Slashdot Mirror
Quantum Cryptography In Action
Whitney Wyatt writes: "Discover magazine outlines the first successful laser photon communication utilizing Quantum Cryptography. Called 'Perfect Encryption,' quantum encryption sends the key with the message, however it is impossible for an eavesdropper to intercept the message without changing it. One can only wonder what the FBI will do."
This stuff is getting pretty heavy, but it seems the technology to break this type of cryptography is already in early stages of research. Check out this New Scientist article.
It seems to me that, if this article is correct, the advancement of this form of cryptography is probably no more "unbreakable" than the Titanic was unsinkable. The point is only to make it so that an eavesdropper gives away their presence by intercepting (and thereby destroying) some of the key.
IIRC, most quantum schemes contemplate "quantum" transmission (i.e. single photon encoded information) on for the key, while the actual encrypted message is still transmitted through normal means (which would allow for error correction, faster transmission, communications robustness etc.) So, the actual message is still interceptable, and therefore still susceptible to a brute-force attack.
Sure, you might not be able to get realtime intelligence the way the Allies did in WWII, or we did in the Cold War (thanks to tapping into unencrypted underwater cables), but you can still decypher messages given enough time and computing power.
Thus, I repeat, the scheme contemplated here, if I understand it correctly, is no more "unbreakable" than the Titanic was "unsinkable."
automan(dc)
no sig is good sig.
I'm a lawyer with excellent karma. Something's gotta be wrong.
With a one-time pad. Like he just said.
Say you have 1kb you need to encrypt.
You generate a 1kb key, and do a simple XOR.
Then you take the key, and the resulting 'encrypted' file, and send them on their merry way. Only when the two are placed together can the original data be recovered.
So as long as nobody obtains the original key, the data is uncrackable. You can't brute force it, because the keyspace is the size of the data itself. Brute forcing it would simply mean generating every single combination of 1k data fields and guessing which one was the original.
Make sense?
- Disguise the length of a message
- Hide the fact that a message has been sent
Both are very important.You have to get the key safely to the other side, and since the key is the same size as the data, if you have a way to securly send the key, why not just send the data itself?
"Your superior intellect is no match for our puny weapons!"
Quantum cryptography is a "key-growing" technology. The problem with quantum cryptography is that all scenarios begin with, "Given an authenticated connection." Well, in cryptography, the problem has almost always mandated authentication solutions, not key-growing solutions.
If I can hand someone a secret key that will let us authenticate with each other, then I can just as easily hand them a dvd full of random data for perfect one-time-pad encryption of our communication. Any solution without authentication is no better than the original problem, because authentication reduces to the original problem of getting some secret information from one person to the other.
To understand the problem, imagine this scenario. Alice wants to connect to Bob, so Alice establishes a quantum cryptographically secure connection with Bob. Wonderful, but what if Eve is sitting in the middle, and from the very beginning of the connection, Alice ACTUALLY establishes a quantum cryptographically secure connection with Eve, and then Eve establishes a quantum cryptographically secure connection with Bob. How do they know the difference? They can't, because individual photons are by the laws of quantum mechanics indistinguishable. There's no "signature" by which they can know who they're really talking to.
All quantum cryptography does, is tell you when someone begins evesdropping on a connection that has previously been secure. There will be applications for such a means of secure communication, but without resolving the classic man-in-the-middle attack, quantum cryptography cannot be applied to the bulk of cryptography uses.
The algorithm has nothing to do with the transmition medium.
If you want to make a One Time Pad that's long enough, you are free to disguise the length of a message by padding your text with 0s. This is essentially "wasting" your pad, but if you're really concerned about the length of your message being revealed, you are free to obscure it and make it seem artificially larger. (You can't make it artificially smaller, unless you somehow compress your message before you encrypt it.)
And you can hide the fact that a message has been sent by using any steganographic method you chose. Just as you can with any other encryption algorithm.
Don't confuse the algorithm with the transmition medium.
Education is the silver bullet.