idnits 2.17.1 draft-irtf-qirg-quantum-internet-use-cases-07.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (July 12, 2021) is 1012 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Unused Reference: 'I-D.dahlberg-ll-quantum' is defined on line 1236, but no explicit reference was found in the text == Unused Reference: 'RFC2119' is defined on line 1315, but no explicit reference was found in the text == Outdated reference: A later version (-11) exists of draft-irtf-qirg-principles-06 Summary: 0 errors (**), 0 flaws (~~), 4 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 QIRG C. Wang 3 Internet-Draft A. Rahman 4 Intended status: Informational InterDigital Communications, LLC 5 Expires: January 13, 2022 R. Li 6 Kanazawa University 7 M. Aelmans 8 Juniper Networks 9 K. Chakraborty 10 The University of Edinburgh 11 July 12, 2021 13 Applications and Use Cases for the Quantum Internet 14 draft-irtf-qirg-quantum-internet-use-cases-07 16 Abstract 18 The Quantum Internet has the potential to improve application 19 functionality by incorporating quantum information technology into 20 the infrastructure of the overall Internet. This document provides 21 an overview of some applications expected to be used on the Quantum 22 Internet, and then categorizes them using various classification 23 schemes. Some general requirements for the Quantum Internet are also 24 discussed. The intent of this document is to describe a framework 25 for applications, and describe use cases for the Quantum Internet. 26 This document is a product of the Quantum Internet Research Group 27 (QIRG). 29 Status of This Memo 31 This Internet-Draft is submitted in full conformance with the 32 provisions of BCP 78 and BCP 79. 34 Internet-Drafts are working documents of the Internet Engineering 35 Task Force (IETF). Note that other groups may also distribute 36 working documents as Internet-Drafts. The list of current Internet- 37 Drafts is at https://datatracker.ietf.org/drafts/current/. 39 Internet-Drafts are draft documents valid for a maximum of six months 40 and may be updated, replaced, or obsoleted by other documents at any 41 time. It is inappropriate to use Internet-Drafts as reference 42 material or to cite them other than as "work in progress." 44 This Internet-Draft will expire on January 13, 2022. 46 Copyright Notice 48 Copyright (c) 2021 IETF Trust and the persons identified as the 49 document authors. All rights reserved. 51 This document is subject to BCP 78 and the IETF Trust's Legal 52 Provisions Relating to IETF Documents 53 (https://trustee.ietf.org/license-info) in effect on the date of 54 publication of this document. Please review these documents 55 carefully, as they describe your rights and restrictions with respect 56 to this document. Code Components extracted from this document must 57 include Simplified BSD License text as described in Section 4.e of 58 the Trust Legal Provisions and are provided without warranty as 59 described in the Simplified BSD License. 61 Table of Contents 63 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 64 2. Terms and Acronyms List . . . . . . . . . . . . . . . . . . . 3 65 3. Quantum Internet Applications . . . . . . . . . . . . . . . . 6 66 3.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 6 67 3.2. Classification by Application Usage . . . . . . . . . . . 6 68 3.2.1. Quantum Cryptography Applications . . . . . . . . . . 6 69 3.2.2. Quantum Sensor Applications . . . . . . . . . . . . . 7 70 3.2.3. Quantum Computing Applications . . . . . . . . . . . 8 71 3.3. Control vs Data Plane Classification . . . . . . . . . . 8 72 4. Selected Quantum Internet Use Cases . . . . . . . . . . . . . 10 73 4.1. Secure Communication Setup . . . . . . . . . . . . . . . 10 74 4.2. Secure Quantum Computing with Privacy Preservation . . . 14 75 4.3. Distributed Quantum Computing . . . . . . . . . . . . . . 17 76 5. General Requirements . . . . . . . . . . . . . . . . . . . . 20 77 5.1. Background . . . . . . . . . . . . . . . . . . . . . . . 20 78 5.2. Requirements . . . . . . . . . . . . . . . . . . . . . . 22 79 6. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . 22 80 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 23 81 8. Security Considerations . . . . . . . . . . . . . . . . . . . 23 82 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 24 83 10. Informative References . . . . . . . . . . . . . . . . . . . 24 84 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 30 86 1. Introduction 88 The Classical Internet has been constantly growing since it first 89 became commercially popular in the early 1990's. It essentially 90 consists of a large number of end-nodes (e.g., laptops, smart phones, 91 network servers) connected by routers and clustered in Autonomous 92 Systems. The end-nodes may run applications that provide service for 93 the end-users such as processing and transmission of voice, video or 94 data. The connections between the various nodes in the Internet 95 include backbone links (e.g., fiber optics) and access links (e.g., 96 WiFi, cellular wireless, Digital Subscriber Lines (DSLs)). Bits are 97 transmitted across the Classical Internet in packets. 99 Research and experiments have picked up over the last few years for 100 developing the Quantum Internet [Wehner]. End-nodes will also be 101 part of the Quantum Internet, in that case called quantum end-nodes 102 that may be connected by quantum repeaters/routers. These quantum 103 end-nodes will also run value-added applications which will be 104 discussed later. 106 The connections between the various nodes in the Quantum Internet are 107 expected to be primarily fiber optics and free-space optical lasers. 108 Photonic connections are particularly useful because light (photons) 109 is very suitable for physically realizing qubits. Qubits are 110 expected to be transmitted across the Quantum Internet. The Quantum 111 Internet will operate according to quantum physical principles such 112 as quantum superposition and entanglement [I-D.irtf-qirg-principles]. 114 The Quantum Internet is not anticipated to replace, but rather to 115 enhance the Classical Internet. For instance, quantum key 116 distribution can improve the security of the Classical Internet; the 117 powerful computation capability of quantum computing can expedite and 118 optimize computation-intensive tasks (e.g., routing modelling) in the 119 Classical Internet. The Quantum Internet will run in conjunction 120 with the Classical Internet to form a new Hybrid Internet. The 121 process of integrating the Quantum Internet with the Classical 122 Internet is similar to, but with more profound implications, as the 123 process of introducing any new communication and networking paradigm 124 into the existing Internet. The intent of this document is to 125 provide a common understanding and framework of applications and use 126 cases for the Quantum Internet. 128 This document represents the consensus of the Quantum Internet 129 Research Group (QIRG). It has been reviewed extensively by Research 130 Group (RG) members with expertise in both quantum physics and 131 Classical Internet operation. 133 2. Terms and Acronyms List 135 This document assumes that the reader is familiar with the quantum 136 information technology related terms and concepts that are described 137 in [I-D.irtf-qirg-principles]. In addition, the following terms and 138 acronyms are defined herein for clarity: 140 o Bit - Binary Digit (i.e., fundamental unit of information in 141 classical communications and classical computing). 143 o Classical Internet - The existing, deployed Internet (circa 2020) 144 where bits are transmitted in packets between nodes to convey 145 information. The Classical Internet supports applications which 146 may be enhanced by the Quantum Internet. For example, the end-to- 147 end security of a Classical Internet application may be improved 148 by secure communication setup using a quantum application. 150 o Entanglement Swapping: It is a process of sharing an entanglement 151 between two distant parties via some intermediate nodes. For 152 example, suppose there are three parties A, B, C, and each of the 153 parties (A, B) and (B, C) share EPR-pairs. B can use the qubits 154 it shares with A and C to perform entanglement swapping 155 operations, and as a result, A and C share EPR-pairs. 157 o EPR-Pairs - A special type of two-qubits quantum states. The two 158 qubits show a correlation that cannot be observed in classical 159 information theory. We refer to such correlation as quantum 160 entanglement. EPR-pairs exhibit the maximal quantum entanglement. 161 One example of an EPR-pair is (|00>+|11>)/(Sqrt(2)). The EPR- 162 pairs are a fundamental resource for quantum communication. 164 o Fast Byzantine Negotiation - A Quantum-based method for fast 165 agreement in Byzantine negotiations [Ben-Or] [Taherkhani]. 167 o Hybrid Internet - The "new" or evolved Internet to be formed due 168 to a merger of the Classical Internet and the Quantum Internet. 170 o Local Operations and Classical Communication (LOCC) - A method 171 where nodes communicate in rounds, in which (1) they can send any 172 classical information to each other; (2) they can perform local 173 quantum operations individually; and (3) the actions performed in 174 each round can depend on the results from previous rounds. 176 o Noisy Intermediate-Scale Quantum (NISQ) - NISQ was defined in 177 [Preskill] to represent a near-term era in quantum technology. 178 According to this definition, NISQ computers have two salient 179 features: (1) The size of NISQ computers range from 50 to a few 180 hundred physical qubits (i.e., intermediate-scale); and (2) Qubits 181 in NISQ computers have inherent errors and the control over them 182 is imperfect (i.e., noisy). 184 o Packet - Formatted unit of multiple related bits. The bits 185 contained in a packet may be classical bits, or the measured state 186 of qubits expressed in classical bits. 188 o Prepare-and-Measure - A set of Quantum Internet scenarios where 189 quantum nodes only support simple quantum functionalities (i.e., 190 prepare qubits and measure qubits). For example, BB84 [BB84] is a 191 prepare-and-measure quantum key distribution protocol. 193 o Quantum Computer (QC) - A quantum end-node that also has quantum 194 memory and quantum computing capabilities is regarded as a full- 195 fledged quantum computer. 197 o Quantum End-node - An end-node hosts user applications and 198 interfaces with the rest of the Internet. Typically, an end-node 199 may serve in a client, server, or peer-to-peer role as part of the 200 application. If the end-node is part of a Quantum Network (i.e, 201 is a quantum end-node), it must be able to generate/transmit and 202 receive/process qubits. A quantum end-node must also be able to 203 interface to the Classical Internet for control purposes and thus 204 also be able to receive, process, and transmit classical bits/ 205 packets. 207 o Quantum Key Distribution (QKD) - A method that leverages quantum 208 mechanics such as no-cloning theorem to let two parties (e.g., a 209 sender and a receiver) securely establish/agree on a key. 211 o Quantum Internet - A network of Quantum Networks. The Quantum 212 Internet is expected to be merged into the Classical Internet to 213 form a new Hybrid Internet. The Quantum Internet may either 214 improve classical applications or may enable new quantum 215 applications. 217 o Quantum Network - A new type of network enabled by quantum 218 information technology where qubits are transmitted between nodes 219 to convey information. (Note: qubits must be sent individually 220 and not in packets). The Quantum Network will use both quantum 221 channels, and classical channels provided by the Classical 222 Internet. 224 o Quantum Teleportation - A technique for transferring quantum 225 information via local operations and classical communication 226 (LOCC). If two parties share an EPR-pair, then using quantum 227 teleportation a sender can transfer a quantum data bit to a 228 receiver without sending it physically via a quantum communication 229 channel. 231 o Qubit - Quantum Bit (i.e., fundamental unit of information in 232 quantum communication and quantum computing). It is similar to a 233 classic bit in that the state of a qubit is either "0" or "1" 234 after it is measured, and is denoted as its basis state vector |0> 235 or |1>. However, the qubit is different than a classic bit in 236 that the qubit can be in a linear combination of both states 237 before it is measured and termed to be in superposition. The 238 Degrees of Freedom (DOF) of a photon (e.g., polarization) or an 239 electron (e.g., spin) can be used to encode a qubit. 241 3. Quantum Internet Applications 243 3.1. Overview 245 The Quantum Internet is expected to be beneficial for a subset of 246 existing and new applications. The expected applications for the 247 Quantum Internet are still being developed as we are in the formative 248 stages of the Quantum Internet [Castelvecchi] [Wehner]. However, an 249 initial (and non-exhaustive) list of the applications to be supported 250 on the Quantum Internet can be identified and classified using two 251 different schemes. Note, this document does not include quantum 252 computing applications that are purely local to a given node (e.g., 253 quantum random number generator). 255 3.2. Classification by Application Usage 257 Applications may be grouped by the usage that they serve. 258 Specifically, applications may be grouped according to the following 259 categories: 261 o Quantum cryptography applications - Refers to the use of quantum 262 information technology for cryptographic tasks such as quantum key 263 distribution and quantum commitment. 265 o Quantum sensors applications - Refers to the use of quantum 266 information technology for supporting distributed sensors (e.g., 267 clock synchronization). 269 o Quantum computing applications - Refers to the use of quantum 270 information technology for supporting remote quantum computing 271 facilities (e.g., distributed quantum computing). 273 This scheme can be easily understood by both a technical and non- 274 technical audience. The next sections describe the scheme in more 275 detail. 277 3.2.1. Quantum Cryptography Applications 279 Examples of quantum cryptography applications include quantum-based 280 secure communication setup and fast Byzantine negotiation. 282 1. Secure communication setup - Refers to secure cryptographic key 283 distribution between two or more end-nodes. The most well-known 284 method is referred to as Quantum Key Distribution (QKD) [Renner], 285 which has been mathematically proven to be unbreakable. 287 2. Fast Byzantine negotiation - Refers to a Quantum-based method for 288 fast agreement in Byzantine negotiations [Ben-Or], for example, 289 to reduce the number of expected communication rounds and in turn 290 achieve faster agreement, in contrast to classical Byzantine 291 negotiations. A quantum aided Byzantine agreement on quantum 292 repeater networks as proposed in [Taherkhani] includes 293 optimization techniques to greatly reduce the quantum circuit 294 depth and the number of qubits in each node. Quantum-based 295 methods for fast agreement in Byzantine negotiations can be used 296 for improving consensus protocols such as practical Byzantine 297 Fault Tolerance(pBFT), as well as other distributed computing 298 features which use Byzantine negotiations. 300 3. Quantum money - The main security requirement of money is 301 unforgeability. A quantum money scheme aims to fulfill by 302 exploiting the no-cloning property of the unknown quantum states. 303 Though the original idea of quantum money dates back to 1970, 304 these early protocols allow only the issuing bank to verify a 305 quantum banknote. However, the recent protocols that are called 306 public-key quantum money [Zhandry] allow anyone to verify the 307 banknotes locally. 309 3.2.2. Quantum Sensor Applications 311 The entanglement, superposition, interference, squeezing properties 312 can enhance the sensitivity of the quantum sensors and eventually can 313 outperform the classical strategies. Examples of quantum sensor 314 applications include network clock synchronization, high sensitivity 315 sensing, quantum imaging, etc. These applications mainly leverage a 316 network of entangled quantum sensors (i.e. quantum sensor networks) 317 for high-precision multi-parameter estimation [Proctor]. 319 1. Network clock synchronization - Refers to a world wide set of 320 atomic clocks connected by the Quantum Internet to achieve an 321 ultra precise clock signal [Komar] with fundamental precision 322 limits set by quantum theory. 324 2. High sensitivity sensing - Refers to applications that leverage 325 quantum phenomena to achieve reliable nanoscale sensing of 326 physical magnitudes. For example, [Guo] uses an entangled 327 quantum network for measuring the average phase shift among 328 multiple distributed nodes. 330 3. Quantum imaging - The highly sensitive quantum sensors show great 331 potential in improving the domain of magnetoencephalography. 332 Unlike the current classical strategies, with the help of a 333 network of quantum sensors, it is possible to measure the 334 magnetic fields generated by the flow of current through neuronal 335 assemblies in the brain while the subject is moving. It reveals 336 the dynamics of the networks of neurons inside the human brain on 337 a millisecond timescale. This kind of imaging capability could 338 improve the diagnosis and monitoring the conditions like 339 attention-deficit-hyperactivity disorder [Hill]. 341 3.2.3. Quantum Computing Applications 343 Examples of quantum computing include distributed quantum computing 344 and secure quantum computing with privacy preservation, which can 345 enable new types of cloud computing. 347 1. Distributed quantum computing - Refers to a collection of remote 348 small capacity quantum computers (i.e., each supporting a 349 relatively small number of qubits) that are connected and working 350 together in a coordinated fashion so as to simulate a virtual 351 large capacity quantum computer [Wehner]. 353 2. Secure quantum computing with privacy preservation - Refers to 354 private, or blind, quantum computation, which provides a way for 355 a client to delegate a computation task to one or more remote 356 quantum computers without disclosing the source data to be 357 computed over [Fitzsimons]. 359 3. Quantum chemistry - Quantum chemistry is one of the most 360 promising quantum computing applications that can outperform the 361 classical strategy using only a few hundred qubits quantum 362 computers. Using the NISQ devices, the quantum algorithms manage 363 to determine the molecular energies of the small molecules within 364 chemical accuracy [YudongCao]. However, due to the short 365 coherence time of the quantum devices, it is still difficult to 366 simulate larger molecules. 368 3.3. Control vs Data Plane Classification 370 The majority of routers currently used in the Classical Internet 371 separate control plane functionality and data plane functionality 372 for, amongst other reasons, stability, capacity and security. In 373 order to classify applications for the Quantum Internet, a somewhat 374 similar distinction can be made. Specifically some applications can 375 be classified as being responsible for initiating sessions and 376 performing other control plane functionality (including management 377 functionalities too). Other applications carry application or user 378 data and can be classified as data plane functionality. 380 Some examples of what may be called control plane applications in the 381 Classical Internet are Domain Name Server (DNS), Session Information 382 Protocol (SIP), and Internet Control Message Protocol (ICMP). 384 Furthermore, examples of data plane applications are E-mail, web 385 browsing, and video streaming. Note that some applications may 386 require both control plane and data plane functionality. For 387 example, a Voice over IP (VoIP) application may use SIP to set up the 388 call and then transmit the VoIP user packets over the data plane to 389 the other party. 391 Similarly, nodes in the Quantum Internet applications may also use 392 the classification paradigm of control plane functionality versus 393 data plane functionality where: 395 o Control Plane - Network functions and processes that operate on 396 (1) control bits/packets or qubits (e.g., to setup up end-user 397 encryption); or (2) management bits/packets or qubits (e.g., to 398 configure nodes). For example, a quantum ping could be 399 implemented as a control plane application to test and verify if 400 there is a quantum connection between two quantum nodes. Another 401 example is quantum superdense coding (which is used to transmit 402 two classical bits by sending only one qubit). This approach does 403 not need classical channels. Quantum superdense coding can be 404 leveraged to implement a secret sharing application to share 405 secrets between two parties [ChuanWang]. This secret sharing 406 application based on quantum superdense encoding can be classified 407 as control plane functionality. 409 o Data Plane - Network functions and processes that operate on end- 410 user application bits/packets or qubits (e.g., voice, video, 411 data). Sometimes also referred to as the user plane. For 412 example, a data plane application can be video conferencing, which 413 uses QKD-based secure communication setup (which is a control 414 plane function) to share a classical secret key for encrypting and 415 decrypting video frames. 417 As shown in the table in Figure 1, control and data plane 418 applications vary for different types of networks. For a standalone 419 Quantum Network (i.e., that is not integrated into the Internet), 420 entangled qubits are its "data" and thus entanglement distribution 421 can be regarded as its data plane application, while the signalling 422 for controlling entanglement distribution be considered as control 423 plane. However, looking at the Quantum Internet, QKD-based secure 424 communication setup, which may be based on and leverage entanglement 425 distribution, is in fact a control plane application, while video 426 conference using QKD-based secure communication setup is a data plane 427 application. In the future, two data planes may exist, respectively 428 for Quantum Internet and Classical Internet, while one control plane 429 can be leveraged for both Quantum Internet and Classical Internet. 431 +----------+-----------+----------------+----------------------+ 432 | | | | | 433 | | Classical | Quantum | Hybrid | 434 | | Internet | Internet | Internet | 435 | | Examples | Examples | Examples | 436 +----------+-----------+----------------+----------------------+ 437 | Control | ICMP; | Quantum ping; | QKD-based secure | 438 | Plane | DNS | Signalling for | communication | 439 | | | controlling | setup | 440 | | | entanglement | | 441 | | | distribution; | | 442 ---------------------------------------------------------------| 443 | Data | Video | QKD; | Video conference | 444 | Plane | conference| Entanglement | using QKD-based | 445 | | | distribution | secure communication | 446 | | | | setup | 447 +--------------------------------------------------------------+ 449 Figure 1: Examples of Control vs Data Plane Classification 451 4. Selected Quantum Internet Use Cases 453 The Quantum Internet will support a variety of applications and 454 deployment configurations. This section details a few key use cases 455 which illustrates the benefits of the Quantum Internet. In system 456 engineering, a use case is typically made up of a set of possible 457 sequences of interactions between nodes and users in a particular 458 environment and related to a particular goal. This will be the 459 definition that we use in this section. 461 4.1. Secure Communication Setup 463 In this scenario, two banks (i.e., Bank #1 and Bank #2) need to have 464 secure communications for transmitting important financial 465 transaction records (see Figure 2). For this purpose, they first 466 need to securely share a classic secret cryptographic key (i.e., a 467 sequence of classical bits), which is triggered by an end-user banker 468 at Bank #1. This results in a source quantum node A at Bank #1 to 469 securely establish a classical secret key with a destination quantum 470 node B at Bank #2. This is referred to as a secure communication 471 setup. Note that the quantum node A and B may be either a bare-bone 472 quantum end-node or a full-fledged quantum computer. This use case 473 shows that the Quantum Internet can be leveraged to improve the 474 security of Classical Internet applications of which the financial 475 application shown in Figure 2 is an example. 477 One requirement for this secure communication setup process is that 478 it should not be vulnerable to any classical or quantum computing 479 attack. This can be realized using QKD which has been mathematically 480 proven to be information-theoretically secureand unbreakable. QKD 481 can securely establish a secret key between two quantum nodes, using 482 a classical authentication channel and insecure quantum communication 483 channel without physically transmitting the key through the network 484 and thus achieving the required security. However, care must be 485 taken to ensure that the QKD system is safe against physical side 486 channel attacks which can compromise the system. An example of a 487 physical side channel attack is when an attacker is able to 488 surreptitiously inject additional light into the optical devices used 489 in QKD to learn side information about the system such as the 490 polarization. Other specialized physical attacks against QKD have 491 also beusing a classical authentication channel and insecure quantum 492 communication channelen developed such as the phase-remapping attack, 493 photon number splitting attack, and decoy state attack [Zhao]. 495 QKD is the most mature feature of the quantum information technology, 496 and has been commercially released in small-scale and short-distance 497 deployments. More QKD use cases are described in ETSI documents 498 [ETSI-QKD-UseCases]; in addition, the ETSI document 499 [ETSI-QKD-Interfaces] specifies interfaces between QKD users and QKD 500 devices. 502 In general, the prepare and measure QKD protocols (e.g., [BB84]) 503 without using entanglement works as follows: 505 1. The source quantum node A encodes classical bits to qubits. 506 Basically, the source node A generates two random classical bit 507 strings X, Y. Among them, it uses the bit string X to choose the 508 basis and uses Y to choose the state corresponding to the chosen 509 basis. For example, if X=0 then in case of BB84 protocol Alice 510 prepares the state in {|0>, |1>}-basis; otherwise she prepares 511 the state in {|+>, |->}-basis. Similarly, if Y=0 then Alice 512 prepares the qubit either |0> or |+> (depending on the value of 513 X), and if Y =1, then Alice prepares the qubit either |1> or |->. 515 2. The source quantum node A sends qubits to the destination quantum 516 node B via quantum channel. 518 3. The destination quantum node receives qubits and measures each of 519 them in one of the two basis at random. 521 4. The destination quantum node informs the source node of its 522 choice of basis for each qubit. 524 5. The source quantum node informs the destination node which random 525 quantum basis is correct. 527 6. Both nodes discard any measurement bit under different quantum 528 basis and remaining bits could be used as the secret key. Before 529 generating the final secret key, there is a post-processing 530 procedure over authenticated classical channels. The classical 531 post-processing part can be subdivided into three steps, namely 532 parameter estimation, error-correction, and privacy 533 amplification. In the parameter estimation phase, both Alice and 534 Bob use some of the bits to estimate the channel error. If it is 535 larger than some threshold value, then they abort the protocol 536 otherwise move to the error-correction phase. Basically, if an 537 eavesdropper tries to intercept and read qubits sent from node A 538 to node B, the eavesdropper will be detected due to the entropic 539 uncertainty relation property theorem of quantum mechanics. As a 540 part of the post-processing procedure, both nodes usually also 541 perform information reconciliation [Elkouss] for efficient error 542 correction and/or conduct privacy amplification [BTang] for 543 generating the final information-theoretical secure keys. 545 7. The post-processing procedure needs to be performed over an 546 authenticated classical channel. In other words, the source 547 quantum node and the destination quantum node need to 548 authenticate the classical channel to make sure there is no 549 eavesdroppers or man-in-the-middle attacks, according to certain 550 authentication protocols such as [Kiktenko]. In [Kiktenko], the 551 authenticity of the classical channel is checked at the very end 552 of the post-processing procedure instead of doing it for each 553 classical message exchanged between the quantum source node and 554 the quantum destination node. 556 It is worth noting that: 558 1. There are some entanglement-based QKD protocols such as 559 [Treiber], which work differently than above steps. The 560 entanglement-based schemes, where entangled states are prepared 561 externally to the source quantum node and the destination quantum 562 node, are not normally considered "prepare-and-measure" as 563 defined in [Wehner]; other entanglement-based schemes, where 564 entanglement is generated within the source quantum node can 565 still be considered "prepare-and-measure"; send-and-return 566 schemes can still be "prepare-and-measure", if the information 567 content, from which keys will be derived, is prepared within the 568 source quantum node the source quantum node before being sent to 569 the destination quantum node for measurement. 571 2. There are many enhanced QKD protocols based on [BB84]. For 572 example, a series of loopholes have been identified due to the 573 imperfections of measurement devices; there are several solutions 574 to take into account these attacks such as measurement-device- 575 independent QKD [PZhang]. These enhanced QKD protocols can work 576 differently than the steps of BB84 protocol [BB84]. 578 3. For large-scale QKD, QKD Networks (QKDN) are required, which can 579 be regarded as a subset of a Quantum Internet. A QKDN may 580 consist of a QKD application layer, a QKD network layer, and a 581 QKD link layer [Qin]. One or multiple trusted QKD relays 582 [QZhang] may exist between the source quantum node A and the 583 destination quantum node B, which are connected by a QKDN. 584 Alternatively, a QKDN may rely on entanglement distribution and 585 entanglement-based QKD protocols; as a result, quantum-repeaters/ 586 routers instead of trusted QKD relays are needed for large-scale 587 QKD. 589 4. Although the addresses of Source Quantum Node A and Destination 590 Quantum Node B could be identified and exposed, the identity of 591 users, who will use the secret cryptographic key for secure 592 communications, will not necessarily be exposed during QKD 593 process. In other words, there is no direct mapping from the 594 addresses of quantum nodes to the user identity; as a result, QKD 595 protocols do not disclose user identities. 597 5. QKD provides an information-theoretical way to share secret keys 598 between two parties in the presence of Eve. However, this is true 599 in theory, and there is a significant gap between theory and 600 practice. By exploiting the imperfection of the detectors Eve 601 can gain information about the shared key [FeihuXu]. To avoid 602 such side-channel attacks in [Lo], the researchers provide a QKD 603 protocol called Measurement Device-Independent (MDI) QKD that 604 allows two users (a transmitter "Alice" and a receiver "Bob") to 605 communicate with perfect security, even if the (measurement) 606 hardware they are using has been tampered with (e.g., by an 607 eavesdropper) and thus is not trusted. It is achieved by 608 measuring correlations between signals from Alice and Bob rather 609 than the actual signals themselves. 611 6. QKD protocols based on Continuous Variable (CV-QKD) have recently 612 seen plenty of interest as it only requires telecommunications 613 equipment that is readily available and is also in common use 614 industry-wide. This kind of technology is a potentially high- 615 performance technique for secure key distribution over limited 616 distances. The recent demonstration of CV-QKD shows 617 compatibility with classical coherent detection schemes that are 618 widely used for high bandwidth classical communication systems 619 [Grosshans]. 621 As a result, the Quantum Internet in Figure 2 contains quantum 622 channels. And in order to support secure communication setup 623 especially in large-scale deployment, it also requires entanglement 624 generation and entanglement distribution 625 [I-D.van-meter-qirg-quantum-connection-setup], quantum repeaters/ 626 routers, and/or trusted QKD relays. 628 +---------------+ 629 | End User | 630 |(e.g., Banker) | 631 +---------------+ 632 ^ 633 | User Interface 634 | (e.g., GUI) 635 V 636 +-----------------+ /--------\ +-----------------+ 637 | |--->( Quantum )--->| | 638 | Source | ( Internet ) | Destination | 639 | Quantum | \--------/ | Quantum | 640 | Node A | | Node B | 641 | (e.g., Bank #1) | /--------\ | (e.g., Bank #2) | 642 | | ( Classical) | | 643 | |<-->( Internet )<-->| | 644 +-----------------+ \--------/ +-----------------+ 646 Figure 2: Secure Communication Setup 648 4.2. Secure Quantum Computing with Privacy Preservation 650 Secure computation with privacy preservation refers to the following 651 scenario: 653 1. A client node with source data delegates the computation of the 654 source data to a remote computation node (i.e. a server). 656 2. Furthermore, the client node does not want to disclose any source 657 data to the remote computation node and thus preserve the source 658 data privacy. 660 3. Note that there is no assumption or guarantee that the remote 661 computation node is a trusted entity from the source data privacy 662 perspective. 664 As an example illustrated in Figure 3, a terminal node such as a home 665 gateway has collected lots of data and needs to perform computation 666 on the data. The terminal node could be a classical node without any 667 quantum capability, a bare-bone quantum end-node or a full-fledged 668 quantum computer. The terminal node has insufficient computing power 669 and needs to offload data computation to some remote nodes. Although 670 the terminal node can upload the data to the cloud to leverage cloud 671 computing without introducing local computing overhead, to upload the 672 data to the cloud can cause privacy concerns. In this particular 673 case, there is no privacy concern since the source data will not be 674 sent to the remote computation node which could be compromised. Many 675 protocols as described in [Fitzsimons] for delegated quantum 676 computing or Blind Quantum Computation (BQC) can be leveraged to 677 realize secure delegated computation and guarantee privacy 678 preservation simultaneously. 680 As a new client/server computation model, BQC generally enables: 1) 681 The client delegates a computation function to the server; 2) The 682 client does not send original qubits to the server, but send 683 transformed qubits to the server; 3) The computation function is 684 performed at the server on the transformed qubits to generate 685 temporary result qubits, which could be quantum-circuit-based 686 computation or measurement-based quantum computation. The server 687 sends the temporary result qubits to the client; 4) The client 688 receives the temporary result qubits and transform them to the final 689 result qubits. During this process, the server can not figure out 690 the original qubits from the transformed qubits. Also, it will not 691 take too much efforts on the client side to transform the original 692 qubits to the transformed qubits, or transform the temporary result 693 qubits to the final result qubits. One of the very first BQC 694 protocols such as [Childs] follows this process, although the client 695 needs some basic quantum features such as quantum memory, qubit 696 preparation and measurement, and qubit transmission. Measurement- 697 based quantum computation is out of the scope of this document and 698 more details about it can be found in [Jozsa]. 700 It is worth noting that: 702 1. The BQC protocol in [Childs] is a circuit-based BQC model, where 703 the client only performs simple quantum circuit for qubit 704 transformation, while the server performs a sequence of quantum 705 logic gates. Qubits are transmitted back and forth between the 706 client and the server. 708 2. Universal BQC in [Broadbent] is a measurement-based BQC model, 709 which is based on measurement-based quantum computing leveraging 710 entangled states. The principle in UBQC is based on the fact the 711 quantum teleportation plus a rotated Bell measurement realizes a 712 quantum computation, which can be repeated multiple times to 713 realize a sequence of quantum computation. In this approach, the 714 client first prepares transformed qubits and send them to the 715 server and the server needs first to prepare entangled states 716 from all received qubits. Then, multiple interaction and 717 measurement rounds happen between the client and the server. For 718 each round, the client computes and sends new measurement 719 instructions or measurement adaptations to the server; then, the 720 server performs the measurement according to the received 721 measurement instructions to generate measurement results (qubits 722 or in classic bits); the client receives the measurement results 723 and transform them to the final results. 725 3. A hybrid universal BQC is proposed in [XZhang], where the server 726 performs both quantum circuits like [Childs] and quantum 727 measurements like [Broadbent] to reduce the number of required 728 entangled states in [Broadbent]. Also, the client is much 729 simpler than the client in [Childs]. This hybrid BQC is a 730 combination of circuit-based BQC model and measurement-based BQC 731 model. 733 4. It will be ideal if the client in BQC is a purely classical 734 client, which only needs to interact with the server using 735 classical channel and communications. [HHuang] demonstrates such 736 an approach, where a classical client leverages two entangled 737 servers to perform BQC, with the assumption that both servers can 738 not communicate with each other; otherwise, the blindness or 739 privacy of the client can not be guaranteed. The scenario as 740 demonstrated in [HHuang] is essentially an example of BQC with 741 multiple servers. 743 5. How to verify that the server will perform what the client 744 requests or expects is an important issue in many BQC protocols, 745 referred to as verifiable BQC. [Fitzsimons] discusses this issue 746 and compares it in various BQC protocols. 748 In Figure 3, the Quantum Internet contains quantum channels and 749 quantum repeaters/routers for long-distance qubits transmission 750 [I-D.irtf-qirg-principles]. 752 +----------------+ /--------\ +----------------+ 753 | |--->( Quantum )--->| | 754 | | ( Internet ) | Remote | 755 | Terminal | \--------/ | Computation | 756 | Node | | Node | 757 | (e.g., Home | /--------\ | (e.g., QC | 758 | Gateway) | ( Classical) | in Cloud) | 759 | |<-->( Internet )<-->| | 760 +----------------+ \--------/ +----------------+ 762 Figure 3: Secure Quantum Computing with Privacy Preservation 764 4.3. Distributed Quantum Computing 766 There can be two types of distributed quantum computing [Denchev]: 768 1. Leverage quantum mechanics to enhance classical distributed 769 computing problems. For example, entangled quantum states can be 770 exploited to improve leader election in classical distributed 771 computing, by simply measuring the entangled quantum states at 772 each party (e.g., a node or a device) without introducing any 773 classical communications among distributed parties [Pal]. 774 Normally, pre-shared entanglement needs first be established 775 among distributed parties, followed by LOCC operations at each 776 party. And it generally does not need to transmit qubits among 777 distributed parties. 779 2. Distribute quantum computing functions to distributed quantum 780 computers. A quantum computing task or function (e.g., quantum 781 gates) is split and distributed to multiple physically separate 782 quantum computers. And it may or may not need to transmit qubits 783 (either inputs or outputs) among those distributed quantum 784 computers. Pre-shared entangled states may be needed to transmit 785 quantum states among distributed quantum computers without using 786 quantum communications, similar to quantum teleportation. For 787 example, [Yimsiriwattana] has proved that a CNOT gate can be 788 realized jointly by and distributed to multiple quantum 789 computers. The rest of this section focuses on this type of 790 distributed quantum computing. 792 As a scenario for the second type of distributed quantum computing, 793 Noisy Intermediate-Scale Quantum (NISQ) computers distributed in 794 different locations are available for sharing. According to the 795 definition in [Preskill], a NISQ computer can only realize a small 796 number of qubits and has limited quantum error correction. In order 797 to gain higher computation power before fully-fledged quantum 798 computers become available, NISQ computers can be connected via 799 classic and quantum channels. This scenario is referred to as 800 distributed quantum computing [Caleffi] [Cacciapuoti01] 801 [Cacciapuoti02]. This use case reflects the vastly increased 802 computing power which quantum computers as a part of the Quantum 803 Internet can bring, in contrast to classical computers in the 804 Classical Internet, in the context of distributed quantum computing 805 ecosystem [Cuomo]. According to [Cuomo], quantum teleportation 806 enables a new communication paradigm, referred to as teledata 807 [VanMeter01], which moves quantum states among qubits to distributed 808 quantum computers. In addition, distributed quantum computation also 809 needs the capability of remotely performing quantum computation on 810 qubits on distributed quantum computers, which can be enabled by the 811 technique called telegate [VanMeter02]. 813 As an example, scientists can leverage these connected NISQ computer 814 to solve highly complex scientific computation problems such as 815 analysis of chemical interactions for medical drug development [Cao] 816 (see Figure 4). In this case, qubits will be transmitted among 817 connected quantum computers via quantum channels, while classic 818 control messages will be transmitted among them via classical 819 channels for coordination and control purpose. Another example of 820 distributed quantum computing is secure Multi-Party Quantum 821 Computation (MPQC) [Crepeau], which can be regarded as a quantum 822 version of classical secure Multi-Party Computing (MPC). In secure 823 MPQC, multiple participants jointly perform quantum computation on a 824 set of input quantum states, which are prepared and provided by 825 different participants. One of primary aims of secure MPQC is to 826 guarantee that each participant will not know input quantum states 827 provided by other participants. Secure MPQC relies on verifiable 828 quantum secret sharing [Lipinska]. 830 For the example shown in Figure 4, qubits from one NISQ computer to 831 another NISQ computer are very sensitive and should not be lost. For 832 this purpose, quantum teleportation can be leveraged to teleport 833 sensitive data qubits from one quantum computer A to another quantum 834 computer B. Note that Figure 4 does not cover measurement-based 835 distributed quantum computing, where quantum teleportation may not be 836 required. When quantum teleportation is employed, the following 837 steps happen between A and B. In fact, LOCC [Chitambar] operations 838 are conducted at the quantum computer A and B in order to achieve 839 quantum teleportation as illustrated in Figure 4. 841 1. The quantum computer A locally generates some sensitive data 842 qubits to be teleported to the quantum computer B. 844 2. A shared entanglement is established between the quantum computer 845 A and the quantum computer B (i.e., there are two entangled 846 qubits: q1 at A and q2 at B). For example, the quantum computer 847 A can generate two entangled qubits (i.e., q1 and q2) and sends 848 q2 to the quantum computer B via quantum communications. 850 3. Then, the quantum computer A performs a Bell measurement of the 851 entangled qubit q1 and the sensitive data qubit. 853 4. The result from this Bell measurement will be encoded in two 854 classical bits, which will be physically transmitted via a 855 classical channel to the quantum computer B. 857 5. Based on the received two classical bits, the quantum computer B 858 modifies the state of the entangled qubit q2 in the way to 859 generate a new qubit identical to the sensitive data qubit at the 860 quantum computer A. 862 In Figure 4, the Quantum Internet contains quantum channels and 863 quantum repeaters/routers [I-D.irtf-qirg-principles]. This use case 864 needs to support entanglement generation and entanglement 865 distribution (or quantum connection) setup 866 [I-D.van-meter-qirg-quantum-connection-setup] in order to support 867 quantum teleportation. 869 +-----------------+ 870 | End-User | 871 |(e.g., Scientist)| 872 +-----------------+ 873 ^ 874 |User Interface (e.g. GUI) 875 | 876 +------------------+-------------------+ 877 | | 878 | | 879 V V 880 +----------------+ /--------\ +----------------+ 881 | |--->( Quantum )--->| | 882 | | ( Internet ) | | 883 | Quantum | \--------/ | Quantum | 884 | Computer A | | Computer B | 885 | (e.g., Site #1)| /--------\ | (e.g., Site #2)| 886 | | ( Classical) | | 887 | |<-->( Internet )<-->| | 888 +----------------+ \--------/ +----------------+ 890 Figure 4: Distributed Quantum Computing 892 5. General Requirements 894 5.1. Background 896 Quantum technologies are steadily evolving and improving. Therefore, 897 it is hard to predict the timeline and future milestones of quantum 898 technologies as pointed out in [Grumbling] for quantum computing. 899 Currently, a NISQ computer can achieve fifty to hundreds of qubits 900 with some given error rate. In fact, the error rates of two-qubit 901 quantum gates have decreased nearly in half every 1.5 years (for 902 trapped ion gates) to 2 years (for superconducting gates). The error 903 rate also increases as the number of qubits increases. For example, 904 a current 20-physical-qubit machine has a total error rate which is 905 close to the total error rate of a 7 year old two-qubit machine 906 [Grumbling]. 908 On the network level, six stages of Quantum Internet development are 909 described in [Wehner] as follows: 911 1. Trusted repeater networks (Stage-1) 913 2. Prepare and measure networks (Stage-2) 915 3. Entanglement distribution networks (Stage-3) 917 4. Quantum memory networks (Stage-4) 919 5. Fault-tolerant few qubit networks (Stage-5) 921 6. Quantum computing networks (Stage-6) 923 The first stage are simple trusted repeater networks, while the final 924 stage are quantum computing networks where the full-blown Quantum 925 Internet will be achieved. Each intermediate stage brings with it 926 new functionality, new applications, and new characteristics. 927 Figure 5 illustrates Quantum Internet use cases as described in this 928 document mapped to the Quantum Internet stages described in [Wehner]. 929 For example, secure communication setup can be supported in Stage-1, 930 Stage-2, or Stage-3, but with different QKD solutions. More 931 specifically: 933 In Stage-1, basic QKD is possible and can be leveraged to support 934 secure communication setup but trusted nodes are required to provide 935 end-to-end security. The primary requirement is trusted nodes. 937 In Stage-2, the end users can prepare receive and measure qubits. In 938 this stage the users can verify classical passwords without revealing 939 it. 941 In Stage-3, end-to-end security can be enabled based on quantum 942 repeaters and entanglement distribution, to support the same secure 943 communication setup application. The primary requirement is 944 entanglement distribution to enable long-distance QKD. 946 In Stage-4, the quantum repeaters gain the capability of storing and 947 manipulating entangled qubits in the quantum memories. Using these 948 kind of quantum networks one can run sophisticated applications like 949 blind quantum computing, leader election, quantum secret sharing. 951 In Stage-5, quantum repeaters can perform error correction; hence 952 they can perform fault-tolerant quantum computations on the received 953 data. With the help of these repeaters, it is possible to run 954 distributed quantum computing and quantum sensor applications over a 955 smaller number of qubits. 957 Finally, in Stage-6, distributed quantum computing relying on more 958 qubits can be supported. 960 +---------+----------------------------+------------------------+ 961 | Quantum | Example Quantum | | 962 | Internet| Internet Use | Characteristic | 963 | Stage | Cases | | 964 +---------+----------------------------+------------------------+ 965 | Stage-1 | Secure comm setup | Trusted nodes | 966 | | using basic QKD | | 967 |---------------------------------------------------------------| 968 | Stage-2 | Secure comm setup | Prepare-and-measure | 969 | | using the QKD with | capability | 970 | | end-to-end security | | 971 |---------------------------------------------------------------| 972 | Stage-3 | Secure comm setup | Entanglement | 973 | | using entanglement-enabled | distribution | 974 | | QKD | | 975 |---------------------------------------------------------------| 976 | Stage-4 | Secure/blind quantum | Quantum memory | 977 | | computing | | 978 |---------------------------------------------------------------| 979 | Stage-5 | Higher-Accuracy Clock | Fault tolerance | 980 | | synchronization | | 981 |---------------------------------------------------------------| 982 | Stage-6 | Distributed quantum | More qubits | 983 | | computing | | 984 +---------------------------------------------------------------+ 986 Figure 5: Example Use Cases in Different Quantum Internet Stages 988 5.2. Requirements 990 Some general and functional requirements on the Quantum Internet from 991 the networking perspective, based on the above applications and use 992 cases, are identified as follows: 994 1. Methods for facilitating quantum applications to interact 995 efficiently with entanglement qubits are necessary in order for 996 them to trigger distribution of designated entangled qubits to 997 potentially any other quantum node residing in the Quantum 998 Internet. To accomplish this specific operations must be 999 performed on entangled qubits (e.g., entanglement swapping, 1000 entanglement distillation). Quantum nodes may be quantum end- 1001 nodes, quantum repeaters/routers, and/or quantum computers. 1003 2. Quantum repeaters/routers should support robust and efficient 1004 entanglement distribution in order to extend and establish high- 1005 fidelity entanglement connection between two quantum nodes. For 1006 achieving this, it is required to first generate an entangled 1007 pair on each hop of the path between these two nodes, and then 1008 perform entanglement swapping operations at each of the 1009 intermediate nodes. 1011 3. Quantum end-nodes must send additional information on classical 1012 channels to aid in transmission of qubits across quantum 1013 repeaters/receivers. This is because qubits are transmitted 1014 individually and do not have any associated packet overhead which 1015 can help in transmission of the qubit. Any extra information to 1016 aid in routing, identification, etc., of the qubit(s) must be 1017 sent via classical channels. 1019 4. Methods for managing and controlling the Quantum Internet 1020 including quantum nodes and their quantum resources are 1021 necessary. The resources of a quantum node may include quantum 1022 memory, quantum channels, qubits, established quantum 1023 connections, etc. Such management methods can be used to monitor 1024 network status of the Quantum Internet, diagnose and identify 1025 potential issues (e.g. quantum connections), and configure 1026 quantum nodes with new actions and/or policies (e.g. to perform a 1027 new entanglement swapping operation). New management information 1028 model for the Quantum Internet may need to be developed. 1030 6. Conclusion 1032 This document provides an overview of some expected applications for 1033 the Quantum Internet, and then details selected use cases. The 1034 applications are first grouped by their usage which is a natural and 1035 easy to understand classification scheme. The applications are also 1036 classified as either control plane or data plane functionality as 1037 typical for the Classical Internet. This set of applications may, of 1038 course, naturally expand over time as the Quantum Internet matures. 1039 Finally, some general requirements for the Quantum Internet are also 1040 provided. 1042 This document can also serve as an introductory text to readers 1043 interested in learning about the practical uses of the Quantum 1044 Internet. Finally, it is hoped that this document will help guide 1045 further research and development of the Quantum Internet 1046 functionality required to implement the applications and uses cases 1047 described herein. 1049 7. IANA Considerations 1051 This document requests no IANA actions. 1053 8. Security Considerations 1055 This document does not define an architecture nor a specific protocol 1056 for the Quantum Internet. It focuses instead on detailing use cases, 1057 requirements, and describing typical Quantum Internet applications. 1058 However, some salient observations can be made regarding security of 1059 the Quantum Internet as follows. 1061 It has been identified in [NISTIR8240] that once large-scale quantum 1062 computing becomes reality that it will be able to break many of the 1063 public-key (i.e., asymmetric) cryptosystems currently in use. This 1064 is because of the increase in computing ability with quantum 1065 computers for certain classes of problems (e.g., prime factorization, 1066 optimizations). This would negatively affect many of the security 1067 mechanisms currently in use on the Classical Internet which are based 1068 on public-key (Diffie-Hellman) encryption. This has given strong 1069 impetus for starting development of new cryptographic systems that 1070 are secure against quantum computing attacks [NISTIR8240]. 1072 Interestingly, development of the Quantum Internet will also mitigate 1073 the threats posed by quantum computing attacks against Diffie-Hellman 1074 based public-key cryptosystems. Specifically, the secure 1075 communication setup feature of the Quantum Internet as described in 1076 Section 4.1 will be strongly resistant to both classical and quantum 1077 computing attacks against Diffie-Hellman based public-key 1078 cryptosystems. 1080 A key additional threat consideration for the Quantum Internet is 1081 pointed to by [RFC7258], which warns of the dangers of pervasive 1082 monitoring as a widespread attack on privacy. Pervasive monitoring 1083 is defined as a widespread, and usually covert, surveillance through 1084 intrusive gathering of application content or protocol metadata such 1085 as headers. This can be accomplished through active or passive 1086 wiretaps, traffic analysis, or subverting the cryptographic keys used 1087 to secure communications. 1089 The secure communication setup feature of the Quantum Internet as 1090 described in Section 4.1 will be strongly resistant to pervasive 1091 monitoring based on directly attacking (Diffie-Hellman) encryption 1092 keys. Also, Section 4.2 describes a method to perform remote quantum 1093 computing while preserving the privacy of the source data. Finally, 1094 the intrinsic property of qubits to decohere if they are observed, 1095 albeit covertly, will theoretically allow detection of unwanted 1096 monitoring in some future solutions. 1098 9. Acknowledgments 1100 The authors want to thank Michele Amoretti, Mathias Van Den Bossche, 1101 Xavier de Foy, Patrick Gelard, Alvaro Gomez Inesta, Wojciech 1102 Kozlowski, John Mattsson, Rodney Van Meter, Joey Salazar, and Joseph 1103 Touch, and the rest of the QIRG community as a whole for their very 1104 useful reviews and comments to the document. 1106 10. Informative References 1108 [BB84] Bennett, C. and G. Brassard, "Quantum Cryptography: Public 1109 Key Distribution and Coin Tossing", 1984, 1110 . 1113 [Ben-Or] Ben-Or, M. and A. Hassidim, "Fast Quantum Byzantine 1114 Agreement", SOTC, ACM, 2005, 1115 . 1117 [Broadbent] 1118 Broadbent, A. and et. al., "Universal Blind Quantum 1119 Computation", 50th Annual Symposium on Foundations of 1120 Computer Science, IEEE, 2009, 1121 . 1123 [BTang] Tang, B. and et. al., "High-speed and Large-scale Privacy 1124 Amplification Scheme for Quantum Key Distribution", 1125 Scientific Reports, Nature Research, 2019, 1126 . 1128 [Cacciapuoti01] 1129 Cacciapuoti, A. and et. al., "Quantum Internet: Networking 1130 Challenges in Distributed Quantum Computing", IEEE 1131 Network, January 2020, 2020, 1132 . 1134 [Cacciapuoti02] 1135 Cacciapuoti, A. and et. al., "When Entanglement meets 1136 Classical Communications: Quantum Teleportation for the 1137 Quantum Internet", 2019, 1138 . 1140 [Caleffi] Caleffi, M. and et. al., "Quantum internet: From 1141 Communication to Distributed Computing!", NANOCOM, ACM, 1142 2018, . 1144 [Cao] Cao, Y. and et. al., "Potential of Quantum Computing for 1145 Drug Discovery", Journal of Research and Development, IBM, 1146 2018, . 1148 [Castelvecchi] 1149 Castelvecchi, D., "The Quantum Internet has arrived (and 1150 it hasn't)", Nature 554, 289-292, 2018, 1151 . 1153 [Childs] Childs, A., "Secure Assisted Quantum Computation", 2005, 1154 . 1156 [Chitambar] 1157 Chitambar, E. and et. al., "Everything You Always Wanted 1158 to Know About LOCC (But Were Afraid to Ask)", 1159 Communications in Mathematical Physics, Springer, 2014, 1160 . 1163 [ChuanWang] 1164 Wang, C. and et. al., "Quantum Secure Direct Communication 1165 with High-Dimension Quantum Superdense Coding", Physical 1166 Review A, American Physical Society, 2005, 1167 . 1169 [Crepeau] Crepeau, C. and et. al., "Secure Multi-party Quantum 1170 Computation", 34th Symposium on Theory of Computing 1171 (STOC), ACM, 2002, 1172 . 1174 [Cuomo] Cuomo, D. and et. al., "Towards a Distributed Quantum 1175 Computing Ecosystem", Quantum Communication, IET, 2020, 1176 . 1178 [Denchev] Denchev, V. and et. al., "Distributed Quantum Computing: A 1179 New Frontier in Distributed Systems or Science Fiction?", 1180 SIGACT News ACM, 2018, 1181 . 1183 [Elkouss] Elkouss, D. and et. al., "Information Reconciliation for 1184 Quantum Key Distribution", 2011, 1185 . 1187 [ETSI-QKD-Interfaces] 1188 ETSI GR QKD 003 V2.1.1, "Quantum Key Distribution (QKD); 1189 Components and Internal Interfaces", 2018, 1190 . 1193 [ETSI-QKD-UseCases] 1194 ETSI GR QKD 002 V1.1.1, "Quantum Key Distribution (QKD); 1195 Use Cases", 2010, . 1198 [FeihuXu] Xu, F. and et. al., "Experimental Demonstration of Phase- 1199 Remapping Attack in a Practical Quantum Key Distribution 1200 System", New Journal of Physics, 12 113026, 2010, 1201 . 1204 [Fitzsimons] 1205 Fitzsimons, J., "Private Quantum Computation: An 1206 Introduction to Blind Quantum Computing and Related 1207 Protocols", 2017, 1208 . 1210 [Grosshans] 1211 Grosshans, F. and P. Grangier, "Continuous Variable 1212 Quantum Cryptography Using Coherent States", Physical 1213 Review Letters, American Physical Society, 2002, 1214 . 1216 [Grumbling] 1217 Grumbling, E. and M. Horowitz, "Quantum Computing: 1218 Progress and Prospects", National Academies of Sciences, 1219 Engineering, and Medicine, The National Academies Press, 1220 2019, . 1222 [Guo] Guo, X. and et. al., "Distributed Quantum Sensing in a 1223 Continuous-Variable Entangled Network", Nature 1224 Physics, Nature, 2020, 1225 . 1227 [HHuang] Huang, H. and et. al., "Experimental Blind Quantum 1228 Computing for a Classical Client", 2017, 1229 . 1231 [Hill] Hill, R. and et. al., "A Tool for Functional Brain Imaging 1232 with Lifespan Compliance", Nature Communications 10, 1233 4785(2019), 2019, 1234 . 1236 [I-D.dahlberg-ll-quantum] 1237 Dahlberg, A., Skrzypczyk, M., and S. Wehner, "The Link 1238 Layer service in a Quantum Internet", draft-dahlberg-ll- 1239 quantum-03 (work in progress), October 2019. 1241 [I-D.irtf-qirg-principles] 1242 Kozlowski, W., Wehner, S., Meter, R. V., Rijsman, B., 1243 Cacciapuoti, A. S., Caleffi, M., and S. Nagayama, 1244 "Architectural Principles for a Quantum Internet", draft- 1245 irtf-qirg-principles-06 (work in progress), February 2021. 1247 [I-D.van-meter-qirg-quantum-connection-setup] 1248 Meter, R. V. and T. Matsuo, "Connection Setup in a Quantum 1249 Network", draft-van-meter-qirg-quantum-connection-setup-01 1250 (work in progress), September 2019. 1252 [Jozsa] Josza, R. and et. al., "An Introduction to Measurement 1253 based Quantum Computation", 2005, 1254 . 1256 [Kiktenko] 1257 Kiktenko, E. and et. al., "Lightweight Authentication for 1258 Quantum Key Distribution", 2020, 1259 . 1261 [Komar] Komar, P. and et. al., "A Quantum Network of Clocks", 1262 2013, . 1264 [Lipinska] 1265 Lipinska, V. and et. al., "Verifiable Hybrid Secret 1266 Sharing with Few Qubits", Physical Review A, American 1267 Physical Society, 2020, 1268 . 1270 [Lo] Lo, H. and et. al., "Experimental Demonstration of Phase- 1271 Remapping Attack in a Practical Quantum Key Distribution 1272 System", Physical Review Letters, American Physical 1273 Society, 2012, 1274 . 1276 [NISTIR8240] 1277 Alagic, G. and et. al., "Status Report on the First Round 1278 of the NIST Post-Quantum Cryptography Standardization 1279 Process", NISTIR 8240, 2019, 1280 . 1283 [Pal] Pal, S. and et. al., "Multi-partite Quantum Entanglement 1284 versus Randomization: Fair and Unbiased Leader Election in 1285 Networks", 2003, 1286 . 1288 [Preskill] 1289 Preskill, J., "Quantum Computing in the NISQ Era and 1290 Beyond", 2018, . 1292 [Proctor] Proctor, T. and et. al., "Multiparameter Estimation in 1293 Networked Quantum Sensors", Physical Review 1294 Letters, American Physical Society, 2018, 1295 . 1298 [PZhang] Zhang, P. and et. al., "Integrated Relay Server for 1299 Measurement-Device-Independent Quantum Key Distribution", 1300 2019, . 1302 [Qin] Qin, H., "Towards Large-Scale Quantum Key Distribution 1303 Network and Its Applications", 2019, 1304 . 1307 [QZhang] Zhang, Q., Hu, F., Chen, Y., Peng, C., and J. Pan, "Large 1308 Scale Quantum Key Distribution: Challenges and Solutions", 1309 Optical Express, OSA, 2018, 1310 . 1312 [Renner] Renner, R., "Security of Quantum Key Distribution", 2006, 1313 . 1315 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1316 Requirement Levels", BCP 14, RFC 2119, 1317 DOI 10.17487/RFC2119, March 1997, 1318 . 1320 [RFC7258] Farrell, S. and H. Tschofenig, "Pervasive Monitoring Is an 1321 Attack", BCP 188, RFC 7258, DOI 10.17487/RFC7258, May 1322 2014, . 1324 [Taherkhani] 1325 Taherkhani, M., Navi, K., and R. Van Meter, "Resource- 1326 Aware System Architecture Model for Implementation of 1327 Quantum Aided Byzantine Agreement on Quantum Repeater 1328 Networks", Quantum Science and Technology, IOP, 2017, 1329 . 1331 [Treiber] Treiber, A. and et. al., "A Fully Automated Entanglement- 1332 based Quantum Cyptography System for Telecom Fiber 1333 Networks", New Journal of Physics, 11, 045013, 2009, 1334 . 1336 [VanMeter01] 1337 Van Meter, R. and et. al., "Distributed Arithmetic on a 1338 Quantum Multicomputer", 33rd International Symposium on 1339 Computer Architecture (ISCA) IEEE, 2006, 1340 . 1342 [VanMeter02] 1343 Van Meter, R. and et. al., "Architecture of a Quantum 1344 Multicompuer Optimized for Shor's Factoring Algorithm", 1345 2006, . 1347 [Wehner] Wehner, S., Elkouss, D., and R. Hanson, "Quantum internet: 1348 A vision for the road ahead", Science 362, 2018, 1349 . 1352 [XZhang] Zhang, X. and et. al., "A Hybrid Universal Blind Quantum 1353 Computation", Information Sciences, Elsevier, 2009, 1354 . 1357 [Yimsiriwattana] 1358 Yimsiriwattana, A. and et. al., "Generalized GHZ States 1359 and Distributed Quantum Computing", 2004, 1360 . 1362 [YudongCao] 1363 Cao, Y. and et. al., "Quantum Chemistry in the Age of 1364 Quantum Computing", Chemical Reviews, ACS Publications, 1365 2019, . 1367 [Zhandry] Zhandry, M., "Quantum Lightning Never Strikes the Same 1368 State Twice", 38th Annual International Conference on the 1369 Theory and Applications of Cryptographic Techniques, 1370 Darmstadt, Germany, May 19-23, 2019, Proceedings, Part 1371 III, 2019, . 1373 [Zhao] Zhao, Y., "Development of Quantum Key Distribution and 1374 Attacks against it", Journal of Physics, J. Phys, 2018, 1375 . 1378 Authors' Addresses 1380 Chonggang Wang 1381 InterDigital Communications, LLC 1382 1001 E Hector St 1383 Conshohocken 19428 1384 USA 1386 Email: Chonggang.Wang@InterDigital.com 1388 Akbar Rahman 1389 InterDigital Communications, LLC 1390 1000 Sherbrooke Street West 1391 Montreal H3A 3G4 1392 Canada 1394 Email: rahmansakbar@yahoo.com 1396 Ruidong Li 1397 Kanazawa University 1398 4-2-1 Nukui-Kitamachi 1399 Kakuma-machi, Kanazawa City 920-1192 1400 Japan 1402 Email: lrd@se.kanazawa-u.ac.jp 1403 Melchior Aelmans 1404 Juniper Networks 1405 Boeing Avenue 240 1406 Schiphol-Rijk 1119 PZ 1407 The Netherlands 1409 Email: maelmans@juniper.net 1411 Kaushik Chakraborty 1412 The University of Edinburgh 1413 10 Crichton Street 1414 Edinburgh EH8 9AB, Scotland 1415 UK 1417 Email: kchakrab@exseed.ed.ac.uk