Slashdot Mirror
Quantum Cryptography: 100km Barrier Broken
jdfox writes "Toshiba Research Europe have just demonstrated quantum crypto over 100km fibre links. Sounds like there's still a fair bit of work to be done before it leaves the lab, but it's amazing that they've got as far as they have. There's another article about it, though still not much technical detail, here on the BBC and here on The Register."
>100km fibre links...there's still a fair bit of work to be done before it leaves the lab
;)
That must be a big lab! Or maybe they had 100km of fibre and they just looped it round and round and round.
Communication with quantum cryptography is inherently secure because it takes advantage of the physical properties of single photons. In the technique, each transmitted bit of a cryptographic key is encoded upon a single photon.
The sender and recipient each have a key to decode the photon stream, but any attempt to hack into the link and capture the key is doomed to failure as it alters the quantum state of the intercepted photons. These changes are easily detectable, revealing the presence of the hacker.
--------
Free your mind.
From the Register article:
Dosent quantum cryptography depend on the assumption that it is impossible to copy this stream of encoded photons without leaving a trace?
I mean, I don't know many labs that are 100km long. I've heard of mile long labs at NASA or the NSA or somewhere, but not 100km.
Bleh, sorry for the lame joke, I'm drunk.
autopr0n is like, down and stuff.
At the CLEO in Baltimore, researchers describe a record-breaking âunhackableâ(TM) link.
UK researchers have broken the distance record for quantum cryptography, the optical technique that enables âunhackableâ(TM) communication along an optical fiber.
Andrew Shields and colleagues from Toshiba Research Europe, UK, revealed their record-breaking link, which reaches over 100 km, at the Conference on Lasers and Electro-Optics (CLEO) in Baltimore, US.
âoeAs far as we are aware, this is the first demonstration of quantum cryptography over fibers longer than 100 km,â said Shields. âoeThe technique could be deployed in a wide range of commercial situations in less than three years.â
Communication with quantum cryptography is inherently secure because it takes advantage of the physical properties of single photons. In the technique, each transmitted bit of a cryptographic key is encoded upon a single photon.
The sender and recipient each have a key to decode the photon stream, but any attempt to hack into the link and capture the key is doomed to failure as it alters the quantum state of the intercepted photons. These changes are easily detectable, revealing the presence of the hacker.
In practice, attenuation in the optical fiber and noise in the detection unit limits the distance over which quantum cryptography works.
The Toshiba team was able to improve the link distance thanks to an ultra-low noise detector, which detects single photons. This detector is based on a GaAs/AlGaAs modulation doped field effect transistor (MODFET), which does not rely on avalanche processes and is therefore less prone to noise than conventional devices (see related story).
The previous transmission record of 87 km was set by researchers from the Japanese company Mitsubishi Electric in November last year. They also developed a novel kind of detector, which had a low dark-count probability, to extend the link distance.
Banks and government organizations are expected to be the first users of quantum cryptography systems when they become commercially available.
Author
Michael Hatcher is technology editor of Opto & Laser Europe magazine.
Bush is on fire and its not good for my lungs.
Sample the photons and generate new ones of the same type. Well I know I'm just another /.er commenting on math and physics matters knowing barely anything about it, but couldn't it work?
-Libertarian secular transhumanist
Toshiba Research Europe have just demonstrated quantum crypto over 100km fibre links. Sounds like there's still a fair bit of work to be done before it leaves the lab...
How could it not have left the lab? Is Toshiba's lab 100KM long? That's a pretty huge lab!
I'm generally "Interesting," "Insightful," and even "Funny" here. What the hell happens to me at parties?
Imagine, all you will need for you own photon ray gun/torpedo is a network cable with signal. Looks like the geek shall inherit the earth after all.
In the technique, each transmitted bit of a cryptographic key is encoded upon a single photon.
Actually it is not completely true, you cannot guarantee that you send out a single photon. Indeed, you don't. You try to approximate a single photon source by using weak laser pulses, but this does not mean you always send out a single photon (sometimes you send out more, sometimes you do not send out any at all). But every security proof consider the fact that you are able to send single photons (which is highly not trivial)
Actually this fact makes most implementations of quantum crypto protocols insecure to a class of attacks (PNS), even though they would take place in a very unrealistic framework (but you have to consider them).
because the net has a shitlod of repeaters right? Just repeating the thing will change it. DUH.
They plan to rewire the internet? I dont think so. This is only of use for office to office.
I attended a talk by the head of the RLE lab at MIT a few weeks back. They are working on quantum entanglement and quantum teleportation as means of delivering quantum information over classical "internet" networks. The hitch is that they need an entanglement source to distribute entangled electrons to both ends of a connection...
Any attempt to hack into the link must not be passive as it alters the quantum state of the intercepted photons.
If the sender is capable of generating photons with an arbitrary quantum state, so is the hacker. Obviously this will block attempt to merely split the signal, but why not just observe and then retransmit new photons with the original state?
I'm sure it's just an oversimplification by people who don't know what the researchers where talking about...why does this help anything?
Mod me down and I will become more powerful than you can possibly imagine!
The laws of quantum mechanics dictate that it provides a way to guarantee that no-one has intercepted that key,
Yes, I'm not familiar with this subject, but I just can't accept the idea that something may acutally be unbreakable.
If somebody knows a bit more I'd like to hear a profan explanation on the quantum mechanics laws(it's an auximoron, isn't it????;o))), that assure this. Wouldn't it be possible to do damage with a hardware device, if not on the software level????
1. No sig. 2. ???? 3. Profit!!!
This is great news for privacy. Sure, if Scully and Mulder want your box, they put a camera in your house, sniff the keyboard for the pw, or just take it via a warrent issued from a Judge who stamps his approval on anything that involves encryption and terrorism.
Overall, great for privacy. I sure as hell want Citibank using this on all their ATMs, Visa on the card readers, etc.
IANAQP, but it seems that if the intended receiver can decode the photons, any person in the middle could also decode the same photons and retrieve the message.
The key point here is that by observing them, the person in the middle changes their quantum state, thus making it immediately obvious to the intended receiver that the channel is insecure. So depending on the delay between the receiver determining this, and indicating to the sender to halt transmission, someone could still capture at least some data.
Or do I just have no clue what I'm talking about?
As the poster noted, light on the technical details... what are the error rates? is there any chance that their could be accidental quantum state changes, especially given that single photon transmission is really just *average* single photon transmission (sometimes more, sometimes none?)
Anyone that has a clue care to enlighten?
yep - thats what came to my mind too now.
i never thought of that when i read articles
but it's a really nasty flaw that resending-thing.
a second link wold probably be needed to detect delays.
or could could one just check the hour and become suspicious when the data arives too late.
a delay would definitley be present, since photons travel kinda fast as you know.
I was re-reading the Fabric of Reality (David Deutsch) ... which essentially covers Quantum interference / computing (with the arguement that Quantum computing is a result of multiple universes coming together and interfereing with one another) ... In any case this may be a little bit off topic ... but the book echos 'The Matrix Reloaded' in many ways ... Deutsch describes an 'Oracle' who knows everything ... A Virtual Reality machine that interfaces with the brain (even a picture that looks like something out of the Matrix) ... a multiverse (worlds within worlds etc..) ... and a Universal Virtual Reality Generator that can essentially recreate the environment we live in ... in real time. This book pre-dates the original Matrix by a year.
These guys in Switzerland even sell devices to do quantum crypto.
You don't send the message via the quantum method - all you are sending is the key for a one-time pad cipher. If it's intercepted, you don't use that key, you generate a new one and try to send it again.
In fact there is a bit of confusion.
First of all, you do not send any message. You are just trying to agree a secret key, to use with a standard secure crypto system (i.e. the one-time-pad), so if some bits got lost, it is not a problem, at the end you agree only on the bits which are really shared by the two parties.
To understand this completely, you'd have to see the details of the protocol (the most widely used is the BB84 protocol). Error rates have of course to be considered, but the important fact is that the two parties at end can estabilish if too much eavesdropping has taken place (or if there was too much noise), and they abort the protcol. The important thing at the end is that an eveasdropper has just less information the the two parties, then so called privacy amplification techniques are used (after error correction) to estabilish a secret key.
Hope it helps. The whole thing is however quite tricky.
While I will make no claim to understand a good bit of this technology, what sort of applications currently need such a link (and can justify the need to spend the undoubtably huge wad of cash)?
What would need more than conventional encryption with huge keys at the moment?
Note that I stress "currently". Its pretty clear that a good ways down the road either computers will brute force 2048 bit keys in a few seconds or a way to factor huge primes will come along.
-phish
Why does the observation of the recipient change the quantum state of the photons, thereby making it unreadable to the recipient too?
It is intended only to be used on physical point-to-point link, you cannot even use repeaters. It's not made to be used on the internet ;-)
A quantum state on a single qubit looks like this:
a|0> + b|1>,
where |0> and |1> are vectors, and a and b are complex numbers, and the total vector has a magnitude of 1. When we measure the state, it collapses into the |0> vector with probability |a|^2 and into the |1> vector with probability |b|^2. And of course |a|^2 + |b|^2 = 1.
So the hacker won't know what the arbitrary quantum state was. Observing the photon destroys the original state.
OK, I've always wondered about this.
If observation by a third party renders the message unreadable, then why doesn't observation by the intended recipient render it unreadable?
It has been proven that Quantum Cryptology is secure provided that someone doesn't steal your qubits and the axioms of Quantum Mechanics hold.
I think this technology would do well in the casino industry.
Sometimes they might not want the feds knowing absolutely everything.
Is there a law against that?
_______________________________
The Spiders are coming
it's the kind of thing that keeps morons up at night thinking they can invent perpetual motion.
+1 cent.
No, someone can steal your qubits, it is not a problem!
;-)
The problem is, the name Quantum Cryptography is misleading. Actually, this is a key agreement.
Suppose Alice and Bob wants to share a common secret key. To do this, they have to agree on some common shared bits. If qubits are stolen, then Bob does not receive a them, so this does not bring any problems (because they both see the qubits have been stolen, they simply do not use them to generate the key). As long as they have more correct bits than the eavesdropper has, they can construct a secret key (and the technique used here goes under the name of privacy amplification, which is a not so trivial fact in information-theoretical crypto).
Of course quantum mechanics has to hold...
On a different note: do the photons change state just before you intercept/read them, while you're reading them or after you've finished reading them? I would assume the latter, otherwise the recipient also won't be able to read them without changing... All very confusing stuff to me :)
If there are several photons in the same arbitrary state, you can by measuring the qubits in different basis each time, come up with an approximation to the actual quantum state. If there are a 1000 of these photons, then basically we aren't gaining anything by having our information in Quantum form. So you want to avoid sending many duplicate photons for many of the states that you are sending.
You can't observe a photon without absorbing it. Once you've observed it, you've destroyed it. Atoms exchange energy by absorption and re-emission. The photon is either absorbed, or not, there's no in between. It's like binary.
The problem is, if I steal Bob's qubits, and throw him into solitary confinement in some military base in Cuba for being an "enemy combatant", that I can then pretend to be Bob to Alice, unless Alice and Bob had a weird protocal that they had agreed to use, and Bob wouldn't say what it was after being torture.. I mean given a nice friendly conversation.
I know quantum encryption is supposed to be the next big thing in cryptography, and make up for all the damage that quantum computers are supposed to do, but I just don't see it. Who has fibre all the way from them to their friend?
And encrypting each hop from me to my friend seems to hardly help at all. Now instead of the evesdropper being able to put a probe on any of the wires, they have to break into one of the routers. But really, who ever heard of someone stealing credit card numbers by digging up cables and putting a probe on them?
And besides, this still doesn't solve the authentication issue. You still need to be confident that the person at the other end is who you think they are. And it seems that solving that is at least as hard as doing the encryption once you know who you're talking to. Specifically, it seems likely that quantum computers will break all our current authentication schemes, but we have no reason to believe that they will break our symmetric ciphers. So even for people with fibre all the way to their friend, a provably secure symmetric cipher replacement is not very useful just yet.
I've checked and there is no one on that IRC channel
guess I have no idea how this works then. What is the big difference between sending generic what~have~you "data" over vast distances with fiber optics and sending "quantum encrypted" data, that makes this distance limit? I read about the turbo charged photons in the article, still makes no sense to me, aren't all the data streams with fiber based on photons anyway? Is it of an acceptable loss limit thing (zero acceptable?), or what?
thanks in advance to anyone who can explain this for us pea brains
slashdot is fun, there's a head 'sploder for me everyday!
IANAQC but here is how I remember Quantum crypto works:
Everything is dependent on the polarity of the photon. There are 4 major states to choose from: vertical, horizontal, diagonal, the other diagonal.
A process generates a shared key whereby successive bits are encoded either vertical for 1 and horizontal for 0, or diagonal for 1 and the other diagonal for 0.
Each bit is then transmitted along the fiber encoded according to the keystream (i.e. 111000 could go as |/|-\- for example)
The beauty is that the eavesdropper has to choose the correct polarity of 'gate' to read the polarity of the photons - if he uses a + gate to read a x photon, the photon will just bend round, randomly, to match the polarity of the gate.
Therefore the eavesdropper will receive gibberish , and the recipient will also receive gibberish if the message has been intercepted.
There's lots of other little features, expecialy around the generation of the keystream, which keep it secure, but I can't remember them off the top of my head.
That's the basic idea though. I don't see it replacing SSL just yet though, as it requires a dedicated fiber between sender and receiver.
Yes, but what you say of course holds for every secure channel. Secrecy and authenticity (which are the two components of secure channels) can hold only with respect to the sight of the other party. This is a problem you can't solve. For every absolutely secure channel Alice can't be sure Bob has not been kidnapped on the other side.
Take as an example a mailbox. It's a typical example of a channel providing secrecy. If you leave a letter inside, you are sure only one person will read what you have thrown inside (and namely the one who owns the keys). On the other end, you cannot know if in the meanwhile he/she has been killed, tortured and the keys have been stolen.
There is some interesting formalization about this subject, there is even a formal security calculus to cope with this problems (proposed by Maurer if I remember correctly)
Yeah, what jfern said. Put a bit more simply, any attempt to read the stream of photons causes the state of the photon to 'collapse', instantly alerting the sender and reciver of a breach.
Barring what the other poster said, you can also predict transmission times over fiber VERY accurately. Any time spent processing the photon information to create a new photon to retransmit would be longer than the total transmission time. This would be easily detected.
I have another interesting question though.. Would it be possible to combine this with the "laser teleportation" technology demonstrated earlier this year to have a REALLY secure wireless link? If so, 30 years from now, all communications might be so secure that we wouldn't have to worry about eavesdroppers.
Me too. What a disappointment.
I don't think this will help banks very much.
It just gives Slammer/Bugbear/etc. a faster and cooler (but not at the same time) means of propagation.
"now we are sure -- the cat is dead"
That's clearly useful, since it limits your points of weakness, but it's nothing to do with cryptography, in the same way whether I use TCP/IP or a avian carriers to transport packets of my ssh session has nothing to do with cryptography -- the science of analysing codes.
I thought that quantum cryptography was the following:
Location A has a proton that is spinning in one direction while Location B has another proton from the same atom which is also spinning in the same exact direction at the same speed as the result of some sort of natural phenomenon.
When one location shoots the proton with a beam of some sort to make it spin in the other direction at a different speed the proton at the second location starts to do exactly what the proton at the first location was doing that presenting an unhackable method of generating keys.
Is this right?
I think you can detect a polarized light beam (or any light beam, for that matter) by the deflection force it imparts on a mirror, without destroying the beam or the polarization (if it's polarized, that is).
This is strange. How can the intended recipient know what state is if the hacker can't?
I've googled (google'd?) around a bit but can't find a clear answer to this question, provided it exists: Can a quantum computer do what a classical computer can't? Now, from what I've gathered, a machine based on qbits can make intractable problems tractable. What would take billions of years to compute can be done in seconds. But what I want to know is if quantum computing can reach beyond the limits of a Turing Machine. However simple they may seem to a child, there are problems my Athlon could never solve even with infinite time and memory. Is this question still unanswered ?
You should probably be confident that something is wrong with quantum mechanics. Being confident that it's 100% correct would be like being confident 300 years ago that Newtonian mechanics was 100% correct. There's always something that turns out to be wrong.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
This may be wrong, but I'll mention it anyway.
Consider this scenario:
A --> B is intercepted by E, who responds to A (and thus gets 100% of the information). There is now essentially an A E connection, but A things he's talking to B. E then sets up a connection to B, pretending to be A, and retransmits the data.
It seems to avoid this requires some sort of host-identity verification mechanism.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
(This may be inaccurate as I'm recalling it from what I read in Simon Singh's "The Code Book", but I hope it explains the point.)
The idea is that you can measure the photons with only partial accuracy, and according to the setting of the measuring instrument. For example, if sending a photon in state Y, the measurement does not yield: "The photon was in state Y", but instead "The photon was probably in state X but maybe in state Y or Z, and not in state W.". Another measurement configuration could yield: "The photon was probably in state Y but maybe in state X or W, and not in state Z."
The "hacker" does not know the measurement configuration at the receiver and may try some arbitrary configuration of his own.
The problem is, when receiving the measurement result, for example that the photon was probably in state X, trying to retransmit it as X may be picked up as inconsistent at the real receiver's.
The measurement configuration itself for each bit can be agreed upon by a negotiation stage where a bitstream is sent accross random configurations of both the sender and receiver and then publically agreeing which bits of the sequence to use (knowing they have matching configurations, not letting a "hacker" enough information to know what configurations those are - leaving him with impossible guesswork).
Why was 100km a barrier in the first place?
Or is this just the first time someone bothered to try this over the distance in question.
What, has slashdot been ravaged by temperence fanatics?
autopr0n is like, down and stuff.
You might not care if they see you are listening in. but what if they are exchanging secret keys for normal encryption over the quantum channel? Then you care.. because if they know their key exchange was compromised, they won't use those keys.. that's the kind of thing this is for.
As for when they change state, they change state when you are observing them (say, when they hit a detector). An observer in this case is no different than the desired recipient.... it's just that once you receive it, you cannot recreate it....
If this is the case, adding repeaters could easily be feasible to achieve any distance. Each repeater would just generate a new quantum key to connect to the next repeater in line, and they would have to be monitor any interception attempts. It wouldn't matter that the key changes, bceause you're still ensuring that each segment is secure.
If I'm understanding this correctly, it sounds like it could be very useful already today for the network or data link layer in secure networks, but not really feasible for direct use by client software.
-j
Here is profane explanation:
You can't fuckin' change the shit without the data-whoring-bastards knowing some crap-for-brains is trying suck the data down the wrong hole! Jesus christ!
And I won't touch "auximoron" - too god-damned easy!
So the concept here is that if I try and passively read the photons during transport I will destroy them making it obvious too the other end that I have been listening.
However would it not be possible to simply insert a system between the two hosts (A & B) that are trying to transmit and then have your device pretend to be system B to system A and pretend to be system A to system B. This should ensure that it is possible to get all of the data transmitted. A tad more complicated than doing it passively but you would still end up with a very hard to detect eavs dropping system.
Is there any really good reason this wouldnt work, excluding detection during installation when the fiber goes dead for a minute.
37 - what does it stand for really...
This will explain a bit more for those not following the subject.
http://news.com.com/2100-1001-965957.html
Basically, it can only be read once. Just say you send a crypto key using this method to a friend. An evil hacker intercepts it and gets the key. Because it's intercepted, it never gets to your friend. Your friend, or rather, his quantum crypto protocol, tells you that it never got the key. You send another new key, repeat until hacker gets bored.
The hacker cannot simply intercept and repeat the key, because his interception modifies the photon before he gets a chance to read it. If he retransmitted his intercepted key, your friends computer wouldn't be able to understand it, would ignore it as corrupted, and ask for another key.
Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
This is a sucessor to the key-handcuffed-to-courier's-wrist set of cryptosystems. It's for embassies, military bases, and so forth. Not for you and me and the neighbor kid.
At any velocity Newtonian mechanics is incorrect; the reason it's not a problem at small velocities is that the error term is very small. But if you were to make measurements to arbitrary precision, Newtonian mechanics would give you wrong results at any speed.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
Use an axe, it's only usefull if they can transmit something.
Analogies don't equal equalities, they are merely somewhat analogous.
If so, 30 years from now, all communications might be so secure that we wouldn't have to worry about eavesdroppers
Nope. I mean, it wouldn't be so expensive today to encrypt point-to-point links with a stream cipher. But the problem is, it has to go through a router at some point. And you just have to put a bug in the router, have it copying traffic... this stuff is multi-stage, there's no way you could tell if the router were hacked/bugged from the timing.
I think if you're going to fantasize about a future with no eavesdroppers, you may as well fantasize about IPSec.
I hereby place the above post in the public domain.
In every system made by men, there are flaws which other men are eager to exploit.
The flaws will be found. They will be exploited and the cycle will continue.
This particular system will be flawed by complacency. Risks will be taken that should not be. Too much quantity will be entrusted to them so that even a narrow glimpse into the data stream will have sufficient samples to widen it out. Keys will be re-used too soon. There is an almost endless list of ways the data can be compromised without ever touching the fiber cable.
To say that this data stream can not be monitored today may be 100% correct. But it takes no account of tomorrow. To think that the photon data stream must be intercepted to decode the data is 100% wrong. There are leaks before the encoding and leaks after the decoding.
There is only relative security, not absolute.
Urk, this is dragging out my recollection of an article I read (paper version, no web version yet) in New Scientist about a week ago but...
IIRC, there is a new technique in the quantum world for observing the states of particles without changing their states - it's got something to do with recording data with accuracy smaller than the size of the error in a single experiment, but with repeated experiments the real value of the measurement starts to become apparent.
A quick google for "weak measurement" brings up pages way above my head so I can't go into it any further - but could this pose a problem for quantum crpytography? As I understand it, as multiple experiments are required there's no way of retreiving the data from a single transmission but then again that's how *I* understand it and IANAPhysicist.
-Rob.
You don't send the message via the quantum method
Don't tell me what I can and can't send over the quantum connection!! If it's good enough for my one-time pad cipher, it's gotta be a pretty dandy way to send the encrypted message also.
Nice round numbers that are powers of ten are not "barriers".
RTFA, RTFA, etc etc
Tachion-flux?
... eeerr ... the photon is overtaking
... but still which team can send "data" faster?
"The sender and recipient each have a key to decode the photon stream,
but any attempt to hack into the link and capture the key is doomed to
failure as it alters the quantum state of the intercepted photons. These
changes are easily detectable, revealing the presence of the hacker."
meaning scientist B already knows what scientist A is going to send him?
UTTER NON-SENSE! if a word starts with "qua" i ignore it!
AND:
two teams of scientists, every team has two scientists.
team ONE using a laser. distance 10m. a scientist at each end.
team TWO using a steal rod. distance 10m. a scientist at each end holding the rod.
which team can send data from one end to the other faster?
team ONE just turn the laser on and off.
team TWO are pushing/pulling the rod.
so you mean to say
the solid steal-atoms in the steal rod?
yes dummy, the scientists can simultainiesly start the experiment and
because they are super-sientiscts they can register the photon/laser and
push/pull of the rod instantly
Check for example the quantum cryptography setup description on a resarch page:
Only after a measurement run is completed, Alice and Bob compare their lists of detections to extract the coincidences and generate the quantum keys. Taking into account the time uncertainties of all measurement electronics in our system, we can implement a coincidence window of 5 ns. All the communication for generating the quantum keys and testing the security of the quantum channel is done by Alice's and Bob's personal computers via the standard computer network.
Please do not call this 'cryptography'. At best, this may be called 'tamper detection'!
As to using this technique to secure networks, make a basic risk analysis, ask yourself what's the weakest piece of the puzzle, and observe that this secures the bit of the Internet that's actually already the most secure: who thinks they can actually tap a fiber line & place a sniffer on it? Also... who would do that? If I was assigned to sniff a link by Dr. Evil, I would probably rather try to find a way through one of the link endpoints (ie a router) and eavesdrop from there! Wouldn't you?
And, by the way, for govts and banks and the like, real cryptography does the trick in a much more efficient way: you get end-to-end security instead of link security, plus the extra CPU investment needed for crypto is going to stay way cheaper than the big buck$ needed by photon-by-photon transmission equipment for a while.
Don't give in to the bullshit some researchers are ready to spread to justify their credits...
- P(x) is a function representing a public key, where x is a message and P(x) is the encrypted form of that message using key P().
- Analogously, S(x)is a function representing a secret key.
- P and S are chosen so that P(S(x)) == S(P(x)) == x.
- The general case of S(x) cannot easily be determined by inspection of P(x).
- Each person's secret key S is known only to themself, but their public key P is disseminated.
- Alice encrypts a message to Bob by sending Pbob(x). Bob evaluates Sbob(Pbob(x)) to determine x. No-one can intercept this message without knowing Sbob(), and see (4) above.
- Alice signs a message to Bob by sending Salice(x). Bob evaluates Palice(Salice(x)) to verify that the sender is Alice. No-one can fake this message without knowing Salice(), and see (4) above.
This breaks down at (4). We know from (3) that P(x) is not singular, and the inverse function P-1(x) is mathematically equivalent to S(x). The trick is in generating function-inverse pairs where the derivation of the inverse from first principles would require an extraordinary amount of computations, or in performing many, many computations in as short a time as possible, depending on which side of the fence you are on.Current schemes involve basically raising numbers to powers, ensuring that the greatest change occurs in the low-order digits and using modulo p arithemetic {think of a clock face numbered from 1 to p} to keep the numbers manageable. Recall that (x ** a) ** b
Quantum Cryptography:
- Alice sends photon stream to Bob.
- Some of Alice's photons fizzle out into nothing and don't make it as far as Bob.
- Eve intercepts some of Alice's photons.
- Every photon that Eve received will not be received by Bob.
- Bob has to compare what he received with what Alice sent in order to work out which photons went missing.
- Any information that Alice sent but Bob didn't receive is ignored.
- Alice and Bob now have two identical lists of zeros and ones, which can be used as an encryption key.
For me, this breaks down at (5). If Alice and Bob have to compare their notes somehow, then this is the weak point. It still requires some communication channel, which is susceptible to hi-jacking. If they discuss the sequences over a conventional phone line, it could be tapped. If they have to actually meet, why doesn't Alice just give her encryption key to Bob there and then?Or have I got this whole thing completely cocked up? If so can someone point out where?
Je fume. Tu fumes. Nous fûmes!
Kids your age shouldn't be allowed to access the internet outside of waltdisney.com.
Not that easy to make it brief, but I'll give it a shot.
The sent bit is polarized as either vertical(1)/horizontal(0) or the two diagonals as 1/0 in a same way. If you try to measure weather it's vertical/horizontal, but the sent bit was one of the diagonal polarities you get randomly 1 or 0. And naturally if you try to measure the correct polarities you get the intended bit 1 or 0.
The receiver can measure the polarity in of those two different ways. Upon receiving he picks the polarity measurement of choice in random, because he cannot know of which method he should use. Naturally he'll select about 50% correctly. For those his measurements are valid.
He can then simply call the sender and tell which polarity directions he used in each bit and the sender can then afterwards tell which were correct.
The essential thing here is that a man-in-the-middle hacker cannot receive and retransmit because prior to knowing of which polarity the original qubits in the stream was he cannot be certain any of his received bits, thus making it impossible for him to resend it to the originally intended receiver.
1 Earth is warming, 2 It's us, 3 it's royally bad, 4 we need to take action NOW
Good observation.
Too bad so many SlashDot readers (myself included) seem to be at times blinded by techological concepts instead of focusing on engineering issues (read: implentation), or the parent would be modded up.
The real assumption is that we exist.
If a DOS attack is intended, and you gain access to the medium, why would you tap the line using expensive beam spliters and photon detectors?
Just cut the fiber with your scisors...
The diference is that quantum chanel is both expensive and slow...
So you DO want to send a 1000 bits key with the slow and cheap medium, and a 1000 MByte message with the fast and cheap... encripted with the 1000 bits key. (one-time pad cipher is not always needed).
It's similar to the aproach used in PGP. You reach a key using expensive (computationaly) RSA, and then use it with 3DES or whatever you chose.
One problem with Quantum Cryptography is that, nowadays, it's a point-to-point comunication.
I mean, gigaquantum routers able to switch a single incoming photon to one of its 1000 outcoming fibers, without spoiling the entanglement of that photon, look pretty unreachable today.
Sure satelites or line-of-sight central stations can help, but a "quantum internet" is quite impossible for the next 20 years.