徐令予博客

   《量子通信之殇》 纸质书的国际书号ISBN：979-8-218-11742-9

该书已于今年一月正式出版发行。这里是该书英文版的“导读”部分

Introduction

At present, quantum communication is not a novel means of communication. The existing quantum communication network lack fundamental communication features and do not provide entirely secure communication services. Quantum communication engineering is unrelated to the enigmatic phenomenon of quantum entanglement; instead, it employs quantum polarization state to distribute conventional cryptography keys. Hence, the proper term for this technology is quantum key distribution (QKD). Key distribution is only one aspect of cryptography, and several solutions are available, indicating that the key distribution technology is well-established. Within the complete range of cryptography systems, quantum communication holds an unimportant position.

Although key distribution is a crucial component of cryptograph, QKD’s impact on the security of information systems is minimal. Even if QKD provides absolute privacy in key distribution, there are still security risks involved in using, storing, and updating keys. Furthermore, even if the cryptograph remains confidential, it does not guarantee absolute security. The greatest risks to information system security stem from computer hardware, operating system, and application software rather than the cryptograph system. Therefore, while quantum communication has been hailed as a cutting-edge technology, its impact on ensuring the overall security of national information systems is insignificant.

The security of information systems is governed by the principle of the weakest link in the chain, which means that the overall security of a system is determined by the security of its weakest component or link. To enhance the security of information systems, the primary task is to strengthen the weakest link. The main area of focus for security work is in the operating system, application software, and hardware devices of computers. Cryptography is widely considered the strongest link in the security chain, and quantum key distribution (QKD) cannot enhance this link. Even if the cryptography link is strengthened, its impact on the overall security of national information systems is extremely limited. Therefore, quantum communication engineering is unlikely to provide any practical value for a long time to come.

The implementation of Quantum Key Distribution (QKD), while expensive, has led to unnecessary complexity in cryptography. While QKD can distribute a traditional secret key, it still needs to rely on conventional cryptographic algorithms for identity authentication and communication integrity. Consequently, the overall security provided by QKD cannot exceed that of traditional cryptographic systems, which are limited by their weakest point. Following the principle of parsimony, known as Occam's razor, which suggests that unnecessary entities should not be added, QKD adds little value to cryptography and cannot be justified.

QKD is also not a cutting-edge technology, despite the hype surrounding it. The BB84 protocol for QKD was first proposed by IBM scientists in 1984, but it was ignored for years and relegated to obscurity. Even IBM did not bother to apply for a patent. QKD is, in essence, a special knife invented by some physicists to slay a dragon. Such exploratory projects are often abandoned and forgotten, left to collect dust in scientific laboratories.

QKD was delayed for ten years after the establishment of the BB84 protocol. In 1994, American mathematician Peter Shor proposed the Shor algorithm, which can theoretically exponentially accelerate the cracking of public key encryption. However, cracking public key encryption is merely a paper tiger, as quantum computers capable of running the Shor algorithm are still a distant dream, like flowers in a mirror and a moon in water.

However, the evangelists of quantum communication eagerly used the Shor algorithm to fabricate the “Public-key cryptography crisis”. They claimed that when quantum computers enter the practical stage, public-key cryptography will be easily cracked, which will lead to a disaster for information systems. Hostile forces may even be collecting those encrypted files now and waiting for quantum computers to come out before they can easily crack them.

Quantum communication has been promoting the idea of "resisting quantum computer attacks and saving the public-key cryptography crisis" as a means of public relations. However, many failed projects have shown that designing a compelling narrative to market a profitable engineering project is commonplace. Despite over 20 years passing since the prediction that quantum computers could compromise public-key cryptography, no such threat has yet emerged. Public-key cryptography remains robust and resilient. Additionally, Post-quantum Cryptography (PQC) offers an effective solution to counter quantum attacks. PQC can be applied to any transmission medium, including mobile communication networks, and is compatible with all network routers and switches, unlike QKD. Therefore, under the high-dimensional attack of PQC, QKD's ability to save public-key cryptography is rendered farcical.

According to the principles of cryptography, QKD can only distribute shared keys between known acquaintances. It is essentially an option for distributing keys in symmetric cryptographs. In contrast, public-key cryptography can distribute keys between millions of non-acquaintances on the internet because they use two keys: public and private keys. Furthermore, public-key cryptography can complete important functions such as user authentication and digital signatures that guarantee internet communication security, which QKD fundamentally lacks. Even if quantum computers become practical tomorrow, quantum communication is useless without public-key cryptography. In military intelligence agencies and enterprise private networks such as finance, public-key cryptography have always played an auxiliary role. Their use is only for convenience and cost reduction, and there is no problem without using them. It is ignorant for quantum communication evangelists to think that without public-key cryptography, manual transmission of keys is the only option. In short, the future of public-key cryptography has nothing to do with quantum communication.

In recent years, the rapid development of digital currencies has resolved the "public-key cryptography crisis." Identity authentication and digital signatures provided by public-key cryptography are basic guarantees for digital currency security. It can be said without exaggeration that public-key cryptography are the soul and shield of digital currency! The long-term security of public key cryptographs is a guarantee of currency security and is related to national stability. The People's Bank of China's firm promotion of digital currency DCEP is an endorsement of the long-term security of public-key cryptography and once again proves that there is no need for engineering quantum communication. I advise some people at USTC not to use the so-called public-key cryptography crisis to sell anxiety anymore, as they may be held accountable for disrupting financial order.

The engineering of Quantum Key Distribution (QKD) is both unnecessary and unfeasible due to the numerous technical challenges it faces. These challenges include five unresolved difficulties:

1)The use of trusted relay stations presents significant security risks. Keys are transmitted in plain text through these stations, which departs from the security framework of the BB84 protocol. The security vulnerabilities of quantum communication products are abundant, making their overall security weaker than that of traditional key distribution.

2) QKD is incompatible with the internet. The foundation of QKD is the BB84 protocol established in 1984. This point-to-point protocol requires the establishment of a fixed physical channel between the two communicating parties. If the communication network follows the BB84 protocol, it can only revert to the original unstructured state of pairwise connection. If we want a modern internet structure, we inevitably have to compromise the security framework of the BB84 protocol, and we can only choose between the two. From the perspective of communication network protocol, QKD is an outdated technology of the pre-internet era. This "non-internet" technology is not feasible in the "internet+" era, and QKD cannot provide any effective services for secure internet communication.

3)One crucial aspect of building a secure cryptographic system is identity authentication. Unfortunately, QKD lacks an identity authentication mechanism and instead relies on traditional cryptographic techniques for its operational identity authentication and data integrity. Consequently, the overall security level of QKD is limited to that of traditional cryptography.

4)The Secret Key Generation Rate is the essential technical indicator for key distribution, reflecting the efficiency of the process and determining its range of applications. However, at a distance of hundreds of kilometers, the Secret Key Generation Rate of QKD currently only reaches the Kbps level. In contrast, the data communication rate of fiber optics can reach the Tbps level, a billion times faster. Therefore, relying on the slow speed of quantum communication to protect high-speed modern communication networks is unrealistic.

5)Generating keys on both ends of the QKD device is only the initial step. The key must then be transmitted to the CPU core for encryption and decryption algorithms. Unfortunately, the key is sent in plain text from the QKD device port to the CPU core, making it highly vulnerable to interception. Traditional cryptographic systems encrypt the key as soon as it leaves the CPU core, a level of protection that QKD cannot provide.

It is crucial to understand that these technical issues have veto power. In other words, if even one issue remains unresolved, QKD is not practically feasible. Currently, there are five major obstacles, all fundamental and inherent to quantum physics. These are akin to genetic diseases that cannot be cured through medication or technological advancement. Thus, QKD faces the risk of becoming obsolete due to these five technical obstacles.

To summarize, quantum communication lacks the necessity and technical feasibility for engineering construction. Therefore, China's efforts towards quantum communication engineering have encountered significant challenges.

Those who advocate for quantum communication engineering cling to the idea that it is theoretically absolutely secure, which has become their sole lifeline. They have repeated this assertion countless times, turning it into a belief. However, their actions are more akin to religious zealots rather than scientists, as they continue to ignore the significant challenges faced by quantum communication.

The journey from theory to practice is the longest distance. Those who claim to be "theoretically the safest" may have cheat tricks up their sleeves. Beware of such claims. A truly safe and reliable product never claims to be "theoretically the safest." Have you ever seen Apple or Huawei use such slogans in their advertisements?

The safety of a product depends on technical means and measures, not just on theoretical principles. The formulation and implementation of technical agreements are crucial to ensuring product safety. This is similar to how the well-being and safety of citizens rely on specific laws and regulations, rather than political principles or ideologies.

The BB84 protocol is the technical foundation of quantum communication engineering. However, the security of quantum communication engineering does not solely depend on the BB84 protocol's security, but also on whether the protocol is strictly adhered to during the engineering process. While the theoretical security of the BB84 protocol is controversial, the more significant issue is that at least six aspects of China's quantum communication engineering do not fully meet BB84 specifications, and two places violate the security framework entirely. The security holes in quantum communication products are akin to a sieve. The actual security of quantum communication engineering is much lower than that of traditional cryptographic technology. It is ironic to promote quantum communication as theoretically absolutely secure!

Historical experience has repeatedly shown that new and promising technologies are first adopted in high-end fields such as military and intelligence agencies, due to their unique advantages. Once established in these areas, they gradually penetrate the commercial market. When the market share reaches a certain level and the cost rapidly declines, a technological revolution can be completed in a few years, resulting in exponential growth of the market share. This has been the case with the adoption of technologies such as the Internet, digital cameras, and mobile communications.

However, the adoption of quantum communication goes against this trend in high-tech development. Quantum Key Distribution (QKD) technology has failed to take root in high-end fields. Developed countries' intelligence and security agencies have negated QKD, as demonstrated by the following examples:

In October 2016, the UK's National Cyber Security Centre (NCSC), affiliated with the Government Communications Headquarters (GCHQ), issued a white paper recommending the cancellation of the QKD development plan.

In-depth research on the potential impact of quantum information technology led the US Air Force Scientific Advisory Board (SAB) to form a report in 2016. Senior member of the committee, Ben FitzGerald, who is also the director of technology and national security programs, referred to quantum information as "the next generation of the next generation of technology" and stated that its impact on national security may still be far in the future.

In December 2019, the US Defense Science Board released an abstract of the "Applications of Quantum Technology" report. The abstract made it clear that while quantum key distribution theoretically provides password security defined by Shannon's information theory, its capabilities and security are still lacking and cannot be used by the US Department of Defense.

The National Cyber Security Centre (NCSC), which is a part of the UK's Government Communications Headquarters (GCHQ), published a white paper on March 24, 2020, rejecting the quantum communication project.

In May of 2020, the French National Cybersecurity Agency (ANSSI) published a guidance document titled "Should Quantum Key Distribution (QKD) be used for secure communication?" This document explicitly stated the French government's stance on quantum communication.

On November 18, 2020, the National Security Agency (NSA) of the United States issued a policy report on quantum key distribution and quantum cryptography, which effectively sounded the death knell for QKD.

In February 9, 2021, the European Union Agency for Cybersecurity released a research report called "Post-Quantum Public Key Cryptography (PQC): Current Status and Future Directions for the Protection against Quantum Computing Threats." Following the lead of the NSA, more technologically advanced countries have chosen to abandon QKD and instead adopt PQC to safeguard information security against quantum computers.

Finally, on May 24, 2021, the Defense Science Board (DSB) of the United States determined that "the quantum communication QKD project facilities cannot provide sufficient security guarantees for the Department of Defense's military operations."

The fate of the quantum communication QKD project was sealed by the NSA, which played a crucial role in this decision. The NSA's analysis of QKD was objective and rational, and their policy report highlighted five major problems with the technology. It is unusual for an authoritative agency to issue such a clear statement about a cryptographic technology, indicating that the hype around QKD has led to losses and confusion that must be addressed urgently. Rather than continuing on the wrong path, progress can be made by acknowledging mistakes and cutting losses. Thus, the NSA's decision was necessary and timely.

Not only have high-end users in the United States, the United Kingdom, France, and the European Union rejected quantum communication technology, but it has also not been adopted in China's military and national security fields. The main supplier of QKD equipment, the University of Science and Technology of China's "Guodun Quantum" company, admitted in its prospectus that “… its products require evaluation and certification by government cryptography agencies before they can be used in high-security demand fields with strict qualifications. The relevant standards are still being developed, indicating that the technology is not yet ready for widespread use.”

The rejection of quantum communication in military applications is supported by a video of an academic report, featuring academician Zheng Jianhua from the Chinese Academy of Sciences. As an information analysis expert and a researcher at the PLA Security Committee's Technical Security Research Institute, he stated at an academic symposium that quantum communication QKD is presently inefficient, expensive, fragile, and faces networking issues, rendering it impractical, particularly for military purposes. Academician Guo Guangcan, a quantum physics master, also recently criticized the security and practicality of quantum communication.

In the development history of high-tech industries worldwide, a new high-tech industry must initially occupy the high-end application field before it can expand rapidly like wildflower Super Bloom in Spring. Regrettably, quantum communication was barred from military intelligence departments from the outset, resulting in the loss of potential for downstream development of quantum communication industrialization. Unfortunately, it must now forcefully enter the commercial market, resulting in inevitable failure and great losses.

The QKD hardware solution falls behind the traditional software-based key distribution solution in terms of technical indicators such as key generation rate, user experience, and frequently product upgrades. Additionally, QKD is significantly more expensive than traditional key distribution technology, making its cost-effectiveness several orders of magnitude lower. Given that cost-effectiveness is crucial, especially in the internet environment affecting billions of users, QKD is unlikely to compete with traditional key distribution technology. Therefore, QKD has no future in the commercial market, and its cost-effectiveness is the main factor hindering its growth.

For commercial cryptography, absolute security is not a solution but a problem. Commercial cryptography is a commodity that is available for purchase by anyone from the market. Absolute security and unbreakable commercial cryptography in the hands of criminals and terrorist organizations pose a threat to national security. As such, any responsible government will not allow the existence of such commercial cryptography. Therefore, the security of commercial cryptography must be conditional and controllable. If it cannot achieve this, it is not suitable for commercial use. By touting quantum communication as absolutely secure, its commercialization is effectively cut off.

In summary, quantum communication does not meet the basic requirements for engineering approval in terms of necessity and feasibility analysis. While it may be theoretically secure, its actual security is lower than that of traditional cryptography. Moreover, its development goes against the general law of the high-tech industry. Quantum communication products that cannot find a place in either the high-end or low-end market are at risk of being disregarded by consumers.

In essence, the success or failure of engineering projects should be measured by their economic benefits. Despite its impressive name and academic research, the quantum communication project has failed to deliver tangible economic benefits. Its supposed advantages are overshadowed by serious drawbacks, and it cannot hide the fact that it has failed to meet expectations. Under the gorgeous robe of quantum communication, it is found to be infested with lice.

The first five chapters of this book lay the foundation for understanding modern cryptography technology and quantum communication, with Chapter One introducing basic principles. The subsequent chapters, Chapter Two and Chapter Three, provide detailed analyses and critiques of the engineering necessity and technical feasibility of quantum communication. Chapter Four focuses on the security of the quantum communication project, exposing the falsehood of its absolute safety. In Chapter Five, readers can learn about the reasons behind developed countries' rejection of quantum communication. These five chapters form the core of the book.

Chapters Six, Seven, and Eight provide further in-depth analysis and discussion of cryptography and information security-related technologies. These chapters are aimed at readers in engineering and technical fields. Chapter Nine summarizes the lessons learned from the failure of the quantum communication project, while Chapter Ten includes critiques and questions from global experts and scholars about quantum communication as a point of comparison.

Table of Contents

Chapter 1 Basic Knowledge of Quantum Communication and Cryptography

• The Role and Position of Quantum Communication in Cryptography
• The Basic Principles and Engineering Challenges of Quantum Communication

Chapter 2  The Unnecessary Engineering of Quantum Communication

• The Bankruptcy of Public-Key Cryptography Theory Completely Negates the Necessity of Quantum Communication Engineering
• Where Are the Shortcomings of Information System Security?
• The Steady Advancement of Digital Currency Once Again Proves the Uselessness of Quantum Communication Engineering
• Applying the Razor of Ockham's to Remove the Burden of Quantum Communication

Chapter 3 The Infeasibility of Engineering Quantum Communication

• The Trusted Relay Station of Quantum Communication Brings Serious Security Risks
• The Incompatibility of Quantum Communication Networks with the Internet
• The Lack of Identity Authentication Mechanisms in Quantum Communication Renders It Vulnerable to "Man-in-the-Middle Attacks"
• The Extremely Low key generation Rate of Quantum Communication
• Quantum Communication Results in Inevitable Key Disclosure

Chapter 4 The Security of Quantum Communication Engineering Is Lower Than That of Traditional Cryptography

• Quantum Communication is Theoretically Absolutely Secure? Wrong, Wrong, Wrong
• The Claim That "The Absolute Security of Quantum Communication can be Mathematically Proven" is a Complete Lie
• Physical Principles Cannot Guarantee the Unconditional Security of Quantum Communication
• When Will Quantum Communication be Hacked and What Are the Vulnerabilities?
• Just When One Wave Hasn't Settled, Another Rises - Quantum Communication is Once Again Cracked

Chapter 5 Military Intelligence Agencies in the US, UK, and EU Unanimously Reject Quantum Communication

• The US National Security Agency Launches Heavy Strikes and Rules Quantum Communication Engineering Out
• How Do Countries Such as the UK and the US Evaluate the "Quantum Communication" Engineering?
• Rejecting Quantum Communication Engineering - the UK Intelligence Community Publishes Another White Paper
• The European Network and Information Security Agency Denies the Practicality of Quantum Communication
• The French National Network and Information Security Agency Questions the Practicality of Quantum Communication
• The US Department of Defense's Evaluation of Quantum Communication Technology

Chapter 6 Post-Quantum Cryptography Technology Fully Surpasses Quantum Communication

• Post-Quantum Era Cryptography Technology (PQC)
• New Progress in Post-Quantum Cryptography Technology (PQC) - China's Quantum Communication Engineering Will Become a Decoration
• Post-Quantum Cryptography Technology (PQC) Crushes Quantum Communication (QKD) in All Aspects
• Addressing the Threat of Quantum Computers - Rand Corporation Strongly Recommends Post-Quantum Cryptography Technology (PQC)

Chapter 7 The Deep Reasons Why Quantum Communication Cannot Replace Traditional Key Distribution Techniques - The Devil Hides in the Details

• Key Distribution and Management in Enterprise Private Networks
• Key Distribution and Management on the Internet
• A Discussion on Key Security: Distribution Is Not the Embarrassing Part, Management Is the Big Issue!

Chapter 8: Quantum Communication Engineering Has No Practical Value

• The day the Cryptography Law was promulgated marked the end of quantum communication engineering.
• The implementation of the Cryptography Law: joy for some, sorrow for others?
• The impracticality of quantum communication engineering, which cannot be successful either at a high or a low level.
• Repair or rebuild? Quantum communication faces a dilemma.
• Where is the US heading with its quantum internet?
• Quantum communication: how many scams are committed in its name?
• Network security and 5G mobile networks.
• "Quantum encryption" on Samsung phones is purely a marketing ploy.

Chapter 9: Errors and Lessons in the Decision-Making Process of Quantum Communication Engineering

• Who should lead the quantum communication engineering project?
• From scientist worship to the failure of quantum communication engineering.
• Lessons from the failure of quantum communication engineering.
• How can a mediocre work overthrow the state?
• Beware of misconduct in popular science.
• Clickbait titles are polluting our tech industry.
• Objections to the Outstanding Science and Technology Achievement Award to be presented by the Chinese Academy of Sciences to the Broadband Quantum Communication Research Group of the University of Science and Technology of China.

Chapter 10: Domestic and Foreign Experts and Scholars expressed criticism and doubts regarding Quantum Communication 

• Some experts and scholars who publicly criticize quantum communication.
• Negative opinions on quantum communication from Chinese quantum physics experts.
• Bruce Schneier's evaluation of quantum communication from a security technology perspective.
• Japanese quantum communication experts comprehensively and completely deny the practicality of QKD.
• Doubts about the “Micius” quantum communication satellite.