Slashdot Mirror
"Spooky" Quantum Data Encryption
Hardy writes "Imagine an encrypted communications channel that immediately notifies the parties if they are being bugged. The American Institute of Physics site is running an article about exploiting what Einstein described as the "spooky" action at a distance properties of quantum entangled particles. The entanglement process can generate a completely random sequence of 0s and 1s distributed exclusively to two users at remote locations. Any eavesdropper's attempt to intercept this sequence will alter the message in a detectable way and enabling the users to discard the appropriate parts of the data. This random sequence of digits is then used to scramble the message. This approach solves the problem of distributing a shared key to both parties without it falling into the wrong hands. This diagram might help.
"
If your being serious with this comment, the major problem with your scheme is that the particles would be in a superposition of states of spin, and a machine that reads the spin state of a particle will leave the particle in a state that is not a superposition. Therefore a machine reading the states will destroy this superposition, which is detectable. AFAIK the encryption method works by reading the basis of a superposition of states as 1 or 0, depending on its angle.
Also there would be time delay problems, which would enable a bug to be detected (as can be done on normal lines)
My personal opinion is the telecommunications monopolies are quashing quantum communciations technology because it would obliterate the need for wires.
Governments probably worry about it as well, maybe even more than the telcoms.
_______
computers://use.urls. People use Networds.
The quantum encrypted channel described in this story is bulletproof assuming Quantum mechanics is true. But there really is no reason to expect that quantum mechanics is actually true. Sure, it explains current observations very well, but there is no guarantee that future observations won't force a revision. Even the venerable Newtonian law of gravity turned out to be false, and had to be replaced with Einstein's theory of general relativity.
The analogy with mathematical laws is not a good one at all, because mathematical theorems are true independent of any underlying empirical justification. A mathematical theorem does need foundations in the form of underlying axioms, but that's quite different from relying on experimental observations. (For instance, 1+1=2 in the integers, but in the integers modulo 2, 1+1=0. Here my axioms have changed. However, no amount of adding will make 1+1 equal 0 in the integers.)
So, a better way to phrase the NSA paranoia viewpoint is, widespread deployment of quantum encrypted channels will spur the NSA to conduct experiments designed to expose any errors that may be present in our current theory of quantum mechanics. And while the post was rated funny, it's actually exactly what would happen.
In case you're not up on your quantum mechanics, read the recent scientific american article about quantum entanglement. It's exactly the principle used here.
Quantum entanglement provides a method for creating a one-time pad shared between two parties that are (in theory) arbitrarily far apart. All you need is a source of entangled photon pairs that is directed toward both parties. If quantum mechanics works the way we think it does, there is no, even in theory with infinite computational power, for an evesdropper to find out the secret key.
This quantum entanglement-encryption works by creating a secret key shared between two parties. This is the same as RSA or DH. The difference is in the nature of the key and the possible attacks. Quantum entanglement can generate lots of key bits, enough, in fact, that the key can be used to XOR the data. Moreover, there is _no_ way for an evesdropper to measure photons from either path without being detected. This makes even brute force attacks impossible, even in theory given infinite time. The key length equals the message length, so you would end up generating all possible messages of a given length if you tried brute force.
(sorry, last two paragraphs are a lot the same :(
#define X(x,y) x##y
#define X(x,y) x##y
Peter Cordes ; e-mail: X(peter@cordes ,
Bruce Schneier's Applied Cryptography makes mention of this 'eavesdrop detection' feature of quantum crypto. The article is really cool and educational, but it's not that new.
The Second Amendment Sisters
Finding God in a Dog
Damn...and you realize, that if they discover a way to do this somehow or another (maybe by exploiting some insight into waves? Or by approximating spins?), that such a revelation would become a matter of national security?
I really hate this new proprietary world sometimes.
The Second Amendment Sisters
Finding God in a Dog
Try: http://slashdot.org/articles/99/10/01/0956208.shtm l
-- Don't Tase me, bro!
There are plenty of crypto protocols which work fine when a third party is listening
:)
Just curious. Shouldn't all crypto protocols work fine when a third party listening? If no one else is listening other than who you're talking to, you don't really need crypto!
Just like the sums of the interior angles of a triangle always add up to 180 degrees? The Greeks would have assured you that the angles would *never* add up to more or less than that value, but we know now that in certain cases that is incorrect. The solution? See the framework as just a subset of a larger framework which doesn't make certain assumptions (in this case, the assumption that there are only two dimensions).
Saying "That's just how it works" is a cop-out. The entire mass of scientific knowledge is a set of theories with more or less supporting evidence behind each one. Things could change, or (more likely) someone will find a new approach to quantum theory that sidesteps the whole issue (which you sort-of mentioned). I'm just saying don't use assume that your current knowledge of the structure and limitations of reality are all exactly correct. Even assumptions with a fair amount of proof have been extended in strange directions in the light of new experimental approaches, better equipment, or better theories.
Your right to not believe: Americans United for Separation of Church and
The last chapter in Simon Singh's The Code Book, recently reviewed here on Slashdot, is a clear and basic description of the theory of quantum crypography.
-------
Bill Gates Is My Evil Twin.
That's all correct, and was covered by Slashdot a while back. The article here proposes a totally different technique, though. You must admit that "quantum entanglement" sounds a lot sexier than plain old polarized photons...
Unfortunately it only works at 850 bit/sec so far. We might have to dig all those 1200 baud modems back out of the trash heaps... ;-)
#include "disclaim.h"
"All the best people in life seem to like LINUX." - Steve Wozniak
#include "disclaim.h"
"All the best people in life seem to like LINUX." - Steve Wozniak
Oh yeah, sorry to reply to my own post, but reading further down: With error correction, "The net bit production rate is arround 530 bit/s" [sic]. Maybe we need a Beowulf cluster of these things ;-)
#include "disclaim.h"
"All the best people in life seem to like LINUX." - Steve Wozniak
#include "disclaim.h"
"All the best people in life seem to like LINUX." - Steve Wozniak
Their protocol uses a one-time pad. Thus the overall communications rate is effectively limited by how fast you can generate and communicate the keys. Of course, if you re-use the keys then all bets are off....
#include "disclaim.h"
"All the best people in life seem to like LINUX." - Steve Wozniak
#include "disclaim.h"
"All the best people in life seem to like LINUX." - Steve Wozniak
And, of course, it does nothing about the man-in-the-middle attack.
Yes, it does. The man-in-the-middle can't re-generate the signal fast enough.
Have a look at this for more detail.
backslashdot? I wonder if that is registered... /me does a quick check
Nope, can't find backslashdot.org: Non-existent host/domain.
Darn.
What do you hope to gaim with this post anyway? If it is interesting, it doesn't matter if it is bleeding edge news, just sit back, learn and let learn.
Well, because I don't feel very socially concious right now, I will choose to justify this with an answer.
beginning here I assume you are serious
Please note that when I said you weren't insightful, this wasn't an insult, it simply meant that you didn't have any of those thoughts by yourself, i.e. "insight." You were, however, informative, but you only got one point for that. This is what happens when you give the average slashdotter the choice between two long words that start with 'i' and have the same effect to the score.
Noting that you are not a native English speaker, I apologize for "maybe he is just dumb". Incidentally, I meant my post to read "Maybe he was trying to make a point about how the English use of the letters "ph" is stupid," hence ridiculing you and the English language equally, but I ommitted some words, oh well.
From here I assume that you may be joking
Since my post included a complaint about space being wasted with "moderate this up" and "moderate this down" comments (moderators, morons that they are, can do their own job, goddammit), it's funny that you include just this in your reply.
"entanglement" creates the paradox of FTL
I can't think of any.
The problem is that you need to know what was done to the "sending" particle in order to decode the "receiving" one. Also, if you look at the reciever too soon, then it becomes the sender.
Basically, it is like XORing with an unknown bit. The sender knows what he sent in, so looking at the result, he can deduce the original state of the random bit.
The spooky part is that the corresponding random bit on the other end changes instantaneaously. unfortunately, the receiver knows only the result of the XOR, and this is not enough to send a message. She also needs the information the sender deduced about the unkown state to decode the information. NB She has to perform an XOR as well to read the information, so if she tries to read too soon, she'll have sent rather than received.
Johan
But if you've read Mostly Harmless by Douglas Adams, you'd know that powering a spaceship with bad news isn't a very good idea.
--
No more e-mail address game - see my user info. Time for revenge.
Win dain a lotica, en vai tu ri silota
A workaround for the cryptography angle would probably be to measure multiple attributes at the sender and receiver side. This would make it much more difficult for a man in the middle attack to succeed, as it's probably only possible to preserve a symmetric pair of quantum attributes.
Take a look at QUANTUM DÈJÁ VU. It's the first example of a quantum nondemolition experiment conducted at the Ecole Normale in Paris. Basically, by being very careful how they took the measurement of the photon, they could ensure that particular properties, including the ones observed where not interfered with. Some of the quantum state would of course be disturbed, but not all of it. While this couldn't currently be used to eavesdrop on a quantum encryption link, it could form the basis for an attack.
reading something like this a while ago (more than a year) about this, except I think back then, it was something to do with the uncertainty principle. The article I read (which I cannot remember) basically said that because you cannot observe the photon without affecting its state (because of the uncertainty principle), your action in observing the photon will change the state and thereby tipping off the receiver and sender that the message has been "tapped". I'm not a big physics expert, so I couldn't tell, is this the premise of this new article?
The one photon may be a data element of either the message data or the error-correction data. So, if enough photons of message and error-correction data get through, I can reconstruct the message data.
Not to flame, but isn't that kind of like asking how do one *bit* per data element and integrated error correction square up?
"You can't get something for nothing." - my grandfather, on the stock market and Reaganomics.
In "The Leap Back" didn't Al send one of these to the future via post to get Ziggy to open the doors to the holographic chamber (or whatever it was called)?
To avoid brute force attacks requires something like a one-time pad, where the key is sent in advance over a secure channel. Yes, I know, if you have a secure channel then you don't need crypto. But perhaps the secure channel is slow, or likely to disappear. By using it to send the key in advance, you can then send a later message quickly, reliably, and safely.
Something like this would be perfect for sending keys. The key is just random noise, so if you find that it's been intercepted, you just don't use that piece of it, and the enemy has gained nothing.
[1] Of course, "enough" horsepower may not be able to exist in the known universe, but...
Maybe this is just a semantic argument. But:
Therefore, I don't think it is unreasonable to state that conventional and public-key algorithms are vulnerable to brute force, compared to one-time pad algorithms.
If someone has to rely on brute force to decode your messages, you're in pretty safe hands.
Whether this is true depends on the key size. If your key was 8 bits, no matter how secure the algorithm, brute force would 0wn you quickly. And as a real-life example, 56-bit DES is beginning to be feasible to brute-force.
Essentially, this is a key distribution system for a one time pad (OTP) encryption setup. OTP encryption can only be deciphered if you have both keys, or if the keys are not purely random. If the data is random and you only have access to one key, game over. no good.
/
Why this system is good:
100% (reportedly) random data generation
Spying ruins the data (like beam splitting)
Neither side has to store a key
Take a look at:
http://www.quantum.univie.ac.at/research/crypto
for more info.
Speeding never killed anyone. Stopping did.
Quantum Cryptography is a little 'spooky', that much I agree to, but this is generally how the system works. You send your encrypted text over public and, otherwise, easy to intercept communication lines. The real secret or 'thing to preserve' is the key, which resides in the 'specially reserved and completely seperate' quantum line. This line does NOT emit different levels of radiation for 1's or 0's, so the TEMPEST attack will not work and if anyone other than Alice and Bob are reading the message, the line automatically 'shuts off'. (Note: This encryption works off the OTP principle) The quantum line doesn't have to be synced with anything so a disruption only means a delay in transmition of the key. Anyway...there is alot more to this story than submitted here...check out below. Some excellent material on the subject can be found at http://people.bu.edu/AlexSerg, he recently gave a lecture about Photon Entangled States here at BU for the IEEE; I'm sure you'll find his research quite helpful! He knows the material much better than I :-) David Gervais dgervais@bu.edu
A good reference is the Usenet Physics Faq which says: 'It has been shown by Eberhard that no information can be passed using this effect so there is no FTL communication' on this page.
Its easy to come up with ideas but unfortunately quantum mechanics has a way of screwing things up when you try and cheat :)
Hopefully, someday the science wizards at DuPont will make a material using this technology. If you're like me, and have bad laundry karma, you could use Quantum Socks.
"Spooky action at a distance" could be utilized to let you know if a lost sock is worth searching for. The unmatched sock would indicate to you if the other sock has been "intercepted." In theory, someone could take a sock and then make an effort to return it - but lets face it, mankind is not that morally advanced! On the other hand, in the rare case you aquire a sock, it would indicate to you that it was not really your sock.
Obviously, this technology could be applied to a wide range of apparel.
Know what I like about atheists? I've yet to meet one that believes God is on their side.
The spooks will now devote substantial research to finding a way to observe particles *without* interacting with them.
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
This was news at least half a year ago. IIRC a couple of Brits already implemented a "quantum-secure" communication channel, if only a mile or so in length. There are some problems with it being used for long distances, though.
In any case, this just gives you eavesdropping-proof communication channels. There are plenty of crypto protocols which work fine when a third party is listening. And, of course, it does nothing about the man-in-the-middle attack.
So: old news, tasty geeky titbit, little practical applications.
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
Now make a list of who would be hurt by this. The DOJ would scream bloody murder. All the telcos and ISPs would shortly follow. The various TV signal delivery people would lose their respective monopolies -- even if cable companies remained, you could choose any company on the planet. They don't want that. The MPAA and RIAA would file lawsuits because it'd make it much easier to pirate their IP.
Chances are if you tried to file a patent on your spiffy new technology, it'd get squelched by the government in the name of national security and filed away in that warehouse with the burn-for-5-years lightbulbs and the 100 mile per gallon carbeurator. The NSA would probably kidnap you and relocate you to new digs at the bottom of the ocean after providing stylish new cement shoes.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
There is error within the procedure. This is inherent within quantum transmissions like this. Take a look at http://www.quantum.univie.ac.at/research/crypto/ and click on the links for the protocols. There is about a 4 percent error in the transmission. Not too bad. All you would have to do is integrate error correction within the message and you will be set.
Speeding never killed anyone. Stopping did.
The whole point of quantum encryption is that you can transmit the *KEY* or signature just as you would transmit an encrypted message. Normally this can't be done because someone could intercept the key and be able to read all your encrypted messages. This way, if a new key is intercepted, just send a different one until you can be sure that it wasn't intercepted. This looks like it could be the encryption scheme of the furture.
This is all very interesting, but it's practical uses are limited by a few factors.
First, the quantum key must be physically transmitted to the receiver. This means that the medium for transmission (in most demonstrations, fiber optics) must be in place between the communicating parties and both parties must have the equipment to detect the value of the key. This equipment must be capable of detecting the polarization of single photons. Not exactly the type of stuff people have just lying around.
Second, there can be no amplification of the signal transmitting the key. Amplification of the signal is equivalent to someone eavesdropping on the key. The usefulness of the key would be destroyed. So forget about using this over normal phone lines or the Internet.
Third, the longer the transmission distance the greater the likeliness of errors in the key. Quantum encryption keys have been successfully transmitted approximately 20 kilometer through fiber optics and 500 meters through the atmosphere, but with about a 2% to 3% error rate. This will probably be acceptable for text messages, but may not be for data streams unless multiple redundent copies of the data or sent, or other error correction techniques are used (adding length to the data transmission). This will work well going from say the White House to the Pentagon, but unless all your secret friends live within 20 kilometers...
Fourth, if transmission speed is a factor for you, quantum encryption poses several problems. Only about 25% of the transmitted quantum key bits will be successfully detected (due to the 4 possible quantum states the photons can be in). This means to have a successful one-time-pad you must generate a key 4 times longer than the message you want to encrypt. Then the receiver has to confirm a sample of the key with the sender to ensure that the key has not been intercepted. Then you can transmit your message with about a 2% error rate.
So this is cool technology, but will really only be useful for military purposes or extremely sensitive corporate secrets.
I was at a presentation about this kind of technology several years ago (someone from British Telecom came to give a talk to a bunch of us from University). The basic idea was that you could emit light a photon at a time, and pick this up later on.
If you had a snoop (Eve), the data would be corrupted due to the fact that only one photon existed per data element - later, you could check this and discard any bad data.
You still have to do the actual communication using your favourite strong encryption system. However, this system gets around the problems associated with key distribution over a distance.
So you might say: "well, the laws of physics are changing so rapidly these days that this will soon be a possibility." But revolutions in physics are rarely, if ever, of the sort where all of the old theory is thrown out and a completely new theory is developed. Instead, discrepencies are discovered in some corner of a theory and new a theory is discovered which is a superset of both the old theory and the new data.
Also, "spooky action at a distance" in the form of quantum entanglement was never "impossible," it was just philosophically objectionable to some people, including Einstein. If you mean that "information can never travel faster than the speed of light in vacuum" when you say "faster than light (FTL)" travel, then you are incorrect if Maxwell's equations are to hold. All know examples of FTL (which are trivial and miss the point) violate some aspect of my previous statement in quotations. As for heavier-than-air flight, no rational scientist in any age who has observed a bird would tell you that it's impossible.
It has probably been said a lot before on /. but this is how (I understand that) Quantum Encryption works:
First of all it doesn't send encrypted data. It's just used to send random bits from Alice to Bob. Alice sends for every bit that's 1 a vertical polorised foton and a foton that's turned clockwise 45 for every bit that's 0.
Bob chooses one of two filters for every bit he receives. At random he uses a filter that can either receive a 1 (a filter that's turned counter-clockwise 45) or a filter that can receive a 0 (a filter that's horizontally polorised).
Bob will not receive a foton if he uses the wrong filter, which he will do aproximately half the time. This is because the polarisation direction of the bit and the filter would differ 90.
The interesting thing is that if Bob uses the correct filter, he has only 50 chance that he'll see the foton (can you say 'Quantum effects').
So far Bob knows that:
- he did not receive the bit (because he used the wrong filter or because he had 'bad luck')
- the bit is 1 (by using the correct filter)
- the bit is 0 (by using the correct filter)
Bob should, if knows the value of enough bits (which should be the length of the file to be transimitted), send back the numbers of the bits he received over an unsecure channel.
Alice will then know what Bob is using as a key and she can encrypt the file using XOR. Alice then sends the file over an unsecure channel and Bob can decrypt it.
But what if someone is listening? Let's say that Claude is receiving the bits that Alice send. But Bob will know that Claude is listening because he doesn't receive any bits. The solution would seem that Claude resends the bits to Bob. But there is a problem for Claude here, (s)he did only receive 1/4 of the bits correctly. 37.5% (approximately) will thus be incorrect. In stead of receiving 1/4 of the bits correctly, Bob will only receive 36.5% of 1/4 = 16% of the bits correctly.
But how could Bob and Alice know that not all the bits were received correctly? This is currently solved by sending part of the bits over a quality line (on which Claude could be listening though).
Another problem, letting Bob know that a polorized foton has been send could be solved by sending a pulse of non-polarized light an instance before the polorized foton.
Current results are 48km through optic fiber and 50 meter through the air (3km would do for satelites).
Monkey sense