Do we really need a quantum internet though? Our current non-quantum encryption system honestly works very well. Symmetric encryption is statistically unbreakable at large enough key sizes. Using a brute-force attack on a 256-bit AES key, it would take billions of years to crack, even with a quantum computer. Given a large enough key size (1024-bits), it would take longer than the heat death of the universe to crack such a key.
For key exchange, quantum encryption is definitely better, but how much better is it than switching to a quantum resistant key exchange algorithm? And switching to quantum encryption would require a complete internet infrastructure overhaul, meaning fiber optics everywhere, all new routers (would packet routing still work?), new cell towers, and no more copper lines for internet.
Is this complete architectural overhaul worth it, just to decrease the chance of being hacked from 1/2^256, to 0? To me the benefits seem marginal.
It reminds me of flying cars: yes it's the future, yes they work, yes we can do it, but is it practical?
I think the idea is that if you want to transmit quantum information you need a quantum internet.
There are many cases where you would want to transmit quantum information besides using it as an encryption scheme. For example, if a scientist wants to run a quantum simulation in the cloud, and then they want the quantum state to be communicated back to their local quantum machine _without_ collapsing the wave function, then you would need some kind of quantum link to do so. If you want to send it through the classical internet you would have to collapse the wave function and send classical information.
There are a few hopeful candidates for quantum-secure classical asymmetric key systems, but there are no strong proofs that they are secure against either classical or quantum systems. Without these proofs, and danger that any day someone can come up with a way to break any and all such classical encryption systems, its valuable to at least develop quantum key distribution systems.
In other words, the chances of being hacked are far greater than 1/2^256. They depend on how much secret progress you think organizations such as NSA have made in mathematics. They depend on how likely you think someone will actually develop a quantum resistant asymmetric encryption scheme before large scale quantum computers are built. Of course, there is also a non-zero chance of the quantum internet being hacked.
Yes, developing a quantum communication system will require massive infrastructure. However, its possible to use quantum communication links for regular classical communication i.e.\ once the quantum communication link is high bandwidth enough, you can just route all your classical communication through it. So, its not the worst possible thing to have these links up.
> There are a few hopeful candidates for quantum-secure classical asymmetric key systems, but there are no strong proofs that they are secure against either classical or quantum systems.
While technically correct, this is totally misleading. There are no cryptosystems at all that have strong proofs of security. (Minus one time pads, which are completely impractical.) Your QKD system also depends on a bunch of assumptions that you can't prove.
I completely agree that while quantum key exchange is amazing, in practical terms it might not be necessary for great security.
However, creating a long range quantum network (as a supplement to the classical internet), would provide amazing new capabilities (plenty of which we probably have not thought of yet). I am particularly excited about using it to link up sensors (telescopes) so that we can surpass the diffraction limit of classical sensors.
Even keeping things classical, linking radio telescopes in "very-long-baseline interferometry" requires a bit more than just the normal internet (it requires synchronized clocks). But as you suggested, all this is doable classically.
However, all you get with linking telescopes classically is a "virtual" telescope with a better resolution (the angular resolution is roughly proportional to 1/radius of telescope opening, and if your linked telescopes are on different continents you get "virtual" radius as big as that of Earth).
This scaling of the resolution of 1/radius is what gives you the "diffraction limit". However, if we have sensors that are entangled with each other, we can surpass that limit. Googling "quantum entanglement diffraction limit" would give in-depth information.
If you wish to transmit quantum information then you need a quantum link (or entanglement plus a classical link -- google quantum teleportation). One use case is to do distributed quantum computing -- if the quantum computers are not colocated then they will need to be connected with some sort of quantum network
> And switching to quantum encryption would require a complete internet infrastructure overhaul, meaning fiber optics everywhere, all new routers (would packet routing still work?), new cell towers, and no more copper lines for internet.
It would not require new cell towers. It would require an Internet where no wireless connections exist.
Which is one of the reasons why you should laugh out loud if anyone uses the term "Quantum Internet".
For key exchange, quantum encryption is definitely better, but how much better is it than switching to a quantum resistant key exchange algorithm? And switching to quantum encryption would require a complete internet infrastructure overhaul, meaning fiber optics everywhere, all new routers (would packet routing still work?), new cell towers, and no more copper lines for internet.
Is this complete architectural overhaul worth it, just to decrease the chance of being hacked from 1/2^256, to 0? To me the benefits seem marginal.
It reminds me of flying cars: yes it's the future, yes they work, yes we can do it, but is it practical?