Slashdot Mirror
"Spooky" Quantum Data Encryption
Hardy writes "Imagine an encrypted communications channel that immediately notifies the parties if they are being bugged. The American Institute of Physics site is running an article about exploiting what Einstein described as the "spooky" action at a distance properties of quantum entangled particles. The entanglement process can generate a completely random sequence of 0s and 1s distributed exclusively to two users at remote locations. Any eavesdropper's attempt to intercept this sequence will alter the message in a detectable way and enabling the users to discard the appropriate parts of the data. This random sequence of digits is then used to scramble the message. This approach solves the problem of distributing a shared key to both parties without it falling into the wrong hands. This diagram might help.
"
You know if you stare at the "snow image" long enough and let your eyes shift a bit - you can see the original image - in 3D!!! hmmmm can it be that I just cracked quantum encryption? :) Mars
Good evening, In case anyone wants a more basic 'step by step' introduction to both the 'Quantum world', this secure key transmission system, and some other 'interesting' applications of Quantum theory - I strong suggest taking a look at: http://www.newscientist.com/nsplus/insight/quantum /genious.html They also have a very nice article in this weeks issue about how the fact there are 4 DNA bases (rather than two, which should, for the same reason we use binary, be more efficient), could be related to quantum computation taking place inside cells. Sorry, I knwo it's a bit off topic, but I'm a physicist at heart ;) Chris.
napalm.firest0rm.org
And here's the New Scientist article:
http://www.newscientist.com /ns/19991002/quantumcon.html
Kynik
kynik@firest0rm.org
http://napalm.firest0rm.org/
http://www.gh0st.net/
So how do the two concepts of...
Hamish
"Wise men talk because they have something to say; fools, because they have to say something" - Plato
For starters they have the type of submarine wrong.
For seconds no Americans were involved since the US had not been shocked out of its shell by Pearl Harbour at the time.
Regards,
en
My usual seat in the cluetrain is at A HREF="http://pub4.ezboard.com/biwethey.ht
Actual problem on a physics test.
Calculate the wavelength of a herd of charging elephants. (Gives figures for speed and size of said elephants.)
It takes some serious swallowing to take it seriously and go on to the question about applying a diffraction grating to said herd, but that is physics for you...
Cheers,
Ben
PS This is not a made up example!
My usual seat in the cluetrain is at A HREF="http://pub4.ezboard.com/biwethey.ht
"you can never add one and one and get three."
Sure you can: if 5+5=15 then 1+1=3 (well ok...
that still doesn't make 1+1=3 true but the
statement as a whole is true)
\forall code \in C, \frac{\Delta readability(code)}{\Delta t} < 0
Brute force isn't a vulnerability. It's a last resort attack. If someone has to rely on brute force to decode your messages, you're in pretty safe hands.
The ENTIRE point of public key cryptography (RSA, DH)is so that a person in the middle could observe each and every transmission and still be unable to decode the messages being passed back and forth, so long as the private keys (which are never transmitted) are well protected. That's how people buy stuff over the internet.
I really, trully dislike one-time pads being brought up in to these discussions.
For one, they're extremely unwieldy. They need to be as large as the message is that you're sending. That pretty much rules out any civilian use of them. In the context of the military, I could see the practicality of them, being that subs could doc and while they were getting new supplies, they could have new hard drives loaded onto them containing new random data for future communications. Those hard drives could be disbursed across the Navy.
That works good in a system as structured as the military, but for regular, civilian communications, it's next to useless. There's no way that one-time pads can ever be incorporated into e-commerce or anything on as large a scale as that.
It still is possible to break a one time pad with brute force... The problem is that every outcome is equally likely. You might break it and read the message and decide "that can't possibly be what this message should say" and pass by it. But if your keying material isn't as random as you hope it might be, then it becomes easier to identify possible messages.
I'll reiterate and reiterate... One time pads can't really work on a large scale. They're just not practical.
And in this context, obviously i wasn't talking about 8 bit keys. Rather, try using 4096 bit RSA keys to pass either triple DES or Twofish keys back and forth. Then, you've got a form of communication that's going to be next to impossible to decipher, unless someone figures out a way to factor that 4096 bit key of yours.
so, if information can travel faster than light, i guess it's true that nothing travels faster than bad news. (good news may or may not travel equally fast.)
... and filed away in that warehouse with the burn-for-5-years lightbulbs
There are burn-for-50-years-or-so lightbulbs, most of them made when lightbulbs were considered high-tech. The reason for not making them is that they have a too low light output for the current they consume.
Try halving the voltage to your lightbulbs. They will last for over 5 years and be very dim. You can easily compensate dimness by using a lot more bulbs, but then you use a lot of electricity generating lots of waste heat.
Rember, Eve can't read the data without collapsing the probability states of the entangled photons, so she has to re-generate the data. She can't do this fast enough to accurately mimic the data she originally received.
How little time is there? Using optical computers (assumed possible, not yet made), Eve-ine-the-middle might be able to regenerate data in the time light moves a few cm. Good enough?
My point is that, if there's an exception, the spooks *will* find it.
Sure, it's impossible. So is spooky action at a distance. So is FTL. So is heavier-than-air flight.
"impossible" is very hard to tell from "haven't done it yet" in physics.
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
It basically works by Bob sending Alice WHICH bits he received, but not the bit values themselves. Alice and Bob then share a secret, which can be used to create a key. The verification can be done by a challenge/response protocol, of which there are many.
It's a clever system, for sure. Now why don't we see more of them?
Taral
WARN_(accel)("msg null; should hang here to be win compatible\n");
-- WINE source code
And, of course, it does nothing about the man-in-the-middle attack.
Yes, it does. The man-in-the-middle can't re-generate the signal fast enough. Have a look at this for more detail.
You don't understand what the man-in-the-middle attack is.
Alice intitiates a communication with Bob. Unknown to her, Mallory inserts himself into the communication channel and replies to her telling her he is Bob. In the absence of authentication, Alice communicates with Mallory believing him to be Bob. Simultaneously (or later, doesn't really matter) Mallory initiates a communication with Bob, telling him he is Alice. Mallory may or may not pass Alice's messages to Bob -- it's up to him.
I looked at the reference you supplied. It talks about eavesdropping: using a beam splitter to listen (or, actually, watch) the communication. This has nothing to do with the man-in-the-middle attack.
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
The nice thing about this is that Alice and Bob always knows that someone is interfering with their communications, but they *don't* loose any secrets even if Mallory keep cutting the fiberoptics.
It's an annoyance, but not a real problem. Letting Eve read your data is usually FAR worse than disrupting communications.
Besides, if Eve and Mallory are so much more powerful than Alice and Bob they've lost the game even before it started. The secret police can always install a Tempest device, break into your house and put video cameras and sound pickups all over your house. Likewise, if they control all the means of communication between me and Alice, the best i can hope for is that they won't be able to read my messages. It's always up to them if we can communicate or not.
-henrik
The location of the bug cannot be determined.
This is by no means new, and has been covered on Slashdot before.
You can find out quite a bit about quantum encryption and cryptography at acm.org or any good library.
Actually, Quantum crypto relies on the only encryption algorithm proven to be unbreakable: one-time pad. The quantum channel is used only to create the pad. An unsecure link can be used to transmit the encoded message.
Eve is an Eavesdropper
Mallory is a Malicious third party wanting to disrupt the communication
does the image in the diagram not come out exactly as it went in? There seem to be a number of funny blips in there. For an image, this isn't so bad (unless you can't tell which building is the Chinese Embassy), but for a normal datastream, it looks like a lot would be garbled...
I hope that's just the example picture. The article doesn't mention and 'acceptable data loss'. Since any snooping would be detected, I'd think you'd have the exact replica key, so you wouldn't have any errors.
Anyone else notice this?
"It's tough to be bilingual when you get hit in the head."
From what I gather on this subject, the location of the bug is not easily detected... there may be ways, but it would be extremely difficult (timing and what not). Of course, my quantum is a little bit rusty right now... I'll have to pull out my textbooks 8^)
"It's tough to be bilingual when you get hit in the head."
I've always wondered whether the "Quantum Modem" thing would be possible... though I always thought of it as a pair of walkie talkies for some reason... You'd still have to come up with a way to make a useful network out of these things. Bandwidth is likely to be extremely low in the visible term. But if you wanted to really screw up the communications companies of the planets and make the supposedly borderless internet look like a walled prison, yeah, start networking those things! Wahh!
Boss of nothin. Big deal.
Son, go get daddy's hard plastic eyes.
Expanding a vast wasteland since 1996.
I'm sure that if an implementation ever becomes a reality, then the successors of our friends Ms. Reno and Mr. Freeh will vehemently oppose it.
Getting a new 512 bit key for symmetric strong encryption every second should be Good Enough(tm), seing as we can't even crack a 64 bit key with current tech...
-- The act of censorship is always worse than whatever is being censored. Always.
Maybe I've missed something here, but if the key has to be retransmitted when someone is listening, then why doesn't the third party just continue to listen, which would stop the first and second parties from sending a "safe" key. And why is this any different from now?
People see the world as they are, not as it is.
MSK
This cryptography possibility is outlined in some detail in John Gribben's "Shroedinger's Kittens", around page 108.
The only thing you can accurately describe as "Scotch" is a sticky tape made by 3M. And it's
BWAHAHAHAHAHAHA!!!
ahh yes, that was funny. Especially because I am doing my physics homework right now.
Maybe he was trying to make a point about the English use of the letters "ph" and maybe he is just dumb, but he did get the stuff right.
On the other hand, reiterating information that can be found elsewhere with little difficulty is one of the key methods of karma whoring, so I don't think he really deserves credit.
On another hand somewhere, he got moderated up 3 times for "insightful" when he had no insight. Hey, moderation is stupid, it makes me post things like this that no one wants to read, but I think my sig should make that clear. So kudos to you for brightening my problem set tonight, but I won't tell the moderators to bump you up, because I hate it when people waste space to say that.
Sorry, I hit send too soon.
How this pertains to secure communication is that by the sender sending his conclusions (in the clear!) about the prior state of the particle to the receiver, she can deduce the secret message he sent in.
Now the trick is that if a man in the middle is trying to spoof this, it will be impossible for him to relay the message forward to the receiver. (he cannot manufacture particles wiht the desired properties to send to the recipient)
So a simple authentication phase afterwards will identify any eaves dropping.
Actually , if you apply sufficient brute force you will be able to read a message encrypted with a one-time pad. However you won't be able to know that you have the original message.
You know, they talk about 'eve' not being able to observe the commiunication without disturbing it, but whats one to do about eve getting on bob's 'good side?'
----------------------------------------------
I don't really mind double posts on
They are fundamentally not able to.
This is the whole point of this technique.
Well yes it is, but she would be wasting her time. She might as well cut the cable, it will have the same effect. You can't always guarantee that Alice can transmit her one time pad to Bob, but you can guarantee that Eve can't get hold of it without Alice and Bob finding out. Which is quite handy.
Sure, all you have to do is position a decaying isotope precisely (and I mean *precisely*) in the middle of the two communicating parties, run lines between them composed of an unknown material that conducts the decay products, set up machines that can read the spin of particles whizzing past at the speed of light, and secure the cables so that replaces them with fakes.
Easy.
-konstant
Yes! We are all individuals! I'm not!
-konstant
Yes! We are all individuals! I'm not!
It is possible to think up circumstances where particle "entanglement" creates the paradox of FTL communication (between the particles, and anything which resolves their state). Though paradox may not be quite the right term, since in many ways the lightspeed limit has nothing to do with quantum mechanics, and entanglement is AFAIK a purely quantum mechanical notion (I recall an article a few years ago in some lay science rag discussing how the c limit is more like a choice Einstein made to make a relativity model possible, and how he pretty much rejected quantum theory wholesale, albeit for more philosophical reasons).
-- Life is short. Forgive quickly. Kiss slowly. ~ Robert Doisneau
>The spooky part is that the corresponding random bit on the other end changes instantaneously.
:)
Yup, it was to this which I referred. The FTL-communication part is simply what you state: that particle a "knows" some element of state about particle b instaneously, regardless of the distance seperating them. Constructing a thought experiment where FTL communication appears to occur does depend on the definition of "communication", of course, and that term is pretty overloaded in this thread because the original article is about a encrypted digital human communication system (which obviously works at sublight speed). It seems to me that this system is all about modulating the higher-level communication (ie. the venus idol picture) with the lower one (the correspondent particle states).
I'll see if I can dig up the original reference somewhere; it was a lot more persuasive than I'm being.
-- Life is short. Forgive quickly. Kiss slowly. ~ Robert Doisneau
I don't see how it could. Every logic gate the 1's and 0's pass through would surely upset what would most likely be an incredibly fine hair trigger for a intrusion detection. Even doing it on the simplest of analog comms would be pie in the sky, but how about doing it from my keyboard, through my motherboard (with spread spectrum enabled), pulverized through my MODEM, further mixed 'n' matched via my Telco, warped up to a satelite from my sniffing ISP, listened in to by some lonely HAM waiting for some distant moonbounce CW from the love he's yet to meet (actually a big smelly fat hairy guy who's forgotten about him and is currently reading at /.), bounced off a couple of other satelites, captured as it flies over Washington, cached on the downlink by the NSA because I had the text "kevin.mitnick" in one of the packets, routed, filtered and compressed/decompressed and scanned a guzillion times, before it hits ALL YOUR SCREENS... Somehow I just don't see it working in the digital world. :)
War crimes, torture, lies, illegal spying... Would someone give Bush a blowjob, already, so he can be impeached?
It must be remembered that this entanglement effect is a Quantum effect. The entanglement referred to is that of one wavefunction with another. So in essence you could do the same thing with two electrons as two photons you might would be measuring a different quantum number. It is about here however that your ideas seem to turn in to SciFi. You are however getting at why Einstien found this idea so "spooky." In physics, and in experimental science in general, it is generally assumed that you can isolate a variable from all other objects and study it. You don't think about the fact that you were bouncing a ball three years ago when you calculate it's parabolic trajectory today. The fact that these fundemental particles were somehow not isolated from each other even though they were outside of each other's light cones causes us to question the whole style of science. If everything is made of waves and everything interacts with everything else and it is entangled then how can we study anything in isolation ... and yet we do. Anyway this is a very interesting topic with philosophical overtones and the basis of Quantum Computing as well. If you are interested look into Bohmian Mechanics (an alternative to the traditional Copenhagen interpretation offered by Niels Bohr)
Any ideas on appyling this to the problem of e-voting (there currently is a lack of super solutions to e-voting that keeps a vote from ever being linked back directly to a voter) by in someway using the scrambling to also add a signature? The best e-vote idea I've seen uses the idea of signing through an envelope onto a piece of paper using carbon paper sealed in the envelope (all done digitaly ofcourse).
Wheeeee
The trick works by generating pairs of photons with coupled polarizations. Now here's the important point: if you measure the polarization of a photon at vertical or horizontal, it has no relationship to the measurement of the polarization at 45 degrees vs. 135 degrees. Alice generates pairs of photons and sends one photon to Bob. She generates a random string of 1's and 0's, uses this to select between a 0/90 degree polarizing filter and a 45/135 degree polarizing filter, and measures the polarization of the photons she does not send. Meanwhile, Bob performs a similar, random set of polarization tests at his end. After they are done, Alice tells Bob what sequence of polarizations she used for her tests. Bob throws out the measurements where he did not use the same axes as Alice, and the remaining measurements form a random bit pattern shared by Alice and Bob. Charlie sitting in the middle doesn't know what measurement to make (because Alice hasn't told anyone yet) and can't measure the photon without destroying its state. Charlie could measure the photon with a 0/90 degree filter, but if Alice is doing her measurement on that photon with a 45/135 degree filter then his measurement will have no relationship to her data. He can generate a photon with the corret polarization for the 0/90 degree test, but Bob is going to detect a different result from Alice with 50% probability. If Alice and Bob compare a subset of their bits (which they will not use for a key), they'll detect Charlie's tampering. Ergo, the man-in-the-middle attack doesn't work. Photon loss on fiber makes it impractical for networks, but there are other regimes where this idea just might shine.
--
This post made from 100% post-consumer recycled magnetic
Time is Nature's way of keeping everything from happening at once... the bitch.
The thing about this kind of idea that gives me a headache (apart from the sheer bizarreness of having a link between a quantum pair of particles over long distances. And getting one particle to the other end.) is how a line tap distortion can be distinguished from line noise....
Or maybe I'm geeting the wrong end of the stick (Or quark. Whatever.)
---------------- Take the red pill
You got it right almost untill the end, the bit with claude in the middle didn't go quite right. your writing is almost a perfect copy of an article that came out in Scientific American a while ago. the article explains why claude is actually no problem: bob can simply choose some bits (not the whole transmitted key but only part of it) and send tham back over an unsecure line, alice can then check whether they match the ones she sent. if claude is listening then a substantial part of this "control key" is wrong because he messed it up. also i think the current status of test results is a bit longer than the ones you mention (though no satellite capabilities yet).
No doubt there is a flaw in this method. I was
hoping that someone could point it out to me.
What is to stop the interceptor from cloning a
photon A has sent, and then passing one of the
clones along to the legitimate recipient, B? Then
after B has made his measurement, the interceptor
can measure the copy that he has kept for himself.
It seems as if the interceptor could at least get
partial information about the bits that A has sent
this way.
Alex.
I don't think this would work well for military use (if I'm understanding correctly) because all the enemy would have to do to break-down communications (which at times could be almost as good as monitoring them) would be to tap the line.. so you hide a bug somewhere between the 2 sites and it could take them quite awhile to find it.. and the whole time it's there it'll be corrupting all attempts to pass the keys, effectively eliminating that form of communication.. knowing that someone's listening is not enough, getting your message across is extremely importaint too.. or am I totally off-base here?
Actually, that was during the episode where Sam and Al got switched. Since Al still had the controller of Ziggy in his hand when they were switched, Sam couldn't use it to tell them to open up. (One wonders why they wouldn't have just opened it up after a certain amount of time anyways). Yours truely, Sam Beckett
Assuming QM you can *prove* that there is no way to eavesdrop whatsoever. What the quantum cryptology people have just done is a bit like Diffie-Helman key distribution. Although we think this is secure we really have no *proof* that cracking Diffie-Helman is hard. In this case we have a proof, following from the fundamental principles of QM, that there is no way (well actually I mean extremely unlikely and you can make the probability as low as you like) an eavesdropper can get any useful information whether they interact with the particles or not. Of course I say "assuming QM...". But I'd place quite a bit of money on the 'spooks' *not* being the first to discover violations in QM.
--
-- SIGFPE
The basic idea is that you pick up eavesdroppers when the "noise pattern" created by the quantum encrypt changes. What happens if the guys is eavesdropping from the start? If your original baseline for transmission was with eavesdropping, then you wouldn't notice anything would you? Or am I missing something from somewhere?
So far I've gotten all my Karma from telling people they are wrong... :)
it's Eve, short for eavesdropper. I believe claude would just be another part of the exchange...I thought Applied Cryptography was on the required reading list? (i'm almost through the preface...)
Also, the filters are not at a 45 degree angle, it's 90 degree angle. the problem with 45 degrees is that even if a photon comes through that is at 45 degrees to the filter, it has a 50% chance of 'twisting' and coming out the filter. so you have to have a 90 degree difference, otherwise there is a chance of getting two differing one time pads, which is what Alice and Bob generate. There are no 'bad luck' misses.
And it's 'photon' (I know this is all nerdy nitpicking, but I couldn't resist)
Then again, I could be wrong.
there was a scientific american article on this subject over three years ago.... i can't remember which issue (i'm not at home) but it addressed this same idea.
-- http://www.cerastes.org
I've read about this in an issue of C'T (german comp mag) couple o' monts ago
How spooky - I just finished reaing "Philosphical Consequences of Quantum Theory, Reflections on Bell's Theorem" - ISBN 0-268-01578-3. The book is a collection of papers dealing with the "spookiness" apparently behind this encryption. Strange, though-provoking, and frequently incomprehensible.
XML causes global warming.
This has already been done on another scale...
Anyone ever open up a perfectly good website in a Microsoft editor? Simply opening the page in the editor immediately kills your site. *grin*
SL33ZE, MCSD
em: joedipshit@hotmail.com
SL33ZE - Artificial Intelligence is No Match For Natural Stupidity -
This is contradictory because 'to observe' is 'to interact' in quantum mechanics. It is impossible to observe a single particle without interacting with it in some way.
Yup, that's the one! Thanks!
"The Code Book" by Simon Singh (recently reviewed on /.) has a section on quantum cryptography that's very good. Maybe now I can get all the kiddie porn I've always wanted but have been too afraid to ask for :)
http://www.livejournal.com/users/whiskeyjuvenile/
I said it. I am not going to take this any longer, no more HTTPS for me. I want my Quantum Encryption on all my software and hardware!! I crave it, I desire IT!!!! I NEED IT, I Beg For It!! ooh, man!
You can't handle the truth.
So, is the message half valid, half invalid?
III.IIVIVIXIIVIVIIIVVIIIIXVIIIXIIIIIIIIVIIIIVVIII
Kinda makes export restrictions a moot point, no? This doesn't seem to explain if it will be breakable, just that snoopers would be detectable, if I understand it correctly. Still can't think the NSA would go for it. Of course, since this is developed out of the US, I don't suppose they can stop it.
These people looked deep into my soul and assigned me a number based on the order in which I joined.
I recall reading that Einstein and several other prominent scientists believed that this principle, which could under some circumstances yield superluminal communication, was impossible. It wasn't that they had a particular reason why, but it simply seemed so improbable, much as the concept of nuclear energy must have seemed two centuries ago. Strangely enough, I've seen this kind of stuff in sci-fi written decades ago. I guess this proves Einstein's point, that "Imagination is more important than knowledge." Most people are unable to comprehend the signifigance of exponentiating technology, but here's a perfect example. A hundred years from now, we might be seeing things we had never dreamed of. Fortunately, the scientists of today are quite well aware that there is a lot that we do not know, and they are willing to explore. We could see all sorts of breakthroughs involving string theory or any other sort of thing that is only vaguely understood (or not even conceived of) now. At the last turn of the century, students were being discouraged from going into physics, because the experts believed that they basically knew everything. A famous physicist (Heisenberg, I think) said that there were only a few things that remained unexplained, such as a few peculiar properties of light. He said they probably weren't too important. Then Einstein came along and blew that away. Now it would seem that Einstein, himself a sceptic as all humans are, is being surpassed. I'm sure he would be proud, though.
WARNING: there is a trojan on your
Its impossible with an OTP using an XOR method to be able to tell if you've got the correct key to decrypt a message - for example, take the following cyphertext:
Cyphertext:3 6a 4 44
l k l j s f i w j n v k i u k j d k f j a o o i 3 j
Hex values:
6c6b6c6a736669776a6e766b69756b6a646b666a616f6f693
Using one key, I can decrypt to get this:
Key 1
1803094a070f04124a1a194b08011f0b07004603124f01064
plaintext:
the time to attack is now.
And using another key, I can decrypt to get this:6 44
Key 2
0d054c0b07120814014e01041c190f4a060e460c141b06055
plaintext:
an attack would be futile.
If I were committing troops lives based on this, I wouldn't like to guess which one of those was the correct guess on the key.
Claiming that the strength of OTPs are weakened due to repeating the use of the key when the plaintext is longer simply doesn't work. If you have to repeat use an OTP, it is no longer an OTP.
R
--
"When I grow up, I want to be a weirdo"
What about interferance such as static, EMP, solar storms, etc?
Can the location of the bug be detected also?
How am I supposed to hallucinate with all these swirling colors distracting me?
Ok, I decided to read the article and see they're using fiber so emi isn't a problem. But still, how sensitive is this?
How am I supposed to hallucinate with all these swirling colors distracting me?
I never read Scientific American but I must admit that I got most of the information from magazines (mostly C't).
Monkey sense
Um, it's just that my mother's tongue isn't English. And you are right that I don't have a deep understanding of physics, I thought the "as I understand" would have been obvious.
Monkey sense
Fuck off
(someone moderate this down!)
Monkey sense
But if you can use that data as a key, doesn't that move Bell's Theorem out of the realm of merely unnerving to actually violating relativity and (potentially) causality?
This has been a test of the Slashdot Broadcast Network . . .
An Invisible Entity of Vast Power whose existence must be taken on faith alone: Liberal Media
I don't know why this was moderated up so high, but the issue involved here was addressed before. In short, it is not possible to transmit information by using entangled states. If it was, the transmission would happen instantaneously and therefore violate relativity.
Consider the situation. You have a matched set of particles that can be in one of two states (or a dozen states, it doesn't matter). Call them A and B. Two parties who wish to share information are a million miles apart. At a predetermined time, the first party takes a measurement of their particle. The particle happens to "choose" state A. The second party then checks their particle, which is guaranteed to match the first (i.e. be in state A). Cool. Faster that light communication, right? Wrong. There is no way for one party to tell the other what state A means. It's random. Without a radio, telegraph, or carrier pidgeon, the system is useless.
Now, since the speed of light is the upper limit, what we need is a device to encode information in light, or some other electromagnetic wave. Oh, wait... that's what a $5 walkie talkie does.
A simple solution to your man in the middle attack: Transmit a standard radio signal with timing pulses at the same time as the signal going over the fiber. Both go at the speed of light, so middleman X has no time to decrypt and reencrypt the signals (which is the only way the attack can work) without also somehow hijacking the radio signal.
Any given cryptography system will have potential flaws, but quantum cryptography could be a great tool for anyone with the money and paranoia to implement it.
Hmm... Spooky Encryption... I wonder if it uses a Barbara Streisand Algorithm?
It's not actually FTL communcation - the only information you can get is what's already there. What changes is the way you're looking at it. It just looks "spooky" when you actually see it happening. Recognizing an effect is possible mathematically is not the same as viewing it experientially.
In post-9/11 America, the CIA interrogates YOU!
"A simple solution to your man in the middle attack: Transmit a standard radio signal with timing pulses at the same time as the signal going over the fiber. Both go at the speed of light, so middleman X has no time to decrypt and reencrypt the signals (which is the only way the attack can work) without also somehow hijacking the radio signal."
All of a sudden the solution involves using radiowaves transmitted through the air. These signals can also be muted and re-transmitted by X. Solutions to cryptographic flaws can not be overcome through obscurity or increasing the value of a cryptographic setup.
I won't even get in to the inherent problems with a system that requires two different mediums to transmit the same signal. I will mention however that radiowaves are much more limited than even some office networks, they do not always travel from A - B at the speed of light being subject to cloud-jumps, bouncing, slowed by the atmosphere.
Either way, if a radiowave + physical network connection form of encryption was introduced, then a radiowave + physical network connection form of decryption would be also.
This encryption routine may be good for single parties, or wealthy backers, but once again, that's just security through the obscurity of using something not well known, or through costly setups. The cryptography itself is still flawed in that it only guards against tampering between two points, it does not guard against decryption by people who do intercept it.
Once a signal is intercepted and understood, nothing lies in the way of forging it again for the intended receiver.
DES encryption (just for example) guards against this easily by keeping the decrypting key an absolute secret. As would one-time scratch keys if they were not required to be transmitted.
Ace
I don't understand why it's not possible for a man-in-the-middle attack. If point A transmits to B, and X is in the middle, what prevents X from simply decoding A's message, and passing it on to B with its own key. Each person at A & B would never know there signal was being intercepted; especially since its a one-time scratch key. There would be no verification between A & B directly, only between A & X; X & B.
You could argue that A could simply tell B in its message what its keys hash or CRC was. A protocol could be introduced to do it automatically, but X could simply modify the protocol to introduce its own scratch key for B to receive. This is no good either unless each party hand keys in there own hash or CRC at completely random spots, and in random ways, in each packet or message.
Zero Knowledge has there own 'Freedom' software package. I know there are other packages like it, but it is the one I have read the most documentation on. It uses DES encryption accross a line of servers wishing to run the Freedom Server Software.
It sort of works like this, though i'm not 100% accurate. The client encrypts there own message with the receivers public key. The first server on the internet encrypts the message a second time with the next servers public key. Each server after that removes a layer of encryption and adds its own to be removed by the next. The message always stays encrypted, but the second layer of encryption is to hide where the message was last sent from.
Somehow in that method, any fullscale attack on a router or servers packets will only give you the last hop of the message, nothing before it; and good luck using a word file to brute force a message encrypted twice.
This client - server - server . . . - client encryption routine could be used on a large scale with one-time scratch keys, but it still leaves the man in the middle attack open. All one has to do is implement packet forwarding on one of the servers, and the encryption routine, though repeated up to 20 times accross the internet is entirely useless.
With Freedom's DES routine however, a public key is used meaning the encrypted message can be double encrypted by each server and forwarded, so once it is unencrypted by each server to forward, it is still under a layer of encryption. (Believe that's the methodology).
By introducing encryption at the physical point-to-point transmission level, you lose the power of obscurity; your method for developing a key of any type is right there in the transmission itself. Encryption atleast requires the Obscurity of the decrypting key! That's why you don't pass someone a scratch-key encrypted message with the scratch-key at the same time.
Ace
If your key was 8 bits, no matter how secure the algorithm, brute force would 0wn you quickly. And as a real-life example, 56-bit DES is beginning to be feasible to brute-force.
Exactly. Which is why everyone should implement at least 128-bit crypto in their transactions.
Friends don't let friends use multiple inheritance.
There was a good layman's description of this in Singh's 'The Code Book' which was reviewed on /. last week.
article is here
So how do you get your secure key? I keep screwing up your attempts. Does this force you to resort to conventional public key cryptography?
I must be missing something. I'm always missing something.
My personal opinion is the telecommunications monopolies are quashing quantum communciations technology because it would obliterate the need for wires.
Governments probably worry about it as well, maybe even more than the telcoms.
_______
computers://use.urls. People use Networds.
The quantum encrypted channel described in this story is bulletproof assuming Quantum mechanics is true. But there really is no reason to expect that quantum mechanics is actually true. Sure, it explains current observations very well, but there is no guarantee that future observations won't force a revision. Even the venerable Newtonian law of gravity turned out to be false, and had to be replaced with Einstein's theory of general relativity.
The analogy with mathematical laws is not a good one at all, because mathematical theorems are true independent of any underlying empirical justification. A mathematical theorem does need foundations in the form of underlying axioms, but that's quite different from relying on experimental observations. (For instance, 1+1=2 in the integers, but in the integers modulo 2, 1+1=0. Here my axioms have changed. However, no amount of adding will make 1+1 equal 0 in the integers.)
So, a better way to phrase the NSA paranoia viewpoint is, widespread deployment of quantum encrypted channels will spur the NSA to conduct experiments designed to expose any errors that may be present in our current theory of quantum mechanics. And while the post was rated funny, it's actually exactly what would happen.
In case you're not up on your quantum mechanics, read the recent scientific american article about quantum entanglement. It's exactly the principle used here.
Quantum entanglement provides a method for creating a one-time pad shared between two parties that are (in theory) arbitrarily far apart. All you need is a source of entangled photon pairs that is directed toward both parties. If quantum mechanics works the way we think it does, there is no, even in theory with infinite computational power, for an evesdropper to find out the secret key.
This quantum entanglement-encryption works by creating a secret key shared between two parties. This is the same as RSA or DH. The difference is in the nature of the key and the possible attacks. Quantum entanglement can generate lots of key bits, enough, in fact, that the key can be used to XOR the data. Moreover, there is _no_ way for an evesdropper to measure photons from either path without being detected. This makes even brute force attacks impossible, even in theory given infinite time. The key length equals the message length, so you would end up generating all possible messages of a given length if you tried brute force.
(sorry, last two paragraphs are a lot the same :(
#define X(x,y) x##y
#define X(x,y) x##y
Peter Cordes ; e-mail: X(peter@cordes ,
Bruce Schneier's Applied Cryptography makes mention of this 'eavesdrop detection' feature of quantum crypto. The article is really cool and educational, but it's not that new.
The Second Amendment Sisters
Finding God in a Dog
Damn...and you realize, that if they discover a way to do this somehow or another (maybe by exploiting some insight into waves? Or by approximating spins?), that such a revelation would become a matter of national security?
I really hate this new proprietary world sometimes.
The Second Amendment Sisters
Finding God in a Dog
Try: http://slashdot.org/articles/99/10/01/0956208.shtm l
-- Don't Tase me, bro!
There are plenty of crypto protocols which work fine when a third party is listening
:)
Just curious. Shouldn't all crypto protocols work fine when a third party listening? If no one else is listening other than who you're talking to, you don't really need crypto!
Just like the sums of the interior angles of a triangle always add up to 180 degrees? The Greeks would have assured you that the angles would *never* add up to more or less than that value, but we know now that in certain cases that is incorrect. The solution? See the framework as just a subset of a larger framework which doesn't make certain assumptions (in this case, the assumption that there are only two dimensions).
Saying "That's just how it works" is a cop-out. The entire mass of scientific knowledge is a set of theories with more or less supporting evidence behind each one. Things could change, or (more likely) someone will find a new approach to quantum theory that sidesteps the whole issue (which you sort-of mentioned). I'm just saying don't use assume that your current knowledge of the structure and limitations of reality are all exactly correct. Even assumptions with a fair amount of proof have been extended in strange directions in the light of new experimental approaches, better equipment, or better theories.
Your right to not believe: Americans United for Separation of Church and
The last chapter in Simon Singh's The Code Book, recently reviewed here on Slashdot, is a clear and basic description of the theory of quantum crypography.
-------
Bill Gates Is My Evil Twin.
That's all correct, and was covered by Slashdot a while back. The article here proposes a totally different technique, though. You must admit that "quantum entanglement" sounds a lot sexier than plain old polarized photons...
Unfortunately it only works at 850 bit/sec so far. We might have to dig all those 1200 baud modems back out of the trash heaps... ;-)
#include "disclaim.h"
"All the best people in life seem to like LINUX." - Steve Wozniak
#include "disclaim.h"
"All the best people in life seem to like LINUX." - Steve Wozniak
Oh yeah, sorry to reply to my own post, but reading further down: With error correction, "The net bit production rate is arround 530 bit/s" [sic]. Maybe we need a Beowulf cluster of these things ;-)
#include "disclaim.h"
"All the best people in life seem to like LINUX." - Steve Wozniak
#include "disclaim.h"
"All the best people in life seem to like LINUX." - Steve Wozniak
Their protocol uses a one-time pad. Thus the overall communications rate is effectively limited by how fast you can generate and communicate the keys. Of course, if you re-use the keys then all bets are off....
#include "disclaim.h"
"All the best people in life seem to like LINUX." - Steve Wozniak
#include "disclaim.h"
"All the best people in life seem to like LINUX." - Steve Wozniak
And, of course, it does nothing about the man-in-the-middle attack.
Yes, it does. The man-in-the-middle can't re-generate the signal fast enough.
Have a look at this for more detail.
backslashdot? I wonder if that is registered... /me does a quick check
Nope, can't find backslashdot.org: Non-existent host/domain.
Darn.
What do you hope to gaim with this post anyway? If it is interesting, it doesn't matter if it is bleeding edge news, just sit back, learn and let learn.
Well, because I don't feel very socially concious right now, I will choose to justify this with an answer.
beginning here I assume you are serious
Please note that when I said you weren't insightful, this wasn't an insult, it simply meant that you didn't have any of those thoughts by yourself, i.e. "insight." You were, however, informative, but you only got one point for that. This is what happens when you give the average slashdotter the choice between two long words that start with 'i' and have the same effect to the score.
Noting that you are not a native English speaker, I apologize for "maybe he is just dumb". Incidentally, I meant my post to read "Maybe he was trying to make a point about how the English use of the letters "ph" is stupid," hence ridiculing you and the English language equally, but I ommitted some words, oh well.
From here I assume that you may be joking
Since my post included a complaint about space being wasted with "moderate this up" and "moderate this down" comments (moderators, morons that they are, can do their own job, goddammit), it's funny that you include just this in your reply.
"entanglement" creates the paradox of FTL
I can't think of any.
The problem is that you need to know what was done to the "sending" particle in order to decode the "receiving" one. Also, if you look at the reciever too soon, then it becomes the sender.
Basically, it is like XORing with an unknown bit. The sender knows what he sent in, so looking at the result, he can deduce the original state of the random bit.
The spooky part is that the corresponding random bit on the other end changes instantaneaously. unfortunately, the receiver knows only the result of the XOR, and this is not enough to send a message. She also needs the information the sender deduced about the unkown state to decode the information. NB She has to perform an XOR as well to read the information, so if she tries to read too soon, she'll have sent rather than received.
Johan
But if you've read Mostly Harmless by Douglas Adams, you'd know that powering a spaceship with bad news isn't a very good idea.
--
No more e-mail address game - see my user info. Time for revenge.
Win dain a lotica, en vai tu ri silota
A workaround for the cryptography angle would probably be to measure multiple attributes at the sender and receiver side. This would make it much more difficult for a man in the middle attack to succeed, as it's probably only possible to preserve a symmetric pair of quantum attributes.
Take a look at QUANTUM DÈJÁ VU. It's the first example of a quantum nondemolition experiment conducted at the Ecole Normale in Paris. Basically, by being very careful how they took the measurement of the photon, they could ensure that particular properties, including the ones observed where not interfered with. Some of the quantum state would of course be disturbed, but not all of it. While this couldn't currently be used to eavesdrop on a quantum encryption link, it could form the basis for an attack.
reading something like this a while ago (more than a year) about this, except I think back then, it was something to do with the uncertainty principle. The article I read (which I cannot remember) basically said that because you cannot observe the photon without affecting its state (because of the uncertainty principle), your action in observing the photon will change the state and thereby tipping off the receiver and sender that the message has been "tapped". I'm not a big physics expert, so I couldn't tell, is this the premise of this new article?
In "The Leap Back" didn't Al send one of these to the future via post to get Ziggy to open the doors to the holographic chamber (or whatever it was called)?
To avoid brute force attacks requires something like a one-time pad, where the key is sent in advance over a secure channel. Yes, I know, if you have a secure channel then you don't need crypto. But perhaps the secure channel is slow, or likely to disappear. By using it to send the key in advance, you can then send a later message quickly, reliably, and safely.
Something like this would be perfect for sending keys. The key is just random noise, so if you find that it's been intercepted, you just don't use that piece of it, and the enemy has gained nothing.
[1] Of course, "enough" horsepower may not be able to exist in the known universe, but...
Maybe this is just a semantic argument. But:
Therefore, I don't think it is unreasonable to state that conventional and public-key algorithms are vulnerable to brute force, compared to one-time pad algorithms.
If someone has to rely on brute force to decode your messages, you're in pretty safe hands.
Whether this is true depends on the key size. If your key was 8 bits, no matter how secure the algorithm, brute force would 0wn you quickly. And as a real-life example, 56-bit DES is beginning to be feasible to brute-force.
Essentially, this is a key distribution system for a one time pad (OTP) encryption setup. OTP encryption can only be deciphered if you have both keys, or if the keys are not purely random. If the data is random and you only have access to one key, game over. no good.
/
Why this system is good:
100% (reportedly) random data generation
Spying ruins the data (like beam splitting)
Neither side has to store a key
Take a look at:
http://www.quantum.univie.ac.at/research/crypto
for more info.
Speeding never killed anyone. Stopping did.
Quantum Cryptography is a little 'spooky', that much I agree to, but this is generally how the system works. You send your encrypted text over public and, otherwise, easy to intercept communication lines. The real secret or 'thing to preserve' is the key, which resides in the 'specially reserved and completely seperate' quantum line. This line does NOT emit different levels of radiation for 1's or 0's, so the TEMPEST attack will not work and if anyone other than Alice and Bob are reading the message, the line automatically 'shuts off'. (Note: This encryption works off the OTP principle) The quantum line doesn't have to be synced with anything so a disruption only means a delay in transmition of the key. Anyway...there is alot more to this story than submitted here...check out below. Some excellent material on the subject can be found at http://people.bu.edu/AlexSerg, he recently gave a lecture about Photon Entangled States here at BU for the IEEE; I'm sure you'll find his research quite helpful! He knows the material much better than I :-) David Gervais dgervais@bu.edu
Hopefully, someday the science wizards at DuPont will make a material using this technology. If you're like me, and have bad laundry karma, you could use Quantum Socks.
"Spooky action at a distance" could be utilized to let you know if a lost sock is worth searching for. The unmatched sock would indicate to you if the other sock has been "intercepted." In theory, someone could take a sock and then make an effort to return it - but lets face it, mankind is not that morally advanced! On the other hand, in the rare case you aquire a sock, it would indicate to you that it was not really your sock.
Obviously, this technology could be applied to a wide range of apparel.
Know what I like about atheists? I've yet to meet one that believes God is on their side.
The spooks will now devote substantial research to finding a way to observe particles *without* interacting with them.
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
This was news at least half a year ago. IIRC a couple of Brits already implemented a "quantum-secure" communication channel, if only a mile or so in length. There are some problems with it being used for long distances, though.
In any case, this just gives you eavesdropping-proof communication channels. There are plenty of crypto protocols which work fine when a third party is listening. And, of course, it does nothing about the man-in-the-middle attack.
So: old news, tasty geeky titbit, little practical applications.
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
Now make a list of who would be hurt by this. The DOJ would scream bloody murder. All the telcos and ISPs would shortly follow. The various TV signal delivery people would lose their respective monopolies -- even if cable companies remained, you could choose any company on the planet. They don't want that. The MPAA and RIAA would file lawsuits because it'd make it much easier to pirate their IP.
Chances are if you tried to file a patent on your spiffy new technology, it'd get squelched by the government in the name of national security and filed away in that warehouse with the burn-for-5-years lightbulbs and the 100 mile per gallon carbeurator. The NSA would probably kidnap you and relocate you to new digs at the bottom of the ocean after providing stylish new cement shoes.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
The whole point of quantum encryption is that you can transmit the *KEY* or signature just as you would transmit an encrypted message. Normally this can't be done because someone could intercept the key and be able to read all your encrypted messages. This way, if a new key is intercepted, just send a different one until you can be sure that it wasn't intercepted. This looks like it could be the encryption scheme of the furture.
This is all very interesting, but it's practical uses are limited by a few factors.
First, the quantum key must be physically transmitted to the receiver. This means that the medium for transmission (in most demonstrations, fiber optics) must be in place between the communicating parties and both parties must have the equipment to detect the value of the key. This equipment must be capable of detecting the polarization of single photons. Not exactly the type of stuff people have just lying around.
Second, there can be no amplification of the signal transmitting the key. Amplification of the signal is equivalent to someone eavesdropping on the key. The usefulness of the key would be destroyed. So forget about using this over normal phone lines or the Internet.
Third, the longer the transmission distance the greater the likeliness of errors in the key. Quantum encryption keys have been successfully transmitted approximately 20 kilometer through fiber optics and 500 meters through the atmosphere, but with about a 2% to 3% error rate. This will probably be acceptable for text messages, but may not be for data streams unless multiple redundent copies of the data or sent, or other error correction techniques are used (adding length to the data transmission). This will work well going from say the White House to the Pentagon, but unless all your secret friends live within 20 kilometers...
Fourth, if transmission speed is a factor for you, quantum encryption poses several problems. Only about 25% of the transmitted quantum key bits will be successfully detected (due to the 4 possible quantum states the photons can be in). This means to have a successful one-time-pad you must generate a key 4 times longer than the message you want to encrypt. Then the receiver has to confirm a sample of the key with the sender to ensure that the key has not been intercepted. Then you can transmit your message with about a 2% error rate.
So this is cool technology, but will really only be useful for military purposes or extremely sensitive corporate secrets.
I was at a presentation about this kind of technology several years ago (someone from British Telecom came to give a talk to a bunch of us from University). The basic idea was that you could emit light a photon at a time, and pick this up later on.
If you had a snoop (Eve), the data would be corrupted due to the fact that only one photon existed per data element - later, you could check this and discard any bad data.
You still have to do the actual communication using your favourite strong encryption system. However, this system gets around the problems associated with key distribution over a distance.
So you might say: "well, the laws of physics are changing so rapidly these days that this will soon be a possibility." But revolutions in physics are rarely, if ever, of the sort where all of the old theory is thrown out and a completely new theory is developed. Instead, discrepencies are discovered in some corner of a theory and new a theory is discovered which is a superset of both the old theory and the new data.
Also, "spooky action at a distance" in the form of quantum entanglement was never "impossible," it was just philosophically objectionable to some people, including Einstein. If you mean that "information can never travel faster than the speed of light in vacuum" when you say "faster than light (FTL)" travel, then you are incorrect if Maxwell's equations are to hold. All know examples of FTL (which are trivial and miss the point) violate some aspect of my previous statement in quotations. As for heavier-than-air flight, no rational scientist in any age who has observed a bird would tell you that it's impossible.
It has probably been said a lot before on /. but this is how (I understand that) Quantum Encryption works:
First of all it doesn't send encrypted data. It's just used to send random bits from Alice to Bob. Alice sends for every bit that's 1 a vertical polorised foton and a foton that's turned clockwise 45 for every bit that's 0.
Bob chooses one of two filters for every bit he receives. At random he uses a filter that can either receive a 1 (a filter that's turned counter-clockwise 45) or a filter that can receive a 0 (a filter that's horizontally polorised).
Bob will not receive a foton if he uses the wrong filter, which he will do aproximately half the time. This is because the polarisation direction of the bit and the filter would differ 90.
The interesting thing is that if Bob uses the correct filter, he has only 50 chance that he'll see the foton (can you say 'Quantum effects').
So far Bob knows that:
- he did not receive the bit (because he used the wrong filter or because he had 'bad luck')
- the bit is 1 (by using the correct filter)
- the bit is 0 (by using the correct filter)
Bob should, if knows the value of enough bits (which should be the length of the file to be transimitted), send back the numbers of the bits he received over an unsecure channel.
Alice will then know what Bob is using as a key and she can encrypt the file using XOR. Alice then sends the file over an unsecure channel and Bob can decrypt it.
But what if someone is listening? Let's say that Claude is receiving the bits that Alice send. But Bob will know that Claude is listening because he doesn't receive any bits. The solution would seem that Claude resends the bits to Bob. But there is a problem for Claude here, (s)he did only receive 1/4 of the bits correctly. 37.5% (approximately) will thus be incorrect. In stead of receiving 1/4 of the bits correctly, Bob will only receive 36.5% of 1/4 = 16% of the bits correctly.
But how could Bob and Alice know that not all the bits were received correctly? This is currently solved by sending part of the bits over a quality line (on which Claude could be listening though).
Another problem, letting Bob know that a polorized foton has been send could be solved by sending a pulse of non-polarized light an instance before the polorized foton.
Current results are 48km through optic fiber and 50 meter through the air (3km would do for satelites).
Monkey sense