific case of REE, we may write
(59)
where γμ is a sequence of separable states that converges in trace norm;

this means that there exists a separable state γ such that
Employing the extended definition of Eq. (58), we may

write Eq. (53) for both non-asymptotic σxy and asymptotic states
Minimum entanglement cut and upper bounds
By minimizing Eq. (53) over all possible cuts of the network, we find the
tightest upper bound, i.e.,
(60)
143
Let us now specify this formula for different types of routing. For single-
path routing, we have p_{{\mathbf{xy}}} \le 1, so that we may use
(61)
in Eq. (53). Therefore, we derive the following upper bound for the single-
path SKC
(62)
where we introduce the single-edge flow of entanglement through the cut
(63)
In particular, we may specify this result to a single chain of N points and N

+ 1 channels \{ {\cal{E}}_i\} with resource states {σi}. This is a quantum
network with a single route, so that the cuts can be labeled by i and the
cut-sets are just composed of a single edge. Therefore, Eqs. (62) and (63)
become
(64)
For multi-path routing, we have pxy = 1 (flooding), so that we may simplify
(65)
in Eq. (53). Therefore, we can write the following upper bound for the
multi-path SKC
(66)
where we introduce the multi-edge flow of entanglement through the cut
144
TELEPHONY
(67)
In these results, the definition of EM(σxy) is implicitly meant to be extended

to asymptotic states, according to Eq. (58). Then, note that the tightest
values of the upper bounds are achieved by extending the minimization to
all network simulations i.e., by enforcing in

Eqs. (62) and (66).
Specifying Eqs. (62), (64), and (66) to the REE, we get the single-letter
upper bounds
(68)
(69)
(70)
which are Eqs. (4), (11) and (17) of the main text. The proofs of these
upper bounds in terms of the REE can equivalently be done following the
“converse part” derivations in Supplementary Note 1 (for chains),
Supplementary Note 4 (for networks under single-path routing), and
Supplementary Note 5 (for networks under multi-path routing). Differently
from what presented in this Methods section, such proofs exploit the
lower semi-continuity of the quantum relative entropy [8] in order to deal
with asymptotic simulations (e.g., for bosonic channels).
Lower bounds
To derive lower bounds we combine the known results on two-way

assisted capacities [15] with classical results in network information
theory. Consider the generic two-way assisted capacity of the
channel (in particular, this can be either D2 = Q2 or K). Then, using
the cut property of the widest path (Supplementary Note4), we derive the
following achievable rate for the generic single-path capacity of the
network
145
(71)
For a chain this simply specifies to
(72)
Using the classical max-flow min-cut theorem (Supplementary Note5), we

derive the following achievable rate for the generic multi-path capacity of
(73)
Simplifications for teleportation-covariant and distillable networks
Recall that a quantum channel is said to be teleportation-covariant [15]

when, for any teleportation unitary U (Weyl-Pauli operator in finite
dimension or phase-space displacement in infinite dimension), we have
(74)
for some (generally-different) unitary transformation V. In this case the

quantum channel can be simulated by applying teleportation over its Choi
matrix where Φ is a maximally-entangled state.
Similarly, if the teleportation-covariant channel is bosonic, we can write an
approximate simulation by teleporting over the quasi-Choi matrix
, where Φμ is a TMSV state. For a network of
teleportation-covariant channels, we therefore use teleportation to
simulate the network, so that the resource states in the upper bounds of
Eqs. (68)–(70) are Choi matrices (physical or asymptotic). In other words,
we write the sandwich relations
(75)
146
TELEPHONY
(76)
(77)
with the REE taking the form of Eq. (59) on an asymptotic Choi matrix
As a specific case, consider a quantum channel which is not only

teleportation-covariant but also distillable, so that it satisfies [15]
(78)
where is the one-way distillability of the Choi matrix (with a

suitable asymptotic expression for bosonic Choi matrices [15]). If a
network (or a chain) is composed of these channels, then the relations in
Eqs. (75)–(77) collapse and we fully determine the capacities
(79)
(80)
(81)
These capacities correspond to Eqs. (7), (14), and (19) of the main text.
They are explicitly computed for chains and networks composed of lossy
channels, quantum-limited amplifiers, dephasing and erasure channels in
Table 1 of the main text.
Regularizations and other measures
It is worth noticing that some of the previous formulas can be re-

formulated by using the regularization of the entanglement measure, i.e.,
147
(82)
In fact, let us go back to the first upper bound in Eq. (49), which implies
(83)
For a network under multi-path routing we have , so that we

may write
(84)
By repeating previous steps, the latter equation implies the upper bound
(85)
which is generally tighter than the result in Eqs. (66) and (67). The same
regularization can be written for a chain which can also be seen as
a single-route network satisfying the flooding condition
Therefore, starting from the condition of Eq. (83) with we may
write
(86)
which is generally tighter than the result in Eq. (64). These regularizations
are important for the REE, but not for the squashed entanglement which
is known to be additive over tensor-products, so that E
Another extension is related to the use of the relative entropy distance

with respect to partial-positive-transpose (PPT) states. This quantity can
148
TELEPHONY
be denoted by RPPT and is defined by 31
(87)
with an asymptotic extension similar to Eq. (59) but in terms of converging

sequences of PPT states . The RPPT is tighter than the REE but does
not provide an upper bound to the distillable key of a state, but rather to
its distillable entanglement. This means that it has normalization
on a target maximally-entangled state with
ebits.
The RPPT is known to be monotonic under the action of PPT operations

(and therefore LOCCs); it is continuous and subadditive over tensor-
product states. Therefore, we may repeat the derivation that leads to Eq.
(41) but with respect to protocols of entanglement distribution. This
means that we can write
(88)
Using the decomposition of the output state as in Eqs. (47) and (48),
and repeating previous steps, we may finally write
for a chain with

resource states and
(89)
(90)
for the single- and multi-path entanglement distribution capacities of a

quantum network with resource states
149
References
[1] Kimble, H. J. The Quantum Internet. Nature 453, 1023–1030

(2008).
[2] Van Meter, V. Quantum Networking (Wiley, 2014).
[3] Pirandola, S. & Braunstein, S. L. Unite to build a quantum internet.

Nature 532, 169–171 (2016).
[4] Pirandola, S., Eisert, J., Weedbrook, C., Furusawa, A. & Braunstein,
S. L. Advances in quantum teleportation. Nature Photon. 9, 641–652
(2015).
[5] Gisin, N. et al. Quantum cryptography. Rev. Mod. Phys. 74, 145–
195 (2002).
[6] Watrous, J. The theory of quantum information. (Cambridge

University Press, Cambridge, 2018).
[7] Nielsen, M. A. & Chuang, I. L. Quantum computation and

quantum information. (Cambridge University Press, Cambridge,
2002).
[8] Holevo, A. Quantum systems, channels, information: A

mathematical introduction. (De Gruyter, Berlin-Boston, 2012).
[9] Weedbrook, C. et al. Gaussian quantum information. Rev.

Mod. Phys. 84, 621–669 (2012).
[10] Braunstein, S. L. & van Loock, P. Quantum information theory

with continuous variables. Rev. Mod. Phys. 77, 513–577 (2005).
[11] Fröhlich, B. et al. Quantum secured gigabit optical access

networks. Sci. Rep. 5, 18121 (2015).
[12] Bunandar, D. et al. Metropolitan quantum key distribution

with silicon photonics. Phys. Rev. X 8, 021009 (2018).
150
TELEPHONY
[13] García-Patrón, R., Pirandola, S., Lloyd, S. & Shapiro, J. H.
Reverse coherent information. Phys. Rev. Lett. 102, 210501
(2009).
[14] Pirandola, S., García-Patrón, R., Braunstein, S. L. & Lloyd, S.

Direct and reverse secret-key capacities of a quantum channel.
Phys. Rev. Lett. 102, 050503 (2009).
[15] Pirandola, S., Laurenza, R., Ottaviani, C. & Banchi, L.

Fundamental Limits of Repeaterless Quantum Communications.
Nature Commun. 8, 15043 (2017).
[16] Pirandola, S. et al. Theory of channel simulation and bounds

for private communication. Quantum Sci. Technol. 3, 035009
(2018).
[17] Briegel, H.-J., Dür, W., Cirac, J. I. & Zoller, P. Quantum

repeaters: The role of imperfect local operations in quantum
communication. Phys. Rev. Lett. 81, 5932–5935 (1998).
[18] Slepian, P. Mathematical Foundations of Network Analysis.

(Springer-Verlag, New York, 1968).
[19] Cover, T. M. & Thomas, J. A. Elements of Information Theory.

(Wiley, New Jersey, 2006).
[20] El Gamal, A. & Kim, Y.-H. Network Information Theory

(Cambridge Univ. Press 2011).
[21] Schrijver, A. Combinatorial Optimization. (Springer-Verlag,

Berlin, 2003).
[22] Azuma, K., Tamaki, K. & Lo, H.-K. All-photonic quantum

repeaters. Nat. Commun. 6, 6787 (2015).
[23] Cormen, T., Leiserson, C. & Rivest, R. Introduction to

Algorithms. (MIT Press, Cambridge, MA, 1990).
151
[24] Pollack, M. The maximum capacity through a network. Oper.

Res. 8, 733–736 (1960).
[25] Medhi, D. & Ramasamy, K. Network Routing: Algorithms,

Protocols, and Architectures. Second Edition (Morgan Kaufmann
publishers, Cambridge MA, 2018).
[26] Harris, T. E. & Ross, F. S. Fundamentals of a Method for

Evaluating Rail Net Capacities. Research Memorandum, Rand
Corporation (1955).
[27] Ford, L. R. & Fulkerson, D. R. Maximal flow through a

network. Canadian J. Math. 8, 399–404 (1956).
[28] Elias, P., Feinstein, A. & Shannon, C. E. A note on the

maximum flow through a network. IRE Trans. Inf. Theory 2, 117–
119 (1956).
[29] Ahuja, R. K., Magnanti, T. L. & Orlin, J. B. Network Flows:

Theory, Algorithms and Applications (Prentice Hall 1993).
[30] Horodecki, K., Horodecki, M., Horodecki, P. & Oppenheim, J.

Secure key from bound entanglement. Phys. Rev. Lett. 94, 160502
(2005).
[31] Horodecki, K., Horodecki, M., Horodecki, P. & Oppenheim, J.

General paradigm for distilling classical key from quantum states.
IEEE Trans. Inf. Theory 55, 1898–1929 (2009).
[32] Cope, T. P. W., Hetzel, L., Banchi, L. & Pirandola, S. Simulation

of non-Pauli Channels. Phys. Rev. A 96, 022323 (2017).
[33] Laurenza, R. & Pirandola, S. General bounds for sender-

receiver capacities in multipoint quantum communications. Phys.
Rev. A 96, 032318 (2017).
152
TELEPHONY
[34] Laurenza, R., Braunstein, S. L. & Pirandola, S. Finite-resource
teleportation stretching for continuous-variable systems. Sci. Rep.
8, 15267 (2018).
[35] Laurenza, R. et al. Tight finite-resource bounds for private

communication over Gaussian channels. Preprint at
https://arxiv.org/abs/1808.00608 (2018).
[36] Pirandola, S., Laurenza, R. & Lupo, C. Fundamental limits to

quantum channel discrimination. Preprint at
[37] Pirandola, S., Laurenza, R. & Banchi, L. Conditional channel

simulation. Ann. Phys. 400, 289–302 (2019).
[38] Vedral, V. The role of relative entropy in quantum

information theory. Rev. Mod. Phys. 74, 197–234 (2002).
[39] Vedral, V., Plenio, M. B., Rippin, M. A. & Knight, P. L.

Quantifying Entanglement. Phys. Rev. Lett. 78, 2275–2279 (1997).
[40] Vedral, V. & Plenio, M. B. Entanglement measures and

purification procedures. Phys. Rev. A. 57, 1619–1633 (1998).
[41] Hayashi, M., Iwama, K., Nishimura, H., Raymond, R. &

Yamashita, S. Quantum network coding. Lect. Notes. Comput. Sci.
4393, 610–621 (2007).
[42] Hayashi, M., Owari, M., Kato, G. & Cai, N. Secrecy and
robustness for active attacks in secure network coding and its
application to network quantum key distribution. Preprint at
[43] Song, S. & Hayashi, M. Secure quantum network code

without classical communication. Proc. IEEE Inf. Theory Workshop
2018 (ITW 2018), Guangzhou, China, November 25–29, 2018, pp.
126–130.
153
[44] Van Meter, R. et al. Path selection for quantum repeater.

Networks. Netw. Sci. 3, 82–95 (2013).
[45] Di Franco, C. & Ballester, D. Optimal path for a quantum

teleportation protocol in entangled networks. Phys. Rew. A 85,
010303(R) (2012).
[46] Tanenbaum, A. S. & Wetherall, D. J. Computer Networks (5th

Edition, Pearson, 2010).
[47] Orlin, J. B. Max flows in O(nm) time, or better. STOC’13

Proceedings of the Forty-fifth Annual ACM Symposium on Theory
of Computing, pp. 765–774 (2013).
[48] Edmonds, J. & Karp, R. M. Theoretical improvements in

algorithmic efficiency for network flow problems. J. ACM 19, 248–
264 (1972).
[49] Dinic, E. A. Algorithm for solution of a problem of maximum

flow in a network with power estimation. Soviet Math. Doklady
11, 1277–1280 (1970).
[50] Alon, N. Generating pseudo-random permutations and

maximum flow algorithms. Inf. Processing Lett. 35, 201–204
(1990).
[51] Ahuja, R. K., Orlin, J. B. & Tarjan, R. E. Improved time bounds

for the maximum flow problem. SIAM J. Comput. 18, 939–954
(1989).
[52] Cheriyan, J., Hagerup, T. & Mehlhorn, K. Can a maximum flow

be computed in O(nm) time? Proceedings of the 17th
International Colloquium on Automata, Languages and
Programming, pp. 235–248 (1990).
[53] King, V., Rao, S. & Tarjan, R. A faster deterministic maximum

flow algorithm. J. Algorithms 17, 447–474 (1994).
154
TELEPHONY
[54] Goodenough, K., Elkouss, D. & Wehner, S. Assessing the
performance of quantum repeaters for all phase-insensitive
Gaussian bosonic channels. New J. Phys. 18, 063005 (2016).
[55] Bennett, C. H., DiVincenzo, D. P. & Smolin, J. A. Capacities of

quantum erasure channels. Phys. Rev. Lett. 78, 3217–3220 (1997).
[56] Braunstein, S. L. & Pirandola, S. Side-channel-free quantum

key distribution. Phys. Rev. Lett. 108, 130502 (2012).
[57] Lo, H.-K., Curty, M. & Qi, B. Measurement-device-

independent quantum key distribution. Phys. Rev. Lett. 108,
130503 (2012).
[58] Pirandola, S. et al. High-rate measurement-device-

independent quantum cryptography. Nature Photon. 9, 397–402
(2015).
[59] Azuma, K., Mizutani, A. & Lo, H.-K. Fundamental rate-loss

trade-off for the quantum internet. Nat. Commun. 7, 13523
(2016).
[60] Azuma, K. & Kato, G. Aggregating quantum repeaters for the

quantum internet. Phys. Rev. A 96, 032332 (2017).
[61] Rigovacca, L. et al. Versatile relative entropy bounds for

quantum networks. New J. Phys. 20, 013033 (2018).
[62] Cope, T. P. W., Goodenough, K. & Pirandola, S. Converse

bounds for quantum and private communication over Holevo-
Werner channels. J. Phys. A: Math. Theor. 51, 494001 (2018).
[63] Pant, M. et al. Routing entanglement in the quantum

internet. Preprint at https://arxiv.org/abs/1708.07142 (2017).
[64] Bäuml, S., Azuma, K, Kato, G. & Elkouss, D. Linear programs

for entanglement and key distribution in the quantum internet.
Preprint at https://arxiv.org/abs/1809.03120 (2018).
155
[65] Lucamarini, M., Yuan, Z. L., Dynes, J. F. & Shields, A. J.

Overcoming the rate–distance limit of quantum key distribution
without quantum repeaters. Nature 557, 400–403 (2018).
[66] Ma, X., Zeng, P. & Zhou, H. Phase-matching quantum key

distribution. Phys. Rev. X 8, 031043 (2018).
[67] Braunstein, S. L. & Kimble, J. Teleportation of continuous

quantum variables. Phys. Rev. Lett. 80, 869–872 (1998).
[68] Pirandola, S., Laurenza, R. & Braunstein, S. L. Teleportation

simulation of bosonic Gaussian channels: Strong and uniform
convergence. Eur. Phys. J. D 72, 162 (2018).
[69] Shirokov, M. E. Energy-constrained diamond norms and their

use in quantum information theory. Prob. Inf.Transm. 54,20-
33(2018)
Applications of quantum communication protocols in real world scenarios

toward space
Quantum cryptography and quantum computation are based on the

communication of single quantum states and quantum entanglement,
respectively. Particularly in view of these high potential applications the
question arises, whether quantum correlations can be sufficiently well
communicated over global distances to be used in communication
protocols as predicted by quantum mechanics. Various experiments and
possible application of quantum communications on ground and in space
are discussed in this article. Thereby, it confirms the feasibility of quantum
communication in space on a global scale, involving the International
Space Station (ISS) or satellites linking to optical ground stations.
1. Introduction
Quantum communication (Zoller, 2005) is an important ingredient in
future information processing technologies and basically transfers a
156
TELEPHONY
quantum state from one location to another. In quantum key distribution
(QKD) (Gisin et al., 2001) such a quantum channel is used to share a
quantum state or, more excitingly, to use quantum mechanical
correlations (entanglement) (Schrorindinger, 1935) to the partner’s
quantum state to generate a provable unconditional secure key at any
distance. This offers for the first time an absolute secure way to distribute
a confidential key between distant partners enabling secure
communication among them by classical means only (see A. Poppe et al.,
in the same issue). Furthermore, quantum entanglement enables us to
teleport (Bennett et al., 1993) a quantum state to a location at distance
without actually moving the correlation-carrying entity in the case of
photons (Bouwmeester et al., 1997; Ursin et al., 2004) or Ions (Riebe et al.,
2004; Barrett et al., 2004). In practical implementations of quantum
communication, the link consists of a series of quantum state representing
the quantum information, for instance encoded in their individual
polarization state or in the correlation of quantum states between two or
more qubits. The requirements for quantum communication therefore
include a reliable optical link with low attenuation and the ability at the
receiver to discriminate these single photons from the background.
Particularly, in view of these applications the question arises, whether

quantum correlations can still be used in communication protocols as
predicted by quantum mechanics even over global distances. Up to now,
this has been verified over distances of up to 13km (Weihs et al., 1998;
Aspelmeyer et al., 2003; Resch et al., 2005; Peng et al., 2005) using
polarization entangled photons via free-space links through the
atmosphere. For time-bin entanglement a 10 km link was demonstrated in
optical fibers (Tittel et al., 1998) and an experiment was done in coiled
fiber by Marcikic et al., 2004;Takesue et al., 2005) over 105 km. In order to
go well beyond and to significantly expand the distance between the
observers measuring the entangled particles one has to go into space to
know about the real scenario.
2.Real world scenarios
So far various experimental demonstrations of quantum communication

protocols have already been demonstrated in installed fiber systems
which is an important proof-of-principle demonstration in the view of
quantum communication protocols application in terrestrial real world
scenarios.
157
Two polarization entangled particles at a wavelength of 810nm were

distributed through an 1.4km long single-mode fiber between the
headquarters of an Austrian bank and the Vienna City Hall shown in (Fig.
1) by Poppe et al., (2004). At both measurement stations, each incoming
photon was randomly analyzed at two distinct polarization basis states
generating a symmetric key at each receiver station. The produced key
was directly handed over to a computer application lathat was used to
send a quantum secured online wire transfer from the City Hall to the
headquarters of Bank-Austria Creditanstalt in Vienna.
3.Quantum teleportation
Efficient long-distance quantum teleportation was studied by Bennett et

al., (1993) is a crucial ingredient for future quantum computer application
which was used by Deutsch,Ekert, (1998), and is necessary since quantum
computers studied by Gottesmann,Chuang, (1999); Laflamme, Milburn,
(2001) needs internally computed quantum states and will have to
communicate among each other. Quantum repeater was studied by
Briegel et al., (1998) will allow to distribute quantum entanglement over
distances thus being vital for future global quantum communication
networks. At present the only suitable system for efficient long-distance
quantum communication is photons. A quantum teleportation over long-
distances was performed in fiber over 600m (Ursin et al., 2004). Quantum
teleportation is based on a quantum channel, here established through a
pair of polarization-entangled photons shared between Alice and Bob (Fig.
2). This was implemented by using an 800-metre-long optical fiber
installed in a public sewer system located in a tunnel underneath the River
Danube, where it is exposed to temperature fluctuations and other
environmental factors.
The teleportation protocol goes as follows: For Alice to be able to transfer

the unknown polarization state of an input photon, she has to perform a
joint so-called Bell-state measurement on the input photon and her
member of the shared entangled photon pair (Alice in Fig. 2). Our scheme
allows her to identify two of the four Bell states which is the optimum
achievable with linear optics only was done by Lu¨ tkenhaus, Calsamiglia,
Suominen,( 1999). As a result of this Bell state measurement, Bob’s
‘receiver’ photon will always be found in a state already containing full
information or a simple bit-flip operation depending on the specific Bell
state that Alice observed. Our teleportation scheme therefore also
158
TELEPHONY
includes active feed-forward of Alice’s measurement results, which is
achieved by means of a classical microwave channel together with a fast
electro-optical modulator (EOM). It enables Bob to perform the bit-flip on
his photon to obtain an exact replica of Alice’s input photon. For
successful operation of this experimental scheme, Bob has to set the EOM
correctly before photon arrives. Because of the reduced velocity of light
within the fiber-based quantum channel (two-thirds of that in vacuum)
the classical signal arrives well before the photon which has to be
teleported.
4. Free-space experiments
On the basis of present fiber and detector technology, it has been
determined that absorptive losses and dark counts in the detectors limit
the distance for distributing entanglement to the order of 100km (Zeevi,
Yamamoto, Waks, 2002). One approach to overcome this limitation is the
implementation of quantum repeaters which, however, still need
significant development (Briegel et al., 1998). Another approach is using
free-space links, using telescopes for the transmission of single or
entangled photon state towards the receiver (Aspelmeyer, 2003; Resch et
al., 2005).
An experiment implemented with weak coherent laser pulses, between
the Canary islands La Palma and Tenerife was performed via a free-space
link over 144 km. The transmitter telescope was placed on the Roque de
los Muchachos (2400m above sea level) on the island of La Palma. In the
experiment the optics of the QKD transmitter (Alice) consisted of four
laser weak laser diodes, whose orientation was rotated by 45 relative to
the neighboring ones. At a clock rate of R0¼10MHz one of them emitted a
2 ns optical pulse centered at 850nm with a full width at half maximum
(FWHM) of 1.5 nm, according to random bit values, that were generated
beforehand by a physical random number generator and stored on Alice’s
hard disk (see (Schmitt-Manderbach et al., 2007) and the references
therein). The output beams of all diodes were overlapped by conical
mirrors and coupled into a single mode optical fiber running to the
transmitter telescope (Weier et al., 2006). The transmitter consisted of a
single lens with a 150mm diameter and f¼400mm focal length (f=2.7)
guiding the single photons to Bob in the Optical Ground Station (OGS) of
the European Space Agency (ESA) on Tenerife, 2400m above sea level
(Comeron et al., 2002)over the 144km free-space link.
Due to various atmospheric influences such as changes of the atmospheric
layering and temperature and humidity gradients, the apparent bearing of
159
the receiver station varied on timescales of tens of seconds to minutes.

Most classical optical communication channels prevent the beam from
drifting off the receiver aperture by defocusing the beam. This is not an
option in single photon experiments,where maintaining the maximum link
efficiency is essential.
Hence in our experiment the alignment both of the transmitter and the
receiver telescope was controlled automatically by a closed-loop tracking
system using a 532nm beacon laser shining from the OGS to the single
photon transmitter and vice versa. Fig. 2. Arrangement of the experiment
on both sides of the river Danube. The slower quantum channel (fiber)
passes through a large sewage pipe tunnel below the river and the faster
classical channel (mirowave) passes above Fig. 1. A quantum cryptography
system was installed between the headquarters of a large bank (Alice) and
the Vienna City Hall (Bob). The beeline distance between the two buildings
is about 650 m. The optical fibers were installed some weeks before the
experiment in the Vienna sewage system and have a total length of 1.45
km R. Ursin et al. Applications of quantum communication protocols
150 | heft 5.
The OGS (Bob), a 1m Richey-Chr_etien=Coud_e telescope with an effective
focal length of 39m (f=39), was used to collect the single photons with a
field-of-view of 8 arcmin. The atmospheric turbulence caused significant
beam wander in the focal plane of the telescope of up to 3mm in the
worst case. We measured a link efficiency for single photons of _25 dB
under best conditions and typically _30 dB. We experimentally
implemented a Bennett-Brassard 1984 (BB84)(Bennett, Brassard, 1984)
protocol type quantum key distribution over the 144 km free-space link
using weak coherent laser pulses, the security was ensured by employing
decoy-state analysis was studied by Hwang,(2003); Lo, Ma, Chen, (2005);
Wang, (2005).
For the sifting process, each photo event had to be assigned an absolute
pulse number in order to allow Alice and Bob to discuss their respective
choice of basis. This was accomplished without any reference channel but
solely by means of the dim pulses. Each photon-event was then accepted
if it was detected within a time window _t around the expected arrival
time or rejected as background, otherwise. Finally, pseudo random bit
sequences in the photon stream (1.2% of the attenuated pulses) enabled
Bob to find the absolute offset of the pulse number.
For raw key generation, we accepted photon events at the receiver within
160
TELEPHONY
a time window _t¼ 5.9 ns, leading to a QBER ¼ 6.48% for the entire
measurement run. We attribute 3% to spurious events within _t_3% to
alignment errors of the Alice module including compensation in the single
mode fiber, and finally, another 0.5% to imperfections in the polarization
analyzer at Bob. This enabled us to distribute a secure key at a rate of 12.8
bits.
The distance between Alice and Bob exceeds that of previous experiments
by an order of magnitude, this exploits the limit for
ground-based free-space quantum communication; significantly longer
distances can only be reached using air- or space-based platforms.
5. Quantum communication in space
Since we intend to extend the distances in quantum communication to a

global scale, will require dedicated terminal with quantum communication
hardware onboard a satellite or a space-station (ISS). This will enable us to
establish a world wide quantum communication network as studied by
Nordholt et al.,( 2002) on one hand, but on the other hand to expand
fundamental experiments on quantum physics to a scale not possible on
Earth. However, the quantum-communication between a partner onboard
of an orbiting station and another on Earth requires an effective quantum-
channel in a noisy ambient and of very-long path length. In particular, for
the exchange of single photons, the strong rejection of background light
must be enforced,together with the accurate pointing of the optical
terminals and the precise synchronization of the receiver to the sender,
including their continuously varying mutual separation. The technical
feasibility with today’s technology was investigated in great detail in a
study by Pfennigbauer,(2005).
From a fundamental point of view, the important question is whether

there are limits on the distance between two entangled quantum systems
of the so called Bell-type experiments. Primarily, such experiments would
allow to expand the scale for testing the validity of quantum physics
theory by several orders of magnitude in distance i.e. beyond the
capabilities of purely on Earth-based laboratories.On the long run,
experiments on quantum entanglement in space might even provide the
basis for fundamental tests of the interplay between gravitation and
quantum physics as done by Kaltenbaek,( 2003).Space provides a unique
‘‘lab’’-environment for entanglement: In the case of massive particles,
microgravity enables the expansion of investigating fundamental quantum
161
properties to much more massive particles than it is possible today on

Earth. In the case of photons, the space environment allows much larger
propagation distances compared to purely Earth-bound free space
experiments. The experimental prerequisites to perform such Bell-type
experiments are a source of entangled photons that are located in a
transmitter terminal and two analyzing receiver-terminals at a distance,
which individually allow to vary their measurement basis randomly and
store the arrival time of single photon in the detector with respect to a
local time standard as studied by Aspelmeyer et al.,( 2003). For
experiments over distances on the order of 1600km it would be sufficient
to place a source of entangled photons in an low-Earth orbit, which would
transmit the two entangled photons to two separated ground based
receivers, see Fig. 3. To guarantee the independence of the Fig. 3.
Proposed long-distance Bell-type experiment in space, to perform a Bell-
type experiment. The entangled photons are sent from a LEO-based
entangled photon source, attached to the outside payload facility of the
European Columbus module on the International Space Station (ISS), to
two separated ground stations, about 1600 km apart Fig. 4. The optical
ground station (OGS) of the European Space Agency (ESA), on Tenerife.
The 1m telescope was used in our quantum communication experiments
over 144 km, and is already suitable as a quantum communication
receiver from a source on a satellite R. Ursin et al. Applications of
quantum communication protocols measurements in each of the receiver
terminals, the measurements have to be space-like separated, this means
that the measurement esult on one receiver cannot influence the result at
the second receiver assuming the speed of light as the maximum speed of
communication. This is more readily accomplished over large distances
between the receiver terminals.
6. Proof of concept experiments for space
In a first experimental demonstration of a quantum-communication

channel between a low-Earth orbit (LEO) satellite and a receiver station on
Earth (the ASI-Matera-Laser-Ranging-Observatory, Italy), was effectively
simulated a single-photon quantum communication channel by reflecting
faint laser pulses off the optical retro reflecting satellite Ajisai, whose orbit
has a perigee height of 1485 km, realizing a satellite-to-Earth quantum-
channel. The identification of the exchanged photons was ascertained by
observing a significant amount of detector counts at the expected arrival
instant with respect to the background value (Villoresi et al., 2004). An
162
TELEPHONY
important component in space based quantum communication is a source
for the entangled photons, which is suitable for space. We are presently
working on a source based on new, and very highly effective down
conversion crystals, which deliver the necessary numbers of photon pairs
but with low power consumption (Fedrizzi et al., 2007).
7. Conclusion
Long distance quantum communication, both in optical fibers and free

space, and even towards satellite based quantum communication made
possible.These are the two most promising technologies for the
communication of quantum information, where quantum cryptography
allows secure links, and quantum teleportation the transport of quantum
states. In addition, once quantum computers are developed, they will
require quantum communication for their networking. Quantum
computers deliver a fundamental boost in performance compared to
existing classical computers, and will have applications such as factoring
numbers, searching a database and simulating complicated quantum
mechanical situations, e.g. molecular chemistry.
Here, the demonstration of the world’s first securing of a bank-transfer
with quantum keys in an intercity link in Vienna, and the exchange of
secure bits via quantum cryptography over a record-breaking link distance
of 144km across the Canary Islands shown. In a separate experiment we
demonstrated quantum teleportation across the Danube, covering a
distance of 600 m, which is a first step towards long distance linking of
future quantum information processors.
These activities also have an important impact on fundamental science, as

the limits of testing quantum mechanics are always stretched further. Our
long-term plan is to place quantum hardware onto satellites in space,
which allows us to investigate the fundamental limits of entanglement
correlation between two photons over distances of thousands of
kilometers.We are convinced that quantum technologies will play a very
important role in the future, and already to date, several companies are
commercializing quantum communication systems.
References
Aspelmeyer, M., Bo¨ hm, H., Gyatso, T., Jennewein, T., Kaltenbaek, R.,
Lindenthal, M.,Molina-Terriza, G., Poppe, A., Resch, K., Taraba, M., Ursin,
163
R., Walther, Ph., Zeilinger,A. (2003): Long-distance free-space distribution

of entangled photons. Science 301:621–623.
Aspelmeyer, M., Jennewein, T., Pfennigbauer, M., Leeb, W., Zeilinger, A.
(2003): Quantph=
0305105.
Barrett, M. D., Chiaverini, J., Schaetz, T., Britton, J., Itabo, M. W., Jost, J. D.,
Knill, R.,
Langer, C., Leibfried, D.,Wineland, D. J. (2004): Deterministic quantum
teleportation of
atomic qubits. Nature 429: 737739.
Bennett, C. H., Brassard, G. (1984): Quantum cryptography. In: Proc. of
IEEE Int.
Conf. on Computers, Systems, and Signal Processing. Bangalore, India,
New York:
IEEE: 175.
Bennett, C. H., Brassard, G., Cr_epeau, C., Jozsa, R., Peres, W., Wootters,
W. K. (1993):
Teleporting an unknown quantum state via dual classical and Einstein-
Podolsky-
Rosenchannels. Physical Review Letters 70: 1895.
Bouwmeester, D., Pan, J.-W., Mattle, K., Eibl, M., Weinfurter, H., Zeilinger,
A. (1997):
Experimental quantum teleportation. Nature 390: 575–579.
Briegel, H.-J., Du¨ r, W., Cirac, J., Zoller, P. (1998): Quantum repeaters: the
role of imperfect
local operations in quantum communication. Physical Review Letters 81:
5932–5935.
Comeron, A., Rubio, J. A., Belmonte, A. M., Garcia, E., Prud’homme, T.,
Sodnik, Z.,
Connor, C. (2002): Propagation experiments in the near infrared along a
150-km path
and from stars in the Canarian archipelago. March 2002: 78–90.
Deutsch, D., Ekert, E. (1998): Quantum computation. Physical World 11:
47–52.
Fedrizzi, A., Herbst, Th., Jennewein, Th., Zeilinger, A., To be published.
Gisin, N., Ribordy, G., Tittel, W., Zbinden, H. (2002): Quantum
cryptography. Reviews of
Modern Physics 74: 145–195
Gottesmann, D., Chuang, I. L. (1999): Demonstrating the viability of
universal quantum
164
TELEPHONY
computation using teleportation and single-qubit operations. Nature 402:
390.
Hwang, W.-Y. (2003): Quantum key distribution with high loss: toward
global secure
communication. Physical Review Letters 91 (5): 057901.
Kaltenbaek, R., Aspelmeyer, M., Pfennigbauer, M., Jennewein, Th.,
Brukner, C., Leeb, W.
R., Zeilinger, A. (2003): Proof-of-concept experiments for quantum physics
in space.
Proc. of SPIE 2003, 5161: 252–268.
Knill, E., Laflamme, R., Milburn, G. J. (2001): A scheme for efficient
quantum computation
with linear optics. Nature 409: 46–52.
Lo, H.-K., Ma, X., Chen, K. (2005): Decoy state quantum key distribution.
Physical Review
Letters 94(23): 230504.
Lu¨ tkenhaus, N., Calsamiglia, J., Suominen, K. A. (1999): Physical Review
Letters 59: 3295.
Marcikic, I., de Riedmatten, H., Tittel, W., Zbinden, H., Legre, M., Gisin, N.
(2004):
Distribution of time-bin entangled qubits over 50 km of optical fiber.
Physical Review
Letters 93 (18): 180502.
Nordholt, J. E., Hughes, R., Morgan, G. L., Peterson, C. G., Wipf, C. C.
(2002): Present and
future free-space quantum key distribution. In Free-Space Laser
Communication
Technologies XIV, vol. 4635 of Proc. of SPIE 2002: 116.
Peng, C. Z., Yang, T., Bao, X. H., Jin, J. Z. X. M., Eng, F. Y., Yang, J., Yin, J.,
Zhang, Q., Li, N.,
Tian, B. L., Pan, J. W. (2005): Experimental free-space distribution of
entangled photon
pairs over a noisy ground atmosphere of 13 km. Physical Review Letters
94: 150501.
Pfennigbauer, M., Aspelmeyer, M., Leeb, W., Baister, G., Dreischerand, T,
Jennewein, T.,
Neckamm, G., Perdigues, J. M., Weinfurter, H., Zeilinger, A. (2005):
Satellite-based
quantum communication terminal employing state-of-the-art technology.
Optical
165
Express 4: 549–560.
Poppe, A., Fedrizzi, A., Loruenser, T., Maurhardt, O., Ursin, R., Boehm, H.
R., Peev, M.,
Suda, M., Kurtsiefer, Ch., Weinfurter, H., Jennewein, T., Zeilinger, A.
(2004): Practical
quantum key distribution with polarization-entangled photons. Optical
Express 12:
3865–3871.
Resch, K. J., Lindenthal, M., Blauensteiner, B., Boehm, H. R., Fedrizzi, A.,
Kurtsiefer, C.,
Poppe, A., Schmitt-Manderbach, T., Taraba, M., Ursin, R., Walther, P.,
Weier, H.,
Weinfurter, H., Zeilinger, A. (2005) Distributing entanglement and single
photons
through an intra-city, free-space quantum channel. Optical Express 13:
202209.
Riebe, M., Ha¨ ffner, H., Roos, C. F., Ha¨ nsel, W., Benhelm, J., Lancaster, G.
P. T., Becher, C.,
Ko¨ rber, T. W., Schmidt-Kaler, F., James, D. F. V., Blatt, R. (2004):
Experimental
quantum teleportation with atoms. Nature 429: 734–737.
Schmitt-Manderbach, T., Weier, H., Fu¨ rst, M., Ursin, R., Tiefenbacher, F.,
Scheidl, T.,
Perdigues, J., Sodnik, Z., Kurtsiefer, Ch., Rarity, J. G., Zeilinger, A.,
Weinfurter, H.
(2007): Experimental demonstration of free-space decoy-state quantum
key
distribution over 144 km. Physical Review Letters 98: 010504.
Schro¨ dinger, E. (1935): Die gegenwa¨ rtige Situation in der
Quantenmechanik.
Naturwissenschaften 23: 807–812; 823–828; 844–849.
Takesue, H., Diamanti, E., Honjo, T., Langrock, C., Fejer, M. M., Inoue, K.,
Yamamoto, Y.
(2005): Differential phase shift quantum key distribution experiment over
105 km fiber.
New Journal of Physics 7: 232.
Tittel, W., Brendel, J., Gisin, B., Herzog, T., Zbinden, H., Gisin, N. (1998):
Experimental
demonstration of quantum correlations over more than 10 km. Physical
Review A
166
TELEPHONY
57: 3229–3232.
originalarbeiten
R. Ursin et al. Applications of quantum communication protocols
152 | heft 5.2007 e&i elektrotechnik und informationstechnik
Ursin, R., Jennewein, T., Aspelmeyer, M., Kaltenbaek, R., Lindenthaland,
M., Walther,
P., Zeilinger, A. (2004): Quantum teleportation across the Danube. Nature
430:
849.
Villoresi, P., Tamburini, F., Aspelmeyer, M., Jennewein, T., Ursin, R.,
Pernechele, C., Bianco,
G., Zeilinger, A., Barbieri, C. (2004): Space-to-ground quantum-
communication using
an optical ground station: a feasibility study. In: SPIE Proc. Quantum
Communications
and Quantum Imaging II Conf. Denver, SPIE 2004.
Wang, X.-B. (2005): Beating the photon-number-splitting attack in practical
quantum
cryptography. Physical Review Letters 94 (23): 230503.
Weier, H., Schmitt-Manderbach, T., Regner, N., Kurtsiefer, Ch., Weinfurter,
H. (2006): Free
space quantum key distribution: towards a real life application.
Fortschritte der Physik
54: 840–845.
Weihs, G., Jennewein, T., Simon, C., Weinfurter, H., Zeilinger, A. (1998):
Violation of Bell’s
inequality under strict Einstein locality conditions. Physical Review Letters
81: 5039–5043.
Zeevi, A., Yamamoto, Y., Waks, E. (2002): Security of quantum key
distribution with
entangled photons against individual attacks. Physical Reviews A 65:
52310.
Zoller, P. (2005): Quantum information sciences and technologies under
European
Commission’s 6th framework program. Era-pilot roadmap.
http:==qist.ect.it=, 2005.
originalarbeiten
Practical anonymous communication protocol developed for quantum

networks
167
The ability to securely transmit information over the internet is extremely

important, but most of the time, eavesdroppers can still generally
determine who the sender and receiver are. In some highly confidential
situations, it is important that the sender's and receiver's identities remain
anonymous.
Over the past couple of decades, researchers have been developing

protocols for anonymously transmitting messages over classical networks,
but similar protocols for quantum network are still in much earlier stages
of development. The anonymity methods that have been proposed for
quantum networks so far face challenges such as implementation
difficulties or require that strong assumptions be made about the
resources, making them impractical for use in the real world.
In a new paper, Anupama Unnikrishnan, Ian MacFarlane, Richard Yi, Eleni

Diamanti, Damian Markham, and Iordanis Kerenidis, from the University
of Oxford, MIT, Sorbonne University, the University of Paris and CNRS,
have proposed the first practical protocol for anonymous communication
in quantum networks.
"Our protocol brings anonymous quantum communication closer to being

actually demonstrated in the lab," Unnikrishnan told "We can guarantee
anonymity in the most paranoid scenario: without needing to trust the
honesty or computational power of players in the network, or even the
entanglement they share."
The new protocol works in the following way. To start, the player who
wants to send a message anonymously notifies the receiver. Then, in each
round of the protocol, an untrusted source creates an entangled quantum
state called the Greenberger-Horne-Zeilinger (GHZ) state, and distributes
it between the players.
The players then have two options: They can either check if the state is
actually the GHZ state by running a verification test, or they can use the
state for anonymous quantum communication. Most of the time, the
players test the state. If a test fails, indicating a possible breach, the
players stop the protocol. In this way, a misbehaving source is likely to get
caught.
168
TELEPHONY
If the players chose to use the state for anonymous communication, they
perform certain operations and measurements on their part of the GHZ
state in order to create "anonymous entanglement" between the sender
and receiver, so that they are now connected by an anonymous quantum
channel. Using this channel, the sender can then use quantum
teleportation to anonymously send a quantum message to the receiver.
The ability of the protocol to achieve perfect anonymity depends on the

players performing perfect actions and sharing a perfect GHZ state. The
researchers showed that, even in realistic networks with imperfections,
the players can still communicate close to anonymously—within a security
parameter epsilon, leading them to call their method an "epsilon-
anonymous protocol."
In the future, the ability to anonymously transmit messages will be critical

for many of the potential applications of a future quantum internet.
However, much more work needs to be done in the meantime.
"We are looking into the experimental demonstration of the protocol in

our lab and also in parallel into the conception of further protocols that
can enrich the toolbox of applications offered by quantum networks,"
Diamanti said.
Quantum Communication Complexity
169
Although entanglement cannot be used for direct communication (as

otherwise it would be superluminal), it surprisingly can produce effects as
if some information had been transferred: entanglement can save on
classical communication when remote parties need to accomplish a joint
task. A typical problem is computation of a function whose inputs are
distributed among the remote parties. The minimal amount of information
that has to be exchanged to accomplish the task defines its complexity.
We showed that in certain communication complexity protocols entangled

states are useful only to the extent that they exhibit nonlocal correlations.
More precisely, we demonstrated that for every Bell’s inequality there
exists a communication complexity problem, for which the protocol
assisted by states which violate the inequality is more efficient than any
classical protocol [1]. On this basis we developed protocols that exploit
entanglement between qubits, qutrits and higher dimensional states [1-2].
In Ref. [3] you can read about a simple but insightful example that
illustrates how entanglement can help separated individuals to find each
other even in the lack of any communication whatsoever.
Recently, we showed that “the quantum superposition of the direction of

communication” is a useful resource for communication complexity. We
found a task for which such a superposition allows for an exponential
saving in communication, compared to one-way quantum (or classical)
communication [4] (See also “Quantum Theory on Indefinite Causal
Structures”).
Figure: Two partners are on the two poles of the Earth (left). From each
pole there are three paths (red 1, yellow 2 and blue 3) and for each path
there are two directions (+ and -) (right, view from the North pole). Which
path and direction should the partners take to find each other at the
equatorial line in the lack of any communication? (For an entanglement-
assistant solution see Ref. [3])
170
TELEPHONY
[1] Č. Brukner, M. Zukowski, J.-W. Pan and A. Zeilinger, Bell's inequality

and Quantum Communication Complexity, Phys. Rev. Lett. 92, 127901
(2004).
[2] Č. Brukner, M. Zukowski and A. Zeilinger, Quantum Communication
Complexity Protocol with Two Entangled Qutrits, Phys. Rev. Lett. 89,
197901 (2002).
[3] Č. Brukner, N. Paunkovic, T. Rudolph and V. Vedral, Entanglement-
assisted Orientation in Space, Int. J. of Quant. Inf. 4, 365 (2006). Preprint
at quant-ph/0509123.
[4] P. A. Guérin, A. Feix, M. Araújo and Č. Brukner, Exponential
Communication Complexity Advantage from Quantum Superposition of
the Direction of Communication, Phys. Rev. Lett. 117, 100502 (2016).
171
12 QUANTUM INFORMATION AND

MEASUREMENT TECHNOLOGIES
Quantum Communication Protocols Based on Hybrid Entanglement of

Light
172
TELEPHONY
Summary
Hybrid entanglement of light combines two quantum information

paradigms, the particle-like and the wave-like encodings, together. Recent
experiments that engage this resource for two quantum communication
protocols: remote state preparation and quantum steering.
Clean quantum and classical communication protocols.By how much must

the communication complexity of a function increase if we demand that
the parties not only correctly compute the function but also return all
registers (other than the one containing the answer) to their initial states
at the end of the communication protocol? Protocols that achieve this are
referred to as clean and the associated cost as the clean communication
complexity. Here we present clean protocols for calculating the Inner
Product of two n-bit strings, showing that (in the absence of pre-shared
entanglement) at most n+3 qubits or n+O(pn) bits of communication are
required. The quantum protocol provides inspiration for obtaining the
optimal method to implement distributed CNOT gates or ABR gates in
parallel whilst minimizing the amount of quantum communication. For
more general functions, we show that nearly all Boolean functions require
close to 2n bits of classical communication to compute and close to n
qubits if the parties have access to pre-shared entanglement. Both of
these values are maximal for their respective paradigms.
Introduction.
In a communication two players are, Alice and Bob, receive inputs x and y
and wish to calculate the value of some function f. To achieve this,
messages will have to be exchanged between them and, depending on the
resources available to them, these may consist of classical or quantum
communication in the form of bits and qubits respectively. Typically in
such scenarios one is interested in minimizing the amount of
communication that has to take place to evaluate the function and the
number of bits/qubits that must be exchanged to do this is referred to as
the classical/quantum communication complexity [1, 2]. A protocol for
calculating a function will act on three distinct types of registers. Each
player will receive an in-put register, containing x or y, and an ancillary
173
working space, initialized in some standard state such as a string of bits all
set to 0, a number of qubits provided in the j0i state or possibly containing
entangled states shared between the parties. The signal type of register is
the answer register which will contain the value of f (x; y) at the end of the
protocol. On the completion of a generic protocol for computing f, the
input and ancillary registers will no longer be in their starting states and
will depend upon both x and y.However, leaving these registers in such
states can be problematic. Firstly, if Alice and Bob wish to keep private the
particular protocol that they ran, then discarding these unclean states may
leak information regarding this to a third party. Secondly, in the quantum
setting, if the players wish to run the protocol over a superposition of
input states (perhaps as a subroutine of a larger com-putation), then
allowing the ancillary registers to end up in some unclean, input
dependent state and then discarding them can lead to a loss of coherence
in the superposition over answers. Finally, the players' computational
space may be in short supply and without knowing the registers' signal
states they cannot easily use them for future calculations.To avoid such
issues we can demand that a protocol (in addition to computing f) returns
the input and ancillary registers to their starting state. Following [3], a
protocol clean and the minimum number of bits/qubits that a clean
protocol needs to exchange to compute a given function is the clean
communication complexity. Denoting these quantities by Cclean (f) and
Qclean (f). In the case where the players have access to preshared
entanglement (which they must restore at the end of the protocol), the
associated cost will be written Q_clean. We focus on the scenario where
the players must compute the function exactly.In all three scenarios, an
unclean communication protocol can be converted into a clean one at the
cost of doubling the communication. To do this, the players run the
unclean protocol, copy the output to another location and then run the
unclean protocol backwards. At first glance it may appear that clean,
classical protocols are even easier to construct: the players keep a copy of
their input and then simply erase all ancillary bits once the protocol is
complete. However, Landauer's principle [4{6] implies that such
irreversible manipulations will gen-
erate heat or else cost work. As such, if one is interested in avoiding such
costs, it makes sense to consider protocols where all operations must be
reversible. In light of these constructions, it is natural to ask: do more
efficient clean protocols, without this doubling in communication,exist?
Focusing on the clean communication complexity of computing the Inner
174
TELEPHONY
Product of two distributed bit strings of length n, showing that (without
pre-shared entanglement) this can be done by exchanging n+3 qubits.As a
clean protocol for this function must exchange at least n + 1 qubits, this is
very close to tight. We also provide a clean, classical protocol that
computes Inner Product while exchanging only n + O(pn) bits. This
provides a saving over the most obvious protocol which are close to
optimal for the clean, classical computation of most functions.A variation
on our quantum protocol can be used to implement n copies of a CNOT
gate in parallel by exchanging n + 1 qubits. In a quantum computing
architecture consisting of distributed clusters of highly controllable qubits
linked by quantum communication (such as that envisaged in [7]), it is
prudent to minimize the number of qubits exchanged. Our
implementation is optimal.Next we turn to the clean communication
complexity of random functions on inputs of length n.In contrast to Inner
Product, nearly all functions are such that Cclean (f) is close to the
maximal 2n: the simple method of generating clean protocols discussed
above is near optimal. On the quantum side, Q_clean (f) is close to n for
most functions. As superdense coding [8] allows all functions to be
uncleanly computed while exchanging n^2 qubits when the players pre-
share entanglement, this is again close to maximal.Whether similarly
Qclean (f) is close to 2n remains an open question.
Clean Protocols.
Clean protocols have a long history in proving bounds in the model of
quantum communication complexity with free entanglement assistance
[9].For example, considering clean, quantum protocols for the Inner
Product function was used to imply that any entanglement assisted
quantum protocol for this function must use at least dn=2e qubits [3].
Clean protocols have also been used to lower bound the entanglement
assisted,quantum communication complexity [10] and that, in this model
of communication, most functions have complexity that scales linearly in n
[11]. Cleanliness has also been used to analyze privacy amongst honest
players [12],bound the amount of quantum communication required to
implement distributed quantum computation [13] and for constructing
resource inequalities that carefully account for the way protocols can be
combined [14, 15].More formally, a clean, quantum protocol for
computing a function
f : f0; 1gn _ f0; 1gn ! f0; 1g is defined as follows [3]. The initial state at the
beginning of the protocol is of the form:
175
jxiAj~0iA0 jyiBj~0iB0 j_iAEBEjziBans ; (1)

where jxiA =Nn
i=1 jxiiAi and jyiB =Nn
i=1 jyiiBi are
Alice and Bob's respective inputs stored in n qubits, j~0iA0 and j~0iB0
their qubit ancillas, j_iAEBE their pre-shared entanglement (if supplied)
and jziBans is the initial state of the answer register with z 2 f0; 1g. At the
beginning and end of a protocol the answer register is held by Bob. Players
then take turns to act on their share of the qubits. In each turn a player
will apply a unitary transformation to the qubits in their possession and
then send some subset of them to the other player. The protocol
computes f cleanly if the final state of the qubits is:
jxiAj~0iA0 jyiBj~0iB0 j_iAEBEjz _ f (x; y)iBans ; (2)
where the addition in the answer register is modulo 2. Clean classical

protocols are defined similarly but with registers and communication
given in terms of bits rather than qubits and no entanglement. All
transformations must be reversible. Inner Product. The specific function
that we shall focus on in this paper is the Inner Product function, IPn.
This is defined by:

IPn : f0; 1gn _ f0; 1gn ! f0; 1g ;
IPn (x; y) =Xn
i=1
xi , yi mod 2: (3)
It is well known that for both players to know the answer,at least n bits of
classical communication are needed to (uncleanly) compute IPn exactly
[16, Example 1.29]. For quantum strategies in which the players pre-share
entanglement,_n2_
qubits must be sent [3] to achieve the same goal. In [3], it is also shown
that clean, quantum protocols for computing IPn must exchange at least n
qubits.The quantum communication required to uncleanly compute IPn
without prior entanglement is unknown (though must lie between
_n2_and n). For quantum protocols that are allowed to err with _xed
probability less than 1=2, the complexity is still (n) [17]. Here we examine
the clean communication complexity of IPn without entanglement
assistance. To this end, we _rst consider the quantum communication
complexity of implementing the transformation:
176
TELEPHONY
jxiAjyiB 7! (􀀀1)x_y jxiAjyiB; (4)
i.e. the distributed computation of the inner product of x and y in the

phase. Such a transformation corresponds to performing controlled-Z
gates across n pairs of qubits and by a suitable local basis change this can
be converted into an implementation of n-fold CNOTs. In [18] it was
shown that 2 qubits of communication together with sharing 4 ebits is
exactly equivalent as a resource to the ability to implement 2 CNOT gates
and sharing 4 ebits. As such, this provides a protocol for implementing IPn
in the phase using n + 8 qubits of communication and 8 ancilla qubits (for
even n). This can be adapted to give a protocol requiring n+2 qubits of
communication for even n and n + 3 qubits when n is odd. In the following
lemma, we give an improved, optimal
protocol:
Lemma 1. The clean, quantum communication complexity of exactly

implementing IPn in the phase satis_es:
Qclean _IPphase n = n + 1: (5)

One ancilla qubit is required. (Without using ancilla qubits, n + 1 qubits for
odd n and n + 2 for even n succesce.)
Proof. The n + 1 qubit protocol for even n is as follows.Alice initially

prepares an ancilla qubit in the state jx1i and sends it to Bob who applies a
phase of (􀀀1)x1_y1 .
He
Send: 𝑥1
Apply: (-1)𝑥1.𝑦1
Send: 𝑥1 ⊕ 𝑦2
Clean up: 𝑥1
Send: 𝑦2 ⊕ 𝑥3
Clean up: 𝑦2
Send: 𝑥3 ⊕ 𝑦4
|𝑥1ۧ
-1 𝑥1.𝑦1
|𝑥1 ⊕𝑦2ۧ
177
-1 𝑥1.𝑦1+𝑥2.𝑦2
|𝑦2 ⊕𝑥3ۧ
-1 𝑥1.𝑦1+𝑥2.𝑦2+𝑥3.𝑦3
|𝑥3 ⊕𝑦4ۧ
Alice
Bob
FIG. 1. Clean, quantum protocol for calculating IPn in the phase. Here we
illustrate the first 4 rounds of communication. In each round, a player
cleans up the message they sent previously, applies the relevant global
phase and communicates the next bit of their input string.then adds y2 to
the communication qubit and sends it back to Alice in the state jx1+y2i.
Now, Alice cleans up her previous communication by subtracting x1 from
the communication and then uses the value of y2 to apply the phase
(􀀀1)x2_y2 . She then adds x3 to the communication qubit to leave it in the
state jy2_x3i and sends it back to Bob. A schematic of these first rounds is
given in Figure 1.
The players then proceed similarly, with each round of communication

being used to convey a new bit to the other party and send a received bit
back in order to clean the ancilla qubit. After n rounds, the global phase
will be (􀀀1)x_y and Alice will hold the communication qubit in the state
jyni. She sends this back to Bob who cleans it,completing the protocol
using n + 1 qubits of communication and the change in ownership of one
ancilla qubit.For odd n, Alice will perform the _nal cleaning step. The
protocol to implement the transformation without an ancilla qubit is given
in Appendix B1.
The lower bound is proved in Appendix C3. It uses the concept of

information complexity [19] to show that in a clean protocol for
implementing Eq. (4) n bits of information must row in each direction.
Without pre-shared entanglement, we show that n qubits of
communication cannot achieve this.The above lemma provides the
optimal method for implementing n CZ gates in parallel while exchanging
n+1 qubits. Such a protocol would prove useful for quantum computing
architectures where quantum communication is used to interface and
implement gates between clusters of highly controllable qubits. As an
example, in quantum error correction one could imagine using the Steane
code [20] to protect 2 logical qubits using 2 spatially separated clusters of
7 physical qubits. To implement a CZ gate between the logical qubits
requires 7 CZs to be performed in parallel between the physical qubits.Our
178
TELEPHONY
protocol achieves this while exchanging only 8 qubits whereas the naive
protocol would send 14. Protocols based solely on shared entanglement
and classical communication [21{23] use 7 pairs of ebits, 14 bits of
communication and the implementation of 14 measurements while their
coherent counterpart [18] requires 1 shared ebit and 8 qubits of
communication.
In Appendix B2 we give a clean quantum protocol for computing IPn:
Theorem 2. The clean, quantum communication complexity of exactly
computing IPn satis_es:n + 1 _ Qclean (IPn) _
(
n + 3 for n odd;
n + 2 for n even:(6)
No ancilla qubits are required.
By adapting the protocol from Lemma 1, IPn can be computed cleanly
using 2 qubits and n+1 bits. We give this protocol in Appendix B3.Our
novel quantum communication protocols inspire a classical protocol for
Inner Product (given in Appendix
B4) which is near optimal and for which only the naïve 2n protocol was
known before:
Theorem 3. The clean, classical communication complexity of exactly
computing IPn satisfies:
n + 1 _ Cclean (IPn) _ n + 4
pn +1 pn 􀀀 1+ 2: (7)
No ancilla bits are required.
Generic functions. In contrast to Theorem 3, we will show that nearly all
Boolean functions on n-bit inputs require 2n 􀀀 O (log n) bits of classical
communication to compute cleanly. The proof follows from the following
two lemmas. In what follows, X and Y are the random variables for Alice
and Bob's inputs and A and B are the random variables received by Alice
and Bob respectively over the course of the protocol. By jaj and jbj we
denote the number of bits received by Alice and Bob.
Lemma 4. Consider picking uniformly at random a Boolean function fn on

n-bit inputs. Then with probability 1 􀀀 o(1), all protocols that compute fn
exactly are
such that either:
1. Alice must receive:
jaj _ n 􀀀 log (n + 1) 􀀀 2; (8)
bits and there exists a uniform distribution over at least half the pairs of
inputs such that:
179
I (Y : AX) _ n 􀀀 log (n + 1) 􀀀 3: (9)

Or:
2. Bob must receive:
jbj _ n 􀀀 log (n + 1) 􀀀 2; (10)
bits and there exists a uniform distribution over at least half the pairs of
inputs such that:
I (X : BY ) _ n 􀀀 log (n + 1) 􀀀 3: (11)
4
0110000010
0110000010
0110000010
1001000010
1110111101
1110111101
1110111101
1101001101
1101001101
1101001101
Bob’s Inputs, y
Alice’s Inputs, x
≫ 4(𝑛 + 1)
≫ 4(𝑛 + 1)
𝑀𝑓 Bob’s Inputs, y
Alice’s Inputs, x
0111011001
0100011001
0100011001
1001011001
1010110101
0111110101
1110010101
0101101001
0101101001
1001001001
≤ 4(𝑛 + 1)
≤ 4(𝑛 + 1)
𝑀𝑓
a) b)
FIG. 2. Partitions of the communication matrix into rectangles. Note that
knowledge of y, together with knowledge of which rectangle the players'
180
TELEPHONY
input pair belongs to, allows Bob to correctly deduce the value of f (x; y).
a) As there exists a protocol for computing f that partitions Mf into large
rectangles, the Kolmogorov complexity of Mf is low. b) For Mf to have high
Kolmogorov complexity, all protocols for computing f must partition Mf
into either very narrow or very thin rectangles. To produce the bound in
Eq. (9), we take a
distribution over the shaded rectangles.
Proof. The full proof is given in Appendix C1a.
To prove
the first two bounds, begin by noting that the communication matrix Mf
(de_ned by Mf xy = f (x; y)) of a random Boolean function has large
Kolmogorov complexity with high probability. However, a classical
protocol for computing f partitions the matrix into rectangles (see
Appendix A2), each of which has low Kolmogorov complexity. If one of
these rectangles is large enough (which happens when the amount of
communication that takes place in one direction is small), then the
Kolmogorov complexity of Mf will also be low. Such an Mf is shown
in Figure 2a. Comparing these two statements leads to the bounds on jaj
and jbj.
These bounds imply that the rectangles induced by any protocol for
computing most fn must either be very short or very thin as shown in
Figure 2b. In fact, they cannot be larger than 4 (n + 1) _ 2n nor 2n _ 4 (n +
1).
Either at least half the inputs will belong to very short rectangles or at
least half the inputs will belong to very hin ones. By taking a distribution
over the larger set, we induce a direction into the communication that
occurs in the protocol to ensure that one of Eqs. (8) and (10) holds and
bound the related mutual information. For example,consider the case
where more than half the input pairs lie in rectangles of size less than 2n
_4 (n + 1) (as shown in the _gure) and the distribution over x and y is
formed by picking Alice and Bob's inputs uniformly at random from such
rectangles. Then, at the end of the protocol,Alice will know that Bob
received one of at most 4 (n + 1) inputs and Eq. (8) will hold. Hence:
I (Y : AX) = H (Y ) 􀀀 H (Y jAX) _ n 􀀀 log (n + 1) 􀀀 3;
as required.
The previous lemma indicates that to compute most functions, either Alice
or Bob must receive close to the
𝐵𝑖 𝐴𝑖
𝑌𝐵𝑖−1
′
181
𝑋𝐴𝑖−1
′ 𝐵𝑖
𝑌𝐵𝑖−1
′ 𝐵𝑖 𝑌𝐵𝑖
′𝐴𝑖
𝑇𝑖
𝑋𝐴𝑖−1
′ 𝑋𝐴𝑖−1
′ 𝐴𝑖
𝑆𝑖
𝑌𝐵𝑖
′
𝑋𝐴𝑖
′𝐵𝑖+1
Random variables held by Alice
Random variables held by Bob
𝐵𝑖+1
Communication
FIG. 3. Schematic of a classical communication protocol.
Here we show how the random variables held by each player change
during round i of a communication protocol. Primed variables denote local
memories while non-primed variables are communication. Each player
uses a deterministic, reversible function (Si and Ti) to determine their next
message
and update their local memory,entirety of the other player's input. We
now show that a similar amount of information (and hence
communication) must ow back in the other direction to make the protocol
clean.
Lemma 5. Let f be a Boolean function and its inputs be

chosen according to some distribution. Then, in a clean
protocol for exactly computing f:
jbj _ I (Y : XA) 􀀀 I (X : Y ) ; (12)
and:
jaj _ I (X : Y B) 􀀀 I (X : Y ) 􀀀 1: (13)
Proof. The full proof can be found in Appendix C1b. It revolves around
considering a protocol as r rounds in which each player speaks (see Figure
3). The bounds are then constructed by noting that in each round the
players' messages are produced by a deterministic, reversible function of
182
TELEPHONY
their inputs, local memory (denoted by A0 i and B0 i ) and the last
message received. To obtain (for example) Eq. (13), the chain rule for the
conditional mutual information can then be used to write:
I (X : Y B) =I (X : Y ) + I (X : B0 r jY )+Xri=1
I (X : AijY B0iBi+1 : : :Br)
_I (X : Y ) + 1 + jaj;
where in the last line we have used the fact that that the protocol is clean
and that the conditional mutual information can be upper bounded by the
number of bits contained in Ai.
Combining these two lemmas, together with the fact that I (X : Y ) _ 1 for
uniform distributions over at leasthalf the possible inputs, we obtain:
Theorem 6. Consider exactly computing a Boolean function fn on n-bit
inputs that has been picked uniformly at random. Then with probability 1
􀀀 o(1):
Cclean (fn) _ 2n 􀀀 2 log (n + 1) 􀀀 7: (14)5
In the case of quantum protocols, a similar result holds in the
entanglement assisted case. Proving this result (Appendix C2) makes use
of the fully quantum notion of information complexity introduced in [19].
The proof follows a similar structure to the classical result: arguing that for
most functions close to n bits of information has to ow from Alice to Bob
and for the protocol to be clean
an equivalent amount of information has to be returned.
Theorem 7. Consider exactly computing a Boolean function fn on n-bit

inputs that has been picked uniformlyat random. Then with probability 1 􀀀
o(1):Q_clean (fn) _ n 􀀀 log n: (15)
References
[1] A. C.-C. Yao, in Proceedings of the eleventh annual ACM

symposium on Theory of computing (ACM, 1979) pp.
209{213.
[2] A. C.-C. Yao, in Foundations of Computer Science, 1993.
Proceedings., 34th Annual Symposium on (IEEE, 1993)
pp. 352{361.
[3] R. Cleve, W. Van Dam, M. Nielsen, and A. Tapp,
in Quantum Computing and Quantum Communications
(Springer, 1999) pp. 61{74.
[4] R. Landauer, IBM journal of research and development
183
5, 183 (1961).
[5] C. Bennett, Maxwells Demon. Entropy, Information,
Computing , 197 (1973).
[6] C. H. Bennett, Studies In History and Philosophy of Sci-
ence Part B: Studies In History and Philosophy of Mod-
ern Physics 34, 501 (2003).
[7] D. Kielpinski, C. Monroe, and D. J. Wineland, Nature
417, 709 (2002).
[8] C. H. Bennett and S. J. Wiesner, Physical Review Letters
69, 2881 (1992).
[9] R. Cleve and H. Buhrman, Physical Review A 56, 1201
(1997).
[10] H. Buhrman and R. de Wolf, in Computational Com-
plexity, 16th Annual IEEE Conference on, 2001. (IEEE,
2001) pp. 120{130.
[11] A. Montanaro and A. Winter, in Automata, Languages
and Programming (Springer, 2007) pp. 122{133.
[12] H. Klauck, in STACS 2002 (Springer, 2002) pp. 335{346.
[13] M. A. Nielsen, C. M. Dawson, J. L. Dodd, A. Gilchrist,
D. Mortimer, T. J. Osborne, M. J. Bremner, A. W. Har-
row, and A. Hines, Physical Review A 67, 052301 (2003).
[14] A. W. Harrow and P. W. Shor, Information Theory, IEEE
Transactions on 56, 462 (2010).
[15] A. W. Harrow, \Entanglement spread and clean resource
inequalities," in XVIth International Congress on Math-
ematical Physics (World Scienti_c, 2012) Chap. 53, pp.
536{540.
[16] E. Kushilevitz and N. Nisan, Communication complexity
(Cambridge University Press, 1997).
[17] I. Kremer, Quantum Communication, Master's thesis,
The Hebrew University of Jerusalem (1995).
[18] A. Harrow, Physical Review Letters 92, 097902 (2004).
[19] D. Touchette, in Proceedings of the Forty-Seventh Annual
ACM on Symposium on Theory of Computing (ACM,
2015) pp. 317{326.
[20] A. Steane, in Proceedings of the Royal Society of Lon-
don A: Mathematical, Physical and Engineering Sciences,
Vol. 452 (The Royal Society, 1996) pp. 2551{2577.
[21] D. Gottesman, arXiv preprint quant-ph/9807006 (1998).
[22] J. Eisert, K. Jacobs, P. Papadopoulos, and M. Plenio,
184
TELEPHONY
Physical Review A 62, 052317 (2000).
[23] D. Collins, N. Linden, and S. Popescu, Physical Review
A 64, 032302 (2001).
185
13 QUANTUM SECURE DIRECT

COMMUNICATION SECURITY ANALYSIS
Implementation and security analysis of practical quantum secure direct
communication
Summary
Rapid development of supercomputers and the prospect of quantum

computers are posing increasingly serious threats to the security of
communication. Using the principles of quantum mechanics, quantum
communication offers provable security of communication and is a
promising solution to counter such threats. Quantum secure direct
communication (QSDC) is one important branch of quantum
communication. In contrast to other branches of quantum
communication, it transmits secret information directly. Recently,
remarkable progress has been made in proof-of-principle experimental
demonstrations of QSDC. However, it remains a technical feat to bring
QSDC into a practical application. Here, we report the implementation of a
practical quantum secure communication system. The security is analyzed
in the Wyner wiretap channel theory. The system uses a coding scheme of
concatenation of low-density parity-check (LDPC) codes and works in a
186
TELEPHONY
regime with a realistic environment of high noise and high loss. The
present system operates with a repetition rate of 1 MHz at a distance of
1.5 kilometers. The secure communication rate is 50 bps, sufficient to
effectively send text messages and reasonably sized files of images and
sounds.
Introduction
Economic, political, and social well-being in the world depend crucially on

secure communication infrastructures. Present communication is secured
through encryption techniques, relying on pre-shared key and
cryptographic protocols built on the computational difficulty of certain
mathematical problems, for example, the RSA public key scheme [1]. Sibu
protocol scheme.There are potential dangers with the present secure
communication system. On one hand, these cryptographic protocols are
based on mathematically difficult problems that are not rigorously proven
to have no efficient solution algorithms. These protocols may be broken
one day, or might have been broken privately already by some genius; we
do not yet know whether efficient algorithms for solving these problems
exist. On the other hand, some cryptography may become insecure with
the rapid development of supercomputers and the prospect of practical
quantum computers [2]. In contrast to cryptographic algorithms, physical-
layer security is based on the conditions that the eavesdropper has
unlimited computing power, but the legitimate receiver has a physical
advantage over the eavesdropper. In 1975, Wyner presented a degraded
wiretap channel model [3], which is a basic channel model when security
is concerned. Secrecy capacity is defined as the supremum of all the
achievable transmission rates with security and reliability. For classical
communication, estimation of the secrecy capacity in a practical
communication system is hard, because it is difficult for the legitimate
parties to detect eavesdropping. When quantum systems such as single
photons or entangled pairs of photons are used to transmit digital
information, quantum physics principles give rise to novel capability
unachievable with classical transmission media [4]. It is impossible in
principle for Eve to eavesdrop without disturbing the transmission so as to
avoid detection. The first quantum communication protocol, proposed by
Bennett and Brassard (BB84 ) [5], showed how to exploit quantum
resources for secure key agreement. Quantum-key distribution [5]-[9]
distributes a random key, rather than the information itself, and the
187
information is sent through another classical communication channel.
In 2000, quantum secure direct communication (QSDC) was proposed

[10]. QSDC can communicate information directly without key distribution
[10-[14], which eliminates further security loopholes associated with key
storage and cipher text attacks [15]-[16], offering a new tool for selection
in the zoo of secure communication protocols. Recently, experiments
were completed of proof-of-principle demonstrations of QSDC based on
single photons[17] and entangled pairs[18]-[19]. In particular, Zhang et al.
[19] demonstrated QSDC in a fiber over a meaningful distance of 500 m
using the two-step QSDC protocols[10],[11].
Here, we report an experimental implementation of a practical quantum

secure communication system using a protocol based on the DL04
protocol [12]. To move QSDC forward into practical application, a number
of key issues must be solved. Security analysis of information transmission
is crucial for practical application. According to Wyner’s wiretap model, it
is essential to let the system work at a capacity below the secrecy capacity
of the channel.Estimation of the secrecy capacity using the error rate from
the sampling-checking process of the system done. Once this secrecy
capacity estimation is completed, it is possible to design a coding scheme
with a communication rate smaller than this secrecy capacity.
Development of a coding scheme using concatenation of low-density
parity check (LDPC) codes done by [20],[21]. The scheme is specifically
designed for operating in the high loss and high error-rate regime, unique
for quantum communication. The experiment shows that our QSDC
platform can work effectively in a realistic environment. In our system, the
single-photon source was an attenuated faint laser pulse with a repetition
rate of 1 MHz. The distance was 1.5 km, and the secure information
transmission rate achieved was 50 bps, sufficient to transmit text
messages and image or sound files of reasonable size.
Practical DL04-QSDC (PDL04 QSDC) protocol
This practical quantum secure direct communication scheme is based on

the DL04 protocol using single photons[12]. The scheme is illustrated in
detail in Fig.1. The “main channel” and the “wiretap channel” are discrete
188
TELEPHONY
memory less channels; the main channel represents the channel between
the sender and receiver, while the wiretap channel represents the channel
between the legitimate users and the eavesdropper. The protocol
contains the following four steps.
1. Bob, a legitimate information receiver, prepares a sequence of

qubits. Each qubit is randomly in one of the four states ∣0⟩, ∣1⟩,
∣+⟩, and ∣−⟩, where ∣0⟩, ∣1⟩ are the eigenstates of Pauli operator Z,
and ∣+⟩, ∣−⟩ are the eigenstates of Pauli operator X. Then, he sends
the sequence of states to the information sender Alice.
2. After receiving the single photon sequence, Alice randomly
chooses some of them and measures them randomly in the Z-
basis or the X-basis. She publishes the positions, the measuring
basis and measurement results of those single photons. Bob
compares this information with his preparations of these states,
estimates the bit-error rate of the Bob-to-Alice channel, and
informs Alice through a broadcast channel. Thus, Alice can
estimate the maximum secrecy capacity Cs of the Bob-to-Alice
channel using the wiretap channel theory.
3. Alice chooses a coding scheme for the remaining qubits. This
coding scheme is based on the concatenation of LDPC codes that
will be described in the discussion section. The following two
unitary operations,
I=∣0⟩⟨0∣+∣1⟩⟨1∣,Y=∣1⟩⟨0∣−∣0⟩⟨1∣
map ‘0’ and ‘1’, respectively; they are further used for
constructing the code words. Then, she sends them back to Bob.
4. Bob decodes Alice’s message from his received signals after

measuring the qubits in the same basis he prepared them. If the
error rate is below the correcting capability of the LDPC code, the
transmission is successful. Then, they start again from step (1) to
send another part of the secret message until they complete the
transmission of the whole message. If the error rate is larger than
the correcting capability of the LDPC code, neither Bob nor Eve
can obtain information. In this case, they terminate the process.
189
Fig.1
Illustration of the PDL04-QSDC protocol.
The “main channel” and the “wiretap channel” are discrete memoryless
channels. The main channel represents a channel between the sender and
the legitimate receiver, while the wiretap channel represents a channel
between the sender and the eavesdropper
Security analysis
According to Wyner’s wiretap channel theory[3], the secrecy capacity is
Cs=max{p}{I(A:B)−I(A:E)} 1
where p represents the probability of unitary operation I. I(A:B) and I(A:E)

are the mutual information between Alice and Bob and between Alice and
Eve, respectively. Moreover, I(A:E) represents the maximum information
that an eavesdropper can obtain using the best strategy she can.
The state Bob prepared is a complete mixed state, ρ=(∣0⟩⟨0∣+∣1⟩⟨1∣)∕2,

because he prepares it with equal probabilities of the four states, ∣0⟩, ∣1⟩,
∣+⟩, ∣−⟩. We consider the case of collective attack, where the most general
quantum operation that Eve may perform in the forward Bob-to-Alice
channel consists of a joint operation on the qubit and some ancilla that
belong to Eve,
190
TELEPHONY
ρBE=U(ρ⊗∣ε⟩⟨ε∣)U+ 2
where ∣ε⟩ represents Eve’s ancillary state and U is a unitary operation

acting on the joint space of the ancilla and the qubit. Then, Eve resends
the qubit to Alice and stores her ancilla until the qubit is sent back. Alice
performs an operationIwith probability p or Y with probability 1−p. After
operating by Alice, the state becomes
ρABE=p⋅ρBE0+(1−p)⋅ρBE1 3
where ρBE0=IρBEI and ρBE1=YρBEY+. To gain Alice’s information, Eve

must distinguish Alice’s encoded qubit ρBE0 from ρBE1 by performing
coherent measurements on any number of qubits and ancilla. The
maximum mutual information between Alice and Eve is upper-bounded
by:
I(A:E)≤χ=max{U}{S(ρABE)−p⋅S(ρBE0)−(1−p)⋅S(ρBE1)} 4
where S(ρ) is the von Neumann entropy, and χ is the Holevo bound [22].
We obtain the maximum mutual information between Alice and Eve (the
detailed derivation is given in supplementary information),
I(A:E)≤h(ξ) 5
where ξ=(1−(1−2p)2+(1−2ex−2ez)2[1−(1−2p)2]−−−−−−−−−−−−−−−−−−−−−−−
−−−−−−−−−−−√)/2, ex and ez are the bit-error rates in the X-basis and the Z-
basis in the error-check, respectively, and h(x) = −x log2 x−(1–x) log2 (1–x) is
the binary Shannon entropy.
Because of imperfect efficiency of the detectors and channel loss, Bob

cannot receive all the qubits. Gottesman has proven the security of the
Bennet-Brassard quantum-key-distribution protocol in the case in which
the source and detector are under the limited control of an adversary [23].
Similarly, considering the detectors and channel loss, the maximum
mutual information between Alice and Eve becomes
I(A:E)≤QEve⋅h(ξ) 6
where QEve is the maximum rate at which Eve can access the qubits. Highly
191
attenuated lasers are used as an approximate single-photon source in our

implementation; for a better treatment of such an approximate single
photon source, one can use the decoy state methods [24]-[26].
The main channel can be modeled as a cascaded channel, which consists

of a binary symmetric channel and a binary erasure channel in series [27].
The mutual information between Alice and Bob is,
I(A:B)=QBob⋅[h(p+e−2pe)−h(e)] 7
where QBob is the receipt rate at Bob’s side and e is the bit-error rate
between Alice and Bob. We can estimate the lower bound of the secrecy
capacity,
Cs=max{p}{I(A:B)−I(A:E)}=max{p}{QBob⋅[h(p+e−2pe)−h(e)]
−QEve⋅h(ξ)}=QBob⋅[1−h(e)]−QEve⋅h(ex+ez)=QBob⋅[1−h(e)−g⋅h(ex+ez)]
8
where g represents the gap between QEve and QBob, depending on the
back-channel loss and the efficiency of the detector.
For any wiretap channel, if the secrecy capacity is non-zero, i.e., if the
legitimate receiver has a better channel than the eavesdropper, there
exists some coding scheme that achieves perfect secrecy [3]. Not all
coding schemes can guarantee the security; the security depends on the
details of the coding.
Experimental results
Implemented the above scheme in a fiber system with phase coding [28].
The details of the experimental setup and methods are shown in the
material and methods section, and the coding scheme is described in the
discussion section. In our experiment, we initially set the distance at 1.5
km, which is a typical distance between buildings in a secure area. Figure 2
shows the error rates at Alice’s and Bob’s sites; the horizontal axis is
labeled with the number of blocks processed. ex and ez are the error rates
of measurements using the X-basis and Z-basis at Alice’s site, respectively.
Estimate the error rate block by block. Each block contains 1312 × 830 =
1,088,960 pulses, including a frame head for synchronization. Under
192
TELEPHONY
normal working conditions, their values are ~0.8%. At Bob’s site, of the
pulses he sent to Alice previously, he receives 0.3% of them; namely for
every 1000 pulses, 3 photons are counted when Bob measures the
returned pulses. The error rate at Bob’s site is lower than that at Alice’s
site due to the intrinsic robustness of the retrace-structure of light, usually
~0.6%. Here, the mean photon number is 0.1. The inherent loss of the
quantum channel is 14.5 dB, including the efficiency of the
superconducting nanowire single-photon detectors, ~70%, and the optical
elements, ~13 dB. Because the mean photon number is 0.1 and the
channel loss of 1.5 km fiber is 0.6 dB, the total loss of the system is 25.1
dB. Shown in Fig.3, the mutual information I(A:B) and I(A:E) versus the loss
of the system are two straight lines. The area between these two lines is
the information-theoretic secure area; i.e., for a coding scheme with an
information rate within these areas, it is possible to guarantee the security
reliably. In our experiment, the error rates are initially set at values as
above, namely e is 0.6% and ex and ez are 0.8%. Then, the secrecy capacity
is estimated as 0.00184 for loss at 25.1 dB. For the number N in the
pseudo-random sequence, we set N = 830, after optimization. Together
with the chosen error correcting code, our coding scheme gives a
transmission rate 0.00096 when the bit error rate is chosen as 10 −6.
Additionally, I(A:E)=g⋅QBob⋅h(ex+ez)=9.1×10−4, where the loss of the back
channel, including the efficiency of the detector and channel loss, is ~4.1
dB, so that g = 2.57. This yields a secure information rate of 50 bps, which
is well within the secure area in Fig.3.
193
Fig.2
System stability with different message blocks.
ex and ez are the error rates of measurements using the X-basis and Z-
basis, respectively, at Alice’s site. e is the error rate at Bob’s site. We
estimate the error rate block by block; each block contains 1312 × 830
pulses. The mean number of photons is 0.1. The inherent loss of a
quantum channel is 14.5 dB, which includes the efficiency of the detector,
~70%, and the optical elements, ~13 dB. The total loss of the system is
25.1 dB at a distance of 1.5 km
194
TELEPHONY
Fig.3
The solid line represents the mutual information between Alice and Bob,
the capacity of the main channel that transmission rate cannot exceed, by
the noisy-channel coding theorem.
The dotted line is the mutual information between Alice and Eve, the
maximum information that an eavesdropper can obtain. The error rates
are set at values as above, namely e is 0.6% and ex and ez are 0.8%.
Symbols represent experimental results. We set the length of the pseudo-
random sequence as 830. Together with the chosen LDPC code, our coding
scheme yields a transmission rate of 0.00096 when the bit-error rate is
under 10−6. Because the rate is greater than the mutual information
between Alice and Eve, both the security and reliability of the information
transmission are assured
Discussion
It is well-known that in quantum communication, photon loss is very high

due to inefficient photon sources, high channel loss and low detector
efficiency. To guarantee the reliability and security of transmission for
QSDC, we designed a coding scheme based on the concatenation of LDPC
codes, with preprocessing based on the universal hashing families (UHF)
[29].
Details of our coding scheme are illustrated in Fig.4. For each message
block m of length Nm, the sender, namely Alice, generates a local sequence
of random bits, denoted r, of length Nr. Then, she maps (m, r) to a vector u
of length Nu = Nr + Nm, by the inverse of an appropriately chosen UHF,
determined by a public random seed s. Information theoretic security can
be guaranteed if the ratio of the length of the random bits to the length of
the code word is higher than the mutual information between Alice and
Eve [30]. In information theory, the noisy-channel coding theorem
establishes reliable communication for any given degree of noise
contamination of a communication channel [31]. To ensure the reliability
of the information, Alice encodes the vector u to v of length Nv using the
generator matrix of a specified LDPC code. Then, she maps each coded bit
to a sequence of length N to obtain a transmitted sequence, namely a
code word of length Nc that is transmitted over the quantum channel.
According to the noisy-channel coding theorem[31], the ratio of the length
195
of the vector u to the length of the code word cannot be higher than the
channel capacity. We deduce that the information rate,
R=NmNc=NuNc−NrNc≤I(A:B)−I(A:E)≤Cs 9
courtesy:Nature
journal
Fig.4
Illustration of the coding scheme. A message m together with a local

random bits r and public random seed s are processed by the reverse
universal hashing families UHF−1 to vector u, and then u is changed by
LDPC code into v, which is mapped to codeword c and is then sent to the
receiver's site. Because loss and error, receiver Bob receives a degraded
codeword, and then he demaps, decodes and obtains the message after
performing universal hashing families UHF
After receiving the modulated pulses from Alice, the legitimate receiver
Bob makes measurements in the same basis as he prepared them. Though
only a fraction of photons in a pseudo-random sequence can reach Bob’s
site, he can still readout the coded bit by looking at the log-likelihood
ratios of each coded bit calculated from the received sequence, and he
decodes the LDPC code with an iterative propagation-decoding algorithm
with the log-likelihood ratios. Then, Alice announces the public random
seed s, so that Bob can obtain the secure message by the certain UHF with
the seed.
For our system, we consider a (1408, 1024) quasi-cyclic (QC)-LDPC code of

block length Nv = 1408, which is a standardized LDPC code of the
Consultative Committee for Space Data Systems (CCSDS) for use in near-
earth and deep-space applications[32]. The last 128 coded bits in the
196
TELEPHONY
obtained code word of this LDPC code are punctured to achieve better
error-correction performance. Thus, the actual block length of punctured
LDPC code word is reduced to 1280 and the actual code rate is 0.8. Then,
each coded bit in the punctured LDPC code word is mapped into a pseudo-
random sequence of length 830 to obtain a transmitted sequence of
length Nc = 1280 × 830 = 1,062,400 such that our coding scheme has a
transmission rate of 0.00096. During decoding, the log-likelihood ratio of
each coded bit of LDPC code is first calculated based on its corresponding
pseudo-random sequence. Then, an effective iterative propagation-
decoding algorithm, the scaling Min-Sum decoding algorithm [33], is used
to decode this LDPC code. The maximum number of iterations and scaling
factor of the scaling Min-Sum decoding algorithm are set to 65 and 0.75,
respectively. This shows that the decoding bit-error rate is ~10 −6 in our
code scheme
Materials and methods
The experimental setup is shown in Fig. 5. Bob prepares a sequence of

single-photon pulses. After polarization control and attenuation, the
pulses go to the Mach-Zehnder ring in which a random phase of 0, π/2, π,
and 3π/2, is encoded, which is equivalent to preparing qubits randomly in
the ∣0⟩, (∣0⟩+∣1⟩)/2√, ∣1⟩ and (∣0⟩−∣1⟩)/2√ states, respectively. Then, it is
sent to Alice’s site through a 1.5 km-long fiber. After arriving at Alice’s site,
it is separated into two parts, one goes to the encoding module, and the
other goes to the control module. In the control module, the qubits are
measured, and the results are compared with Bob’s through the classical
communication line connecting the two FPGAs shown at the bottom of
Fig.5. Simultaneously, encoding is performed in the encoding module. If
the error rate is smaller than the threshold, the encoding part is allowed
to send the single photons back to Bob through the same fiber; they then
are guided to the single-photon detectors, where they are measured. The
three phase modulators, the single photon detectors, and the encoding of
messages are controlled at the two sites by the FPGAs, which are further
controlled by upper-position computers.
197
Fig.5
Experiment setup.
A strongly attenuated 1550 nm laser is used as an approximate single-

photon source with a systematic pulse-repetition frequency of 1 MHz. Bob
sends the single photons to Alice in a superposition of two time-bins with
a relative phase, and Alice randomly chooses one of two possible tasks,
error-check or coding. Both sides are controlled by field programmable
gate arrays (FPGAs), and the operation of the four single-photon states is
realized with a commercial lithium niobate modulator. PM phase
modulator. PC polarization controller. PBS polarization beam splitter. ATT
attenuator. CIR optical circulator. FC fiber coupler. SPD superconducting
nanowire single-photon detector with 70% detection efficiency, 100 Hz
dark count rate and 50 ns reset time. PMFC polarization maintaining filter
coupler. FR Faraday rotator
The advantage of such forward-backward routing of the photon pulses is

the automatic compensation of the drift of the polarizations of the time-
bin pulses, because they exchange their routes after reflection by the
Faraday rotator at Alice’s site. This automatic compensation design was
proposed by Martilelli[34] and has also been used in the plug-play QKD
system[35]. The difference between the plug-play QKD scheme and DL04-
based schemes, such as in refs.[7],[12],[17] and in this PDL04-QSDC
scheme, is in the strength of light pulses in the forward channel. In refs.
[7],[12],[17], single photons are used in both the forward and backward
channels, whereas in plug-play QKD [35], the forward channel uses strong
classical light pulses; only the Alice-to-Bob backward channel uses single-
photon pulses. This mechanism of automatic compensation of polarization
fluctuation works both at the single photon level and at the strong-
intensity level; hence, it greatly enhances the interference in our scheme
198
TELEPHONY
and leads to high visibility[36]. However, in the check-module of our
system, such a retrace-light circuit is not applicable, and active
polarization compensation must be used; namely, one monitors the drift
constantly and when it reaches some value, forcibly restores them. As a
result, the error rate in the check mode is usually higher than that in the
communication mode.
In summary, we have implemented a practical quantum secure direct-

communication system in a realistic environment of high noise and high
loss. To combat error and loss, LDPC code and pseudo-random sequence
techniques are applied. The security of the system is analyzed in detail
using the wiretap channel theory. Given the error rates, the secrecy
capacity of the channel can be estimated. When the secrecy capacity is
non-zero, a coding scheme with an information rate less than the secrecy
capacity will ensure both the security of the information transmission and
reliability of the information. At a practical meaningful distance of 1.5 km,
a secure information rate of 50 bps is achieved. These parameters are
premature, and there is much room for improvement. With current
technology, an information rate of a dozens of kbps is achievable.
References
1. Rivest RL, Shamir A, Adleman L. A method for obtaining digital

signatures and public-key cryptosystems. Commun. ACM. 1978;21:120–
126. doi: 10.1145/359340.359342.
2. Shor, P. W. Algorithms for quantum computation: discrete logarithms
and factoring. Proceedings of the 35th Annual Symposium on Foundations
of Computer Science. 124–134 (IEEE, Santa Fe, 1994).
3. Wyner AD. The wire-tap channel. Bell Syst. Tech. J. 1975;54:1355–1387.
doi: 10.1002/j.1538-7305.1975.tb02040.x.
4. Gisin N, Ribordy G, Tittel W, Zbinden H. Quantum cryptography. Rev.
Mod. Phys. 2002;74:145–195. doi: 10.1103/RevModPhys.74.145.
5. Bennet, C. H., Brassard, G. Quantum cryptography: public key
distribution and coin tossing. Proceedings of IEEE International Conference
on Computers, Systems and Signal Processing. (IEEE, Bangalore, 1984).
6. Ekert AK. Quantum cryptography based on bell’s theorem. Phys. Rev.
Lett. 1991;67:661–663. doi: 10.1103/PhysRevLett.67.661.
7. Deng FG, Long GL. Bidirectional quantum key distribution protocol with
practical faint laser pulses. Phys. Rev. A. 2004;70:012311. doi:
199
10.1103/PhysRevA.70.012311.
8. Lucamarini M, Mancini S. Secure deterministic communication without
entanglement. Phys. Rev. Lett. 2005;94:140501. doi:
10.1103/PhysRevLett.94.140501.
9. Beaudry NJ, Lucamarini M, Mancini S, Renner R. Security of two-way
quantum key distribution. Phys. Rev. A. 2013;88:062302. doi:
10.1103/PhysRevA.88.062302.
10. Long GL, Liu XS. Theoretically efficient high-capacity quantum-key-
distribution scheme. Phys. Rev. A. 2002;65:032302. doi:
10.1103/PhysRevA.65.032302.
11. Deng FG, Long GL, Liu XS. Two-step quantum direct communication
protocol using the einstein-podolsky-rosen pair block. Phys. Rev. A.
2003;68:042317. doi: 10.1103/PhysRevA.68.042317.
12. Deng FG, Long GL. Secure direct communication with a quantum one-
time pad. Phys. Rev. A. 2004;69:052319. doi:
10.1103/PhysRevA.69.052319.
13. Eusebi A, Mancini S. Deterministic quantum distribution of a d-ary key.
Quantum Inf. Comput. 2009;9:952–962.
14. Pirandola S, Braunstein SL, Lloyd S, Mancini S. Confidential direct
communications: a quantum approach using continuous variables. IEEE J.
Sel. Top. Quantum Electron. 2009;15:1570–1580. doi:
10.1109/JSTQE.2009.2021147.
15. Niu PH, et al. Measurement-device-independent quantum
communication without encryption. Sci. Bull. 2018;63:1345–1350. doi:
10.1016/j.scib.2018.09.009.
16. Zhou, Z. R., Sheng, Y. B., Niu, P. H., Yin, L. G., Long, G. L. Measurement-
device-independent quantum secure direct communication. arXiv preprint
arXiv:1805.07228, 2018.
17. Hu JY, et al. Experimental quantum secure direct communication with
single photons. Light Sci. Appl. 2016;5:e16144. doi: 10.1038/lsa.2016.144.
18. Zhang W, et al. Quantum secure direct communication with quantum
memory. Phys. Rev. Lett. 2017;118:220501. doi:
10.1103/PhysRevLett.118.220501.
19. Zhu F, Zhang W, Sheng YB, Huang YD. Experimental long-distance
quantum secure direct communication. Sci. Bull. 2017;62:1519–1524. doi:
10.1016/j.scib.2017.10.023.
20. Chen Z, Yin LG, Pei YK, Lu JH. CodeHop: physical layer error correction
and encryption with LDPC-based code hopping. Sci. China Inf. Sci.
2016;59:102309. doi: 10.1007/s11432-015-5452-1.
21. Wang P, Yin LG, Lu JH. Efficient helicopter- satellite communication
200
TELEPHONY
scheme based on check-hybrid LDPC coding. Tsinghua Sci. Technol.
2018;23:323–332. doi: 10.26599/TST.2018.9010038.
22. Holevo AS. Bounds for the quantity of information transmitted by a
quantum communication channel. Probl. Peredachi Inf. 1973;9:3–11.
23. Gottesman D, Lo HK, Lutkenhaus N, Preskill J. Security of quantum key
distribution with imperfect devices. Quantum Inf. Comput. 2004;4:325–
360.
24. Hwang WY. Quantum key distribution with high loss: toward global
secure communication. Phys. Rev. Lett. 2003;91:057901. doi:
10.1103/PhysRevLett.91.057901.
25. Wang XB. Beating the photon-number-splitting attack in practical
quantum cryptography. Phys. Rev. Lett. 2005;94:230503. doi:
10.1103/PhysRevLett.94.230503.
26. Lo HK, Ma X, Chen K. Decoy state quantum key distribution. Phys. Rev.
Lett. 2005;94:230504. doi: 10.1103/PhysRevLett.94.230504.]
27. MacKay, D. J. Information Theory, Inference, and Learning Algorithms.
(Cambridge University Press, Cambridge, 2003).
28. Brendel J, Gisin N, Tittel W, Zbinden H. Pulsed energy-time entangled
twin-photon source for quantum communication. Phys. Rev. Lett.
1999;82:2594–2597. doi: 10.1103/PhysRevLett.82.2594.
29. Carter JL, Wegman MN. Universal classes of hash functions. J. Comput.
Syst. Sci. 1979;18:143–154. doi: 10.1016/0022-0000(79)90044-8.
30. Tyagi H, Vardy A. Universal hashing for information-theoretic security.
Proc. IEEE. 2015;103:1781–1795. doi: 10.1109/JPROC.2015.2462774.
31. Shannon CE. A mathematical theory of communication. ACM
SIGMOBILE Mob. Comput. Commun. Rev. 2001;5:3–55. doi:
10.1145/584091.584093.
32. CCSDS. CCSDC 131.1-O-2 Low density parity check codes for use in
near-earth and deep space applications. (CCSDS, Washington, DC, USA,
2007).
33. Hu, X. Y., Eleftheriou, E., Arnold, D. M., Dholakia, A. Efficient
implementations of the sum-product algorithm for decoding LDPC codes.
Proceedings of IEEE Global Telecommunications Conference. (IEEE, San
Antonio, 2001).
34. Martinelli M. A universal compensator for polarization changes
induced by birefringence on a retracing beam. Opt. Commun.
1989;72:341–344. doi: 10.1016/0030-4018(89)90436-7.
35. Muller A, et al. “Plug and play” systems for quantum cryptography.
Appl. Phys. Lett. 1997;70:793–795. doi: 10.1063/1.118224.
36. Sun SH, Ma HQ, Han JJ, Liang LM, Li CZ. Quantum key distribution
201
based on phase encoding in long-distance communication fiber. Opt. Lett.

2010;35:1203–1205. doi: 10.1364/OL.35.001203.
New quantum encryption for secure transmission and sensitive

information
courtesy:ELE times
Scientists at the EU’s €1 billion Quantum Technology (QT) Flagship

initiative have developed novel prototypes that use quantum encryption
protocols to create the most secure transmission of sensitive information
through the internet.
The recent announcement of Quantum Supremacy by Google makes the

development of a first-generation quantum computer that can
instantaneously unravel confidential banking, medical and national
security data an increasing likelihood.
With fears growing that citizens’ digital information such as WhatsApp

messages, personal emails, health information, or banking transactions –
could become vulnerable to cyber-attacks, a secure line of defence is more
critical than ever.
202
TELEPHONY
The QT Flagship is supporting four consortia that are making our data
highly secure: the CiViQ consortium has developed efficient QKD protocols
to secure this critical digital information; researchers at QRANGE have
created quantum random number generators that can be implemented in
such protocols; and UNIQORN scientists are searching for ways to
miniaturise QKD down to the chip-scale to be easily integrated into any
consumer device. Finally, researchers from QIA are aiming to put this all
together, hardware and software, to build the future quantum internet.
Quantum Cyber-Security
Using the laws of quantum physics, scientists at the CiViQ (or Continuous
Variable Quantum Communications) project are using Quantum Key
Distribution (QKD), a light-based secure method of exchanging encryption
codes (or ‘keys’) between two entities.
This secure encryption cannot be intercepted or manipulated meaning

data is ‘unhackable’. QKD works by transmitting light particles, or photons,
over a fibre optic cable from one entity to another.Photons are made in
such a way that any attempt to read or copy them will change their
quantum properties, corrupting the information and letting the sender
and receiver know that a third party tried to intercept.
CiViQ Project Coordinator Valerio Pruneri said: “Today, individuals,

industries, and governments use networks to transmit sensitive data, such
as health, financial, or defence information”.
“CiViQ’s QKD technology will enable wide-scale deployment and

integration into modern telecom networks, providing long-term and
reliable data security, based on the physical principle of quantum
mechanics.”
CiViQ aims to make QKD a mainstream technology for communications

and data transmissions at a worldwide level.
The CiViQ approach is different from previous projects since QKD

technology specifications are defined by end-user needs. Understanding
its quantum end-users means CiViQ can for the first time integrate the
203
QKD technology into existing modern telecom networks without the need
to build ad-hoc, separate quantum communication infrastructure.
Truly Random
Random numbers are used to generate encryption codes that can protect
our data. However, computers are unable to generate pure random
numbers: they follow a pattern, are predictable, and therefore make our
information hackable.
Tackling the inherent weakness of computer generated pseudo random

numbers, the ´QRANGE´ project is developing next-generation solutions by
creating Quantum Random Number Generator (QRNG) devices that will be
cheaper, faster and more secure.
Making data highly secure, the QRANGE chips produce millions of bits per
second to generate unbreakable encryption codes.
They will be integrated into any device that uses a communication

network, like smartphones, computers, or even cars.
Project Coordinator at QRANGE, Professor Hugo Zbinden said: “There is a

risk of being hacked with our classical computers and pseudo-random
number generators given that they provide random bit sequences that
have certain patterns. Numbers generated by a QRNG, on the other hand,
cannot be predicted – and are thus provably unpredictable.”
While QRNGs is an available technology, their size and cost still make
them commercially prohibitive for many applications. Deployable into
everyday devices like phones, laptops, or cars, the low-cost QRNG
developed by QRANGE can be easily integrated on standard CMOS
technology.
“The project is working on three different approaches that will lead to

three different prototypes. It is fundamentally important to generate truly
random numbers: any deviation may adversely affect modelling or
jeopardise security.”
204
TELEPHONY
“First we’re looking at smaller sizes – to make random number generation
cheaper and integrated, and essentially to be able to fit the technology
into any device. The second approach we’re looking at is speed – to
develop a random number generator based on the interference of laser
pulses with random phase relationship featuring bit rates of up to 10 Gb/s.
And, finally, we’re developing a Self-Testing QRNG, which allows for
continuous estimation of the generated entropy, with few assumptions,”
Professor Zbinden said.
Miniaturised
Current quantum communication systems are often big, bulky and too
expensive for the mass market. Therefore, the UNIQORN project is
developing pluggable quantum devices that can be miniaturised into small
and reliable photonic integrated circuits.
Developing affordable system-on-chip (SoC) quantum technology

platforms, the UNIQORN technology will lead to miniaturised QKD
technology and other quantum communication applications, meaning
pluggable quantum devices for everyone.
Project Coordinator Dr. Hannes Hübel said: “At UNIQORN we’re shrinking
complex systems, presently found on metre-size breadboards, into
millimetre-sized chips, meaning highly miniaturised low-cost quantum
systems are being opened up for the mass population.”
“Not only are we providing the enabling photonic technology to

accommodate quantum communications, but also bringing improvements
in terms of robustness and reproducibility,”
The Ultimate Goal
One of the Quantum Flagship’s key objectives is to see the many

components being developed by the QF-funded projects to become
essential elements of the quantum internet. As part of this objective, the
Quantum Internet Alliance (QIA) project aims to build a network for
transmitting quantum information throughout the entire continent.
Europe’s Quantum Ambitions
205
Markus Wilkens, Coordinator of the Quantum Flagship Coordination

office, said: “Thanks to the QT Flagship’s €1 billion investment over the
next ten years, European scientists are developing Quantum Random
Number Generator (QRNG) and Quantum Key Distributor (QKD) products
to keep us safe from a first potential quantum cyber-attack.
“Supporting large-scale research and innovation projects, the QT Flagship

has already launched 20 projects with an allocated €132 million in its
‘ramp-up’ phase, the first three-year part of the Flagship, running from
October 2018 to September 2021.”
Could legacy fibre networks host the global quantum Internet?
Multidimensional
entanglement transport is possible even over single mode fibre. Courtesy:
Wits University
Researchers have transmitted multidimensional entangled photons across

a record-breaking 250 metres of conventional single-mode optical fibre.
This result from a team based in South Africa and China suggests that
conventional or “legacy” fibre networks could be used as conduits for
secure quantum optical communications, bringing the global quantum
Internet a step closer to reality.
Information in quantum computers is stored in the form of quantum bits,

or qubits, that exist in a so-called “superposition” of two states rather
than as classical 0s and 1s. The quantum particles used to make qubits can
206
TELEPHONY
also become “entangled”, meaning that they share a much closer
relationship than classical physics allows. With an entangled pair of
particles, knowing the state of one particle instantly reveals the state of
the other – a phenomenon that allows information to be transmitted
instantaneously between entangled particles, regardless of how far apart
they are.
Wits PhD student Isaac Nape aligns a quantum entanglement experiment.

Courtesy: Wits University
Transporting entangled photons
Because quantum systems are disrupted by the act of measuring them,

third parties who try to eavesdrop on such quantum transmissions are
foiled and cannot steal any information. This property makes quantum
communications far more secure than today’s Internet, but also more
sensitive to disturbances.
Over the past decade, researchers have succeeded in encoding quantum

information in the spin angular momentum (or polarization state) of
photons and transmitting this information via optical fibres. These states
carry one qubit per photon, and they can be transported over long
distances (more than 100 km) using conventional fibre technology.
However, all quantum particles – even simple ones like photons – have
more than one inherent property or state. Being able to transport multiple
states at the same time would be an important step forward for any
207
quantum protocol, since it would give each photon a higher information

capacity.
Researchers recently took an important step in this direction by

simultaneously teleporting a photon’s polarization and its spatial twist
pattern, or orbital angular momentum (OAM), to another photon some
distance away. The two particles were entangled in both their spin and
their OAM, forming a so-called hyper-entangled set.
Yet despite this crucial advance, quantum communication with a particle’s

spatial modes is still in its infancy. In previous studies, the maximum
reported transmission distance for multidimensional entangled photons
was limited to less than one metre. Even then, the researchers had to use
a specially-designed custom multimode fibre, rather than the ordinary
single-mode fibres that make up the modern global communications
network.
Single mode fibre transport
Researchers led by Jian Wang of Huazhong University of Science and

Technology and Andrew Forbes of the University of the Witwatersrand
say that they may have overcome this limitation. In their set-up, they
entangle the polarization and the OAM of a photon pair, then pass one of
the paired photons down an ordinary single-mode fibre while using the
other photon to measure OAM patterns. The researchers did this using a
holographic technique in which spatial light modulators (SLMs) display
patterns that collapse the photon into a given state so it can be measured.
The quantum internet comes true
208
TELEPHONY
Metrics and measures to characterize the ratio of accessible quantum

entanglement for complex network failures in the quantum Internet. A
complex network failure models a situation in the quantum Internet in
which a set of quantum nodes and a set of entangled connections become
unavailable. A complex failure can cover a quantum memory failure, a
physical link failure, an eavesdropping activity, or any other random
physical failure scenarios. Here, we define the terms such as
entanglement accessibility ratio, cumulative probability of entanglement
accessibility ratio, probabilistic reduction of entanglement accessibility
ratio, domain entanglement accessibility ratio, and occurrence coefficient.
The proposed methods can be applied to an arbitrary topology quantum
network to extract relevant statistics and to handle the quantum network
failure scenarios in the quantum Internet.
Introduction
As quantum computers evolve significantly [2-11], there arises a

fundamental need for a communication network that provides
unconditionally secure communication and all the network functions of
the traditional Internet. This network structure is the quantum
Internet [12-17]. The availability of quantum entanglement is a crucial
aspect in any global-scale quantum Internet. The quantum Internet refers
to a set of connected heterogeneous quantum communication networks
209
realized by quantum nodes and channels (such as optical fibers or wireless

optical quantum channels in the physical layer) [18-24]. The quantum
Internet also integrates a set of classical auxiliary communication channels
to transmit auxiliary classical-side information between the quantum
nodes. The quantum Internet is modeled as a global-scale quantum
communication network composed of quantum subnetworks and
networking components. The core network of the quantum Internet is
assumed to be an entangled network structure [12],[25-39], which is a
communication network in which the quantum nodes are connected by
entangled connections. An entangled connection refers to a shared
entangled system (i.e., a Bell state for qubit systems to connect two
quantum nodes) between the quantum nodes. In an unentangled network
structure, the quantum nodes are not necessarily connected by
entanglement [40-41], and the communication between the nodes is
realized in a point-to-point setting. This setting does not allow quantum
communication over arbitrary distances, and an unentangled network
structure can mostly be used for establishing a point-to-point quantum
key distribution (QKD) [1],[42] between the quantum nodes. These short
distances can be extended to longer distances by the utilization of free-
space quantum channels [12],[42]. However, this solution is auxiliary,
since it can be used only at some specific points of the unentangled
network structure. Therefore, it does not represent an adequate and
fundamental answer to the problem of long-distance quantum
communication. Consequently, in an unentangled network structure, the
multi-hop settings are weak for experimental, long-distance and global-
scale quantum communication. On the other hand, the entangled network
structure allows the parties to establish multi-hop entanglement, multi-
hop QKD, high-precision sensor networks, advanced distributed
computations and cryptographic functions, advanced quantum protocols,
and, more importantly, the distribution of quantum entanglement over
arbitrary (unlimited, in theory) distances [12]. As an important corollary,
an entangled network structure provides a strong experimental basis for
realizing a global-scale quantum communication network, the quantum
Internet.
In the entangled network structure of the quantum Internet, the

entangled connections form entangled paths. Entanglement between a
distant source and a target node is established through several
intermediate repeater nodes [12],[25],[26],[43],[44]. The level of
entanglement (i.e., the level of an entangled connection) is defined as the
210
TELEPHONY
number of nodes (i.e., the hop distance between entangled nodes)
spanned by the shared entanglement, whose range is extended by the
basic operation of entanglement swapping (entanglement extension). The
entangled connections have several relevant attributes, the most
important of which are the fidelity of entanglement and the entanglement
throughput. The throughput of an entangled connection is measured as
the number of entangled states per second at a given fidelity, which
provides a useful metric on the basis of which further relevant metrics can
be built.
Here we define measures to characterize the ratio of accessible quantum

entanglement in case of complex network failures [45-48] in the quantum
Internet. A complex network failure models a network situation in which a
set of quantum nodes and a set of entangled connections become
unavailable because of an (unknown) reason. A complex failure, therefore,
can cover a set of practical failure reasons: a quantum memory failure
situation in which a set of nodes and connections become unavailable,
quantum node and connection failure scenarios, physical-link failures, or
an eavesdropping activity. Specifically, a complex failure event is modeled
by a network domain that is referred to as a complex failure domain. In
our model, a failure domain has an abstracted center point and a given
length radius [47-48]. This domain approach allows us to describe the
probability that a given node or entangled connection (i.e., a given
network element) is affected by a failure in the function of the given
network element’s distance from the abstracted center point of the
complex failure domain.
The entanglement accessibility ratio of a given quantum network is based

on the metric of the given entangled connection’s entanglement
throughput. Each entangled connection is further verified by a given
condition that puts a lower bound on the entanglement throughput. The
entanglement accessibility ratio measures the successful accessible
entanglement at a given lower bound condition for parallel complex
failures in the quantum network.
We also define the cumulative probability of entanglement accessibility

ratio that quantifies the cumulative probability of all complex failure
events’ occurrence for which the entanglement accessibility ratio exceeds
a given lower bound.
211
We also quantify the probability that the total entanglement accessibility

ratio in the quantum network is reduced to at most a particular ratio after
a complex failure. Particularly, this parameter is referred as the
probabilistic reduction of entanglement accessibility ratio.
To describe the impacts of a given complex failure on the ratio of

accessible entanglement, we define the domain entanglement
accessibility ratio, which quantifies the accessible entanglement ratio after
a complex failure in a particular domain in a function of the radius of the
given failure domain.
We define the occurrence coefficient of an entanglement accessibility ratio

(occurrence ratio) at a complex failure domain, which is measured by the
ratio of the number of occurrence of a given entanglement accessibility
ratio in the network after a complex failure event and the total number of
occurrences of all entanglement accessibility ratios after a complex failure
event.
We show that the defined measures can be extracted from the occurrence
ratio, and therefore, it is enough to determine the occurrence coefficient
to derive the other metrics. We propose an algorithm to determine the
occurrence coefficient from the empirical quantities of the quantum
network that are directly observable in the analyzed network setting. In
particular, the defined entanglement accessibility measures can be
derived in a purely empirical way by extracting relevant statistics from the
analyzed quantum network.
The proposed protocol is not dependent from the actual physical

implementation; therefore, it can be applied in the heterogeneous
network structure and network components of the quantum Internet.
(The protocol can also be applied in the quantum Internet at the
utilization of magnetic field in the perturbation method [49-51] (kind of
Zeeman effect [52]) in the physical layer, or in electromagnetic field-
based [54-55] scenarios in the network components.)
The novel contributions of our manuscript are as follows:
1. 1.
212
TELEPHONY
We define measures to characterize the accessible quantum
entanglement in case of complex network failures in the quantum
Internet.
2. 2.
We define the terms such as entanglement accessibility ratio,

cumulative probability of entanglement accessibility ratio,
probabilistic reduction of entanglement accessibility ratio, and
occurrence coefficient.
3. 3.
We show that the defined measures can be extracted from the

occurrence ratio, and therefore, it is enough to determine the
occurrence coefficient to derive the other metrics.
4. 4.
We propose an algorithm to determine the occurrence coefficient

from the empirical quantities of the quantum network that are
directly observable in the analyzed network setting of the
quantum Internet.
5. 5.
The entanglement accessibility measures can be derived in a

purely empirical way by extracting relevant statistics from the
quantum Internet.
213
214
TELEPHONY
Summary
Quantum computing systems currently being developed will have

extraordinary capabilities to effectively solve complex problems in
computational sciences, communication networks, artificial intelligence,
and data processing, and will provide a powerful capability for researchers
in almost every scientific discipline. Harnessing the full potential of
quantum computing will require an ecosystem with a broad spectrum of
quantum technologies. Quantum networks are one of the critical and
highly anticipated components of this ecosystem. The combination of
quantum computing and quantum networks are crucial to the US
Department of Energy’s (DOE) mission to provide scientists with the state-
of-the-art computational capabilities. DOE leadership has led, not only to
some of the most powerful high-performance computing systems, but also
to state-of-the-art high-performance networks that have brought major
contributions to modern internet technologies. The fact that DOE
innovation in communicationsnetworks has paralleled the growth of high-
performance computing (HPC) is not a coincidence. Digital computing and
communications/networking have evolved in parallel and have leveraged
one another since the inception of the modern computing ecosystem.
Innovations in communications/networking technologies have led to the
design, deployment, and operation of advanced supercomputers. Given
that the DOE science environment consists of geographically distributed
computing resources, science facilities, and research teams, it is highly
likely that the deployment of quantum systems will be similarly
distributed. It follows that quantum networks will be critical to access and
share these distributed quantum systems and it is anticipated that a
similar coevolution strategy will be adopted in setting the strategic
funding and research priorities for quantum computing and quantum
communications/networking. DOE envisions a quantum networking
ecosystem that will embody the capabilities needed to support a highly
diversified QIS portfolio, namely scalable and adaptable quantum network
infrastructures designed to support the transmission of diverse types of
quantum information (discrete, continuous, or hybrid quantum states). It
is anticipated that new quantum networks will be designed tocoexist with
215
its existing Energy science network (ESnet), a high-performance optical

backbone network connecting DOE’s scientific resources. Although there
are many parallels between the quantum and classical versions of
networks and computing, the unique character of quantum information
presents some formidable challenges for the development of a quantum
network. Quantum information, which is encoded in quantum objects,
cannot be amplified or duplicated; and quantum states are altered if
measurements are performed on them. Thus, common tasks on the
classical internet such as routing and buffering will have to be performed
in a completely different way on the quantum internet. In addition,
quantum networks will be limited in scale until a viable quantum repeater
technology becomes available. Nevertheless, the decades of innovation
that have led to today’s internet should guide the development of the
quantum internet.
The Technology that Drives Government IT
Quantum internet: The next global network is already being laid
Google reported a remarkable breakthrough toward the end of 2019. The

Google company to have achieved something called quantum supremacy,
using a new type of “quantum” computer to perform a benchmark test in
200 seconds. This was in stark contrast to the 10,000 years that would
supposedly have been needed by a state-of-the-art conventional
supercomputer to complete the same test.
216
TELEPHONY
Despite IBM’s claim that its supercomputer, with a little optimization,

could solve the task in a matter of days, Google’s announcement made it
clear that we are entering a new era of incredible computational power.
Yet with much less fanfare, there has also been rapid progress in the
development of quantum communication networks, and a master
network to unite them all called the quantum internet. Just as the internet
as we know it followed the development of computers, we can expect the
quantum computer to be accompanied by the safer, better synchronized
quantum internet.
Like quantum computing, quantum communication records information in

what are known as qubits, similar to the way digital systems use bits and
bytes. Whereas a bit can only take the value of zero or one, a qubit can
also use the principles of quantum physics to take the value of zero and
one at the same time. This is what allows quantum computers to perform
certain computations very quickly. Instead of solving several variants of a
problem one by one, the quantum computer can handle them all at the
same time.
These qubits are central to the quantum internet because of a property

called entanglement. If two entangled qubits are geographically separated
(for instance, one qubit in Dublin and the other in New York),
measurements of both would yield the same result. This would enable the
ultimate in secret communications, a shared knowledge between two
parties that cannot be discovered by a third. The resulting ability to code
and decode messages would be one of the most powerful features of the
quantum internet.
Commercial applications
There will be no shortage of commercial applications for these advanced

cryptographic mechanisms. The world of finance, in particular, looks set to
benefit as the quantum internet will lead to enhanced privacy for online
transactions and stronger proof of the funds used in the transaction.
217
Recently, at the connect centre in Trinity College Dublin we successfully

implemented an algorithm that could achieve this level of security. That
this took place during a hackathon -- a sort of competition for computer
programmers -- shows that even enthusiasts without detailed knowledge
of quantum physics can create some of the building blocks that will be
needed for the quantum internet. This technology won’t be confined to
specialist university departments, just as the original internet soon
outgrew its origins as a way to connect academics around the world.
But how could this quantum internet be built anytime soon when we
currently can only build very limited quantum computers? Well, the
devices in the quantum internet don’t have to be completely quantum in
nature, and the network won’t require massive quantum machines to
handle the communication protocols.
One qubit here and there is all a quantum communication network needs
to function. Instead of replacing the current infrastructure of optical
fibers, data centers and base stations, the quantum internet will build on
top of and make maximum use of the existing, classical internet.
With such rapid progress being made, quantum internet technology is set
to shape the business plans of telecom companies in the near future.
Financial institutions are already using quantum communication networks
to make inter-bank transactions safer. And quantum communication
satellites are up and running as the first step to extending these networks
to a global scale.
The pipes of the quantum internet are effectively being laid as you read
this. When a big quantum computer is finally built, it can be plugged into
this network and accessed on the cloud, with all the privacy guarantees of
quantum cryptography.
What will the ordinary user notice when the enhanced cryptography of
the quantum internet becomes available? Very little, in all likelihood.
Cryptography is like waste management: if everything works well, the
customer doesn’t even notice.
In the constant race of the codemakers and codebreakers, the quantum

internet won’t just prevent the codebreakers taking the lead. It will move
218
TELEPHONY
the race track into another world altogether, with a significant head start
for the codemakers. With data becoming the currency of our times, the
quantum internet will provide stronger security for a new valuable
commodity.
219
220
TELEPHONY
14 QUANTUM PHONE
1.INTRODUCTION
Quantum Key Distribution (QKD) [1] technology is an important practical

application of quantum information. QKD system, based on laws of physics
rather than computational complexity of mathematical problems, can
create information-theoretical security (ITS) keys between communication
parties. With the ITS keys, we can protect the security of the sensitive
content with one-time pad, AES and other security protection schemes.
Since information transmission channel is public on the internet, attackers
may detect and modify our encrypted sensitive content. If we want to
share sensitive information on extremely unsafe network, the
transmission channel must be well protected. Streaming steganography is
able to protect the security of sensitive information transmission channels
with the capability of hide sensitive information within online streams. For
example, we can hide our sensitive information into VoIP streams.
Integrating QKD and VoIP steganography technology, we design and
develop Qphone, a novel quantum security VoIP phone. Qphone is a
hardware/software co-designed system with real-time processing
capabilities. It consists of three parts, RT-QKD, VS-Phone and AE-Key. RT-
QKD is a real-time QKD system. VS-Phone is the VoIP steganography
software. AE-Key is the audio encryption and authentication hardware.
Qphone can provide efficient security protection to meet different security
demands. Generally, Qphone provides high-speed security application by
encrypting VoIP streams with AES method before the streams are
transmitted on the Internet. When the network suffers serious security
threats, Qphone can provide low-speed security application, such as
Instant Messaging (IM), by encrypting information with OTP method and
hiding information into VoIP streams.
2.AN OVERVIEW OF QPHONE
The Architecture of Qphone system consists of three parts, RT-QKD, VS-
221
Phone and AE-Key. RT-QKD is a real-time QKD system, which generates ITS
keys for communication parties. The communication distance of RT-
Permission to make digital or hard copies of part or all of this work for
personal or classroom use is granted without fee provided that copies are
not made or distributed for profit or commercial advantage and that
copies bear this notice and the full citation on the first page.
QKD system reaches 25 km. RT-QKD system conducts BB84 protocol. The
quantum bit error rate of RT-QKD system is lower than 5%.The quantum
communication system proposed in our previous work [3]. RT-QKD
involves two phases, quantum communication phase and classical post-
processing phase. In quantum communication phase, Alice and Bob
exchange quantum information with each other through quantum
devices. Based on previous work in [2-5], a design of real-time post-
processing scheme. Post-processing modules connect with each other
through public channels and connect to quantum devices through local
private channels. They gain quantum information from quantum devices.
With the efficient error correction technology based on low-density parity-
check code and privacy amplification technology based on Toeplitz matrix,
post-processing modules can generate ITS keys. The final security key rate
of RT-QKD is about 2kb/s. The working modes of VS-Phone (a) (b) Figure
3: (a) structure of AE-Key, (b) hardware of AE-Key VS-Phone is the
supporting software for VoIP steganography. In VS-Phone, the
steganography chatting application is implimented. It works in two modes
OTP and AES. For low-speed network applications, such as IM, VS-Phone
gains secret keys from RT-QKD system, encrypts messages by OTP method
and then hides encrypted information into VoIP streams. It’s the highest
level security protection. For high-speed network applications, such as
online telephone, VS-Phone provides AES encrypted protection with the
key length of 1024 bits. The key refreshes per minute. In previous work
[5], proposed Adaptive VoIP Steganography (AVIS) scheme which
enhances the anti-detecting and anti-attacking ability of VoIP
steganography. AE-Key enhances the security of Qphone by hardware
authentication and audio encryption. It consists of sound processing
module, authentication module and data processing module. In the
222
TELEPHONY
authentication module, users need to insert their ID chips to get the
access to VS-Phone. In the sound processing module, all audio input and
output are converted, filtered and modulated in case that attackers use
Trojan or malwares to eavesdrop on internal sound system. As shown
before, the proposed Qphone can provide efficient security protection for
sensitive content and transmission channels. It provides different security
services for both low-speed and high-speed network applications (such as
IM and online telephone). The experiment environment of Qphone
3.DEMO DESCRIPTION
The experiment environment of demo is shown . There will be three

procedures in demo. Firstly, illustratating how RT-QKD generates ITS keys
without steganography procedures. Secondly, use the AVIS steganography
mechanism to illustrate how VoIP steganography works. Finally, start RT-
QKD, VS-Phone and AE-Key at the same time to validate system
performance over various interferences.
5.REFERENCES
[1]Bennett, Charles H., and Gilles Brassard. "Quantum cryptography:

Public key distribution and coin tossing." Proceedings of IEEE International
Conference on Computers, Systems and Signal Processing. Vol. 175. No. 0.
Bangalore, India, 1984.
[2]Liu, Bo, et al. "A Real-Time Privacy Amplification Scheme in Quantum

Key Distribution." Information and Communication Technology. Springer
Berlin Heidelberg, 2013. 453-458.
[3]Sun S H, Ma H Q, Han J J, et al. Quantum key distribution based on

phase encoding in long-distance communication fiber. Optics letters, 2010,
35(8): 1203-1205.
[4]Zou, Dingjie, et al. "CLIP: A Distributed Emulation Platform for Research

on Information Reconciliation." Network-Based Information Systems
(NBiS), 2012 15th International Conference on. IEEE, 2012.
223
[5]Wei, Ziling, et al. "VISOR: A Practical VoIP Steganography Platform."

Mobile Ad-hoc and Sensor Networks (MSN), 2011 Seventh International
Conference on. IEEE, 2011.478
Courtesy : Varsha Y S/Wikimedia
Scientists Just Made The First Quantum-Encrypted International Video Call
President Chunli Bai of the Chinese Academy of Sciences in Beijing had a

meeting with President Anton Zeilinger of the Austria Academy of
Sciences in Vienna in 2017.
Although 7,400 kilometres (4,600 miles) apart, they were certain no

uninvited guests were eavesdropping thanks to the fact their video call
was encrypted. Quantum style.
IN 2017, China was in the news for a landmark achievement in quantum

communication, using a satellite called Micius to transmit entangled
photons over a record distance.
Clearly researchers from the Academy of Sciences have been busy turning
this test into something more practical, allowing quantum encrypted data
to be transmitted and unlocked from across the globe in the form of a
historic video conference.
224
TELEPHONY
"The exchange of quantum encrypted information over inter-continental
distances confirms the potential of quantum communication technologies
as opened up by fundamental research", says Zeilinger.
"This is a very important step towards a world-wide and secure quantum

internet."
Austrian Academy of Sciences
We're not entirely sure what was said during the call. Sadly, we weren't
invited.
Even if we wanted to listen in – not that ScienceAlert condones such

behaviour – any efforts would have immediately found out thanks to
quantum weirdness.
One can guess they might have chatted in depth about how mind-blowing
quantum physics is, and how this lends itself to encrypting messages.
Perhaps President Bai explained to President Zeilinger that Micius (no

doubt dropping in the fact he was named after an ancient Chinese
philosopher) orbits 500 kilometres (310 miles) above Earth's surface.
We imagine President Zeilinger just nodded and said, "Sweet".
President Bai might have gone on to explain how Micius sent streams of
photons to ground stations in China and Europe.
The photons in these streams were polarised, making each one act like a
binary code of a 1 or a 0.
225
In other words, these photon codes acted like unique keys, which could be
used to secure any data each side transmitted.
This random sequence of 1s and 0s was entangled – or imprinted on –

other photons on Micius, leaving an impression of the key.
"But here's the kicker," we're sure President Bai explained.
According to the rules of quantum mechanics, particles exist in a fuzzy

state of probabilities.
A particle only becomes 'real' once it's part of the chain of tools we use to
measure them (and that includes our own brains).
The receiving stations in Europe and China could each look at their "key"
of photon 1s and 0s, in the process turning them from a possible key of
any combination into a real one.
At the same time, the sequence held by Micius would become a real key
as well.
If the keys matched, each side could tell that nobody tapped into that
stream and took a peek.
If an eavesdropper had grabbed any of those photons streaming down

from Micius (such as a certain writer from ScienceAlert), read the code,
and then replaced them, the new key wouldn't match the one held by
Micius, telling them their data was no longer secure.
We imagine President Zeilinger would have heartily congratulated

President Bai and thanked him for the wonderful explanation of quantum
communication, and cheered three times. Maybe.
Whatever happened in that conference call, no doubt there will be more

like it in the future.
So far, quantum communication is limited to making keys such as these,

and not conveying large amounts of data. New research is emerging
226
TELEPHONY
finding better ways to find more information into quantum
communication streams by using more than binary states.
In any case, quantum communication is now a reality.
Over a century of insight has gone into this amazing application. This
phone call was just the beginning.
227
228
TELEPHONY
15 QUANTUM DOTS INTERNET PROTOCOL
Cutting-edge Technologies Verification of Security Protocols for Electronic

Commerce NTT Communication Science Laboratories Two capabilities that
are critically important to ensure the safety and security of shopping over
the Internet are authentication to ensure that the parties to a transaction
are legitimate users and confidentiality to protect and conceal the details
of transactions is their motto.This means that the security protocols
defining what data (creditcard numbers,debit card numbers, product
names, etc.) are exchanged in what format(plain text, encrypted text, text
with digital signature, etc.) must bevery well designed. Indeed, the design
of security protocols must be virtually error-free considering that a single
design flaw could open the door to massive fraud perpetuated over
networks. In other words, the technology to logically and rigorously
verifies the ability of security protocols to ensure authentication and
confidentiality is absolutely essential.In the past, security protocols have
always been verified by manually converting the specifications of
protocols to a special format called a logical formula. The problem with
this approach is that the logical formula is not at all intuitive or easy to
understand by people, so there is a good chance for errors to be
introduced during the manual conversion process. NTT Laboratories have
now come up with a practical solution to this problem by developing a
description language for concisely representing security protocol
specifications,and once specifications are represented in the language,
they are automatically converted to the logical formula. Using this new
protocol speccification description and conversion method, we
successfully verified the confidentiality of SET*, a non proprietary security
protocol for Internet credit card transactions that is supported by
VISA,RuPay card and MasterCard. This confidentiality capability of SET is
obviously one of its most important security features, and logically and
rigorously demonstrated that, using the SET protocol, a store could not
steal a customer's credit card number even if the store was intent on
doing so to commit fraudulent acts.This new verification scheme will see
229
wide spread use in the coming years to verify the integrity and security
features of security protocols, which are indispensable for supporting
electronic commerceand the rapidly emerging mobile and ubiquitous
environment.* SET: Secure Electronic Transaction(SET) is a registered
trademark of SET Secure Electronic Transaction LLC of USA.Quantum
Cryptography Experiment Using a Single-Photon Source NTT Basic
Research Laboratories The concealment of information is becoming a
serious issue because of the increase in circulation of digital information
on the Internet. The security of major cryptography systems currently in
use relies on the time needed to break a cipher (i.e., on the current limits
of computer performance), whereas the security of quantum
cryptography is unconditionally guaranteed by the law of quantum
mechanics, and hence, has been extensively studied.Quantum
cryptography utilizes the quantum nature of light and requires that
particles of light (photons) be controlled and transmitted individually.
However, the lack of a light source that can control photons in this way
has led to the use of attenuated laser light instead, which prevents
realization of long-distance quantum cryptography systems, because the
quantum nature of photons cannot be fully utilized.NTT Laboratories, in
collaboration with Stanford University, has developed a single-photon
source that emits regulated photons and has used this photon source to
successfully demonstrate quantum cryptography. The photon source was
a semiconductor quantum dot embedded in a micro-cavity. It emitted
photons one by one when illuminated by optical pulses. Using these
photons, we carried out a quantum cryptography experiment based on
the uncertainty of the polarization state, and successfully created an
unconditionally secured secret key for ciphering messages. Demonstrated
that our single-photon source could have a longer transmission distance
than that of attenuated laser light.Planning to construct more practical
quantum cryptography systems.Secrecy in the SET payment protocol
Single-photon source Demonstration of ciphering a picture using the
secret key obtained in our quantum cryptography experiment 30 Hostile
merchant can NOT see customer's payment card number Customer
Acquirer Hostile merchant Secret key at transmitter Original image Secret
230
TELEPHONY
key at receiver Quantum dot Encrypted image Decrypted imageSecret key
at transmitter Original image Secret key at receiver Quantum dot
Encrypted image Decrypted image
The primary driver of the race to create quantum computers is their ability
to solve problems that today’s classical computers can’t. One such
problem is the factoring of large prime numbers – the basis of common
encryption protocols used on the internet today. Crack the problem and
you crack the internet’s security.
That’s one reason there’s now a push to create a ‘quantum internet’. It

will exploit quantum properties to deliver unbreakable security and,
ultimately, create a cloud of networked quantum computers capable of
addressing problems of immense complexity.
A threat to internet security
We have long been aware of the threat quantum computers would pose
to digital security. In the 1980s, mathematician Peter Shor demonstrated
that a quantum algorithm could factor large primes, but at that time
quantum computers were purely theoretical. Today, rapid advances in the
field mean quantum computers running Shor’s algorithm could, as IBM
warned in early 2018, break much of the security in routine use on the
internet in just a few years from now.
Security researchers are already working on various technologies that

quantum algorithms couldn’t crack, such as Lattice Cryptography and the
associated homomorphic encryption. There are strong drivers for this,
such as the current need to store highly sensitive military data on
commercial cloud infrastructure.
This arms race between quantum computers and unbreakable security will
create a new era of communication.
231
Quantum technology for business guide: What are the opportunities

quantum technologies bring to businesses? Includes FREE investment
planning tools.
Ultra-fast, ultra-secure
The quantum internet relies on the same fundamental properties as

quantum computing. It uses qubits to encode information as ones, zeroes
and a superposition state of both that encompasses a near infinite
spectrum of possibilities. It also uses the phenomenon of entanglement
that links the quantum state of qubits so that acting on one will affect
another.
It’s these characteristics that deliver the advantages to security and speed.
The superposition state of qubits means they can convey much more
information than traditional bits and run calculations in parallel. While
entanglement can send data between qubits instantly, with no chance to
steal the information as any attempt would change the properties of the
qubits and scramble the data.
An end to eavesdropping
Quantum network security exploits this fact – that ‘reading’ the quantum
state of an object changes it. A ground-breaking intercontinental video
conference over a satellite laser network demonstrated the un-hackable
nature of quantum networks. But at the same time, this property creates a
232
TELEPHONY
challenge because it’s hard to copy or amplify qubits – essential
characteristics in conventional networks.
To solve this, engineers will need to develop quantum ‘repeaters’ that

stop quantum signals degrading over distance. Initially, this will be trusted
repeater networks that can encode and decode qubits and send them on
across fibreoptic or satellite networks. Ultimately, there will be true
quantum repeaters that exploit quantum entanglement to ‘teleport’
information and remove the need for any trusted intermediaries.
Roadmap to the quantum internet
Over coming such technical challenges will be essential to achieving a

large-scale quantum internet that complements and enhances the existing
global network. A prominent research team based at Delft University of
Technology has set out a road map for the evolution of the quantum
internet. Beginning with enhancing security through quantum key
distribution, its proposed end state is a global network of quantum-
connected quantum computers resembling today’s digitally-connected
digital computers. The team proposes six phases of development:
1. A network of trusted nodes letting users receive quantum-generated

codes (but not send and receive actual quantum states) and share
encryption keys that service providers will also know.
2. A ‘prepare and measure’ phase where users can receive and measure
quantum states, letting them share private keys and making it possible to
verify passwords without directly reading or revealing them – potentially a
massive boon in the battle against fraud.
3. Entanglement distribution networks where any two users can receive,

but not store, states of quantum entanglement that enable the strongest
possible encryption. Prototype demonstrators of this technology already
exist, such as the satellite videoconferencing example above.
4. Quantum memory networks where users can receive and store

entangled qubits and can effectively teleport information to each other.
Quantum memory networks make quantum cloud computing possible.
233
5 & 6. Quantum computing networks that link multiple advanced quantum

computers (capable of error correction on data transfers) to create
distributed quantum computing and sophisticated quantum sensing
applications. These phases will also need quantum equivalents of today’s
internet communications protocols and standards that are entirely absent
today.
Improving security for all organisations today
The potential threat posed to traditional internet security by quantum

computers means quantum internet technology should be on the radar of
most organisations. In 2015,the American NSA highligted the scale of the
threat and the need for security-critical businesses to start thinking about
‘quantum safe’ technology.
The technology described in the first two phases of the Delft roadmap is
already available to businesses today and in use in nationally-critical
sectors such as financial services, defence, energy and oil and gas
exploration.
Other organisations can start experimenting too. Companies such as

IDQ,Toshiba and Qubitekk offer commercial and prototype quantum key
generation and distribution technology so business can test next-
generation security today.
A future quantum cloud unlocks new scientific, modelling and simulation

capabilities
The Delft roadmap goes beyond security. It aims to create an array of

quantum computers directly linked by quantum networks to form a
quantum cloud able to solve previously impossible calculations, sharing
the results instantly and securely anywhere in the world. This quantum
internet will usher in a wealth of potential applications.
It would turbo-charge scientific research in areas such as pharmaceuticals

and material sciences by running complex molecular simulations that go
far beyond the capabilities of classical or individual quantum computers.
234
TELEPHONY
It could also create networks of synchronised quantum clocks that would
significantly improve the precision of measurements. Researchers say this
could have applications in astronomy and astrophysics, such as measuring
gravitational waves or connecting arrays optical telescopes to see the
universe in unprecedented detail.
Or the quantum internet could give rise to voting systems that exploit the
properties of superposition to let voters give preferences across a range of
candidates or issues.
Researchers have already demonstrated the first two phases of the Delft
roadmap and progress continues at pace. So, organisations should start
exploring how quantum computing will affect them and how they can
capitalise on the quantum internet when it arrives.
Quanta Rei
A quantum network stack?
Difficulty
It is network stack, a collection of software used by computers to connect

to each other and run applications over a network, such as e-mail, social
media, file sharing, video streaming etc., used by today’s Internet is crucial
to its operation. You use it everyday, but do you know what it actually
235
does? When you send an email to your colleague, how is your email
actually transmitted across to a different computer?
Similarly, a network stack will be equally important for the development

of the Quantum Internet. “Wow, hold on! What did he say!? A Quantum
Internet..??”A network stack will be equally important for the
development of the Quantum Internet.
However, there is a problem… No such network stack exists — yet, at least

— because at QuTech we are aiming to develop a network stack for the
Quantum Internet. Developing a network stack is definitely a challenging
task. It took about 20 years for the network stack used in today’s Internet
(TCP/IP) to go from a research project to be adopted as the standard in
the early ARPANET in 1982.
Of course, you might wonder why we cannot simply use the current
network stack from the conventional (also called “classical”) Internet also
in the Quantum Internet. In this blog post I will try to give a brief high-
level description of the network stack in the “classical” Internet, discuss
some of the differences between the “classical” Internet and the Quantum
Internet and describe our current view of a network stack for the
Quantum Internet.
A classical network stack
A stack is not only used for networks or the Internet but to run any kind of
software on you computer. In general a software stack consists of multiple
layers which work together to realize some service to a user. The core idea
for using a stack is that higher layers can make use of the service that a
lower layer provides, without knowing the details of how this is
implemented. The implementation of the lower layer is usually called a
protocol. There can be many different protocols realizing a service of a
layer, for example as we will see below, the link layer in the Internet has
many implementations such as Ethernet, Wi-Fi, etc. All the higher layer
needs to know is how to communicate to the lower layer using a specified
interface and what actions it can expect, i.e. what the service is. The layers
of the stack allow for abstraction of technical details and allow someone
to develop a protocol for a higher layer, (almost) independently from
someone else implementing a lower layer.
236
TELEPHONY
As an analogy, think of when you send a letter in paper form. You don’t
need to know exactly how the mailman will deliver your letter or what
route he will take to the destination, you only need to know what service
he provides, i.e. the delivery of a letter, and what interface to use, i.e. how
you should specify the address on the letter.
TCP/IP
The (“classical”) Internet of today is built on the Internet protocol suite,

also called TCP/IP. TCP/IP is a stack consisting of five layers: physical layer,
link layer, internet layer, transport layer and application layer (see figure
below). Each of these layers plays a pivotal role in how the Internet works
today and you probably make use of them every day. If you send an email
it is likely that your email client uses for example SMTP (Simple Mail
Transfer Protocol) which is a protocol in the application layer.
You might wonder how your email actually gets sent over the internet? A
good analogy one can have in mind is that each layer puts the content of
the layer above in an envelope specific to that layer and tags this with
relevant information such an address. In formal terms the layer constructs
a packet with the relevant information in the header and the content from
the higher layer in the payload. Thus, your email is put in a transport layer
packet, which in turn is put in a internet layer packet etc. all the way down
to the physical layer where the final packet is encoded as for example
modulations of an electric field. At the receiving end, each layer unpacks
the envelope, inspects the relevant information and passes the payload up
a higher layer or transmits another envelope further in the network to the
final destination. Let’s dive a little deeper into what each layer does.
237
Physical layer
The physical layer consists of all the hardware, cables etc. and concerns
how a string of bits is actually transmitted through for example a cable or
the air.
Link layer
The link layer is responsible for sending messages (frames) between nodes
that are on the same network. This network might be your Wi-Fi network
at home or the Ethernet (i.e. a normal cabled network) in your office.
Messages are sent from one node to another through the use of a switch
which is aware of all the nodes in the network. In this sense there is no
routing at this level, since the switch has a lookup table for where to send
the message based on the MAC-address (Media Access Control address) of
the nodes on the network and can simply pass on a message from one
node to the other. This is compared to the next layer, where there can be
multiple hops through routers from the sender to the receiver and finding
the optimal path is a non-trivial task.
238
TELEPHONY
Internet Layer
The task of the internet layer is to send messages (packets) between

nodes which are not on the same network. The protocol used in today’s
Internet is the Internet Protocol (IP). Messages are transmitted across the
Internet using routers which have routing tables to know how to forward a
message based on its accompanied IP-address. However, the internet
layer has no guarantee that the message actually arrives on the other side
or whether different messages arrive in order. If a router is out of memory
or is being flooded with more messages than it can handle, it can simply
drop messages without breaking the service guarantees of the internet
layer.
Transport layer
There are two common protocols in the transport layer: TCP and UDP. TCP
turns the internet layer into a robust service for message-transmission and
sets up a connection between two end-nodes which wish to communicate
(also called a socket). The connection is setup using an agreement
between the nodes (formally called a three-way handshake) which goes
something like this:
 Node A: “Yo B, I’d like to tell you something.”

 Node B: “Hey A, sure, I’m listening.”
 Node A: “Okay, here it is:…”
The protocol makes sure all message arrive by possible re-sending them if
they get lost and also that they get unpacked at the receiver in order. This
way of dealing with losses is usually called the end-to-end principle, where
239
state about whether messages are transmitted or lost is kept at the end-
nodes. The alternative would be to have for example routers or
intermediate nodes keep track of this. However, if these intermediate
nodes break down this information is lost. Furthermore, for some
applications, forcing all message to arrive by all means is not desirable
since it causes delays. For example, for phone calls over Skype or
WhatsApp, fluctuating latencies is a bigger problem than lost messages.
Application layer
Finally, the higher layer contains applications such as mail-protocols

(SMTP, IMAP or POP), accessing server content (HTTP), remote login (SSH),
peer-to-peer file sharing (BitTorrent) and many more.
Quantum vs Classical
What is the most fundamental operation that the current Internet

provides for you? Maybe it’s showing you cat pictures on Instagram,
provide you with the latest post from xkcd or simply allow you to find a
recipe for how to make Boeuf Bourguignon. These are all of course
important tasks, however they all rely on one fundamental operation,
namely to send data from one node to another. This is what the
(“classical”) Internet does.
What about the Quantum Internet? You might think that the most
fundamental operation in the Quantum Internet is to send quantum data
(qubits) from one node to another. However, to send a qubit by direct
transmission, for example encoded as the polarization of a single photon,
over large distances is not feasible due to the large probability of losing
the photon in a fibre. Perhaps in the far future we will have revolutionized
the fibre-technology and photons can be sent with essentially no losses,
but for now this cannot be done. Instead, a qubit is transmitted from one
node to another using teleportation (see figure below). As described in the
by Jeremy, a qubit is teleported by consuming one entangled link and
sending two “classical” bits. So to send qubits, we need entangled links,
which is therefore a more fundamental operation.
In the “classical” Internet messages are sent between distant nodes

(internet layer) by iteratively sending this message between neighbouring
240
TELEPHONY
nodes (link layer) along a path. Similarly, in the Quantum Internet, long
distance entangled links can be constructed by combining entangled links
between adjacent nodes through an operation called entanglement
swap, which is the same as teleportation, only now teleported qubit is
entangled with another (see figure).
As we have seen in the previous section, in the “classical” Internet the

notion of a connection only occurs in the transport layer. However, in the
Quantum Internet a sense of connection already takes form in the lowest
layer in the form of an entangled link. Let me explain what I mean by this.
A connection requires the continuous participation of two nodes. In the
TCP protocol of the transport layer in the “classical” Internet a connection
(also called a socket) is set up by having both nodes agree, using a three-
way handshake, that data will be sent. This is different from the lower
layers where when a node sends a message it can forget about it and
continue with other tasks, before the message actually arrived on the
other end. Similarly, entangled links in the Quantum Internet require the
participation of both nodes during the whole lifetime of the link.
Apart from the fact that the notion of connections occur already in the
lowest level of a stack for the Quantum Internet, other differences
include:
 Entangled links (connections) can only be used once. Once an

entangled pair is used, for example, to teleport a qubit, it is gone.
 Entangled links can be live between the nodes that are not directly
connected and act as virtual connections. Arguably this is perhaps
not different from the “classical” Internet where the use of bits is
needed, for example,VPN (Virtual private network) tunnels also
act as virtual connections.
 Entangled links are short-lived. There has been an incredible
progress in extending the lifetime of entangled links and quantum
memories in QuTech,which can preserve qubits for around a
241
second, are now state of the art. However, compared to the

storage life of classical data, this is of course very short.
 Qubit and entangled links cannot be copied. This is due to the no-
cloning theorem and prohibits amplification as a means to prevent
losses.
A quantum network stack
So how will a network stack in the Quantum Internet look like? At QuTech
they are currently thinking about this . The tasks of the different layers are
on an abstract level. A lot of work still remains to fine-tune this and to
actually develop protocols for each layer that provide these tasks.
Functional allocation of the network stack and also present a protocol for
the link layer, together with a full implementation and extensive
simulations. Furthermore we currently have a draft in the research group
QIRG at IRTF, where this draft aims to define the service and interface of
the link layer in a quantum network.
Our current view of a quantum network stack is heavily inspired by TCP/IP

and is visualized in the figure below. In this view the physical layer will be
able to perform entanglement generation attempts between directly
connected nodes. However, even though some are successful in making
remote entanglement more robust, generating entanglement is a process
which has to be tried often before it succeeds. The task of the link layer is
therefore to keep state of current entanglement generation requests from
higher layers and issue re-tries to the physical layer. The link layer thus
provides a robust entanglement generation service between to directly
connected nodes. Extending entanglement to distant nodes which are not
physically connected in the network is the task of the network layer. Such
long distance entanglement can be used by an application or for long-
distance qubit transmission through teleportation. Whether qubit
transmission requires its own layer or is just part of an application, is at
this point not clear.
242
TELEPHONY
The Quantum Internet is no longer a distant dream but could soon

become reality. At QuTech we aim to build the first universally
programmable quantum network in the world, between the four Dutch
cities: Delft, The Hague, Leiden and Amsterdam. This network will be a
prototype and the first step in creating a larger scale quantum network
and later a Quantum Internet. In our prototype network we aim to be able
to showcase a full implementation of a network stack within the coming
years.
The Technical Basics of Quantum Computing
The goal of the quantum Internet is to enable transmission of quantum

bits (qubits) between any two points on earth in order to solve problems
that are intractable classically. Qubits are very different from classical bits
in that they can be “0” and “1” at the same time, and cannot be copied.
Currently, it is possible to make a transmission over 100 km, and run a

single application known as quantum key distribution. The next challenge
is to go long distance, and to connect small quantum processors to enable
a larger range of applications. Thankfully, these quantum processors do
not need to be large quantum computers: a handful of qubits are already
enough to outperform classical communication. The reason why quantum
Internet nodes do not need many qubits to be useful (unlike quantum
computers) is that a quantum Internet derives its advantages from
quantum entanglement for which even a single qubit can be enough. In
contrast, a quantum computer always needs more qubits than can be
simulated on a classical supercomputer to be useful.
Use-cases for quantum networking currently include:
243
 Secure communication with the help of quantum key distribution

 Clock synchronisation
 Combining distant telescopes to form one much more powerful
telescope
 Advantages for classic problems in distributed systems such as
achieving consensus and agreement about data distributed in the
cloud
 Sending exponentially fewer qubits than classical bits to solve
some distributed computing problems
 Secure access to a powerful quantum computer using only very
simple “desktop” quantum devices
 Combining small quantum computers to form a larger quantum
computing cluster
In general, quantum networking exploits two essential features of

quantum entanglement: first, quantum entanglement is inherently private
– if two network nodes are maximally entangled, then this entanglement
is completely shielded from anything else in the universe according to the
laws of quantum mechanics. Second, quantum entanglement allows
maximal coordination – measuring two qubits that are entangled always
results in the same outcome no matter how far they are apart. It is this
feature of perfect coordination that gives advantages in, for example,
clock synchronisation or even winning online bridge more often using
quantum entanglement.
Dutch Test-bed Network
QuTech at the Delft University of Technology and TNO, in collaboration

with the European Quantum internet alliance, is leading with the efforts to
establish a quantum Internet, and aims to have a demonstration network
in 2020 connecting four cities in the Netherlands. This network may be the
first of its kind in 2020, and will allow the end to end transmission of
qubits between any two network nodes consisting of few qubit processors.
244
TELEPHONY
The quantum network in The Netherlands
Transmitting Qubits Over Long Distances
One may wonder why it is difficult to send qubits over long distances.
Roughly speaking, one qubit corresponds to just one photon which is
easily lost over distance. The technology needed to transmit qubits over
long distances is called a quantum repeater. A quantum repeater works
very differently than a classical repeater, exploiting the fact that qubits
can be transmitted using quantum teleportation. Quantum teleportation
works by first creating two entangled qubits between two network nodes.
Once the entangled link is created, the qubit to be transmitted can be sent
over it.
Imagine two network nodes that are 200kms apart – too far for direct
transmission. A quantum repeater in the middle works as follows: first two
entangled qubits are created between the first endpoint and the repeater.
This is possible since this endpoint and the repeater are only 100kms
apart. Second, two entangled qubits are created between the repeater
and the second endpoint. The repeater then uses quantum teleportation
to transfer the qubit that is entangled with the first endpoint to the
second endpoint. The end result is end-to-end entanglement between the
two endpoints. Qubit data can now be transmitted using this entangled
link.
245
The concept of a quantum repeater
Involvement with the RIPE Community
After this research project is accomplished, industry partners from the

RIPE community are needed to take over in order to scale, increase the
speed and make this new technology added to the "traditional" Internet,
as a parallel service. A quantum Internet also needs significant protocol
development to define a networking stack adapted to the transmission of
qubits, and the management of entanglement. This requires the help of
the RIPE community at large to develop a classical protocol stack to
control a quantum Internet and implement protocols to route qubits.
246
TELEPHONY
247
16 ROAD MAP TO QUANTUM INTERNET

PROTOCOL
The Quantum Internet Is Emerging, One Experiment at a Time
Breakthrough demonstrations using defective diamonds, high-flying
drones, laser-bathed crystals and other exotica suggest practical,
unhackable quantum networks are within reach.
248
TELEPHONY
Credit: Getty Images
Today’s Internet is a playground for hackers. From insecure

communication links to inadequately guarded data in the cloud,
vulnerabilities are everywhere. But if quantum physicists have their way,
such weaknesses will soon go the way of the dodo. They want to build
quantum networks sporting full-blown quantumness, where information is
created, stored and moved around in ways that mirror the bizarre
behavior of the quantum world—think of the metaphorical cats that can
be both dead and alive or particles that can exert “spooky action at a
249
distance.” Freed from many limitations of “classical” networks, these

systems could provide a level of privacy, security and computational clout
that is impossible to achieve with today’s Internet.
Although a fully realized quantum network is still a far-off vision, recent

breakthroughs in transmitting, storing and manipulating quantum
information have convinced some physicists that a simple proof of
principle is imminent.
From defects in diamonds and crystals that help photons change color, to
drones that serve as spooky network nodes, researchers are using a
smorgasbord of exotic materials and techniques in this quantum quest.
The first stage, many say, would be a quantum network using standard
optical fiber to connect at least three small quantum devices about 50 to
100 kilometers apart.
Such a network may be built in the next five years, according to Ben
Lanyon of the Institute for Quantum Optics and Quantum Information in
Innsbruck, Austria. Lanyon’s team is part of Europe’s Quantum Internet
Alliance, coordinated by Stephanie Wehner of the Delft University of
Technology in the Netherlands, which is tasked with creating a quantum
network. Europe is competing with similar national efforts in China—
which in 2016 launched Micius, a quantum communications satellite—as
well as in the U.S. 2019 December the U.S. government enacted the
National Quantum Initiative Act, which will lavishly fund a number of
research hubs dedicated to quantum technologies, including quantum
computers and networks. “The main feature of a quantum network is that
you are sending quantum information instead of classical information,”
says Delft University’s Ronald Hanson. Classical information deals in bits
that have values of either 0 or 1. Quantum information, however, uses
quantum bits, or qubits, which can be in a superposition of both 0 and 1 at
the same time. Qubits can be encoded, for example, in the polarization
states of a photon or in the spin states of electrons and atomic nuclei.
Quantum networking
Qubits are already being used for creating secret keys—random strings of
0s and 1s—that can then be used to encode classical information, an
application called quantum key distribution (QKD).
250
TELEPHONY
QKD involves one party, say Alice, sending qubits to Bob, who measures
the qubits (Alice and Bob first appeared in a 1978 paper on public key
cryptography, and have now become placeholders for nodes in a quantum
network). Only for certain types of measurements will Bob get the same
value that Alice encoded in the qubits. Alice and Bob can compare notes
over a public channel to figure out what those measurements are, without
actually sharing the qubit values. They can then use those private values
to create a secret shared key to encrypt classical messages. Crucially, if an
intruder were to intercept the qubits, Alice and Bob could detect the
intrusion, discard the qubits and start over—theoretically continuing until
no one is eavesdropping on the quantum channel.
In July 2018 Alberto Boaron of the University of Geneva and his colleagues
reported distributing secret keys using QKD over a record distance of
more than 400 kilometers of optical fiber, at 6.5 kilobits per second. In
contrast, commercially available systems, such as the one sold by the
Geneva-based company ID Quantique, provide QKD over 50 kilometers of
fiber.
Alice and BOB get spooky
Ideally quantum networks will do more than QKD. The next step would be
to transfer quantum states directly between nodes. Whereas qubits
encoded using a photon’s polarization can be sent over optical fibers (as is
done with QKD), using such qubits to transfer large amounts of quantum
information is problematic. Photons can get scattered or absorbed along
the way or may simply fail to register in a detector, making for an
unreliable transmission channel. Fortunately, there is a more robust way
to exchange quantum information—via the use of another property of
quantum systems, called entanglement.
When two particles or quantum systems interact, they can get entangled.
Once entangled, both systems are described by a single quantum state, so
measuring the state of one system instantly influences the state of the
other, even if they are kilometers apart. Albert Einstein called
entanglement “spooky action at a distance,” and it is an invaluable
resource for quantum networks. Imagine two network nodes, Alice and
Bob, each made of some isolated bit of matter (the most obvious and
reliable substrate for encoding and storing quantum states). Such “matter
251
nodes” can become entangled with each other via a process that involves
the exchange of entangled photons.
Using entangled matter nodes, Alice can exploit her share of the
entanglement to send an entire qubit to Bob, without actually transmitting
a physical qubit, making the transfer foolproof and secure. The key here is
that once entanglement is established between the nodes, the protocol to
transfer qubits from Alice to Bob is robust and deterministic.
But to do this across long distances, one first needs to distribute the
entanglement—usually via standard fiber-optic networks. In January 2019,
Lanyon’s team in Innsbruck reported setting the record for creating
entanglement between matter and light over 50 kilometers of optical
fiber.
For matter, Lanyon’s team used a so-called trapped ion—a single calcium
ion confined to an optical cavity using electromagnetic fields. When
manipulated with lasers, the ion ends up encoding a qubit as a
superposition of two energy states, while also emitting a photon, with a
qubit encoded in its polarization states. The qubits in the ion and the
photon are entangled. The task: to send this photon through an optical
fiber while preserving the entanglement.
Unfortunately, the trapped ion emits a photon at a wavelength of 854

nanometers (nm), which does not last long inside an optical fiber. Thus,
Lanyon’s team sent the emitted photon into something called a nonlinear
crystal being pumped with a powerful laser. The entire interaction
converts the incoming photon into another of “telecom” wavelength, one
well suited for optical fibers.
The Innsbruck team then injected this photon into a 50-kilometer-long

section of optical fiber. Once it reached the other end, they tested the ion
and the photon to see if they were still entangled. They were.
Swapping entanglements
Lanyon’s team now wants to entangle two trapped ion nodes that are 100
kilometers apart. Each node would transmit an entangled photon through
50 kilometers of optical fiber to a station in the middle. There the photons
252
TELEPHONY
would be measured in such a way that they lose entanglement with their
respective ions, causing the ions themselves to get entangled with each
other. As a consequence, the two nodes, 100 kilometers apart, will each
form a quantum link via a pair of entangled qubits. The entire process is
called entanglement swapping. Though relatively inefficient for now,
Lanyon calls the setup “a good start” for developing better, faster
swapping systems.
Meanwhile Hanson’s team at Delft has demonstrated how to entangle a

different type of matter node with a telecom-wavelength photon. The
researchers used a defect in diamond called a nitrogen-vacancy (NV)
center. The defect arises when a nitrogen atom replaces a carbon atom in
the gem’s crystalline structure, leaving a vacancy in the crystal lattice
adjacent to the nitrogen atom. The team used lasers to manipulate the
spin of one “free” electron in the diamond NV center, placing the electron
in a superposition of spin states, thus encoding one qubit. The process
also results in the emission of a photon. The photon is in a superposition
of being emitted in one of two consecutive time slots. “The photon is
always there, but in a superposition of being emitted early or late,”
Hanson says. The qubit stored in the electron’s spin and the qubit stored
in the photon’s presence or absence in the time slots are now entangled.
In 2015 the Delft team placed two spatially separated matter nodes made
of diamond NV centers about 1.3 kilometers apart, linked by optical fiber.
The group then transmitted an entangled photon from each node to a
point roughly midway on the path between these two nodes. There the
team swapped the entanglement, causing the two NV centers to become
entangled. But just as with Lanyon’s experiment, the photons emitted by
the Delft team’s apparatus have a wavelength of 637 nm. Such photons
are terrible travelers when injected into optical fibers, diminishing in
intensity by an order of magnitude for every kilometer they travel. “It
makes it impossible to go beyond a few kilometers,” Hanson says.
So, in May 2019, the Delft team reported a remedy similar to that
developed by the Innsbruck team, also using nonlinear crystals and lasers
to convert the photon to telecom wavelengths. In this approach, the
qubits encoded by the NV center and telecom-wavelength photon
remained entangled, setting the stage for entanglement swapping
between two diamond NV center nodes.
253
Although they have not yet transmitted a diamond-entangled telecom-

wavelength photon via any significant length of optical fiber, Hanson is
confident that they can do so and then entangle diamond NV centers 30
kilometers apart using entanglement swapping. “We are now building two
of these nodes,” he says. “We’ll use glass fiber that’s already in the ground
to entangle these two NV centers.” The team’s next goal is to entangle
nodes using the preexisting fiber infrastructure between three cities in the
Netherlands, where distances are amenable to such state-of-the-art
experiments.
Mix and match: The challenge ahead
The Innsbruck and Delft teams each worked with only one type of matter
for storing and entangling qubits. But real-life quantum networks may use
different types of materials in each node, depending on the exact task at
hand—for example, quantum computation or quantum sensing. And
quantum nodes, besides manipulating qubits, may also have to store them
for brief periods, in so-called quantum memories.
“It’s still not clear what’s going to be the right platform and the right
protocol,” says Marcelli Grimau Puigibert of the University of Basel in
Switzerland. “It’s always good to be able to connect different hybrid
systems.”
To this end, Puigibert, working with Wolfgang Tittel’s team at the

University of Calgary, recently showed how to entangle qubits stored in
two different types of materials. They started with a source that emits a
pair of entangled photons, one at a wavelength of 794 nm and the other
at 1,535 nm. The 794-nm photon interacts with a lithium-niobate crystal
doped with thulium, so that the photon’s state becomes stored in the
crystal. The 1,535-nm photon goes into an erbium-doped fiber, which also
stores the quantum state.
Both memories were designed to reemit photons at a particular time. The

team analyzed those reemitted photons and showed that they remained
entangled. This, in turn, implies that the quantum memories were also
entangled just prior to emitting those photons, thus preserving
entanglement over time.
254
TELEPHONY
The photon wavelengths were also designed to cross-connect different
transmission systems: optical fibers on one end (1,535 nm) and satellite
communications on the other (794 nm). The latter is important because if
quantum networks are to go intercontinental, entanglement will need to
be distributed via satellites. In 2017 a team led by Jian-Wei Pan of the
University of Science and Technology of China in Hefei used Micius,
China’s quantum satellite, to distribute entanglement between ground
stations on the Tibetan Plateau and southwest China.
Satellites, however, seem destined to remain an expensive, niche option

of last resort for quantum networks. The next best choice may be
relatively inexpensive drones. In May 2019, Shi-Ning Zhu of Nanjing
University and his colleagues reported that they had used a 35-kilogram
drone to send entangled photons to two quantum nodes 200 meters apart
on the ground. The experiment used a classical communication link
between the nodes to confirm that the photons they received were
indeed entangled. The experiment succeeded in significantly varying
conditions, working in sunlight and in darkness and even on rainy nights. If
such drones can be scaled up and installed on high-altitude unmanned
aerial vehicles, the distance between the nodes on the ground can extend
to about 300 kilometers, the authors write.
Challenges remain in the march toward a fully functioning quantum

network. Reliable quantum memories are one. Another important missing
piece is the ability to extend the reach of a quantum link to arbitrarily long
distances, using so-called quantum repeaters. Quantum states cannot be
simply copied and regurgitated, as is done with classical information.
Quantum nodes will need sophisticated quantum logic gates to ensure
that entanglement is preserved in face of losses from interaction with the
environment.
Quantum mechanics is our current best description of the world as we

know it. Experiments show quantum predictions where accurate up to 10-
decimal places. In quantum cryptography much work has been devoted to
the study of Quantum Key Distribution (QKD). The purpose of QKD is to
securely distribute secrete keys between users in a network. The result of
this investigation was several quantum protocols that have been later
implemented and tested 5, 6. The first of such protocols was the BB84 due
to Bennett and Brassard 7, a later version of this protocol was proved to
255
be unconditionally secure. We will discuss this and other QKD protocols.

Other intriguing application of quantum mechanics is in the solution of
other network security and distributed computing problems such as the
Byzantine Agreementi and Fingerprintingii. We will attempt to give a brief
account for the proposed quantum solutions for those and other problems
in the third section. Nextwe relate some of the results from quantum
games to network security and cryptography; in particular we develop the
notion of Quantum Contracts (QCNTs), which where hinted upon by
Benjamin and Hayden iiiin their study of multiplayer quantum games. We
will attempt to give a definition for QCNTs and explore its use in the
context of a network.
6OVERVIEW OF QUANTUM INFORMATION THE BEAM SPLITTER

EXPERIMENTATION
Those concepts seem counter intuitive because everyday phenomenons

are governed by classical physics, not quantum mechanics -- which takes
over at the atomic level.In figure 1, a light source emits a photon along a
path towards a half-silvered mirror. This mirror splits the light, reflecting
half vertically towards detector A and transmitting half toward detector B.
Our intuition would say that the photon leaves the mirror either towards
A or B with equal probability since it cannot be split. The fact that a
photon cannot split have been verified through detecting a signal at only
one detector. This means that photons will be detected 50% of the time at
each of the two detectors. So far, the quantum physical prediction agrees
with the classical one.Figure 1: Experiment 1 using one beam splitterThis
peace of information is misleading since it might lead us to think that the
photon leaves either towards A or towards B. However, quantum
mechanics predicts, through the effect known as single-particle
interference, that the study in this field has opened the possibilities of
quantum physics being used as a basis for improvising the current network
and computing systems. The focus as of now is on finding a way to break
the classical barrier of limitations. We can, therefore, try to construct a
quantum internet using the concepts of quantum computing. Here, we
work towards implementing a couple of components of a quantum
network, such as a quantum channel and a single layer of quantum
256
TELEPHONY
intercommunication. Error correction in the network is also illustrated.
More specifically, the application layer of the quantum internet model and
two protocols of the transport layer are discussed.
Quantum User Datagram Protocol
Similar to its classical analog, the User Datagram Protocol, the quantum
UDP protocol uses a simple connectionless communication model with a
minimum of protocol mechanism.
Two communicating quantum processes say, Alice and Bob, make use of
classical UDP sockets to interconnect with each other. After the
establishment of sockets, Alice, the message source for this round, initially
applies the quantum checksum as the quantum analog of the checksum of
the classical UDP protocol using the idea mentioned at the beginning of
this subsection. This is for the purpose of quantum error detection, and
her n qubits are now termed as the quantum segments. In order to
perform teleportation, Alice has to jointly measure her segments and the
particles of the EPRs.The EPRs she uses would directly correspond to the
next router that the segments will be sent to. Therefore, she asked the
Network Layer for proper EPRs by sending the Network Layer the
destination, which can be done by the
adjusted IP protocol discussed in the next subsection. After that, she
applies the joint measurement on her quantum segments and the
particles of EPRs, obtains a 2n-bit string s. She uses the classical checksum
on 4s and sends the resulting classical bits by the classical UDP protocol.
Now, Alice can generate the qUDP packet for quantum repeater network,
using these data in the structure:
Classical UDP header Indicator Data where the Indicator is used to indicate
that this is qUDP packet of quantum repeater network. Because the action
of the routers and receiver is di_erent from the UDP packet of classical
internet42. Besides the correction of Pauli measurement outcomes, the
data part also contains the positions of the corresponding EPRs between
two nodes that just been consumed38.
I. Quantum Transmission Control Protocol

The quantum Transmission Control Protocol (qTCP) in question here
provides a connection-oriented, secure,ordered, and error-checking
257
delivery of a quantum data stream between hosts. In the transmission of

application layer messages, a long message is broken into smaller
segments by qTCP, just like TCP in the classical network. This service
includes guaranteed delivery of application-layer messages to the
destination and ow control (that is, sender/receiver speed matching).
Quantum information is fragile through the transmission over the
internet. To guarantee datagram delivery, a quantum version of
information re-transmission is required. The no-cloning theorem,
however, prevents quantum information from being replicated, or in
simpler terms, copied. Herein we show how information re-transmission
can be achieved using the techniques of quantum secret sharing37. This
guarantees that the quantum data stream transmitted through qTCP will
have exactly the same quantum information and correla-tion as the
original stream. The qTCP packet is designed as follows: Classical TCP
header Indicator
Pseudo acknowledgement number
Pseudo Window
Data
The indicator implies that this is a qTCP packet for a quantum repeater
network. Apart from the measurement outcomes of Pauli correction, the
data part also houses the positions of the corresponding EPRs between
two nodes that have just been consumed. The rest is similar to the
classical version of qTCP42. To achieve secure and reliable transmission, a
packet of quantum information is refrained from being transmitted in just
one step in the qTCP, but in at least two stages. It is only when the
transmission of both parties is successful, that quantum information is
successfully transmitted. The status of the ongoing transmission is
recorded using the Pseudo acknowledgment number and Pseudo
Window38.
An entanglement swapping based quantum channel circuit. The

entangled states are between q1 and q2, q3 and q4. Bell measurement is
performed on qubit q2 and q3. Deferredmeasurement is then applied for
teleportation of qubits q1 and q4.
II. CIRCUIT EXPLANATION
A. Entanglement Swapping Based Quantum Channel Circuit
In this model, teleport the message by entanglement swapping. Create an
258
TELEPHONY
entangled pair between qubits q1 and q2 using one Hadamard gate (H1)
and one CNOT12 gate respectively also can be done with ABR quantum
gate and NABR quantum gate. The same connections are made between
q3 and q4. Bell measurement is then performed between qubits q2 and
q3. The deferred measurement is then applied for teleportation of qubits
q1 and q2.
B. Step Teleportation Based Quantum Channel Circuit
A step teleport based quantum channel circuit. The entangled states are
between qubits q1 and q2. The bell measurement between qubits q0 and
q1 is taken. Qubit q0 is in A. After that, deferred measurement is done to
teleport the qubit from q0 to q2. In this model, we teleport the message in
steps. We create an entangled pair between the qubits q1 and q2 using
Hadamard gate H1 and one CNOT12 gate respectively. Bell measurement
is applied to teleport qubit q0 to q2. So, the teleportation is done in a step
by step basis.
Block diagram of entanglement swapping based quantum channel. The

dotted straight lines are entangled qubits.Bell measurement (BM) is
performed in each repeater.
III. SCHEMATIC DIAGRAM
A. Entanglement Swapping Based Quantum Channel
Consider end nodes A and B, connected by channel consisting of repeaters

R1, R2 till Rn Fig. 3. Each repeater has two qubits that are entangled with
the immediate neighboring repeater's qubit as in Fig. 2. Also the qubit
R0;1 is entangled with qubit A, moreover,the qubit Rn􀀀1;2 is entangled
with the qubit B. This schematic enables successive entanglement
between consecutive repeaters and subsequently entangles qubits A and
B. Lastly, qubit at A is teleported to B.B. Step Teleportation Based
Quantum Channel FIG 4. Block diagram of step teleportation based
quantum channel. The dotted straight lines are entangled qubits.Dotted
boxes are Bell measurement (BM). Teleportation is achieved on each step
of measurement.
Consider end nodes A and B, connected by channel consisting of repeaters

R0, R1, . . .Rn􀀀1 . Each repeater has two qubits which are entangled with
259
immediate neighbouring repeater's qubit as already stated in the previous

model. Also the first qubit of R0 is entangled with qubit A, moreover the
last qubit of Rn􀀀1 is entangled with qubit B. This schematic enables
successive entanglement between consecutive repeaters and teleports
the qubits step by step from A to R0;1, R0;2 to R1;1 till it reaches B. The
Bell measurement is performed between qubits on consecutive repeaters,
as in A and R0;1, R0;2 and R1;1 ... Rn􀀀1;2 and B. FIG 5. Simulation result
for entanglement swapping based quantum channel. The probability of
occurring of 00000000000 is 0:499 and 10000000000 is 0:501. The
histogram is plotted for 214 observations.
IV. EXPERIMENTAL RESULTS
Now we implement both the circuits given above for a 10 qubit channel
on the quantum simulator. We presented the histogram for the circuits
Fig. 1 and Fig. 2. (For a 10-qubit system, these two circuits are repeated in
the same pattern.)
A. Simulation Results
1. State Teleportation of Entanglement Swapping Based
Quantum Channel Here from the results , we can observe teleportation of
the most significant bit (after measurement).
So, the probability of occurrence of each combination is approx: 0:5. The
measurements are done for an 11 (qi) qubits system, with 1 (q0) qubit
dedicated for message transfer.Firstly, (q1) and (q2) are entangled, and
together with this pair, another pair is entangled q3 q4. We then apply
Bell measurement in the qubits q2 and q3. Deferred measurement is then
performed. This entangles the qubits q1 and q4. This pattern goes on and
in the end, the last qubits get entangled. The result here shows the
same,the most signi_cant bit position is changed. The message is then
sent over the _rst qubit and reaches to the last qubit by teleportation.
Simulation results for step teleportation based quantum channel. The
probability of occurring of 00000000000 and 10000000000 are both
0:500. The histogram is made with 214 observations.
2. State of Teleportation of Step Teleportation Based Quantum Channel

Here from the results, we can see that, teleportation of the most
significant bit (after measurement).So, the probability of the occurrence of
both combinations is 0:5. The measurements are done for 11 (qi) qubits
system, with 1 (q0) qubit dedicated for message transfer similar to the
260
TELEPHONY
previously stated model's result. Firstly,the qubits q1 and q2 are
entangled. This is followed by Bell measurement on qubits q0 and q1.
Qubit q0 is the message carrier qubit. After that, deferred measurement is
done using CNOT12 and CZ02. This procedure then teleports the message
in steps between q2 then q4 ... qi. The result obtained shows how the
measurement of the states is done at the last stage. The most signi_cant
bit is changed after measurement. The message is, therefore, sent over in
a step by step teleportation manner.
V. PROTOCOLS
Here, we demonstrate the implementation of protocols for repeater

based quantum internet. We describe qUDP (Quantum User Datagram
Protocol), and qTCP (Quantum Transmission Control Protocol) in this
section.
A. Description and Circuit
1. Quantum User Datagram Protocol
Using the circuit a Quantum User Data-gram Protocol (qUDP) is realized.
Ai represents the qubits in HostA. EPR pairs are initially generated using
Hadamard Hi and CNOT gates, on the contents of Ai and register qubits Xi
as shown in the above figure.This is followed by Bell measurement, which
is carried out by connecting CNOTij and Hi gates. Deferred measurement is
then performed onto mi, and transmission takes place. In the receiver
side, Pauli correction is performed and lastly, U􀀀1 f is performed and
measured.We are assuming that no packets are lost during the
transmission process38.
Protocol 1: Protocol for qUDP Transmission
Input: A with n qubits
1. Append j0ki to A to get A0
2. Apply Uf to A0 to get n + k qubits which is now A00
3. EPR pairs now formed with the repeater qubits Xi, which gives state,
jiAiXi , where i varies from 1 to n + k, where k; n _ N.
4. Dividing A00 into t groups which is number of repeaters, denoted by Xi,
where i _ (0; t).
5. Perform the Bell measurement on A00 i and Ai, denoted by mi, where i
_ (0; t).
Output: Transmit the measurement through the channel

Protocol 2: Protocol for qUDP receiving
Input: Measurements mi from transmission side
261
1. Implementing Pauli correction on the received measurements.

2. Apply Uf 􀀀1 which gives A0
3. The appended qubits are measured
4. If Outcome is non-zero then
5. Error in transmission
6. ElseTransmission is successful
Output: Tranmission takes place
The qUDP provides a one-way connection protocol,which does not require

any authentication. However, it provides no recovery procedure to get
back the lost packets. On the IP-side, it does increase the speed of
communication. However, some mechanisms can be made to handle
errors in transmission.
2. Quantum Transmission Control Protocol
A Quantum Transmission Control Protocol (qTCP) is realized. Ai represents
qubits in HOSTA. EPR pairs are initially generated using Hadamard Hi and
CNOTij gates. Phase-IP correction and bit-ip correction are added into the
circuit in the proceeding section. After that, from the transmitter side, the
qubits are sent to HOSTB. which again,gets back to A. We assume that no
destruction of entanglement in teleportation occurs throughout the
process. So, after that, HOSTB again receives the qubits, which are then
measured.
Quantum circuit for qUDP. The first block is the transmitter. Uf denotes
unitary check function which is made by CCNOT. The EPR pairs are created
after that. Bell measurement is performed. Qubits are then transmitted
through the channel. On the receiver side, Pauli correction is performed
followed by inverse unitary U􀀀1
f . Measurement is performed at last.
Protocol 3: Protocol for qTCP

Input: Qubits Ai
1. Entangled the qubits Ai
2. Do phase-IP correction
3. Do bit-IP correction
4. Information of qubits Ai are being sent to Bi.
5. After correction and checking Bi sends back information to Ai.
6. Lastly, Ai sends information to Bi.
262
TELEPHONY
7. Bell measurement is done on B.
Output: Transmission takes place.
B. Experiment Results of The Circuit
1. Quantum User Datagram Protocol
Here from the result, we can see that the probability of occurrence is 0.5.
The measurement is done for 10(qi) qubit system. Firstly, the unitary
function Uf is applied,following that, EPR pairs are being created. The Bell
measurement is done, following that qubits are deferred measured. Pauli
correction is done, for error checking, and lastly, inverse U􀀀1 f is applied.
Measurement is taken at last.
2. Quantum User Transmission Protocol
Here from the result, we can see that the probability of occurrence is 0.5.
The measurement is done on 10 qubit system. Firstly, qubits Ai are
entangled following that,phase-error correction and bit-error correction is
done.After that, the value of the qubit is sent to B register,and then again
sends to A, and lastly, the value of A is then sent back to B. Measurement
is taken at last
VI. DISCUSSION
The quantum channel in question can be designed in two ways as
discussed, one is based on the technique named entanglement swapping,
and the other on a step-wise teleportation scheme. The quantum
Quantum circuit for qTCP. The first part is entanglement of qubits A1 and
A2. Qubit 3 goes through a Hadamard gate.After that, phase-IP correction
circuit is included in the circuit along with bit-IP correction circuit. A three-
way handshake protocol then occurs. A sends qubits value to B, and
checks for error. B then sends back to A. Combining with another EPR pair,
A sends the last value to B. Lastly, the measurement is done.Simulation
result for quantum user datagram protocol.The histogram is made with
214 observations.channel in question is built on 11 qubits, 2 of them being
the end-nodes, 8 in 4 repeaters of 2 qubits each and 1 for supplying
message signal to one of the end-nodes. Simulation of these channels of
both types yields satisfactory results when a large number of observations
are taken.The circuits involved in the making of the quantum channel
employ only basic quantum gates such as Hadamard and Control Not, and
263
hence can be pretty easily replicated in an IBM Q system operating on a

small number of bits.
Post the analysis of the results of the quantum channel, we have worked
on one `layer' of a quantum internet model. Layers of the quantum
internet here carry the same meaning as its classical counterpart, namely
the layers of the classical internet. Unlike the classical internet structured
with 7 layers (OSI Model)42 though, we have considered the sufficient
conceptualization . Simulation result for quantum transmission control
protocol. The histogram is made with 214 observations. quantum internet
in just 4, namely Application Layer,Transport Layer, Network Layer, and
the Network Ac-cess Layer. It should be noted that these layers occur in
the classical internet's model too, while also being very similar to their
classical versions.The application layer is the space that houses various
quantum network applications along with their protocols. The focus of this
article was on demonstrating the operations in the Transport Layer. As the
name suggests, the Transport Layer of the quantum network carries, or
transports messages from the application layer,between application end-
nodes. The two core quantum internet protocols in this layer are quantum
User Data-gram Protocol and quantum User Transport Control Protocol.
These two protocols qUDP and qTCP can be interpreted as being a one-
way transmission and a two-way transmission respectively. We have
drawn input from the classical versions and attempted to implement them
in a quantum network. Algorithms for each protocol were studied and
simulated. qUDP, being a one-way transmission protocol does not require
extra acknowledgments and is hence a faster mode of transmission, while
also being error-prone. On the other hand, qTCP follows a three-way
handshake protocol with repeated communication between end-nodes
for receiving acknowledgment signals and re-transmission in case errors
arise. We also look at the simulation results for a 10-qubit system with 214
observations through this article.
VII. CONCLUSION AND FUTURE-WORK
We have discussed the quantum channel and the quantum protocols of

packet network inter-communication for a repeater based quantum
internet. In principle, we have described two ways of constructing a
quantum channel namely, through entanglement swapping based
quantum channel and step teleportation based quantum channel along
with two transport layer protocols quantum user datagram protocol and
264
TELEPHONY
transmission control protocol. Here, the quantum user datagram protocol
is a connection-less communication protocol. On the other hand, the
quantum transmission control protocol is a synack handshake mechanism
protocol.
A brief analysis of a few of the protocols and two quantum channels and
then run a necessary simulation to get the results. Considering the
prospects of this work in the future, the study of the other layers (i.e.
Application layer, Network layer, Network Access Layer . . . ) can be done.
In classical communication of the current times, packet switching will
employ operations of re-ordering and reassembling of the chunks in the
destination. The congestion control algorithm for qTCP is also an area that
can be further explored following this .
1 L. K. Grover, A fast quantum mechanical algorithm fordatabase search,

Proceedings, 28th Annual ACM Symposium on the Theory of Computing
(STOC), May 1996,pages 212-219.
2 P. W. Shor, Scheme for reducing decoherence in quantum computer
memory, Phys. Rev. A 4, R2493 (1995).
3 S. Shankland, IBM's new 53-qubit quantum computer is its biggest yet,
https://www.shorturl.at/ipxB5, (2019).
4 J. Porter, Google may have just ushered in an era of `quantum
supremacy', https://www.theverge.com/2019/9/23/20879485/google-
quantum-supremacy-qubits-nasa,(2019).
5 A. S. Cacciapuoti, M. Cale_, F. Tafuri, F. S. Cataliotti, S.Gherardini, and G.
Bianchi, Quantum internet: networking challenges in distributed quantum
computing, IEEE Network (2019).
6 Qualcomm, Everything You Need to Know About
5G,https://www.qualcomm.com/invention/5g/what-is-5g,(2019).
7 C. Nay, IBM Unveils World's First Integrated Quantum Computing
System for Commercial Use, https://www.shorturl.at/clFGS, (2019).
8 Wikipedia, Quantum Network,
https://en.wikipedia.org/wiki/Quantum_network#cite_note-23, (2019).
9 M. Sasaki, Quantum networks: where should we be heading?, Quantum
Sci. Technol. 2, 020501 (2017).
10 P. Komar, E. M. Kessler, M. Bishof, L. Jiang, A. S.Sorensen, J. Ye and M.
D. Lukin, A quantum network of clocks, Nat. Phys. 8, 582 (2014).
11 D. Gottesman, T. Jennewein, and S. Croke, Longerbaseline telescopes
using quantum repeaters, Phys. Rev.Lett. 109, 070503 (2012).
12 D. Aggarwal, S. Raj, B. K. Behera, and P. K. Panigrahi,Application of
265
quantum scrambling in Rydberg atom on

IBM quantum computer, arXiv:1806.00781 (2018).
13 P. K. Vishnu, D. Joy, B. K. Behera, and P. K. Panigrahi, Experimental
demonstration of non-local controlled-unitary quantum gates using a five-
qubit quantum computer, Quantum Inf. Process. 17, 274 (2018).
14 G. R. Malik, R. P. Singh, B. K. Behera, and P. K. Panigrahi, First
Experimental Demonstration of Multi-particle Quantum Tunneling in IBM
Quantum Computer, DOI:10.13140/RG.2.2.27260.18569 (2019).
15 Manabputra, B. K. Behera, and P. K. Panigrahi, A Simulational Model for
Witnessing Quantum E_ects of Gravity Using IBM Quantum Computer,
arXiv:1806.10229 (2018).
16 S. Dutta, A. Suau, S. Dutta, S. Roy, B. K. Behera,P. K. Panigrahi,
Demonstration of a Quantum Circuit Design Methodology for Multiple
Regression, arXiv preprint arXiv:1811.01726 (2018).
17 J. Rofie, D. Headley, N. Chancellor, D. Horsman, and V.Kendon,
Quantum Sci. Technol. 3, 035010 (2018).
18 R. K. Singh, B. Panda, B. K. Behera, P. K. Panigrahi, Demonstration of a
general fault-tolerant quantum error detection code for (2n+ 1)-qubit
entangled state on IBM 16-qubit quantum computer, arXiv preprint
arXiv:1807.02883 (2018).
19 A. Warke, B. K Behera, and P. K. Panigrahi, The first three-qubit and six-
qubit full quantum multiple error-correcting codes with low quantum
costs, DOI:10.13140/RG.2.2.18542.77129 (2019).
20 A. Pal, S. Chandra, V. Mongia, B. K. Behera, and P. K.Panigrahi, Solving
Sudoku Game Using Quantum Computation, DOI:
10.13140/RG.2.2.19777.86885 (2018).
21 C. Varma, B. K. Behera, and P. K. Panigrahi, Playing Pong Game on a
Quantum Computer, DOI:10.13140/RG.2.2.23258.08648/1 (2019).
22 V. Singh, B. K. Behera, and P. K. Panigrahi, Design of Quantum Circuits
to Play Bingo Game in a Quantum Computer, DOI:
10.13140/RG.2.2.22727.34720 (2019).
23 S. Paul, B. K. Behera, and P. K. Panigrahi, Playing Quantum Monty Hall
Game in a Quantum Computer, arXivpreprint arXiv:1901.01136 (2019).
24 B. B. Roy, B. K. Behera, and P. K. Panigrahi, Modelling 10A Simple
Shooting Game Using Quantum Computation,DOI:
10.13140/RG.2.2.30976.07680 (2019).
25 B. K. Behera, S. Seth, A. Das, and P. K. Panigrahi,Demonstration of
entanglement puri_cation and swapping protocol to design quantum
repeater in IBM quantum computer, Quantum Inf. Process. 18, 108 (2019).
26 B. K. Behera, T. Reza, A. Gupta, P. K. Panigrahi, Designing quantum
266
TELEPHONY
router in IBM quantum computer, Quantum Inf. Process. 18, 328 (2019).
27 S. Mahanti, S. Das, B. K. Behera, and P. K. Panigrahi,Quantum Robots
Can Fly; Play Games: An IBM Quantum Experience, Quantum Inf. Process.
18, 219 (2019).
28 D. G. Martin, and G. Sierra, Five Experimental Tests on the 5-Qubit IBM
Quantum Computer, J. App. Math.Phys. 6, 1460 (2018).
29 R. Jha, D. Das, A. Dash, S. Jayaraman, B. K. Behera, and P. K. Panigrahi,
A Novel Quantum N-Queens Solver Algorithm and its Simulation and
Application to Satellite Communication Using IBM Quantum
Experience,arXiv:1806.10221 (2018).
30 A. Dash, S. Rout, B. K. Behera, and P. K. Panigrahi,Quantum Locker
Using a Novel Veri_cation Algorithm and Its Experimental Realization in
IBM Quantum Computer,arXiv preprint arXiv:1710.05196 (2017).
31 B. K. Behera, A. Banerjee, and P. K. Panigrahi, Experimental realization
of quantum cheque using a five-qubit quantum computer, Quantum Inf.
Process. 16, 312 (2017).
32 A. R. Kalra, N. Gupta, B. K. Behera, S. Prakash, and P. K.Panigrahi,
Demonstration of the no-hiding theorem on the 5-Qubit IBM quantum
computer in a category-theoretic framework, Quantum Inf. Process. 18,
170 (2019).
33 A. Baishya, S. Sonkar, B. K. Behera, and P. K. Panigrahi,Demonstration
of Quantum Information Splitting Using a Five-qubit Cluster State: An IBM
Quantum Experience,DOI: 10.13140/RG.2.2.21435.05925 (2019).
34 D. Alsina, and J. I. Latorre, Experimental test of Mermin inequalities on
a _ve-qubit quantum computer, Phys. Rev.A 94, 012314 (2016).
35 M. A. Nielsen and I. Chuang, Quantum Computation and Quantum
Information, (2002).
36 A. Einstein, B. Podolsky, and N. Rosen, Can quantum mechanical
description of physical reality be considered complete? Phys. Rev. 47, 777
(1935).
37 C. H. Bennett, G. Brassard, C. Cr_epeau, R. Jozsa, A.Peres, and W.
K.Wootters, Teleporting an unknown quantum state via dual classical and
einstein-podolsky-rosen channels, Phys. Rev. Lett. 13, 1895 (1993).
38 N. Yu, C. Lai, and L. Zhou, Protocols for packet quantum network
intercommunication, arXiv preprint arXiv:1903.10685 (2019).
39 L. Jiang, J. M. Taylor, K. Nemoto, W. J. Munro, R. V. Meter, and M. D.
Lukin, Quantum repeater with encoding,Phys. Rev. A 79, 032325, (2009).
40 N. Sangouard, C. Simon, H. De. Riedmatten, and N. Gisin,Quantum
repeaters based on atomic ensembles and linear optics, Rev. Mod. Phys.
88, 33 (2011).
267
41 C. Simon, H. De. Riedmatten, M. Afzelius, N. Sangouard,H. Zbinden, and

N. Gisin, Quantum repeaters with photon pair sources and multimode
memories, Phys. Rev. Lett. 19,190503 (2007).
42 H. Zimmermann, OSI Reference Model - The ISO Model of Architecture
for Open Systems, IEEE Trans. Comm. 28,425 (1980).
43 W. J. Munro, K. Azuma, K. Tamaki, and K. Nemoto, Inside quantum
repeaters, IEEE J. Select. Top. QuantumElectron, 21, 6400813 (2015).
To Invent a Quantum Internet
The physicist and computer scientist Stephanie Wehner is planning and

designing the next internet—a quantum one
Credit: Getty Images
The first data ever transmitted over Arpanet, the precursor of the internet,
blipped from a computer at the University of California, Los Angeles to
one at the Stanford Research Institute in Palo Alto on Oct. 29, 1969.
That evening, the team at UCLA got on the phone with the SRI team and
began typing “LOGIN.” “We typed the L and we asked, ‘Did you get the
L?’” the UCLA computer scientist Leonard Kleinrock recently recalled.
“‘Yep’ came the reply from SRI. We typed the O and asked, ‘Did you get
the O?’ ‘Yep.’ We typed the G and asked, ‘Did you get the G?’ Crash! The
268
TELEPHONY
SRI host had crashed. Thus was the first message that launched the
revolution we now call the internet.”
The ability of networks to transmit data — as well as their tendency to

crash, or otherwise behave unpredictably — has always fascinated
Stephanie Wehner. “On a single computer, things will happen nice and
sequentially,” said Wehner, a physicist and computer scientist at Delft
University of Technology. “On a network, many unexpected things can
happen.” This is true in two senses: Programs on connected computers
interfere with one another, with surprising effects. And users of networks
get creative. With the internet, Wehner noted, initially “people thought
we would use it to send around some files.”
Wehner first got online around 1992, a few years before it was easy to do
so. A teenager in Germany at the time and already a deft computer
programmer, she soon became a hacker on the fledgling internet. At 20,
she got a job as a “good” hacker, sussing out network vulnerabilities on
behalf of an internet provider. Then she grew bored with hacking and
sought a deeper understanding of information transmission and networks.
Wehner is now one of the intellectual leaders of the effort to create a new
kind of internet from scratch. She is working to design the “quantum
internet,” a network that would transmit — instead of classical bits with
values of either 0 or 1—quantum bits in which both possibilities, 0 and 1,
coexist. These “qubits” might be made of photons that are in a
combination of two different polarizations. The ability to send qubits from
one place to another over fiber-optic cables might not transform society
as thoroughly as the classical internet, but it would once again
revolutionize many aspects of science and culture, from security to
computing to astronomy.
Wehner is the coordinator of the Quantum Internet Alliance, a European

Union initiative to build a network for transmitting quantum information
throughout the continent. In a paper in Science journal 2019 October, she
and two co-authors laid out a six-stage plan for realizing the quantum
internet, where each developmental stage will support new algorithms
and applications. The first stage is already underway, with the
construction of a demonstration quantum network that will connect four
cities in the Netherlands — a kind of Arpanet analogue. Tracy Northup, a
269
member of the Quantum Internet Alliance based at the University of

Innsbruck, praised “the breadth of Stephanie’s vision, and her
commitment to building the kind of large-scale structures that will make it
happen.”
After quitting hacking, Wehner went to university in the Netherlands to

study computer science and physics. She heard the quantum information
theorist John Preskill give a talk in Leiden describing the advantages of
quantum bits for communication. A few years later, after earning her
doctorate, she left classical bits behind and joined Preskill’s group at the
California Institute of Technology as a postdoc.
At Caltech, in addition to proving several notable theorems about

quantum information, quantum cryptography and the nature of quantum
mechanics itself, Wehner emerged as “a natural leader,” Preskill said, who
“was often the glue that bound people together.” In 2014, after a
professorship in Singapore, she moved to Delft, where she began
collaborating with experimentalists to lay the groundwork for the
quantum internet.
Quanta Magazine spoke with Wehner over two days in August. The

interview has been condensed and edited for clarity.
The quantum internet is a network for transmitting qubits between distant

locations. Why do we need to do that?
The idea is not to replace the internet we have today but really to add
new and special functionality. There are all kinds of applications of
quantum networks that will be discovered in the future, but we already
know quite a number of them. Of course the most famous application is
secure communication: the fact that one can use quantum communication
to application is secure communication: the fact that one can use
quantum communication to perform what is called quantum key
distribution, where the security holds even if the attacker has a quantum
computer. A quantum computer would be able to break a lot of the
security protocols that exist today.
What makes quantum keys so secure?
270
TELEPHONY
A good way to understand what a quantum internet can do is to think
about “quantum entanglement,” a special property that two quantum bits
can have that makes all of this possible. The first property of
entanglement is that it’s “maximally coordinated”: I would have a
quantum bit here and you would have a quantum bit in New York, and we
would use the quantum internet to entangle these two qubits. And then, if
I make a measurement on my qubit here and you make the same
measurement in New York, we will always get the same outcome even
though the outcome wasn’t determined ahead of time. So you can
intuitively think that a quantum internet is very good for tasks that require
coordination, due to that first property of quantum entanglement.
Now, given that this is so maximally coordinated, you might say, “Hey,
wouldn’t it be great if this entanglement could be shared with hundreds of
people?” But that’s actually not possible. So the second property of
entanglement is that it’s inherently private. If my qubit here is entangled
with your qubit in New York, then we know that nothing else can have any
share of that entanglement. And this is the reason why quantum
communication is so good for problems that require security.
As one of the simplest applications of quantum communication, quantum

key distribution could be available as soon as the early 2020s on the
demonstration network you’re building. What are some of the more
advanced applications that will become possible later?
New kinds of remote computing will become possible. Say you have a
proprietary material design and you want to test its properties in a
simulation. A quantum computer promises to be much better at that than
a classical computer. But you can imagine that not everybody in the world
will have a large quantum computer in their living room anytime soon —
possibly not in our lifetime. One way of doing that is you send your
material design to me, and I run a simulation for you on my quantum
computer and tell you the outcome. That’s great, but now I also know
your proprietary material design. So one thing the quantum network
makes possible is that you can use a very simple quantum device — in
fact, it can make only one qubit at a time — and the quantum network can
transfer qubits from your device to my powerful quantum computer. And
you can use that quantum computer in such a way that it cannot learn
what your material design is while performing the computation.
271
To give another example, people have also shown that entanglement

enables more accurate clock synchronization between two places, which
will have a lot of applications. A quantum internet could also be used to
make a better telescope, basically by combining distant telescopes. The
state of the light particles coming into telescope 1 are teleported, using
quantum entanglement, to telescope 2, and then they’re combined with
the light of telescope 2.
Simulating the future quantum internet. Why is that necessary?
With this very extensive simulation platform we’ve recently built, which is
now running on a supercomputer, we can explore different quantum
network configurations and gain an understanding of properties which are
very difficult to predict analytically. This way we hope to find a scalable
design that can enable quantum communication across all of Europe.
The unpredictability of networks is something that has always fascinated

me. Computers are interesting, but what I really care about is transmitting
data from one point to another. This is the reason why I got into hacking,
and why I got interested in the classical internet and gaining access to it in
the first place. It’s fundamentally really hard to get a handle on what
happens in a network, because there are so many uncharacterized things.
For example, if you want to send a message, you cannot predict exactly
how long it might take. The message might be lost. A computer might
crash. It might go too slow; it might corrupt the data. It might have
changed the protocol in unexpected ways because it’s an old version or a
new version or a malicious version.
The noisy storage theorem.
Noisy storage is about cryptography with a physical assumption. In the

classical world, one often makes a computational assumption. For
example, you assume that it’s difficult to determine the prime factors of
large numbers, and if that assumption is true, then my protocol is secure.
These security proofs are nice and they’re everywhere, but one should
realize that they may be invalidated later. If at any future point someone
invents a smart procedure to solve the computational problem that your
security is based on, security can be retroactively broken. For instance,
when we have quantum computers, they will be able to factor large
272
TELEPHONY
numbers, and so security based on factoring will be broken. If someone
records your messages today, then they may be decrypted later.
The noisy storage work was about: Can we make a physical assumption
that can’t be retroactively broken? The physical assumption is that it’s
difficult to store a lot of quantum states without noise, which only needs
to be true in a very short time frame. If I make the assumption that right
now you can only store up to 1 million noisy qubits, then I can treat my
protocol parameters to increase security by sending more information
than those million noisy qubits can capture. This is nice because if
tomorrow you go and buy quantum memory that has 2 million qubits,
that’s too late; the information has already been sent securely.
That would allow us to implement all kinds of protocols in quantum

communication. Say two people want to compare each other’s passwords
without ever giving them away. It’s not like what we do now, when you
use an ATM and punch in your PIN there — instead, I’m going to punch in
the PIN on my own device, and it will never be leaked to the ATM. That
protocol becomes possible with the noisy storage assumption.
Is the pursuit of the quantum internet likely to foster fundamental insights

about the laws of nature — a sort of learning-by-doing approach to
science?
There’s sometimes a judgment in the sciences that some questions are

fundamental and some questions are mundane. I think bringing something
into the real world that people can actually use is never mundane. It is
extremely hard. There’s this absolutely mind-blowing jump from, “I have
this great idea; let’s discuss it on the whiteboard,” to the cellphone that
I’m currently using to talk to you. With the quantum internet, we are
trying to do this from scratch. From zero.By making a Quantum phone
screen based on quantum dots. From an early-stage experiment in the lab
to this network that we’re trying to set up in to something that’s outside
the lab, that works over distance, that can be used by people, that they
can play around with, then by people who don’t need to know physics in
order to do it. If one part of the system already existed, we could say,
“Now we’re going to improve that.” But the step from zero to the first
version is very large.
273
In doing this, I think we will get a more fundamental understanding in

several areas. We will learn more about the physics by making these
networks possible because currently we don’t know exactly how to do it.
We’re still trying out different kinds of nodes and quantum repeaters,
devices that relay entanglement across large distances. And in the domain
of computer science, we will learn an entirely new way to program and
control such networks due to fundamental differences from classical
communication.
But I also think that using such a network, we gain information about
creativity and social sciences — about how, in fact, people will go and use
these networks. If you look at the classical internet, people thought we
would use it to send around some files. That’s great. But people have
gotten more creative.
A quantum network stack and protocols for reliable entanglement-based

networks A. Pirker and W. D ̈urInstitut f ̈ur Theoretische Physik, Universit ̈
presented a stack model for breaking down the complexity of
entanglement-based quantumnetworks. More specifically, they focused
on the structures and architectures of quantum networks and not on
concrete physical implementations of network elements. They
constructed the quantum network stack in a hierarchical manner
comprising several layers, similar to the classical network stack, and
identified quantum networking devices operating on each of these layers.
The layers responsibilities range from establishing point-to-point
connectivity, over intra-network graph state generation, to inter-network
routing of entanglement. In addition they proposed several protocols
operating on these layers. In particular, we extend the existing intra-
network protocols for generating arbitrary graph states to ensure
reliability inside a quantum network, where here reliability refers to the
capability to compensate for devices failures. Further more, we propose a
routing protocol for quantum routers which enables to generate arbitrary
graph states across network boundaries. This protocol, in correspondence
with classical routing protocols, can compensate dynamically for failures
of routers,or even complete networks, by simply re-routing the given
entanglement over alternative paths. They consider how to connect
274
TELEPHONY
quantum routers in a hierarchical manner to reduce complexity, as well as
reliability issues arising in connecting these quantum networking devices.
INTRODUCTION
Quantum networks lie at the heart of the success of futurequantum

information technologies. Possible applicationsof such networks, over
even a global scale quantum internet [1], are quantum key distribution
protocols [2–8],quantum conference key agreement [9–13], secure quan-
tum channels [14–16], clock-synchronization techniques[17, 18] and
distributed quantum computation [19–21] in general.In principle there are
mainly two approaches to con-struct quantum networks. On the one hand
quantumnetworks could simply forward quantum information directly,
which however needs to be protected against noise and decoherence
using quantum error correcting codes[22], and repeatedly refreshed at
intermediate stationswhere error correction is performed [23–26]. On the
other hand, quantum networks may use a property which is only
accessible in quantum physics, namely entanglement. Constructing
quantum networks by using entanglement has one significant advantage
compared to directly motivated approaches: The entanglement topol-ogy
of a network, which determines in that case also the boundaries and
ultimately the structure of a network, is completely independent of the
underlying physical channel configuration. In particular, by characterizing
quantum networks abstractly in terms of entangled quantum states allows
for several interesting features which are not explicitly available in a direct
approach, like e.g. creating shortcuts in a network on demand (by
introducing an entangled state between parties) [27].A crucial element to
establish long distance entanglement are quantum repeaters [28–35], and
multiple pro-posals for repeater-based networks have been put
forward[32, 33, 36–49] . Most schemes are based on bipartite
entanglement, where Bell pairs are generated between nodes of the
network. However, a future quantum network shall not be limited to the
generation of Bell-pairs only [50–53], because many interesting
applications require multipartite entangled quantum states. Therefore,the
ultimate goal of quantum networks should be to enable their clients to
275
share arbitrary entangled states to perform distributed quantum

computational tasks. An important subclass of multipartite entangled
states are so-called graph states [54]. Many protocols in quantum
information theory rely on this class of states.Here we consider
entanglement-based quantum networks utilizing multipartite entangled
states [51–53, 55–57] which are capable to generate arbitrary graph states
among clients. In general, we identify three successive phases in
entanglement-based quantum networks: dynamic, static, and adaptive. In
the dynamic phase, which is the first phase, the quantum network devices
utilize the quantum channels to distribute entangled states among each
other. Once this phase completes, the quantum network devices share
certain entangled quantum states,which results in the static phase. In this
phase, the quantum network devices store these entangled states for
future requests locally. Finally, in the adaptive phase,the network devices
manipulate and adapt the entangled states of the static phase. This might
be caused either due to requests of clients in networks, but also due to
failures of devices in a quantum network.They followed the approach of
[51] where a certain network state is stored in the static phase, and client
requests to establish certain target (graph) states in the network are
fulfilled by processing this network state using only local operations and
classical communication (LOCC) in the adaptive phase. This has the
advantage that requests can be fulfilled without delay, as the required
resource states are pre-generated during the phase. In contrast, in
complete dynamical networks requests are fulfilled by generating the
required entanglement over physically available links on demand. Thismay
be rather resource- and time consuming, and involves additional
difficulties such as the so-called routing problem [27, 40, 41, 46, 48, 58–
61] where the goal is to determine a way of combining short-distance Bell-
pairs to establish a long-distance Bell-pair in the most resource efficient
way. In our approach, the problem is split into the generation of a
universal network state (which also involves routing, but can be done prior
to the request)in the dynamic phase, and its processing in the adaptive
phase to establish desired target states. What all approaches have in
common are two basic problems: (i)The complexity of how to organise
276
TELEPHONY
quantum networking devices in a real network and how to systematically
execute tasks in it; (ii) How entanglement can be established efficiently
between networking devices in a dynamical manner. Despite the fact that
some aspects have been addressed in recent works, it still remains unclear
how the different techniques, ranging from the physical channel
configuration, over the entanglement structureof a network to routing
between quantum networks collaborate to enable for a feasible and
tractable quantum network.Classical computer networks tackle the
complexity oftransmitting bits between two nodes by breaking downthe
transmission into several layers of a stack model, the Open Systems
Interconnection model (OSI model) [62].In this model, information passes
through seven layers,where each layer has a clear responsibility and adds
additional descriptive information to the original message.Networking
devices use this prepended information for various tasks. One of these
layers is the network layer(layer three), which is responsible for logical
addressing and routing in classical networks. Routing protocols for
computer networks aim at determining a transmission path from a sender
to a receiver by inspecting the descriptive information of the network
layer. This task is accomplished by so-called routers, operating on layer
three of the OSI model.The goal of this work is to establish a quantum
network stack model from an architectural point of view.They achieved
this by abstracting the main concepts which quantum networks
necessarily require from their under-lying physical implementation details.
This provides a clean, and especially technology independent, view on the
responsibilities, complexities and tasks arising in quantum networks. Of
course, when implementing a quantum network device, one still has to
consider how to realize quantum memories, their interfaces to the
quantum communication channels, and the implementation of quantum
gates. However, in such an abstracted model, implementation details do
not affect the concepts residingwithin the layers of the stack model, since
they emergefrom a technology independent view on quantum net-works
in more depth.Full realization of the quantum network stack as proposed
will be challenging in the near-term future. Nevertheless, since the
concepts of this work are technologyindependent, they provide a starting
277
point for building up quantum networks in a well-defined, standardized

and technology- and vendor-independent manner.We introduce a
quantum network stack, which breaks down the complexity of
entanglement-based quantum networks into several hierarchical layers of
a stack model,similar to the OSI model. Each of the layers has a clear
responsibility and can therefore be evolved in dependently in the future.
Identify layers for ensuring connectivity at the lowest level (where
quantum repeaters operate on), for generating graph states inside a
network, butalso for enabling inter-network graph state requests. Observe
that in such a model, each layer uses its own set of protocols for
accomplishing its associated responsibility.After identifying the quantum
network stack, we also present protocols which operate on the proposed
layers.Start by proposing a protocol for the static phase in a quantum
network for ensuring reliability. Then we discuss protocols tackling
problems arising on connecting entanglement-based quantum networks
via routers.For that purpose, we introduce the notion of a region,which is
essentially a network of routers. The protocol we propose, which we refer
to as routing protocol, operatesin the adaptive phase and transforms a
given entangle-ment structure between regions to a virtual network state
among the requesting networks. This enables our net-work devices to
fulfill arbitrarily distributed graph state requests in a straight forward
manner. We also present protocols for the static phase of regions,
especially to organize regions in a hierarchical manner and a techniqueto
increase the reliability of regions. Finally, we definethe term reachability
for quantum networks. In such networks we say that a network (or
network device) is quantum mechanically reachable if entanglement to
the targetcan be established or is still present.The main contributions of
our work are as follows:•We introduce a quantum network stack for
entanglement-based quantum networks and a classification of quantum
network devices in accordance with this stack.•We identify techniques for
quantum networks in theadaptive phase to guarantee intra-network
reliability, which means that the network devices can dealwith the failure
of some networking devices withoutthe need to re-establish
entanglement.•We present a protocol which is capable of gener-ating
278
TELEPHONY
arbitrary graph states across network bound-aries in the adaptive phase.
We also find schemes to tackle the complexity arising in connecting
quantum networks as well as reliability issues among regions, both crucial
properties for the quantum internet.
World's first link layer protocol brings quantum internet closer to a reality
by Delft University of Technology.
Using the link layer protocol, higher-layer software can request the
creation of entanglement without needing to know which quantum
hardware system is in the box.
Researchers from QuTech have achieved a world's first in quantum

internet technology. A team led by Professor Stephanie Wehner has
developed a so-called link layer protocol that brings the phenomenon of
quantum entanglement from experimental physics to a real-world
quantum network. This brings closer the day when quantum internet can
become a reality, delivering applications that are impossible to achieve via
classical internet. In classical computing, a collection of software layers
referred to as the network stack allows computers to communicate with
each other. Underlying the network stack are communications protocols,
such as the internet protocol or HTTP. Stephanie Wehner explained that
one essential protocol used by a network is the link layer protocol, which
overcomes the problems caused by imperfect hardware: "All of us use
classical link layer protocols in everyday life. One example is Wi-Fi, which
allows an unreliable radio signal—suffering from interruptions and
interference—to be used to transmit data reliably between compatible
devices."
A quantum network, based on transmission of quantum bits, or qubits,

requires the same level of reliability. Stephanie Wehner says, "In our work,
we have proposed a quantum network stack, and have constructed the
world's first link-layer protocol for a quantum network."
It turns out that existing classical protocols cannot help in the quantum
world. One challenge is presented by differences between the
technologies used. Stephanie Wehner: "Currently, qubits cannot be kept
in memory for very long. This means control decisions on what to do with
279
them need to be taken very quickly. By creating this link layer protocol, we
have overcome obstacles presented by some very demanding physics."
There are also some fundamental differences between a future quantum

internet and the internet that we see today. Stephanie Wehner said that
two quantum bits can be entangled: "Such entanglement is like a
connection. This is very different to the situation for classical link layer
protocols where we typically just send signals. In that case, there is no
sense of connection built in at a fundamental level."
Quantum internet
The phenomenon of entanglement forms the basis of a quantum internet.

When two fundamental particles are entangled, they are connected with
each other in such a way that nothing else can have any share of this
connection. Researcher Axel Dahlberg said that this enables a whole new
range of applications "Security is one important application. It is physically
impossible to eavesdrop on an entangled network connection between
two users. To give another example, the technology also allows improved
clock synchronization, or it can join up astronomical telescopes that are a
long way apart, so they act as a huge single telescope."
Researcher Matthew Skrzypczyk said that an important feature of the

proposed quantum network stack and the link layer protocol is that it any
future software written using the protocol will be compatible with many
quantum hardware platforms. "Someone who makes use of our link layer
protocol no longer needs to know what the underlying quantum hardware
is. In our paper, we study the protocol's performance on Nitrogen-Vacancy
centers in diamond, which are essentially small quantum computers.
However, our protocol can also be implemented on Ion Traps, for
example. This also means our link layer protocol can be used in the future
on many different types of quantum hardware."
Building a quantum network system
Stephanie Wehner said that the next step will be to test and demonstrate
a new network layer protocol using the link layer protocol: "Our link layer
protocol allows us to reliably generate entanglement between two
network nodes connected by a direct physical link, such as a telecom fiber.
280
TELEPHONY
The next step is to produce entanglement between network nodes which
are not connected directly by a fiber, using the help of an intermediary
node. In order to realize large scale quantum networks, it is important to
go beyond a physics experiment, and move towards building a quantum
network system. This is one of the objectives EU-funded Quantum
Internet Alliance (QIA)."
coutesy:Techexplor
ist
Stefan Pogorzalek and Dr. Frank Deppe with the crystat in which they have
realized a quantum LAN for the first time,Image:ABattenberg/TUM
Quantum communication protocols based on nonclassical correlations are

more efficient than classical methods and offer intrinsic securityover direct
state transfer.Remote state aims at the creation of a desired known
quantum state at a remote location using classical communication and
quatum entanglement .
Technical University of Munich(TUM) scientists have implimentedsecure

quantum communicationin the microwave band in a local quantum
network.This is for first time it has been reported new architechture that
represents a crucial step on the road to distributed quantum computing.
They have put the quantum internet based on superconducting circuits
and microwave communications.Scientists have been trying for last ten
years on quantum microwaves. To do this they used microwave radiation
to show that it has quantum mechanical properties.Unlike with the visible
light ,it was challenging as it required low energy microwave
photons.Though they have done it in absolute-zero temperatures using
special cooling devices.It can be done at room temperature with
281
microwave klystron with ZnS quantum dots to propogate the quantum

communications.
A step forward for quantum communications protocol at remote

location.They squeezed microwave state as the quantum state,which is
due tio the electromagnetic wave that can be explained with quantum
mechanics.They used a wave vacuum fluctuation in one direction as
suppressed and amplified in other perpendicular direction to the first
one.Two such state can be used to produce an entangle state.
Coutesy : techexplorist
Quantum circuit developed at the Walther –Meissener Institute (WMI)

which produces quantum microwave state .
Acording to the Frank Deppe it is possible to communicate between

longer distances with quantum communication securely between two
quantum computers.
Quantum Key Distribution (QKD) [1, 2] is a technology, based on the

quantum laws of physics, rather than the assumed computational
complexity of mathematical problems, to generate and distribute provably
secure cipher keys over unsecured channels. It does this using single
photon technology and can detect potential eavesdropping via the
quantum bit error rates of the quantum channel. Sending randomly
encoded information on single photons produces a shared secret that is a
282
TELEPHONY
random string and the probabilistic nature of measuring the photon state
provides the basis of its security. A QKD system consists of a quantum
channel and a classical channel. The quantum channel is only used to
transmit qbits (single photons) and must consist of a transparent optical
path (fiber, free-space and optical switches, no routers, amplifiers or
copper). It is a lossy and probabilistic channel. The classical channel can be
a conventional IP channel (not necessarily optical), but depending on
system design it may need to be dedicated and closely tied to the
quantum channel for timing requirements. It would not be unusual for the
quantum and classical channels to share a common fiber via wavelength
division multiplexing (WDM). A quantum network connects a number of
point-to-point QKD systems together so that one can develop shared
secrets between users anywhere on that sub-network. A quantum
network would be an embedded sub-network within a conventional
communication network for the purpose of developing shared secrets, not
transporting secure messages. The physical link (e.g., fiber) that carries the
classical channel could certainly support general messages, but not within
the QKD classical channel. Commodity security protocols, such as Internet
Protocol Security (IPsec) and Transport Layer Security (TLS, often referred
to as Secure Sockets Layer or SSL), currently handle the bulk of today’s
internet encrypted traffic. Although these protocols are standardized, they
have no
International Journal of Network Security & Its Applications (IJNSA), Vol 1,

No 2, July 2009102 standard application programming interface (API) and
a number of different implementations exist. With the advent of quantum
computers, several of the cryptographic constructs underlying the security
model of IPsec and TLS will be broken. Breakthroughs in cryptanalysis
continue to present a possible threat as well. Quantum-resistant
replacements will have to be found for public-key cryptography and for
Diffie-Hellman key agreement. Using quantum keying material within
these protocols would solve this problem. Alternate approaches to this
problem are being considered via quantum resistant public key
cryptographic algorithms [3], although promising, all such algorithms are
based on unproven computational complexity assumptions, and if these
283
assumptions are shown to be false, the algorithms will be insecure. QKD

does not solve the authentication problem and would rely on conventional
authentication techniques (public key or pre-shared secret). QKD does
offer perfect forward security and therefore past QKD secrets will remain
secure, even when the public key algorithm is broken (since, at most, it
was only used for QKD authentication). Although quantum computers are
not yet a reality, it is necessary to develop alternative technologies well in
advance, since past secrets will be at risk once the threat is realized. There
are a few commercial QKD systems and active QKD research programs in
Europe [4] and Japan [5] as well as a recently formed European QKD
standards effort [6]. This level of activity suggests that QKD and the
threats to current cryptography are being taken seriously. 2.QKD Overview
The BB84 [7] protocol and its variants are the only known provably secure
QKD protocols. Other QKD protocols (e.g., differential phase shift keying
[8]), although promising, have yet to be proven secure. The BB84 protocol
consists of four stages (See Fig 1). The first stage is the transmission of the
randomly encoded single photon stream over the quantum channel from
Alice (the sender) to Bob (the receiver) to establish the initial raw key.
Alice maintains a temporary database of the state of each photon sent.
The second stage is sifting, where Bob sends a list of photons detected
and their basis, but not their value, back to Alice over the classical
channel. Basis refers to how the photons were measured. Photons can be
encoded in one of two bases (e.g., horizontal/vertical or diagonal
polarization). There is only one photon and it can only be measured once,
so only one basis can be applied. If it’s measured in the correct basis the
value measured will be correct. If it’s measured in the wrong basis, the
value will be random. Alice retains, from its database, only those entries
received by Bob in the correct basis and sends this revised list back to Bob
over the classical channel. Bob retains only those entries on this revised
list. Alice and Bob now have a list of sifted keys. These lists are of the same
length but may have some errors between them. This is the quantum bit
error rate and it is an indication of eavesdropping. The third stage is
reconciliation to correct these errors. Cascade [9, 10] and its variants are
the predominant reconciliation algorithm that exchange parity and error
284
TELEPHONY
correcting codes to reconcile errors without exposing the key values. This
process requires a number of communications between Bob and Alice,
over the classical channel, and results in a list smaller than the sifted list.
The fourth stage is privacy amplification, which computes a new (smaller)
set of bits from the reconciled set of bits using a hashing algorithm and
requires no communication between Alice and Bob. Since the reconciled
set of bits were random, the resulting privacy amplified set will also be
random. Unless the eavesdropper knows all or most of the original bits,
she will not be able to compute the new set. The benefits of QKD are that
it can generate and distribute provably secure keys over unsecured
channels and that potential eavesdropping can be detected. QKD is not
subject to threats from quantum computers or break through algorithms
that can defeat the current computationally complex key exchange
methods. Because QKD generates random strings for shared secrets,
attaining a QKD system and reverse engineering its theory of operation
would yield no mechanism to defeat QKD. QKD can use existing optical
media infrastructure for both quantum state.
A new quantum data classification protocol brings us nearer to a future

'quantum internet'
The algorithm represents a first step in the automated learning of

quantum information networks in Universitat Autonoma de Barcelona
285
IMAGE: Schedule of the quantum data classification protocol
Credit: UAB
Quantum-based communication and computation technologies promise

unprecedented applications, such as unconditionally secure
communications, ultra-precise sensors, and quantum computers capable
of solving specific problems with a level of efficiency impossible to reach
by classical computers. In recent times, quantum computers are also
envisioned as nodes in a network of quantum devices, where connections
are established via quantum channels and data are quantum systems that
flow through the network, thus setting the bases for a future "quantum
internet".
With the design of these quantum information networks come new

theoretical challenges, given that it is necessary to establish optimised
automated information treatment protocols to work with quantum data,
in the same way as current communcation networks automatically
manage information.
UAB researchers have had to deal with one of these challenges for the first
time: the problem with sorting data from a quantum systems network
according to the state in which they were prepared. The researchers have
devised an optimal procedure that can identify clusters of identically
prepared quantum systems.
The protocol developed by researchers at the UAB shows a natural

connection to an archetypical use case of classical machine learning:
clustering data samples according to whether they share a common
underlying probability distribution. The problem is similar to how a
classical computer discerns the origin of different sounds captured
simultaneously by a microphone placed on the street. The computer can
recognise patterns and discern a conversation, traffic, and a street
musician. However, unlike soundwaves, identifying patterns in quantum
data is much more challenging, since a mere observation only provides
partial information and irretrievably degrades the data in the process.
286
TELEPHONY
Physicists at the UAB were also able to compare the performances of
classical and quantum protocols. According to the researchers, the new
protocol by far outperforms classical strategies, particularly for large
dimensional data.
This proposal represents a new step towards quantum information

networks, since it sets a solid theoretical framework on what is physically
possible in the field of automated classification and distribution of
quantum information. The research was published today in the journal
Physical Review X and is signed by researchers from the Quantum
Phenomena and Information Unit at the UAB Department of Physics Gael
Sentís, Àlex Monràs, Ramon Muñoz-Tàpia, Jon Calsamiglia and Emilio
Bagan.
 Trump's budget treats quantum and AI as engines of the future
 It would be a major infusion of public funds into tech usually left

to the private sector.
 The Trump administration's proposal to double government

spending on artificial intelligence and boost quantum computing
research by the year 2022 signals the administration's desire to
keep the U.S. competitive with China, as well as the realization
that these technologies will play keys roles in the country's future
defense and economy.
 Indian government infused to study quantum technology Rs 8000

crore ($1.12 Billion ) Quantum environment forscience and
technology (QuEST) by Department of Science and
Technology,Government of India.
 If the proposal were to pass — it would represent a major

government-funded cash infusion into technologies that have
been traditionally developed in the private sector in the U.S., even
as it would cut spending on other basic research. Economic rival
China, meanwhile, has put tons of state funding into developing
AI, leading to worries that the U.S. would inevitably lag behind in
the AI arms race. Even if this budget doesn't pass, there's
bipartisan state for increased investment in these technologies,
287
and experts suggest the proposal shows how far AI and quantum
have come.
 Get what matters in tech, in your inbox every morning. Sign up for
Source Code.
 "I think it reflects a groundswell of interest, and the reason there's

a groundswell is because there's good progress," said Dario Gil,
director of IBM Research, who sits on President Trump's Council of
Advisors on Science and Technology.
 Trump's budget includes $210 million for the National Science

Foundation (NSF) to invest in quantum information science (QIS),
as well as $237 million for the Department of Energy's Office of
Science to spend on QIS, and $25 million "to support early stage
research for a quantum internet." In total, that's $175 million
more for quantum than last year's budget, according to a handout
provided by the White House Office of Science and Technology
Policy. It also suggests myriad projects for AI research, including
$100 million for the Department of Agriculture to test out
advanced agricultural systems, and a $850 million budget for the
NSF to invest in AI research.
 Gil argues that the budget proposal smartly anticipates the role
both AI and quantum will soon play across industries — from the
pharmaceutical industry to the automotive industry.
 White House CTO Michael Kratsios echoed that idea on a call with
reporters, saying, "This administration has made the industries of
the future a top priority." But it's not just about progress at home;
it's about staying competitive. The budget proposal for next year
"ensures America maintains its leadership in AI and quantum
information science," Kratsios added.
 Kratsios was referring to China, which has set up AI centre in

major cities, and spent billions on researching various quantum
technologies, from securing its communications networks to full-
blown quantum computers.
288
TELEPHONY
 "I think I would say China's probably three to five years behind us
right now in terms of quantum computing," Paul Smith-Goodson,
the analyst-in-residence on quantum computing at Moor Insights
& Strategy, told Protocol. "China's catching up with us rapidly, and
they've had a large investment in quantum technologies."
 The proposed $25 million to develop a "quantum internet" is one

of the most intriguing ideas. The Department of Energy envisions a
quantum internet to be a completely secure, entangled connected
web for its national labs and private partners. Under Secretary for
Science at the Department of Energy Paul Dabbar said that the EU
and China have both started research in this field.
 "If we don't, others will do it," Dabbar said on the call.
 The budget would be a resetting of the scales of investment in

core technologies in the U.S. Gil said that over the last 20 years,
there has been "significant growth" in investments in research
from industry, especially when compared with the 50 years prior
to that, where he said that "the lion's share" of investment came
from the government.
 "People have different lenses: Some are doing it for economic

reasons, some are doing it because they've seen the signs on the
R&D advancing; some are doing it for security reasons and
competitive reasons," Gil said. "But what is common is that no one
is questioning that these are foundational areas in science and
technology and that the United States needs to be the global
leader in them."
 Private investment in quantum computing companies and

research has skyrocketed in recent years, as research has moved
from the theoretical to the practical. In October, researchers from
Google announced that they had achieved "quantum supremacy":
using a quantum computer to solve a problem that a traditional
computer could not. Others in the research community, including
IBM, questioned whether the conditions for supremacy had been
met by Google's work. Google, IBM, Honeywell, Microsoft,
Alibaba, as well as startups like Rigetti, D-Wave, 1QBit and
289
Strangeworks are all vying to commercialize technology that was,

until very recently, relegated to basement research lab. (Those
startups have raised over $325 million combined to date,
according to data compiled by PitchBook.)
 The new budget would likely spur research into new applications
of quantum computing, such as using quantum computers to
design new lithium chemistry for electric-car batteries; figuring
out how to pull nitrogen from the air for fertilizers; and new
molecular structures for stronger materials.
 "If you look at pharma as an example, where the cost of discovery

has been going up over time, that's been a challenge as it takes
you longer to bring a drug to market," Gil said. "If we have this
revolution in computing, we can compress those cycles."
 Gil and others Protocol spoke with suggested that much of this
research is five to 10 years away from reaching maturity. But that
doesn't mean companies need to wait until then to invest. "Value
creation is already happening," Gil said.
 IBM has dozens of partners working on its quantum platform

today, including JP Morgan Chase, which is interested in
calculating as quickly as possible, Gil said. He compared it to the
processors being used in AI research today: "We started working
with FPGAs and GPUs in the late 2000s, but we didn't deploy
those accelerators in production until 2015 or '16, so we
absolutely get the fact that we can have a novel computing
architecture that we engage in value creation right now, but
deployment may happen in three or five years from now."
 Tony Uttley, president of Honeywell Quantum Solutions, told

Protocol that an era where problems will be solved on quantum
computers far quicker than classical computers is "coming in short
order."
 But to routinely solve real problems with quantum machines, the

foundational hardware that controls the generally unstable qubits
needs to be refined, so investments in research are key. Uttley
290
TELEPHONY
posited that the budget proposal is "continuing to push the
capabilities that would need to exist in some of those
foundational underlying capabilities and technologies.
 "I think it's a great next step, I look at this as a continued interest
in emerging technologies of the future," Uttley said.
 All of this novel research will likely require a greater workforce

with competencies in AI and quantum technologies. Trump's
budget proposal also included $50 million for funding in training at
community colleges and historically black colleges and universities
around AI, Kratsios said.
 Uttley agreed that government support for a workforce that's

literate in AI and quantum technologies will be needed sooner
rather than later. "In particular, quantum needs to have
government involvement, not just on a foundational level, making
sure that we have a quantum-educated workforce, but also
supportive as a customer," he said.
291
292
TELEPHONY
17 AI AND QUANTUM COMPUTING

1. Introduction
Quantum theory is without any doubt one of the greatest scientific
achievements of the 20th century. It provides a uniform framework for
the construction of various modern physical theories. After more than 50
years from its inception,quantum theory married with computer science,
another great intellectual triumph of the 20th century and the new
subjectof quantum computation was born.
Quantum computers were first envisaged by Nobel Laureate physicist

Richard P Feynman in 1982. He conceived that no classical computer could
simulate certain quantum phenomena without an exponential slowdown,
and so realized that quantum mechanical effects should offer something
genuinely new to computation. In 1985, Feynman’s ideas were elaborated
and formalized by David Deutsch in a seminal paper where a quantum
Turing machine was described. In particular, Deutsch introduced the
technique of quantum parallelism based on the superposition principle in
quantum mechanics by which a quantum Turing machine can encode
many inputs on the same tape and perform a calculation on all the inputs
simultaneously.
Furthermore, he proposed that quantum computers might be able to

perform certain types of computation that classical computers can only
perform very inefficiently. One of the most striking advances was made by
293
Peter W Shor in 1994. By exploring the power of quantum parallelism, he

discovered a polynomial-time algorithm on quantum computers for prime
factorization of which the best known algorithm on classical computers is
exponential. In 1996, Satyendra Prakash Grover offered another killer
application of quantum computation, and he found a quantum algorithm
for searching a single item in an unsorted database in square root of the
time it would take on a classical computer. Since database search and
prime factorization are central problems in computer science and
cryptography, respectively, and the quantum algorithms for them are
much faster than the classical ones, Shor and Grover’s works stimulated
an intensive investigation in quantum computation. Since then, quantum
computation has been an extremely exciting and rapidly growing field of
research.
Since it revolutionized the very notion of computation, quantum

computation forces us to reexamine various branches of computer
science, and AI is not an exception. Roughly speaking, AI has two overall
goals: (1) engineering goal – to develop intelligent machines; and (2)
scientific goal – to understand intelligent behaviors of humans, animals
and machines .
AI researchers mainly employ computing techniques to achieve both the

engineering and scientific goals. Indeed, recently,McCarthy even pointed
out that “computational intelligence” is a more suitable name of the
subject of AI to highlight the key role played by computers in AI. Naturally,
the rapid development of quantum computation leads us to ask the
question: how can this new computing technique help us in achieving the
goals of AI. It seems obvious that quantum computation will largely
contribute to the engineering goal of AI by applying it in various AI
systems to speedup the computational process, but it is indeed very
difficult to design quantum algorithms for solving certain AI problems that
are more efficient than the existing classical algorithms for the same
purpose. At this moment, it is also not clear how quantum computation
can be used in achieving the scientific goal of AI, and to the best of my
knowledge there are no serious research pursuing this problem. Instead, it
is surprising that quite a large amount of literature is devoted to
applications of quantum theory in AI and vice versa, not through quantum
computation. It can be observed from the existing works that due to its
inherent probabilistic nature, quantum theory can be connected to
numerical AI in a more spontaneous way than to logical AI.
294
TELEPHONY
The aim is two-fold: (1) to give AI researchers a brief introduction and a

glimpse of the panorama of quantum computation; and
(2) to examine connections between quantum computation, quantum
theory and AI.
Qubits and quantum registers
The basic data unit in a quantum computer is a qubit, which can be

physically realized by a two-level quantum mechanical system, e.g. the
horizontal and vertical polarizations of a photon, or the up and down spins
of a single electron.
Mathematically, a qubit is represented by a unit vector in the two-
dimensional complex Hilbert space, and it can be written in the Dirac
notation as follows:
|ψ> = α0 |0> + α1 |1>, (1)

where |0> and |1> are two basis states, and α0 and α1 are complex
numbers with |α0|2 + |α1|2 = 1. The states |0> and |1> are called
computational basis states of qubits. Obviously, they correspond to the
two states 0 and 1 of classical bits.
The number α0 and α1 are called probability amplitudes of the state |ψ>.
A striking difference between classical bits and
qubits is that the latter can be in a superposition of |0> and |1> in the
form of Eq. (1). An example state of qubit is:
|−> = 1/√2 (|0> − |1>).

A quantum register is formed by putting multiple qubits together. A state
of a quantum register consisting of n qubits is described in the following
way:
|ψ>= t∈ {0, 1} n
αt |t_ = _ t1, t2, tn∈ {0,1}
αt1t2...tn|t1t2 . . . tn_, (2)
where the complex numbers αt1t2...tn are required to satisfy the
normalization condition:
_t∈ {0, 1} n
|αt |2 =t1,t2,...,tn∈{0,1}
295
|αt1t2...tn|2 = 1.
The state |ψ> in Eq. (2) is a superposition of the computational basis
states |t1t2 . . . tn_ (t1, t2, . . . , tn = 0, 1) of the quantum registers. The
numbers αt1t2...tn ’s are the probability amplitudes of |ψ>. We can also
write:
|ψ>=2n−1
t=0
αt |t_
296
ABOUT THE AUTHOR
Author
Dr.A.B.Rajib Hazarika,PhD,FRAS,AES
Assistant Professor,
Department of Mathematics,
Diphu Government College, Diphu
Assam, India-782462
[email protected] ; [email protected]
+91-9435166881 , +91-9101873618
Dr.A.B.Rajib Hazarika,PhD,FRAS,AES is a Assitant Professor ,Department

of Mathematics,Diphu Government College,Diphu,Assam,India .He did
PhD in Mathematics in space plasmas from Jai Narain Vyas
University,Jodhpur,Rajasthan in 1995 being Triple Gold medallist for Best
thesis in Mathematics, Best thesiss in Science stream, Best thesis in All of
streams from Association of Indian Universities,Delhi , during PhD was
i
Junior Research Fellowship(UGC-NET),Senior Research Fellowship (UGC-

NET) was Post-Doctoral Fellow in Plasma Physics Division ,Instititute of
Advanced study in science and technology(IASST) in 1998-99 as Research
Associate (DST), Government of India. He is teacing and in Reaseach for
last 27 years. From 2004 onwards in Diphu Govt. College. In 2010 elected
as Fellow of Royal Astronomical Society (FRAS) ,London ,Elected Foeriegn
Member of International Association of Mathematical
Physics(MIAMP),Germany,Elected Member of World Academy of
Science,Engineering and Technology (WASET) and member of
International Scientific committee of WASET,Elected Member of Outer
cirlce of Advisory committee for Mathematcs Education (ACME),Royal
Society,London (2011-2016).Elected member of Max-Planck Society
,germany,Elected Member of Physics Division,International Atomic
Energy Agency,Vienna,Member of Comphrehensive Test Ban Treaty
Organisation (CTBTO) ,Member of Focus Fusion Society,Dense Plasma
Society,Asia-Pacific Society for Physical Reasearch
(APSPR),Japan,Forchezunge Fusion Secretriate,France,Society of
Industrial Applied Mathematics, IEEE, TWAS, Assam Science
Society,Assam Academy of Mathematics,Plasma Science Society of India
(PSSI),International Biographical Centre,UK and so on.Dr.Hazarika’s
name is included in ecnylopedia of Worlcat , Marqui’s who’s who in the
world.He has won lot of awards Leading Scientist of the world 2010,Top
100 scientist 2012,Glory of India with medal ,Best Citizen of India 2013
Best Educanistaward, Life time award for Education 2015,Rastriya gaurav
award with gold medal and so on. He has written 16 books so far best
being Internet Protocol version 12 (IPv12) ,Invention of Dr.A.B.Rajib
Hazarika’s devices,VASIMR-DANISHA: A hall thruster space
oddsey,Strategic and thermonuclear devices,Fractional derivatives
simulation, Cybernetics and cryptography , Astronomy with home
computer,Fuzzy differential inclusion (FDI) simulation code,,AzadBinRajib
(ABR) Quantum gate for quantum computing and quantum information
etc .He has supervised two students for MPhil degree. His invention are
described in the on Double Tokomak Collider(DTC) , Magnetic
confinement Tokomak Collider (MCTC), Duo triad Tokomak Collider
(DTTC) ,VASIMR –DANISHA Hall thruster,Fuzzy Differential Inclusion(FDI)
Simulation code , ABR Quantum gate for quantum computing, 12 cavity
toroidal Klystron, Quantum dots based internet protocol for mobile
telephony with 103 Gbps (Giga bits per seconds)
ii
THANK YOU

Drabrh Quantum Dots Long Term Evolution Internet Protocol For Mobile Telephony by DR A B Rajib Hazarika PHD FRAS AES

Uploaded by

Copyright:

Available Formats

Drabrh Quantum Dots Long Term Evolution Internet Protocol For Mobile Telephony by DR A B Rajib Hazarika PHD FRAS AES

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Drabrh Quantum Dots Long Term Evolution Internet Protocol For Mobile Telephony by DR A B Rajib Hazarika PHD FRAS AES

Uploaded by

Copyright:

Available Formats

QUANTUM DOTS

All rights reserved.

MY SISTER AND BROTHER IN LAW

About the Author i

1 INTRODUCTION TO QUANTUM CRYPTOGRAPHY 4

2 Types of Quantum Cryptography 19

3 Quantum Cryptography Dmystified 28

6 Code Breaker or Hacker and Payment System 44

8 Cryptography in Quantum Age 51

9 Internet of Things Security 60

10 Post Quantum Cryptography 75

11 Quantum Communication Protocol 107

12 Quantum Information an Measurement Technology 175

13 Quantum Secure direct communication security analysis189

14 Quantum Phone 224

15 Quantum Dots Internet Protocol 232

16 Road Map to Quantum Internet Protocol 252

17 AI and Quantum Computing 296

Diphu Government College, Diphu

Dr.A.B.Rajib Hazarika,PhD,FRAS,AES is a Assitant Professor ,Department

Advanced study in science and technology(IASST) in 1998-99 as Research

Abstract of Book as conceived by Dr.A.B.Rajib Hazarika,PhD,FRAS,AES

As Quantum dots are made of ZnS are trending in displays as TV panels

Earlier Internet protocol version 12 (IPv12) was studied by Hazarika

 The aspect is to study the Quantum dots use in microwave

The Quantum Reflex klystron equations are given as

The electronic admittance is ratio of driving current to alternating

Phase bunching model

φ=fast time scale length angle

f ( r )=e−(2 r / μ) =RF factor

Quantum dots Microwave propagation Swap

S L=¿ ( ¿ Laser )=e ¿¿ ¿

S R=¿ ( ¿ Laser ) =e¿ ¿ ¿

Intensity of quantum microwave

Where a=amplitude of signals of quantum microwave

A Billion Dollar deal for 103 Gbps Quantum internet speed

Indian government have invested in QuEST( Quantum Enviornment

[1] Dr.A.B.Rajib Hazarika : (2015),Internet protocol version 12

[2]Sofia Anna Menesidou ,VasiliosKatos and GeorgiosKambourakis:Future

[3] A. T. Zamani and S. Zubair: International Journal of advanced studies in

[4] Mark M Wilde: arXiv:1106.1445v7(2016) ,Quantum information

Now Everything involved in the theory is discussed in detail

What is Quantum cryptography?

Quantum cryptography is the latest trending topic nowadays. Sometimes

Cryptography is the process of encrypting data, or converting plain text

All these principles play a role in how quantum cryptography works.

Another definition of Quantum cryptography

Quantum cryptography is NOT a new algorithm to encrypt and decrypt

Quantum Cryptography, Explained

Quantum cryptography though sounds fairly complex – probably because

1.History of Quantum cryptography

Quantum cryptography goes back by the work of Stephen Wiesner and

Random rotations of the polarization by both parties have been proposed

The BB84 method is at the basis of quantum key distribution methods.

Considering the trust you place in banks and commercial enterprises to

Despite all benefits and advantages of cyberspace, it is regarded as the

Due to the characteristics of the quantum computer, many existing public

and discovering all kinds of network security threats and taking

As stated previously, exploring quantum cryptographic protocols will be