Slashdot Mirror
Quantum Cryptography: 100km Barrier Broken
jdfox writes "Toshiba Research Europe have just demonstrated quantum crypto over 100km fibre links. Sounds like there's still a fair bit of work to be done before it leaves the lab, but it's amazing that they've got as far as they have. There's another article about it, though still not much technical detail, here on the BBC and here on The Register."
Communication with quantum cryptography is inherently secure because it takes advantage of the physical properties of single photons. In the technique, each transmitted bit of a cryptographic key is encoded upon a single photon.
The sender and recipient each have a key to decode the photon stream, but any attempt to hack into the link and capture the key is doomed to failure as it alters the quantum state of the intercepted photons. These changes are easily detectable, revealing the presence of the hacker.
--------
Free your mind.
At the CLEO in Baltimore, researchers describe a record-breaking âunhackableâ(TM) link.
UK researchers have broken the distance record for quantum cryptography, the optical technique that enables âunhackableâ(TM) communication along an optical fiber.
Andrew Shields and colleagues from Toshiba Research Europe, UK, revealed their record-breaking link, which reaches over 100 km, at the Conference on Lasers and Electro-Optics (CLEO) in Baltimore, US.
âoeAs far as we are aware, this is the first demonstration of quantum cryptography over fibers longer than 100 km,â said Shields. âoeThe technique could be deployed in a wide range of commercial situations in less than three years.â
Communication with quantum cryptography is inherently secure because it takes advantage of the physical properties of single photons. In the technique, each transmitted bit of a cryptographic key is encoded upon a single photon.
The sender and recipient each have a key to decode the photon stream, but any attempt to hack into the link and capture the key is doomed to failure as it alters the quantum state of the intercepted photons. These changes are easily detectable, revealing the presence of the hacker.
In practice, attenuation in the optical fiber and noise in the detection unit limits the distance over which quantum cryptography works.
The Toshiba team was able to improve the link distance thanks to an ultra-low noise detector, which detects single photons. This detector is based on a GaAs/AlGaAs modulation doped field effect transistor (MODFET), which does not rely on avalanche processes and is therefore less prone to noise than conventional devices (see related story).
The previous transmission record of 87 km was set by researchers from the Japanese company Mitsubishi Electric in November last year. They also developed a novel kind of detector, which had a low dark-count probability, to extend the link distance.
Banks and government organizations are expected to be the first users of quantum cryptography systems when they become commercially available.
Author
Michael Hatcher is technology editor of Opto & Laser Europe magazine.
Bush is on fire and its not good for my lungs.
In the technique, each transmitted bit of a cryptographic key is encoded upon a single photon.
Actually it is not completely true, you cannot guarantee that you send out a single photon. Indeed, you don't. You try to approximate a single photon source by using weak laser pulses, but this does not mean you always send out a single photon (sometimes you send out more, sometimes you do not send out any at all). But every security proof consider the fact that you are able to send single photons (which is highly not trivial)
Actually this fact makes most implementations of quantum crypto protocols insecure to a class of attacks (PNS), even though they would take place in a very unrealistic framework (but you have to consider them).
If I remember my research correctly, you can't sample the photons without changing their state. Thus it's not possible to generate new ones. If it were possible the entire idea would goto shit as a man in the middle could just intercept everything and regenerate new ones without being caught.
-- taking over the world, we are.
As I understand it (and I may be completely wrong), you can't, because it's impossible to actually measure the photons exactly - you can only gain knowledge about certain characteristics of them, in a process which irreversibly alters their states. This is (part of) what makes it impossible to listen in on a quantum transmission undetectably.
Think about it - if this were possible, an unwanted listener on the line could sample the stream, and then generate two streams - one back along the line, and one into his own recorder. Since quantum communication apparently makes this impossible, the answer should be no, whether or not my understanding of the situation is exactly correct.
A Minesweeper clone that doesn't suck
You can't measure the exact polarisation of a photon. The photon always either passes or doesn't pass. As you can't measure it, you can't duplicate it.
When A & B communicate A first sends the stream of photons using two types of polarisation (typically horizontal/vertical-linear and left/right-circular), and B measures randomly in the two different schemes. When the polarisation is measured in the wrong scheme the outcome is random.
The trick is that A & B now communicate over an insecure circuit and agree to throw away data where B was using the wrong scheme. They now have a clean stream of bits to use as a one time key over their insecure circuit.
-Yarn - Rio Karma: Excellent
These guys in Switzerland even sell devices to do quantum crypto.
That's how it's done in the labs of Fiber Optic equipment vendors!
It's not that the message itself is unbreakable, it's the overall system and process that is unbreakable. The great thing about quantum cryptography is that if anyone does intercept and read your message somehow, you can see with complete certainty that it happened. That's the nature of quantum physics -- things change when observed. So if you don't get what you expected, you know the message has been compromised. From the BBC article:
"With quantum cryptography, the very act of intercepting a single photon on its way down an optical fibre would change the information it was carrying. "
Which cryptography would you prefer? One where you can never be sure if someone has cracked the code before it got to you, or one where if that happened you could tell immediately?
-------------
You don't send the message via the quantum method - all you are sending is the key for a one-time pad cipher. If it's intercepted, you don't use that key, you generate a new one and try to send it again.
> That must be a big lab! Or maybe they had 100km of fibre ;)
> and they just looped it round and round and round.
Fiber without the colored "protective insulation" takes up surprisingly little space, and weighs next to nothing. 100km of fiber could be picked up by with one hand if mounted on single spool.
In our lab, we have four fiber spools (two 20km and two 40km) that can be connected together to create various distances. Each is mounted in a plastic case that is about a foot in diameter and 4 inches wide.
-- PGP keyID: 0x4C95994D
A quantum state on a single qubit looks like this:
a|0> + b|1>,
where |0> and |1> are vectors, and a and b are complex numbers, and the total vector has a magnitude of 1. When we measure the state, it collapses into the |0> vector with probability |a|^2 and into the |1> vector with probability |b|^2. And of course |a|^2 + |b|^2 = 1.
So the hacker won't know what the arbitrary quantum state was. Observing the photon destroys the original state.
No, someone can steal your qubits, it is not a problem!
;-)
The problem is, the name Quantum Cryptography is misleading. Actually, this is a key agreement.
Suppose Alice and Bob wants to share a common secret key. To do this, they have to agree on some common shared bits. If qubits are stolen, then Bob does not receive a them, so this does not bring any problems (because they both see the qubits have been stolen, they simply do not use them to generate the key). As long as they have more correct bits than the eavesdropper has, they can construct a secret key (and the technique used here goes under the name of privacy amplification, which is a not so trivial fact in information-theoretical crypto).
Of course quantum mechanics has to hold...
You can't observe a photon without absorbing it. Once you've observed it, you've destroyed it. Atoms exchange energy by absorption and re-emission. The photon is either absorbed, or not, there's no in between. It's like binary.
> Sample the photons and generate new ones of the same type.
You can't.
The sender assigns two bits of information to each photon. However, you can only
measure one. This is similar to the Heisenbarg relation of uncertainity, where
you can EITHER measure the position OR the impulse of an electron.
The sender generates a long stream of random information. The receiver reads
in either way, according to (other) random. An attacker would not know in which
way the receiver has read the information. However, if the attacker has read
the photons himself, he has destroyed every other bit. Thus, about 50% of the
bits that the receiver gets, are wrong. This is easy to detect.
As a result, you can't passively tap such a communication line. The only thing
you can do, is to impersonate the receiver, so that the sender communicates
(untapped) with the attacker. The attacker could then establish a second (also
untapped) channel to the original receiver, and relay all data back and forth
on the logical level.
This is called a man-in-the-middle attack, and works for many crypto systems,
not just quantum.
There are crypto protocols that try to prohibit this attack. PGP for example
relies on the "web of trust" with signed public keys. HTTPS/SSL uses CA's
who sign certificates.
The quantum communication channel does not solve this problem. It solves another
problem: it enforces that the channel can not be tapped without being noticed.
Marc
> I forgot the mention the eavesdropper, E. S/he doesn't know which schemes are
> in use, and she can't validate her scheme with the sender, so her data's useless.
The point is that, after the data has been transmitted to B, B will announce
"I have read bit 0 with method #2, bit 1 with method #2, bit 2 with method #1" etc.
A then knows what information B has. The attacker E doesn't. She knows only
those bits where she (luckily) read the bits with the same method as B.
Statistically, she knows only 50% of the information that B knows.
She would know 100% if she would announce back to A how SHE has read the bits.
But then B would not know the secret, and thus is not able to receive data from A
(when it is encrypted under the secret key).
Newtonian mechanics is still correct - in the limit of small velocities (compared to the speed of light). Relativity hasn't invalidated Newtonian mechanics, but shown that it (Newtonian mechanics) is a special case in a more general theory.
I don't assume that quantum mechanics is the ultimate theory; in fact, it isn't today (think quantum field theories). But I do assume that any (existing or future) theory cannot contradict quantum mechanics, but must contain it as a special case.