Quantum technologies such as quantum sensing, quantum computing, and quantum secure communications leverage quantum physics to gain advantage over classical technologies.
To scale quantum technologies, entanglement-based quantum networks can be used to distribute entanglement over long distances. This article discusses how quantum entanglement can be securely verified, an important step in testing quantum network infrastructure and delivering Quantum Secure Communications.
Quantum Network Access
To understand how quantum entanglement can be tested in network infrastructure, it is first important to consider how people will connect to entanglement-based quantum networks. In general, people will use classical computers (such as laptops) to access quantum networks, meaning that users will only see the classical data entering and exiting the network. Despite this limitation, we identify three basic settings in which users access quantum networks to perform protocols. However, as we will see later, ensuring information security in each setting requires unique assumptions to be made.
Users access quantum networks using classical computers connected to quantum hardware.
Remote Access Scenario: Users connect to and control devices in a remote quantum network managed by a third-party organization or quantum network service provider. Since the hardware is remote, users are unable to verify the location or internal workings of the network’s devices.
Black Box Hardware Scenario: Users acquire quantum devices from vendors and operate these devices to perform protocols on a quantum network. The location of the device is known, however, the device’s internal software and hardware is hidden from the user.
White Box Hardware Scenario: Users possess fully characterized quantum devices, and have a complete understanding of the device’s software, hardware, and operational nuances.
Today’s quantum networks are used to advance research in quantum information science and technology and require custom, white-box hardware designed for particular experiments or applications. However, vendors are beginning to sell black-box quantum devices that provide commercialized quantum networking solutions. Although these black-box quantum devices are needed to deploy and scale commercial quantum networks, using black-box hardware introduces additional difficulties. Since the hardware and software of these black-box devices is hidden, users must trust the integrity of the vendor’s device. That is, the device must be trusted to securely handle sensitive classical data and to faithfully perform the quantum operations specified by the user.
Adversarial Simulations of Quantum Networks
Quantum network users only observe the classical data entering and exiting the network, making it impossible to distinguish a quantum network from its simulation. An adversary could simulate quantum secure communications protocols classically to trick unsuspecting users into a false sense of security while the adversary gains unhindered access to the supposedly secure quantum communications.
As black-box devices become more commonplace in quantum networking, it becomes a natural question to ask: how do we know that a system is quantum? Afterall, users and software can only see the classical data entering and exiting the network. This limitation means that a user could unknowingly be connecting with a classical simulation of quantum network rather than a true quantum network. The potential for this kind of deception raises a fundamental question: how can a user determine if they are connected to a secure entanglement-based network, rather than a classical simulation?
Demonstrating the presence of entanglement is essential to Quantum Secure Communication. For instance, if a vendor provides a black-box claiming it is an entanglement source, how can it be confirmed to emit entanglement? Likewise, if black-box devices are being used to implement a quantum key distribution protocol, how can we guarantee security from eavesdroppers?
Observing the Presence of Entanglement
The question of whether a quantum system can be distinguished from a classical simulation has great historical significance in the development of quantum mechanics. Namely, in a 1935 paper, Einstein, Podolsky, and Rosen (EPR) argued that quantum mechanics was an incomplete theory because quantum entanglement and noncommuting observables are incompatible with a classical world-view[EPR1935]. In their defense, EPR argued that a complete theory must satisfy three fundamentally classical assumptions:
- Realism: The properties of a physical are associated with an objective quantity or state that exists independently from an observer.
- Locality: A physical system’s behavior at a point in space-time is determined solely by the system’s state at that point.
- Causality: A physical system’s behavior at a point in space-time is only influenced by states in its backward light-cone and may only influence states in its forward light-cone.
The EPR paradox of whether quantum theory described reality or not was resolved a few decades later in 1964 when J.S Bell devised a thought experiment that distinguished the predictions of classical theory from quantum theory[Bell1964]. The thought experiment goes as follows: suppose that classical randomness is shared between two noncommunicating parties Alice and Bob who each use the randomness to perform an operation on their local data. The assumptions of realism, locality, and causality place constraints on the joint correlations between Alice and Bob allowed in a classical system. Now, if quantum theory is considered instead, Alice and Bob can share an entangled state instead of classical randomness. When Alice and Bob each independently measure their half of the entangled state, they can produce joint correlations that do not satisfy the classical constraints. Hence Bell proved that a quantum system could be distinguished from a classical system simply by looking at the correlations in the classical measurement data. The key assumption being that Alice and Bob cannot communicate, a constraint that can be enforced by Alice and Bob’s measurement devices being very far apart.
A depiction of the CHSH experiment where an entanglement source (blue) distributes entanglement to the measurement devices (orange) Alice and Bob. If Alice and Bob each measure their half of the entangled state using the appropriate noncommuting measurements, then the CHSH inequality can be violated. It is important that Alice and Bob are distant from each other (space-like separated) such that light cannot travel between them during the experiment.
Shortly after, Bell’s thought experiment was extended into a practical experiment by Clauser, Horne, Shimony, and Holt (CHSH) in 1969[CHSH1969]. In this experiment, Alice and Bob are each given a binary input, x and y respectively, and each output the binary value an and b. In such a system, the classical constraints take the form of a linear inequality referred to as the CHSH inequality, where the CHSH score is a function of the joint measurement correlations between Alice and Bob. In general, the correlations of all classical theories satisfy the CHSH inequality. Remarkably, when quantum entanglement and noncommuting observables are considered, CHSH scores larger than two can be obtained. These violations of classicality demonstrate the presence of entanglement in a quantum system.
It is important to note that confirming entanglement in nature requires the demonstration of a loophole-free CHSH violation where it can be asserted that no communication took place between Alice and Bob. This critical assumption can be proven to hold as long as the physical locations of Alice and Bob’s devices are known. Namely, if each round of the CHSH experiment can be completed faster than light can travel from Alice to Bob, then no communication could have taken place. Although other loopholes exist, our discussion is mainly concerned with ensuring that no hidden side-channel communication is present.
In 1981, Alain Aspect experimentally demonstrated the first quantum violation of the CHSH inequality[Aspect1981]. Quantum technologies improved, so did the precision and accuracy of these experiments, eventually confirming the presence of quantum entanglement in nature. These initial results spurred the broad field of study referred to as Bell nonlocality[Brunner2014], or more generally, quantum nonclassicality, in which recent investigations have revealed that entanglement and quantum communication in network settings broadly lead to violations of classicality. These violations not only validate that nature is quantum mechanical, but they enable quantum systems to be distinguished from similar classical systems. In the remainder of this blog, we focus on CHSH violations and how they can be applied in quantum networks to demonstrate the presence of entanglement and to rule out the possibility of adversarial classical simulation.
Certification and Verification of Quantum Resources
A device-independent entanglement certification protocol[Bowles2018]. A trusted third party or referee tests a network's quantum resources, producing a certificate that affirms the quality of the quantum resources. The certificate can simply be the CHSH score where entanglement is confirmed when the CHSH score violates the classical bound.
The CHSH inequality is a powerful tool for validating entanglement in a quantum network. The goal of certification and verification is to test the quality of quantum entanglement. In general, certification refers to the case when a trusted third party or referee tests a quantum network. Similarly, verification refers to the case when network users test a quantum network. In both cases, entanglement is consumed during testing, making it impossible to test entanglement prior to using it in a network protocol. In practice, a portion of all entanglement produced in a network must be dedicated to certification and verification, and the resulting CHSH scores must be monitored over time.
Since quantum networks will ultimately be constructed using black-box devices and diverse hardware platforms, it is crucial to develop tests for quantum entanglement that are agnostic of the underlying hardware. Device-independent entanglement certification is a robust approach to certification that is both hardware-agnostic and cannot be exploited given that the core assumptions hold. In this method, a referee certifies the entanglement between two devices independently from the devices’ hardware or software. The certification process requires a loophole-free violation of the CHSH inequality to be demonstrated, verifying that quantum correlations are present.
Device-Independent Quantum Key Distribution
Alice and Bob want to use black-box quantum hardware to perform an entanglement-based key distribution protocol. By randomly interleaving device-independent entanglement certification with a key distribution protocol the users are able to simultaneously verify the entanglement source and distribute a secret key. After Alice and Bob have recorded their measurement results, they communicate over a public classical channel to determine if the CHSH inequality is violated and to check the correctness of their secret keys.
The CHSH violation can be extended as a device-independent quantum key distribution protocol[Vazirani2019]. Here, two network users, Alice and Bob, use trusted black-box devices and entanglement produced by an untrusted quantum network. If the key distribution is performed faithfully, then a maximal CHSH violation is obtained, validating that entanglement was used and showing that no eavesdropper was present. Any deviation from the optimal measurements and entangled state preparations is observed as decreasing the CHSH violation. If the CHSH violation is not sufficiently large, then no key is generated. In general, device-independent key distribution combines certification and key distribution to ensure that keys are only distributed using entanglement, reinforcing their security from eavesdroppers.
It is important to note that there is nothing stopping a black-box device from copying the secret key generated during the protocol. Thus, the black-box device must be trusted to handle sensitive data securely. The merit of using device-independent key quantum key distribution is that the quantum hardware does not need to be characterized, making the protocol hardware-agnostic. Thus, this protocol could be deployed securely on any hardware platform, without the black-box’s vendor needing to disclose complete information about the device, which may need to remain private to protect intellectual property.
Preventing Hidden Side Channel Communication Simulating a Quantum Network
Malicious black-box devices could use a hidden side-channel to classically simulate the nonclassical behaviors such as violations of the CHSH inequality. The users perceive their black-boxes as connecting over the quantum network, but really Black-box A and Black-box B communicate with each other over the hidden side-channel.
The security of entanglement certification and device-independent quantum key distribution relies on there being no classical side-channel allowing Alice and Bob’s quantum devices to communicate. The trouble is that the CHSH violation can be reproduced if Alice can communicate one bit to Bob. Adversarial quantum devices could then simulate entanglement by communicating over the classical side-channel, giving any party with access to the side-channel unfettered access to the secret key. It is thus an objective to ensure that no hidden side-channels exist.
When white-box quantum hardware is used, it is trivial to know if a side-channel exists because the system is transparent and fully characterized. However, white-boxes are idealistic, because it is not always simple to know whether or not a device has been tampered with. On the other hand, when black-box quantum hardware is used, there is no way for a device’s operator to know if a side-channel exists because the device is not characterized.
Nevertheless, a simple solution exists to rule out the possibility of a hidden side-channel. That is, a loophole free CHSH violation can be demonstrated. Namely, if each shot of the CHSH experiment is performed fast enough, light cannot travel from Alice to Bob during the experiment. Thus, as loophole-free violations of the CHSH inequality were used to verify the presence of entanglement in nature, these same experiments can be used to verify the presence of entanglement in networks using black-box devices.
Practical Quantum Security
Building trust in quantum networks becomes paramount as users begin to interact with uncharacterized quantum devices. To achieve Quantum Secure Communications, it is important to verify quantum resources such as entanglement, and it is essential to understand the assumptions necessary for security in each quantum network access setting.
When quantum networks are accessed remotely over a classical channel, their security is no stronger than existing approaches for classical systems because all secure communications are passing through a classical channel. Additionally, the network service provider must be trusted to securely handle sensitive classical data and to faithfully be using quantum hardware. To build trust in the remote quantum network, the network service provider could give a trusted third party or referee direct access to the network’s quantum devices. The referee could then produce a public certificate that affirms the quality of the quantum network’s entanglement. By demonstrating high quality quantum entanglement, a network service provider can help build trust.
When black-box devices are used to access the quantum network, the security is improved somewhat because users know the location of their devices. This allows users to demonstrate a loophole-free CHSH violation, proving that no hidden side-channel exists and witnessing the presence of entanglement. Similarly, protocols such as device-independent key distribution apply these ideas to develop hardware-agnostic protocols that run securely on uncharacterized quantum hardware. However, the security of device-independent protocols requires that the device securely handles sensitive classical data. This constraint can only be met by trusting the integrity of a hardware vendor’s devices.
White-box device access scenarios provide the highest level of security. Since users have complete knowledge of a device’s hardware and software, the device can be confirmed to securely handle sensitive classical data and the quantum hardware can be confirmed to faithfully perform a particular measurement. Although it is important to test the quality of the provided entanglement using methods such as device-independent entanglement certification, entanglement-based key distribution protocols such as BBM92 are secure provided that the measurements are known. The catch is that white-box hardware is idealistic. In realistic scenarios, it might be difficult to know if a device has been tampered with, or individual components of the device might not be fully characterized.
To ensure that the quantum future is secure, it is important to ensure the quality of quantum entanglement through certification and verification. To create the bedrock of quantum secure communications we must develop a robust framework for testing quantum resources, establish trust between vendors, service providers, and quantum network users, and create standards and regulatory bodies for certifying quantum resources in network infrastructure.
For more details on this topic, please see our on-demand webinar “Certifying Quantum Resources in Network Infrastructure.”
References:
[EPR1935] Einstein, A., Podolsky, B., & Rosen, N. (1935). “Can quantum-mechanical description of physical reality be considered complete?.” Physical review, 47(10), 777.
[Bell1964] Bell, J. S. (1964). “On the einstein podolsky rosen paradox.” Physics Physique Fizika, 1(3), 195.
[CHSH1969] Clauser, J. F., Horne, M. A., Shimony, A., & Holt, R. A. (1969). “Proposed experiment to test local hidden-variable theories.” Physical review letters, 23(15), 880.
[Aspect1981] Aspect, A., Grangier, P., & Roger, G. (1981). “Experimental tests of realistic local theories via Bell's theorem.” Physical review letters, 47(7), 460.
[Brunner2014] Brunner, N., Cavalcanti, D., Pironio, S., Scarani, V., & Wehner, S. (2014). Bell nonlocality. Reviews of modern physics, 86(2), 419.
[Bowles2018] Bowles, J., Šupić, I., Cavalcanti, D., & Acín, A. (2018). Device-independent entanglement certification of all entangled states. Physical review letters, 121(18), 180503.
[Vazirani2019] Vazirani, U., & Vidick, T. (2019). “Fully device independent quantum key distribution.” Communications of the ACM, 62(4), 133-133.
