Slashdot Mirror
Quantum Cryptography In Action
Whitney Wyatt writes: "Discover magazine outlines the first successful laser photon communication utilizing Quantum Cryptography. Called 'Perfect Encryption,' quantum encryption sends the key with the message, however it is impossible for an eavesdropper to intercept the message without changing it. One can only wonder what the FBI will do."
One can only wonder what the FBI will do.
Why, outlaw quantum mechanics, of course!
Quando Omni Flunkus Moritati
Could states outlaw this?
Or is this so complicated that only states and not criminal indivduals can use it?
Martin
They'll simply declare that, like plutonium and surface-to-air-missiles, it's something that they can't abide the public owning, and will outlaw it. What else could they do?
This stuff is getting pretty heavy, but it seems the technology to break this type of cryptography is already in early stages of research. Check out this New Scientist article.
It's an interesting article that outlines many of the considerations and hurdles one encounters in this field, but there's no breakthrough here. We haven't had a breakthrough since December, 2000 when researchers at UCSB built their latest prototype capable of consistently detecting such photons. We're bound to make some more breakthroughs soon, it's premature to say we already have recently.
If you're still not clear on the whole quantum cryptography deal, idquantique.com has a good introduction (pdf, of course).
Guys, this isn't something that will be showing up in our homes - or even large corporate offices - for years. Decades, maybe. Once this moves out of Los Alamos and into what I will call, for want of a better term, the "real world", there may be export restrictions on this, just as with PGP. That's all, I'll bet. And for now, I doubt there will be *any* legistlation.
I'm the stranger...posting to
...and has so for the past 2000 years.
It's called a one-time pad.
So, before everybody and their brother starts talking about how the NSA can already break this, remember that you can, quite easily, build a 'uncrackable' cypher.
And it'll never be breakable, provided you take some sort of security measures. But if you're paranoid, you already do most of those.
Sorry, this is just a preemptive strike against 'the government can monitor my thoughts" crowd.
Back to your normal high S/N ratio.
What this means is that the message can only be read once, not that the message is impossible to decrypt. The government still has the same job it's always had.
Plus the distances involved are microscopic. For this to matter much to the government the single quanta of data has to last long enough to travel a significant distance.
Sorry to bring bad news, but quantum cryptography is unlikely to become available to the likes of us. The reason:
Alice and Bob have a length of optical fibre running between them, and are using quantum cryptography. Eve attempts to evesdrop, but is unable to do so without changing the information in the signal (polarisation etc). Eve is foiled. Hurrah!
Now imagine that Alice and Bob are mere mortals and get to use the phone network like the rest of us.
The system they use is a standard fibre & router system, but the actual fibre is encrypted. What is Eve to do?
Answer: She installs a tap on the repeater, because quantum crypto only works over single lengths of fibre.
As if by magic quantum cryptography only becomes useful to people who get to dig holes in the road, such as phone companies, big business and the government. We little people don't even get to play the game.
Not necessarily. The basis of quantum physics is that once a particle has been measured its state is set, and until it is measured it is impossible to know its state (its a roll of the dice). Quantum encryption uses interference to set states and if an outsider does make a measurement of its state (up or down) the state of the particle will get set, and the interference used to make quantum encryption work, will not work correctly. It will not only yield a result that is incorrect to them unless they are at the end of the line with the key, but it will also let someone at the end know that someone is eavesdropping.
We have always had "uncrackable" codes. Any key-based cipher that uses truly random keys that are used exactly once is unbreakable. This is a so-called "one-time pad." So long as they keys are kept secret and the keys are truly random, and each key is used exactly once, there is no way to break the cipher. The nuclear "go" codes are one-time pads. It is a perfect crypto system. The cipher doesn't even have to be particularly strong. Why? Because the key is random and used only once, and given ciphertext can be tried a given key resulting in a given clear text. Since the key was truly random, there is no way to know which "clear text" is correct.
For example, assume the cipher text is "TTYM". You try one candidate key and the clear text is "KILL". You try another and the clear text is "LIVE". There is no way to know which is correct, or if either one is correct.
If the key is used twice, suddenly you are not perfectly secure. If a given candidate key results in the first message clear text of "LIVE" and a second message using the same key decrypts as "GRBL", you probably have the wrong key. If, however, you get "KILL" and "SHIP", you have a more probable correct key. The more messages sent with the key, the more likely the recovery by an attacker (that is to say, the more confidence the attacker will have that a candidate key is correct). The only issue is key management. In fact, key management is the big issue with any crypto system.
Quantum cryptography merely offers an easier to use and manage "perfect" crypto system than a one-time pad. It isn't one whit more secure.
But the rules of physics changed often during the centuries. Couldnt it happen again. Someone could come up with something much more sophisticated then quantum mechanics, a new model wich would allow to crack quantum mechanics. The end of physics isnt here yet.
Martin
We all know deep down that the big concern is he-who-is-not-to-be-named, namely Osama bin Laden. The thing is though, that it's not likely that he will get his hands on this laser-o-doom. Even if he did, he couldn't likely use it, as it probably requires a direct line of sight. Fiber uses the principle of total internal reflection to transmit light, but this reflection causes some of the light to polarize, changing the quantum state and making the data invalid. So as of now, I think this is only for ./'ers edification.
I'm the Devil the Windows users warned you about.
I haven't read the article yet (FWIW,) but I am pretty sure that it is impossible to replay the message, because to be able to replay it something has to "look" at it, and if it's "looked" at, you've affected it, so what you're "seeing" is not what you need to replay. It's the basic Hiesenberg principles at work. Ok, going to read the article now to see if it provides any deep insight into how *anyone* is supposed to read these. :)
QC is an extension of One Time Pads - it makes OTP practical and fast. Search google for Quantum Cryptography, and you'll see.
And it'll never be breakable, provided you take some sort of security measures. But if you're paranoid, you already do most of those.
You say it will *never* be breakable if you take some sort of security measures. Never's a pretty tough thing to prove. OK, which measures should you take? How do you know that 1000 years from now, someone will not have perfected time travel and invisibility... how do you know that someone is not standing over your shoulder while you are locked in a lead-lined vault deep inside Mt. Everest as you key in the pad? If you kill yourself after making the pad, how do you know the inflitrator does not have the technology to reconstruct your memories from your brain tissue? The one time pad being perfect "forever" is a bunch of crap. "For now" I can deal with, but not "forever"... which makes it just like most cryptography.
So how does the intended recipient get the message without changing it?
Click here or here.
I'm going to respond to my own question with a possible solution.
After reading one of the more detailed articles linked to the original, I think one solution is to agree as a matter of protocol that the receiver's report will consist of photons all polarized in a specific direction.
The sender sends some random data to the receiver using photon polarization. The receiver randomly chooses polarizations and reports back to the sender its list of choices without polarizing (or using a consistent polarization). The sender then tells it which choices were correct (once again without polarization). At this point all subsequent data could be sent polarized using the bit pattern from the correctly chosen photons to determine the polarization pattern.
My Company
Quantum crypto allows Allice to send a one time pad to Bob and determine if it was intercepted or not. If it is intercepted then Allice discards the pad and tries again. Otherwise Allice uses the pad to encrypt the message and uses conventional means to transmit it. If someone intercepts the pad, then the message is never sent so there's nothing to cryptanalyze. Otherwise they have a message but no pad. Cryptanalysis of a message encrypted with a one time pad is mathematically impossible.
The distance issue is the main problem with this technology but progress is being made on that front and I'm sure it will only be a matter of time before it is solved.
The problem with this is that you need to know in which direction it was polarized when you first receive the photon. If you guess incorrectly, then you've lost the information in that photon. Since it's possible to incorrectly guess 50% of the time, you could lose up to 50% of the transmission. It's like having to intercept a message by guessing in advance every word in the message.
No, that's not a problem. The reason is that you know the possible spin states ahead of time. You choose one of two possible vectors to measure along, then you tell the sender what your choice was and he can compute the same answer you got.
The real problem with quantum encryption is that it doesn't have any significant advantage over conventional encryption.
-a
-a
How to rationalize theft.
That means WITHOUT FIBRE
Which means you dont need to dig holes and most of the assumptions of the poster are invalidated.
Read the article first people.
All bow to his Noodliness!! His Noodle Appendage has touched me!
Quantum cryptography addresses this problem by creating a secure communication channel that is detected at the single-photon level. Because detection of a single photon changes it, any eavesdropper can easily be detected when unexpected results are found.
The property of the system that simultaneously makes it both secure and unfit for sending anything other than a one-time pad is that a random portion of the bits sent by the source are rendered useless. When the receiver picks an incorrect detection scheme, the results are ambiguous. The two parties compare notes on what methods they used, and then eliminate all the ambiguous bits. They can't know beforehand which ones will be thrown away. The way to check for eavesdroppers is to use an insecure channel to compare (and then throw away) a portion of the results to see if there are any discrepancies.
After the key is sent, the encoded message can be sent on an insecure channel, since both parties can be sure they have the same key. A one-time pad cipher can never be cracked because, for instance, a 1 kbit message can have any 1 kbit key as its cipher. Therefore the number of keys to check would be 2^(1024). Even after this is completed (well after the end of the world?) the decoded message is found along with every other possible 1 kbit combination. Any possible 1 kbit file can would be found among the results. This is no better than writing a program that fills memory with files that contain the numbers from 0 to 2^(1024)-1.
Some researchers are actually attacking the implementation of quantum cryptography rather than the theory. The devices used in QC actually send light down the fiber optic lines that damages the equipment on both ends resulting in predictable behavior. However, there are already safeguards developed against these type of attacks. Essentially it comes down to this question: "Is there a perfect implementation of Quantum Cryptography?"
I design user interfaces for a free network management application,
hmm... how about this?
What if a I place a device between the intended sender and receiver in such a way that it blocks the intended sender and receiver completely. I intercept a key exchange attempt from the sender and respond as any recipient would. I then have a quantum encrypted channel between myself and the sender. At the same time, I negotiate my own quantum encrypted channel between myself and the recipient. I can now receive data sent from one channel and send it to the other channel. This seems to negate the benefits of using quantum encrypted channels (unless one can somehow assure that I cannot totally block the actual transmissions between the intended sender and receiver).
I suppose some kind of authentication needs to be incorporated into this technology to ensure you're establishing a session to the correct receiver.
My Company
It is at this point, ladies and gentlemen, that communication technology stops empowering the masses, and gives the wealthy yet another tool to consolodate and defend their power.
Isn't quantum cryptography secure because Eve cannot evesdrops on the message without altering the it?
You have to get the key safely to the other side, and since the key is the same size as the data, if you have a way to securly send the key, why not just send the data itself?
"Your superior intellect is no match for our puny weapons!"
They will get it banned, if the overreaction to PGP is any indication. One has to wonder as to whether we really live in a free country, when our government insists that we use insecure communications, just so they can tap them when they wish.
Our government uses communications Joe Citizen can't tap. So should Joe Citizen have the right to use such technology for himself.
=== The price of freedom is eternal vigilance
I strongly feel that The Codebreakers should be required reading for cryptography advocates. Over and over again the weakest link in any cryptographic system, including the one-time pad has been user error. According to Kahn the NSA successfully decrypted Soviet messages encrypted with "one-time" pads that had been reused due to supply difficulties or clerical errors. They were able to accomplish this by collecting thousands of encrypted dispatches, using traffic analysis, and looking for identical cipher text that might indicate common words, names, or phrases.
Kahn credits cryptographic incompetence to a wide variety of historical disasters from the defeat of the Imperial Russian army during World War I because key officers refused to use codes, to the World War II defeat of enigma because the German Navy had their U-boats transmitting trivial messages to headquarters on a daily basis. (In fact, traffic analysis and radio direction finding efforts were probably more critical than the actual capture of an enigma machine.)
The bottom line is that creating cryptographic systems that mathematically cannot be broken using current technology and probably with any future technology is relatively trivial. Creating socio-technical systems that are resistant to cryptographic incompetence is almost impossible. Most of the focus on algorithms is missing the point when there exist a dozen algorithms that are unbreakable, but no algorithms that are not vulnerable to social engineering attacks, traffic analysis, and dictionary attacks.
I feel that this is really the primary focus of government attacks on cryptographic products, the goal is not to attack the algorithms, but to hinder the development of socio-technical systems that use cryptography effectively. Why worry about if Microsoft Office includes strong, probably unbreakable encryption algorithms, if the software uses password XOR by default for compatibility with earlier versions, the strong cryptography is incompatible with export versions, and a dictionary attack will get 50 percent of the information you want? I am less interested in whether they can create yet another unbreakable encryption system, than creating a security system that allows me to send private e-mail to co-workers who don't understand why they should get a pgp plug-in or how to use it.
The problem is: when you try one the possibilities, how do you know if it's my original plaintext or not? Was my original message "BREAD"? Was it "HELLO"? Was it "DEATH"? The answer is all of the above and none of the above. You can calculate all 2^40 possibilities, and all of them could be correct. You could use a little human intuition -- you could say "DEATH" is more probable than "999.." -- but that only goes so far. You have no reason to believe that "HELLO" is a more or less probably message than "DEATH". If you did have any of that intution, then the actual ciphertext was be literally meaningless to you (aside from its length, of course). You have *NO* way of knowing which is the actual message.
Unless you have the key. This is where quantum cryptography comes into play. Exchanging keys for Vernam ciphers is not hard, but it is impossible (literally) to do electronically and securely. If you send the key over insecured channels, then your key is insecure. If you send your key over encrypted channels, then your key is only as secure as the channel you used, which is to say not secure at all (relatively speaking, seeing as all ciphers are prone to brute-force attack, except for the Vernam cipher). By using quanta, you can tell if your key has been listened to with 1 - (0.5)^n probability, where n is the length of the key.
It always amazes me that people are still willing to spout of crap like "the Vernam cipher is crackable" or "it's prone to brute-force attacks", I guess because they've grown up with the "anything's possible, even the impossible" Hollywood drivel. The Vernam cipher, if the key is generated with a true random number generator (which does not exist, I should say, but it might some day) is uncrackable. It is mathematically provable. Each bit in the ciphertext (again, if the key is completely random) does not depend on any of the bits before or after it. So, suppose you intercept a bit of ciphertext. It is a 0. Was the original plaintext a 0 or a 1? There is a 50% chance it was a 0 and a 50% it was a 1. Tell me how you would crack this; the entire cryptoanalysis field is awaiting your answer. There is no reason a 0 a better answer than a 1; there is no reason a 1 is a better answer than a 0; there is a 0.5 probability it was a 0; there is a 0.5 probability it was a 1. Tell me: was it a 0 or a 1? Take all the computer time you need.
Quantum cryptography is a "key-growing" technology. The problem with quantum cryptography is that all scenarios begin with, "Given an authenticated connection." Well, in cryptography, the problem has almost always mandated authentication solutions, not key-growing solutions.
If I can hand someone a secret key that will let us authenticate with each other, then I can just as easily hand them a dvd full of random data for perfect one-time-pad encryption of our communication. Any solution without authentication is no better than the original problem, because authentication reduces to the original problem of getting some secret information from one person to the other.
To understand the problem, imagine this scenario. Alice wants to connect to Bob, so Alice establishes a quantum cryptographically secure connection with Bob. Wonderful, but what if Eve is sitting in the middle, and from the very beginning of the connection, Alice ACTUALLY establishes a quantum cryptographically secure connection with Eve, and then Eve establishes a quantum cryptographically secure connection with Bob. How do they know the difference? They can't, because individual photons are by the laws of quantum mechanics indistinguishable. There's no "signature" by which they can know who they're really talking to.
All quantum cryptography does, is tell you when someone begins evesdropping on a connection that has previously been secure. There will be applications for such a means of secure communication, but without resolving the classic man-in-the-middle attack, quantum cryptography cannot be applied to the bulk of cryptography uses.
Quantum cryptography is great for securing one stage of the data transmission, but it's hardly perfect. For one thing people can't interpret quantum-encrypted photon streams, and so the machinery used to decrypt the quantum stream is still vulnerable to attack, as is the rest of the path from that machine to the reader's brain, including whatever wire, RAM, or CRT that involves.
Of course the same goes on the transmitting end.
Similarly, the one-time-pad that the QC system uses to encode the photons is vulnerable to attack or reverse engineering. (Note that this isn't highly likely, but likely enough to eliminate QC from being perfect.)
All Quantum Cryptography does is make one link in the chain more secure. That's it.
Kevin Fox
That is true, but we can always tell how the universe doesn't work. I believe violation of Bell's inequality is sufficient to forbid any law of physics that would allow tapping quantum key exchanges.
Violation of Bell's inequality has been expermentally demonstrated, subject to a few caveats, which mostly boil down to having to assume that God is not maliciously manipulating our results. Of course, all of physics has to assume that, so I don't really think it is a big deal.
What is more, unlike classical cryptography, where the eavesdropper can copy the cyphertext and spend an infinite amount of time decyphering it, quantum key exchange requires that the eavesdropper have the techonology to intercept the signal right now. Quantum key exchange today is immune to future advances in technology (with the possible exception of a working time machine--but then that screws things up no matter what).
All that said, the posts above are absolutely correct in saying that there are always other weak links. This system is not immune to man-in-the middle attacks, tampering with the "trusted" equipment at either end, or social engineering. In addition, some forms of quantum key exchange are potentially vulnerable to tempest style attacks.
Quantum encryption has the very unique feature of snoop-detection. OTP by itself is a method to encrypt. But it does nothing to address detecting whether someone is reading your messages. If your message is "unbreakable", that's a good thing, but knowing that someone is listening is important for some applications. (Just as steganography is useful for some applications.)
That's what I meant. It solves the key distribution problem by allowing the key to be sent in such a way that no third party can intercept it. The basic problem with the classic one-time pad is that the pad might be intercepted and copied in transit. They take all sorts of measures to prevent this: Multiple couriers, self destructive carriers, tamper-proof packaging (so that the fact that a key has been read cannot go unnoticed), etc.
The difficulty and expense in using one-time pads is in this need to secure the sharing of the keys. If,as the article suggests (and believe me, I'm no expert in quantum crypto, nor do I claim to be one, but I do have some security and crypto knowledge), quantum cryptography provides a means to do all of this key exchange safely "in the open" as it were, it gets rid of the biggest barrier to using the technique.
I guess by first, they really mean second.
And as for worrying about what the FBI will do, I imagine that the FBI will just let the NSA (National Security Agency) do their jobs.
Sorry, normally I don't complain but sometimes I just can't help it.
int func(int a);
func((b += 3, b));
Or link Quantum Cryptography to something like abortion or stem cell research or human cloning...
_______________________________
"I'm not Conceited...I'm just a realist..."
Paul.
You are lost in a twisty maze of little standards, all different.
http://www.discover.com/may_02/feattech.html
The link supplied in the slashdot write-up requires Javascript. Javascript is bad. 'K?