Quantum Cryptography In Action

Whitney Wyatt writes: "Discover magazine outlines the first successful laser photon communication utilizing Quantum Cryptography. Called 'Perfect Encryption,' quantum encryption sends the key with the message, however it is impossible for an eavesdropper to intercept the message without changing it. One can only wonder what the FBI will do."

What will they do?

[leshert]

They'll simply declare that, like plutonium and surface-to-air-missiles, it's something that they can't abide the public owning, and will outlaw it. What else could they do?

Re:What will they do?

[56ker]

Why then were high-level cryptographic programs prohibited from export from the U.S and still are to certain countries they don't like? It was banned from export because it was classed as a weapon. The USA don't want to go to war with someone they can't eavesdrop on the communications of - that's what this is to prevent. Although it's not a weapon in the conventional sense - it's a defence. Look how effective the Enigma machine was for the Germans until it was broken. If the operators hadn't used easily guessible strings like HIT LER and BER LIN to encode the messages it would've taken far longer to crack it (they were told to randomise them).

Interception vs. Encryption

[Guybrush1]

What this means is that the message can only be read once, not that the message is impossible to decrypt. The government still has the same job it's always had.

Plus the distances involved are microscopic. For this to matter much to the government the single quanta of data has to last long enough to travel a significant distance.

Re:Interception vs. Encryption

[cheese_wallet]

I'm guessing you didn't read the article. They've been able to do this over a distance of 6 miles in open air. Not bad, considering this is an infancy stage.

Yeah, it means the message can only be read once. But in this case the message is the key for a one time pad encryption.

Basically this makes one time pad encryption a whole lot more secure than it was before. One time pads, I think, are the best form of encryption--but the problem has been the security of the key.

this whole photon quantum encryption deal addresses that issue in a really neat way.

Sorry, one-time pad is not perfect

[wadetemp]

And it'll never be breakable, provided you take some sort of security measures. But if you're paranoid, you already do most of those.

You say it will *never* be breakable if you take some sort of security measures. Never's a pretty tough thing to prove. OK, which measures should you take? How do you know that 1000 years from now, someone will not have perfected time travel and invisibility... how do you know that someone is not standing over your shoulder while you are locked in a lead-lined vault deep inside Mt. Everest as you key in the pad? If you kill yourself after making the pad, how do you know the inflitrator does not have the technology to reconstruct your memories from your brain tissue? The one time pad being perfect "forever" is a bunch of crap. "For now" I can deal with, but not "forever"... which makes it just like most cryptography.

key, not message

[Skavookie]

Quantum crypto allows Allice to send a one time pad to Bob and determine if it was intercepted or not. If it is intercepted then Allice discards the pad and tries again. Otherwise Allice uses the pad to encrypt the message and uses conventional means to transmit it. If someone intercepts the pad, then the message is never sent so there's nothing to cryptanalyze. Otherwise they have a message but no pad. Cryptanalysis of a message encrypted with a one time pad is mathematically impossible.

The distance issue is the main problem with this technology but progress is being made on that front and I'm sure it will only be a matter of time before it is solved.

QC is perfect, current implementations aren't

[robolemon]

The reason a one-time pad cipher isn't necessarily "perfect" is that it must be transmitted from the sender to the receiver, which brings up a Catch-22. How do I send this key while ensuring it doesn't get intercepted? Encrypt it! Hmm, a one-time pad cipher is the most secure way. Oh wait, now how do I send that key?

Quantum cryptography addresses this problem by creating a secure communication channel that is detected at the single-photon level. Because detection of a single photon changes it, any eavesdropper can easily be detected when unexpected results are found.

The property of the system that simultaneously makes it both secure and unfit for sending anything other than a one-time pad is that a random portion of the bits sent by the source are rendered useless. When the receiver picks an incorrect detection scheme, the results are ambiguous. The two parties compare notes on what methods they used, and then eliminate all the ambiguous bits. They can't know beforehand which ones will be thrown away. The way to check for eavesdroppers is to use an insecure channel to compare (and then throw away) a portion of the results to see if there are any discrepancies.

After the key is sent, the encoded message can be sent on an insecure channel, since both parties can be sure they have the same key. A one-time pad cipher can never be cracked because, for instance, a 1 kbit message can have any 1 kbit key as its cipher. Therefore the number of keys to check would be 2^(1024). Even after this is completed (well after the end of the world?) the decoded message is found along with every other possible 1 kbit combination. Any possible 1 kbit file can would be found among the results. This is no better than writing a program that fills memory with files that contain the numbers from 0 to 2^(1024)-1.

Some researchers are actually attacking the implementation of quantum cryptography rather than the theory. The devices used in QC actually send light down the fiber optic lines that damages the equipment on both ends resulting in predictable behavior. However, there are already safeguards developed against these type of attacks. Essentially it comes down to this question: "Is there a perfect implementation of Quantum Cryptography?"

man in the middle

[changelingyahoo.com]

hmm... how about this?

What if a I place a device between the intended sender and receiver in such a way that it blocks the intended sender and receiver completely. I intercept a key exchange attempt from the sender and respond as any recipient would. I then have a quantum encrypted channel between myself and the sender. At the same time, I negotiate my own quantum encrypted channel between myself and the recipient. I can now receive data sent from one channel and send it to the other channel. This seems to negate the benefits of using quantum encrypted channels (unless one can somehow assure that I cannot totally block the actual transmissions between the intended sender and receiver).

I suppose some kind of authentication needs to be incorporated into this technology to ensure you're establishing a session to the correct receiver.

Re:Initial handshake?

That's the fundamental weakness of the system. The receiver has to tell the sender which photons were received via a conventional communications channel. While the quantum channel can not be intercepted without detection, the receiver still has to be able to communicate this to the sender via a conventional channel, and this channel is subject to a man-in-the-middle attack. So in reality, quantum cryptography is only as strong as the conventional cryptography being used to authenticate the party on the other end.