< draft-irtf-qirg-quantum-internet-use-cases-10.txt   draft-irtf-qirg-quantum-internet-use-cases-11.txt >
QIRG C. Wang QIRG C. Wang
Internet-Draft A. Rahman Internet-Draft A. Rahman
Intended status: Informational InterDigital Communications, LLC Intended status: Informational InterDigital Communications, LLC
Expires: 7 September 2022 R. Li Expires: 20 October 2022 R. Li
Kanazawa University Kanazawa University
M. Aelmans M. Aelmans
Juniper Networks Juniper Networks
K. Chakraborty K. Chakraborty
The University of Edinburgh The University of Edinburgh
6 March 2022 18 April 2022
Application Scenarios for the Quantum Internet Application Scenarios for the Quantum Internet
draft-irtf-qirg-quantum-internet-use-cases-10 draft-irtf-qirg-quantum-internet-use-cases-11
Abstract Abstract
The Quantum Internet has the potential to improve application The Quantum Internet has the potential to improve application
functionality by incorporating quantum information technology into functionality by incorporating quantum information technology into
the infrastructure of the overall Internet. This document provides the infrastructure of the overall Internet. This document provides
an overview of some applications expected to be used on the Quantum an overview of some applications expected to be used on the Quantum
Internet, and then categorizes them using various classification Internet and categorizes them. Some general requirements for the
schemes. Some general requirements for the Quantum Internet are also Quantum Internet are also discussed. The intent of this document is
discussed. The intent of this document is to describe a framework to describe a framework for applications, and describe a few selected
for applications, and describe a few selected application scenarios application scenarios for the Quantum Internet. This document is a
for the Quantum Internet. This document is a product of the Quantum product of the Quantum Internet Research Group (QIRG).
Internet Research Group (QIRG).
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on 7 September 2022. This Internet-Draft will expire on 20 October 2022.
Copyright Notice Copyright Notice
Copyright (c) 2022 IETF Trust and the persons identified as the Copyright (c) 2022 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
skipping to change at page 2, line 26 skipping to change at page 2, line 21
described in Section 4.e of the Trust Legal Provisions and are described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License. provided without warranty as described in the Revised BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terms and Acronyms List . . . . . . . . . . . . . . . . . . . 3 2. Terms and Acronyms List . . . . . . . . . . . . . . . . . . . 3
3. Quantum Internet Applications . . . . . . . . . . . . . . . . 6 3. Quantum Internet Applications . . . . . . . . . . . . . . . . 6
3.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 6 3.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 6
3.2. Classification by Application Usage . . . . . . . . . . . 6 3.2. Classification by Application Usage . . . . . . . . . . . 6
3.2.1. Quantum Cryptography Applications . . . . . . . . . . 6 3.2.1. Quantum Cryptography Applications . . . . . . . . . . 7
3.2.2. Quantum Sensing/Metrology Applications . . . . . . . 7 3.2.2. Quantum Sensing/Metrology Applications . . . . . . . 7
3.2.3. Quantum Computing Applications . . . . . . . . . . . 8 3.2.3. Quantum Computing Applications . . . . . . . . . . . 8
3.3. Control vs Data Plane Classification . . . . . . . . . . 9 4. Selected Quantum Internet Application Scenarios . . . . . . . 9
4. Selected Quantum Internet Application Scenarios . . . . . . . 11 4.1. Secure Communication Setup . . . . . . . . . . . . . . . 9
4.1. Secure Communication Setup . . . . . . . . . . . . . . . 11 4.2. Secure Quantum Computing with Privacy Preservation . . . 13
4.2. Secure Quantum Computing with Privacy Preservation . . . 15 4.3. Distributed Quantum Computing . . . . . . . . . . . . . . 16
4.3. Distributed Quantum Computing . . . . . . . . . . . . . . 18 5. General Requirements . . . . . . . . . . . . . . . . . . . . 19
5. General Requirements . . . . . . . . . . . . . . . . . . . . 21 5.1. Background . . . . . . . . . . . . . . . . . . . . . . . 19
5.1. Background . . . . . . . . . . . . . . . . . . . . . . . 21 5.2. Requirements . . . . . . . . . . . . . . . . . . . . . . 21
5.2. Requirements . . . . . . . . . . . . . . . . . . . . . . 23 6. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . 22
6. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . 24 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 22
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 24 8. Security Considerations . . . . . . . . . . . . . . . . . . . 23
8. Security Considerations . . . . . . . . . . . . . . . . . . . 25 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 25
9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 27 10. Informative References . . . . . . . . . . . . . . . . . . . 25
10. Informative References . . . . . . . . . . . . . . . . . . . 27 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 32
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 34
1. Introduction 1. Introduction
The Classical Internet has been constantly growing since it first The Classical Internet has been constantly growing since it first
became commercially popular in the early 1990's. It essentially became commercially popular in the early 1990's. It essentially
consists of a large number of end-nodes (e.g., laptops, smart phones, consists of a large number of end-nodes (e.g., laptops, smart phones,
network servers) connected by routers and clustered in Autonomous network servers) connected by routers and clustered in Autonomous
Systems. The end-nodes may run applications that provide service for Systems. The end-nodes may run applications that provide service for
the end-users such as processing and transmission of voice, video or the end-users such as processing and transmission of voice, video or
data. The connections between the various nodes in the Internet data. The connections between the various nodes in the Internet
skipping to change at page 3, line 15 skipping to change at page 3, line 12
WiFi, cellular wireless, Digital Subscriber Lines (DSLs)). Bits are WiFi, cellular wireless, Digital Subscriber Lines (DSLs)). Bits are
transmitted across the Classical Internet in packets. transmitted across the Classical Internet in packets.
Research and experiments have picked up over the last few years for Research and experiments have picked up over the last few years for
developing the Quantum Internet [Wehner]. End-nodes will also be developing the Quantum Internet [Wehner]. End-nodes will also be
part of the Quantum Internet, in that case called quantum end-nodes part of the Quantum Internet, in that case called quantum end-nodes
that may be connected by quantum repeaters/routers. These quantum that may be connected by quantum repeaters/routers. These quantum
end-nodes will also run value-added applications which will be end-nodes will also run value-added applications which will be
discussed later. discussed later.
The connections between the various nodes in the Quantum Internet are The physical layer quantum channels between the various nodes in the
expected to be primarily fiber optics and free-space optical lasers. Quantum Internet can be either waveguides such as optical fibers or
Photonic connections are particularly useful because light (photons) free space. Photonic channels are particularly useful because light
is very suitable for physically realizing qubits. Qubits are (photons) is very suitable for physically realizing qubits. Qubits
expected to be transmitted across the Quantum Internet. The Quantum are expected to be transferred across the Quantum Internet. The
Internet will operate according to quantum physical principles such Quantum Internet will operate according to quantum physical
as quantum superposition and entanglement [I-D.irtf-qirg-principles]. principles such as quantum superposition and entanglement
[I-D.irtf-qirg-principles].
The Quantum Internet is not anticipated to replace, but rather to The Quantum Internet is not anticipated to replace, but rather to
enhance the Classical Internet. For instance, quantum key enhance the Classical Internet and/or provide breakthrough
distribution can improve the security of the Classical Internet; the applications. For instance, quantum key distribution can improve the
powerful computation capability of quantum computing can expedite and security of the Classical Internet; the powerful computation
optimize computation-intensive tasks (e.g., routing modelling) in the capability of quantum computing can expedite and optimize
computation-intensive tasks (e.g., routing modelling) in the
Classical Internet. The Quantum Internet will run in conjunction Classical Internet. The Quantum Internet will run in conjunction
with the Classical Internet to form a new Hybrid Internet. The with the Classical Internet. The process of integrating the Quantum
process of integrating the Quantum Internet with the Classical Internet with the Classical Internet is similar to, but with more
Internet is similar to, but with more profound implications, as the profound implications, as the process of introducing any new
process of introducing any new communication and networking paradigm communication and networking paradigm into the existing Internet.
into the existing Internet. The intent of this document is to The intent of this document is to provide a common understanding and
provide a common understanding and framework of applications and framework of applications and application scenarios for the Quantum
application scenarios for the Quantum Internet. Internet.
This document represents the consensus of the Quantum Internet This document represents the consensus of the Quantum Internet
Research Group (QIRG). It has been reviewed extensively by Research Research Group (QIRG). It has been reviewed extensively by Research
Group (RG) members with expertise in both quantum physics and Group (RG) members with expertise in both quantum physics and
Classical Internet operation. Classical Internet operation.
2. Terms and Acronyms List 2. Terms and Acronyms List
This document assumes that the reader is familiar with the quantum This document assumes that the reader is familiar with the quantum
information technology related terms and concepts that are described information technology related terms and concepts that are described
in [I-D.irtf-qirg-principles]. In addition, the following terms and in [I-D.irtf-qirg-principles]. In addition, the following terms and
acronyms are defined herein for clarity: acronyms are defined herein for clarity:
* Bell-Pairs - A special type of two-qubits quantum states. The two * Bell Pairs - A special type of two-qubits quantum states. The two
qubits show a correlation that cannot be observed in classical qubits show a correlation that cannot be observed in classical
information theory. We refer to such correlation as quantum information theory. We refer to such correlation as quantum
entanglement. Bell-pairs exhibit the maximal quantum entanglement. Bell pairs exhibit the maximal quantum
entanglement. One example of a Bell-pair is entanglement. One example of a Bell pair is
(|00>+|11>)/(Sqrt(2)). The Bell-pairs are a fundamental resource (|00>+|11>)/(Sqrt(2)). The Bell pairs are a fundamental resource
for quantum communication. for quantum communication.
* Bit - Binary Digit (i.e., fundamental unit of information in * Bit - Binary Digit (i.e., fundamental unit of information in
classical communications and classical computing). classical communications and classical computing).
* Classical Internet - The existing, deployed Internet (circa 2020) * Classical Internet - The existing, deployed Internet (circa 2020)
where bits are transmitted in packets between nodes to convey where bits are transmitted in packets between nodes to convey
information. The Classical Internet supports applications which information. The Classical Internet supports applications which
may be enhanced by the Quantum Internet. For example, the end-to- may be enhanced by the Quantum Internet. For example, the end-to-
end security of a Classical Internet application may be improved end security of a Classical Internet application may be improved
by secure communication setup using a quantum application. by secure communication setup using a quantum application.
* Entanglement Swapping: It is a process of sharing an entanglement * Entanglement Swapping: It is a process of sharing an entanglement
between two distant parties via some intermediate nodes. For between two distant parties via some intermediate nodes. For
example, suppose there are three parties A, B, C, and each of the example, suppose there are three parties A, B, C, and each of the
parties (A, B) and (B, C) share Bell-pairs. B can use the qubits parties (A, B) and (B, C) share Bell pairs. B can use the qubits
it shares with A and C to perform entanglement swapping it shares with A and C to perform entanglement swapping
operations, and as a result, A and C share Bell-pairs. operations, and as a result, A and C share Bell pairs.
* Fast Byzantine Negotiation - A Quantum-based method for fast * Fast Byzantine Negotiation - A Quantum-based method for fast
agreement in Byzantine negotiations [Ben-Or] [Taherkhani]. agreement in Byzantine negotiations [Ben-Or] [Taherkhani].
* Hybrid Internet - The "new" or evolved Internet to be formed due
to a merger of the Classical Internet and the Quantum Internet.
* Local Operations and Classical Communication (LOCC) - A method * Local Operations and Classical Communication (LOCC) - A method
where nodes communicate in rounds, in which (1) they can send any where nodes communicate in rounds, in which (1) they can send any
classical information to each other; (2) they can perform local classical information to each other; (2) they can perform local
quantum operations individually; and (3) the actions performed in quantum operations individually; and (3) the actions performed in
each round can depend on the results from previous rounds. each round can depend on the results from previous rounds.
* Noisy Intermediate-Scale Quantum (NISQ) - NISQ was defined in * Noisy Intermediate-Scale Quantum (NISQ) - NISQ was defined in
[Preskill] to represent a near-term era in quantum technology. [Preskill] to represent a near-term era in quantum technology.
According to this definition, NISQ computers have two salient According to this definition, NISQ computers have two salient
features: (1) The size of NISQ computers range from 50 to a few features: (1) The size of NISQ computers range from 50 to a few
hundred physical qubits (i.e., intermediate-scale); and (2) Qubits hundred physical qubits (i.e., intermediate-scale); and (2) Qubits
in NISQ computers have inherent errors and the control over them in NISQ computers have inherent errors and the control over them
is imperfect (i.e., noisy). is imperfect (i.e., noisy).
* Packet - Formatted unit of multiple related bits. The bits * Packet - A self-identified message with in-band addresses or other
contained in a packet may be classical bits, or the measured state information that can be used for forwarding the message. The
of qubits expressed in classical bits. message contains an ordered set of bits of determinate number.
The bits contained in a packet are classical bits.
* Prepare-and-Measure - A set of Quantum Internet scenarios where * Prepare-and-Measure - A set of Quantum Internet scenarios where
quantum nodes only support simple quantum functionalities (i.e., quantum nodes only support simple quantum functionalities (i.e.,
prepare qubits and measure qubits). For example, BB84 [BB84] is a prepare qubits and measure qubits). For example, BB84 [BB84] is a
prepare-and-measure quantum key distribution protocol. prepare-and-measure quantum key distribution protocol.
* Quantum Computer (QC) - A quantum end-node that also has quantum * Quantum Computer (QC) - A quantum end-node that also has quantum
memory and quantum computing capabilities is regarded as a full- memory and quantum computing capabilities is regarded as a full-
fledged quantum computer. fledged quantum computer.
* Quantum End-node - An end-node hosts user applications and * Quantum End-node - An end-node hosts user applications and
interfaces with the rest of the Internet. Typically, an end-node interfaces with the rest of the Internet. Typically, an end-node
may serve in a client, server, or peer-to-peer role as part of the may serve in a client, server, or peer-to-peer role as part of the
application. If the end-node is part of a Quantum Network (i.e, application. If the end-node is part of a Quantum Network (i.e,
is a quantum end-node), it must be able to generate/transmit and is a quantum end-node), it must be able to generate/transfer and
receive/process qubits. A quantum end-node must also be able to receive/process qubits. A quantum end-node must also be able to
interface to the Classical Internet for control purposes and thus interface to the Classical Internet for control purposes and thus
also be able to receive, process, and transmit classical bits/ also be able to receive, process, and transmit classical bits/
packets. packets.
* Quantum Internet - A network of Quantum Networks. The Quantum * Quantum Internet - A network of Quantum Networks. The Quantum
Internet is expected to be merged into the Classical Internet to Internet is expected to be merged into the Classical Internet.
form a new Hybrid Internet. The Quantum Internet may either The Quantum Internet may either improve classical applications or
improve classical applications or may enable new quantum may enable new quantum applications.
applications.
* Quantum Key Distribution (QKD) - A method that leverages quantum * Quantum Key Distribution (QKD) - A method that leverages quantum
mechanics such as no-cloning theorem to let two parties (e.g., a mechanics such as no-cloning theorem to let two parties create the
sender and a receiver) securely establish/agree on a key. same arbitrary classical key.
* Quantum Network - A new type of network enabled by quantum * Quantum Network - A new type of network enabled by quantum
information technology where qubits are transmitted between nodes information technology where quantum resources such as qubits and
to convey information. (Note: qubits must be sent individually entanglement are transferred and utilized between quantum nodes.
and not in packets). The Quantum Network will use both quantum The Quantum Network will use both quantum channels, and classical
channels, and classical channels provided by the Classical channels provided by the Classical Internet, referred to as a
Internet. hybrid implementation.
* Quantum Teleportation - A technique for transferring quantum * Quantum Teleportation - A technique for transferring quantum
information via local operations and classical communication information via local operations and classical communication
(LOCC). If two parties share a Bell-pair, then using quantum (LOCC). If two parties share a Bell pair, then using quantum
teleportation a sender can transfer a quantum data bit to a teleportation a sender can transfer a quantum data bit to a
receiver without sending it physically via a quantum communication receiver without sending it physically via a quantum channel.
channel.
* Qubit - Quantum Bit (i.e., fundamental unit of information in * Qubit - Quantum Bit (i.e., fundamental unit of information in
quantum communication and quantum computing). It is similar to a quantum communication and quantum computing). It is similar to a
classic bit in that the state of a qubit is either "0" or "1" classic bit in that the state of a qubit is either "0" or "1"
after it is measured, and is denoted as its basis state vector |0> after it is measured, and is denoted as its basis state vector |0>
or |1>. However, the qubit is different than a classic bit in or |1>. However, the qubit is different than a classic bit in
that the qubit can be in a linear combination of both states that the qubit can be in a linear combination of both states
before it is measured and termed to be in superposition. The before it is measured and termed to be in superposition. Any of
Degrees of Freedom (DOF) of a photon (e.g., polarization) or an several Degrees of Freedom (DOF) of a photon (e.g., polarization,
electron (e.g., spin) can be used to encode a qubit. time bib, and/or frequency) or an electron (e.g., spin) can be
used to encode a qubit.
* Transmit a Qubit - An operation of encoding a qubit into a mobile
carrier (i.e., typically photon) and passing it through a quantum
channel from a sender (a transmitter) to a receiver.
* Teleport a Qubit - An operation on two or more carriers in
succession to move a qubit from a sender to a receiver using
quantum teleportation.
* Transfer a Qubit - An operation to move a qubit from a sender to a
receiver without specifying the means of moving the qubit, which
could be "transmit" or "teleport".
3. Quantum Internet Applications 3. Quantum Internet Applications
3.1. Overview 3.1. Overview
The Quantum Internet is expected to be beneficial for a subset of The Quantum Internet is expected to be beneficial for a subset of
existing and new applications. The expected applications for the existing and new applications. The expected applications for the
Quantum Internet are still being developed as we are in the formative Quantum Internet are still being developed as we are in the formative
stages of the Quantum Internet [Castelvecchi] [Wehner]. However, an stages of the Quantum Internet [Castelvecchi] [Wehner]. However, an
initial (and non-exhaustive) list of the applications to be supported initial (and non-exhaustive) list of the applications to be supported
skipping to change at page 6, line 29 skipping to change at page 6, line 40
different schemes. Note, this document does not include quantum different schemes. Note, this document does not include quantum
computing applications that are purely local to a given node (e.g., computing applications that are purely local to a given node (e.g.,
quantum random number generator). quantum random number generator).
3.2. Classification by Application Usage 3.2. Classification by Application Usage
Applications may be grouped by the usage that they serve. Applications may be grouped by the usage that they serve.
Specifically, applications may be grouped according to the following Specifically, applications may be grouped according to the following
categories: categories:
* Quantum cryptography applications - Refers to the use of quantum * Quantum cryptography applications - Refer to the use of quantum
information technology for cryptographic tasks such as quantum key information technology for cryptographic tasks such as quantum key
distribution and quantum commitment. distribution and quantum commitment.
* Quantum sensors applications - Refers to the use of quantum * Quantum sensors applications - Refer to the use of quantum
information technology for supporting distributed sensors (e.g., information technology for supporting distributed sensors (e.g.,
clock synchronization [Jozsa2000]). clock synchronization [Jozsa2000] [Komar] [Guo] ).
* Quantum computing applications - Refers to the use of quantum * Quantum computing applications - Refer to the use of quantum
information technology for supporting remote quantum computing information technology for supporting remote quantum computing
facilities (e.g., distributed quantum computing). facilities (e.g., distributed quantum computing).
This scheme can be easily understood by both a technical and non- This scheme can be easily understood by both a technical and non-
technical audience. The next sections describe the scheme in more technical audience. The next sections describe the scheme in more
detail. detail.
3.2.1. Quantum Cryptography Applications 3.2.1. Quantum Cryptography Applications
Examples of quantum cryptography applications include quantum-based Examples of quantum cryptography applications include quantum-based
skipping to change at page 7, line 28 skipping to change at page 7, line 37
methods for fast agreement in Byzantine negotiations can be used methods for fast agreement in Byzantine negotiations can be used
for improving consensus protocols such as practical Byzantine for improving consensus protocols such as practical Byzantine
Fault Tolerance(pBFT), as well as other distributed computing Fault Tolerance(pBFT), as well as other distributed computing
features which use Byzantine negotiations. features which use Byzantine negotiations.
3. Quantum money - The main security requirement of money is 3. Quantum money - The main security requirement of money is
unforgeability. A quantum money scheme aims to fulfill by unforgeability. A quantum money scheme aims to fulfill by
exploiting the no-cloning property of the unknown quantum states. exploiting the no-cloning property of the unknown quantum states.
Though the original idea of quantum money dates back to 1970, Though the original idea of quantum money dates back to 1970,
these early protocols allow only the issuing bank to verify a these early protocols allow only the issuing bank to verify a
quantum banknote. However, the recent protocols that are called quantum banknote. However, the recent protocols such as public-
public-key quantum money [Zhandry] allow anyone to verify the key quantum money [Zhandry] allow anyone to verify the banknotes
banknotes locally. locally.
3.2.2. Quantum Sensing/Metrology Applications 3.2.2. Quantum Sensing/Metrology Applications
The entanglement, superposition, interference, squeezing properties The entanglement, superposition, interference, squeezing properties
can enhance the sensitivity of the quantum sensors and eventually can can enhance the sensitivity of the quantum sensors and eventually can
outperform the classical strategies. Examples of quantum sensor outperform the classical strategies. Examples of quantum sensor
applications include network clock synchronization, high sensitivity applications include network clock synchronization, high sensitivity
sensing, quantum imaging, etc. These applications mainly leverage a sensing, etc. These applications mainly leverage a network of
network of entangled quantum sensors (i.e. quantum sensor networks) entangled quantum sensors (i.e. quantum sensor networks) for high-
for high-precision multi-parameter estimation [Proctor]. precision multi-parameter estimation [Proctor].
1. Network clock synchronization - Refers to a world wide set of 1. Network clock synchronization - Refers to a world wide set of
atomic clocks connected by the Quantum Internet to achieve an atomic clocks connected by the Quantum Internet to achieve an
ultra precise clock signal [Komar] with fundamental precision ultra precise clock signal [Komar] with fundamental precision
limits set by quantum theory. limits set by quantum theory.
2. High sensitivity sensing - Refers to applications that leverage 2. High sensitivity sensing - Refers to applications that leverage
quantum phenomena to achieve reliable nanoscale sensing of quantum phenomena to achieve reliable nanoscale sensing of
physical magnitudes. For example, [Guo] uses an entangled physical magnitudes. For example, [Guo] uses an entangled
quantum network for measuring the average phase shift among quantum network for measuring the average phase shift among
multiple distributed nodes. multiple distributed nodes.
3. Quantum imaging - The highly sensitive quantum sensors show great 3. Interferometric Telescopes using Quantum Information -
potential in improving the domain of magnetoencephalography.
Unlike the current classical strategies, with the help of a
network of quantum sensors, it is possible to measure the
magnetic fields generated by the flow of current through neuronal
assemblies in the brain while the subject is moving. It reveals
the dynamics of the networks of neurons inside the human brain on
a millisecond timescale. This kind of imaging capability could
improve the diagnosis and monitoring the conditions like
attention-deficit-hyperactivity disorder [Hill].
4. Interferometric Telescopes using Quantum Information -
Interferometric techniques are used to combine signals from two Interferometric techniques are used to combine signals from two
or more telescopes to obtain measurements with higher resolution or more telescopes to obtain measurements with higher resolution
than what could be obtained with either telescope individually. than what could be obtained with either telescope individually.
It can make measurements of very small astronomical objects if It can make measurements of very small astronomical objects if
the telescopes are spread out over a wide area. However, the the telescopes are spread out over a wide area. However, the
phase fluctuations and photon loss introduced by the phase fluctuations and photon loss introduced by the
communication channel between the telescopes put a limitation on communication channel between the telescopes put a limitation on
the baseline lengths of the optical interferometers. This the baseline lengths of the optical interferometers. This
limitation can easily be avoided using quantum teleportation. In limitation can be potentially avoided using quantum
general, by sharing EPR-pairs using quantum repeaters, the teleportation. In general, by sharing EPR-pairs using quantum
optical interferometers can communicate photons over long repeaters, the optical interferometers can communicate photons
distances, providing arbitrarily long baselines [Gottesman2012]. over long distances, providing arbitrarily long baselines
[Gottesman2012].
3.2.3. Quantum Computing Applications 3.2.3. Quantum Computing Applications
In this section, we include the applications for the quantum In this section, we include the applications for the quantum
computing. Note that, for the next couple of years we will have computing. Note that, for the next couple of years we will have
quantum computers as a cloud service. Sometimes, to run such quantum computers as a cloud service. Sometimes, to run such
applications in the cloud while preserving the privacy, the client applications in the cloud while preserving the privacy, a client and
and the server need to exchange qubits. Therefore, such privacy a server need to exchange qubits. Therefore, such privacy preserving
preserving quantum computing applications require a quantum internet quantum computing applications require a Quantum Internet to execute.
to execute.
Examples of quantum computing include distributed quantum computing Examples of quantum computing include distributed quantum computing
and secure quantum computing with privacy preservation, which can and secure quantum computing with privacy preservation, which can
enable new types of cloud computing. enable new types of cloud computing.
1. Distributed quantum computing - Refers to a collection of remote 1. Distributed quantum computing - Refers to a collection of remote
small capacity quantum computers (i.e., each supporting a small-capacity quantum computers (i.e., each supporting a
relatively small number of qubits) that are connected and working relatively small number of qubits) that are connected and work
together in a coordinated fashion so as to simulate a virtual together in a coordinated fashion so as to simulate a virtual
large capacity quantum computer [Wehner]. large capacity quantum computer [Wehner].
2. Secure quantum computing with privacy preservation - Refers to 2. Secure quantum computing with privacy preservation - Refers to
private, or blind, quantum computation, which provides a way for private, or blind, quantum computation, which provides a way for
a client to delegate a computation task to one or more remote a client to delegate a computation task to one or more remote
quantum computers without disclosing the source data to be quantum computers without disclosing the source data to be
computed over [Fitzsimons]. computed over [Fitzsimons].
3.3. Control vs Data Plane Classification
The majority of routers currently used in the Classical Internet
separate control plane functionality and data plane functionality
for, amongst other reasons, stability, capacity and security. In
order to classify applications for the Quantum Internet, a somewhat
similar distinction can be made. Specifically some applications can
be classified as being responsible for initiating sessions and
performing other control plane functionality (including management
functionalities too). Other applications carry application or user
data and can be classified as data plane functionality.
Some examples of what may be called control plane applications in the
Classical Internet are Domain Name Server (DNS), Session Information
Protocol (SIP), and Internet Control Message Protocol (ICMP).
Furthermore, examples of data plane applications are E-mail, web
browsing, and video streaming. Note that some applications may
require both control plane and data plane functionality. For
example, a Voice over IP (VoIP) application may use SIP to set up the
call and then transmit the VoIP user packets over the data plane to
the other party.
Similarly, nodes in the Quantum Internet applications may also use
the classification paradigm of control plane functionality versus
data plane functionality where:
* Control Plane - Network functions and processes that operate on
(1) control bits/packets or qubits (e.g., to setup up end-user
encryption); or (2) management bits/packets or qubits (e.g., to
configure nodes). For example, a quantum ping could be
implemented as a control plane application to test and verify if
there is a quantum connection between two quantum nodes. Another
example is quantum superdense coding (which is used to transmit
two classical bits by sending only one qubit). This approach does
not need classical channels. Quantum superdense coding can be
leveraged to implement a secret sharing application to share
secrets between two parties [Wang]. This secret sharing
application based on quantum superdense encoding can be classified
as control plane functionality.
* Data Plane - Network functions and processes that operate on end-
user application bits/packets or qubits (e.g., voice, video,
data). Sometimes also referred to as the user plane. For
example, a data plane application can be video conferencing, which
uses QKD-based secure communication setup (which is a control
plane function) to share a classical secret key for encrypting and
decrypting video frames.
As shown in the table in Figure 1, control and data plane
applications vary for different types of networks. For a standalone
Quantum Network (i.e., that is not integrated into the Internet),
entangled qubits are its "data" and thus entanglement distribution
can be regarded as its data plane application, while the signalling
for controlling entanglement distribution be considered as control
plane. However, looking at the Quantum Internet, QKD-based secure
communication setup, which may be based on and leverage entanglement
distribution, is in fact a control plane application, while video
conference using QKD-based secure communication setup is a data plane
application. In the future, two data planes may exist, respectively
for Quantum Internet and Classical Internet, while one control plane
can be leveraged for both Quantum Internet and Classical Internet.
+----------+-----------+----------------+----------------------+
| | | | |
| | Classical | Quantum | Hybrid |
| | Internet | Internet | Internet |
| | Examples | Examples | Examples |
+----------+-----------+----------------+----------------------+
| Control | ICMP; | Quantum ping; | QKD-based secure |
| Plane | DNS | Signalling for | communication |
| | | controlling | setup |
| | | entanglement | |
| | | distribution; | |
---------------------------------------------------------------|
| Data | Video | QKD; | Video conference |
| Plane | conference| Entanglement | using QKD-based |
| | | distribution | secure communication |
| | | | setup |
+--------------------------------------------------------------+
Figure 1: Examples of Control vs Data Plane Classification
4. Selected Quantum Internet Application Scenarios 4. Selected Quantum Internet Application Scenarios
The Quantum Internet will support a variety of applications and The Quantum Internet will support a variety of applications and
deployment configurations. This section details a few key deployment configurations. This section details a few key
application scenarios which illustrates the benefits of the Quantum application scenarios which illustrates the benefits of the Quantum
Internet. In system engineering, a application scenario is typically Internet. In system engineering, an application scenario is
made up of a set of possible sequences of interactions between nodes typically made up of a set of possible sequences of interactions
and users in a particular environment and related to a particular between nodes and users in a particular environment and related to a
goal. This will be the definition that we use in this section. particular goal. This will be the definition that we use in this
section.
4.1. Secure Communication Setup 4.1. Secure Communication Setup
In this scenario, two banks (i.e., Bank #1 and Bank #2) need to have In this scenario, two banks (i.e., Bank #1 and Bank #2) need to have
secure communications for transmitting important financial secure communications for transmitting important financial
transaction records (see Figure 2). For this purpose, they first transaction records (see Figure 1). For this purpose, they first
need to securely share a classic secret cryptographic key (i.e., a need to securely share a classic secret cryptographic key (i.e., a
sequence of classical bits), which is triggered by an end-user banker sequence of classical bits), which is triggered by an end-user banker
at Bank #1. This results in a source quantum node A at Bank #1 to at Bank #1. This results in a source quantum node A at Bank #1 to
securely establish a classical secret key with a destination quantum securely establish a classical secret key with a destination quantum
node B at Bank #2. This is referred to as a secure communication node B at Bank #2. This is referred to as a secure communication
setup. Note that the quantum node A and B may be either a bare-bone setup. Note that the quantum node A and B may be either a bare-bone
quantum end-node or a full-fledged quantum computer. This quantum end-node or a full-fledged quantum computer. This
application scenario shows that the Quantum Internet can be leveraged application scenario shows that the Quantum Internet can be leveraged
to improve the security of Classical Internet applications of which to improve the security of Classical Internet applications of which
the financial application shown in Figure 2 is an example. the financial application shown in Figure 1 is an example.
One requirement for this secure communication setup process is that One requirement for this secure communication setup process is that
it should not be vulnerable to any classical or quantum computing it should not be vulnerable to any classical or quantum computing
attack. This can be realized using QKD which has been mathematically attack. This can be realized using QKD which is unbreakable in
proven to be information-theoretically secure and unbreakable. QKD principle. QKD can securely establish a secret key between two
can securely establish a secret key between two quantum nodes, using quantum nodes, using a classical authentication channel and insecure
a classical authentication channel and insecure quantum communication quantum channel without physically transmitting the key through the
channel without physically transmitting the key through the network network and thus achieving the required security. However, care must
and thus achieving the required security. However, care must be be taken to ensure that the QKD system is safe against physical side
taken to ensure that the QKD system is safe against physical side
channel attacks which can compromise the system. An example of a channel attacks which can compromise the system. An example of a
physical side channel attack is when an attacker is able to physical side channel attack is to surreptitiously inject additional
surreptitiously inject additional light into the optical devices used light into the optical devices used in QKD to learn side information
in QKD to learn side information about the system such as the about the system such as the polarization. Other specialized
polarization. Other specialized physical attacks against QKD have physical attacks against QKD also use a classical authentication
also used a classical authentication channel and insecure quantum channel and insecure quantum channel such as the phase-remapping
communication channel such as the phase-remapping attack, photon attack, photon number splitting attack, and decoy state attack
number splitting attack, and decoy state attack [Zhao2018]. QKD can
be used for many other cryptographic communications such as IPSec and [Zhao2018]. QKD can be used for many other cryptographic
Transport Layer Security (TLS) where involved parties need to communications, such as IPSec and Transport Layer Security (TLS)
establish a shared security key, although QKD usually introduces a where involved parties need to establish a shared security key,
high latency. although it usually introduces a high latency.
QKD is the most mature feature of the quantum information technology, QKD is the most mature feature of the quantum information technology,
and has been commercially released in small-scale and short-distance and has been commercially released in small-scale and short-distance
deployments. More QKD use cases are described in ETSI documents deployments. More QKD use cases are described in ETSI documents
[ETSI-QKD-UseCases]; in addition, the ETSI document [ETSI-QKD-UseCases]; in addition, the ETSI document
[ETSI-QKD-Interfaces] specifies interfaces between QKD users and QKD [ETSI-QKD-Interfaces] specifies interfaces between QKD users and QKD
devices. devices.
In general, the prepare and measure QKD protocols (e.g., [BB84]) In general, the prepare and measure QKD protocols (e.g., [BB84])
without using entanglement works as follows: without using entanglement work as follows:
1. The source quantum node A encodes classical bits to qubits. 1. The source quantum node A encodes classical bits to qubits.
Basically, the source node A generates two random classical bit Basically, the source node A generates two random classical bit
strings X, Y. Among them, it uses the bit string X to choose the strings X, Y. Among them, it uses the bit string X to choose the
basis and uses Y to choose the state corresponding to the chosen basis and uses Y to choose the state corresponding to the chosen
basis. For example, if X=0 then in case of BB84 protocol Alice basis. For example, if X=0 then in case of BB84 protocol Alice
prepares the state in {|0>, |1>}-basis; otherwise she prepares prepares the state in {|0>, |1>}-basis; otherwise she prepares
the state in {|+>, |->}-basis. Similarly, if Y=0 then Alice the state in {|+>, |->}-basis. Similarly, if Y=0 then Alice
prepares the qubit either |0> or |+> (depending on the value of prepares the qubit either |0> or |+> (depending on the value of
X), and if Y =1, then Alice prepares the qubit either |1> or |->. X), and if Y =1, then Alice prepares the qubit either |1> or |->.
skipping to change at page 13, line 13 skipping to change at page 10, line 50
quantum basis is correct. quantum basis is correct.
6. Both nodes discard any measurement bit under different quantum 6. Both nodes discard any measurement bit under different quantum
basis and remaining bits could be used as the secret key. Before basis and remaining bits could be used as the secret key. Before
generating the final secret key, there is a post-processing generating the final secret key, there is a post-processing
procedure over authenticated classical channels. The classical procedure over authenticated classical channels. The classical
post-processing part can be subdivided into three steps, namely post-processing part can be subdivided into three steps, namely
parameter estimation, error-correction, and privacy parameter estimation, error-correction, and privacy
amplification. In the parameter estimation phase, both Alice and amplification. In the parameter estimation phase, both Alice and
Bob use some of the bits to estimate the channel error. If it is Bob use some of the bits to estimate the channel error. If it is
larger than some threshold value, then they abort the protocol larger than some threshold value, they abort the protocol
otherwise move to the error-correction phase. Basically, if an otherwise move to the error-correction phase. Basically, if an
eavesdropper tries to intercept and read qubits sent from node A eavesdropper tries to intercept and read qubits sent from node A
to node B, the eavesdropper will be detected due to the entropic to node B, the eavesdropper will be detected due to the entropic
uncertainty relation property theorem of quantum mechanics. As a uncertainty relation property theorem of quantum mechanics. As a
part of the post-processing procedure, both nodes usually also part of the post-processing procedure, both nodes usually also
perform information reconciliation [Elkouss] for efficient error perform information reconciliation [Elkouss] for efficient error
correction and/or conduct privacy amplification [Tang] for correction and/or conduct privacy amplification [Tang] for
generating the final information-theoretical secure keys. generating the final information-theoretical secure keys.
7. The post-processing procedure needs to be performed over an 7. The post-processing procedure needs to be performed over an
skipping to change at page 13, line 36 skipping to change at page 11, line 24
authenticate the classical channel to make sure there is no authenticate the classical channel to make sure there is no
eavesdroppers or man-in-the-middle attacks, according to certain eavesdroppers or man-in-the-middle attacks, according to certain
authentication protocols such as [Kiktenko]. In [Kiktenko], the authentication protocols such as [Kiktenko]. In [Kiktenko], the
authenticity of the classical channel is checked at the very end authenticity of the classical channel is checked at the very end
of the post-processing procedure instead of doing it for each of the post-processing procedure instead of doing it for each
classical message exchanged between the quantum source node and classical message exchanged between the quantum source node and
the quantum destination node. the quantum destination node.
It is worth noting that: It is worth noting that:
1. There are some entanglement-based QKD protocols such as 1. There are some entanglement-based QKD protocols, such as
[Treiber][E91][BBM92], which work differently than above steps. [Treiber][E91][BBM92], which work differently than the above
The entanglement-based schemes, where entangled states are steps. The entanglement-based schemes, where entangled states
prepared externally to the source quantum node and the are prepared externally to the source quantum node and the
destination quantum node, are not normally considered "prepare- destination quantum node, are not normally considered "prepare-
and-measure" as defined in [Wehner]; other entanglement-based and-measure" as defined in [Wehner]; other entanglement-based
schemes, where entanglement is generated within the source schemes, where entanglement is generated within the source
quantum node can still be considered "prepare-and-measure"; send- quantum node can still be considered "prepare-and-measure"; send-
and-return schemes can still be "prepare-and-measure", if the and-return schemes can still be "prepare-and-measure", if the
information content, from which keys will be derived, is prepared information content, from which keys will be derived, is prepared
within the source quantum node the source quantum node before within the source quantum node before being sent to the
being sent to the destination quantum node for measurement. destination quantum node for measurement.
2. There are many enhanced QKD protocols based on [BB84]. For 2. There are many enhanced QKD protocols based on [BB84]. For
example, a series of loopholes have been identified due to the example, a series of loopholes have been identified due to the
imperfections of measurement devices; there are several solutions imperfections of measurement devices; there are several solutions
to take into account these attacks such as measurement-device- to take into account these attacks such as measurement-device-
independent QKD [Zhang2019]. These enhanced QKD protocols can independent QKD [Zhang2019]. These enhanced QKD protocols can
work differently than the steps of BB84 protocol [BB84]. work differently than the steps of BB84 protocol [BB84].
3. For large-scale QKD, QKD Networks (QKDN) are required, which can 3. For large-scale QKD, QKD Networks (QKDN) are required, which can
be regarded as a subset of a Quantum Internet. A QKDN may be regarded as a subset of a Quantum Internet. A QKDN may
consist of a QKD application layer, a QKD network layer, and a consist of a QKD application layer, a QKD network layer, and a
QKD link layer [Qin]. One or multiple trusted QKD relays QKD link layer [Qin]. One or multiple trusted QKD relays
[Zhang2018] may exist between the source quantum node A and the [Zhang2018] may exist between the source quantum node A and the
destination quantum node B, which are connected by a QKDN. destination quantum node B, which are connected by a QKDN.
Alternatively, a QKDN may rely on entanglement distribution and Alternatively, a QKDN may rely on entanglement distribution and
entanglement-based QKD protocols; as a result, quantum-repeaters/ entanglement-based QKD protocols; as a result, quantum-repeaters/
routers instead of trusted QKD relays are needed for large-scale routers instead of trusted QKD relays are needed for large-scale
QKD. QKD.
4. Although the addresses of Source Quantum Node A and Destination 4. QKD provides an information-theoretical way to share secret keys
Quantum Node B could be identified and exposed, the identity of
users, who will use the secret cryptographic key for secure
communications, will not necessarily be exposed during QKD
process. In other words, there is no direct mapping from the
addresses of quantum nodes to the user identity; as a result, QKD
protocols do not disclose user identities.
5. QKD provides an information-theoretical way to share secret keys
between two parties in the presence of Eve. However, this is true between two parties in the presence of Eve. However, this is true
in theory, and there is a significant gap between theory and in theory, and there is a significant gap between theory and
practice. By exploiting the imperfection of the detectors Eve practice. By exploiting the imperfection of the detectors Eve
can gain information about the shared key [Xu]. To avoid such can gain information about the shared key [Xu]. To avoid such
side-channel attacks in [Lo], the researchers provide a QKD side-channel attacks in [Lo], the researchers provide a QKD
protocol called Measurement Device-Independent (MDI) QKD that protocol called Measurement Device-Independent (MDI) QKD that
allows two users (a transmitter "Alice" and a receiver "Bob") to allows two users (a transmitter "Alice" and a receiver "Bob") to
communicate with perfect security, even if the (measurement) communicate with perfect security, even if the (measurement)
hardware they are using has been tampered with (e.g., by an hardware they are using has been tampered with (e.g., by an
eavesdropper) and thus is not trusted. It is achieved by eavesdropper) and thus is not trusted. It is achieved by
measuring correlations between signals from Alice and Bob rather measuring correlations between signals from Alice and Bob rather
than the actual signals themselves. than the actual signals themselves.
6. QKD protocols based on Continuous Variable (CV-QKD) have recently 5. QKD protocols based on Continuous Variable (CV-QKD) have recently
seen plenty of interest as it only requires telecommunications seen plenty of interest as they only require telecommunications
equipment that is readily available and is also in common use equipment that is readily available and is also in common use
industry-wide. This kind of technology is a potentially high- industry-wide. This kind of technology is a potentially high-
performance technique for secure key distribution over limited performance technique for secure key distribution over limited
distances. The recent demonstration of CV-QKD shows distances. The recent demonstration of CV-QKD shows
compatibility with classical coherent detection schemes that are compatibility with classical coherent detection schemes that are
widely used for high bandwidth classical communication systems widely used for high bandwidth classical communication systems
[Grosshans]. Note that we still do not have a quantum repeater
[Grosshans] Note that we still do not have a quantum repeater for for the continuous variable systems; hence, this kind of QKD
the continuous variable systems; hence, this kind of QKD
technologies can be used for the short distance communications or technologies can be used for the short distance communications or
trusted relay-based QKD networks. trusted relay-based QKD networks.
7. Secret sharing can be used to distribute a secret key among 6. Secret sharing can be used to distribute a secret key among
multiple nodes by letting each node know a share or a part of the multiple nodes by letting each node know a share or a part of the
secret key, while no single node can know the entire secret key. secret key, while no single node can know the entire secret key.
The secret key can only be re-constructed via collaboration from The secret key can only be re-constructed via collaboration from
a sufficient number of nodes. Quantum Secret Sharing (QSS) a sufficient number of nodes. Quantum Secret Sharing (QSS)
typically refer to the scenario: The secret key to be shared is typically refers to the scenario: The secret key to be shared is
based on quantum states instead of classical bits. QSS enables based on quantum states instead of classical bits. QSS enables
to split and share such quantum states among multiple nodes. to split and share such quantum states among multiple nodes.
As a result, the Quantum Internet in Figure 2 contains quantum As a result, the Quantum Internet in Figure 1 contains quantum
channels. And in order to support secure communication setup channels. And in order to support secure communication setup
especially in large-scale deployment, it also requires entanglement especially in large-scale deployment, it also requires entanglement
generation and entanglement distribution generation and entanglement distribution
[I-D.van-meter-qirg-quantum-connection-setup], quantum repeaters/ [I-D.van-meter-qirg-quantum-connection-setup], quantum repeaters/
routers, and/or trusted QKD relays. routers, and/or trusted QKD relays.
+---------------+ +---------------+
| End User | | End User |
|(e.g., Banker) | |(e.g., Banker) |
+---------------+ +---------------+
skipping to change at page 15, line 44 skipping to change at page 13, line 30
+-----------------+ /--------\ +-----------------+ +-----------------+ /--------\ +-----------------+
| |--->( Quantum )--->| | | |--->( Quantum )--->| |
| Source | ( Internet ) | Destination | | Source | ( Internet ) | Destination |
| Quantum | \--------/ | Quantum | | Quantum | \--------/ | Quantum |
| Node A | | Node B | | Node A | | Node B |
| (e.g., Bank #1) | /--------\ | (e.g., Bank #2) | | (e.g., Bank #1) | /--------\ | (e.g., Bank #2) |
| | ( Classical) | | | | ( Classical) | |
| |<-->( Internet )<-->| | | |<-->( Internet )<-->| |
+-----------------+ \--------/ +-----------------+ +-----------------+ \--------/ +-----------------+
Figure 2: Secure Communication Setup Figure 1: Secure Communication Setup
4.2. Secure Quantum Computing with Privacy Preservation 4.2. Secure Quantum Computing with Privacy Preservation
Secure computation with privacy preservation refers to the following Secure computation with privacy preservation refers to the following
scenario: scenario:
1. A client node with source data delegates the computation of the 1. A client node with source data delegates the computation of the
source data to a remote computation node (i.e. a server). source data to a remote computation node (i.e. a server).
2. Furthermore, the client node does not want to disclose any source 2. Furthermore, the client node does not want to disclose any source
data to the remote computation node and thus preserve the source data to the remote computation node, which preserves the source
data privacy. data privacy.
3. Note that there is no assumption or guarantee that the remote 3. Note that there is no assumption or guarantee that the remote
computation node is a trusted entity from the source data privacy computation node is a trusted entity from the source data privacy
perspective. perspective.
As an example illustrated in Figure 3, a terminal node such as a home As an example illustrated in Figure 2, a terminal node can be a small
gateway has collected lots of data and needs to perform computation quantum computer with limited computation capability compared to a
on the data. The terminal node could be a classical node without any remote quantum computation node (e.g., a remote mainframe quantum
quantum capability, a bare-bone quantum end-node or a full-fledged computer), but the terminal node needs to run a more computation-
quantum computer. The terminal node has insufficient computing power intensive task (e.g., Shor's factoring algorithm). The terminal node
and needs to offload data computation to some remote nodes. Although can create individual qubits and send them to the remote quantum
the terminal node can upload the data to the cloud to leverage cloud computation node. Then, the remote quantum computation node can
computing without introducing local computing overhead, to upload the entangle the qubits, calculate on them, measure them, generate
data to the cloud can cause privacy concerns. In this particular measurement results in classical bits, and return the measurement
case, there is no privacy concern since the source data will not be results to the terminal node. It is noted that those measurement
sent to the remote computation node which could be compromised. Many results will look like purely random data to the remote quantum
protocols as described in [Fitzsimons] for delegated quantum computation node because the initial states of the qubits were chosen
computing or Blind Quantum Computation (BQC) can be leveraged to in a cryptographically secure fashion.
realize secure delegated computation and guarantee privacy
preservation simultaneously.
As a new client/server computation model, BQC generally enables: 1) As a new client/server computation model, BQC generally enables: 1)
The client delegates a computation function to the server; 2) The The client delegates a computation function to the server; 2) The
client does not send original qubits to the server, but send client does not send original qubits to the server, but send
transformed qubits to the server; 3) The computation function is transformed qubits to the server; 3) The computation function is
performed at the server on the transformed qubits to generate performed at the server on the transformed qubits to generate
temporary result qubits, which could be quantum-circuit-based temporary result qubits, which could be quantum-circuit-based
computation or measurement-based quantum computation. The server computation or measurement-based quantum computation. The server
sends the temporary result qubits to the client; 4) The client sends the temporary result qubits to the client; 4) The client
receives the temporary result qubits and transform them to the final receives the temporary result qubits and transforms them to the final
result qubits. During this process, the server can not figure out result qubits. During this process, the server can not figure out
the original qubits from the transformed qubits. Also, it will not the original qubits from the transformed qubits. Also, it will not
take too much efforts on the client side to transform the original take too much efforts on the client side to transform the original
qubits to the transformed qubits, or transform the temporary result qubits to the transformed qubits, or transform the temporary result
qubits to the final result qubits. One of the very first BQC qubits to the final result qubits. One of the very first BQC
protocols such as [Childs] follows this process, although the client protocols such as [Childs] follows this process, although the client
needs some basic quantum features such as quantum memory, qubit needs some basic quantum features such as quantum memory, qubit
preparation and measurement, and qubit transmission. Measurement- preparation and measurement, and qubit transmission. Measurement-
based quantum computation is out of the scope of this document and based quantum computation is out of the scope of this document and
more details about it can be found in [Jozsa2005]. more details about it can be found in [Jozsa2005].
skipping to change at page 17, line 17 skipping to change at page 15, line 4
transformation, while the server performs a sequence of quantum transformation, while the server performs a sequence of quantum
logic gates. Qubits are transmitted back and forth between the logic gates. Qubits are transmitted back and forth between the
client and the server. client and the server.
2. Universal BQC in [Broadbent] is a measurement-based BQC model, 2. Universal BQC in [Broadbent] is a measurement-based BQC model,
which is based on measurement-based quantum computing leveraging which is based on measurement-based quantum computing leveraging
entangled states. The principle in UBQC is based on the fact the entangled states. The principle in UBQC is based on the fact the
quantum teleportation plus a rotated Bell measurement realizes a quantum teleportation plus a rotated Bell measurement realizes a
quantum computation, which can be repeated multiple times to quantum computation, which can be repeated multiple times to
realize a sequence of quantum computation. In this approach, the realize a sequence of quantum computation. In this approach, the
client first prepares transformed qubits and send them to the client first prepares transformed qubits and sends them to the
server and the server needs first to prepare entangled states server and the server needs first to prepare entangled states
from all received qubits. Then, multiple interaction and from all received qubits. Then, multiple interaction and
measurement rounds happen between the client and the server. For measurement rounds happen between the client and the server. For
each round, the client computes and sends new measurement each round, the client computes and sends new measurement
instructions or measurement adaptations to the server; then, the instructions or measurement adaptations to the server; then, the
server performs the measurement according to the received server performs the measurement according to the received
measurement instructions to generate measurement results (qubits measurement instructions to generate measurement results (qubits
or in classic bits); the client receives the measurement results or in classic bits); the client receives the measurement results
and transform them to the final results. and transforms them to the final results.
3. A hybrid universal BQC is proposed in [Zhang2009], where the 3. A hybrid universal BQC is proposed in [Zhang2009], where the
server performs both quantum circuits like [Childs] and quantum server performs both quantum circuits like [Childs] and quantum
measurements like [Broadbent] to reduce the number of required measurements like [Broadbent] to reduce the number of required
entangled states in [Broadbent]. Also, the client is much entangled states in [Broadbent]. Also, the client is much
simpler than the client in [Childs]. This hybrid BQC is a simpler than the client in [Childs]. This hybrid BQC is a
combination of circuit-based BQC model and measurement-based BQC combination of circuit-based BQC model and measurement-based BQC
model. model.
4. It will be ideal if the client in BQC is a purely classical 4. It will be ideal if the client in BQC is a purely classical
client, which only needs to interact with the server using client, which only needs to interact with the server using
classical channel and communications. [Huang] demonstrates such classical channel and communications. [Huang] demonstrates such
an approach, where a classical client leverages two entangled an approach, where a classical client leverages two entangled
servers to perform BQC, with the assumption that both servers can servers to perform BQC, with the assumption that both servers
not communicate with each other; otherwise, the blindness or cannot communicate with each other; otherwise, the blindness or
privacy of the client can not be guaranteed. The scenario as privacy of the client cannot be guaranteed. The scenario as
demonstrated in [Huang] is essentially an example of BQC with demonstrated in [Huang] is essentially an example of BQC with
multiple servers. multiple servers.
5. How to verify that the server will perform what the client 5. How to verify that the server will perform what the client
requests or expects is an important issue in many BQC protocols, requests or expects is an important issue in many BQC protocols,
referred to as verifiable BQC. [Fitzsimons] discusses this issue referred to as verifiable BQC. [Fitzsimons] discusses this issue
and compares it in various BQC protocols. and compares it in various BQC protocols.
In Figure 3, the Quantum Internet contains quantum channels and In Figure 2, the Quantum Internet contains quantum channels and
quantum repeaters/routers for long-distance qubits transmission quantum repeaters/routers for long-distance qubits transmission
[I-D.irtf-qirg-principles]. [I-D.irtf-qirg-principles].
+----------------+ /--------\ +----------------+ +----------------+ /--------\ +-------------------+
| |--->( Quantum )--->| | | |--->( Quantum )--->| |
| | ( Internet ) | Remote | | | ( Internet ) | Remote Quantum |
| Terminal | \--------/ | Computation | | Terminal | \--------/ | Computation |
| Node | | Node | | Node | | Node |
| (e.g., Home | /--------\ | (e.g., QC | | (e.g., A Small| /--------\ | (e.g., Remote |
| Gateway) | ( Classical) | in Cloud) | | Quantum | ( Classical) | Mainframe) |
| |<-->( Internet )<-->| | | Computer) |<-->( Internet )<-->| Quantum Computer)|
+----------------+ \--------/ +----------------+ +----------------+ \--------/ +-------------------+
Figure 3: Secure Quantum Computing with Privacy Preservation Figure 2: Secure Quantum Computing with Privacy Preservation
4.3. Distributed Quantum Computing 4.3. Distributed Quantum Computing
There can be two types of distributed quantum computing [Denchev]: There can be two types of distributed quantum computing [Denchev]:
1. Leverage quantum mechanics to enhance classical distributed 1. Leverage quantum mechanics to enhance classical distributed
computing problems. For example, entangled quantum states can be computing. For example, entangled quantum states can be
exploited to improve leader election in classical distributed exploited to improve leader election in classical distributed
computing, by simply measuring the entangled quantum states at computing, by simply measuring the entangled quantum states at
each party (e.g., a node or a device) without introducing any each party (e.g., a node or a device) without introducing any
classical communications among distributed parties [Pal]. classical communications among distributed parties [Pal].
Normally, pre-shared entanglement needs first be established Normally, pre-shared entanglement needs first be established
among distributed parties, followed by LOCC operations at each among distributed parties, followed by LOCC operations at each
party. And it generally does not need to transmit qubits among party. And it generally does not need to transmit qubits among
distributed parties. distributed parties.
2. Distribute quantum computing functions to distributed quantum 2. Distribute quantum computing functions to distributed quantum
skipping to change at page 19, line 27 skipping to change at page 17, line 19
Classical Internet, in the context of distributed quantum computing Classical Internet, in the context of distributed quantum computing
ecosystem [Cuomo]. According to [Cuomo], quantum teleportation ecosystem [Cuomo]. According to [Cuomo], quantum teleportation
enables a new communication paradigm, referred to as teledata enables a new communication paradigm, referred to as teledata
[VanMeter2006-01], which moves quantum states among qubits to [VanMeter2006-01], which moves quantum states among qubits to
distributed quantum computers. In addition, distributed quantum distributed quantum computers. In addition, distributed quantum
computation also needs the capability of remotely performing quantum computation also needs the capability of remotely performing quantum
computation on qubits on distributed quantum computers, which can be computation on qubits on distributed quantum computers, which can be
enabled by the technique called telegate [VanMeter2006-02]. enabled by the technique called telegate [VanMeter2006-02].
As an example, scientists can leverage these connected NISQ computer As an example, scientists can leverage these connected NISQ computer
to solve highly complex scientific computation problems such as to solve highly complex scientific computation problems, such as
analysis of chemical interactions for medical drug development [Cao] analysis of chemical interactions for medical drug development [Cao]
(see Figure 4). In this case, qubits will be transmitted among (see Figure 3). In this case, qubits will be transmitted among
connected quantum computers via quantum channels, while classic connected quantum computers via quantum channels, while classic
control messages will be transmitted among them via classical control messages will be transmitted among them via classical
channels for coordination and control purpose. Another example of channels for coordination and control purpose. Another example of
distributed quantum computing is secure Multi-Party Quantum distributed quantum computing is secure Multi-Party Quantum
Computation (MPQC) [Crepeau], which can be regarded as a quantum Computation (MPQC) [Crepeau], which can be regarded as a quantum
version of classical secure Multi-Party Computation (MPC). In a version of classical secure Multi-Party Computation (MPC). In a
secure MPQC protocol, multiple participants jointly perform quantum secure MPQC protocol, multiple participants jointly perform quantum
computation on a set of input quantum states, which are prepared and computation on a set of input quantum states, which are prepared and
provided by different participants. One of the primary aims of the provided by different participants. One of the primary aims of the
secure MPQC is to guarantee that each participant will not know input secure MPQC is to guarantee that each participant will not know input
quantum states provided by other participants. Secure MPQC relies on quantum states provided by other participants. Secure MPQC relies on
verifiable quantum secret sharing [Lipinska]. verifiable quantum secret sharing [Lipinska].
For the example shown in Figure 4, qubits from one NISQ computer to For the example shown in Figure 3, qubits from one NISQ computer to
another NISQ computer are very sensitive and should not be lost. For another NISQ computer are very sensitive and should not be lost. For
this purpose, quantum teleportation can be leveraged to teleport this purpose, quantum teleportation can be leveraged to teleport
sensitive data qubits from one quantum computer A to another quantum sensitive data qubits from one quantum computer A to another quantum
computer B. Note that Figure 4 does not cover measurement-based computer B. Note that Figure 3 does not cover measurement-based
distributed quantum computing, where quantum teleportation may not be distributed quantum computing, where quantum teleportation may not be
required. When quantum teleportation is employed, the following required. When quantum teleportation is employed, the following
steps happen between A and B. In fact, LOCC [Chitambar] operations steps happen between A and B. In fact, LOCC [Chitambar] operations
are conducted at the quantum computer A and B in order to achieve are conducted at the quantum computers A and B in order to achieve
quantum teleportation as illustrated in Figure 4. quantum teleportation as illustrated in Figure 3.
1. The quantum computer A locally generates some sensitive data 1. The quantum computer A locally generates some sensitive data
qubits to be teleported to the quantum computer B. qubits to be teleported to the quantum computer B.
2. A shared entanglement is established between the quantum computer 2. A shared entanglement is established between the quantum computer
A and the quantum computer B (i.e., there are two entangled A and the quantum computer B (i.e., there are two entangled
qubits: q1 at A and q2 at B). For example, the quantum computer qubits: q1 at A and q2 at B). For example, the quantum computer
A can generate two entangled qubits (i.e., q1 and q2) and sends A can generate two entangled qubits (i.e., q1 and q2) and sends
q2 to the quantum computer B via quantum communications. q2 to the quantum computer B via quantum communications.
skipping to change at page 20, line 26 skipping to change at page 18, line 23
4. The result from this Bell measurement will be encoded in two 4. The result from this Bell measurement will be encoded in two
classical bits, which will be physically transmitted via a classical bits, which will be physically transmitted via a
classical channel to the quantum computer B. classical channel to the quantum computer B.
5. Based on the received two classical bits, the quantum computer B 5. Based on the received two classical bits, the quantum computer B
modifies the state of the entangled qubit q2 in the way to modifies the state of the entangled qubit q2 in the way to
generate a new qubit identical to the sensitive data qubit at the generate a new qubit identical to the sensitive data qubit at the
quantum computer A. quantum computer A.
In Figure 4, the Quantum Internet contains quantum channels and In Figure 3, the Quantum Internet contains quantum channels and
quantum repeaters/routers [I-D.irtf-qirg-principles]. This quantum repeaters/routers [I-D.irtf-qirg-principles]. This
application scenario needs to support entanglement generation and application scenario needs to support entanglement generation and
entanglement distribution (or quantum connection) setup entanglement distribution (or quantum connection) setup
[I-D.van-meter-qirg-quantum-connection-setup] in order to support [I-D.van-meter-qirg-quantum-connection-setup] in order to support
quantum teleportation. quantum teleportation.
+-----------------+ +-----------------+
| End-User | | End-User |
|(e.g., Scientist)| |(e.g., Scientist)|
+-----------------+ +-----------------+
skipping to change at page 21, line 25 skipping to change at page 19, line 4
V V V V
+----------------+ /--------\ +----------------+ +----------------+ /--------\ +----------------+
| |--->( Quantum )--->| | | |--->( Quantum )--->| |
| | ( Internet ) | | | | ( Internet ) | |
| Quantum | \--------/ | Quantum | | Quantum | \--------/ | Quantum |
| Computer A | | Computer B | | Computer A | | Computer B |
| (e.g., Site #1)| /--------\ | (e.g., Site #2)| | (e.g., Site #1)| /--------\ | (e.g., Site #2)|
| | ( Classical) | | | | ( Classical) | |
| |<-->( Internet )<-->| | | |<-->( Internet )<-->| |
+----------------+ \--------/ +----------------+ +----------------+ \--------/ +----------------+
Figure 3: Distributed Quantum Computing
Figure 4: Distributed Quantum Computing
5. General Requirements 5. General Requirements
5.1. Background 5.1. Background
Quantum technologies are steadily evolving and improving. Therefore, Quantum technologies are steadily evolving and improving. Therefore,
it is hard to predict the timeline and future milestones of quantum it is hard to predict the timeline and future milestones of quantum
technologies as pointed out in [Grumbling] for quantum computing. technologies as pointed out in [Grumbling] for quantum computing.
Currently, a NISQ computer can achieve fifty to hundreds of qubits Currently, a NISQ computer can achieve fifty to hundreds of qubits
with some given error rate. In fact, the error rates of two-qubit with some given error rate. In fact, the error rates of two-qubit
skipping to change at page 22, line 4 skipping to change at page 19, line 30
[Grumbling]. [Grumbling].
On the network level, six stages of Quantum Internet development are On the network level, six stages of Quantum Internet development are
described in [Wehner] as follows: described in [Wehner] as follows:
1. Trusted repeater networks (Stage-1) 1. Trusted repeater networks (Stage-1)
2. Prepare and measure networks (Stage-2) 2. Prepare and measure networks (Stage-2)
3. Entanglement distribution networks (Stage-3) 3. Entanglement distribution networks (Stage-3)
4. Quantum memory networks (Stage-4) 4. Quantum memory networks (Stage-4)
5. Fault-tolerant few qubit networks (Stage-5) 5. Fault-tolerant few qubit networks (Stage-5)
6. Quantum computing networks (Stage-6) 6. Quantum computing networks (Stage-6)
The first stage is simple trusted repeater networks, while the final The first stage is simple trusted repeater networks, while the final
stage is the quantum computing networks where the full-blown Quantum stage is the quantum computing networks where the full-blown Quantum
Internet will be achieved. Each intermediate stage brings with it Internet will be achieved. Each intermediate stage brings with it
new functionality, new applications, and new characteristics. new functionality, new applications, and new characteristics.
Figure 5 illustrates Quantum Internet application scenarios as Figure 4 illustrates Quantum Internet application scenarios as
described in this document mapped to the Quantum Internet stages described in this document mapped to the Quantum Internet stages
described in [Wehner]. For example, secure communication setup can described in [Wehner]. For example, secure communication setup can
be supported in Stage-1, Stage-2, or Stage-3, but with different QKD be supported in Stage-1, Stage-2, or Stage-3, but with different QKD
solutions. More specifically: solutions. More specifically:
In Stage-1, basic QKD is possible and can be leveraged to support In Stage-1, basic QKD is possible and can be leveraged to support
secure communication setup but trusted nodes are required to provide secure communication setup but trusted nodes are required to provide
end-to-end security. The primary requirement is the trusted nodes. end-to-end security. The primary requirement is the trusted nodes.
In Stage-2, the end users can prepare receive and measure the qubits. In Stage-2, the end users can prepare and measure the qubits. In
In this stage the users can verify classical passwords without this stage, the users can verify classical passwords without
revealing it. revealing it.
In Stage-3, end-to-end security can be enabled based on quantum In Stage-3, end-to-end security can be enabled based on quantum
repeaters and entanglement distribution, to support the same secure repeaters and entanglement distribution, to support the same secure
communication setup application. The primary requirement is communication setup application. The primary requirement is
entanglement distribution to enable long-distance QKD. entanglement distribution to enable long-distance QKD.
In Stage-4, the quantum repeaters gain the capability of storing and In Stage-4, the quantum repeaters gain the capability of storing and
manipulating entangled qubits in the quantum memories. Using these manipulating entangled qubits in the quantum memories. Using these
kind of quantum networks one can run sophisticated applications like kind of quantum networks, one can run sophisticated applications like
blind quantum computing, leader election, quantum secret sharing. blind quantum computing, leader election, quantum secret sharing.
In Stage-5, quantum repeaters can perform error correction; hence In Stage-5, quantum repeaters can perform error correction; hence
they can perform fault-tolerant quantum computations on the received they can perform fault-tolerant quantum computations on the received
data. With the help of these repeaters, it is possible to run data. With the help of these repeaters, it is possible to run
distributed quantum computing and quantum sensor applications over a distributed quantum computing and quantum sensor applications over a
smaller number of qubits. smaller number of qubits.
Finally, in Stage-6, distributed quantum computing relying on more Finally, in Stage-6, distributed quantum computing relying on more
qubits can be supported. qubits can be supported.
skipping to change at page 23, line 31 skipping to change at page 21, line 31
| Stage-4 | Secure/blind quantum | Quantum memory | | Stage-4 | Secure/blind quantum | Quantum memory |
| | computing | | | | computing | |
|---------------------------------------------------------------| |---------------------------------------------------------------|
| Stage-5 | Higher-Accuracy Clock | Fault tolerance | | Stage-5 | Higher-Accuracy Clock | Fault tolerance |
| | synchronization | | | | synchronization | |
|---------------------------------------------------------------| |---------------------------------------------------------------|
| Stage-6 | Distributed quantum | More qubits | | Stage-6 | Distributed quantum | More qubits |
| | computing | | | | computing | |
+---------------------------------------------------------------+ +---------------------------------------------------------------+
Figure 5: Example Application Scenarios in Different Quantum Figure 4: Example Application Scenarios in Different Quantum
Internet Stages Internet Stages
5.2. Requirements 5.2. Requirements
Some general and functional requirements on the Quantum Internet from Some general and functional requirements on the Quantum Internet from
the networking perspective, based on the above application scenarios, the networking perspective, based on the above application scenarios,
are identified as follows: are identified as follows:
1. Methods for facilitating quantum applications to interact 1. Methods for facilitating quantum applications to interact
efficiently with entangled qubits are necessary in order for them efficiently with entangled qubits are necessary in order for them
skipping to change at page 24, line 10 skipping to change at page 22, line 10
2. Quantum repeaters/routers should support robust and efficient 2. Quantum repeaters/routers should support robust and efficient
entanglement distribution in order to extend and establish high- entanglement distribution in order to extend and establish high-
fidelity entanglement connection between two quantum nodes. For fidelity entanglement connection between two quantum nodes. For
achieving this, it is required to first generate an entangled achieving this, it is required to first generate an entangled
pair on each hop of the path between these two nodes, and then pair on each hop of the path between these two nodes, and then
perform entanglement swapping operations at each of the perform entanglement swapping operations at each of the
intermediate nodes. intermediate nodes.
3. Quantum end-nodes must send additional information on classical 3. Quantum end-nodes must send additional information on classical
channels to aid in transmission of qubits across quantum channels to aid in transferring qubits across quantum repeaters/
repeaters/receivers. This is because qubits are transmitted receivers. This is because qubits are transferred individually
individually and do not have any associated packet overhead which and do not have any associated packet header which can help in
can help in transmission of the qubit. Any extra information to transferring the qubit. Any extra information to aid in routing,
aid in routing, identification, etc., of the qubit(s) must be identification, etc., of the qubit(s) must be sent via classical
sent via classical channels. channels.
4. Methods for managing and controlling the Quantum Internet 4. Methods for managing and controlling the Quantum Internet
including quantum nodes and their quantum resources are including quantum nodes and their quantum resources are
necessary. The resources of a quantum node may include quantum necessary. The resources of a quantum node may include quantum
memory, quantum channels, qubits, established quantum memory, quantum channels, qubits, established quantum
connections, etc. Such management methods can be used to monitor connections, etc. Such management methods can be used to monitor
network status of the Quantum Internet, diagnose and identify network status of the Quantum Internet, diagnose and identify
potential issues (e.g. quantum connections), and configure potential issues (e.g. quantum connections), and configure
quantum nodes with new actions and/or policies (e.g. to perform a quantum nodes with new actions and/or policies (e.g. to perform a
new entanglement swapping operation). New management information new entanglement swapping operation). New management information
model for the Quantum Internet may need to be developed. model for the Quantum Internet may need to be developed.
6. Conclusion 6. Conclusion
This document provides an overview of some expected application This document provides an overview of some expected application
categories for the Quantum Internet, and then details selected categories for the Quantum Internet, and then details selected
application scenarios. The applications are first grouped by their application scenarios. The applications are first grouped by their
usage which is a natural and easy to understand classification usage which is a natural and easy to understand classification
scheme. The applications are also classified as either control plane scheme. This set of applications may, of course, naturally expand
or data plane functionality as typical for the Classical Internet. over time as the Quantum Internet matures. Finally, some general
This set of applications may, of course, naturally expand over time requirements for the Quantum Internet are also provided.
as the Quantum Internet matures. Finally, some general requirements
for the Quantum Internet are also provided.
This document can also serve as an introductory text to readers This document can also serve as an introductory text to readers
interested in learning about the practical uses of the Quantum interested in learning about the practical uses of the Quantum
Internet. Finally, it is hoped that this document will help guide Internet. Finally, it is hoped that this document will help guide
further research and development of the Quantum Internet further research and development of the Quantum Internet
functionality required to implement the application scenarios functionality required to implement the application scenarios
described herein. described herein.
7. IANA Considerations 7. IANA Considerations
skipping to change at page 35, line 10 skipping to change at page 33, line 10
Juniper Networks Juniper Networks
Boeing Avenue 240 Boeing Avenue 240
Schiphol-Rijk Schiphol-Rijk
Email: maelmans@juniper.net Email: maelmans@juniper.net
Kaushik Chakraborty Kaushik Chakraborty
The University of Edinburgh The University of Edinburgh
10 Crichton Street 10 Crichton Street
Edinburgh Edinburgh
EH8 9AB, Scotland EH8 9AB, Scotland
United Kingdom United Kingdom
Email: kchakrab@exseed.ed.ac.uk Email: kchakrab@exseed.edu.ac.uk
 End of changes. 75 change blocks. 
296 lines changed or deleted 199 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/