Slashdot Mirror
Quantum Cryptography In Action
Whitney Wyatt writes: "Discover magazine outlines the first successful laser photon communication utilizing Quantum Cryptography. Called 'Perfect Encryption,' quantum encryption sends the key with the message, however it is impossible for an eavesdropper to intercept the message without changing it. One can only wonder what the FBI will do."
This stuff is getting pretty heavy, but it seems the technology to break this type of cryptography is already in early stages of research. Check out this New Scientist article.
Not necessarily. The basis of quantum physics is that once a particle has been measured its state is set, and until it is measured it is impossible to know its state (its a roll of the dice). Quantum encryption uses interference to set states and if an outsider does make a measurement of its state (up or down) the state of the particle will get set, and the interference used to make quantum encryption work, will not work correctly. It will not only yield a result that is incorrect to them unless they are at the end of the line with the key, but it will also let someone at the end know that someone is eavesdropping.
What this means is that the message can only be read once, not that the message is impossible to decrypt. The government still has the same job it's always had.
Plus the distances involved are microscopic. For this to matter much to the government the single quanta of data has to last long enough to travel a significant distance.
It seems to me that, if this article is correct, the advancement of this form of cryptography is probably no more "unbreakable" than the Titanic was unsinkable. The point is only to make it so that an eavesdropper gives away their presence by intercepting (and thereby destroying) some of the key.
IIRC, most quantum schemes contemplate "quantum" transmission (i.e. single photon encoded information) on for the key, while the actual encrypted message is still transmitted through normal means (which would allow for error correction, faster transmission, communications robustness etc.) So, the actual message is still interceptable, and therefore still susceptible to a brute-force attack.
Sure, you might not be able to get realtime intelligence the way the Allies did in WWII, or we did in the Cold War (thanks to tapping into unencrypted underwater cables), but you can still decypher messages given enough time and computing power.
Thus, I repeat, the scheme contemplated here, if I understand it correctly, is no more "unbreakable" than the Titanic was "unsinkable."
automan(dc)
no sig is good sig.
I'm a lawyer with excellent karma. Something's gotta be wrong.
With a one-time pad. Like he just said.
Say you have 1kb you need to encrypt.
You generate a 1kb key, and do a simple XOR.
Then you take the key, and the resulting 'encrypted' file, and send them on their merry way. Only when the two are placed together can the original data be recovered.
So as long as nobody obtains the original key, the data is uncrackable. You can't brute force it, because the keyspace is the size of the data itself. Brute forcing it would simply mean generating every single combination of 1k data fields and guessing which one was the original.
Make sense?
- Disguise the length of a message
- Hide the fact that a message has been sent
Both are very important.That means WITHOUT FIBRE
Which means you dont need to dig holes and most of the assumptions of the poster are invalidated.
Read the article first people.
All bow to his Noodliness!! His Noodle Appendage has touched me!
You can still make the key the same length as the message, and use it as a one-time pad. So first you send the key (which is just random data), and if it's compromised on the way, you know it (that's the only real benefit of quantum "cryptography", that it cannot be intercepted without being noticable) and don't use it. If the key gets transmitted without interception, then you encode your message with it and send it using any means you want. There's no brute force against a one-time pad. The transmission is secure. The only problems are 1) practicality (cost, range, etc) and 2) out of scope attacks (so they can't get the message while it's in the air. Instead they wait till you decrypt it and then make you reveal it at gunpoint, or more likely just wait for you to email it to someone else, or store it on your computer with the password of "secret").
Visit me on #weirdness on the Galaxynet.
You have to get the key safely to the other side, and since the key is the same size as the data, if you have a way to securly send the key, why not just send the data itself?
"Your superior intellect is no match for our puny weapons!"
Quantum cryptography is a "key-growing" technology. The problem with quantum cryptography is that all scenarios begin with, "Given an authenticated connection." Well, in cryptography, the problem has almost always mandated authentication solutions, not key-growing solutions.
If I can hand someone a secret key that will let us authenticate with each other, then I can just as easily hand them a dvd full of random data for perfect one-time-pad encryption of our communication. Any solution without authentication is no better than the original problem, because authentication reduces to the original problem of getting some secret information from one person to the other.
To understand the problem, imagine this scenario. Alice wants to connect to Bob, so Alice establishes a quantum cryptographically secure connection with Bob. Wonderful, but what if Eve is sitting in the middle, and from the very beginning of the connection, Alice ACTUALLY establishes a quantum cryptographically secure connection with Eve, and then Eve establishes a quantum cryptographically secure connection with Bob. How do they know the difference? They can't, because individual photons are by the laws of quantum mechanics indistinguishable. There's no "signature" by which they can know who they're really talking to.
All quantum cryptography does, is tell you when someone begins evesdropping on a connection that has previously been secure. There will be applications for such a means of secure communication, but without resolving the classic man-in-the-middle attack, quantum cryptography cannot be applied to the bulk of cryptography uses.
At the time being, you are right. But you are wrong if you say that "quantum crypto only works over single lengths of fibre"... There exist proposals for quantum repeaters (see here), and it has been shown that the very techniques used for the repeaters can be used for cryptographic tasks (see here).
The algorithm has nothing to do with the transmition medium.
If you want to make a One Time Pad that's long enough, you are free to disguise the length of a message by padding your text with 0s. This is essentially "wasting" your pad, but if you're really concerned about the length of your message being revealed, you are free to obscure it and make it seem artificially larger. (You can't make it artificially smaller, unless you somehow compress your message before you encrypt it.)
And you can hide the fact that a message has been sent by using any steganographic method you chose. Just as you can with any other encryption algorithm.
Don't confuse the algorithm with the transmition medium.
Education is the silver bullet.