Ultrasecure Quantum Communications Over Thin Air

SlashDotIDOne writes "Well, given a hundred years at university and a few extra titles to my name, I'd be comfortable trying to summarize the article so don't take what I say at face value. Apparently British and German researchers have found a way to use quantum crypto through the air, thus allowing it to be used to communicate with satellites, etc. A very secure form since you know whether a message was intercepted, rather hard to tamper with ;). Courtesy India times and Google's new news service."

Ok..

[XyouthX]

slashdotted before the first comment..

Re:Ok..

[richie2000]

Works now. *phew* For a while there, I almost believed that someone actually wanted to read the article before posting. We have normality.

Karmawhoring:

Super-secret codes head for space AFP [ WEDNESDAY, OCTOBER 02, 2002 11:36:33 PM ]
PARIS: Quantum cryptography, a technique of producing secret messages that are reputedly uncrackable, may soon be used by orbiting communications satellites thanks to experiments by British and German researchers.

The traditional weakness of sending encoded messages is eavesdropping. Quantum cryptography gets around this by sending an encoded message and, separately, a key to decode it, which are transmitted in pulses of individual light particles called photons.

By the nature of quantum mechanics, if a single photon is intercepted en route, that changes the state of the information package as it arrives at the other end.

That is a telltale for the legitimate recipient that his message has been tampered with -- the same as if someone received a letter that had been clumsily opened and then resealed, leaving traces of glue and fingerprints on the envelope.

The problem with quantum codes, though, has been how to send messages over long distances.

Data is of course already sent by laser light down fibre-optic networks. But this technique is unsuitable for quantum cryptography, for the laser signal has to be boosted every 10 kilometers (six miles), which causes the quantum state of the key to be rearranged.

Researchers from QinetiQ, the commercial arm of the British military research agency, and from Munich's Ludwig-Maximilian University say they have now demonstrated that it is possible to send a quantum-encoded message through the air.

Reporting in Thursday's issue of Nature, the British science weekly, they say they successfully transmitted packages across 23.4 kilometers (14.62 miles) between mountains in the German Alps.

A laser transmitter was set up at the top of the 2,950-metre (9,587-feet) Zugspitze, and sent out pulses to a receiver, a 25-centimetre (10-inch) shop-bought telescope, positioned on line of sight on another peak, the 2,244-metre (7,293) Westlichekarwendespitze.

With some adjustments to amplify the signal, it should be possible to send keys to satellites in near-Earth orbit, at an altitude of 500-1,000 kilometers (310-620 miles), the scientists say.

"This marks a step towards... a global key-distribution system," the authors say.

Quantum codes have obvious uses for military and government communications.

The big question, though, is whether they should be allowed to enter the commercial domain, where they could be used by organised crime and terrorism to thwart eavesdropping by police.

Hope this helps then...

[Jugalator]

PARIS: Quantum cryptography, a technique of producing secret messages that are reputedly uncrackable, may soon be used by orbiting communications satellites thanks to experiments by British and German researchers.

The traditional weakness of sending encoded messages is eavesdropping. Quantum cryptography gets around this by sending an encoded message and, separately, a key to decode it, which are transmitted in pulses of individual light particles called photons.

By the nature of quantum mechanics, if a single photon is intercepted en route, that changes the state of the information package as it arrives at the other end.

That is a telltale for the legitimate recipient that his message has been tampered with -- the same as if someone received a letter that had been clumsily opened and then resealed, leaving traces of glue and fingerprints on the envelope.

The problem with quantum codes, though, has been how to send messages over long distances.

Data is of course already sent by laser light down fibre-optic networks. But this technique is unsuitable for quantum cryptography, for the laser signal has to be boosted every 10 kilometers (six miles), which causes the quantum state of the key to be rearranged.

Researchers from QinetiQ, the commercial arm of the British military research agency, and from Munich's Ludwig-Maximilian University say they have now demonstrated that it is possible to send a quantum-encoded message through the air.

Reporting in Thursday's issue of Nature, the British science weekly, they say they successfully transmitted packages across 23.4 kilometers (14.62 miles) between mountains in the German Alps.

A laser transmitter was set up at the top of the 2,950-metre (9,587-feet) Zugspitze, and sent out pulses to a receiver, a 25-centimetre (10-inch) shop-bought telescope, positioned on line of sight on another peak, the 2,244-metre (7,293) Westlichekarwendespitze.

With some adjustments to amplify the signal, it should be possible to send keys to satellites in near-Earth orbit, at an altitude of 500-1,000 kilometers (310-620 miles), the scientists say.

"This marks a step towards... a global key-distribution system," the authors say.

Quantum codes have obvious uses for military and government communications.

The big question, though, is whether they should be allowed to enter the commercial domain, where they could be used by organised crime and terrorism to thwart eavesdropping by police.

"The Code Book" mentioned this several years ago

[banana+fiend]

Excellent book for lay-people and crypto-beginners: Review Here

This has been a working theory for years (and the book suggests it had been done across a distance of several hundred meters back then!)

I hate it when people say "wow, we have an unbreakable code now". We find out new things and rubbish old theories about the universe and it's properties all the time, we may have violated the second law of thermodynamics, what's to say this is "unbreakable" - it's only secure so far ;)

Allowance of crypto

[explosionhead]

The big question, though, is whether they should be allowed to enter the commercial domain, where they could be used by organised crime and terrorism to thwart eavesdropping by police.
Whether they should be allowed?? Whether they're allowed or not has little bearing on what would happen. You look at the US's export restrictions for crypto, asking people outside the US to download the inferior version, they haven't exactly worked wonders have they?

Re:Allowance of crypto

[JonnyCalcutta]

The big question, though, is whether they should be allowed to enter the commercial domain, where they could be used by organised crime and terrorism to thwart eavesdropping by police.

Yes, this was the bit that got me as well. It amazes me that this sort of thing can be stuck in as a throw away sentence, as if to imply that there is no doubt about the correctness of this POV, and anyone who thinks otherwise must be stupid.

The saddest thing about the world we live in (in the West at least) is the horrible kneejerk 'won't somebody think of the children' attitude that comes before any form of rational thought is employed.

Here's my list of things we must ban immediately -
Let's ban pencils, pens and paper, since criminals can use them to draw plans of the joint they are casing or even, God forbid, create one time pads to pass uncrackable codes to each other.
Ban open spaces since criminals could use them to converse with each other out of earshot of the police.
Let's ban flags since they could be used to pass secret messages in semaphore.
In fact let's just ban all forms of verbal and non-verbal communication - let's see those criminals make plans now!

Slashdot would be the first to go obviously. All that 'geek talk' is obviously just a clever criminal code.

Re:Allowance of crypto

[dmaxwell]

This assumes that only "Good" people like the Government, contractors, and university lackeys can do the basic science and engineering. The problems with this strike me as difficult but not garageproof. They most certainly are not Saddamproof. That's not to say secrecy in moderation is valueless. The "Good" people could take advantage of a short monopoly on such technology but shouldn't get used to it.

Re:Allowance of crypto

The really odd thing about this "whether they should be allowed" comment is that it is in a news article from India about a report in an international publication by British and German researchers.

So which country is expected to somehow control this technology? As if a technology which is apparently an application of universal quantum-level physical behavior can be controlled. Maybe because it's a physical law, lawyers can change the law...

Setting the Agenda

[Beautyon]

The big question, though, is whether they should be allowed to enter the commercial domain, where they could be used by organised crime and terrorism to thwart eavesdropping by police.

Who said that this is the big question? This is not the "big question"; it has already been determined that "terrorists" did not and generally dont use crypto for communication, so thats just a lame excuse to keep the tools crippled (see A5).

Organized crime? just because an infinitessimal number of "organized criminals" (just where the hell are the disorganized criminals? [yes yes, GAOL]) might use crypto to secure thier telephones doesnt mean that the vast majority of people should be denied access, or given access only to cripple ware.

But you know this.

These agenda setting questions are pure bad journalism, plain and simple, and simple minded.

Re:Setting the Agenda

[fruey]

Who said that this is the big question? This is not the "big question"; it has already been determined that "terrorists" did not and generally dont use crypto for communication, so thats just a lame excuse to keep the tools crippled (see A5).

Exactly. Indeed, the real criminals (corrupt bankers, high wealth people, etc) are those that use crypto because they have the money and paranoia sufficient. Terrorists use simple stuff like codes, languages that only the top spies can get translated, and other tactics like human silence policies and any number of other things. As for organised crime, well using PGP / crypto etc is just going to get the FBI to prick up their ears a bit more so is generally avoided.

People should not be paranoid about cryptography, it should be openly available. It should be used primarily for signatures, and yet most people just think it's there for protecting data transmissions. *Sigh*

Re:Setting the Agenda

[Spunk]

Hello. I don't understand your post very well, likely because you have a .uk on your address and I do not. Could you explain what A5 and GAOL are?

Thanks.

Re:Setting the Agenda

[Beautyon]

This tells you about A5; the encryption used in GSM phones.

"Gaol" is English for a place used for the incarceration of "criminals". Americans call it "The Hoosegow", "The joint", "The big house", "Pokie", "The Slammer", amongst other things.

Re:Setting the Agenda

[Jobe_br]

While I agree that crypto in general should be accessible to the public, this *particular* system should be of little interest to the public. Multi-national, global corporations, maybe. The general public? Doubtful. Think about it. What's being discussed here is a way of encrypting one-time cipher keys for encrypting/decrypting messages. I can't fathom how much work it takes to setup and maintain a communications network based on one-time pads. Maybe someone from the NSA/CIA/Scotland Yard wants to chime in with some info on this, but I imagine its pretty darn resource intensive. This isn't something that you'd start applying to your email communications to your friends, as you'd have to be distributing your one-time keys to your trusted friends and they'd have to be reporting any attempts (or successes) of intercepting or socially-engineering your one-time keys so that you could appropriately revoke affected one-time keys.

This isn't like SSL or public-key crypto, this is a totally different game where absolute and utter confidentiality of communication is necessary. Never mind the low-orbiting satellite system you'll have to setup or lease time on so that you can distribute your one-time pads to your circle of trusted communicators.

Now - don't get me wrong. I agree with the poster in that if criminals want to use this, it won't matter if its publicly available or not. Criminals can use one-time ciphers right now, some possibly do. The concept of this isn't new. The only thing new here is the dissemination of the one-time pads, which currently takes a fair amount of legwork. This article isn't about transmission of the message, its only about transmission of the keys to encrypt/decrypt the message. These keys are currently stored on media and couriered to embassies worldwide by a country's diplomatic couriers and such. Used 'one time' and then the media is destroyed to prevent any future knowledge of past keys. The messages that use these one time keys can be sent over any medium. I wouldn't be surprised at all if some are sent via specialized email systems that at some point hit a public point of the Internet or travel through the air where they could be intercepted.

Hope this helps!
Cheers.

Re:Setting the Agenda

[swb]

Organized crime? just because an infinitessimal number of "organized criminals" (just where the hell are the disorganized criminals? [yes yes, GAOL]) might use crypto to secure thier telephones doesnt mean that the vast majority of people should be denied access, or given access only to cripple ware.

Ever actually listen to or read the transcripts of American mafia conversations from FBi wiretaps? Even when they're in the same ("secure") room, it's hard to figure out what the fuck they're even *saying* let alone what kind of scheme they might be up to.

"Them guys that was gonna do that thing for them-"

"Wait, what thing? That one thing over there or the other thing we was talking about the other day?"

"Yeah, that one"

"Well, they had some problems with those other guys"

"What kind of problems?"

"Some guys from over there was having more problems like the kind we had that one time over in Jersey"

"OK now?"

"Yeah, I think so. Fuhgettabboutit."

Even without encryption the conversations are so obtuse as to be nearly meaningless without *years* of surveillance, undercover infiltration, etc. I'd guess where they hate encryption isn't in terms of intercepts, but the big charges that really cripple them are tax/fraud/money laundering, and encrypted records prevent a lot of those charges from sticking.

Re:Setting the Agenda

[Luyseyal]

As for organised crime, well using PGP / crypto etc is just going to get the FBI to prick up their ears a bit more so is generally avoided.

For now. As the percentage of encrypted general-interest traffic increases, the likelihood of a given message being important decreases. Thus, encrypted messages will attract less attention.

-l

Re:Setting the Agenda

[Beautyon]

WMOB The recordings and transcripts (that you REALLY need) of some gangsters wiretapped by the FBI.

Its awesome!

Re:Setting the Agenda

[mesocyclone]

it has already been determined that "terrorists" did not and generally dont use crypto for communication, so thats just a lame excuse to keep the tools crippled

And how exactly was this determined? This makes the assumption that:

(a) We know how all terrorists communicate.

(b) All terrorists are idiots.

Of course terrorists do and will use crypto where it suits their purposes. Organized terrorists in general tend to be a lot smarter than organized criminals. And organized criminals *do* use crypto - especially large scale drug smugglers.

Now, this does not mean that crypto should (or can be) illegal.

In some ways it's solving the wrong problem

[WolfWithoutAClause]

The easiest way to crack encyption is to avoid cracking the encryption and attack the installation or the people using the encryption.

Basically, if you can bug the users keystrokes when they type in their password for the crypto system, then that system is toast- similarly if they have a physical token- if you steal that token.

Or you bribe/blackmail the guy; or you use "lead pipe" cryptanalysis- you hit the guy over the head until he tells you his password.

This system looks good; but don't assume that its going to be 100% secure. In the real world it can't be, unless there's no people in the loop, not even designing the system.

Re:In some ways it's solving the wrong problem

[adb]

Yeah, but it's nice to reduce the problem to endpoint security, because (a) you're always going to need endpoint security (so it's nice to be able to focus on it exclusively) and (b) endpoint security problems haven't changed fundamentally in the past few million years or so: you keep bad people away from the endpoint and, if necessary, induce sufficiently people to work for you with sufficient motivation that they are sufficiently hard to bribe or threaten.

Re:In some ways it's solving the wrong problem

[banana+fiend]

Absolutely, you'll always have problems with "soft" systems. This can solve a lot of those problems though, detecting if someone interfered with the message, the inviolability of the message in transit etc.

But that's just the problem, it doesn't keep it secure AFTER transmission, you have to go back to the old reliables (like PGP) - which may be broken by quantum computers :)) It looks like a message may only be safe in transit, and at no other time when we use quantum methods.

Re:In some ways it's solving the wrong problem

Actually with quantum cryptography an observation of the message alters the encryption - so you can tell wthat its been read by an eavesdropper.

It also bypasses the key distrubution issues.

Human factors are almost always easier to deal with in a surpise attack, butonce you've doe it a coupe of times it will get real hard real fast.

Re:In some ways it's solving the wrong problem

[D-Cypell]

(b) endpoint security problems haven't changed fundamentally in the past few million years or so

"Users are reminded that it is againt company policy to chisel your password into a stone tablet... failure to respect this rule will result in prompt ejection from the cave"

Do you think that your comment was a 'little' exagerated?

Re:In some ways it's solving the wrong problem

[adb]

Only a little. It's all about keeping the people you don't want to eavesdrop away from the endpoints, which has always been necessary as long as there have been people to spy on. Issues like writing your password on a sticky note are secondary: if the bad guys can get the sticky note on your monitor, they can bug your keyboard, too.

Re:In some ways it's solving the wrong problem

[D-Cypell]

"endpoint security problems haven't changed fundamentally in the past few million years or so"

I would have said this is a little bit of an exageration...

"Users are reminded that chiseling their password into the walls of the company cave is expressly forbidden!"...

Re:In some ways it's solving the wrong problem

[notaspy]

"Or you bribe/blackmail the guy; or you use "lead pipe" cryptanalysis- you hit the guy over the head until he tells you his password."

Sorry about getting too technical here, but "lead pipe" cryptanalysis entails hitting the guy's hands, feet and genitalia with the pipe. Doesn't take many blows to the head to induce memory loss in the patient. ("You can stop hitting him now; he's dead.")

Re:In some ways it's solving the wrong problem

[adb]

I suspect you're thinking of "rubber hose" cryptanalysis anyway.

Re:In some ways it's solving the wrong problem

[Sabalon]

Hmmm....Ogg no can tell if Zug using new encryption scheme or just no can write.

Re:In some ways it's solving the wrong problem

[Jobe_br]

FYI - this isn't about encrypting or securing the transmission of the message, only the transmission of the keys to decrypt the message and/or encrypt a response. What's basically being researched is how to disseminate the one-time keys that the gov'ts. and military installations around the world have been using for a few years now, without all the footwork that has been needed for that to date.

The messages are entirely secure, as they are encrypted with these one-time keys (the ultimate in security, as they don't rely on any particular mathematical principles that could be susceptible to breaking as computing power/methods evolve).

Getting away from the legwork needed to use a one-time cipher system is what is being developed here. So in this sense, the 'message' that's being sent is the one-time cipher, which, wouldn't really need to be 'stored' again using PGP or other methods - it would just need to be used, then abandoned. Make sense? Old one-time keys don't do a snoop any good as they are in no way related to future one-time pads.

Hope this is (a) somewhat correct and (b) somewhat clearing things up.

Cheers.

Re:In some ways it's solving the wrong problem

[Rich0]

One issue which it does not address is the man-in-the-middle attack. Granted, it is a bit of a pain to implement with satellites, but if you can get in between the source and recipient and intercept the transmission you can negotiate the key with the sender and receive the message. Then you negotiate a new key with the recipient and resend the message.

Quantum cryto only detects if a message is passively intercepted - it does not authenticate who you are talking to in the first place. There are other ways of doing this (such as old-fashioned RSA), but these systems are not nearly as bulletproof as quantum cryto and require trusted keysigners (hence we're back to the key distribution problem).

Think of it this way - quantum crypto ensures that nobody is tapping your phone line. It does not ensure that the person on the other end of the phone is who you think it is and not just a really good voice actor. In some ways the phone is more secure in this regard - you can at least hear the other party's voice, which is hard to replicate. With data communications, you just get text/binary data - how do you authenticate that? Software like PGPPhone has you read a digest of the key over the phone, this blocks the man in the middle attack for voice communications, assuming the attacker cannot replicate your voice (just recording and resending doesn't work, as the key digest would be wrong). But this is a highly manual method, and probably not foolproof to a very determined attacker who knows what your voice sounds like in advance.

Re:In some ways it's solving the wrong problem

[banana+fiend]

:))

messages are entirely secure? What happens when the 1 time key is lost/captured (I know it's currently impossible)? Then you have the same worry - the original message is not well hidden (no legwork) - so the 1 time key IS effectively the message

Re:In some ways it's solving the wrong problem

[Jeremi]

The easiest way to crack encyption is to avoid cracking the encryption and attack the installation or the people using the encryption.

As long as this is true, the encryption can be considered effective. It's done it's job of preventing eavesdroppers on the line; it's not responsible for the rest of the world.

Re:In some ways it's solving the wrong problem

[Jobe_br]

This technology isn't meant to determine what happens if the one-time pad is lost/captured (its meant to prevent that, though). That scenario is already accounted for in the current one-time pad systems in use *today*. I can't speak from experience of what exactly takes place, but the scenario is accounted for.

Does that make sense?

Re:In some ways it's solving the wrong problem

[WolfWithoutAClause]

I bow to your greater experience and expertise in the matter ;-)

Re:In some ways it's solving the wrong problem

[horza]

The easiest way to crack encyption is to avoid cracking the encryption and attack the installation or the people using the encryption.

By using a strong secure encrypted link, you are moving the points of attack to areas under your control. It also much reduces opportunist attacks as the attacker will have to take some physical risk (for example, as you mention after, bugging a keyboard) as opposed to passively sitting in a public place and plucking bits out of the air.

or you use "lead pipe" cryptanalysis- you hit the guy over the head until he tells you his password.

It's "rubber hose" cryptanalysis; just as painful but leaves far less evidence of torture after they finally release you.

This system looks good; but don't assume that its going to be 100% secure.

It's only used for the key exchange. You can always break or brute force (given enough computing power) the symmetric algorithm that then uses this key for encryption.

Phillip.

Re:In some ways it's solving the wrong problem

[WolfWithoutAClause]

By using a strong secure encrypted link, you are moving the points of attack to areas under your control. It also much reduces opportunist attacks as the attacker will have to take some physical risk (for example, as you mention after, bugging a keyboard) as opposed to passively sitting in a public place and plucking bits out of the air.

The system as described seems vulnerable to a man-in-the-middle attack right now; so that's not completely true; however adding passwords and so forth in there allows the advantages you mention. It looks to me though that the right thing to do is layer an ordinary crypto system on top of a quantum one and rely on the quantum system to prevent interception and use the conventional crypto to give authentication and so forth.

Not for commercial use.

From the article:

Quantum codes have obvious uses for military and government communications.

The big question, though, is whether they should be allowed to enter the commercial domain, where they could be used by organised crime and terrorism to thwart eavesdropping by police.

Ok, it is not as if we have never heard of government-funded terrorism (think Libya for example). And criminals can certainly get their hands on military equipment (at least in the movies. ;o)

Re:Not for commercial use.

And indeed the USA, think Central America.

The truth about quantum computers

[Klerck]

First, I'd like to point out that quantum computation and quantum encryption are two almost completely separate concepts. Quantum encryption is based on the fact that quantum states cannot be measured without altering. The most common example is the polarization of a photon, but it will work for any quantum state, so long as there exist, effectively, two unique states that can transmit the data.

Quantum computation, however, is much more complex and much more interesting. Quantum computers are based on the concept of quantum entanglement, the ability of a quantum state to exist in a superposition of all of its mutually exclusive states: It's a 1 and a 0. However, this is not as easy to use as one might think. While it's true that if you have n quantum logic gates you have the ability to input 2^n data values simultaneously (as opposed to only 1 piece of data if you have n digital logic gates), this is not going to be the end of classical computing for a few reasons. First, quantum computers have to be perfectly reversible. That means for every output there's an input and vice versa. And there has to be no way of knowing the initial states of the data. You don't process data, you process probabilities in a quantum computer; if you know exactly what any one value is throughout the computation, you can find out all of the values: the superposition ends and you're stuck with a useless chunk of machinery. This means YOU CAN ONLY GET ONE RESULT FROM ANY QUANTUM COMPUTATION, THE END RESULT. You can't see what the data in the middle is or the computer becomes useless. (Landauer's principle makes heat loss data loss. When your processor gets hot, it's losing data. If the same thing happened to a quantum computer, it wouldn't be quantum anymore.) Decoherence is what happens when you randomly lose data to the environment by design, not by choice, and the superposition ends. This is bad for Q.C. Oh, and quantum computers can only do *some* things faster, like prime factorization and discrete logarithms. Not multiplication or addition. Plus, the circuits that would do basic arithmetic would be bigger and slower than what you've currently got.

So what does this all mean? It means that quantum computers are going to provide some advantages (real quick big number factorization), and some disadvantages (that whole RSA standard). The most realistic initial use of quantum computers will be as add-ons to existing super-computers to resolve certain types of NP-Complete headaches that regular math can't simplify yet. At best they will someday be an add-on to your PC; but they will never replace the digital computer.~

If you want more info, check out http://www.qubit.org, it's got some decent tutorials.

Re:The truth about quantum computers

"Quantum computers are based on the concept of quantum entanglement, the ability of a quantum state to exist in a superposition of all of its mutually exclusive states: It's a 1 and a 0."

Actually, quantum encryption is based on quantum entanglement, since measuring one particle's state "resolves" the state of the other particle (hence the use of the word entangled).

Quantum computers involve both the entanglement of particles and the superposition of states.

Re:The truth about quantum computers

[Fuzzy_Logician]

Then how do they measure the entangled state if if collapses the probablities to a single state

Re:"The Code Book" mentioned this several years ag

You're missing the point. Quantum cryptography had been done before, but only over fibreoptic cables. This is the first time it has been done through air, which opens up lots of new possibilities.

Any details at all would have been nice

[CaptainAlbert]

Anyone got a link to the Nature article itself?

From the guff written here, it all seems implausible. Encoding a message in single photons is fine, but I find it hard to believe that you can transmit a stream of photons several miles through the atmosphere without a single one of them being absorbed or scattered (which would look the same as interception). It's just light, after all.

I wish I could remember any physics. Then I could say something about the possibility of "amplifying" a signal in which the symbols are single photons. But I can't, so I won't even try.

Plus, even taking the above on trust, it doesn't sound too hard to disrupt (with, say, a mirror).

Corrections and extra technical info most welcome! :)

Re:Any details at all would have been nice

[tplayford]

Amplifying single photons is defiantly possible, I can remember that. I think the basic idea is to get a photon to hit a charged plate (or something) which then releases a shower of electrons which can then go on to hit another plate and so on ...

I think this is the basic principal but I can remember the name.

Feel free to flame if I have this horrendously wrong.

Re:Any details at all would have been nice

[stevelinton]

I had a student do a project on this. You can live with quite high levels of photon loss.

Essentially, the process runs:

send a large number of (more-or-less) single photon pulses, carrying random data

recipient reports over an open channel, which pulses they got and some more technical information.

From this, sender and recipient can work out the subset of the random data that they take into the next step.

Now they (openly) exchange some checksums and things to determine the rate of bits which appear to have changed in transit, either due to eavesdropping, or noise and to get a common bitstring. From this, they can work out how to combine the bits of the bitstring to get a shorter bitstring which (with high probability) no eavesdropper can guess any part of.

Finally, they use this common secret bitstring as a key for a one-time pad.

Simulations suggest that even 99.9% photon loss is not fatal.

Re:Any details at all would have been nice

[oojah]

Photo[n] multiplier tube

Re:Any details at all would have been nice

Amplifying single photons is defiantly possible

And you defy anyone to prove you wrong. Retard.

Re:Any details at all would have been nice

[CaptainAlbert]

> Finally, they use this common secret bitstring as a key for a one-time pad.

Aha! So the cyphertext itself can be transmitted over an "open" channel. Cunning. :)

But, it sounds to me like it could be fairly inefficient. From what I remember, you need one bit of one-time-pad for every bit of plaintext you want to transmit. The process above could be quite time-consuming (relatively speaking) if only 0.1% of your photons get through. And even if you're sending the equivalent of an email, you'll need a key-string of tens of thousands of bits. So it might be secure, but you'd end up paying for it in speed.

Interesting, though.

Re:Any details at all would have been nice

[stevelinton]

> So it might be secure, but you'd end up paying
> for it in speed.

Absolutely right. From what we found out, you may need to send thousands of photons for every bit of shared secret you want.

Of course, at a small cost in security, you could use the shared secret as a session key for your favourite stream cipher, and change keys every time you manage to send enough extra bits over the quantum channel. using AES with (say) a 256 bit key and changing keys every millisecond or so should defeat all but really determined attackers.

You can also leave the quantum channel runnign all the time to build up a stock of one-time-pad for when you need it.

Re:Any details at all would have been nice

[Jobe_br]

This doesn't matter. What's being transmitted here is not the message, its the one-time cipher pads used to encrypt/decrypt the message. The gov't./military already uses one-time pads - but, they're disseminated on physical media, requiring delivery and disposal by physical, trusted personnel. So, this is about transmitting that one-time cipher pad, not about transmitting the actual messages. The messages, once encoded with the one-time cipher pad that is to be used for that particular transmission (pre-determined by the gov't./military) will be transmitted in the clear over current transmission media (public/private networks, transcontinental/oceanic fiber, military/communications satellites, etc.) The "messsage", encrypted with the one-time cipher that this new transmission medium disseminated, is unbreakable by untrusted parties, because of the one-time pad being used, not because of the transmission type being used.

The one article I read about this talks about the satellite communications that were being intercepted in Europe from NATO troops in the Balkans. This new quantum crypto transmission method for one-time pads has nothing to do with that - THAT was about the military not having enough encrypted satellite channels for the amount of data that they were needed to transfer. This wouldn't change that in one bit. This only affects the legwork currently needed to disseminate one-time pads to all necessary parties. The one-time pad systems are already being used, this would just make the process a bit less resource intensive and available to more parties (not just the ones that have reliable access to diplomatic couriers). Maybe that would change the situation above, because more people could take advantage of the one-time pad system, but I doubt it. This seemed more of a limitation of the satellite bandwidth than anything else.

Cheers!

Re:Any details at all would have been nice

Try:


http://www.qinetiq.com/applications/news_room/ne ws _releases/show.asp?ShowID=511&category=0

for the Press Release with a few 'technical details'.

Well heres my take on this

If you're going to create something for the government its inherantly going to fall into the hands of civilians.

Our arguably most complex technology is the atom bomb but every highschool student with half a brain knows the basics of how a nuclear reaction works.

This isnt really a problem for us because regulation of these components is a relatively easy job. Its not like joe-terrorist can go mine his own plutonium or deuterium or uranium (the makings of most nuclear devices) though there are others.

smoke detectors contain valadium etc and as in a previous slashdot artical can be turned into nuclear devices. (remember the kid in his garden shed)

So back to the real point, how do the creators of this technology (read information) keep it secret. After all information wants to be free. Poloticians screw up interns leak data and university professors love to defeat these kind of things.

So if you're going to create it, you better be sure you want every one to have it. Which is incidently for the same reasons that the guy who created the atom bomb(well theory) is quoted as saying (paraphrased) that he never should have created it dispite the good that has come from nuclear energy.

--Editorial-- (well moreso)

I think that this technology should be created etc. But created for the public domain. Security and privacy are what good countrys are founded on. Through corruption and "wont someone please think of the children" we've given up this freedom peice by peice to the governments that represent men with money. (read riaa)

What then is the next logical step? i say declare war on privacy invasion; since the government isnt run for the people any more it must be business that impliments privacy for the people.

quantum state encryption will finally give people the ability to have a discussion in private. Is the fact that joe is cheating on his wife any more important than saddam having an abomb to joe? what if both were found out. with quantum tech this doesnt seem possible YET.
(alright its a spacious argument but blah)

so now that i sound like a madman i await your flames. encryption doesnt make a person a terrorist and good people have a right to privacy. the argument that if you dont have anything to hide you dont need encryption doesnt hold water. ANY information intended for one party should not be received by another.

Re:Well heres my take on this

[luzrek]

Tritium (hydrogen-3) not deuterium (hydrogen-2) is what makes hydrogen bombs go mega-boom, but you need an atomic bomb to get hot enough. They can actually mine their own Uranium, but enriching the U-235 to weapons grade is very difficult. Finally, even if you have the materials and knowledge of explosives to overcome the pre-detenation problem, do you know what critical mass is for the particular isotope and enrichment. If you don't it probably either won't work or you'll blow yourself up (or irradiate yourself) before you get it assembled. Ok, that rant's over.

From my understanding of what they are doing (quantum mechanics based keys) it will be very difficult to transmit keys any real distance through atmosphere, much less a cloud. It would certainly be easier to just use a laser in "binary" mode (on-off) to flash a key from point to point. You'ld still know if it was intercepted since the light would take longer to get there or wouldn't get there at all.

Re:Well heres my take on this

[windex]

You could watch a laser pulse without interrupting the flow of the laser.

Mr. Science Science Project:

Take laser pointer pen.
Take cardboard paper towel roll.

Cut hole in top cardboard paper towel roll, so the roll is still intact and you can see the inside.

Shine laser through paper towel roll, look through hole, see wonderful beam shining through.

Flash laser pen for fun, notice you can see it shut off and turn on. .. beat head into wall. Notice how the paper towel roll wasn't even really needed, but I wanted to involve scissors. Use scissors to cut wrists.

Binary with lasers, you say? Worthless, because it can be unknowlingly intercepted in transit.

Translation:

[Jace+of+Fuse!]

Well, given a hundred years at university and a few extra titles to my name, I'd be comfortable trying to summarize the article so don't take what I say at face value.

What I'm about to say MAY or MAY NOT be true. fnord

Re:Translation:

"Everything You Know Is Wrong!"?

WATCH MORE TV!

a bit more info

[plasticquart]

A few things to note:

British-government-owned company involved: QinetiQ

Article from The Economist: "Free-space" optics
'"Free-space" optics requires no fibre' (oh, how I love that British English)

Quantum secure key exchange paper: here

Re:a bit more info

[whatisthatvelvet]

This article from the Economist is a good read:

>From The Economist print edition
"Free-space" optics requires no fibre. That may be an advantage

FIBRE optics revolutionised communication by abolishing the law that light can travel only in a straight line. From that point on, light signals could be treated in the same way as electrical ones, and bent round corners. Some people, however, are never satisfied. And these dissatisfied engineers are trying to turn the clock back by developing systems that use "free-space" optics-in other words sending information from place to place by shining laser beams through the air.

Free-space optics has three advantages. It is easy to install. It can handle a technology known as wavelength division multiplexing (WDM) without, as it were, blinking. And it seems suited to a new-and allegedly uncrackable-encryption technique called quantum key distribution.

Speed of installation comes from not having to dig up the road to lay conduits. Free-space optics may thus be an answer to the difficulty of providing broadband connections to customers' homes and offices-the so-called "last mile". Free-space links that operate at speeds of up to 20 gigabits a second-as good as fibre-have now been demonstrated. They can be installed in hours rather than the weeks or months normally needed for broadband access. And if they can be put into place quickly, they can be upgraded quickly, too.

That matters in the context of WDM, a technique that allows a single optical path to carry thousands of parallel channels, as long as each is encoded in a slightly different colour. Upgrading a fibre network for WDM is hard. First, individual fibres are each compatible with only a few WDM schemes. The exact chemical composition of a fibre's glass determines how transparent it is to different frequencies, and also its tendency to disperse those frequencies even when it is transparent. Both restrictions reduce the number of channels that can be carried. Moreover, even if a particular fibre can be used with a particular scheme, the light sources, amplifiers, switches and associated paraphernalia usually cannot. Amplifiers, for instance, will not boost all colours equally, so special devices are necessary to compensate.

Free-space optics suffers from none of these problems. Air is transparent to a wide range of frequencies and has few dispersive tendencies (at least, when the weather is good). And with the associated kit clustered together in base stations, upgrades are easy to carry out.

The third advantage-for quantum key distribution-is more speculative. The technique exploits the arcana of quantum mechanics to let two computers swap a cryptographic key (and thus the means to decode a message) with perfect security.

Quantum key distribution has been demonstrated successfully in fibres, but it suffers from one major drawback: it requires a dedicated link, and so cannot be implemented in a network. However, two experiments carried out in the past few weeks have shown that it works with free-space optics. First, researchers at QinetiQ, a British-government-owned company, and Ludwig Maximilian University, in Munich, Germany, exchanged keys between two alpine mountain-tops more than 23km apart, though they did so at night, when sunlight could not confuse the signal. Then, another group of researchers, from Los Alamos National Laboratory in New Mexico, announced that they had performed a 10km key exchange in broad daylight.

These two groups are working towards military applications in which the key is exchanged from the ground to a satellite. But both recognise that the technology might be exploited commercially, and are part of a European Union collaboration called QuComm that is encouraging this.

Free-space optics would have the odd drawback, such as flocks of birds, showers of snowflakes or banks of fog interrupting the beams. But message-encoding systems are already set up to cope with lost data. Many customers might be willing to put up with a 99.999% available service that could be installed straight away, rather than waiting indefinitely for the 100% availability of fibre.

Re:a bit more info

[dEaTh_ChUrCh]

I think what you meant to say was:-

(oh, how I love that Proper English)

Philip K Dick

[pubjames]

I remember reading once that Philip K Dick (writer of Blade Runner, Minority Report) went mad at the end of his life, one of the reasons being that he was convinced that there were zillions of alien transmissions going through the air which were screwing with his mind.

Perhaps he was right. Perhaps taking lots of hard drugs allows you to tune in to alien quantum communications. Sounds like some experimenting needs to be done...

Re:Philip K Dick

[Sunnan]

PKD said that he thought he suffered through schizophrenia through all his career. He wrote great books, maybe partly due to that, and I respect him a lot.

What is Karma

a sincere question from newbie .

Re:What is Karma

This or this.

Take your pick.

Re:What is Karma

[Poor+Master]

Thank You

Re:What is Karma

No prob. If you need links for whoring, I know someone who can help you :-)

Perl

[jaavaaguru]

From the article:
"Gift a Washing Machine & get Pearl Set Free @ INR 8590"

They obviously don't know that Perl is FREE for most systems.

Ultrasecure?

No, I think you mean Hypersecure. Much stronger than Supersecure or Ultrasecure, though there is a SuperHyperUltraSpecialSecure encryption in the works IIRC. For most people just plain secure works fine though.

Re:Ultrasecure?

[SlashDotIDOne]

Sorry, I was just trying to point out that it was somewhat more secure than "secure credit card transactions"... Not that I question the security of my credit cards when I purchase online until AFTER they get stored in the database and hacked a few months later... Just that I haven't heard of NSA telling the state dept. to go ahead and use it overseas. But your joke is rather well founded, I just had to reply since it was a joke on me :(.

Nature a British weekly?

"Reporting in Thursday's issue of Nature, the British science weekly"

I thought New Scientist was the British science weekly that is published on Thursdays, that's when mine arrives.

Re:"The Code Book" mentioned this several years ag

[G.+W.+Bush+Junior]

I hate it when people say "wow, we have an unbreakable code now"

One time pads are ABSOLUTELY unbreakable...

Old news

[Wizard+of+OS]

Way to go! A friend of mine gave me this URL a few hours ago, we had the following discussion on IRC:

11:22 <philb> http://news.bbc.co.uk/1/hi/technology/2295153.stm
11:25 <Gullie> philb: that is _old_ news
11:26 <philb> yes.
11:26 <Gullie> the idea is about 15 years old, first implementation was about 5 years ago
11:26 <philb> It's just appeared on the BBC news page
11:26 <Gullie> nutty bbc
11:26 <philb> I think it's because QinetiQ keep spamming the newswires with it

Seriously, if you search on slashdot on 'quantum cryptography', I predict you'll find quite an amount of previous stories saying exactly the same.
By the way, a few minutes ago:

1:27P <philb> HA ha Gullie
1:27P <philb> I win
1:28P <philb> Slashdot ran the BBC news regurgitated story
1:28P <philb> yet again
1:30P <Gullie> :(
1:30P <philb> yes. :(

Re:"The Code Book" mentioned this several years ag

As long as you don't leave copies all over the place :)

Speaking of last-mile broadband (we weren't?)

[plasticquart]

[article snippage]

Speed of installation comes from not having to dig up the road to lay conduits. Free-space optics may thus be an answer to the difficulty of providing broadband connections to customers' homes and offices-the so-called "last mile". Free-space links that operate at speeds of up to 20 gigabits a second-as good as fibre-have now been demonstrated. They can be installed in hours rather than the weeks or months normally needed for broadband access. And if they can be put into place quickly, they can be upgraded quickly, too.

Whatever happened to those start-up-.com-wonder-companies who were developing those laser-fiber-hybrid boxes that we were gonna see on rooftops throughout the inner city? You know, the ones where they envisioned a mesh of broadband laser links lighting up the city sky... something akin to a Pink Floyd laser show?

Has this .com craze really gone bye-bye? Please, say it ain't so.

Secure?

[VisualStim]

A very secure form since you know whether a message was intercepted, rather hard to tamper with ;).

I'm not sure how knowing if a message has been intercepted makes it more secure. I can yell to a friend across a crowded room, and when people turn their heads at the sound of my voice, I know my message has been intercepted. Does that make it more secure?

Re:Secure?

[u38cg]

Think about it. You now know that your communication method is insecure, and you should not transmit sensitive information by this means. Sure, any information in the original transmission is compromised, but creating protocols to deal with this ain't hard. Just consider if the Germans had figured out in '41 we could read Enigma - do you think it might have changed anything? The point is that the eavesdropper *knows* that anything he reads *will* be detected. So they'll know he knows. And he knows it. And so do we. Cheers, Calum

Re:Secure?

Why do we assume that it can't be intercepted without trace. All it requires is a quantum amplifier, 1 quantum in many identical quantums out, and then you can get to work on reading the signal.

Re:Secure?

[Ma$$acre]

This is explained a bit differently in "The Code Book", but here goes:

If you and a friend are in a room and are separated by a black curtain, and there is the potential that there is actually 2 curtains with a 3rd Person inbetween, you can't be sure of a secure conversation. Now, let's throw in QC, and you say "I have something secure to tell you" across the room. If that message is listened to by a 3rd Party, QC will FOR A FACT inform your friend that the message was tampered with before he heard it.

How does this help secure your conversation? Let's say you have an infinite number of rooms with which to experiment. Every time your message is intercepted, you simply change rooms (or channels) and repeat your "I have something secure to tell you" message until it is not tampered with.

But, you say, a 3rd party could just wait to listen to the "important part" of the message. Could they? I could sit there and say my insecure message for days and each time I would know when it was listened to. How would a person know when to listen to the right message? They wouldn't know which one is secure. So effectively, if the first message is secure, the next message will be as well.

Re:Secure?

[AndrewHowe]

You don't use this method to send your secret message, you use it to send a random one time pad. If it is intercepted, you just send a new one. You keep doing this until your recipient gets one that was not intercepted. Then you encrypt your secret message with this (now known to be secret) one time pad and Bob's Alice's uncle.
The one problem I see with this is that Eve (the eavesdropper) can effectively DoS Alice and Bob's communication, by intercepting everything, thus stopping them from ever agreeing on a private key.

Re:Secure?

[corey_lawson]

...they DID change Enigma at least once, going from a 2-wheel box to a 3-wheel box. It is because the dunderheads in the German High Command didn't understand crypto and had too much faith in it that partially helped us out. And we had some smart people (von Neuman, et al) trying to think at least a couple of steps ahead in the information theory area and leaders willing to play along with them.

Re:Secure?

[dahamsta]

Actually it was three wheels to four.

adam retentive

Re:Secure?

[mikeg22]

The other big problem is the "Bucket Brigade" attack, where an evesdropper simply sits in the middle, recieving and retransmitting the messages between sender and reciever, neither being the wiser. The evesdropper thereby can decrypt messages going both ways. This is the biggest problem with quantum cryptography in my opinion.

Re:Secure?

[AndrewHowe]

Absolutely not! That is the whole point of this technique. It is (statistically) impossible to retransmit the messages without the sender and receiver being aware of the tap.

commercial uses? yes!

[prichardson]

from the article (yes I read it)

The big question, though, is whether they should be allowed to enter the commercial domain, where they could be used by organised crime and terrorism to thwart eavesdropping by police.

If we don't let the public use this, everyone we don't want to have it will get it eventually. There wont be a user base to be framiliar with to help the government in finding the weaknesses. It is the same with cryptography software. Those who want it really bad can write their own or violate an EULA. The law abiding public is shut off from protecting their own things when terrorists and organized crime still can.

Re:commercial uses? yes!

"Well, you learn something new everyday, even when your in high school. --Me" How about learning the correct homonym is you're? :)

Re:commercial uses? yes!

[MxTxL]

This is a good point... but, you realize, you've just boiled it down to the whole "when guns are outlawed, only outlaws will have guns" argument.

It still can't be 100% secure,

[chamenos]

because most people still leave backdoors to their computers open.

if i'm not mistaken, this only makes the transfer of quantum encrypted data secure. most of the methods of transferring encrypted today though probably not as secure as this, are more than enough for most needs and purposes.

its frequently the integrity of either the computer sending the data or the computer receiving the data that gets compromised, and that is usually the issue.

its still a positive development nonetheless though.

The last paragraph sums it up pretty well

[z_gringo]

The big question, though, is whether they should be allowed to enter the commercial domain, where they could be used by organised crime and terrorism to thwart eavesdropping by police.

Let me help answer the question. Yes, It should be allowed to enter the commercial domain. Their overprotection of encryption technology is getting old.

Re:The last paragraph sums it up pretty well

Quantum Cryptography is never going to enter the public domain. Or rather it is never going to be a practical solution to encrypting messages. For it to work you need either a dedicated fibre optic link or a free space link (max seperation about 20km). And the maximum bit rates that have been demonstrated so far is 50 bits/second. This is fine if you only have to rekey a satallite once a month -- but otherwise pretty useless.

Any criminals wanting to use quantum cryptography would have to live less than 20km apart -- at which point they could just arrange a meeting and swap a one-time pad. If
you assume that they swap a CD-ROM once a week
the bit rate would be much greater than any quantum cryptographical scheme.

The fundamental problem with quantum cryptography is that you need to know the person at the other end. Compare this to public key encryption -- anybody, anywhere in the world can get my public key from off my webpage and send me an encrypted message that only I can read. This is not possible with any
symmetric encryption scheme.

Neil

Re:The last paragraph sums it up pretty well

[z_gringo]

Right, but according to the article, (And I'm a bit out of my league on this one), they can now make it work over longer distances, which may make it more useable in the commercial domain.

My comment was more related to the seemingly extreme laws governing encryption technology.

Regards..

Quantum Communication is NOT SECURE !

[Krapangor]

This is just another lie the goverment pushes out to have nice physical backdoors to spy at us all !!!
And a quantum link any 3rd party can couple a 2nd quatum link to the primary. This is not noted because this is no measurement. When the receiver makes his measurement the waveform collases and collaspes the 2nd link, too !!! Due to coupling the 3rd party can automatically read out the information on the 1st link then and even knows the time of the measurement event. Sorry, I can't call a system with such a huge flaw secure in any way !!!
It's much better to use real encryption which cannot decoded by physicla tricks.

Re:Quantum Communication is NOT SECURE !

[forsetti]

What do you consider "real encryption"? It seems that all encryption based in mathematics (prime number theory, for example) will be breakable after certain advances in technology and mathematics. So, what then, is "real encryption"?

Re:Quantum Communication is NOT SECURE !

[pldms]

And a quantum link any 3rd party can couple a 2nd quatum link to the primary. This is not noted because this is no measurement.

The properties of a two body system in a pure state are different to that in a mixed state. The state of the system will then have changed and that can be detected, despite the lack of a 'measurement'.

Nice try, tho'

Re:Quantum Communication is NOT SECURE !

[LegendLength]

One thing I don't understand about detecting interception is why can't the person in the middle have a device which accepts the photons then spits new, identical ones out the other side?

I don't know much about quantum physics and I get the feeling it's because of its most basic principles, but I'd love to have it spelled out to me.

Re:Quantum Communication is NOT SECURE !

[AndrewHowe]

It's the way you measure the polarisation of the photons. For example, they might be 0 or 90 degrees, and if you are measuring them like that, you could reproduce the photons. But if you were looking for 45 or 135 degree polarisation, you would just get random results. Or you could be looking for 0 or 90, but they are sent 45 or 135. You can't measure both because you only have a single photon to play with. That's the theory anyway, it is hard to generate single photons! But that is the basis of the whole thing.

Re:Quantum Communication is NOT SECURE !

[a_n_d_e_r_s]

Well, except för one time pads.
They are always secure.

anyone watch discovery channel

.. because you'd see the special on cold war spying techniques. Guess what? One of the most effective ways is to find out what a person's weaknesses are and target them directly. More often than not, the weakness was hot chicks.

Quantum Crypto is cool and useful, but as far as preventing hacking or spying it doesn't change anything. The best way to hack or spy isn't intercepting satellite signals. It's planting a listening device in their office where a person thinks they can talk securely. Trying to hack into a secure system is easier with social engineering than brute force.

Re:anyone watch discovery channel

[OrangeSpyderMan]

Exactly, for a couple of gigs of pr0n and some hot grits you could probably pick up the passwords of half of the slashdot readers.

Au contraire. Americans found the way in '98...

[Peter+T+Ermit]

...here, quickly improved it to 0.5 and 1 km, and then 10 km. Don't quite know why Nature thought this particular paper was so revolutionary -- wake me when they get to about 300 km, the minimal bounce-off-satellite trip.

Re:"The Code Book" mentioned this several years ag

[inputsprocket]

Indeed - a very good description summary of the original (May, 2000) quantum cryptography is described in this Nature news section. The story in point here is similar crpyptography techniques without the physical constraints of a fibre optic line.

BBC Link

[Izeickl]

The BBC has a more laymans view of things here

Contradictions in the Reuters story...

[gingerTabs]

At one point they say

"have sent a key for deciphering coded information over a record 14.5 miles of open space between two mountains in Germany"

And then they say

The keys, which use quantum cryptography, were transmitted as photons of light along optical fibres.

So which is it?

Thin Air

[gcondon]

Ultrasecure Quantum Communications Over Thin Air

But how thin does my air have to be? I mean, I try to keep my air in shape but it certainly isn't as thin as it used to be. Perhaps if I move to Tibet.

Well at least the communications are ultrasecure - I find that secure just isn't enough.

Hypothetically

[shut_up_man]

So, Tony sends a message to George using this method. A third party, let's call him... Saddam... intercepts the message. George and Tony know the message has been seen, but does Saddam know? Since he changed the state of the information packet by intercepting it, I'd say yes.

Saddam therefore has the message information (which may be valuable on its own) and he has confirmation he's been busted. In other words, he knows he's disrupted Tony and George's communications, and he can take that into account when he acts on the info in the message.

Thus Saddam's role becomes one of "message wrecker" rather than "eavesdropper". This can still be quite a pain in the ass, particularly if wrecking messages is easy. After all, it would be particularly annoying to Tony and George to spend lots of their hard-earned money building such a system, and find that Saddam is wrecking every single message.

Am I right in thinking Saddam will be aware he's been busted?

Re:Hypothetically

[Des+Herriott]

I recommend reading The Code Book (Simon Singh) if you want to understand how quantum cryptography works.

But basically - no, what you suggest does not happen. You don't use a quantum channel (i.e. single photon stream) to send the message itself, you use it to agree a key, which is used as a one-time pad. The encrypted message could be sent over any channel - because it's encrypted with a one-time pad, it's absolutely secure on the wire. Remember the problem with one-time pads is key distribution, not decryption - if (and only if) you can securely distribute the key, one-time pads are pretty much perfect.

The key agreement protocol includes safeguards to avoid eavesdropping too - quantum physics means you can't reliably sample the stream of photons without changing it, and the protocol includes consistency-checking - if everything doesn't match up, the key-exchange is scrapped.

So basically, quantum cryptography is really just a very clever way of sharing a one-time pad key.

Re:Hypothetically

Actually quantum cyrptography only deals with the key distribution. So Tony and George would
know that someone has tryed to intercept bits of
their key and they can use a technique called privacy amplification to ensure that the remaining bits of their key are secure.

Quantum cryptography like all (almost all?) schemes is insecure to a "man in the middle" attach. If Eve can pretend to Alice that she is Bob and to Bob that she is Alice then QC is just as insecure as any other scheme.

Neil

More details from the horse's mouth

A press release on the work last year can be found at:

http://www.qinetiq.com/applications/news_room/news _releases/show.asp?ShowID=272.

This has some details of how the team is working and how the experiment is carried out.

There's the promise of a new press release on the record distance very soon; when its available, we'll post the link.

YEAH!

Did you SEE that??? BRITISH & GERMAN! See that??! That's in EUROPE, see that???!!

Potential for a global attack ...

[jetlag11235]

It may be that one cannot tamper with the codes without leaving behind evidence of this tampering ... but it seems that there may be the potential here for either physical or electro-magnetic interference to destroy signals completely.

I hope that some kind of redundancy is built in ... possibly leading to messages taking multiple physical routes simultaneously.

-- jetlag

Quantum cryptography still susceptible to attack

[Omnifarious]

Quantum cryptography is still susceptible to a man-in-the-middle attack on the non-quantum channel used to check your quantum bits to be sure that you were eavesdropped on.

Will the US let it happen though? (text)

[Hobbes_]

There are two huge EU reports on what the UK + US were doing in regards to spying on business. (One link here, lost the other)

It's doubtful based on the reports that the US will allow such a thing to pass unless they can intercept and read it.

One way to crack

[Henry+V+.009]

There is the danger of a man in the middle attack here. Quantum cryptography requires the private transmission of the secure data as well as the public transmission of your polarizer (or what not) settings. If the cracker can replace the public transmission with his own, then he can eavesdrop with impunity.

Maybe I don't get it.

[Captain_Stupendous]

Quantum Crypto in general seems like a good idea, but think about it. The "good guys" know if the "bad guys" have intercepted the message (not just if the message is tampered with, but even if it's observed). So what do the bad guys do? Intercept EVERY message. The good guys no longer know which messages are trustworthy, and which are not. The key here would be the ability to differentiate between "This message was intercepted by the enemy", and "This message was intercepted, decoded and READ by the enemy". This is a level of detection that is (as far as I know) not yet available.

Re:"The Code Book" mentioned this several years ag

[FrostedWheat]

what's to say this is "unbreakable" - it's only secure so far ;)

Right,

Even photons must create some gravity. It would be possible to detect them if the detector was sensitive enougth.

Yes, it's very unlikely. The forces would be almost non-existant, and the air around it and the detector itself would probably generate more noise.

But not impossible.

Can somebody explain this non sequitur?

SlashDotIDOne writes "Well, given a hundred years at university and a few extra titles to my name, I'd be comfortable trying to summarize the article so don't take what I say at face value.

Re:Au contraire. Americans found the way in '98...

Well wake up then. Going 20km horizontally is
equivalent to going several 100kms vertically in
terms of loss. As the atmosphere is only a couple
of kilometres thick when transmitting to a satellite most of the loss occurs over the first few kilometres. Going 20km in free space is a big deal-- although they did do it at highish altitudes (~2km) where the air is thinner and so the losses are less. But still you could put the communications stations in the mountians as well.

Neil

PMTs wont work

a simple PMT won't work because the photons generated won't be entangled with the source photon. all of quantum information technology relies on quantum entanglement.

the article is oversimplifying

in reality, quantum crypto relies not on getting single photons across but looking at expected and actual error rates in transmission. when entanglement is broken (i.e. a beam-splitter, which is what i think you meant by "mirror"), the error rates jump drastically. that's how you know there is someone else in the loop.

new news

i think the news is that it has been done over a record distance (23km) in open space. when i was at los alamos in 1997/1998 they had achieved quantum crypto over about 1km.

Re:"The Code Book" mentioned this several years ag

[banana+fiend]

Wrong point,

doing it over the air or over a fibre optic cable is uninteresting to the "unbreakable" nature of the encoding scheme. "unbreakable" suggests that we now know everything there is to know, and we can sit back with a huge grin knowing we are safe forever from crackers. I think that's a little premature :)

...explain.

What, may I ask, do lawyers have to do with this? Or do you have a different kind of QC in mind?

Please, no unexplained acronyms.

How to break this transmission.

[PunchSix]

1. Observe that a transmission is taking place and intercept some fraction of the code, say, 66%.
2. Recipient says "oh no, didn't recieve such and such data, it must have been random interference, please resend"
3. Sender resends data, this time all is allowed to go through. They attribute the bad signal to poor weather or whatever.
4. Though the intercepter still lacks 34% of the data, cracking the remaining bits is orders of magnitude easier than cracking the whole thing.

Re:How to break this transmission.

[Jhan]

They'd be pretty stupid to do it that way, wouldn't they? Try this:

1. Observe that a transmission is taking place and intercept some fraction of the one time pad, say, 66%.
2. Recipient says "oh no, I only recieved 33% of the one time pad, it must have been random interference, please send more random numbers."
3. Sender sends a new set of random numbers, this time all is allowed to go through. They attribute the bad signal to poor weather or whatever.
4. S & R use the 33% of the data that got through in the first attempt, and 66% of the data that got through in the second attempt as their one time pad.
5. Saddam: "Doh!"

It's still not 100% secure, though. As many other posters have noted, a classic man-in-the-middle attack would work well.

Re:How to break this transmission.

[VendingMenace]

What if the sender was smart and used photons that do not interact with the atmosphere (or whatever is between the sender and the reciever) such as radio waves (for the atmosphere). Then a significant loss of signal would not be chalked up to interfernece.

Re:"The Code Book" mentioned this several years ag

[ajs]

Even photons must create some gravity. It would be possible to detect them if the detector was sensitive enougth.

You miss the point. The information is not encoded by modulating the frequency or the amplitude of the photons, it's done by manipulating quantum variables that are sensitive to observation. So, when you snoop the data, you change it, and the stream becomes corrupt. Personally, I just don't see how this beats symetric key cryptography where you can communicate the public portion in the clear (e.g. encode it into public transmissions or send out six couriers with the same info, since you don't care if one of them is intercepted).

Could it help prove life on other worlds?

[Fnagaton]

Just my brain rambling along as usual however could this kind of message be used to help show that life exists on other planets? For example, this form of communication allows you to test if the message was intercepted. this is why the transmission form was invented in the first place. However if you transmit a message to outer space to a fast traveling space probe a really long way away and find the message got intercepted then who did the interception? If the whole world promised not to intercept the message then logically an intelligence somewhere else did it or someone here broke the promise... Failing that, a random reorganisation of atoms happened to fake the interception. Theoretically you could build a cloud of fast traveling probes using this method of communication. You could cover a large area of space in a matter of years and listen and watch for intercepted signals.

Re:This could be nice

[Deth_Master]

The only problem with your statement is that this technology isn't wireless, its Optical. As far as I'm aware there aren't too many commercial uses for optical, with the exception of stereo systems and computers. This stuff isn't quite ready for commercial use. Also, one of the big things with the quantum keys is that the key is "programmed" to be a certain number once it reaches its location. If it is intercepted before it reaches there, it will change the state of the photon, therefore changing the state of the key and you will not be able to unencrypt the message. Also you'd have to get the message first, which would change the state of the message and change the encryption key to who-knows-what.
I'm not too good at this quantum physics stuff, so I may be wrong, if so then please flame with excessive flamage, I will not be offended. But you'd better be correct, with appropriate backup information, of course. :)

hmmm...

if the message is changed if somebody else 'looks' at it, couldnt that be used as a dos attack? keep fscking with the message, no matter how secure it is, if you cant use it then whats the point?

Re:"The Code Book" mentioned this several years ag

[nzhavok]

One time pads are ABSOLUTELY unbreakable...

Erm, no they're not. If you get hold of the decrypting pad you can break it, not that much different than stealing a pgp key and passphrase really.

Re:Philip K Dick didn't write Blade Runner.

[Nanite]

He wrote the book it was based on. Isn't that close enough?

Speaking of Google's New News Service...

[Uttles]

Does anyone else think it would be a great addition to Slashdot's stories if they would include a link to the google news search under every headline? I don't think it would be that hard to automate, but it sure would open the door for us users to see a lot of different articles per issue discussed.

Re:Speaking of Google's New News Service...

[spencerogden]

Kind of defeats the purpse if you aren't sure which article a poster is commenting on. It would work for some stories that are more about an issue than about a specific page, but I think that for most stories, the specific article mentioned is important.

Re:Speaking of Google's New News Service...

[QuantumFTL]

I heartily agree... /.ers seem to love google, and it's definately save a lot of typing.

Maybe comments might even be more insightful on average?

Or maybe that's not saying much :)

Re:"The Code Book" mentioned this several years ag

[Otto]

Assuming someone doesn't steal the key and you did it correctly, then yes.

But if you didn't do it correctly, or your pad choices aren't truly random, or someone knows some of the plaintext, or half a dozen other things, then a one time pad can be broken with a lot of guesswork.

Re:Philip K Dick didn't write Blade Runner.

[pubjames]

Philip K Dick didn't write Blade Runner.

Well, he wrote "Do Androids dream of Electric Sheep", which Blade Runner was based on. Happy now?

Disruptance

[TheKAVH]

Can't someone who is just interesting in disrupting communication instead of intercepting them have a field day with this. Isn't that one of the first objectives of war to cut off HQ from the men on the field, etc

Re:"The Code Book" mentioned this several years ag

[Gyorg_Lavode]

This is not the first time this has been acomplished over air. In fact, Las Alamos sent single-photons with quantum encrypted data over free air to demonstrate that single-photon signals were possible. This is just signifigant because of the distance at which it was accomplished.

Second, they talk about boosting the signal to achieve the ability to transmit to satalites. This would be at the detriment of the security of the key as the greater the signal strength, the more photons it carries, the easier it is to split off a portion of the beam to be read. This of course is still not in any way easy as statistical analysis of the strength of the signal can reveal that it is being split.

Third, the fact that the signals are being bounced of a satilite autmoatically invalidates the security. If it is relayed, the key is stored in non-quantum states which invalidates it's security. The article sais that the signal on fiber optics has to be boosted every 6 miles. That is also garbage. Boosting the signal again invalidates the security. I don't know anywhere that quantum keys are used through signal boosters.

This experiment is notable though. The farthest a quantum key has been transmitted was 32ish km (I believe in germany), over a single fiber-optic cable. This is the first transmission of a quantum key over a signifigant length through atmosphere.

Re:"The Code Book" mentioned this several years ag

[Rich0]

Symmetric key cryptography is sensitive to brute-force and possibly cryptanalysis - especially if the key is recycled. You also need couriers. If you are going to use couriers - have them at least carry CD-ROMs full of one-time pad data - that isn't any less practical to achieve.

The adavantage of quantum crypto is that it gets rid of the couriers. What if the attacker intercepts all six couriers - possibly by bribing them all. It just takes one more factor out of the equation. Also - the transmission is not susceptible to cryptanalysis or brute force, assuming your key data is truly random. The actual transmission is encrypted by one-time pad - the only way to crack it is to have the key.

And you are right - the basis of quantum physics is that you CANNOT measure the photon properties using any technique at all without altering them. If there is a clever way around this it would mean that the laws of physics as we understand them are quite wrong. Not that this is impossible, but quantum theory has been tested quite thoroughly. There is always that one experiment that could shoot it all down - but nobody has found it yet.

Atmospheric Diffusion

[GryMor]

Ok, maybe I'm off in left field, but given that normal atmospheric diffusion of the beams doesn't count as observation, whats to stop someone eavesdropping the beam scatter and side blead at a greater distance than the receiver (and thus, temporally after they have received and decoded the signal)? The only idea I've got is that it somehow requires >50% of the full beam to get an uncorrupted reading, but that doesn't jibe with them using amplification at both ends (or am I missreading the article?) as that implies that their receiver doesn't have enough fidelity to pick it up without amplification. Someone with some idea of the actual basis fro this care to enlighten me (and then explain how, if it can detect observation off of atmospheric scatter, how this doesn't produce FTL comm via selectivly observing and not observing the beam?)

how it works

[alienmole]

As has been pointed out elsewhere: the quantum bit is used to transmit a one-time pad, which is then used to encode & decode the actual message, which can be sent over any channel of your choice. Since you know if the transmission of the one-time pad has been compromised, it's a very secure system in general. At no point is there the possibility of a third party actually decoding your message (bar a sophisticated man-in-the-middle attack, I guess).

If someone intercepted every attempt to transmit your one-time pad, you might have a problem, but there are apparently ways around that.

Re:how it works

[Captain_Stupendous]

Obviously we can't draw direct parallels betwen traditional and quantum computing, but isn't a single bit a little small to transmit a one-time pad? I mean, unless your message is one-bit long... I guess I still don't get it.

Re:how it works

a) Nothing to do with quantum computing
b) You can send many bits

Re:how it works

[alienmole]

Sorry, I only noticed that after I posted my message. I used the word "bit" completely unconsciously, to mean "piece" or "part". I was saying that the quantum part of the process is simply used to transmit the one-time pad in such a way that it is known to be transmitted without interception.

Re:how it works

[Captain_Stupendous]

(*slaps forhead in moment of epiphany *) oohhhhh. NOW I get it... And of course, once you have a guaranteed secret one-time pad, you're pretty much home-free (at least I know THAT much..).

WRONG! it does not have a PASSWORD.

[goombah99]

The POSTER does not know what he/she is talking about. This is about Transmitting messages not encrypting them on your hard disk. There is no password to steal.

when a message is transmitted it sent in a way that the message cannot be read by more than one receiver. (in theory) This means that the message cannot be eavesdropped upon. It does not mean the message containing the key is encoded.

So what is the key? the key can be a one time randomly generated bunch of numbers, never written down by the sender, and immediately discarded by the receiver. Thus no passwwords.

Re:WRONG! it does not have a PASSWORD.

[Ctrl-Z]

As I understand it, the usefulness of this form of quantum communication is in key distribution, much like public key cryptosystems.

If Alice and Bob have a quantum link between them, and want to communicate securely, then they can use a secure cipher of some sort. Alice can generate a key and send it to Bob. Now, given the nature of quantum physics (is this related to the Heisenberg Uncertainty Principle?), an eavesdropper cannot intercept this key without both Alice and Bob knowing. Now that they have a shared key, they can start to communicate using the strong cipher that they selected.

Correct me if I'm wrong.

Re:WRONG! it does not have a PASSWORD.

[invenustus]

I believe you are wrong. There is still the possibility for the classic man-in-the-middle attack:

Alice: Hey Bob, are you out there?
Eve: Uh yeah, this is me Bob, that's the ticket.
Alice: OK Bob, let's do our secure key exchange.
Eve: Sure thing, Alice.

Alice and Eve now have a secure channel between them.

Bob: Alice?
Eve: That's me.
Bob: Let's exchange keys.
Eve: Yeah, let's do that. That way no one will be able to intercept our traffic.

Bob and Eve now have a secure channel between them.

Bob: I love you, Alice.
Eve: Well, it's a good thing that you told me over the secure channel. But alas, I am in love with someone else. You know who would make a good lover for you? Eve. She's just your type.
Bob: Gee, thanks Alice.

Alice: I love you, Bob.
Eve: Sorry baby, I've found someone better.

Re:WRONG! it does not have a PASSWORD.

[WolfWithoutAClause]

There's still the problem of authentication however. How do you know that the person you are communicating with perfectly isn't one of the bad guys? For authentication you require passwords, or some other form of identification.

Re:WRONG! it does not have a PASSWORD.

[kasperd]

There's still the problem of authentication however.

That is indeed very true. But unconditional confidentiality cannot be done with a key smaller than the message. Unconditional autencity is different, that can be done with a key smaller than the message. This is very important because without unconditional autencity quantum cryptography is not secure.

When transmitting a message you can include a key for the next session, so you don't have to use the signature key more than once.

Re:WRONG! it does not have a PASSWORD.

[VendingMenace]

It is not related to the Heisenberg uncertanaty priciple. That priciple states that there are certain sets of observables (such as momentum and velocity) that cannnot both be known simultaneously to an arbitrary degree of precision. The security of quantum communication relies on the smallness of the particles being used. When such small particles are used there is no way to observe them without altering them in some way. At small enough sizes, even detection by light will effect the object in a noticable way. Thus, any snooping whatsoever (that we know of currently) will change the particles invovled, and by way of them, the content of the message. At least that is how I understand it...

Re:WRONG! it does not have a PASSWORD.

[WolfWithoutAClause]

When transmitting a message you can include a key for the next session, so you don't have to use the signature key more than once.

Usually you would want to authenticate the user, not the cryptographic equipment in case it gets stolen, or otherwise accessed by the black hats; and that requires a password and/or a biometric or something.

Re:WRONG! it does not have a PASSWORD.

[kasperd]

Usually you would want to authenticate the user, not the cryptographic equipment in case it gets stolen

This is outside the scope of quantum cryptography. But of course it is still of interest. There are two different aproaches to solve this problem:

1. Store the key in tamper resistant hardware, that requires authentification.
2. Don't store the key, but rather store the value of key XOR password.

Re:WRONG! it does not have a PASSWORD.

[Ctrl-Z]

Not that you should believe everything you read on the Interweb (especially on geocities), but this site begs to differ.

" What is really special is that Eve will not be able to eavesdrop on the message without alerting Alice and Bob. This is again a result of the Heisenberg Uncertainty Principle. If Eve is to measure the photons sent by Alice, she must use a filter, thereby polarizing the photon. As a result of the Heisenberg Uncertainty Principle, 25% of the photons measured by Eve will be totally blocked and will not reach Bob. Alice and Bob will quickly notice this after several occurences and know their message has been corrupted. Thus, quantum cryptography gauruntees complete secrecy."

I think we're both talking about the same thing. The reason your snooping changes the message is because of the Heisenberg Uncertainty Principle.

Re:"The Code Book" mentioned this several years ag

[Ctrl-Z]

Knowing some of the plaintext will not help you break the one time pad. The only part of the message that you will be able to deduce given that you know some of the plaintext, is that part of the plaintext that you already know.

I hate stupidity

[swagr]

The big question, though, is whether they should be allowed to enter the commercial domain, where they could be used by organised crime and terrorism to thwart eavesdropping by police.

Yes. True. On a similar note: cars, food and snail-mail are used by organized crime and terrorists for transportation, nourishment, and communications. Imagine how much better and safer the world would be if we didn't give the public access to these things.

More info

[brandonsr]

I'm sure a lot of the people here already know how quantum computers work, or will work, o whatever. ;)

But here is a great article for those who havn't read anything yet.

British and German crypto cooperation?...

[Lazarus_Bitmap]

To think that two countries who were once dedicated to breaking each other's crypto (WWII) have now worked together to create an 'unbreakable' approach is wonderfully ironic. Gotta love the march of time and change...

Re:Translation: A better RAW translation..

[farrellj]

Read "Quantum Psychology".

ttyl
Farrell

fnord

Re:How to fix the break

After the initial checksum data has been sent, the parties notice that data is being read. So at this point the transmission can stop before the message is sent. Do not pass go, do not collect 200 dollars.

jeez

[G.+W.+Bush+Junior]

Right... If that's the level we're discussing it on then no... It's not possible to create a code that is able to determine if it is being used by the wrong persons who've somehow gotten hold of the key...

Nor is it possible to create a code that makes it impossible to get hold of the original plaintext on the source computer, or threatening the author to simply tell you what you want to know...

And no... I guess it's impossible to create a code that can guard against dumbass humans using them the wrong way...

Re:jeez

[ignorant_newbie]

> Right... If that's the level we're discussing it on

you do realize this is /., yes?

Re:"The Code Book" mentioned this several years ag

[ajs]

And you are right - the basis of quantum physics is that you CANNOT measure the photon properties using any technique at all without altering them. If there is a clever way around this it would mean that the laws of physics as we understand them are quite wrong.

Could have been said, circa Newton: "The basis of physics is that time's passage is constant between any two bodies. If there is a clever way around this, it would mean that the laws of physics as we understand them are quite wrong."

Could have been said, circa Einstein: "The basis of relativistic physics is that actions happen independantly and interact through the transfer of energy, which is bounded by C ... quite wrong ... God ... dice..." :-)

It's not that Newton was "quite wrong" or that Einstein was "quite wrong", but rather that they were both correct for a certain problem domain. I suspect that the current work on quantum cryptography will fall apart once we get the GUFT nailed down.

Symmetric key cryptography is sensitive to brute-force and possibly cryptanalysis

Everything is susceptable to brute force. Don't buy it? Try to keep a secret, and I will send some brutes over to your house to torture you... Brute force always works :-) FWIW, I think I was on crack, and said "symetric key" when I meant "asymetric key". Obviously, broadcasting your symetric key over public media, as I suggested, would be a very bad thing :-)

Sending a courier with symetric key data or a one time pad has the disadvantage of being subject to undetectable interception. When you send 6 couriers with the public portion of an asymetric key, any 5 of them can be intercepted, but a) getting the public portion does not allow decryption and b) replacing the courier/key can be detected by comparing all 6 when they arrive. Expand the number of couriers as required.

Okay, this is probably a dumbass question...

[lumpenprole]

but I'm no physicist. Here goes:

The article says that it would be difficult to intercept because interception would be easy to detect because the interception would change the state of the photons. Okay. But then it says that since photons are so easy to deflect the reciever would have to send back info about what packets are missing. So couldn't you just intercept a bunch of bits and the reciever would just assume interference. Is this one of those signal-to-noise inference things a la Stephenson's "Cryptonomicon"?

Furthermore, it mentions some absurd length of time to decrypt these messages, but I assume that's with current tech. What about with a quantum computer? Isn't that the sort of thing that they are supposed to excel at?

Just wondering....

Re:"The Code Book" mentioned this several years ag

Getting hold of a solution to a code is on no way "breaking" it. It's using the key. Idiot!

Obfuscation

[bytesmythe]

From the article:

A laser transmitter was set up at the top of the 2,950-metre (9,587-feet) Zugspitze, and sent out pulses to a receiver, a 25- centimetre (10-inch) shop-bought telescope, positioned on line of sight on another peak, the 2,244-metre (7,293) Westlichekarwendespitze.

Obviously they encrypted the locations so readers wouldn't be able to attempt to eavesdrop as easily.

Re:Obfuscation

[heby]

while Zugspitze is actually correct, the name of the other mountail should read Westliche Karwendelspitze.

Re:Obfuscation

"Westliche" doesn't need to capitalised, it's an adjective.

Re:"The Code Book" mentioned this several years ag

[delta407]

or someone knows some of the plaintext, or half a dozen other things, then a one time pad can be broken with a lot of guesswork.

How, pray tell, does knowing some of the plaintext help you? The key is exactly the same length as the data, and if you have a good enough source of entropy, nothing can predict bits before and after the section you know.

You could be given THISISAONETIMEPAD and decrypt it into any string the same length, period. You would have to know the whole plaintext (assuming the OTP is random, which it ought to be), in which case decrpyting it wouldn't be helpful, would it?

The bottom line is that known-plaintext doesn't hurt OTP, because you cannot recover any portion of the pad except for the part that reveals the plaintext.

I've intercepted the photon stream

I've been able to successfully thwart this ultra secure mechanism by simply exploiting it's obvious weakness. Read one photon and get detected? No problem, I insert a photon sensor in the path of thel laser beam and catch all the photons and read the information state, just like the real receiver would, quantum-state be dammed!

Then, just like the original transmitting tower, I repackage everything up nicely and send it on it's merry way, to the destination it was intended.

I have a patent pending on my anti-quantum-crypto measures. Cheerio!

They will anyway

[Logos]

>Whether they should be allowed??

Exactly.

You can't create rules to stop rule breakers -- that's what makes them rule breakers. The only people (as always) who will be negatively impacted by such "disallowing" is the average person.

The two groups mentioned: "organized crime", and "terrorists", have almost as much money and power(in some cases, more) as the governments that would be "allowed" to use this technology.

How long before they circumvent the "rules?"

Oh and BTW, its not a function of criminality, its the nature of rules and power. This is the same dynamic that is at work with regard to taxes, investments, world banking, civil rights, the environment, pick your favorite rant.

People only follow rules when they have to, or or when they want to.

Who is more likely to have to?

Who is more likely to want to?

The powerless cannot pass rules to thwart the powerful, they can only make themselves less powerful.

Re:"The Code Book" mentioned this several years ag

[Rich0]

Assymetric encryption is vulnerable to number-factoring - a problem which is currently difficult, but is threatened by quantum computers and the possible development of exponentially faster conventional computers.

As far as the laws of physics changing, that is always possible. One advantage of quantum crypto is that it prevents interception. If somebody figures out how to bypass it and divulges the vulnerability, you can stop using it and rest assured that nobody intercepted anything prior to the disclosure (unless the NSA figured it out five years ago and is keeping quiet about it - but they probably employ a lot more mathemeticians than quantum physicists).

However, with asymmetric or symmetric encryption anybody can intercept your communiction. True - they can't read it now, but they can always save it until technology improves. Some secrets are only important for a few weeks or months - like the next querterly report for comnany XYZ. Some secrets are important for a lifetime. In the first case, I wouldn't be too afraid that somebody might break my message using a quantum computer in three years - in the second case I'd be VERY concerned. Suppose it is a government secret being transmitted from embassy to embassy which contains data obtained by espionage on an allied country (such as the British spying on the Americans or vice-versa). That data would be very sensitive for as long as the alliance exists (how long have the USA and the British been friends now?). You don't want it divulged twenty years from now when somebody finds some old messages and pulls out their 10,000,000 processeors running at 100 petahertz pocket calculator and does a "little" math.

Quantum crypto is a completely different approach to safeguarding a secret, and I think that it will be quite valuable for many years to come - or at least until the laws of physics are changed. And once that happens, you can just stop using it and not worry about who has already intercepted your data. The only other method which comes close is the one-time pad - and then only if you are certain the key is protected and transmitted securely.

Re:"The Code Book" mentioned this several years ag

[Pentagram]

This would be at the detriment of the security of the key as the greater the signal strength, the more photons it carries, the easier it is to split off a portion of the beam to be read

Isn't the whole point of cryptography that information can be sent freely with only the intended recipient being able to easily decrypt it? And isn't the point of quantum cryptography to guarantee that only the intended recipient can decrypt it?

Re:How to fix the break

[Tablizer]

But what if it is found out that all or some of the relied-on theories on quantum stuff is wrong, and others have been reading it all along?

Re:"The Code Book" mentioned this several years ag

[CustomDesigned]

Assymetric encryption is vulnerable to number-factoring - a problem which is currently difficult, but is threatened by quantum computers and the possible development of exponentially faster conventional computers.

Only RSA and related assymetric algorithms are so threatened. Elliptic curve algorithms, for instance, have no known quantum algorithm to solve them. They also require more conventional horsepower per bit to brute force.

Re:"The Code Book" mentioned this several years ag

[Pentagram]

Who said there has to be a decrypting pad? :)

Re:"The Code Book" mentioned this several years ag

[theCoder]

No, quantum cryptography ensures that only the intended receiver received the message. Anyone snooping the message would be detected by the receiver (it's complicated to explain, but it has to do with the rotation of the light wave (remember that photons are both particle and wave)). So, you don't send data over a quantum link, you send your temporary key. When both sides have the key (and know that no one else could have sniffed it), they can use regular channels to send the data encrypted with that key.

Re:"The Code Book" mentioned this several years ag

IF you don't use the one time pad more than once (hence the name).

One time pads can be broken if someone gets lazy and starts reusing a key.

Re:"The Code Book" mentioned this several years ag

[Ed+Avis]

I think the 'unbreakable' claim comes in that you cannot read the message without knowing the pad. Of course if you already have the key then the message can be decrypted... but that is obvious and it doesn't count as 'breaking' the cipher.

So the cipher is unbreakable, but the system as a whole may not be, due to passwords written on Post-It notes etc. IANAC, but I think analysis of new encryption methods doesn't concern itself with such possibilities :-).

Re:"The Code Book" mentioned this several years ag

[Pentagram]

I know how the theory goes. But as a black box, the system guarantees that only the intended person (etc.) gets the decrypted data. Someone reading stray photons does not compromise the system as the original poster claimed, but perhaps they were trolling.

Re:"The Code Book" mentioned this several years ag

[RayBender]

An important additional point that is getting missied is this: if anyone intercepts the message it is immediately obvious to the intended recipient. In effect, by intercepting the signal the snooper corrupts the signal, so the intended recipient will not get an intelligble message. So this is even better than a one-time pad...

Of course, if there is something we don't yet know about quantum mech then perhaps it's not perfectly safe. Also, actually achieving 100% secure communication requires care in implementing the design - you can't put too many photons out there or some of them can be intercepted without tipping off the recipient.

Original paper

[Vadim+Makarov]

You can read the Nature paper here:

C. Kurtsiefer, P. Zarda, M. Halder, H. Weinfurter, P. M. Gorman, P. R. Tapster, and J. G. Rarity (not sure about the proper order of authors). Quantum secure key exchange between mountains: a step towards a global key distribution system.

Unfortunately, the paper is in a somewhat particulate state: you have to download the text in MS Word format and the image separately.

Also, by poking around the (unprotected) Kurtsiefer's home directory, you can have a lot of images of the experiment, experimenters, and the beautiful surroundings.

My congratulations to Dr. Kurtsiefer for finally getting this difficult experiment to work. He's been trying to finish it for about a couple years, if I recall correctly.

Re:Original paper

[Vadim+Makarov]

Here is the original paper on the Nature site. Still, Kurtsiefer's home directory proves interesting as well.

Economics

[Ingolfke]

With corporate IT spending continually declining I have a hard time believing that many companies will abandon their thick air installed base for better encryption. Even if they did, they would most certainly wait until a final thin air standard has been ratified, as most of the current vendor implementations are incompatible.

Re:"The Code Book" mentioned this several years ag

[Rich0]

Actually - too many photons isn't a problem. You send a bunch of photons, determine which if any made it there intact without being intercepted, and then select a portion of them to be the key.

Each photon is a single bit - so if one is intercepted but not part of the key it does no damage. And ones which are intercepted would be rejected as becoming part of the key. (Remember, you decide that you have a secure key BEFORE you send the message - so if it looks like somebody is intercepting bits you can decide not to send the message at all. You could even send a bogus message (which would still be indecipherable) to give the impression that a message was sent when it was not.

point taken

[G.+W.+Bush+Junior]

well... ohkay

Pay attention now:

[Otto]

If the one time pad is done correctly, yes, it's unbreakable. I think I said that.

If it's not done correctly, say, the guy used the same pad on two different messages, or the guy isn't using a good random generator, then a known plaintext attack will give you new parts of messages.

Especially if the guy used the same pad twice.

Like I said, if it's done *correctly* then it's unbreakable. But it often is not done correctly.

Re:Pay attention now:

[some+guy+I+know]

A one-time pad is, by definition, used one time.
If a person uses it twice or more, then it is no longer a one-time pad.

The only way to break a one-time pad is by breaking the method used to generate the key.
For example, using a PRNG is a very poor way to generate a key.

The best way to generate a OTP key is to use a truly random physical event, such as radioactive decay.
Place a geiger counter next to radioactive sample that produces several thousand clicks per second.
Count the number of clicks each second.
If the number of clicks is odd, add a 1 bit to the end of the key.
If it's even, add a 0 bit to the end of the key.
This can produce a CD-ROM-sized key (650MB) in only 21-22 years.
If you would like the key generated in less time, use a larger radioactive sample and reduce the time for each sample, or use multiple samples and counters.

What the hell

I read this like 2 months ago.. old news.

Ok just a little grounding

First of all no known application of security can ever be more than ~99 5/x (x being
part b is the now proven and more used Heisenberg princepal nothing is ever 100% this could be starting your' computer to "just check email", and for what ever reason your' config files aren't working (assuming use of DHCP and ethernet ).your' hard drive fales etc.

Thirdly given n time and effort almost any security schemes are breakable

On the quantum side the states do no realy overlop nor do particles exist in two places at once, they may behave as though they do because they can travel so they apear to do so and act as though they do, much like a laser beem seems to hit a wall instantly, it's merly the speed of it that makes it seem to do so, and yet all practical, esoteric, emperical, and anecdotal evidence counters what we see.

So to say quantum computers are based on particles superimposing states is false

What's hapening is that a particle is a sphere righ? it's it has no practical interference right? So if course it can spin, bob and do both(corkscrew), and a realy fast corkscrew that can be used as a third option:neither. This is great for siving, but bad for simple naeve inocent things like:aha i'd like to by a sword in quantum fantasy game x, it breaks things very quickly when the sword seller says: neither. the sword seller doesn't have a sword, and doesn't want to get one.

This hole quantum encryption stuff makes cracking a message, or simple making a message, much more secure that's all, because in day to day use it'll also make it much simpler to add a hardware device to you compter that makes the phisical transmition of the private message vastly easier.

and none of you retards gets it.

Re:"The Code Book" mentioned this several years ag

[VendingMenace]

I kinda feel like a Jackass for this relpy, but the laws of physics never change. Rather, our understanding of them changes via a series of scientific revolutions. Anyways, it may seem a bit nit-picky, but I believe that the difference is truly important and fundamental to how the entire institue of science is viewed and aprroached.

Re:"The Code Book" mentioned this several years ag

[cduffy]

The article says that the signal on fiber optics has to be boosted every 6 miles. That is also garbage. Boosting the signal again invalidates the security. I don't know anywhere that quantum keys are used through signal boosters.

No, it's not garbage -- you weren't reading carefully enough. The article was saying exactly what you are: that quantum crypto based on fiber optics was unusable for distances over 6 miles due to the need for signal boosters for fiber-optic-based communications for longer distances.

thin air

[Eric+Smith]

researchers have found a way to use quantum crypto through the air, thus allowing it to be used to communicate with satellites, etc.

To communicate with satellites, it had better work through very thin air.

Re:"The Code Book" mentioned this several years ag

[Rich0]

Couldn't agree more - I actually thought about this but was too lazy to reword... I didn't want to have to up my estimate of the impact of /. on work productivity on the poll...

Yeah, give me a Windoze system with this...

[MickLinux]

... So let's just say that the German Army sends up this satellite, and it handles the communications securely, and they are absolutely sure that nobody has intercepted the signal, so it bounces from their spy's little notebook+dish, up to the bird, and down, ever so securely to the server (on M$ Windoze, on a system in their capital), through the decryption server, and from there it goes across the street, through a ring network, over to the next city, up to another satellite dish, up to another satellite, down to Denver, back over to New York by Sprint cable, through a subocean cable, into France, into Berlin, and into the office of their spymaster.

Or something.

So it's good to know that our communications will be secure.

Ummm.... does anybody remember that RFP by the German Army for a non-M$ operating system?

Re:"The Code Book" mentioned this several years ag

[ShannonClark]

I recall reading about a case (I believe during WWII) where "One time pads" were broken.

Some because a "one time" pad was reused (a no-no clearly) - but more because someone (the English I believe) figured out how the one time pads were being generated - which then led to being able to break the code.

The point being that a large number of "one time pads" (i.e. most normal use cases of them) requires some method of generating (and then sharing) the pads - if this method is discovered then it is possible to break them.

Score : -1 Karma whore

Sigh.

I can't remember the last time I read about a new idea to improve security on slashdot where not at least one genius explained to us all that "this does not solve the whole problem". Who is really surprised about this ? Then said genius goes on to mention a random set of irrelevant "weaknesses" which really are other parts of the whole security issue, completely irrelevant to the new piece of technology. And then ofcourse, moderators fall in love, and moderate said genius to Score :+5 Insightful.

Completely removing one possible way to break your whole security scheme obviously improves security, and that's all there is to it.

Re:"The Code Book" mentioned this several years ag

[Dirtside]

My question is, how do you know that the intended recipient is getting the key, and not someone else?

More technical information available

[thehe]

A few interesting links for those seeking more technical information:

The original press release from QinetiQ is available at this news release.

Here is the corresponding German press release from the University in Munich.

More interesting, perhaps, is the page of one of the German professors involved in the experiment, devoted to this same subject, found here (in English!).

Re:Philip K Dick didn't write Blade Runner.

[Ungrounded+Lightning]

Philip K Dick didn't write Blade Runner.

Well, he wrote "Do Androids dream of Electric Sheep", which Blade Runner was based on. Happy now?

Nope.

Blade Runner wasn't based on "Do Androids Dream of Electric Sheep?" The MOVIE CALLED "Blade Runner" was based on ""Do Androids Dream of Electric Sheep?"

This is not a silly quibble. Blade Runner was a completely different book (By Alan E. Nourse, if I recall correctly). It's about a future dystopia where medical care is banned (in a misguided attempt to breed out dangerous recessives), except for people who have been sterilized. A very fatal Flu is circulating. There's a vaccine, but because you can't get it unless you volunteer for sterilization you're about to have a situation where all the surviving humans are sterile. One lead character is a "Blade Runner" - a surgical tool bootlegger for an illegal surgeon.

The makers of the movie version of "Do Androids dream of Electric Sheep" blatantly ripped off the name of the unrelated book - apparently because it sounded cool. Nothing in the movie is in any way related to blades or the book with the same title.

So the media empire strikes again, shafting TWO authors for the price of one.

Re:"The Code Book" mentioned this several years ag

[Zaak]

Elliptic curve algorithms, for instance, have no known quantum algorithm to solve them. They also require more conventional horsepower per bit to brute force.

Pay close attention to the word "known" there. Very important word.

And remember that factoring used to require a lot more horsepower per bit than it does now. We've been working on factoring for a lot longer than elliptic curves, but we're catching up. Remember that we don't know the minimum effort required to do either one.

TTFN

Re:"The Code Book" mentioned this several years ag

[Zaak]

Boosting the signal again invalidates the security.

That's true, but a quantum computer could perform error correction on a quantum key exchange because it can perform operations on entangled states without decohering them. I assume that would enable it to serve as a repeater for key exchanges over long distances. I don't know if anyone has demonstrated this, but it's possible in theory with the ~5 qbit computers we currently know how to make.
TTFN

Re:"The Code Book" mentioned this several years ag

Re " ...I just don't see how this beats symetric key cryptography "

Ummm, make that "asymmetric key". Right?

Last Post!

[alpg]

"Contrariwise," continued Tweedledee, "if it was so, it might be, and
if it were so, it would be; but as it isn't, it ain't. That's logic!"
-- Lewis Carroll, "Through the Looking Glass"

- this post brought to you by the Automated Last Post Generator...

Re:"The Code Book" mentioned this several years ag

[peter]

Try this phrasing: Until the laws of physics are (better understood|clarified). Or: Until our understanding of the universe improves.