Ultrasecure Quantum Communications Over Thin Air

SlashDotIDOne writes "Well, given a hundred years at university and a few extra titles to my name, I'd be comfortable trying to summarize the article so don't take what I say at face value. Apparently British and German researchers have found a way to use quantum crypto through the air, thus allowing it to be used to communicate with satellites, etc. A very secure form since you know whether a message was intercepted, rather hard to tamper with ;). Courtesy India times and Google's new news service."

Re:Ok..

[richie2000]

Works now. *phew* For a while there, I almost believed that someone actually wanted to read the article before posting. We have normality.

Karmawhoring:

Super-secret codes head for space AFP [ WEDNESDAY, OCTOBER 02, 2002 11:36:33 PM ]
PARIS: Quantum cryptography, a technique of producing secret messages that are reputedly uncrackable, may soon be used by orbiting communications satellites thanks to experiments by British and German researchers.

The traditional weakness of sending encoded messages is eavesdropping. Quantum cryptography gets around this by sending an encoded message and, separately, a key to decode it, which are transmitted in pulses of individual light particles called photons.

By the nature of quantum mechanics, if a single photon is intercepted en route, that changes the state of the information package as it arrives at the other end.

That is a telltale for the legitimate recipient that his message has been tampered with -- the same as if someone received a letter that had been clumsily opened and then resealed, leaving traces of glue and fingerprints on the envelope.

The problem with quantum codes, though, has been how to send messages over long distances.

Data is of course already sent by laser light down fibre-optic networks. But this technique is unsuitable for quantum cryptography, for the laser signal has to be boosted every 10 kilometers (six miles), which causes the quantum state of the key to be rearranged.

Researchers from QinetiQ, the commercial arm of the British military research agency, and from Munich's Ludwig-Maximilian University say they have now demonstrated that it is possible to send a quantum-encoded message through the air.

Reporting in Thursday's issue of Nature, the British science weekly, they say they successfully transmitted packages across 23.4 kilometers (14.62 miles) between mountains in the German Alps.

A laser transmitter was set up at the top of the 2,950-metre (9,587-feet) Zugspitze, and sent out pulses to a receiver, a 25-centimetre (10-inch) shop-bought telescope, positioned on line of sight on another peak, the 2,244-metre (7,293) Westlichekarwendespitze.

With some adjustments to amplify the signal, it should be possible to send keys to satellites in near-Earth orbit, at an altitude of 500-1,000 kilometers (310-620 miles), the scientists say.

"This marks a step towards... a global key-distribution system," the authors say.

Quantum codes have obvious uses for military and government communications.

The big question, though, is whether they should be allowed to enter the commercial domain, where they could be used by organised crime and terrorism to thwart eavesdropping by police.

"The Code Book" mentioned this several years ago

[banana+fiend]

Excellent book for lay-people and crypto-beginners: Review Here

This has been a working theory for years (and the book suggests it had been done across a distance of several hundred meters back then!)

I hate it when people say "wow, we have an unbreakable code now". We find out new things and rubbish old theories about the universe and it's properties all the time, we may have violated the second law of thermodynamics, what's to say this is "unbreakable" - it's only secure so far ;)

Allowance of crypto

[explosionhead]

The big question, though, is whether they should be allowed to enter the commercial domain, where they could be used by organised crime and terrorism to thwart eavesdropping by police.
Whether they should be allowed?? Whether they're allowed or not has little bearing on what would happen. You look at the US's export restrictions for crypto, asking people outside the US to download the inferior version, they haven't exactly worked wonders have they?

Re:Allowance of crypto

[JonnyCalcutta]

The big question, though, is whether they should be allowed to enter the commercial domain, where they could be used by organised crime and terrorism to thwart eavesdropping by police.

Yes, this was the bit that got me as well. It amazes me that this sort of thing can be stuck in as a throw away sentence, as if to imply that there is no doubt about the correctness of this POV, and anyone who thinks otherwise must be stupid.

The saddest thing about the world we live in (in the West at least) is the horrible kneejerk 'won't somebody think of the children' attitude that comes before any form of rational thought is employed.

Here's my list of things we must ban immediately -
Let's ban pencils, pens and paper, since criminals can use them to draw plans of the joint they are casing or even, God forbid, create one time pads to pass uncrackable codes to each other.
Ban open spaces since criminals could use them to converse with each other out of earshot of the police.
Let's ban flags since they could be used to pass secret messages in semaphore.
In fact let's just ban all forms of verbal and non-verbal communication - let's see those criminals make plans now!

Slashdot would be the first to go obviously. All that 'geek talk' is obviously just a clever criminal code.

Setting the Agenda

[Beautyon]

The big question, though, is whether they should be allowed to enter the commercial domain, where they could be used by organised crime and terrorism to thwart eavesdropping by police.

Who said that this is the big question? This is not the "big question"; it has already been determined that "terrorists" did not and generally dont use crypto for communication, so thats just a lame excuse to keep the tools crippled (see A5).

Organized crime? just because an infinitessimal number of "organized criminals" (just where the hell are the disorganized criminals? [yes yes, GAOL]) might use crypto to secure thier telephones doesnt mean that the vast majority of people should be denied access, or given access only to cripple ware.

But you know this.

These agenda setting questions are pure bad journalism, plain and simple, and simple minded.

Re:Setting the Agenda

[fruey]

Who said that this is the big question? This is not the "big question"; it has already been determined that "terrorists" did not and generally dont use crypto for communication, so thats just a lame excuse to keep the tools crippled (see A5).

Exactly. Indeed, the real criminals (corrupt bankers, high wealth people, etc) are those that use crypto because they have the money and paranoia sufficient. Terrorists use simple stuff like codes, languages that only the top spies can get translated, and other tactics like human silence policies and any number of other things. As for organised crime, well using PGP / crypto etc is just going to get the FBI to prick up their ears a bit more so is generally avoided.

People should not be paranoid about cryptography, it should be openly available. It should be used primarily for signatures, and yet most people just think it's there for protecting data transmissions. *Sigh*

Re:Setting the Agenda

[Beautyon]

WMOB The recordings and transcripts (that you REALLY need) of some gangsters wiretapped by the FBI.

Its awesome!

In some ways it's solving the wrong problem

[WolfWithoutAClause]

The easiest way to crack encyption is to avoid cracking the encryption and attack the installation or the people using the encryption.

Basically, if you can bug the users keystrokes when they type in their password for the crypto system, then that system is toast- similarly if they have a physical token- if you steal that token.

Or you bribe/blackmail the guy; or you use "lead pipe" cryptanalysis- you hit the guy over the head until he tells you his password.

This system looks good; but don't assume that its going to be 100% secure. In the real world it can't be, unless there's no people in the loop, not even designing the system.

Re:In some ways it's solving the wrong problem

[adb]

Yeah, but it's nice to reduce the problem to endpoint security, because (a) you're always going to need endpoint security (so it's nice to be able to focus on it exclusively) and (b) endpoint security problems haven't changed fundamentally in the past few million years or so: you keep bad people away from the endpoint and, if necessary, induce sufficiently people to work for you with sufficient motivation that they are sufficiently hard to bribe or threaten.

The truth about quantum computers

[Klerck]

First, I'd like to point out that quantum computation and quantum encryption are two almost completely separate concepts. Quantum encryption is based on the fact that quantum states cannot be measured without altering. The most common example is the polarization of a photon, but it will work for any quantum state, so long as there exist, effectively, two unique states that can transmit the data.

Quantum computation, however, is much more complex and much more interesting. Quantum computers are based on the concept of quantum entanglement, the ability of a quantum state to exist in a superposition of all of its mutually exclusive states: It's a 1 and a 0. However, this is not as easy to use as one might think. While it's true that if you have n quantum logic gates you have the ability to input 2^n data values simultaneously (as opposed to only 1 piece of data if you have n digital logic gates), this is not going to be the end of classical computing for a few reasons. First, quantum computers have to be perfectly reversible. That means for every output there's an input and vice versa. And there has to be no way of knowing the initial states of the data. You don't process data, you process probabilities in a quantum computer; if you know exactly what any one value is throughout the computation, you can find out all of the values: the superposition ends and you're stuck with a useless chunk of machinery. This means YOU CAN ONLY GET ONE RESULT FROM ANY QUANTUM COMPUTATION, THE END RESULT. You can't see what the data in the middle is or the computer becomes useless. (Landauer's principle makes heat loss data loss. When your processor gets hot, it's losing data. If the same thing happened to a quantum computer, it wouldn't be quantum anymore.) Decoherence is what happens when you randomly lose data to the environment by design, not by choice, and the superposition ends. This is bad for Q.C. Oh, and quantum computers can only do *some* things faster, like prime factorization and discrete logarithms. Not multiplication or addition. Plus, the circuits that would do basic arithmetic would be bigger and slower than what you've currently got.

So what does this all mean? It means that quantum computers are going to provide some advantages (real quick big number factorization), and some disadvantages (that whole RSA standard). The most realistic initial use of quantum computers will be as add-ons to existing super-computers to resolve certain types of NP-Complete headaches that regular math can't simplify yet. At best they will someday be an add-on to your PC; but they will never replace the digital computer.~

If you want more info, check out http://www.qubit.org, it's got some decent tutorials.

Any details at all would have been nice

[CaptainAlbert]

Anyone got a link to the Nature article itself?

From the guff written here, it all seems implausible. Encoding a message in single photons is fine, but I find it hard to believe that you can transmit a stream of photons several miles through the atmosphere without a single one of them being absorbed or scattered (which would look the same as interception). It's just light, after all.

I wish I could remember any physics. Then I could say something about the possibility of "amplifying" a signal in which the symbols are single photons. But I can't, so I won't even try.

Plus, even taking the above on trust, it doesn't sound too hard to disrupt (with, say, a mirror).

Corrections and extra technical info most welcome! :)

Re:Any details at all would have been nice

[stevelinton]

I had a student do a project on this. You can live with quite high levels of photon loss.

Essentially, the process runs:

send a large number of (more-or-less) single photon pulses, carrying random data

recipient reports over an open channel, which pulses they got and some more technical information.

From this, sender and recipient can work out the subset of the random data that they take into the next step.

Now they (openly) exchange some checksums and things to determine the rate of bits which appear to have changed in transit, either due to eavesdropping, or noise and to get a common bitstring. From this, they can work out how to combine the bits of the bitstring to get a shorter bitstring which (with high probability) no eavesdropper can guess any part of.

Finally, they use this common secret bitstring as a key for a one-time pad.

Simulations suggest that even 99.9% photon loss is not fatal.

Re:Any details at all would have been nice

[Jobe_br]

This doesn't matter. What's being transmitted here is not the message, its the one-time cipher pads used to encrypt/decrypt the message. The gov't./military already uses one-time pads - but, they're disseminated on physical media, requiring delivery and disposal by physical, trusted personnel. So, this is about transmitting that one-time cipher pad, not about transmitting the actual messages. The messages, once encoded with the one-time cipher pad that is to be used for that particular transmission (pre-determined by the gov't./military) will be transmitted in the clear over current transmission media (public/private networks, transcontinental/oceanic fiber, military/communications satellites, etc.) The "messsage", encrypted with the one-time cipher that this new transmission medium disseminated, is unbreakable by untrusted parties, because of the one-time pad being used, not because of the transmission type being used.

The one article I read about this talks about the satellite communications that were being intercepted in Europe from NATO troops in the Balkans. This new quantum crypto transmission method for one-time pads has nothing to do with that - THAT was about the military not having enough encrypted satellite channels for the amount of data that they were needed to transfer. This wouldn't change that in one bit. This only affects the legwork currently needed to disseminate one-time pads to all necessary parties. The one-time pad systems are already being used, this would just make the process a bit less resource intensive and available to more parties (not just the ones that have reliable access to diplomatic couriers). Maybe that would change the situation above, because more people could take advantage of the one-time pad system, but I doubt it. This seemed more of a limitation of the satellite bandwidth than anything else.

Cheers!

Philip K Dick

[pubjames]

I remember reading once that Philip K Dick (writer of Blade Runner, Minority Report) went mad at the end of his life, one of the reasons being that he was convinced that there were zillions of alien transmissions going through the air which were screwing with his mind.

Perhaps he was right. Perhaps taking lots of hard drugs allows you to tune in to alien quantum communications. Sounds like some experimenting needs to be done...

Perl

[jaavaaguru]

From the article:
"Gift a Washing Machine & get Pearl Set Free @ INR 8590"

They obviously don't know that Perl is FREE for most systems.

commercial uses? yes!

[prichardson]

from the article (yes I read it)

The big question, though, is whether they should be allowed to enter the commercial domain, where they could be used by organised crime and terrorism to thwart eavesdropping by police.

If we don't let the public use this, everyone we don't want to have it will get it eventually. There wont be a user base to be framiliar with to help the government in finding the weaknesses. It is the same with cryptography software. Those who want it really bad can write their own or violate an EULA. The law abiding public is shut off from protecting their own things when terrorists and organized crime still can.

Au contraire. Americans found the way in '98...

[Peter+T+Ermit]

...here, quickly improved it to 0.5 and 1 km, and then 10 km. Don't quite know why Nature thought this particular paper was so revolutionary -- wake me when they get to about 300 km, the minimal bounce-off-satellite trip.

BBC Link

[Izeickl]

The BBC has a more laymans view of things here

Thin Air

[gcondon]

Ultrasecure Quantum Communications Over Thin Air

But how thin does my air have to be? I mean, I try to keep my air in shape but it certainly isn't as thin as it used to be. Perhaps if I move to Tibet.

Well at least the communications are ultrasecure - I find that secure just isn't enough.

Re:Secure?

[AndrewHowe]

You don't use this method to send your secret message, you use it to send a random one time pad. If it is intercepted, you just send a new one. You keep doing this until your recipient gets one that was not intercepted. Then you encrypt your secret message with this (now known to be secret) one time pad and Bob's Alice's uncle.
The one problem I see with this is that Eve (the eavesdropper) can effectively DoS Alice and Bob's communication, by intercepting everything, thus stopping them from ever agreeing on a private key.

Re:"The Code Book" mentioned this several years ag

[ajs]

Even photons must create some gravity. It would be possible to detect them if the detector was sensitive enougth.

You miss the point. The information is not encoded by modulating the frequency or the amplitude of the photons, it's done by manipulating quantum variables that are sensitive to observation. So, when you snoop the data, you change it, and the stream becomes corrupt. Personally, I just don't see how this beats symetric key cryptography where you can communicate the public portion in the clear (e.g. encode it into public transmissions or send out six couriers with the same info, since you don't care if one of them is intercepted).

Re:"The Code Book" mentioned this several years ag

[nzhavok]

One time pads are ABSOLUTELY unbreakable...

Erm, no they're not. If you get hold of the decrypting pad you can break it, not that much different than stealing a pgp key and passphrase really.

Speaking of Google's New News Service...

[Uttles]

Does anyone else think it would be a great addition to Slashdot's stories if they would include a link to the google news search under every headline? I don't think it would be that hard to automate, but it sure would open the door for us users to see a lot of different articles per issue discussed.

Re:"The Code Book" mentioned this several years ag

[Otto]

Assuming someone doesn't steal the key and you did it correctly, then yes.

But if you didn't do it correctly, or your pad choices aren't truly random, or someone knows some of the plaintext, or half a dozen other things, then a one time pad can be broken with a lot of guesswork.

Re:"The Code Book" mentioned this several years ag

[Gyorg_Lavode]

This is not the first time this has been acomplished over air. In fact, Las Alamos sent single-photons with quantum encrypted data over free air to demonstrate that single-photon signals were possible. This is just signifigant because of the distance at which it was accomplished.

Second, they talk about boosting the signal to achieve the ability to transmit to satalites. This would be at the detriment of the security of the key as the greater the signal strength, the more photons it carries, the easier it is to split off a portion of the beam to be read. This of course is still not in any way easy as statistical analysis of the strength of the signal can reveal that it is being split.

Third, the fact that the signals are being bounced of a satilite autmoatically invalidates the security. If it is relayed, the key is stored in non-quantum states which invalidates it's security. The article sais that the signal on fiber optics has to be boosted every 6 miles. That is also garbage. Boosting the signal again invalidates the security. I don't know anywhere that quantum keys are used through signal boosters.

This experiment is notable though. The farthest a quantum key has been transmitted was 32ish km (I believe in germany), over a single fiber-optic cable. This is the first transmission of a quantum key over a signifigant length through atmosphere.

Re:"The Code Book" mentioned this several years ag

[Rich0]

Symmetric key cryptography is sensitive to brute-force and possibly cryptanalysis - especially if the key is recycled. You also need couriers. If you are going to use couriers - have them at least carry CD-ROMs full of one-time pad data - that isn't any less practical to achieve.

The adavantage of quantum crypto is that it gets rid of the couriers. What if the attacker intercepts all six couriers - possibly by bribing them all. It just takes one more factor out of the equation. Also - the transmission is not susceptible to cryptanalysis or brute force, assuming your key data is truly random. The actual transmission is encrypted by one-time pad - the only way to crack it is to have the key.

And you are right - the basis of quantum physics is that you CANNOT measure the photon properties using any technique at all without altering them. If there is a clever way around this it would mean that the laws of physics as we understand them are quite wrong. Not that this is impossible, but quantum theory has been tested quite thoroughly. There is always that one experiment that could shoot it all down - but nobody has found it yet.

Re:"The Code Book" mentioned this several years ag

[theCoder]

No, quantum cryptography ensures that only the intended receiver received the message. Anyone snooping the message would be detected by the receiver (it's complicated to explain, but it has to do with the rotation of the light wave (remember that photons are both particle and wave)). So, you don't send data over a quantum link, you send your temporary key. When both sides have the key (and know that no one else could have sniffed it), they can use regular channels to send the data encrypted with that key.