# A bunch of sketches on how to reply R2...
	While we experimentally demonstrated the asymmetric delay attack using a specific attack method involving two circulators, we believe that this does not diminish the generality of our work.
	

	The attack objective on the protocol was indeed specific: 
	we aimed at inducing an asymmetric delay while evading detection by a Bell inequality check. 
	However, the attack objective pertains to the two main features of the protocol in [10]: 
	that it relies on a symmetric delay channel for deducing the offset between remote clocks, 
	and that it attempts to secure the synchronisation channel by measuring a Bell inequality. 
	The attack proposed in [15] also focused on these crucial features.
	Since our work addresses the incorrect conclusions drawn in [15], 
	we do not consider our attack objective to be too specific or too detailed.

As the security and accuracy of the protocol crucially relies on these features, we do not consider our attack objective to be too specific or too detailed. 

Finally, the attack method and objectives were as specific as [15], whose conclusions we aimed to disprove. 


Second, to demonstrate that the theoretical conclusions in [15] were erroneous, i.e. the Bell inequality check in [10] is unable to detect CADA, 

Any FR-based device that hopes to evade detection by the Bell inequality check in [10] has to evolve the polarization state in the synchronization channel through a closed cycle and will be subject to the same theoretical analysis presented in our work.


FR is general enough
We had to implement it somehow...
Theory was written without thinking about circulators anyway... just rotation.

The attack method demonstrated was indeed specific as well: we implemented an asymmetric delay using two circulators. 
However, we would like to suggest that this does not diminish the generality of our result.

First, an attack that utilizes any other combination of circulators would be similarly constrained to rotate the incoming polarization to its initial state in order to evade detection by the Bell inequality check proposed in [10]. 
Consequently, our theoretical considerations of the geometric and dynamic phases associated with the cyclic evolution of quantum states applies as well to these cases. 

Second, our theoretical treatment was not tied to a specific number of circulators used, only that they rotate the incoming polarization state to its initial state.

Third, considering the FR effect in circulators is itself a general treatment, since considering other properties e.g. reflectivity, is tied to a specific implementation of the device.

Fourth, and perhaps most importantly, to demonstrate that the protocol in [10] is not foolproof despite its proposed Bell inequality check, as claimed by [15], it suffices to demonstrate only one successful attack. As a result, considerations to the lack of generality of the work does not necessarily apply.

The objective was directed at the specific result made in [15], that the protocol in [10] could detect the circulator-based attack. 

Second, to achieve channel asymmetry, there are very few technologies apart from Faraday-Rotator-based optical circulators capable of inducing channel asymmetry. 
While exotic optical structures and materials are alternatives, none are as widely available as the "conventional" FR-based circulator. 
In other words, we addressed the most likely optical system capable of realizing CADA.

Third, considering the FR effect in circulators is itself a general treatment, since considering other properties e.g. reflectivity, is tied to a specific implementation of the device.

Fourth, and perhaps most importantly, to demonstrate that the protocol in [10] is not foolproof despite its proposed Bell inequality check, it suffices to demonstrate only one successful attack. As a result, considerations to the lack of generality of the work does not necessarily apply.

First, as highlighted in the conclusion, 
there are very few technologies apart from a Faraday-Rotator-based optical circulator capable of inducing channel asymmetry. 
Compared to exotic optical structures, an FR-based circulator is the most commercially available, which renders it as the most likely threat. 
Furthermore, to demonstrate the vulnerability of a protocol, it suffices to consider only one p

Second, any combination of circulators that hope to evade detection will have to rotate the incoming polarization back to the same state - and will require a similar consideration towards its

First, we would like to point out that, due to the protocol in [10] relying on a symmetrical channel for synchronization, there are very few methods apart from a circulator that are capabale of breaking the symmetry of the channel. 

However, we would like to suggest that our theoretical consideration of the geometric and dynamic phases can be applied generally to any attack method that attempts to evade detection by the Bell inequality check proposed in [10]. 
Computing the geometric phase arises naturally for any 

Our choice of examining a specific attack method using two circulators was constrained by the fact that [15] also focused on this specific combination of circulators.
The 
Moreover, to demonstrate the vulnerability of the protocol 

First, we would like to highlight that the choice of examining a specific combination of circulators in our work does not diminish the applicability of our results for a general combination of circulators. 
This arises naturally since for any combination of circulators, the attacker must rotate the incoming polarization back to the same polarization state in order to evade detection. 

The theoretical treatment involving geometric and dynamic phases is general: any combination of circulators that hope to evade detection by a Bell inequality check must rotate the incoming polarization back to the same polarization state, so that 

% The efficacy of our attack highlights the extent to which a direct replacement of classical signals with entangled photons enhances the security of a bidirectional clock synchronization protocol -- it does not render the protocol foolproof.
% Monitoring distributed entanglement allows users to secure against the replacement of signal photons by an adversary, addressing the issue of spoofing in current classical synchronization schemes~\cite{lamas2018secure}.
% Whereas security against an asymmetric delay attack is not guaranteed for the protocol in its present form, 
% as propagation delays of signal photons can be manipulated without consequence to the entanglement degree-of-freedom, contrary to earlier analysis~\cite{Troupe:2018}.
% Despite demonstrating that the protocol is vulnerable to asymmetric delay attacks imposed by circulators, 
% the protocol does allow users to secure against the replacement of signal photons by an adversary.  

% Despite the vulnerability of the protocol to the asymmetric delay attack demonstrated in this work, 
% measuring entanglement presents a useful mechanism for securing against the replacement of signal photons by an adversary.
% Our attack illustrates the extent to which the security of a bidirectional synchronization protocol can be improved with entangled photons. 
% For the synchronization protocol 

% Our attack illustrates that security derived from using quantum entanglement in a communication protocol depends on how information is encoded, and if an attack requires projection on the entanglement degree-of-freedom.
% Our attack illustrates how security derived from using quantum entanglement relies:
% what constitutes as an attack on the system:

% this scenario contrasts with existing quantum communication protocols that encode information in the entanglement degree-of-freedom.  
% This contrasts with existing quantum communication protocols that encode information in the entanglement degree-of-freedom, and where an eavesdropping attempt necessarily projects polarization states in an irreversible manner.  
% and where an eavesdropping attempt involves an irreversible projection measurement, which can be detected with a non-local measurement.

% For the synchronization protocol considered in this work, 
% measuring entanglement is able secure against the replacement of signal photons by an adversary,
% thereby providing security against signal spoofing~\cite{lamas2018secure}.
% However, as the propagation time of the photons are not correlated with the polarization dof,
% However, as timing information is not encoded in the entanglement dof,
% monitoring polarization entanglement cannot be used to secure against delay attacks.
% nor does a successful attack on the protocol involve an irreversible projection measurement. 

% Nevertheless, 
% the source of the synchronization signal 
% can be verified by monitoring the distributed entanglement, addressing the issue of spoofing in classical synchronization protocols~\cite{lamas2018secure}.
% the clock synchronization protocol studied in this work does not encode timing information in the polarization dof.
% In addition, an attack on the synchronization protocol does not require an irreversible projection on polarization states.
% This 

% The efficacy of our attack illustrates that employing quantum entanglement does not automatically render a communication protocol foolproof -- the information that is to be secured has to be encoded in the dof associated with entanglement, and the protocol has to be designed such that an attack necessarily creates an irreversible change in the distributed entanglement. 
% Both conditions are not met in the synchronization protocol considered in this work, 
% in contrast with entanglement-based quantum key distribution protocols. 
% Nonetheless, 

% The efficacy of our attack illustrates that, while distributing entanglement can be used to secure communication protocols when information is encoded in the entanglement degree-of-freedom, its use should be thoroughly examined otherwise; 
% for the synchronization protocol considered in this work, timing information -- associated with the time-of-flight of the photons -- can be manipulated without measuring the polarization states of the photons. 
% for the synchronization protocol considered in this work, timing information -- uncorrelated with the polarization degree-of-freedom -- can be manipulated without disturbing the distributed entanglement. 
% However, the use of entanglement for signal verification addresses the issue of spoofing in classical sycnrhonization protocols, and highlights that while deploying quantum entanglement does not render a protocol foolproof, there are some benefits that can be derived after an in-depth study on its vulerabilities is performed and accepted. 
% Yet, entanglement between distributed photon pairs can be used to verify the source of the synchronization signal, addressing the issue of spoofing in classical synchronization protocols~\cite{lee2019symmetrical}. 

# attempt at last para 

% Nonetheless, using entanglement as a mechanism for verifying the source of the synchronization signal solves a longstanding problem in..., highlighting that while 

% The efficacy of our attack illustrates that while distributing entanglement provides security for several quantum communication protocols, its use has to be carefully considered in cases where security can be compromised without irrevesibly altering the entangled state. 
% For the protocol considered in this work, monitoring the distributed entanglement allows, in principle, a mechanism to verify the source of the synchronization signal. However, t 
% The efficacy of our attack is based on the fact that for the protocol presented, synchronization accuracy can be compromised without projecting on the polarization degree-of-freedom associated with entanglement.
% The efficacy of our attack is based on the fact that for the protocol presented, synchronization accuracy can be compromised without affecting the distributed entanglement. 
% This is possible since the attack does not rely on projecting in the polarization degree-of-freedom associated with entanglement.
% This is possible since the timing correlation between photon pairs is not associated with their polarizations.
% As the timing correlation between photon pairs used for synchronization is not encoded in the polarization degree-of-freedom, 
% The efficacy of our attack highlights the vulnerability of a protocol where information that is meant to be secured is not encoded in the entanglement degree-of-freedom.
% In contrast, in existing entanglement-based quantum communication protocols, security is compromised when an adversary performs an irreversible measurement process necessary for gaining information encoded in the entanglement degree-of-freedom.
% Nevertheless, due to potential security benefits, e.g. source verification, distributing entanglement remains an attractive option for securing the sychronization channel.
% The efficacy of our attack highlights two important considerations when developing secure protocols with quantum entanglement:  (i) information that is to be secured has to be encoded in the entanglement degree-of-freedom and (ii) an attack on the protocol has to be associated with an irreversible projection measurement. These conditions connect the protocol with the no-cloning theorem, enabling security.
% In the protocol considered in this work, 
% timing correlations between photons necessary for synchronization were not associated with their polarization. 
% With circulators, inducing a synchronization error does not require an advesary to perform an irreversable projection measurement on the polarization degree-of-freedom. 

% The efficacy of our attack highlights that while distributing information in the entanglement degree-of-freedom forms the basis of securing existing quantum communication protocols, 
% its effectiveness in securiing protocols where information -- in this case, time -- is not encoded in the degree-of-freedom associated with entanglement -- in this case, polarization -- is limited and has to be carefully considered. 

% that while entanglement is an invaluable resource for distributing information in existing quantum communication protocols, it has to be carefully considered in protocols where the information that is to be secured is not encoded in the degree-of-freedom associated with the distributed entanglement, or when the security of the protocol does not rely on the   
% In contrast to existing quantum communication protocols, 
% the clock synchronization protocol considered in this work does not rely the degree-of-freedom associated with the distributed entanglement to encode the information that needs to remain secure.