Slashdot Mirror
Quantum Encryption Via Satellite
Jeff Scarpace writes: "The Economist is reporting that last week, at the International Conference on Quantum Information in Rochester, New York, physicists from the Los Alamos National Laboratories in New Mexico explained how to build a system that will broadcast uncrackable messages via satellite."
The article correclty described how this sort of key exchange (it isn't really encryption, just a way to exchange keys "securely") is safe from exposure by an observer (the observer would alter the key stream by observing and thus would destroy those bits she ("Eve" in the article) intercepts).
However, the method is still vulnerable to a complete Man-in-the-Middle attack where attacker (call him Malcolm) COMPLETELY intercepts the key stream from Alice to Bob, blocking transmission to Bob entirely. Malcolm negotiates with Alice until they both agree on a key using the same method described, Malcolm pretending all the time that he is really Bob. Malcolm then initiates a new photon key transmission to Bob, as if he were Alice, and negotiates a separate, completely different key, with Bob. Once the real encrypted data begins to flow, he intercepts it, decrypts it with the Alice-to-Malcolm key, then reencrypts it with the Malcolm-to-Bob key.
There are ways to work around this, but they are all the domain of existing cryptography technology. So in reality, this "encryption" scheme, while using quantum physics to perform a key exchange/agreement, doesn't buy a lot that's new. Sure, it's a good idea, IF it can be made practical, and IF a complete protocol for use can be developed that avoids MITM attacks (and anything else this sort of key agreement/exchange system may turn out to be vulnerable to).
Unfortunately, he article described the key exchange as uncrackable encryption. That was a naive mistake. The method of key agreement/exchange was just that, a way to agree upon a key securely (barring a MITM attack). Once the key has been exchanged using the described method, even if it is secure, the data to be sent/encrypted is still most likely encrypted using a standard, existing algorithm, as vulnerable or as strong as that existing algorithm is today.
One-time pads are unbreakable if used correctly, yes.
The problem is that since you use each one exactly once, each side has to have either the same list of pads or arrange a new pad for each message.
If you have a list of pads, that's subject to theft/social engineering/other compromises ahead of time.
If you arrange a pad for each message, you need to transmit the pad over a secure channel to avoid man-in-the-middle attacks. And if you have such a secure channel, you don't need one-time pads, you can just send the message itself securely. Note that this problem also applies to distributing lists of pads.
[Note that the idea of creating a public-key secure channel to send a symmetric one-time-pad-style session key is how almost all 'public-key' systems actually work, for performance reasons.]
Basically one time pads are perfect in very limited circumstances, but completely unusable for basic day-to-day end-to-end encryption.
That's what public-key crypto is all about -- the ability to publish a key far and wide whose encryption can ONLY be read by a different key.
--
Sure, you _could_ do that. Spread CD's out to your friends with a big monster one-time pad file on it, keep tabs on how much of the 700MB of randomness you've used, never reuse any of it, and then hand out a new CD when you get near the end.
You can quickly run into a scalability nightmare, though. You can't use the same CD for multiple friends, and here's why. If you give the CD to two friends, and you send a message to person A using up bytes 100-200 of the OTP, somehow person B has to get the message not ever to use bytes 100-200, or else it's no longer a OTP, it's a repeat key subject to cryptanalysis.
So, somehow friend B has to get the message not to use those bytes. You could cc B on the mail, or send out a separate notice that those bytes are used, but then you have a lagtime factor -- both you and A could be sending to B at the same time using the same byte range.
The only solution to this, if you actually want to use your OTP's in a one-time fashion, is to have a separate OTP CD for _each_ relationship you have. With you, A, and B, that's two CD's per person, three total unique pairs. Add in C, and that's three CD's per person, six pairs. Add in D, that's 4 CD's per person, ten pairs. E, 5 per person, fifteen pairs. And on and on.
That's the basic scaling nightmare of ANY symmetric key solution, whether it's OTP or simply static keys.
The thing that makes public-key more secure is that you can encrypt your private key such that even if it WERE stolen. it has to be brute-forced open just like your mail would. With a symmetric key scheme, you can encrypt your key, but then you have to pass that key AND the decryption method around, meaning your local key is only as safe as the weakest link of your web of trust. With public-key, your local key is as safe as you, yourself are.
Sense? Your idea COULD work, but you're basically reinventing the wheel and inheriting a lot of the problems that were ameliorated (not solved, mind you...) with the rise of cheap and easy public-key schemes.
--
I was about to agree with you, but I think I figured out what's really going on with this that the article doesn't explain. It suggests using a public key encryption technology to exchange the message containing the start point, which seems to make it insecure (since the article had previously stated no public key system to date is provably secure).
But it's also relying on a random bitstream with VAST bandwidth (10 million million "numbers" per second is 100 Terabits/sec if a "number" is a byte, right?), the idea being that whatever stream you use has to be signifigantly beyond anyone's ability to record it. Since no one can record it, the public key exchange only has to be secure for as long as it takes to get to the start point, which should be somewhere between right away and far enough down the line that no one can save that much data. If you can increase the bandwidth of the bitstream, you can shorten that time, otherwise you just wait longer.
But if the bandwidth is too low, then your public key exchange may be cracked before the start of the bitstream is hit, so it really does need to be huge.
So, the requirements are actually that you have a communications channel that can't be cracked in the amount of time it takes to transmit the bits for the key, and that you're transmitting enough bits in that time that no one can save them.
It's a neat idea... but wake me up when I can get 100 Terabits/sec into my house.
Get a big box into orbit and host the evilest copyright violatingest server ever.. Yum.
Actually, I was being sort of facetious when I posted that, but to take your points on...
...you're right that it would necessitate replacing all the decoder equipment on the receiving end. As well, all the head-end transmission stuff would have to be modified. But I don't think the sats themselves would need much modification. After all, they're basically just orbiting transceivers - they grab the digital signal that comes to them from below, and just broadcast it right back - any digital stream will do, as long as it fits the transmission protocol, and I'd be surprised if they really couldn't tweak that from the ground.
Of course there's always the usual hardware hacks...
Granted, and of course, you're right that that's how it's done nowadays - to my knowledge, nobody's cracked the regular old public-key crypto they use now. So attacks uniformly consist of avoiding the triple-locked front door and looking for less-secure back doors. And that'd be how you'd attack it in the future, regardless of whatever super-duper encryption is used.
ABSURDITY, n.: A statement or belief manifestly inconsistent with one's own opinion.
But what is the practical usefulness of this outside of the military?
It'll be the end of the DirecTV pirates, anyway.
ABSURDITY, n.: A statement or belief manifestly inconsistent with one's own opinion.
So, how do you broadcast a single photon everywhere? That's the key. If you send the message everywhere, you are obviously not sending single photons. If you can send a single photon reliably from point a to point b, you have figured out how to make sure it doesn't get lost in between.
No, I'm not a reading major (which I don't think exists). But my english comprehension is pretty good, which is why I don't think this story makes sense.
You are forgetting, the quantum key exchange is based on sending single photons! If alice sends a photon to bob, eve can't see it in her telescope. Why? Because the photon went to bob's telescope, not eve's!
If you send lots of photons for each bit, so that multiple copies of each photon are available to both bob and eve, then eve can crack the key! Eve can just receive multiple copies of the photon, and perform all three polarization tests which bob might perform, and the whole thing falls apart.
Remember, quantum crypto is based on sending single photons. That's why it works. Alice measures a photon and then sends that exact same photon to bob. Not a copy. Not a hundred copies. Certainly not enough that anybody with a telescope for five miles can see it! One photon.
In the fiber-optic version of quantum crypto, each key bit is obtained from alice creating a single photon, measuring it, and sending it to bob to measure. Although I'm sure it's quite tricky, it's not hard to imagine putting a single photon into a fiber, and being able to detect that single photon at the other end.
But how the hell are you supposed to do this via a satellite? I find it simply incomprehensible that a single photon could be successfully bounced off of a satellite and detected when it hit the Earth. Or even successfully shot between two points on the Earth. And if you can manage to send single photons between two points, why not just send plaintext? Sure, someone might tap a fiber without your knowledge. But "tapping" open space without anyone noticing?
Hmmm, boss, there seems to be a van with dark windows parked between alice and bob. Maybe we should stop transmitting? Dont' get me wrong, quantum crypt is neat stuff. And I definitely think it has applications. But not for sending messages thru open space. By the time you have solved the engineering problem of sending single photons reliably over long distances outside, the crypto is meaningless. If you want to see if any one is listening, just look. If your enemies figure out how to make their eavesdropping equipment invisible, you have bigger problems to deal with!
There are of course a variety of uses for this technology, and not a single one of them has anything to do with desktops or standard servers.
Many of those applications do not involve networked hardware. Perhaps, systems for transmitting nuclear launch codes. Or discussing troop movements.
--
There are no trails. There are no trees out here.
The whole premise of quantum encryption is that each photon is vital to the message. Saying a satellite system 'broadcasts' quantum crypto is nonsensical, as you could have multiple receivers, one of which assesses the 'polarity bit' and another that gets the 'info bit' which would render the encryption useless.
Quantum Crypto, such as it is in current theory, is purely a single point to single point system. Not to say that you can't use a satellite, but the language used to describe it needs to be chosen more carefully.
Kevin Fox
--
Kevin Fox
Just a nitpick: DES doesn't rely on any assumptions about primes at all. It assumes that no information about a key can be gathered from the ciphertext, or plaintext-ciphertexts pairs etc. (and this assumption is not always valid, BTW), and that the key is necessary to decode the message.
You probably mean RSA et al. (ie. public key encryption), which also doesn't rely on the assumption that primes are hard to find (because, in fact, they aren't), but rather that composites of two large primes are difficult to factor, or that discrete logorithms in a modular field are hard to invert.
And yes, I assume that now someone will nitpick this message.
"It's overkill, of course. But you can never have too much overkill." - Anonymous Slashdot Coward
Wrong idea. Assuming that they have successfully put a black box on the bottom of the ocean to intercept trans-Atlantic fiber signals, they are most definately not actually 'splicing' into the fiber, nor are they re-transmitting anything. The interception is an entirely passive system.
All you have to do is bend a piece of fiber slightly - just enough to slightly alter the reflection properties of the cladding. A small percentage of the light will be refracted out of the glass, allowing whomever to intercept it and read the signals.
The only thing that the receiving end will notice is a slight increase in the dB loss. They may notice if they've already established a baseline, but in a trans-oceanic fiber, there are too many things that can degrade the capability of a fiber. A few extra dB loss wouldn't be a worry.
JJ
http://www.4thestate.co.uk/cipherchallenge/
The book has a good summary of Quantum Encryption, among other goodies.
Well, ok, the Subject has nothing to do with what I'm about to say... but I must say... I do feel for the rabbit.
As CmdrTaco always says, if they put it in our hands, someone will find a way to open it up. The same technology used to create the cryptography will be used to tear it down.
Luckily, human error is in our favor, and not of those wishing to keep the data hidden. It takes but one oversight to bring an entire empire down.
So the numbers get larger, the data gets crazy and all the slide rules in the world can't help you now. Its like those damn kids won't let us have the cereal. Who are they? What is just one bowl for one rabbit...
Of course, before ou know it, many rabbits are getting many bowls and the cereal factory closes down. So they would want us to believe! The truth is, many rabbits simply choose to purchase their own box of cereal... it is much simpler then fighting 3 or 4 of those brats on a dailey basis.
So in the end... those who want cereal will get it one way or another... eventually the majority will move onto something better like carrots and coffee.
"You should always go to other people's funerals; otherwise, they won't come to yours." -- Yogi Berra
It's (relatively) easy to send photons in a certain quantum state, which will then be decoded.
It's really freaking hard to get those quantum states to do computations for you. Note that the biggest quantum calculation they've done to date, last I knew, was 4 bits.
Just because they're both "quantum" doesn't mean that the technologies are related.
--
Win dain a lotica, en vai tu ri silota
It's 100% unbreakable and available without any high tech satellites.
Want Root?
So, how do you broadcast a single photon everywhere? That's the key. If you send the message everywhere, you are obviously not sending single photons. If you can send a single photon reliably from point a to point b, you have figured out how to make sure it doesn't get lost in between.
... ) are particles fundamental.(Bohmian quantum mechanics is a quasi-exception.)
Though it is too late for this response to make any difference, I'll waste my breath.
Quantum mechanically, a photon is an eigenmode of Maxwell's equations for the system under consideration. A photon is commonly thought of as a localized particle of light. It is not. It is most analogous to a wave (a plane wave is an eigenmode of free space; in a complicated system, the eigenmodes are less straightforeward).
A photon is not localized. A superposition of photons may be localized. Such a superposition is best called a wave packet; it is not strictly a photon though.
Confusion over this is why very few people can actually make sense of quantum mechanics, especially if explained without mathematics (all that non-sensical jibber-jabber about wave-particle duality with bad philosophy thrown in for good measure).
At no point in any quantum mechanical formalism I've seen (Hamiltonian-based, Lagrangian-based, Heisenberg matrix mechanics, Schrodinger wave mechanics, Feynman path integrals, relativistic field theory,
Quantum mechanics is about waves (or more precisely eigenmodes of the Hamiltonian). Superpositions of waves makes particle-like excitations.
So, you can send a single photon everywhere. For a quick example, think of the two slit experiment. It still works when the photons pass through the system one at a time (this has been experiementally demonstrated). Thus, one photon passes through both slits and interferes with itself on the other side.
If photons were localized, as you seem to think, the two slit experiement would fail.
However, producing a single photon is not simple. Devices like lasers will produce a spectrum of photons with a certain narrow energy spread and a certain narrow angular spread. Such superposition of photons will be localized in space and are what people often call photons or particles of light. The probability of detecting such a wave packet in two widely separated places is negligible.
However, other devices (like say an antenna) produce wave packets which are not localized.
And in response to another post:
The reason that quantam[sic] encryption isn't used everywehere, is that it's so darn hard to detect the spin of single photons.
Detecting the spin a stream of photons is much easier than you think. Photon spin and photon polarization are closely related (photon spin is a different set of basis vectors to express photon polarization). Detecting photon polarization is trivial (sunglasses anyone?). Detecting a single photon's polarization with a bit error rate low enough to be usable over long distances is more challenging but not impossible (especially if you are just doing key exchange).
Yes, I have a Ph.D. and quantum electronics is my day job.
Kevin
Take a look at <A href="http://www.counterpane.com/crypto-gram-0103. html#6">the March Crypto-Gram</A>, where Bruce Schneier comments on the practicality of this.
if Eve not only controls all the communication of Alice to Bob, but from Bob back to Alice. So you still have the problem of authenticating Alice & Bob to each other.
If you've got an authenticated channel between Bob & Alice though (not necessarily encrypted, just authenticated), then this sounds pretty cool.
It'll be the end of the DirecTV pirates, anyway.
Highly doubtful. First, you would have to replace every cable box and dish to handle getting the qbits (I'm assuming that normal cable dishs cannot handle doing this, which seems highly likely). Not to mention launching new sattelites, which would be even more expensive (especially because then you esentially throw away your investment in the previous generation of sats).
Secondly, you would need some 'normal' hardware to actually encrypt the video stream once you've exchanged a key. People have had great sucess breaking this stuff in (IIRC) Europe. Good tamper-resistant hardware is hard to do, and expensive to boot. Also, even if the key exchange itself is unspoofable and untappable, you can always try to get the key out of the normal silocon that it's stored in afterwards.
Of course there's always the usual hardware hacks, like pulling the video/audio after it's decoded directly from the chips into some specialized hardware which then dumps it into a PC. Messy and hard to do, but possible.
Quantum Cryptography is nice, and certainly very interesting, but rarely are social problems solved by technological means alone. The DirecTV guys, and others, might have to works a little harder, but it seems highly unlikey that DirecTV, or whatever, would become un-copyable. I say this because nobody has ever managed to make anything uncopyable (and semi-usable at the same time), despite any number of grand claims to the contrary.
Why do you need a 0% error rate? Read some basic information theory eg. do a web search on Shannon, Information. Any channel, no matter how noisy (assuming independence of the noise - valid in this case), can be converted to a channel with error rate approaching any rate you so desire by suitable use of error correcting codes.
--
-- SIGFPE
You're clever knowing the names of all those famous scientists. It's also very astute of you to observe that the universe is still here. Do you, mayhap, have a contribution to the subject of quantum encryption?
--
-- SIGFPE
There is a basic result in quantum mechanics called the "No Clone Theorem". It says that there is no device that can be guaranteed duplicate the quantum state of a physical system - even a simple one like the spin of a single electron. (Naively you can think of the problem as being that attempting to clone the state involves interfering with it and hence you risk modifying it - but it goes deeper than that.) The "No Clone Theorem" follows almost trivially from the basic axioms of Quantum Mechanics so that if this is violated then we have a major physics paradigm shift on our hands. Quantum encryption merely exploits the No Clone Theorem.
--
-- SIGFPE
Doing it with a laser over 10km of desert is new. If you can do that then doing it with a satellite seems within reach. So this is fairly significant work.
--
-- SIGFPE
Ok. So it's fine to authenticate the source of the transmission, assuming that you only care about the last machine to touch the transmission, but when the transmission passes through multiple machines you can't prove the original source from the data received at the destination. All you can do is hope all the previous connections are trustworthy.
Now how many people here work with a technology that has NO store and forward capability?
No Zen is good zen
It was previously posted as a reply to another article about why this can or can not work. In a nutshell, it's extremely difficult to splice into a fiber optic cable, and even if you do manage to do it you'll likely create a very small "echo" in the cable that either of the original endpoints would be capable of detecting.
I/O Error G-17: Aborting Installation
Sounds pretty slick, but wouldn't it still be vulnerable if "bob" or "alice" (from the example in the story) left their computer (or other communication device) where other people had access to it?
** The opinions expressed here are my own, and do not reflect those of my employers - past, present, or future**
besides, :)
the idea of this cryptothing is not so much to encrypt things in a way that only a few person will be able to decrypt it, but to detect when somebody else is listening...
it is not a copy protection or an encryption scheme that is offered here (despite the misleading introduction), but a garantee of privacy. you have a conversation with a remote host, and you are garanteed noone else heard what was said. now if someone could hear it, well too bad.. maybe he will be able to decrypt what you said. the facct is, you will be aware of it. So, then about the encryption stuff.. it's about the same problem it was before.. the new thing is just that when you send your dynamic key to the host, you can be sure only it have the key you sent, if you are warned "somebody was listening". you can change the key and again and again until the key is exchanged without anybody else listening.
so you could very easily dos it
(just by listening all the time)
Anyway, you don't have a better brute force cracking protection than before, you are just making sure that brute force cracking is the only way they can get the key...
Also, to get (just) sure of that is so hard and painful I don't think it will be aplicable yet to point->many points (Direct TV) Anyway... it's possible I just didn't understand the whole process (very possible)
Then win2k shit, and I started over.. must of left that out.
I think that the OTP file would be just as vunerable as your private key, because, after all, it is stored on your computer, that's subject to theft/social engineering.
But for people who you can trust (friends) - and are competent, do you think this method would work?
I'm writing a program that does, and just wondering about how good something like this would be.
The slashdot 2 minute between postings limit: /.'ers since Spring 2001.
Pissing off coffee drinking
1q2w3e4r5t6y7u8i9o0pqawsedrftgthyjukilo;p'azsxdcf
I'm not talking about simple XOR, where every character is changed by a single amount (which can be solved by running a loop 256 times), but one where each character is modified by a different value, based on a "one time pad" file.
i.e.
Bob, lets kill Joe tonight (message)
a4g6uk98hgdwegfh6532d7ih44 (key, also includes high ascii values which are not here because of the lameness filter)
gregjlghrtg095gjr234fsasdf (result, also high ascii)
I'm assuming, that without the key (or a way to duplicate it), that the message would be "unbreakable", because without knowing the key, there is no real way to decrypt the message - Sure, you can try every possible combination, and even filter out results that don't make sense (or aren't in a dictionary), but there are still thousands of
a four letter word could be
"four"
"kill"
"hell"
"fuck"
"HTML"
"idea"
"hack"
"shit"
"book"
"unix"
"1337"
"them"
"blow"
" bob"
"b ob"
"bob "
etc...
It would seem that the same restrictions apply
PGP users have to keep their private key safe, just as users of this method would have to keep their "key disk" safe.
I belive PGP can be broken with enough time / effort, as could this method, but I belive that there would be a shitload more garbage for people to sort through using this method. Besides, I'm sure that the NSA has some way of reading PGP / whatever encrypted messages already. Seriously, the stealth bomber was designed in 1970, and although it's not the "best of the best", it is still considered an acheivement today, they have some pretty nifty shit somewhere.
The advantages I see to encryption like this are:
- Keydisks can be physically destroyed quickly. Stuff on HDD's tend to stay there, you smash a CD, it breaks into several hundred pieces, tends not to be put back together.
- A message could be one of thousands of the possibilities, and without the key, it would be unknown which one was actually correct. I'm sure you'll get some great works of literature (i.e. monkeys writing shakespeare) popping out.
- With some additional ambiguity, such as codenames, possible translations of the message, padding the message with garbage values, a constant message size, bad spelling, personally giving the disk to the receipient (business card CD's would be perfect for this, although the 8cm ones look a lot cooler for this), etc.... it would seem that this system would be VERY secure.
Of course, there would be no way to prove that you didn't write "bob, lets kill the president tomorow" without handing over the key.
If anyone can help me out / unconfuse me, it would be great... Suggesting some good sources would be great too.
Thanks.
The slashdot 2 minute between postings limit: /.'ers since Spring 2001.
Pissing off coffee drinking
1q2w3e4r5t6y7u8i9o0pqawsedrftgthyjukilo;p'azsxdcf
The communication doesn't have to travel via satellite. The satellite is just used to exchange keys.
Or, in other words, this solves the same problem as RSA and D-H key exchange techniques. Once both sides have agreed on keys, you could use carrier pigeons for the actual excrypted data transmission.
b&
All but God can prove this sentence true.
DW: I never cared much for the term "uncrackable", it seems a bit too much like "unsinkable".
Brigadier: What's wrong with "unsinkable"?
DW: "Nothing," said the iceberg to the Titanic [glug glug glug]
Well, your fingers weave quick minarets; Speak in secret alphabets;
std::disclaimer<std::legalese> sig=new std::disclaimer; sig->dump(); delete sig;
There are two big problems I have with this "new" technology.
1) It isn't anywhere near feasible for common use, nor cheap enough.
2) We already have "pretty good privacy". It's not the best, but it is sufficient and now we need to work on the next big step: securing both ends.
I think we've pretty much covered the encryption news to death and left out some of the big stuff, the compromising of a machine on either end of the communication.
What good does a secure method of communication do when the website you are dealing with stores your credit card info in clear text databases on machines 4 different crackers have access too?
What good is securing a transmission with a customer when their Windows box is already compromised by a Subseven server?
I guess what my biggest beef with secure communication overkill like this is that we've already determined it is possible to secure a transmission. We haven't determined how to properly secure both the client and the server.
Shrodinger's cat, Meow
plus 128 more cats
now we meow secure.
~
methinks I remember an unbreakable cryptosystem, also via satellite. This piece does not mention Professor Rabin.
~
Once you've compared the test results, you can positively identify what photons have and have not been tampered with along the way - you pull out only those which have not been tampered with and use their values to build a key.
This gives you a secure key exchange protocol that guarantees the key has not been intercepted or compromised. Then you can engage in encrypted communications on ANY other medium.
There are a thousand forms of subversion, but few can equal the convenience and immediacy of a cream pie -Noel Godin
The trouble that occurs to me is that if you're using the tech onboard a satellite to handle key exchange you have to trust the people who admin the satellites. That's fine if you're the pentagon or some big corp. which can buy its own satellite, but its true that doesn't help the little guy.
I'm not an expert on optics tech. but I think if photons can be sent down a glass fiber reliably they should also be able to be bounced off a satellite reliably. I mean bouced off its reflective surface, not transmitted to any gear on board.
Anyone ever seen or heard some amature astronomy geeks finding lunar lander remains and bouncing lasers off the reflective foil for fun? Well imagine that with a few hundred dollars in amateur astronomy gear you could set up a completely secure key exchange by bouncy a laser off floating space junk to your buddy half-way round the world ( of course curvature of the earth comes into play for lines of site to whatever satellite you choose ).
There are a thousand forms of subversion, but few can equal the convenience and immediacy of a cream pie -Noel Godin
But, given that they have got some technique that can read information being sent and not leave this "echo", the quantum testing method should still be able to positively identify that someone is siphoning out photons, or intercepting and replacing them.
There are a thousand forms of subversion, but few can equal the convenience and immediacy of a cream pie -Noel Godin
It would be funny if the latest thing in crypto was able to catch the NSA with their pants down.
There are a thousand forms of subversion, but few can equal the convenience and immediacy of a cream pie -Noel Godin
Yet one more reason to procure an aluminum foil deflector beanie; when the aliens, thinking they're helping, begin transmitting quantum-encrypted mind control beams to counteract those of the military-industrial complex, if we don't have adequate protection we'll all go into convulsions, frothing at the mouth as our brains are overwhelmed by gibberish instructions. Society will end as we know it and the forces behind black helicopters and Jimmy Hoffa's unexplained disappearance will emerge from their hiding places to take over the world!
Protect yourself now!
MacOS, Windows, BeOS, GNOME, KDE: they're all just Xerox copies
Eve, an eavesdropper listening to their conversation, requires Alice's original string of photons in order to make head or tail of this exchange.
But what about if Eve also intercepts the "agreement" photon string and compares it to the ones she has sampled? She would be able to reconstruct the key, although she never really sampled it and thus violated QM principles.
Should Eve adopt the so-called "bucket-brigade" strategy--to intercept and resend photons as quickly as she can--she will still give her presence away. The uncertainty principle dictates that Eve cannot copy Alice's photons exactly.
She can't copy them *exactly*, but to a very good degree limited by the specifications of her equipment. She will never be able to copy them 100%, but 99.99999999999% is very possible and very legal under QM rules. So, for example, if Eve was using a very sophisticated method of reading and sending photons, and Alice and Bob's method was only slightly less sophisticated, Eve would be able to succesfully crack the communication by fooling the two into thinking the photons were authentic, when in reality they differed only slightly by an unmeasurable amount, and thus for all intents and purposes were logically the same, but not physically identical. In order to really tell one photon from another, you have to have a measurable wide margin. When they get so close together that each seems as if they are the same, for our purposes they are the same. You'd have to have infinite (uncertainty principle impossibility) resolution in order to tell two very similiar photons apart. So the same very secure "law" is actually a two-edged sword.
Just because it's impossible to "directly" crack a communication doesn't mean its not uncrackable and quantum laws of the universe can't save it either. It doesn't take into considerations things like equipment sensitivity, and other real world things like that which go beyond how it would ideally work, or how it would work on paper. Heck, if someone really wanted the information, they could kidnap and force the people to admit it. That's crackable as far as I'm concerned, which leads me to my next point: if it's written down, known by someone, or even happened, there are always was of "cracking" the secrecy.
"I'll just chip in a bit for RedHat: I actually have that installed on my university machine." - Linus, '95
But what is the practical usefulness of this outside of the military?
Dancin Santa
The reason that quantam encryption isn't used everywehere, is that it's so darn hard to detect the spin of single photons. I think it's extremley unlikley that they have figured out how to discern the spin of a stream of photons, over 10 kilomiters, with a 0% error rate (otherwise you've got a bad encryption key) when it can barely be done over inches. That being said, it's still only a secure (YES, 100% Unbreakable, unless you feel like violating the laws of phyisics) method of exchanging encryption keys, but once exchanged, the data is still vulnerable to brute force cracking, like distributed.net.
The (Hopefully) Great Slashdot Blackout Apr 21-27
when aliens finally do intercept our transmissions they will think we all speak giberish.
Simon Singh's "The Code Book" is very accessable to non-mathemeticians, and has an excellent chapter on quantum crypto.
The short answer: Eve can't intercept the stream and re-create it verbatim because Eve doesn't know what measurements to make, and the results of the measurements depends on how they are performed. Eve can measure and reproduce the results for one set of measurements, but if those aren't the same ones made by Alice then the photons Eve reproduces for Bob will look bogus. This all keys on the fact that the measurement of the polarization of a photon between the 0/90 axis and the -45/+45 axis is not correlated.
--
Scientists restrict study to entire physical universe; creationist
The message itself you may as well publish on the web.
While this kind of quantum cryptograhy has been around for awhile, the article is correct in stating that such expiraments have only been done across wires until this point. The really neat thing about this is that it really is safe. These technologies do not rely on security through obscurity in any way. The key is sent quantumly, and cannot be intercepted without breaking the quantum entanglement of the particles. Once a secure key has been transmitted, it does need to be protected within the software, but that is much easier than protecting is as it flies through the air. The security of the key as it is transmitted is protected by the laws of physics, which is what makes this so secure. While there is no silver bullet to the problem at hand, this solves fundamental problem of keys being sniffed during transit without anyone knowing. From here there are a lot of other problems to solve, but its a big step toward secure transmissions in the open.
Windows is more convenient than Linux just as having an ingrown toenail is more convenient than seeing a podiatrist.