Slashdot Mirror
Quantum Cryptography: 100km Barrier Broken
jdfox writes "Toshiba Research Europe have just demonstrated quantum crypto over 100km fibre links. Sounds like there's still a fair bit of work to be done before it leaves the lab, but it's amazing that they've got as far as they have. There's another article about it, though still not much technical detail, here on the BBC and here on The Register."
Sample the photons and generate new ones of the same type. Well I know I'm just another /.er commenting on math and physics matters knowing barely anything about it, but couldn't it work?
-Libertarian secular transhumanist
Yes. However, quantum mechanics is an extremely well-established theory.
As a physicist, I'm reluctant to call anything a fact. However, just because I cannot prove that (say) gravity won't cease to exist tomorrow morning, doesn't mean I live under the constant fear that this might in fact happen. Much in the same way, I'm confident that nothing is wrong with quantum mechanics.
IANAQP, but it seems that if the intended receiver can decode the photons, any person in the middle could also decode the same photons and retrieve the message.
The key point here is that by observing them, the person in the middle changes their quantum state, thus making it immediately obvious to the intended receiver that the channel is insecure. So depending on the delay between the receiver determining this, and indicating to the sender to halt transmission, someone could still capture at least some data.
Or do I just have no clue what I'm talking about?
As the poster noted, light on the technical details... what are the error rates? is there any chance that their could be accidental quantum state changes, especially given that single photon transmission is really just *average* single photon transmission (sometimes more, sometimes none?)
Anyone that has a clue care to enlighten?
I was re-reading the Fabric of Reality (David Deutsch) ... which essentially covers Quantum interference / computing (with the arguement that Quantum computing is a result of multiple universes coming together and interfereing with one another) ... In any case this may be a little bit off topic ... but the book echos 'The Matrix Reloaded' in many ways ... Deutsch describes an 'Oracle' who knows everything ... A Virtual Reality machine that interfaces with the brain (even a picture that looks like something out of the Matrix) ... a multiverse (worlds within worlds etc..) ... and a Universal Virtual Reality Generator that can essentially recreate the environment we live in ... in real time. This book pre-dates the original Matrix by a year.
OK, I've always wondered about this.
If observation by a third party renders the message unreadable, then why doesn't observation by the intended recipient render it unreadable?
Well it only relies on the assumption that Quantum Mechanics as we know it is a valid theory. The "no-cloning theorem" proves mathematically (from first principles in QM) that you can't duplicate a quantum-bit without destroying the original.
So called "noisy-cloning" techniques exist, but they would be detectable in any decent quantum-crypto technique. I imagine the only way you could intercept the signal is to find a heretofore unknown theory that supersedes QM somehow (which the brightest minds have been working on for 70+ years).
If there are several photons in the same arbitrary state, you can by measuring the qubits in different basis each time, come up with an approximation to the actual quantum state. If there are a 1000 of these photons, then basically we aren't gaining anything by having our information in Quantum form. So you want to avoid sending many duplicate photons for many of the states that you are sending.
> Haven't they already got the information at that point?
What you can do to prevent this is the following:
1. select a random key
2. transmit the random key to your partner
3. check if the transmission has been tapped by an attacker. if yes, go back to 1.
4. encrypt all following data with the key (which is not known to the attacker)
The transmission is as secure as the weakest of the following items:
- encryption algorithm
- random key selection process
- "check if tapped" procedure (that quantum stuff)
The chain is only as strong as its weakest link.
Marc
You should probably be confident that something is wrong with quantum mechanics. Being confident that it's 100% correct would be like being confident 300 years ago that Newtonian mechanics was 100% correct. There's always something that turns out to be wrong.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
(This may be inaccurate as I'm recalling it from what I read in Simon Singh's "The Code Book", but I hope it explains the point.)
The idea is that you can measure the photons with only partial accuracy, and according to the setting of the measuring instrument. For example, if sending a photon in state Y, the measurement does not yield: "The photon was in state Y", but instead "The photon was probably in state X but maybe in state Y or Z, and not in state W.". Another measurement configuration could yield: "The photon was probably in state Y but maybe in state X or W, and not in state Z."
The "hacker" does not know the measurement configuration at the receiver and may try some arbitrary configuration of his own.
The problem is, when receiving the measurement result, for example that the photon was probably in state X, trying to retransmit it as X may be picked up as inconsistent at the real receiver's.
The measurement configuration itself for each bit can be agreed upon by a negotiation stage where a bitstream is sent accross random configurations of both the sender and receiver and then publically agreeing which bits of the sequence to use (knowing they have matching configurations, not letting a "hacker" enough information to know what configurations those are - leaving him with impossible guesswork).
It depends on the assumption that you're actually getting all the protection that the physics promises.
Bluewonder did a good job of explaining how reliable the physics is, but any security geek will look for ways to change the problem to one where the theory doesn't apply any more.
I once had the privilege of attending a talk by Shamir in which he mentioned in passing a detectable but terribly simple attack on quantum key exchange. Mallory simply shines a bright light pulse backwards onto the transmitter. The transmitter is made of real material and has, accidentally, some nonzero reflectance. Mallory looks at the echo and knows the state of the polarizer. Mallory shuts off the eavesdropping equipment and lets the next theoretically untappable single photon go by unobserved and unmolested.
The pulse can be brief, and "bright" just means bright enough that a detectable echo comes back, so it could be on the order of a hundred photons.
I felt like bowing down to Shamir in admiration.
Why was 100km a barrier in the first place?
Or is this just the first time someone bothered to try this over the distance in question.
If so, 30 years from now, all communications might be so secure that we wouldn't have to worry about eavesdroppers
Nope. I mean, it wouldn't be so expensive today to encrypt point-to-point links with a stream cipher. But the problem is, it has to go through a router at some point. And you just have to put a bug in the router, have it copying traffic... this stuff is multi-stage, there's no way you could tell if the router were hacked/bugged from the timing.
I think if you're going to fantasize about a future with no eavesdroppers, you may as well fantasize about IPSec.
I hereby place the above post in the public domain.
- P(x) is a function representing a public key, where x is a message and P(x) is the encrypted form of that message using key P().
- Analogously, S(x)is a function representing a secret key.
- P and S are chosen so that P(S(x)) == S(P(x)) == x.
- The general case of S(x) cannot easily be determined by inspection of P(x).
- Each person's secret key S is known only to themself, but their public key P is disseminated.
- Alice encrypts a message to Bob by sending Pbob(x). Bob evaluates Sbob(Pbob(x)) to determine x. No-one can intercept this message without knowing Sbob(), and see (4) above.
- Alice signs a message to Bob by sending Salice(x). Bob evaluates Palice(Salice(x)) to verify that the sender is Alice. No-one can fake this message without knowing Salice(), and see (4) above.
This breaks down at (4). We know from (3) that P(x) is not singular, and the inverse function P-1(x) is mathematically equivalent to S(x). The trick is in generating function-inverse pairs where the derivation of the inverse from first principles would require an extraordinary amount of computations, or in performing many, many computations in as short a time as possible, depending on which side of the fence you are on.Current schemes involve basically raising numbers to powers, ensuring that the greatest change occurs in the low-order digits and using modulo p arithemetic {think of a clock face numbered from 1 to p} to keep the numbers manageable. Recall that (x ** a) ** b
Quantum Cryptography:
- Alice sends photon stream to Bob.
- Some of Alice's photons fizzle out into nothing and don't make it as far as Bob.
- Eve intercepts some of Alice's photons.
- Every photon that Eve received will not be received by Bob.
- Bob has to compare what he received with what Alice sent in order to work out which photons went missing.
- Any information that Alice sent but Bob didn't receive is ignored.
- Alice and Bob now have two identical lists of zeros and ones, which can be used as an encryption key.
For me, this breaks down at (5). If Alice and Bob have to compare their notes somehow, then this is the weak point. It still requires some communication channel, which is susceptible to hi-jacking. If they discuss the sequences over a conventional phone line, it could be tapped. If they have to actually meet, why doesn't Alice just give her encryption key to Bob there and then?Or have I got this whole thing completely cocked up? If so can someone point out where?
Je fume. Tu fumes. Nous fûmes!