idnits 2.17.1 draft-irtf-qirg-principles-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (March 9, 2020) is 1503 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- No issues found here. Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Quantum Internet Research Group W. Kozlowski 3 Internet-Draft S. Wehner 4 Intended status: Informational QuTech 5 Expires: September 10, 2020 R. Van Meter 6 Keio University 7 B. Rijsman 8 Individual 9 A. S. Cacciapuoti 10 M. Caleffi 11 University of Naples Federico II 12 March 9, 2020 14 Architectural Principles for a Quantum Internet 15 draft-irtf-qirg-principles-03 17 Abstract 19 The vision of a quantum internet is to fundamentally enhance Internet 20 technology by enabling quantum communication between any two points 21 on Earth. To achieve this goal, a quantum network stack should be 22 built from the ground up as the physical nature of the communication 23 is fundamentally different. The first realisations of quantum 24 networks are imminent, but there is no practical proposal for how to 25 organise, utilise, and manage such networks. In this memo, we 26 attempt lay down the framework and introduce some basic architectural 27 principles for a quantum internet. This is intended for general 28 guidance and general interest, but also to provide a foundation for 29 discussion between physicists and network specialists. 31 Status of This Memo 33 This Internet-Draft is submitted in full conformance with the 34 provisions of BCP 78 and BCP 79. 36 Internet-Drafts are working documents of the Internet Engineering 37 Task Force (IETF). Note that other groups may also distribute 38 working documents as Internet-Drafts. The list of current Internet- 39 Drafts is at https://datatracker.ietf.org/drafts/current/. 41 Internet-Drafts are draft documents valid for a maximum of six months 42 and may be updated, replaced, or obsoleted by other documents at any 43 time. It is inappropriate to use Internet-Drafts as reference 44 material or to cite them other than as "work in progress." 46 This Internet-Draft will expire on September 10, 2020. 48 Copyright Notice 50 Copyright (c) 2020 IETF Trust and the persons identified as the 51 document authors. All rights reserved. 53 This document is subject to BCP 78 and the IETF Trust's Legal 54 Provisions Relating to IETF Documents 55 (https://trustee.ietf.org/license-info) in effect on the date of 56 publication of this document. Please review these documents 57 carefully, as they describe your rights and restrictions with respect 58 to this document. Code Components extracted from this document must 59 include Simplified BSD License text as described in Section 4.e of 60 the Trust Legal Provisions and are provided without warranty as 61 described in the Simplified BSD License. 63 Table of Contents 65 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 66 2. Quantum information . . . . . . . . . . . . . . . . . . . . . 4 67 2.1. Qubit . . . . . . . . . . . . . . . . . . . . . . . . . . 4 68 2.2. Multiple qubits . . . . . . . . . . . . . . . . . . . . . 5 69 3. Entanglement as the fundamental resource . . . . . . . . . . 6 70 4. Achieving quantum connectivity . . . . . . . . . . . . . . . 8 71 4.1. Challenges . . . . . . . . . . . . . . . . . . . . . . . 8 72 4.1.1. The measurement problem . . . . . . . . . . . . . . . 8 73 4.1.2. No-cloning theorem . . . . . . . . . . . . . . . . . 8 74 4.1.3. Fidelity . . . . . . . . . . . . . . . . . . . . . . 9 75 4.2. Direct transmission . . . . . . . . . . . . . . . . . . . 9 76 4.3. Bell pairs . . . . . . . . . . . . . . . . . . . . . . . 10 77 4.4. Teleportation . . . . . . . . . . . . . . . . . . . . . . 10 78 4.5. The life cycle of entanglement . . . . . . . . . . . . . 11 79 4.5.1. Elementary link generation . . . . . . . . . . . . . 11 80 4.5.2. Entanglement swapping . . . . . . . . . . . . . . . . 12 81 4.5.3. Distillation . . . . . . . . . . . . . . . . . . . . 13 82 4.5.4. Delivery . . . . . . . . . . . . . . . . . . . . . . 14 83 5. Architecture of a quantum internet . . . . . . . . . . . . . 14 84 5.1. New challenges . . . . . . . . . . . . . . . . . . . . . 14 85 5.2. Classical communication . . . . . . . . . . . . . . . . . 15 86 5.3. Abstract model of the network . . . . . . . . . . . . . . 16 87 5.3.1. Elements of a quantum network . . . . . . . . . . . . 16 88 5.3.2. Putting it all together . . . . . . . . . . . . . . . 17 89 5.4. Network boundaries . . . . . . . . . . . . . . . . . . . 18 90 5.4.1. Boundaries between different physical architectures . 18 91 5.4.2. Boundaries between different administrative regions . 18 92 5.5. Physical constraints . . . . . . . . . . . . . . . . . . 19 93 5.5.1. Memory lifetimes . . . . . . . . . . . . . . . . . . 19 94 5.5.2. Rates . . . . . . . . . . . . . . . . . . . . . . . . 19 95 5.5.3. Communication qubits . . . . . . . . . . . . . . . . 20 96 5.5.4. Homogeneity . . . . . . . . . . . . . . . . . . . . . 20 97 6. Architectural principles . . . . . . . . . . . . . . . . . . 20 98 6.1. Goals of a quantum internet . . . . . . . . . . . . . . . 20 99 6.2. The principles of a quantum internet . . . . . . . . . . 23 100 7. Comparison with classical networks . . . . . . . . . . . . . 25 101 8. Security Considerations . . . . . . . . . . . . . . . . . . . 27 102 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 27 103 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 27 104 11. Informative References . . . . . . . . . . . . . . . . . . . 27 105 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 29 107 1. Introduction 109 Quantum networks are distributed systems of quantum devices that 110 utilise fundamental quantum mechanical phenomena such as 111 superposition, entanglement, and quantum measurement to achieve 112 capabilities beyond what is possible with classical networks. 113 Depending on the stage of a quantum network [5] such devices may be 114 simple photonic devices capable of preparing and measuring only one 115 quantum bit (qubit) at a time, all the way to large-scale quantum 116 computers of the future. A quantum network is not meant to replace 117 classical networks, but rather form an overall hybrid classical 118 quantum network supporting new capabilities which are otherwise 119 impossible to realise. This new networking paradigm offers promise 120 for a range of new applications such as secure communications [1], 121 distributed quantum computation [2], or quantum sensor networks [3]. 122 The field of quantum communication has been a subject of active 123 research for many years and the most well-known application of 124 quantum communication, quantum key distribution (QKD) for secure 125 communications, has already been deployed at short (roughly 100km) 126 distances. 128 Fully quantum networks capable of transmitting and managing entangled 129 quantum states in order to send, receive, and manipulate distributed 130 quantum information are now imminent [4] [5]. Whilst a lot of effort 131 has gone into physically realising and connecting such devices, and 132 making improvements to their speed and error tolerance there are no 133 worked out proposals for how to run these networks. To draw an 134 analogy with a classical network, we are at a stage where we can 135 start to physically connect our devices and send data, but all 136 sending, receiving, buffer management, connection synchronisation, 137 and so on, must be managed by the application itself at what is even 138 lower than assembly level where no common interfaces yet exist. 139 Furthermore, whilst physical mechanisms for transmitting quantum 140 states exist, there are no robust protocols for managing such 141 transmissions. 143 2. Quantum information 145 In order to understand the framework for quantum networking a basic 146 understanding of quantum information is necessary. The following 147 sections aim to introduce the bare minimum necessary to understand 148 the principles of operation of a quantum network. This exposition 149 was written with a classical networking audience in mind. It is 150 assumed that the reader has never before been exposed to any quantum 151 physics. We refer to e.g. [10] for an in-depth introduction to 152 quantum information. 154 2.1. Qubit 156 The differences between quantum computation and classical computation 157 begin at the bit-level. A classical computer operates on the binary 158 alphabet { 0, 1 }. A quantum bit, a qubit, exists over the same 159 binary space, but unlike the classical bit, it can exist in a so- 160 called superposition of the two possibilities: 162 a |0> + b |1>, 164 where |X> denotes a quantum state, here the binary 0 and 1, and the 165 coefficients a and b are complex numbers called probability 166 amplitudes. Physically, such a state can be realised using a variety 167 of different technologies such as electron spin, photon polarisation, 168 atomic energy levels, and so on. 170 Upon measurement, the qubit loses its superposition and irreversibly 171 collapses into one of the two basis states, either |0> or |1>. Which 172 of the two states it ends up in is not deterministic, but it can be 173 determined from the readout of the measurement, a classical bit, 0 or 174 1 respectively. The probability of measuring the state in the |0> 175 state is |a|^2 and similarly the probability of measuring the state 176 in the |1> state is |b|^2, where |a|^2 + |b|^2 = 1. This randomness 177 is not due to our ignorance of the underlying mechanisms, but rather 178 it is a fundamental feature of a quantum mechanical system [6]. 180 The superposition property plays an important role in fundamental 181 gate operations on qubits. Since a qubit can exist in a 182 superposition of its basis states, the elementary quantum gates are 183 able to act on all states of the superposition at the same time. For 184 example, consider the NOT gate: 186 NOT (a |0> + b |1>) -> a |1> + b |0>. 188 2.2. Multiple qubits 190 When multiple qubits are combined in a single quantum state the space 191 of possible states grows exponentially and all these states can 192 coexist in a superposition. For example, the general form of a two- 193 qubit register is 195 a |00> + b |01> + c |10> + d |11> 197 where the coefficients have the same probability amplitude 198 interpretation as for the single qubit state. Each state represents 199 a possible outcome of a measurement of the two-qubit register. For 200 example, |01>, denotes a state in which the first qubit is in the 201 state |0> and the second is in the state |1>. 203 Performing single qubit gates affects the relevant qubit in each of 204 the superposition states. Similarly, two-qubit gates also act on all 205 the relevant superposition states, but their outcome is far more 206 interesting. 208 Consider a two-qubit register where the first qubit is in the 209 superposed state (|0> + |1>)/sqrt(2) and the other is in the 210 state |0>. This combined state can be written as: 212 (|0> + |1>)/sqrt(2) x |0> = (|00> + |10>)/sqrt(2), 214 where x denotes a tensor product (the mathematical mechanism for 215 combining quantum states together). Let us now consider the two- 216 qubit CNOT gate. The CNOT gate takes as input two qubits, a control 217 and target, and applies the NOT gate to the target if the control 218 qubit is set. The truth table looks like 220 +----+-----+ 221 | IN | OUT | 222 +----+-----+ 223 | 00 | 00 | 224 | 01 | 01 | 225 | 10 | 11 | 226 | 11 | 10 | 227 +----+-----+ 229 Now, consider performing a CNOT gate on the ensemble with the first 230 qubit being the control. We apply a two-qubit gate on all the 231 superposition states: 233 CNOT (|00> + |10>)/sqrt(2) -> (|00> + |11>)/sqrt(2). 235 What is so interesting about this two-qubit gate operation? The 236 final state is *entangled*. There is no possible way of representing 237 that quantum state as a product of two individual qubits, they are no 238 longer independent and their behaviour cannot be fully described 239 without accounting for the other qubit. The states of the two 240 individual qubits are now correlated beyond what is possible to 241 achieve classically. Neither qubit is in a definite |0> or |1> 242 state, but if we perform a measurement on either one, the outcome of 243 the partner qubit will *always* yield the exact same outcome. The 244 final state, whether it's |00> or |11>, is fundamentally random as 245 before, but the states of the two qubits following a measurement will 246 always be identical. 248 Once a measurement is performed, the two qubits are once again 249 independent. The final state is either |00> or |11> and both of 250 these states can be trivially decomposed into a product of two 251 individual qubits. The entanglement has been consumed and if the 252 same measurement is to be repeated, the entangled state must be 253 prepared again. 255 3. Entanglement as the fundamental resource 257 Entanglement is the fundamental building block of quantum networks. 258 To see this, consider the state from the previous section: 260 (|00> + |11>)/sqrt(2). 262 Neither of the two qubits is in a definite |0> or |1> state and we 263 need to know the state of the entire register to be able to fully 264 describe the behaviour of the two qubits. 266 Entangled qubits have interesting non-local properties. Consider 267 sending one of the qubits to another device. This device could in 268 principle be anywhere: on the other side of the room, in a different 269 country, or even on a different planet. Provided negligible noise 270 has been introduced, the two qubits will forever remain in the 271 entangled state until a measurement is performed. The physical 272 distance does not matter at all for entanglement. 274 This lies at the heart of quantum networking, because it is possible 275 to leverage the non-classical correlations provided by entanglement 276 in order to design completely new types of application protocols that 277 are not possible to achieve with just classical communication. 278 Examples of such applications are quantum cryptography, blind quantum 279 computation, or distributed quantum computation. 281 Entanglement has two very special features from which one can derive 282 some intuition about the types of applications enabled by a quantum 283 network. 285 The first stems from the fact that entanglement enables stronger than 286 classical correlations, leading to opportunities for tasks that 287 require coordination. As a trivial example consider the problem of 288 consensus between two nodes who want to agree on the value of a 289 single bit. They can use the quantum network to prepare the state 290 (|00> + |11>)/sqrt(2) with each node holding one of the two qubits. 291 Once any of the two nodes performs a measurement the state of the two 292 qubits collapses to either |00> or |11> so whilst the outcome is 293 random and does not exist before measurement, the two nodes will 294 always measure the same value. We can also build the more general 295 multi-qubit state (|00...> + |11...>)/sqrt(2) and perform the same 296 algorithm between an arbitrary number of nodes. These stronger than 297 classical correlations generalise to more complicated measurement 298 schemes as well. 300 The second feature of entanglement is that it cannot be shared, in 301 the sense that if two qubits are maximally entangled with each other, 302 than it is physically impossible for any other system to have any 303 share of this entanglement. Hence, entanglement forms a sort of 304 private and inherently untappable connection between two nodes once 305 established. 307 Entanglement is created through local interactions between two qubits 308 or as a product of the way the qubits were created (e.g. entangled 309 photon pairs). To create a distributed entangled state one can then 310 physically send one of the qubits to a remote node. It is also 311 possible to directly entangle qubits that are physically separated, 312 but this still requires local interactions between some other qubits 313 that the separated qubits are initially entangled with. Therefore, 314 it is the transmission of qubits that draws the line between a 315 genuine quantum network and a collection of quantum computers 316 connected over a classical network. 318 A quantum network is defined as a collection of nodes that is able to 319 exchange qubits and distribute entangled states amongst themselves. 320 A quantum node that is able only to communicate classically with 321 another quantum node is not a member of a quantum network. 323 More complex services and applications can be built on top of 324 entangled states distributed by the network, see e.g. [5]> 326 4. Achieving quantum connectivity 328 This section explains the meaning of quantum connectivity and the 329 necessary physical processes at an abstract level. 331 4.1. Challenges 333 A quantum network cannot be built by simply extrapolating all the 334 classical models to their quantum analogues. One cannot just send 335 qubits like one can send bits over a wire. There are several 336 technological as well as fundamental challenges that make classical 337 approaches unsuitable in a quantum context. 339 4.1.1. The measurement problem 341 In classical computers and networks we can read out the bits stored 342 in memory at any time. This is helpful for a variety of purposes 343 such as copying, error detection and correction, and so on. This is 344 not possible with qubits. 346 A measurement of a qubit's state will destroy its superposition and 347 with it any entanglement it may have been part of. Once a qubit is 348 being processed, it cannot be read out until a suitable point in the 349 computation, determined by the protocol handling the qubit, has been 350 reached. Therefore, we cannot use the same methods known from 351 classical computing for the purposes of error detection and 352 correction. 354 4.1.2. No-cloning theorem 356 Since directly reading the state of a qubit is not possible, one 357 could ask the question if we can simply copy a qubit without looking 358 at it. Unfortunately, this is fundamentally not possible in quantum 359 mechanics. 361 The no-cloning theorem states that it is impossible to create an 362 identical copy of an arbitrary unknown quantum state. Therefore, it 363 is also impossible to use the same mechanisms that worked for 364 classical networks for signal amplification, retransmission, and so 365 on as they all rely on the ability to copy the underlying data. 366 Since any physical channel will always be lossy, connecting nodes 367 within a quantum network is a challenging endeavour and its 368 architecture must at its core address this very issue. 370 4.1.3. Fidelity 372 In general, it is expected that a classical packet arrives at its 373 destination without any errors introduced by hardware noise along the 374 way. This is verified at various levels through a variety of 375 checksums. Since we cannot read or copy a quantum state a similar 376 approach is out of question for quantum networks. 378 To describe the quality of a quantum state a physical quantity called 379 fidelity is used. Fidelity takes a value between 0 and 1 -- higher 380 is better, and less than 0.5 means the state is unusable. It 381 measures how close a quantum state is to the state we desire it to be 382 in. It expresses the probability that one state will pass a test to 383 identify as the other. Fidelity is an important property of a 384 quantum system that allows us to quantify how much a particular state 385 has been affected by noise from various sources (gate errors, channel 386 losses, environment noise). 388 Interestingly, quantum applications do not need perfect fidelity to 389 be able to execute -- as long as it is above some application- 390 specific threshold, they will simply operate at lower rates. 391 Therefore, rather than trying to ensure that we always deliver 392 perfect states (a technologically challenging task) applications will 393 specify a minimum threshold for the fidelity and the network will try 394 its best to deliver it. 396 4.2. Direct transmission 398 Conceptually, the most straightforward way to distribute an entangled 399 state is to simply transmit one of the qubits directly to the other 400 end across a series of nodes while performing sufficient forward 401 quantum error correction to bring losses down to an acceptable level. 402 Despite the no-cloning theorem and the inability to directly measure 403 a quantum state, error-correcting mechanisms for quantum 404 communication exist [7]. However, quantum error correction makes 405 very high demands on both resources (physical qubits needed) and 406 their initial fidelity. Implementation is very challenging and 407 quantum error correction is not expected to be used until later 408 generations of quantum networks. 410 An alternative relies on the observation that we do not need to be 411 able to distribute any arbitrary entangled quantum state. We only 412 need to be able to distribute any one of what are known as the Bell 413 pair states[12]. 415 4.3. Bell pairs 417 Bell pair states are the entangled two-qubit states: 419 |00> + |11>, 420 |00> - |11>, 421 |01> + |10>, 422 |01> - |10>, 424 where the constant 1/sqrt(2) normalisation factor has been ignored 425 for clarity. Any of the four Bell pair states above will do, as it 426 is possible to transform any Bell pair into another Bell pair with 427 local operations performed on only one of the qubits. That is, 428 either of the nodes that hold the two qubits of the Bell pair can 429 apply a series of single qubit gates to just their qubit in order to 430 transform the ensemble between the different variants. 432 Distributing a Bell pair between two nodes is much easier than 433 transmitting an arbitrary quantum state over a network. Since the 434 state is known handling errors becomes easier and small-scale error- 435 correction (such as entanglement distillation discussed in a later 436 section) combined with reattempts becomes a valid strategy. 438 The reason for using Bell pairs specifically as opposed to any other 439 two-qubit state, is that they are the maximally entangled two-qubit 440 set of basis states. Maximal entanglement means that these states 441 have the strongest non-classical correlations of all possible two- 442 qubit states. Furthermore, since single-qubit local operations can 443 never increase entanglement, less entangled states would impose some 444 constraints on distributed quantum algorithms. This makes Bell pairs 445 particularly useful as a generic building block for distributed 446 quantum applications. 448 4.4. Teleportation 450 The observation that we only need to be able to distribute Bell pairs 451 relies on the fact that this enables the distribution of any other 452 arbitrary entangled state. This can be achieved via quantum state 453 teleportation. Quantum state teleportation consumes an unknown 454 quantum state that we want to transmit and recreates it at the 455 desired destination. This does not violate the no-cloning theorem as 456 the original state is destroyed in the process. 458 To achieve this, an entangled pair needs to be distributed between 459 the source and destination before teleportation commences. The 460 source then entangles the transmission qubit with its end of the pair 461 and performs a read out on the two qubits (the sum of these 462 operations is called a Bell state measurement). This consumes the 463 Bell pair's entanglement turning the source and destination qubits 464 into independent states. The measurements yields two classical bits 465 which the source sends to the destination over a classical channel. 466 Based on the value of the received two classical bits, the 467 destination performs one of four possible corrections (called the 468 Pauli corrections) on its end of the pair which turns it into the 469 unknown quantum state that we wanted to transmit. 471 The unknown quantum state that was transmitted was never fed into the 472 network itself. Therefore, the network needs to only be able to 473 reliably produce Bell pairs between any two nodes in the network. 475 4.5. The life cycle of entanglement 477 Reducing the problem of quantum connectivity to one of generating a 478 Bell pair has facilitated the problem, but it has not solved it. In 479 this section we discuss, how these entangled pairs are generated in 480 the first place, and how its two qubits are delivered to the end- 481 points. 483 4.5.1. Elementary link generation 485 In a quantum network, entanglement is always first generated locally 486 (at a node or an auxiliary element) followed by a movement of one or 487 both of the entangled qubits across the link through quantum 488 channels. In this context, photons (particles of light) are the 489 natural candidate for entanglement carriers, the so-called flying 490 qubits. The rationale for this choice is related to the advantages 491 provided by photons such as moderate interaction with the environment 492 leading to moderate decoherence, convenient control with standard 493 optical components, and high-speed low-loss transmissions. However, 494 since photons cannot be stored, a transducer must transfer the flying 495 qubit's state to a qubit suitable for information processing and/or 496 storage (often referred to as a matter qubit). 498 Since this process may fail, in order to generate and store 499 entanglement efficiently, we must be able to distinguish successful 500 attempts from failures. Entanglement generation schemes that are 501 able to announce successful generation are called heralded 502 entanglement generation schemes. 504 There exist three basic schemes for heralded entanglement generation 505 on a link through coordinated action of the two nodes at the two ends 506 of the link [13]: 508 o "At mid-point" scheme: the key idea is that an entangled pair 509 source sends an entangled photon through a quantum channel to each 510 of the nodes, where transducers are invoked to transfer the 511 entanglement from the flying qubits to the matter qubits. In this 512 scheme, the transducers know if the transfers succeeded and are 513 able to herald successful entanglement generation via a message 514 exchange over the classical channel. 516 o "At source" scheme: the key idea is that one of the two nodes 517 sends a flying qubit that is entangled with one of its matter 518 qubits. A transducer at the other end of the link will transfer 519 the entanglement from the flying qubit to one of its matter 520 qubits. Also in this scheme, the transducer knows if its transfer 521 succeeded and is able to herald successful entanglement generation 522 with a classical message sent to the other node. 524 o "At both end-points" scheme: the key idea is that both nodes send 525 a flying qubit that is entangled with one of their matter qubits. 526 A detector somewhere in between the nodes performs a joint 527 measurement on the two qubits, which stochastically projects the 528 remote matter qubits into an entangled quantum state. In this 529 scheme, the detector knows if the entanglement succeeded and is 530 able to herald successful entanglement generation by sending a 531 message to each node over the classical channel. 533 The "mid-point" scheme is more robust to photon loss, but in the 534 other schemes the nodes retain greater control over the entangled 535 pair generation. 537 4.5.2. Entanglement swapping 539 The problem with generating entangled pairs directly across a link is 540 that its efficiency decreases with its length. Beyond a few 10s of 541 kms in optical fibre or 1000 kms in free space (via satellite) the 542 rate is effectively zero and due to the no-cloning theorem we cannot 543 simply amplify the signal. The solution is entanglement swapping. 545 A Bell pair between any two nodes in the network can be constructed 546 by combining the pairs generated along each individual link on the 547 path between the two end-points. Each node along the path can 548 consume the two pairs on the two links that it is connected to in 549 order to produce a new entangled Pair between the two remote ends. 550 This process is known as entanglement swapping. Pictorially it can 551 be represented as follows: 553 +---------+ +---------+ +---------+ 554 | A | | B | | C | 555 | |------| |------| | 556 | X1~~~~~~~~~~X2 Y1~~~~~~~~~~Y2 | 557 +---------+ +---------+ +---------+ 558 where X1 and X2 are the qubits of the entangled pair X and Y1 and Y2 559 are the qubits of entangled pair Y. The entanglement is denoted with 560 ~~. In the diagram above nodes A and B share the pair X and nodes B 561 and C share the pair Y, but we want entanglement between A and C. 563 To achieve this goal we simply teleport the qubit X2 using the pair 564 Y. This requires node B to performs a Bell state measurement on the 565 qubits X2 and Y1 which result in the destruction of the entanglement 566 between Y1 and Y2. However, X2 is transmitted and recreated in Y2's 567 place carrying with it its entanglement with X1. The end-result is 568 shown below: 570 +---------+ +---------+ +---------+ 571 | A | | B | | C | 572 | |------| |------| | 573 | X1~~~~~~~~~~~~~~~~~~~~~~~~~~~X2 | 574 +---------+ +---------+ +---------+ 576 Depending on the needs of the network and/or application a final 577 Pauli correction at the recipient node may not be necessary since the 578 result of this operation is also a Bell pair. However, the two 579 classical bits that form the read out from the measurement at node B 580 must still be communicated, because they carry information about 581 which of the four Bell pairs was actually produced. If a correction 582 is not performed, the recipient must be informed which Bell pair was 583 received. 585 This process of teleporting Bell pairs using other entangled pairs is 586 called entanglement swapping. Quantum nodes that create long- 587 distance entangled pairs via entanglement swapping are called quantum 588 repeaters in academic literature [12] and we will use the same 589 terminology in this memo. 591 4.5.3. Distillation 593 Neither the generation of Bell pairs nor the swapping operations are 594 noiseless operations. Therefore, with each link and each swap the 595 fidelity of the state degrades. However, it is possible to create 596 higher fidelity Bell pair states from two or more lower fidelity 597 pairs through a process called distillation (sometimes also referred 598 to as purification). 600 To distil a quantum state, a second (and sometimes third) quantum 601 state is used as a "test tool" to test a proposition about the first 602 state, e.g., "the parity of the first state is even." When the test 603 succeeds, confidence in the state is improved, and thus the fidelity 604 is improved. The test tool states are destroyed in the process, so 605 resource demands increase substantially when distillation is used. 607 When the test fails, the tested state must also be discarded. 608 Distillation makes low demands on fidelity and resources, but 609 distributed protocols incur round-trip delays [11]. 611 4.5.4. Delivery 613 Eventually the Bell pairs must be delivered to an application (or 614 higher layer protocol) at the two end-nodes. A detailed list of such 615 requirements is beyond the scope of this memo. At minimum, the end- 616 nodes require information to map a particular Bell pair to the qubit 617 in their local memory that is part of this entangled pair. 619 5. Architecture of a quantum internet 621 It is evident from the previous sections that the fundamental service 622 provided by a quantum network significantly differs from that of a 623 classical network. Therefore, it is not surprising that the 624 architecture of a quantum internet will itself be very different from 625 that of the classical Internet. 627 5.1. New challenges 629 This subsection covers the major fundamental challenges building 630 quantum networks. Here, we only describe the fundamental 631 differences, technological limitations are described later. 633 1. Bell pairs are not equivalent to payload carrying packets. 635 In most classical networks, including Ethernet, Internet Protocol 636 (IP), and Multi-Protocol Label Switching (MPLS) networks, user 637 data is grouped into packets. In addition to the user data each 638 packet also contains a series of headers which contain the 639 control information that lets routers and switches forward it 640 towards its destination. Packets are the fundamental unit in a 641 classical network. 643 In a quantum network the entangled pairs of qubits are the basic 644 unit of networking. These pairs are handled individually -- they 645 are not grouped into packets and they do not carry any headers. 646 Therefore, quantum networks will have to send all control 647 information via separate classical channels which the repeaters 648 will have to correlate with the qubits stored in their memory. 650 2. An entangled pair is only useful if the locations of both qubits 651 are known. 653 A classical network packet logically exists only at one location 654 at any point in time. If a packet is modified in some way, 655 headers or payload, this information does not need to be conveyed 656 to anybody else in the network. The packet can be simply 657 forwarded as before. 659 In contrast, entanglement is a phenomenon in which two or more 660 qubits exist in a physically distributed state. Operations on 661 one of the qubits change the mutual state of the pair. Since the 662 owner of a particular qubit cannot just read out its state, it 663 must coordinate all its actions with the owner of the pair's 664 other qubit. Therefore, the owner of any qubit that is part of 665 an entangled pair must know the location of its counterpart. 666 Location, in this context, need not be the explicit spatial 667 location. A relevant pair identifier, a means of communication 668 between the pair owners, and an association between the pair ID 669 and the individual qubits is sufficient. 671 3. Generating entanglement requires temporary state. 673 Packet forwarding in a classical network is largely a stateless 674 operation. When a packet is received, the router looks up its 675 forwarding table and sends the packet out of the appropriate 676 output. There is no need to keep any memory of the packet any 677 more. 679 A quantum node must be able to make decisions about qubits that 680 it receives and is holding in its memory. Since qubits do not 681 carry headers, the receipt of an entangled pair conveys no 682 control information based on which the repeater can make a 683 decision. The relevant control information will arrive 684 separately over a classical channel. This implies that a 685 repeater must store temporary state as the control information 686 and the qubit it pertains to will, in general, not arrive at the 687 same time. 689 5.2. Classical communication 691 In this memo we have already covered two different roles that 692 classical communication must perform: 694 o communicate classical bits of information as part of distributed 695 protocols such as entanglement swapping and teleportation, 697 o communicate control information within a network - this includes 698 both background protocols such as routing as well as signalling 699 protocols to set up end-to-end entanglement generation. 701 Classical communication is a crucial building block of any quantum 702 network. All nodes in a quantum network are assumed to have 703 classical connectivity with each other (within typical administrative 704 domain limts). Therefore, quantum routers will need to manage two 705 data planes in parallel, a classical one and a quantum one. 706 Additionally, it must be able to correlate information between them 707 so that the control information received on a classical channel can 708 be applied to the qubits managed by the quantum data plane. 710 5.3. Abstract model of the network 712 5.3.1. Elements of a quantum network 714 We have identified quantum repeaters as the core building block of a 715 quantum network. However, a quantum repeater will have to do more 716 than just entanglement swapping in a functional quantum network. Its 717 key responsibilities will include: 719 1. Creating link-local entanglement between neighbouring nodes. 721 2. Extending entanglement from link-local pairs to long-range pairs 722 through entanglement swapping. 724 3. Performing distillation to manage the fidelity of the produced 725 pairs 727 4. Participate in the management of the network (routing etc.). 729 Not all quantum repeaters in the network will be the same, here we 730 break them down further: 732 o Quantum routers (controllable quantum nodes) - A quantum router is 733 a quantum repeater with a control plane that participates in the 734 management of the network and will make decisions about which 735 qubits to swap to generate the requested end-to-end pairs. 737 o Automated quantum nodes - An automated quantum node is a data 738 plane only quantum repeater that does not participate in network 739 management. Since the no-cloning theorem precludes the use of 740 amplification long-range links will be established by chaining 741 multiple such automated nodes together. 743 o End-nodes - End-nodes in a quantum network must be able to receive 744 and handle an entangled pair, but they do not need to be able to 745 perform an entanglement swap (and thus are not necessarily quantum 746 repeaters). End-nodes are also not required to have any quantum 747 memory as certain quantum applications can be realised by having 748 the end-node measure its qubit as soon as it is received. 750 o Non-quantum nodes - Not all nodes in a quantum network need to 751 have a quantum data plane. A non-quantum node is any device that 752 can handle classical network traffic. 754 Additionally, we need to identify two kinds of links that will be 755 used in a quantum network: 757 o Quantum links - A quantum link is a link which can be used to 758 generate an entangled pair between two directly connected quantum 759 repeaters. It may include a dedicated classical channel that is 760 to be used solely for the purpose of coordinating the entanglement 761 generation on this quantum link. 763 o Classical links - A classical link is a link between any node in 764 the network that is capable of carrying classical network traffic. 766 5.3.2. Putting it all together 768 A two-hop path in a generic quantum network can be represented as: 770 | App |-------------------CC-------------------| App | 771 || || 772 ------ ------ ------ 773 | EN |----QC & CC----| QR |----QC & CC----| EN | 774 ------ ------ ------ 776 App - user-level application 777 QR - quantum repeater 778 EN - end-node 779 QC - quantum channel 780 CC - classical channel 782 An application running on two end-nodes attached to a network will at 783 some point need the network to generate entangled pairs for its use. 784 This will require negotiation between the end-nodes, because they 785 must both open a communication end-point (a quantum socket) which the 786 network can use to identify the two ends of the connection. The two 787 end-nodes use the classical connectivity available in the network to 788 achieve this goal. 790 When the network receives a request to generate end-to-end entangled 791 pairs it uses the classical communication channels to coordinate and 792 claim the resources necessary to fulfil this request. This may be 793 some combination of prior control information (e.g. routing tables) 794 and signalling protocols, but the details of how this is achieved are 795 an active research question and thus beyond the scope of this memo. 797 During or after the control information is distributed the network 798 performs the necessary quantum operations such as generating 799 entangled over individual links, performing entanglement swaps, and 800 further signalling to transmit the swap outcomes and other control 801 information. Since none of the entangled pairs carry any user data, 802 some of these operations can be performed before the request is 803 received in anticipation of the demand. 805 The entangled pair is delivered to the application once it is ready, 806 together with the relevant pair identifier. However, being ready 807 does not necessarily mean once all link pairs and entanglement swaps 808 are complete as some applications can start executing on an 809 incomplete pair. In this case the remaining entanglement swaps will 810 propagate the actions across the network to the other end. 812 5.4. Network boundaries 814 Just like classical network, there will various boundaries will exist 815 in quantum networks. 817 5.4.1. Boundaries between different physical architectures 819 There are many different physical architectures for implementing 820 quantum repeater technology. The different technologies differ in 821 how they store and manipulate qubits in memory and how they generate 822 entanglement across a link with their neighbours. Different 823 architectures come with different trade-offs and thus a functional 824 network will likely consist of a mixture of different types of 825 quantum repeaters. 827 For example, architectures based on optical elements and atomic 828 ensembles are very efficient at generating entanglement, but provide 829 little control over the qubits once the pair is generated. On the 830 other hand nitrogen-vacancy architectures offer a much greater degree 831 of control over qubits, but have a harder time generating the 832 entanglement across a link. 834 It is an open research question where exactly the boundary will lie. 835 It could be that a single quantum repeater node provides some 836 backplane connection between the architectures, but it also could be 837 that special quantum links delineate the boundary. 839 5.4.2. Boundaries between different administrative regions 841 Just like in classical networks, multiple quantum networks will 842 connect into a global quantum internet. This necessarily implies the 843 existence of borders between different administrative regions. How 844 these boundaries will be handled is also an open question and thus 845 beyond the scope of this memo. 847 5.5. Physical constraints 849 The model above has effectively abstracted away the particulars of 850 the hardware implementation. However, certain physical constraints 851 need to be considered in order to build a practical network. Some of 852 these are fundamental constraints and no matter how much the 853 technology improves, they will always need to be addressed. Others 854 are artefacts of the early stages of a new technology. Here, we 855 consider a highly abstract scenario and refer to [5] for pointers to 856 the physics literature. 858 5.5.1. Memory lifetimes 860 In addition to discrete operations being imperfect, storing a qubit 861 in memory is also highly non-trivial. The main difficulty in 862 achieving persistent storage is that it is extremely challenging to 863 isolate a quantum system from the environment. The environment 864 introduces an uncontrollable source of noise into the system which 865 affects the fidelity of the state. This process is known as 866 decoherence. Eventually, the state has to be discarded once its 867 fidelity degrades too much. 869 The memory lifetime depends on the particular physical setup, but the 870 highest achievable values currently are on the order of seconds. 871 These values have increased tremendously over the lifetime of the 872 different technologies and are bound to keep increasing. However, if 873 quantum networks are to be realised in the near future, they need to 874 be able to handle short memory lifetimes, for example by reducing 875 latency on critical paths. 877 5.5.2. Rates 879 Entanglement generation on a link between two connected nodes is not 880 a very efficient process and it requires many attempts to succeed. A 881 fast repetition rate for Bell pair generation is achievable, but only 882 a small fraction will succeed. Currently, the highest achievable 883 rates of success between nodes capable of storing the resulting 884 qubits are of the order of 10 Hz. Combined with short memory 885 lifetimes this leads to very tight timing windows to build up 886 network-wide connectivity. 888 5.5.3. Communication qubits 890 Most physical architectures capable of storing qubits are only able 891 to generate entanglement using only a subset of its available qubits 892 called communication qubits. Once a Bell pair has been generated 893 using a communication qubit, its state can be transferred into 894 memory. This may impose additional limitations on the network. In 895 particular if a given node has only one communication qubit it cannot 896 simultaneously generate Bell Pairs over two links. It must generate 897 entanglement over the links one at a time. 899 5.5.4. Homogeneity 901 Currently all hardware implementations are homogeneous and they do 902 not interface with each other. In general, it is very challenging to 903 combine different quantum information processing technologies at 904 present. Coupling different technologies with each other is of great 905 interest as it may help overcome the weaknesses of the different 906 implementations, but this may take a long time to be realised with 907 high reliability and thus is not a near-term goal. 909 6. Architectural principles 911 Given that the most practical way of realising quantum network 912 connectivity is using Bell Pair and entanglement swapping repeater 913 technology what sort of principles should guide us in assembling such 914 networks such that they are functional, robust, efficient, and most 915 importantly: they work. Furthermore, how do we design networks so 916 that they work under the constraints imposed by the hardware 917 available today, but do not impose unnecessary burden on future 918 technology. 920 As this is a completely new technology that is likely to see many 921 iterations over its lifetime, this memo must not serve as a 922 definitive set of rules, but merely as a general set of recommended 923 guidelines for the first generations of quantum networks based on 924 principles and observations made by the community. The benefit of 925 having a community built document at this early stage is that 926 expertise in both quantum information and network architecture is 927 needed in order to successfully build a quantum internet. 929 6.1. Goals of a quantum internet 931 When outlining any set of principles we must ask ourselves what goals 932 do we want to achieve as inevitably trade-offs must be made. So what 933 sort of goals should drive a quantum network architecture? The 934 following list has been inspired by the history of the classical 935 Internet, but it will inevitably evolve with time and the needs of 936 its users. The goals are listed in order of priority which in itself 937 may also evolve as the community learns more about the technology. 939 1. Support distributed quantum applications 941 This goal seems trivially obvious, but makes a subtle, but 942 important point which highlights a key difference between quantum 943 and classical networks. Ultimately, quantum data transmission is 944 not the goal of a quantum network - it is only one possible 945 component of more advanced quantum application protocols. Whilst 946 transmission certainly could be used as a building block for all 947 quantum applications, it is certainly not the most basic one 948 possible. For example, QKD, the most well known quantum 949 application protocol only relies on the stronger than classical 950 correlations and inherent secrecy of entangled Bell pairs and 951 does not transmit arbitrary quantum states. 953 The primary purpose of a quantum internet is to support 954 distributed quantum application protocols and it is of utmost 955 importance that they can run well and efficiently. Thus, it is 956 important to develop performance metrics meaningful to 957 application to drive the development of quantum network 958 protocols. For example, the Bell pair generation rate is 959 meaningless if one does not also consider their fidelity. It is 960 generally, much easier to generate pairs of lower fidelity, but 961 quantum applications may have to make multiple re-attempts or 962 even abort if the fidelity is too low. A review of the 963 requirements for different known quantum applications can be 964 found in [5]. 966 2. Support tomorrow's distributed quantum applications 968 Early-stage quantum networks will be very limited in terms of 969 their capabilities and will only be able to run a limited set of 970 applications. As quantum repeater technology becomes more 971 advanced and acquire more sophisticated capabilities, new 972 applications will become possible. The different stages of this 973 development are described in [5]. 975 Therefore, it is important that any proposed architecture for 976 general purpose quantum repeater networks should not constrain 977 their potential capabilities for the benefit of being able to run 978 early-stage applications more efficiently. For example, it is 979 already possible to run QKD efficiently on metropolitan scales 980 and such networks are already commercially available. However, 981 they are not based on quantum repeaters and thus will not be able 982 to easily transition more sophisticated applications. 984 3. Support hardware heterogeneity 986 There are multiple proposals for realising practical quantum 987 repeater hardware and they all have their advantages and 988 disadvantages. Some may offer higher Bell pair generation rates 989 on individual links at the cost of more difficult entanglement 990 swap operations. Other platforms may be good all around, but are 991 more difficult to build. 993 Whilst conceptually they are all capable of the same tasks the 994 optimal network configuration will likely leverage the advantages 995 of multiple platforms to optimise the provided service. 996 Therefore, it is an explicit goal to incorporate varied hardware 997 support from the beginning. 999 4. Be flexible with regards to hardware capabilities and limitations 1001 This goal encompasses two important points. First, the 1002 architecture should be able to function under the physical 1003 constraints imposed by the current generation hardware. Second, 1004 it should not make it difficult to run the network over any 1005 hardware that may come along in the future. The physical 1006 capabilities of repeaters will improve and redeploying a 1007 technology is extremely challenging. 1009 5. Ensure security at the network level 1011 Whilst the priority for the first quantum networks should be to 1012 simply work, we cannot forget that ultimately they have to also 1013 be secure. This is particularly important for quantum networks 1014 given that one of the key driving factors for the technology is 1015 the enhance security offered by quantum entanglement. This has 1016 implications for the physical realisations (do they satisfy the 1017 idealised theoretical models) and also the design of the control 1018 stack. 1020 It is actually difficult to guarantee security at the network 1021 level and even if the network did provide such guarantees, the 1022 application would still need to perform its own verification 1023 similarly to how one ensures end-to-end security in classical 1024 networks. 1026 It turns out that as long as the underlying implementation 1027 corresponds to (or sufficiently approximates) theoretical models 1028 of quantum cryptography, quantum cryptographic protocols do not 1029 need the network to provide any guarantees about the 1030 authenticity, confidentiality, or integrity of the transmitted 1031 qubits or the generated entanglement. Instead, applications, 1032 such as QKD, establish such guarantees using the classical 1033 network in conjunction with he quantum one. This is much easier 1034 than demanding that the network deliver secure entanglement in 1035 the first place. 1037 Nevertheless, control protocols themselves should be security 1038 aware in order to protect the operation of the network itself and 1039 limit disruption. This will primarily involve securing the 1040 classical control and management traffic by means of 1041 authentication and possibly encryption. 1043 6. Make them easy to manage and monitor 1045 The fundamental unit of quantum information, the qubit, cannot be 1046 actively monitored as any readout irreversibly destroys its 1047 contents. Furthermore, given one end of an entangled pair, it is 1048 impossible to tell where the other qubit is without any 1049 additional information. Therefore, monitoring quantum networks 1050 will be more challenging and more important if any meaningful 1051 network management solution is to be developed. 1053 7. Ensure availability and resilience 1055 A practical and usable network is able to continue to operate 1056 despite losses and failures, and will be robust to malicious 1057 actors trying to disable connectivity. These may be simply 1058 considered different aspects of security, but it is worthwhile to 1059 address them explicitly at the architectural level already. The 1060 coexistence of two separate channels, a quantum and a classical 1061 one, will likely prove to be challenging. 1063 6.2. The principles of a quantum internet 1065 The principles support the goals, but are not goals themselves. The 1066 goals define what we want to build and the principles provide a 1067 guideline in how we might achieve this. The goals will also be the 1068 foundation for defining any metric of success for a network 1069 architecture, whereas the principles in themselves do not distinguish 1070 between success and failure. For more information about design 1071 considerations for quantum networks see [8] [9] . 1073 1. Bell Pairs are the fundamental building block 1075 The key service that a quantum network provides is the 1076 distribution of entanglement between the nodes in a network. 1077 This point additionally specifies that the entanglement is 1078 primarily distributed in the form of the entangled Bell Pair 1079 states which should be used as a building block in providing 1080 other services, including more complex entangled states. 1082 2. Bell Pairs are indistinguishable 1084 Any two Bell Pairs between the same two nodes are 1085 indistinguishable for the purposes of an application provided 1086 they both satisfy its required fidelity threshold. This point is 1087 crucial in enabling the reuse of resources of a network and for 1088 the purposes of provisioning resources to meet application 1089 demand. However, the qubits that make up the pair themselves are 1090 not indistinguishable and the two nodes operating on a pair must 1091 coordinate to make sure they are operating on qubits that belong 1092 to the same Bell Pair. 1094 3. Fidelity is part of the service 1096 In addition to being able to deliver Bell Pairs to the 1097 communication end-points, the Bell Pairs must be of sufficient 1098 fidelity. Unlike in classical networks where errors should 1099 essentially be eliminated for most application protocols, many 1100 quantum applications only need imperfect entanglement to 1101 function. However, different applications will have different 1102 requirements for what fidelity they can work with. It is the 1103 network's responsibility to balance the resource usage with 1104 respect to the application's requirements. It may be that it is 1105 cheaper for the network to provide lower fidelity pairs that are 1106 just above the threshold required by the application than it is 1107 to guarantee high fidelity pairs to all applications regardless 1108 of their requirements. 1110 4. Time is part of the service 1112 With the current technology, time is the most expensive resource. 1113 It is not the only resource that is in short supply (memory, and 1114 communication qubits are as well), but ultimately it is the 1115 lifetime of quantum memories that imposes the most difficult 1116 conditions for operating an extended network of quantum nodes. 1117 Current hardware has low rates of Bell Pair generation, short 1118 memory lifetimes, and access to a limited number of communication 1119 qubits. All these factors combined mean that even a short 1120 waiting queue at some node could be enough for the Bell Pairs to 1121 decohere. 1123 7. Comparison with classical networks 1125 Creating end-to-end Bell pairs between remote end-points is a 1126 stateful distributed task that requires a lot of a-priori 1127 coordination. Therefore, a connection-oriented approach seems the 1128 most natural for quantum networks. In this section, we discuss a 1129 plausible quantum network architecture inspired by MPLS. This is not 1130 an architecture proposal, but a thought experiment to give the reader 1131 an idea of what components are necessary for a functional quantum 1132 network. We use classical MPLS as a basis as it is well known and 1133 understood in the networking community. 1135 In connection-oriented quantum networks, when two quantum application 1136 end-points wish to start creating end-to-end Bell pairs, they must 1137 first create a quantum virtual circuit (QVC). As an analogy, in MPLS 1138 networks end-points must establish a label switched path (LSP) before 1139 exchanging traffic. Connection-oriented quantum networks may also 1140 support virtual circuits with multiple end-points for creating 1141 multipartite entanglement. As an analogy, MPLS networks have the 1142 concept of multi-point LSPs for multicast. 1144 When a quantum application creates a quantum virtual circuit, it can 1145 indicate quality of service (QoS) parameters such as the required 1146 capacity in end-to-end Bell pairs per second (BPPS) and the required 1147 fidelity of the Bell pairs. As an analogy, in MPLS networks 1148 applications specify the required bandwidth in bits per second (BPS) 1149 and other constraints when they create a new LSP. 1151 Quantum networks need a routing function to compute the optimal path 1152 (i.e. the best sequence of routers and links) for each new quantum 1153 virtual circuit. The routing function may be centralized or 1154 distributed. In the latter case, the quantum network needs a 1155 distributed routing protocol. As an analogy, classical networks use 1156 routing protocols such as open shortest path first (OSPF) and 1157 intermediate-system to intermediate system (ISIS). 1159 Given the very scarce availability of resources in early quantum 1160 networks, a traffic engineering function is likely to be beneficial. 1161 Without traffic engineering, quantum virtual circuits always use the 1162 shortest path. In this case, the quantum network cannot guarantee 1163 that each quantum end-point will get its Bell pairs at the required 1164 rate or fidelity. This is analogous to "best effort" service in 1165 classical networks. 1167 With traffic engineering, quantum virtual circuits choose a path that 1168 is guaranteed to have the requested resources (e.g. bandwidth in 1169 BPPS) available, taking into account the capacity of the routers and 1170 links and taking into account the resources already consumed by other 1171 virtual circuits. As an analogy, both OSPF and ISIS have traffic 1172 engineering (TE) extensions to keep track of used and available 1173 resources, and can use constrained shortest path first (CSPF) to take 1174 resource availability and other constraints into account when 1175 computing the optimal path. 1177 The use of traffic engineering implies the use of call admission 1178 control (CAC): the network denies any virtual circuits for which it 1179 cannot guarantee the requested quality of service a-priori. Or 1180 alternatively, the network pre-empts lower priority circuits to make 1181 room for the new one. 1183 Quantum networks need a signaling function: once the path for a 1184 quantum virtual circuit has been computed, signaling is used to 1185 install the "forwarding rules" into the data plane of each quantum 1186 router on the path. The signaling may be distributed, analogous to 1187 the resource reservation protocol (RSVP) in MPLS. Or the signaling 1188 may be centralized, similar to OpenFlow. 1190 Quantum networks need an abstraction of the hardware for specifying 1191 the forwarding rules. This allows us to de-couple the control plane 1192 (routing and signaling) from the data plane (actual creation of Bell 1193 pairs). The forwarding rules are specified using abstract building 1194 blocks such as "creating local Bell pairs", "swapping Bell pairs", 1195 "distillation of Bell pairs". As an analogy, classical networks use 1196 abstractions that as based on match conditions (e.g. looking up 1197 header fields in tables) and actions (e.g. modifying fields or 1198 forwarding a packet to a specific interface). The data-plane 1199 abstractions in quantum networks will be very different from those in 1200 classical networks due to the fundamental differences in technology 1201 and the stateful nature of quantum networks. In fact, choosing the 1202 right abstractions will be one of the biggest challenges when 1203 designing interoperable quantum network protocols. 1205 In quantum networks, control plane traffic (routing and signaling 1206 messages) is exchanged over a classical channel, whereas data plane 1207 traffic (the actual Bell pair qubits) is exchanged over a separate 1208 quantum channel. This is in contrast to most classical networks, 1209 where control plane traffic and data plane traffic share the same 1210 channel and where a single packet contains both user fields and 1211 header fields. There is, however, a classical analogy to the way 1212 quantum networks work. Generalized MPLS (GMPLS) networks use 1213 separate channels for control plane traffic and data plane traffic. 1214 Furthermore, GMPLS networks support data planes where there is no 1215 such thing as data plane headers (e.g. DWDM or TDM networks). 1217 8. Security Considerations 1219 Even though no user data enters a quantum network security is listed 1220 as an explicit goal for the architecture and this issue is addressed 1221 in the section on goals. Even though user data doesn't enter the 1222 network, it is still possible to attack the control protocols and 1223 violate the authenticity, confidentiality, and integrity of 1224 communication. However, as this is an informational memo it does not 1225 propose any concrete mechanisms to achieve these goals. 1227 In summary: 1229 As long as the underlying implementation corresponds to (or 1230 sufficiently approximates) theoretical models of quantum 1231 cryptography, quantum cryptographic protocols do not need the network 1232 to provide any guarantees about the authenticity, confidentiality, or 1233 integrity of the transmitted qubits or the generated entanglement. 1234 Instead, applications such as QKD establish such guarantees using the 1235 classical network in conjunction with he quantum one. This is much 1236 easier than demanding that the network deliver secure entanglement. 1238 9. IANA Considerations 1240 This memo includes no request to IANA. 1242 10. Acknowledgements 1244 The authors of this memo acknowledge funding received from the EU 1245 Flagship on Quantum Technologies through Quantum Internet Alliance 1246 project. 1248 The authors would further like to acknowledge Carlo Delle Donne, 1249 Matthew Skrzypczyk, and Axel Dahlberg for useful discussions on this 1250 topic prior to the submission of this memo. 1252 11. Informative References 1254 [1] Bennett, C. and G. Brassard, "Quantum cryptography: Public 1255 key distribution and coin tossing", Theoretical Computer 1256 Science 560, 7-11, 2014, 1257 . 1259 [2] Crepeau, C., Gottesman, D., and A. Smith, "Secure multi- 1260 party quantum computation. Proceedings of Symposium on 1261 Theory of Computing", Proceedings of Symposium on Theory 1262 of Computing , 2002, 1263 . 1265 [3] Giovanetti, V., Lloyd, S., and L. Maccone, "Quantum- 1266 enhanced measurements: beating the standard quantum 1267 limit", Science 306(5700), 1330-1336, 2004, 1268 . 1270 [4] Castelvecchi, D., "The Quantum Internet has arrived (and 1271 it hasn't)", Nature 554, 289-292, 2018, 1272 . 1274 [5] Wehner, S., Elkouss, D., and R. Hanson, "Quantum internet: 1275 A vision for the road ahead", Science 362, 6412, 2018, 1276 . 1279 [6] Aspect, A., Grangier, P., and G. Roger, "Experimental 1280 Tests of Realistic Local Theories via Bell's Theorem", 1281 Phys. Rev. Lett. 47 (7): 460-463, 1981, 1282 . 1285 [7] Muralidharan, S., Kim, J., Lutkenhaus, N., Lukin, M., and 1286 L. Jiang, "Ultrafast and Fault-Tolerant Quantum 1287 Communication across Long Distances", Phys. Rev. Lett. 112 1288 (25-27), 250501, 2014, . 1290 [8] Van Meter, R. and J. Touch, "Designing quantum repeater 1291 networks", IEEE Communications Magazine 51, 64-71, 2013, 1292 . 1294 [9] Dahlberg, A., Skrzypczyk, M., Coopmans, T., Wubben, L., 1295 Rozpedek, F., Pompili, M., Stolk, A., Pawelczak, P., 1296 Knegjens, R., de Oliveira Filho, J., Hanson, R., and S. 1297 Wehner, "A Link Layer Protocol for Quantum Networks", 1298 arXiv 1903.09778, 2019, 1299 . 1301 [10] Nielsen, M. and I. Chuang, "Quantum Computation and 1302 Quantum Information", Cambridge University Press , 2011. 1304 [11] Bennett, C., DiVincenzo, D., Smolin, J., and W. Wootters, 1305 "Mixed State Entanglement and Quantum Error Correction", 1306 Phys. Rev. A Vol. 54, Iss. 5, 1996, 1307 . 1309 [12] Briegel, H., Dur, W., Cirac, J., and P. Zoller, "Quantum 1310 Repeaters: The Role of Imperfect Local Operations in 1311 Quantum Communication", Phys. Rev. Lett. Vol. 81, Num. 26, 1312 1998, . 1314 [13] Cacciapuoti, A., Caleffi, M., Van Meter, R., and L. Hanzo, 1315 "When Entanglement meets Classical Communications: Quantum 1316 Teleportation for the Quantum Internet", , 2019, 1317 . 1319 Authors' Addresses 1321 Wojciech Kozlowski 1322 QuTech 1323 Building 22 1324 Lorentzweg 1 1325 Delft 2628 CJ 1326 Netherlands 1328 Email: w.kozlowski@tudelft.nl 1330 Stephanie Wehner 1331 QuTech 1332 Building 22 1333 Lorentzweg 1 1334 Delft 2628 CJ 1335 Netherlands 1337 Email: s.d.c.wehner@tudelft.nl 1339 Rodney Van Meter 1340 Keio University 1341 5322 Endo 1342 Fujisawa, Kanagawa 252-0882 1343 Japan 1345 Email: rdv@sfc.wide.ad.jp 1347 Bruno Rijsman 1348 Individual 1350 Email: brunorijsman@gmail.com 1351 Angela Sara Cacciapuoti 1352 University of Naples Federico II 1353 Department of Electrical Engineering and Information Technologies 1354 Claudio 21 1355 Naples 80125 1356 Italy 1358 Email: angelasara.cacciapuoti@unina.it 1360 Marcello Caleffi 1361 University of Naples Federico II 1362 Department of Electrical Engineering and Information Technologies 1363 Claudio 21 1364 Naples 80125 1365 Italy 1367 Email: marcello.caleffi@unina.it