Technologies such as quantum sensing, quantum computing, and Advanced Secure Communications leverage physics to gain advantage over classical technologies.
To scale these technologies, entanglement-based networks can be used to distribute entanglement over long distances. This article discusses how entanglement can be securely verified, an important step in testing entanglement-based network infrastructure and delivering Advanced Secure Communications.
Accessing Entanglement-based Networks
Entanglement-based Advanced Secure Networks can be verified at scale. To understand how this can be tested in network infrastructure, it is first important to consider how people will connect to entanglement-based networks. In general, people will use classical computers (such as laptops) to access these networks, meaning that users will only see the classical data entering and exiting the network. Despite this limitation, we identify three basic settings in which users access entanglement-based networks to perform protocols. However, as we will see later, ensuring information security in each setting requires unique assumptions to be made.
Users access entanglement-based networks using classical computers connected to the hardware.
Remote Access Scenario: Users connect to and control devices in a remote entanglement-based network managed by a third-party organization or Advanced Secure Network service provider. Since the hardware is remote, users are unable to verify the location or internal workings of the network’s devices.
Black Box Hardware Scenario: Users acquire entanglement-based devices from vendors and operate these devices to perform protocols on an entanglement-based network. The location of the device is known, however, the device’s internal software and hardware is hidden from the user.
White Box Hardware Scenario: Users possess fully characterized entanglement-based devices, and have a complete understanding of the device’s software, hardware, and operational nuances.
Many of today's entanglement-based networks are used to advance research in quantum information science and technology and require custom, white-box hardware designed for particular experiments or applications. However, vendors are beginning to sell black-box quantum devices that provide commercialized entanglement-based networking solutions. Although these black-box devices are needed to deploy and scale commercial entanglement-based networks, using black-box hardware introduces additional difficulties. Since the hardware and software of these black-box devices is hidden, users must trust the integrity of the vendor’s device. That is, the device must be trusted to securely handle sensitive classical data and to faithfully perform the entanglement-based operations specified by the user.
Adversarial Simulations of Networks
Entanglement network users only observe the classical data entering and exiting the network, making it impossible to distinguish a quantum network from its simulation. An adversary could simulate secure communications protocols classically to trick unsuspecting users into a false sense of security while the adversary gains unhindered access to the supposedly secure communications. This is why understanding how to verify your network is part of ensuring its security - much like it is with today's classical networks.
As black-box devices become more commonplace in entanglement-based networking, it becomes a natural question to ask: how do we know that a system is using entanglement? Afterall, users and software can only see the classical data entering and exiting the network. This limitation means that a user could unknowingly be connecting with a classical simulation of network rather than a true entanglement network. The potential for this kind of deception raises a fundamental question: how can a user determine if they are connected to a secure entanglement-based network, rather than a classical simulation? This can be achieved at scale through a couple different methods.
Demonstrating the presence of entanglement is essential to Advanced Secure Communication. For instance, if a vendor provides a black-box claiming it is an entanglement source, how can it be confirmed to emit entanglement? Likewise, if black-box devices are being used to implement a key distribution protocol, how can we guarantee security from eavesdroppers?
Observing the Presence of Entanglement
The question of whether an entanglement system can be distinguished from a classical simulation has great historical significance in the development of quantum mechanics. Namely, in a 1935 paper, Einstein, Podolsky, and Rosen (EPR) argued that quantum mechanics was an incomplete theory because quantum entanglement and noncommuting observables are incompatible with a classical world-view[EPR1935]. In their defense, EPR argued that a complete theory must satisfy three fundamentally classical assumptions:
- Realism: The properties of a physical are associated with an objective quantity or state that exists independently from an observer.
- Locality: A physical system’s behavior at a point in space-time is determined solely by the system’s state at that point.
- Causality: A physical system’s behavior at a point in space-time is only influenced by states in its backward light-cone and may only influence states in its forward light-cone.
The EPR paradox of whether quantum theory described reality or not was resolved a few decades later in 1964 when J.S Bell devised a thought experiment that distinguished the predictions of classical theory from quantum theory[Bell1964]. The thought experiment goes as follows: suppose that classical randomness is shared between two noncommunicating parties, Alice and Bob, who each use the randomness to perform an operation on their local data. The assumptions of realism, locality, and causality place constraints on the joint correlations between Alice and Bob allowed in a classical system. Now, if quantum theory is considered instead, Alice and Bob can share an entangled state instead of classical randomness. When Alice and Bob each independently measure their half of the entangled state, they can produce joint correlations that do not satisfy the classical constraints - proving that Alice and Bob share entanglement. Hence, Bell proved that a quantum system could be distinguished from a classical system simply by looking at the correlations in the classical measurement data. The key assumption being that Alice and Bob cannot communicate, a constraint that can be enforced by Alice and Bob’s measurement devices being very far apart.
Confirming Entanglement
Shortly after, Bell’s thought experiment was extended into a practical experiment by Clauser, Horne, Shimony, and Holt (CHSH) in 1969[CHSH1969]. In this experiment, Alice and Bob are each given a binary input, x and y respectively, and each output the binary value an and b. In such a system, the classical constraints take the form of a linear inequality referred to as the CHSH inequality, where the CHSH score is a function of the joint measurement correlations between Alice and Bob. In general, the correlations of all classical theories satisfy the CHSH inequality. Remarkably, when quantum entanglement and noncommuting observables are considered, CHSH scores larger than two can be obtained. These violations of classicality demonstrate the presence of entanglement in a quantum system.
A depiction of the CHSH experiment where an entanglement source (blue) distributes entanglement to the measurement devices (orange) Alice and Bob. If Alice and Bob each measure their half of the entangled state using the appropriate noncommuting measurements, then the CHSH inequality can be violated. It is important that Alice and Bob are distant from each other (space-like separated) such that light cannot travel between them during the experiment.
It is important to note that confirming entanglement in nature requires the demonstration of a loophole-free CHSH violation where it can be asserted that no communication took place between Alice and Bob. This critical assumption can be proven to hold as long as the physical locations of Alice and Bob’s devices are known. Namely, if each round of the CHSH experiment can be completed faster than light can travel from Alice to Bob, then no communication could have taken place. Although other loopholes exist, our discussion is mainly concerned with ensuring that no hidden side-channel communication is present.
In 1981, Alain Aspect experimentally demonstrated the first quantum violation of the CHSH inequality[Aspect1981]. Quantum technologies improved, so did the precision and accuracy of these experiments, eventually confirming the presence of entanglement in nature. These initial results spurred the broad field of study referred to as Bell nonlocality[Brunner2014], or more generally, quantum nonclassicality, in which recent investigations have revealed that entanglement and quantum communication in network settings broadly lead to violations of classicality. These violations not only validate that nature is quantum mechanical, but they enable quantum systems to be distinguished from similar classical systems. In the remainder of this blog, we focus on CHSH violations and how they can be applied in entanglement-based networks to demonstrate the presence of entanglement and to rule out the possibility of adversarial classical simulation.
Certification and Verification of Entanglement Resources
A device-independent entanglement certification protocol[Bowles2018]. A trusted third party or referee tests a network's quantum resources, producing a certificate that affirms the quality of the quantum resources. The certificate can simply be the CHSH score where entanglement is confirmed when the CHSH score violates the classical bound.
The CHSH inequality is a powerful tool for validating entanglement in a quantum network. The goal of certification and verification is to test the quality of entanglement. In general, certification refers to the case when a trusted third party or referee tests an entanglement-based network. Similarly, verification refers to the case when network users test an entanglement-based network. In both cases, entanglement is consumed during testing, making it impossible to test entanglement prior to using it in a network protocol. In practice, a portion of all entanglement produced in a network must be dedicated to certification and verification, and the resulting CHSH scores must be monitored over time.
Since entanglement-based networks will ultimately be constructed using black-box devices and diverse hardware platforms, it is crucial to develop tests for entanglement that are agnostic of the underlying hardware. Device-independent entanglement certification is a robust approach to certification that is both hardware-agnostic and cannot be exploited given that the core assumptions hold. In this method, a referee certifies the entanglement between two devices independently from the devices’ hardware or software. The certification process requires a loophole-free violation of the CHSH inequality to be demonstrated, verifying that quantum correlations are present.
Device-Independent Key Distribution
Alice and Bob want to use black-box entanglement-based hardware to perform an entanglement-based key distribution protocol. By randomly interleaving device-independent entanglement certification with a key distribution protocol the users are able to simultaneously verify the entanglement source and distribute a secret key. After Alice and Bob have recorded their measurement results, they communicate over a public classical channel to determine if the CHSH inequality is violated and to check the correctness of their secret keys.
The CHSH violation can be extended as a device-independent entanglement-based key distribution protocol[Vazirani2019]. Here, two network users, Alice and Bob, use trusted black-box devices and entanglement produced by an untrusted entanglement-based network. If the key distribution is performed faithfully, then a maximal CHSH violation is obtained, validating that entanglement was used and showing that no eavesdropper was present. Any deviation from the optimal measurements and entangled state preparations is observed as decreasing the CHSH violation. If the CHSH violation is not sufficiently large, then no key is generated. In general, device-independent key distribution combines certification and key distribution to ensure that keys are only distributed using entanglement, reinforcing their security from eavesdroppers.
It is important to note that there is nothing stopping a black-box device from copying the secret key generated during the protocol. Thus, the black-box device must be trusted to handle sensitive data securely. The merit of using device-independent key distribution is that the entanglement-based hardware does not need to be characterized, making the protocol hardware-agnostic. Thus, this protocol could be deployed securely on any hardware platform, without the black-box’s vendor needing to disclose complete information about the device, which may need to remain private to protect intellectual property.
Preventing Hidden Side Channel Communication Simulating a Secure Network
Malicious black-box devices could use a hidden side-channel to classically simulate the nonclassical behaviors such as violations of the CHSH inequality. The users perceive their black-boxes as connecting over the entanglement-based network, but really Black-box A and Black-box B communicate with each other over the hidden side-channel.
The security of entanglement certification and device-independent key distribution relies on there being no classical side-channel allowing Alice and Bob’s entanglement-based devices to communicate. The trouble is that the CHSH violation can be reproduced if Alice can communicate one bit to Bob. Adversarial devices could then simulate entanglement by communicating over the classical side-channel, giving any party with access to the side-channel unfettered access to the secret key. It is thus an objective to ensure that no hidden side-channels exist.
When white-box quantum hardware is used, it is trivial to know if a side-channel exists because the system is transparent and fully characterized. However, white-boxes are idealistic, because it is not always simple to know whether or not a device has been tampered with. On the other hand, when black-box quantum hardware is used, there is no way for a device’s operator to know if a side-channel exists because the device is not characterized.
Nevertheless, a simple solution exists to rule out the possibility of a hidden side-channel. That is, a loophole free CHSH violation can be demonstrated. Namely, if each shot of the CHSH experiment is performed fast enough, light cannot travel from Alice to Bob during the experiment. Thus, as loophole-free violations of the CHSH inequality were used to verify the presence of entanglement in nature, these same experiments can be used to verify the presence of entanglement in networks using black-box devices.
Practical Entanglement-based Security
Building trust in entanglement-based networks becomes paramount as users begin to interact with uncharacterized entanglement-based devices. To achieve Advanced Secure Communications, it is important to verify entanglement resources, and it is essential to understand the assumptions necessary for security in each network access setting.
A network service provider must be trusted to securely handle sensitive classical data and to faithfully be using entanglement-based hardware. To build trust in the remote entanglement-based network, the network service provider could give a trusted third party or referee direct access to the network’s devices. The referee could then produce a public certificate that affirms the quality of the network’s entanglement. By demonstrating high quality entanglement, a network service provider can help build trust.
When black-box devices are used to access the entanglement-based network, the security is improved somewhat because users know the location of their devices. This allows users to demonstrate a loophole-free CHSH violation, proving that no hidden side-channel exists and witnessing the presence of entanglement. Similarly, protocols such as device-independent key distribution apply these ideas to develop hardware-agnostic protocols that run securely on uncharacterized hardware. However, the security of device-independent protocols requires that the device securely handles sensitive classical data. This constraint can only be met by trusting the integrity of a hardware vendor’s devices.
White-box device access scenarios provide the highest level of security. Since users have complete knowledge of a device’s hardware and software, the device can be confirmed to securely handle sensitive classical data and the entanglement-based hardware can be confirmed to faithfully perform a particular measurement. Although it is important to test the quality of the provided entanglement using methods such as device-independent entanglement certification, entanglement-based key distribution protocols such as BBM92 are secure provided that the measurements are known. The catch is that white-box hardware is idealistic. In realistic scenarios, it might be difficult to know if a device has been tampered with, or individual components of the device might not be fully characterized.
To ensure that the future is secure, it is important to ensure the quality of entanglement through certification and verification. To create the bedrock of Advanced Secure Communications we must develop a robust framework for testing entanglement resources, establish trust between vendors, service providers, and network users, and create standards and regulatory bodies for certifying resources in network infrastructure.
For more details on this topic, please see our on-demand webinar “Certifying Resources in Network Infrastructure.”
References:
[EPR1935] Einstein, A., Podolsky, B., & Rosen, N. (1935). “Can quantum-mechanical description of physical reality be considered complete?.” Physical review, 47(10), 777.
[Bell1964] Bell, J. S. (1964). “On the einstein podolsky rosen paradox.” Physics Physique Fizika, 1(3), 195.
[CHSH1969] Clauser, J. F., Horne, M. A., Shimony, A., & Holt, R. A. (1969). “Proposed experiment to test local hidden-variable theories.” Physical review letters, 23(15), 880.
[Aspect1981] Aspect, A., Grangier, P., & Roger, G. (1981). “Experimental tests of realistic local theories via Bell's theorem.” Physical review letters, 47(7), 460.
[Brunner2014] Brunner, N., Cavalcanti, D., Pironio, S., Scarani, V., & Wehner, S. (2014). Bell nonlocality. Reviews of modern physics, 86(2), 419.
[Bowles2018] Bowles, J., Šupić, I., Cavalcanti, D., & Acín, A. (2018). Device-independent entanglement certification of all entangled states. Physical review letters, 121(18), 180503.
[Vazirani2019] Vazirani, U., & Vidick, T. (2019). “Fully device independent quantum key distribution.” Communications of the ACM, 62(4), 133-133.
