Quantum communication also has many different technical schemes in engineering implementation, which are also called protocols, such as BB84 protocol, E9 1 protocol, B92 protocol, MDI-QKD protocol, etc. These protocols have their own advantages and different security performance. Therefore, it is meaningless to argue whether quantum communication is safe. What we should really care about is whether a certain protocol of quantum communication is secure. Therefore, it is usually "the layman looks at the principle and the expert looks at the agreement."
All quantum communication projects built in China use the improved version of BB84 protocol-decoy state. This technical scheme has many serious security risks at the measuring end [1], and there is no proper solution so far. This is not my subjective judgment. In the paper published by the quantum communication team of China University of Science and Technology, it is written in black and white:
"Although security patches can resist some attacks (on the measurement side), the patch countermeasures themselves may open other vulnerabilities. As a result, this may introduce another layer of security risks (see: Huang et al., 2016a; Money, etc, 2019; Sajeed et al., 20 15b). In addition, the main problem with security patches is that they can only block known attacks. For a potentially unknown attack, countermeasures may fail. Therefore, the security patch is only temporary and has violated the information theory security framework of QKD. " [2]。
Therefore, all the established quantum communication trunk lines are not absolutely safe, on the contrary, they are absolutely unsafe. There are objective factors that cause today's embarrassing situation, but the subjective mistakes of quantum communication promoters are the main responsibility.
There is a good package solution to solve the security risks of the measuring terminal, namely "Measuring Device Independent Quantum Key Distribution" (MDI-QKD) protocol. MDI-QKD protocol was born in 20 12. In 20 13 years, several laboratories successfully implemented the scheme. By 20 16, MDI-QKD has greatly improved its main technical performance, such as transmission distance and key coding rate, and has the possibility of replacing the old BB84 scheme.
The Beijing-Shanghai quantum communication trunk line was established on 20 13. After the birth of MDI-QKD, MDI-QKD became more and more mature in the construction period. If the project is delayed a little, the whole project can adopt the advanced MDI-QKD scheme, and the Beijing-Shanghai quantum communication trunk line at least need not worry about the safety risk of the measuring end.
The most puzzling thing is that the main lines of quantum communication, such as Hu He, Han Jing and Han Guang, were established in 20 18. At this time, MDI-QKD technology is quite mature, but it is still rejected by engineering decision makers, and it is difficult to justify it anyway.
Compared with the current BB84 cheating mode, the engineering cost of MDI-QKD will be higher, and the key formation rate may be lower. However, the goal of quantum communication engineering is to establish a high-security key distribution facility, so the engineering cost and coding rate should not be the main considerations, at least not to sacrifice security in order to save engineering cost and improve coding rate, otherwise what is the significance of establishing quantum communication engineering?
The only explanation is that the initiator of the quantum communication project did not intend to build an absolutely secure key distribution trunk from the beginning. They put water on safety standards from the beginning of the project, and their decision to give up using MDI-QKD scheme is the best proof.
The reason why the promoters of quantum communication engineering refuse to adopt MDI-QKD may be "race against time", but judging from the time node in the above figure, this excuse is very reluctant. Even in order to use MDI-QKD, is it definitely more beneficial than harmful to move the Beijing-Shanghai quantum communication project back a few years? After all, engineering construction is a century-long plan, and safety guarantee should be overwhelming.
In fact, the urgency of quantum communication engineering simply does not exist. Quantum communication engineering only distributes a random number to both communication parties by physical means, and uses it as the key of encryption and decryption, which is also called quantum key distribution QKD. You know, long before QKD appeared, there were many mature and effective key distribution technologies. QKD is neither the only scheme of key distribution nor a safe and effective scheme.
At present, key distribution mainly uses symmetric cryptography on enterprise private network and public key cryptography on Internet. Theoretically speaking, the threat of quantum computer password cracking is only effective for public-key cryptography, and high-end top secret information is rarely spread on the Internet, so even if QKD can replace public-key cryptography, its significance is very limited, if it can be done.
Moreover, large practical quantum computers are still in the last days, and public key cryptography is far from as fragile as advertised. Public key cryptography (PQC) is more mature and effective than quantum communication (QKD), and it can deal with future quantum attacks.
Therefore, fundamentally speaking, the quantum communication project is unnecessary and even less urgent. The present situation that the Beijing-Shanghai quantum communication trunk line has been built for more than three years is the best annotation. If the quantum communication project is an indispensable war preparation project for the country, it should be accelerated, but the progress of the national quantum communication backbone line has not been accelerated, but it has been slower year by year, which once again proves that the urgency of the quantum communication project is completely false.
Although the quantum communication project is not urgent at all in terms of national interests, some interest groups that design and produce quantum communication equipment have their own plans. For them, it is most important to sell their products as soon as possible, and listing on the science and technology innovation board is even more urgent.
Products were sold to governments at all levels in a hurry, and scientific and technological innovation boards were also listed. However, the remaining quantum communication trunk lines used the old scheme full of security loopholes, but did not adopt MDI-QKD technical scheme, knowing that there were safer ones, which made the future development of the project fall into a deep predicament.
Because MDI-QKD is not compatible with the old scheme BB84, if the new scheme MDI-QKD is adopted in the new project, the completed quantum communication trunk line must be completely dismantled, otherwise the new quantum communication trunk line will have to continue to use the old scheme. This is an important reason why quantum communication engineering is in trouble today. It can be said that "one careless move will lose the whole game."
It should be pointed out that MDI-QKD is only a relatively good scheme to solve the hidden danger of QKD at the measuring end in quantum communication, and it is not an absolutely safe scheme. Moreover, the security problem of quantum communication is far from just at the measuring end. In recent years, several security vulnerabilities have been found in the light source of MDI-QKD, and there is no complete and effective countermeasure so far [4]. There are more and more serious problems in QKD trusted relay station, and it is difficult to have an engineering solution in the foreseeable future [5].
The quantum communication project is "smoking everywhere, catching fire everywhere" from the light source to the trusted relay station to the measuring end, and it is not safe and reliable from beginning to end. In the field with high security requirements, it is impossible to use quantum communication engineering to distribute keys, so quantum communication products can not enter the national core password and ordinary password system so far. In fact, according to the current situation, whether quantum communication products can pass the commercial password standard audit must be put in a question mark. Quantum communication project is "embroidered pillow and a bag of grass".
In fact, what distastes me is far from the incompetence of quantum communication, but the beautiful aura it wears.
reference data
[1] The security risks of QKD detection terminals can be summarized as follows:
Among these hidden dangers in QKD detection, "detector control attack" is the most complicated and serious. The detector control attack can be subdivided into: detector blinding attack; Detector backdoor attack; Detector superlinear attack.
[2] "Secure quantum key distribution using real devices" on page 36.
[3] In the actual QKD system, the imperfection of equipment leads to a series of security vulnerabilities, and there are various attack schemes for these security vulnerabilities. In 20 12, Hoi-Kwong Lo of the university of Toronto and others proposed the quantum key distribution (MDI-QKD) independent of measuring devices, which blocked the loopholes of all measuring terminals in the QKD system. In MDI-QKD, Alice and Bob prepare BB84 weak coherent states at random, and then send them to Charlie, an untrusted third party, for bell state measurement. According to the bell state measurement results released by Charlie, Alice and Bob establish a security key. MDI-QKD can be equivalent to time reversal BBM92 protocol.
[4] Introduce a scientific paper on the security of quantum communication.
[5] The third dilemma of quantum communication technology: extremely insecure trusted relay station.