Anton Kozubov took part in the third edition, theoretical group . We discussed his work and the specifics of the industry.
Audio version: Β· Β· Β· Β· .
On photo:
A few words about the specifics of the industry
Timecode -
: As far as I know, you are engaged in highly specialized topics.
Anton: Yes, there is such an opinion, but we are trying to move on to more fundamental things. Although more and more people are interested in the field of quantum cryptography, this is not the hottest area of ββββscience. There is a good foundation here, but the technology has already reached the engineering stage of development.
Everything began to develop back in the 80s of the last century, and by scientific standards, quite a lot of time has passed. Scientists have moved from theory and experimentation to real mock-ups and fully functioning devices. Such systems have long existed in Switzerland, where ID Quantique operates. They launched in 2005 or 2006, and in that decade began shipping quantum cryptography systems to Swiss and Austrian banks. This is no longer the technology of the future.
There are still a lot of questions in terms of proving the secrecy of such systems. This is what we do the most in this area. But the basic principles have already been deduced.
Dmitriy: Can you tell us what prompted specialists to study this area in detail? How did they describe the initial problems and challenges they faced?
Anton: It's a funny story. As is always the case in science, they began to study the topic simply because it became interesting. There was no particular purpose. Then it was believed that this was an absolutely secure way to transfer data, and at that time it was really advanced. The topic of information security became more and more relevant, but in addition to this, we also came to the conclusion that it is possible to create computers of a new type on various quantum effects. They have quite interesting features, including the ability to break existing cryptography.
Dmitriy: Defense issues have been raised before, take at least the times of the Cold War. But was the start of this industry close to the time of the emergence of relatively mass networks?
Anton: You're right. You can also look from this point of view. But the funny thing is that the field of quantum cryptography was opened by two people who were more related to the field of IT. The first work, where the basic principles were described, they presented at an IT conference. So yes, it comes from there.
Dmitriy: How did you get into this field? What was your motivation?
Anton: Frankly speaking, similar - it was interesting. But initially I did not go into quantum cryptography. Started from . It so happened that the tasks on this topic turned out to be not so relevant for the needs of the laboratory, so I switched to quantum cryptography. But doing one thing is not particularly interesting, and there are also many interconnected areas, so we cannot talk about the highly specialized nature of our activities.
Opportunities for scientists from related fields
Timecode -
Dmitriy: On it can be said that a fairly limited circle of people are engaged in this topic. Could you estimate the number of specialists in your field? Or is it still a very closed club?
Anton: It is closed, but only in relation to its elite part. There are a lot of people in the world involved in quantum information theory in its various manifestations. I have no idea how to estimate their number, but it's definitely more than thirty people who were at the conference.
I think that this is not even one thousandth of all. Many go because it is one of the cutting edge areas of science. All leading institutions have quantum information theory or quantum optics and related things. Another question is how many people are immersed in such a specialized niche as proof of the security of quantum cryptography systems.
This community is already smaller, but still vast. Those who were at the conference are not all leading experts in this field. There are about a hundred of them all over the world. Evidence of the strength of quantum cryptography systems appeared recently, in the early 2000s. People who work in this field have previously done other things. For example, quantum optics, fundamental research. They are still relevant. They came to our field from physics.
There are also those who come from classical information theory or from mathematics. Various types of entropy play a decisive role in the assessments of proofs of stability. Where else they are used - in thermodynamics. People who understand how quantum entropies work in information theory can apply their knowledge to quantum thermodynamics. One of the leading scientists in this field - Renato Renner from Zurich - is engaged in quantum information theory there, and in Santa Barbara he gives a course of lectures on quantum thermodynamics.
What are the challenges facing the community?
Timecode -
Dmitriy: What issues are you working on today? What are the tasks at the forefront? What now represents the bar that needs to be moved further?
Anton: This can be discussed from two different angles. In my opinion, the applied part is less interesting. Quantum key distribution has already reached the industrial scale, but everyone wants to understand how they can make sure that they have a quantum distribution in front of them, and not something else. To do this, it is necessary to certify equipment, so the development of specialized standards is one of the main problems in the world, in addition to the engineering part. Most of the leading scientists in this field direct their efforts precisely on this.
The second aspect of our activity is the proof of systems stability. Classical cryptography is based on the assumption that an attacker simply does not have enough computing power to decrypt the data while it is still relevant. But it may well be that such assumptions are not always correct, so we need to move to a different data protection paradigm - to make sure that the decryption ability does not change over time.
We are dealing with quantum key distribution. This means that we distribute a key that needs to encrypt information. Such a key can be stolen, but we are trying to introduce a paradigm in which this cannot be done. If during its distribution someone invades the channel, we will always notice it. This is the basis of the classical paradigm of quantum cryptography. This is achieved through the use of single photons.
They have three properties. These are the minimum portions of energy, they cannot be divided, and then, for example, strengthened. They cannot be copied. An unknown quantum state cannot be copied, because for this it must be measured, and this cannot be done without destroying the quantum state. When we measure it, it collapses.
Due to these properties, you can look at the capabilities of the attacker - we call him Eve (from eavesdropper) - from a different point of view. We say that we give Eve everything that is possible within the limits of the laws of physics. Quantum memory, ideal detectors - we don't even have it close, but we give it such opportunities. And even with this in mind, we are saying that she will not receive data about the key without us knowing it. The paradigm of quantum cryptography was originally built on this.
But that's all well and good as long as we're talking about single photons. However, sources of single photons are rather capricious, low-speed and expensive, so no one uses them in this process. All use attenuated laser radiation.
Dmitriy: And how does it beat with those properties that you talked about?
Anton: Changes the paradigm and approach to proof of security. This is still a feasible task, but much more difficult. In a situation where we use not exactly what we need in ideal circumstances, namely coherent weakened states, we need to take this into account in proofs of strength. We are doing this, and the whole world is moving in this direction.
Dmitriy: Does this approach take into account the equipment at the ends of the communication channel?
Anton: Initially, quantum key distribution used approximations such that Eve cannot get into the boxes of Alice and Bob, but only has access to the communication channel. This is not a very viable approximation. Today there is quantum hacking. He tells us that in an optical fiber or a quantum channel it is quite possible to bring down the βsettingsβ with the help of light.
This direction is taken into account in matters of certification. We have a large laboratory in Moscow where Vadim Makarov, probably the most famous "quantum hacker" in the world, works. Other countries are very active in this. I led up to this. How Eva can get into our boxes is more of an engineering challenge. I used to consider myself a scientist, so it's interesting for me to look at Eve from the other side. For example, to study how she can get into the communication channel and steal everything without us noticing. I prefer not to work for the good guys, Alice and Bob, but to investigate possible attacks on quantum key distribution systems.
A Brief Introduction to Quantum Hacking
Timecode -
Dmitriy: Can you describe the characteristics of such attacks?
Anton: Generally accepted characteristics are divided into three classes. Individual attacks - similar to classic man-in-the-middle (MITM) attacks. The second type is more abstract, when Eve somehow interacts with each message in our quantum channel and stores the result of such interaction in quantum memory. After that, she waits for the procedures that Alice and Bob carry out for agreement, receives even more information, takes measurements, and so on. These are collective attacks, but there is a third type - even more abstract. An estimate of real parameters is added there.
For the second type of attack, we assume that Alice and Bob share an infinite number of bits among themselves. In reality, this is impossible, and as soon as we go to finite volumes, we begin to show statistical fluctuations. They can play into the hands of Eve. Coherent attacks, among other things, take into account the finiteness of resources. This is a tricky thing, and not all quantum key distribution protocols have such a comprehensive security proof.
It is important to understand that we are transmitting the key bits and generating the keys. How you continue to use them is up to you. This is where cryptography comes into play. If you take modern algorithms like asymmetric encryption, just using these keys, it's useless. The only method of ensuring stability is a cipher pad. Then there are no questions, but for this you need to generate keys every time and change them for each message. This is a complex process.
β¨The essence of quantum key distribution is that for all Eve's attacks, we can allocate such a volume of distributed bits that will be known only to Alice and only to Bob. Eva will not know about him. This is the main goal of our work. But it's interesting for me to come up with such attacks so that Alice and Bob are sure that they are safe, and Eve would arrange everything in such a way as to bypass the protection.
You canβt just take it and not interfere with colleagues
Timecode -
Dmitriy: It turns out that such work at the forefront can easily cross out the results of colleagues in the international community?
Anton: Ta, about the Canadian seminar you were talking about, it's about that. There I said that we did exactly that, which caused a flurry of negativity. It is explainable. People have been doing science for twenty-five years, and then someone comes and says that their results were not quite right. It also shows you how to do it right. It was very presumptuous of me. But I believe that we were able to make such an attack that many do not even consider and do not take into account.
Dmitriy: Could you talk about it and describe it at least in general terms?
Anton: Yes, sure. The funny thing is that this is a hijack-and-forward attack - the simplest one you can think of. Only it is somewhat modified and complicated, as I would say. Today, when considering evidence for persistence, people talk about how all quantum channels simply describe the redistribution of information between Alice, Bob, and Eve.
What is important, in this case, all measurements of quantum states occur after this distribution. We propose to describe the quantum channel in such a way that it has a dimension relative to which the states change and are imposed on Bob. Relatively speaking, we have something in the middle of the channel, it tries to distinguish states, what distinguishes - sends to Bob, what does not distinguish - blocks. Thus, everything that comes to Bob is known to Eve. It would seem an obvious idea, but for some reason no one in the world talks about it.
Dmitriy: And you have shown the theoretical possibility of such an attack.
Anton: Yes, I talked about it in Toronto. We had very heated discussions with people who have been working in this area for as long as I have lived. It was interesting, a very rewarding experience.
Why it is important not to rush to publish protection methods
Timecode -
Dmitriy: To use the basic analogy of a virus and an antivirus, your line of work and concept involves a T-shaped process away from the trajectory of one after the other. Can we say that such an approach will create new bundles of problems and they will have to be solved in other planes, and not just in one, as it is now?
Anton: A very fair question. Here I must be clear. Of course, I'm more interested in coming up with ways to attack. But we all work in the field of quantum key distribution, we are paid money for this, and we donβt really want to put a spoke in our own wheels. This is logical. When you come up with a new attack on quantum key distribution systems, it would be nice to come up with some kind of countermeasure. We did it, we found a way to deal with it. It's not the most trivial, but it's there. It is possible to close such problems, but another question is that when people do not talk about problems, it is obvious that they do not take them into account. So they have no countermeasures.
On photo:
Dmitriy: Is this approach some kind of unspoken code of your community?
Anton: Yes, but I think that it is not very correct to propose a solution. It's important to raise the issue. Then someone might find side solutions besides what you have. If you lay out everything at once, people will take what is ready and there will be no development of thought.
Dmitriy: Is it then possible to say that your solution may be something like a beta version, and somewhere in the sleeve there may be something even more interesting that you have saved for yourself?
Anton: Possible.
A bit about interaction with regulatory organizations
Timecode -
Dmitriy: The attention of various regulatory bodies and special services is riveted to this area. Does all this take time in terms of coordinating some developments?
Anton: Very good question! I will try to answer it as evasively as possible. This takes up a significant portion of the time that could be spent on truly scientific projects. But I understand why it's important.
Dmitriy: As with the certification we talked about earlier. You simply cannot hire an assistant to communicate for you. Do scientists have to explain the nuances directly to all regulatory organizations and help them figure it out?
Anton: Yes, that's exactly how it is. This is the correct approach. No one can explain better than you what you did. If you can't do this, questions arise about the reality of your accomplishments. But if it were possible to do just science, I would prefer to do just science. But all this is an important part of our work, which we also do.
Dmitriy: Do you have time for personal projects?
Anton: Complex issue. We find time and do other things. These are more fundamental questions. Take at least quantum teleportation - for example, we are preparing a publication on this topic. We take other problems, something from quantum optics, from quantum information theory. These are interesting things. We try to find time, because without it, life is completely boring. It is impossible to deal with paperwork alone. You also need to do science.
On the distinction between fundamental and applied science
Timecode -
Dmitriy: If you try to estimate the rate of change in your field, the volume of scientific publications. How does it affect your work and interest in related industries?
Anton: Our area is a hot topic. Articles come out a wild amount. Even the number of really relevant articles is enormous. It's hard to track them all, it's just impossible.
Dmitriy: Is there a strong dependency on such a tracking process? Or are your projects isolated enough to hit the spot and not be distracted?
Anton: Isolation is more of a minus. When you stew in your juice, you stop noticing mistakes. You may think that you are doing everything right, but somewhere a fundamental mistake creeps in that you miss. It's good when there are people in the world doing similar things. If you get similar things to some extent, then you are going in the right direction. If the results differ, this is an occasion to have a conversation and find out who is right.
Dmitriy: But the work is going on in a relatively closed circle of people? It's not hundreds of people?
Anton: Fair enough, but not always. In our group, there are three people involved in the proofs of persistence - me, my colleague and our supervisor. If we take the broader areas - quantum optics, information theory - there are five of us. If we talk about quantum key distribution systems, there are people in Moscow, Novosibirsk, Kazan. But in Europe and the USA they are large theoretical groups.
Dmitriy: What characterizes this difference in scale?
Anton: These are different ways of developing science. Ours is different from Europe. Science here follows the path of applied research, which is needed and relevant right now. I do not condemn this approach, but I consider it not very scientific. I am more impressed by the Western one - a clear distinction between fundamental and applied science. When it is not necessary to demand any practical results from fundamental science right now. It is fundamental for that, so as not to deal with applied things.
In particular, returning to Zurich. This is a large institute that deals exclusively with fundamental research. People study what explains the foundations of the universe to us, helps us to understand them better. They come there because that's what they want to do. With us, interest is accompanied by need, the need to do something else in the moment. Therefore, such a difference in perception and development. These are two completely different paths.
Dmitriy: Is such a need set depending on the planning horizon of the controlling organization, the scientific community, or something else?
Anton: It is regulated by those who allocate money. Who pays, he orders the music. We see a lot of interest in having some kind of equipment here and now. In Europe, there are funds aimed at fundamental research. It depends on who gives the money.
Other episodes of our podcast on HabrΓ©:
Source: habr.com