Audio version: Apple's Podcasts · Yandex.Music · PodFM · the Google Podcasts · the YouTube .
In the photo: Anton Kozubov
A few words about the specifics of the industry
Timecode - 00:16
dmitrykabanov: As far as I know, you are engaged in highly specialized topics.
Anton: Yes, there is such an opinion, but we are trying to move on to more fundamental things. Although more and more people are interested in the field of quantum cryptography, it is not the hottest area of science. There is a good foundation here, but technologies have already entered the engineering stage of development.
Everything began to develop back in the 80s of the last century, and a lot of time has passed by scientific standards. Scientists have moved from theory and experimentation to real mockups and fully functioning devices. Such systems have long existed in Switzerland, where ID Quantique operates. They started in 2005 or 2006, and in this decade they began supplying quantum cryptography systems to Swiss and Austrian banks. These are no longer technologies of the future.
There are still many questions from the point of view of proving the secrecy of such systems. This is what we are doing most in this area. But the basic principles have already been deduced.
Dmitry: Can you tell us what prompted the specialists to study this area in detail? How did they describe the initial problems and challenges they faced?
Anton: It's a funny story. As always happens in science, they started to study the topic simply because it became interesting. There was no particular purpose. Then it was believed that this is an absolutely secure method of transferring data, and at that time it was really advanced. The topic of information security became more and more relevant, but in addition to this, we came to the conclusion that it is possible to create computers of a new type using various quantum effects. They have quite interesting features, including the ability to break existing cryptography.
Dmitry: The issues of protection have been raised before, for example, during the Cold War. But was the start of this industry close to the time of the emergence of relatively massive networks?
Anton:You're right. You can look at it from this point of view. But the funny thing is that the field of quantum cryptography was discovered by two people who were more related to the field of IT. The first work, where the basic principles were described, they presented at an IT conference. So yes, it comes from there.
Dmitry: How did you come to this area? What was your motivation?
Anton: Frankly speaking, the same was interesting. But initially, I didn't go to do quantum cryptography. Started off with quantum teleportation... It so happened that the tasks on this topic were not so urgent for the needs of the laboratory, so I switched to quantum cryptography. But doing one thing is not particularly interesting, and there are also many interrelated areas, so we cannot talk about the highly specialized nature of our activities.
Opportunities for scientists from related fields
Timecode - 06:24
Dmitry: From the note about your participation in the Canadian conference, we can say that a fairly limited circle of people are engaged in this topic. Could you estimate the number of specialists in your field? Or is it still a very closed club?
Anton: It is closed, but only in relation to the elite part of it. There are a lot of people in the world dealing with the quantum theory of information in its various forms. I have no idea how to estimate their number, but it is definitely more than thirty people who were at the conference.
I think that this is not even one thousandth of all. Many people go because this is one of the most advanced areas of science. All leading institutes have laboratoriesquantum information theory or quantum optics and related things. Another question is how many people are immersed in such a specialized niche as proof of the strength of quantum cryptography systems.
This community is smaller, but still vast. Those who attended the conference were not all the leading experts in this field. There are about a hundred of them all over the world. Proofs of the security of quantum cryptography systems emerged recently, in the early 2000s. People who work in this area have previously done other things. For example, quantum optics, basic research. They are still relevant. They came to our field from physics.
There are also those who come from classical information theory or mathematics. Various entropies play a decisive role in assessing the evidence of resilience. Where else they are used is in thermodynamics. People who understand how quantum entropies work in information theory can apply their knowledge to quantum thermodynamics. One of the leading scientists in this field, Renato Renner from Zurich, is engaged in quantum information theory there, and in Santa Barbara he gives a course of lectures on quantum thermodynamics.
What are the challenges facing the community
Timecode - 10:37
Dmitry: What issues are you working on today? What tasks are there at the forefront? What now represents the bar that needs to be moved further?
Anton: This can be discussed from two different sides. In my opinion, the applied part is less interesting. Quantum key distribution is already on an industrial scale, but everyone wants to understand how to make sure that it is a quantum distribution in front of them, and not something else. To do this, it is necessary to certify the equipment, therefore the development of specialized standards is one of the main problems in the world, in addition to the engineering part. Most of the leading scientists in this field direct their efforts towards this.
The second aspect of our work is to prove the resilience of systems. Classical cryptography is based on the assumption that an attacker simply does not have enough computing power to decrypt the data while it is still valid. But it may well be that such assumptions are not always correct, so we need to move to a different paradigm of data protection - to make sure that the decryption ability does not change over time.
. , , . , , . - , . . .
. , , , , . . , , . , .
Due to these properties, you can look at the capabilities of an attacker - we call him Eve (from eavesdropper) - from a different point of view. We say that we give Eve everything that is possible within the limits of the laws of physics. Quantum memory, ideal detectors - we don't even have that close, but we give it such opportunities. And even with this in mind, we say that she will not receive the key data without us knowing it. The paradigm of quantum cryptography was originally built on this.
But that's all well and good as long as we're talking about single photons. However, the sources of single photons are quite capricious, low-speed and expensive things, so no one uses them in this process. All use attenuated laser radiation.
Dmitry: And how does this fight with the properties you spoke about?
Anton:Changes the paradigm and approach to proving resilience. This is still a feasible task, but much more difficult. In a situation where we are not using exactly what we need in ideal circumstances, namely coherent weakened states, we need to take this into account in the proof of resilience. We are doing this, and the whole world is going in this direction.
Dmitry: Does this approach take into account the equipment at the ends of the communication channel?
Anton: Initially, in the quantum distribution of keys, they used approximations like the fact that Eve cannot get into Alice and Bob's boxes, but has access only to the communication channel. This is not a very viable approximation. There is quantum hacking today. He tells us that it is quite possible to knock down the "settings" using light in an optical fiber or a quantum channel.
This direction is taken into account in matters of certification. We have a large laboratory in Moscow where Vadim Makarov, probably the most famous "quantum hacker" in the world, works. In other countries, this is very actively involved. I also led to this. How Eve can get into our boxes is more of an engineering challenge. I used to think of myself as a scientist, so I find it interesting to look at Eve from the other side. For example, to study how she can do so to get into the communication channel and steal everything without us noticing. I prefer not to work for the good guys, Alice and Bob, but to research possible attacks on quantum key distribution systems.
A quick introduction to quantum hacking
Timecode - 21:42
Dmitry: Can you describe the characteristics of such attacks?
Anton: Generally accepted characteristics are divided into three classes. Individual attacks - Similar to classic middleman attacks (MITM). The second type is more abstract, when Eve somehow interacts with every message in our quantum channel and stores the result of such interaction in quantum memory. After that, she waits for the procedures that Alice and Bob carry out for agreement, gets even more information, makes measurements, and so on. These are collective attacks, but there is a third type that is even more abstract. An estimate of the real parameters is added there.
For the second type of attack, we assume that Alice and Bob share an infinite number of bits among themselves. In reality, this is impossible, and as soon as we go to finite volumes, we begin to show statistical fluctuations. They can play into the hands of Eve. Coherent attacks also take into account the finite nature of resources. This is a tricky thing, and not all quantum key distribution protocols have such a comprehensive proof of security.
It is important to understand that we transfer exactly the key bits and form the keys. How you will use them further is on your conscience. This is where cryptographic issues come into play. If you take modern algorithms like asymmetric encryption, just using these keys, then it is useless. The only method of ensuring security is a cipher pad. Then there are no questions, but for this you need to generate keys every time and change them for every message. This is a complex process.
The essence of the quantum key distribution is that for all Eve's attacks, we can allocate such an amount of allocated bits that will be known only to Alice and only to Bob. Eve won't know about him. This is the main goal of our work. But I'm interested in coming up with such attacks so that Alice and Bob are confident in safety, and Eve would arrange everything in such a way as to bypass the defense.
— 26:18
Dmitry: It turns out that such work at the forefront can easily negate the results of colleagues in the international community?
Anton: That note about the Canadian seminar that you spoke about, it is just about that. There I said that this is exactly what we did, which caused a flurry of negativity. It is explainable. People have been engaged in science for twenty-five years, and then someone comes and says that their results were not entirely correct. It also shows how it will be correct. It was very presumptuous of me. But I believe that we were able to make an attack that many do not even consider and do not take into account.
Dmitry: Could you tell and describe it at least in general terms?
Anton:Oh sure. The funniest thing is that this intercept-forward attack is the simplest one can think of. Only it is somewhat modified and complicated, as I would say. Today, when looking at evidence of resilience, people talk about how all quantum channels simply describe the redistribution of information between Alice, Bob, and Eve.
What is important, in this case, all measurements of quantum states occur after this distribution. We propose to describe a quantum channel in such a way that it contains a dimension relative to which states change and are imposed on Bob. Relatively speaking, we have something in the middle of the channel, it tries to distinguish between states, what distinguishes - sends to Bob, what does not distinguish - blocks. Thus, everything that comes to Bob is known to Eve. It would seem an obvious idea, but for some reason no one in the world talks about it.
Dmitry: And you showed the theoretical possibility of such an attack.
Anton: Yes, I talked about this in Toronto. We had very heated discussions with people who have been working in this area for as long as I live. It was an interesting, very rewarding experience.
Why it is important not to rush to publish protection methods
Timecode - 29:50
Dmitry: If we give a basic analogy with a virus and an antivirus, your field of activity and concept provides for a T-shaped extension away from the trajectory of the race one after the other. Can we say that such an approach will create new bundles of problems and they will have to be solved in other planes, and not just in one, as now?
Anton:A very fair question. Here I must be clear. Of course, I'm more interested in coming up with ways to attack. But we all work in the field of quantum key distribution, we get paid for it, and we don't really want to put a spoke in our own wheels. This is logical. When you come up with a new attack on quantum key distribution systems, it would be nice to come up with some kind of countermeasure. We did it, found a way to deal with it. It is not the most trivial, but it is. It is possible to close such problems, but another question is that when people do not talk about problems, it is obvious that they do not take them into account. Hence, they have no countermeasures.
Photo: Anton Kozubov
Dmitry: Is this approach some kind of unspoken code of your community?
Anton:Yes, but I think it is not very correct to offer a solution. It is important to raise the issue. Then someone might find side solutions beyond what you have. If you put it all out at once, people will take it and there will be no development of thought.
Dmitry: Can we then say that your solution may be something like a beta version, and somewhere in the sleeve there may be something even more interesting that you have saved for yourself?
Anton: Perhaps.
A little about interaction with regulatory organizations
Timecode - 33:09
Dmitry: The attention of all sorts of regulatory bodies and special services is riveted to this area. Does all this take time from the point of view of coordinating any developments?
Anton: That's a very good question! I will try to answer it as evasively as possible. This takes up a significant portion of the time that could be spent on truly scientific projects. But I understand why this is important.
Dmitry: As with the certification, which we talked about earlier. You simply cannot hire yourself an assistant who will communicate for you. Do scientists have to explain the nuances directly to all controlling organizations and help them figure it out?
Anton:Yes, that's exactly how it is. This is the correct approach. No one can explain better than yourself what you did. If you cannot do this, questions arise about the reality of your achievements. But if there was an opportunity to do just science, I would prefer to do just science. But all this is an important part of our work, which we also do.
Dmitry: Do you have time for personal projects?
Anton:Difficult question. We find time and do third-party things. These are more fundamental problems. Take, for example, quantum teleportation - for example, we are preparing a publication on this topic. We take other problems, something from quantum optics, from quantum information theory. These are interesting things. We are trying to find time, because living without it is completely boring. It is impossible to deal with papers alone. You also need to do science.
On the distinction between fundamental and applied science
Timecode - 36:07
Dmitry: If you try to assess the rate of change in your field, the volume of scientific publications. How does it affect your work and interest in related industries?
Anton: Our area is a hot topic. A wild amount of articles comes out. Even the number of really relevant articles is huge. All of them are difficult to track, it is simply impossible.
Dmitry: Is the dependence on such a tracking process strong? Or are your projects isolated enough to keep you focused and not distracted?
Anton:Insulation is more of a disadvantage. When you are stewing in your juice, you stop noticing mistakes. You may think that you are doing everything right, but somewhere a fundamental mistake creeps in that you are missing. It's good when there are people in the world doing similar things. If you get something similar to some extent, then you are going in the right direction. If the results differ, this is a reason to talk and find out who is right.
Dmitry: But the work is going on in a relatively closed circle of people? These are not hundreds of people?
Anton:Fair, but not always. In our group, three people are involved in the proof of resilience - me, my colleague and our scientific advisor. If we take a broader field - quantum optics, information theory - we are five people. If we talk about quantum key distribution systems, there are people in Moscow, Novosibirsk, Kazan. But in Europe and the United States, these are large theoretical groups.
Dmitry: How is this difference in scale characterized?
Anton:These are different ways of developing science. Here it is different from the European one. Science here follows the path of applied research, which is needed and relevant right now. I do not condemn this approach, but I think it is not very scientific. I am more impressed by the western one - a clear distinction between fundamental and applied science. When there is no need to demand any practical results from fundamental science right now. That's why it is fundamental, so as not to deal with applied things.
In particular, returning to Zurich. It is a large institute that deals exclusively with fundamental research. People study what explains the foundations of the universe to us, helps us to better understand them. They come there because they want to do just that. Our interest is accompanied by a need, a need to do something else in the moment. Therefore, such a difference in perception and development. These are two completely different paths.
Dmitry: Does this need arise depending on the planning horizon of the controlling organization, the scientific community, or something else?
Anton:This is regulated by the donor. The one who pays calls the tune. We see a great interest in having some kind of equipment here and now. There are foundations in Europe for basic research. It depends on who gives the money.
Other episodes of our podcast on Habré:
- How to approach syncing AR content with a stadium-wide show
- What scientific data visualization and gamedev have in common
- What awaits budding scientists in the field of ML