Post Quantum-Cryptography is the Off-Ramp on the On-Road to the Quantum Internet

In 1977, Rivest, Shamir, and Adleman proposed the first Public Key Encryption system, that now secures all of our financial data and much of our government data. 

The security rested on one premise, "We don't think computers can quickly factor large numbers." While the jury is still out on whether classical computers can quickly factor large numbers, we now know that quantum computers can quickly factor large numbers. 

I was at a meeting on quantum technologies on July 5th, 2018, in Munich. There, a chief scientist from Intel informed us that their conservative estimate for a universal quantum computer was 10 years. I asked, "Ten years or more?" She replied, "Ten years or less." 

Today the USA is ahead in the development of quantum computers. That lead will not last long. 

In part, due to that evanescent lead, the Chinese have decided to move to a quantum cryptography based system, which is immune to attacks by even a quantum computer. And they have invested $30B to develop a quantum computer of their own. 

In the meantime, the USA response to this threat is not to invest in a provably secure quantum cryptosystem, but rather to move to a "new" public-key crypto-system, post quantum-cryptograpy, which they hope—but cannot prove!—is immune to an attack by even a quantum computer. 

This is the US National Security Agency position on the matter, and their protocols are being tested, quantified, and standardized by the US National Institute of Science and Technology—ready soon to be rolled out.  

This is a fool's errand. 

This US approach to the threat posed by quantum computers is simplistic, nearsighted, and dangerous. 

Quantum key distribution uses an unbreakable one-time pad. This scheme is used by the US diplomatic corps, the CIA, and for the nuclear launch codes. Currently, the launch codes are distributed to the missile silos on 3.5" floppies driven around by a guy in a truck. Surely we can do better than that? 

And why are diplomatic communications, intelligence communications, and the nuclear launch codes secured with one-time pads? It is because that the users of these systems do not trust public key encryption, since it is not provable secure. Moving to a different un-provably secure public-key encryption system does not change this reality. 

The move embrace post quantum-cryptography is a move away from developing a quantum internet, for which no such public key is needed. The quantum internet is automatically secured by quantum cryptography. 

To quote myself, " The future of the quantum Internet is in photons and the short circuiting of the development of optical quantum information processors in the United States means that the future quantum Internet will have 'Made in China' stamped all over it." — Schrödinger's Killer App (2013). 

The future of the the quantum internet is certainly not post quantum-cryptography. 

We have a completely unbreakable quantum key distribution protocol — why the hell don't we use it!?

Post quantum-cryptography is a small band-aid on an arterial wound. 

A Brief History of The "Second Quantum Revolution"

I'm preparing a talk to present next week in Brisbane, Australia, to celebrate Gerard Milburn's 60th birthday, and I plan to focus on a paper we wrote together in 2002 that has now become a hot topic.

In 2002,  Milburn and I wrote the paper, "Quantum Technology — The Second Quantum Revolution" that appeared on the ArXiv in June of 2002 and was published in the proceedings of the Royal Society of London in August of 2003. The terms "quantum technology" and "second quantum revolution" have recently taken off.

Milburn had written a book in 1996 called Quantum Technology and so that phrase had been around for a while. Indeed a Google search of "quantum technology" from 1900–2000 shows hundreds of hits. However, a Google search of the same phrase over all time shows nearly 500,000 hits.

To get a better idea of the trend, using Web of Science, we find 913 peer-reviewed publications with "quantum technology" or "quantum technologies" in the title, abstract, or keywords. Here is the graph of the citations to those articles by year.

Citations by year to journal papers with "quantum technology" or "quantum technologies" in the topic.

One can see the number of citations goes from linear growth to exponential in the early 2010s.

More unique is the phrase "second quantum revolution".  According to Google, this term appears only once between 1900 and 2000, in 1997 in an unpublished manuscript, A History of Physics as an Exercise in Philosophy, by E. J. Post, on page 52, where Post writes, "This relation was to have a major role in implementing the Schroedinger wave equation; the latter and matrix mechanics set off the second quantum revolution."

Post was calling the transition from the old quantum theory of Bohr and Sommerfeld to the new quantum theory of Heisenberg and Schrödinger, "the second quantum revolution", which is not at all what Milburn and I had in mind for Quantum 2.0.  I suppose Milburn and I should have used the "third quantum revolution" but it is too late now.

If we now redo the Google search on "second quantum revolution" over all time, we get nearly 11,000 hits, as seen in the figure below. There is even a new book out with this phrase as its tile. (I hope the author Lars Jaeger cites us.)

Google gives nearly 11,000 hits for "second quantum revolution" all of which dated 2002 or greater.
Note Milburn's and my ArXiv paper appears second on the list. 

Let us now return to the Web of Science and find the citations to papers that cite Milburn's and my paper. The paper has been cited 132 times. The plot below is the number of times those 132 papers have been cited by year. Again we see a linear to exponential transition in the early 2010s.

The number of citations by year of the 132 papers that cite our original paper. 

So what are we to make of this charts? Milburn and I should have trademarked "the second quantum revolution" when we had a chance.

Palm Springs 1988 Cartoon

At the 1998 NASA Palm Springs conference on quantum computing, I showed the above cartoon before starting my talk on Friday, the last day. The monologue went something like this:

During this conference I've noticed a number of speakers presenting slides illustrating the goal of quantum computing as some far off unreachable dream castle, or slides attempting to illustrate how some large government bureaucracy is involved in quantum computing. In this cartoon I've attempted to combine both of these goals in a single slide, and also give some of my background role in government sponsored quantum computing.

So here at the bottom are the government agencies, represented by different characters from the Wizard of Oz -- or in this case --- The Wizard of Odd. Here I am, as Toto the dog, representing Army Aviation & Missile Command (AMCOM). The idea here is that most of the time it's just annoying to have a small yapping dog in your lunch basket -- but occasionally he alerts you to something you otherwise might have missed. This was the case in 1994, when I attended the International Quantum Electronics Conference (IQEC) in Anaheim (Baltimore?) in the Spring, and the International Conference on Atomic Physics (ICAP) in Boulder in the Summer. At the IQEC I first learned of the British Telecom results, where they succeeded in transmitting a quantum cryptographic key over 70 km of fiber. I contacted Henry Everitt (alias "Dorothy") at the Army Research Office (ARO) about this exciting result, and shortly thereafter the ARO planned a workshop in Tucson for the Spring of 1995 on quantum cryptography. Then, later that Summer at ICAP, Ekert gave a talk on Shor's algorithm, which began the Great Diaspora for quantum computing. It turned out that Cirac, Kimble, Wineland, Zoller, and many others from the quantum optics community were at this meeting, and they all went off afterwards to their various labs to get to work. For my part, I again contacted Everitt at the ARO about this exciting new "bolt from the blue", and it was decided to add quantum computing to agenda of the Tucson meeting. So it was that the first Army sponsored workshop on quantum cryptography and quantum computing came about in the Spring of 1995 in Tucson, Arizona, with many of the key players in the room here today present at that meeting.

Of course the Dorothy character representing the ARO in the cartoon bears no resemblance to any ARO employee, living or dead, no matter what you hear about what he does in the privacy of his own home. The ARO would like a quantum computer, of course, to plan out its logistical strategy for the invasion of Kansas.
At the Tucson meeting I met for the first time Keith Miller from the National Security Agency (NSA) -- who bears no resemblance to the Scarecrow in the cartoon, singing, "If I only had a (quantum) brain...." Keith was the only workshop attendee who had no affiliation whatsoever printed on his name tag, identifying him immediately by logical deduction as an employee of the NSA. Based in part of the results of this meeting, the NSA and the ARO decided to pool their resources and expertise in the DoD support of quantum computing.

With the ARO and the NSA now in cahoots, Henry and Keith were quickly able to round up the prodigious resources available from the Defense Advance Research Projects Agency (DARPA), and bring them to bear towards funding research on quantum computing. DARPA is depicted here as the Tin Man since, as you know if you've ever asked them for money, they have no heart.

Things were moving along smoothly for a time in DoD Quantum Computing land, when suddenly I got wind of this here NASA Palm Springs conference. The first question I asked, as I'm sure many of you did, was "Why the heck is NASA working on quantum computing!?" However, since the conference was in such a nice place and in the hopes that NASA might have gigabucks of research money to throw around -- we all showed up here in droves to attend what has been a splendid workshop, thanks to the efforts of Colin Williams and his co-workers. Hence, NASA is depicted in the cartoon as the Cowardly Lion, who took a while to find his courage to get into the field -- but now has come in with a roar.

Turning to the academic top portion of the cartoon, we see here in the upper right that the unreachable goal is depicted as The Emerald City of Quantum Computation, which is ruled over by The Wizard of Odd, who was meant to have absolutely no resemblance to Charlie Bennett. Opposing the Wizard is the Wicked Witch of Pessimism, who again bears no resemblance at all to Peter Knight. The "H"on her hat stands for "Hermitian" or "Hamiltonian" or perhaps even "Hadamard" -- but certainly not "Haroche". In order to reach the goal of quantum computation, Dorothy and her loyal companions must fight off the Witch's Flying Monkeys of Decoherence, but to their rescue comes the Wizard's Marching Error-Correcting Munchkins. Will they win the battle and eventually reach the Emerald City? Only time (and lots of government money) will tell.

-- Jonathan P. Dowling

Dowling's Hollywood Debut

Dowling was a consultant to Steven Spielberg's prop department on the 2002 movie remake of the H. G. Wells book, The Time Machine.

Dowling provided all the equations and figures used in the movie, including those in the trailer and on all the chalkboards that appeared in the film. He carefully wrote down all the equations by hand and faxed them to Spielberg's Dreamworks studio in Hollywood, where the prop department transcribed them onto the chalkboards. While there are some transcription errors, these are all real equations, but not all about time travel.

In the middle you can see a graph, called a Minkowski diagram, showing the world line of the time machine going outside of the light cone; a hallmark of time travel into the future.

The appearance of the symbol Hg is not a reference to the element mercury, but rather a tip of the hat to H. G. Wells, the author of the original classic book, The Time Machine.

The triple integrals were taken from Dowling's 1988 PhD thesis, (with some artistic license) so they would become immortalized on film. For example,



In 2017, one of the original chalkboards, with  Dowling's equations preserved on it, was put on display at the Barbican Art Center in London in an exhibit titled, "Into the Unknown —A Journey Through Science Fiction."


Photo credit with permission from: JohannYellowdog 

While Dowling does not appear in the credits of the film, nor  on the description for this museum prop (called a "relic"), if you get the DVD of the film and check out the special features, you will hear the prop guys discuss how a "Scientist at JPL" made all the equations for them. JPL is where Dowling was working at the time in 2001. The Dreamworks prop guy that Dowling worked with was Scott Maginnis, and you can find their email exchange, preserved all these years, here. When Dowling asked Scott why Spielberg called on him to do these equations, Maginnis replied, "Stephen saw an article about your invention of quantum lithography on CNN, and told us that we needed to get you because you were a NASA physicist and would produce real equations." That CNN web page is also preserved and may be found here.

However, with no direct acknowledgment, like all good artists, you can see Jonathan Dowling's signature in the lower left.





Dowling also consulted for Sony Pictures on another time-travel movie, with the working title of Frozen, which was never produced. (No, not that Frozen.)