Slashdot Mirror
Quantum Cryptography: 100km Barrier Broken
jdfox writes "Toshiba Research Europe have just demonstrated quantum crypto over 100km fibre links. Sounds like there's still a fair bit of work to be done before it leaves the lab, but it's amazing that they've got as far as they have. There's another article about it, though still not much technical detail, here on the BBC and here on The Register."
>100km fibre links...there's still a fair bit of work to be done before it leaves the lab
;)
That must be a big lab! Or maybe they had 100km of fibre and they just looped it round and round and round.
Communication with quantum cryptography is inherently secure because it takes advantage of the physical properties of single photons. In the technique, each transmitted bit of a cryptographic key is encoded upon a single photon.
The sender and recipient each have a key to decode the photon stream, but any attempt to hack into the link and capture the key is doomed to failure as it alters the quantum state of the intercepted photons. These changes are easily detectable, revealing the presence of the hacker.
--------
Free your mind.
From the Register article:
Dosent quantum cryptography depend on the assumption that it is impossible to copy this stream of encoded photons without leaving a trace?
At the CLEO in Baltimore, researchers describe a record-breaking âunhackableâ(TM) link.
UK researchers have broken the distance record for quantum cryptography, the optical technique that enables âunhackableâ(TM) communication along an optical fiber.
Andrew Shields and colleagues from Toshiba Research Europe, UK, revealed their record-breaking link, which reaches over 100 km, at the Conference on Lasers and Electro-Optics (CLEO) in Baltimore, US.
âoeAs far as we are aware, this is the first demonstration of quantum cryptography over fibers longer than 100 km,â said Shields. âoeThe technique could be deployed in a wide range of commercial situations in less than three years.â
Communication with quantum cryptography is inherently secure because it takes advantage of the physical properties of single photons. In the technique, each transmitted bit of a cryptographic key is encoded upon a single photon.
The sender and recipient each have a key to decode the photon stream, but any attempt to hack into the link and capture the key is doomed to failure as it alters the quantum state of the intercepted photons. These changes are easily detectable, revealing the presence of the hacker.
In practice, attenuation in the optical fiber and noise in the detection unit limits the distance over which quantum cryptography works.
The Toshiba team was able to improve the link distance thanks to an ultra-low noise detector, which detects single photons. This detector is based on a GaAs/AlGaAs modulation doped field effect transistor (MODFET), which does not rely on avalanche processes and is therefore less prone to noise than conventional devices (see related story).
The previous transmission record of 87 km was set by researchers from the Japanese company Mitsubishi Electric in November last year. They also developed a novel kind of detector, which had a low dark-count probability, to extend the link distance.
Banks and government organizations are expected to be the first users of quantum cryptography systems when they become commercially available.
Author
Michael Hatcher is technology editor of Opto & Laser Europe magazine.
Bush is on fire and its not good for my lungs.
Sample the photons and generate new ones of the same type. Well I know I'm just another /.er commenting on math and physics matters knowing barely anything about it, but couldn't it work?
-Libertarian secular transhumanist
Toshiba Research Europe have just demonstrated quantum crypto over 100km fibre links. Sounds like there's still a fair bit of work to be done before it leaves the lab...
How could it not have left the lab? Is Toshiba's lab 100KM long? That's a pretty huge lab!
I'm generally "Interesting," "Insightful," and even "Funny" here. What the hell happens to me at parties?
Imagine, all you will need for you own photon ray gun/torpedo is a network cable with signal. Looks like the geek shall inherit the earth after all.
In the technique, each transmitted bit of a cryptographic key is encoded upon a single photon.
Actually it is not completely true, you cannot guarantee that you send out a single photon. Indeed, you don't. You try to approximate a single photon source by using weak laser pulses, but this does not mean you always send out a single photon (sometimes you send out more, sometimes you do not send out any at all). But every security proof consider the fact that you are able to send single photons (which is highly not trivial)
Actually this fact makes most implementations of quantum crypto protocols insecure to a class of attacks (PNS), even though they would take place in a very unrealistic framework (but you have to consider them).
I attended a talk by the head of the RLE lab at MIT a few weeks back. They are working on quantum entanglement and quantum teleportation as means of delivering quantum information over classical "internet" networks. The hitch is that they need an entanglement source to distribute entangled electrons to both ends of a connection...
This is great news for privacy. Sure, if Scully and Mulder want your box, they put a camera in your house, sniff the keyboard for the pw, or just take it via a warrent issued from a Judge who stamps his approval on anything that involves encryption and terrorism.
Overall, great for privacy. I sure as hell want Citibank using this on all their ATMs, Visa on the card readers, etc.
IANAQP, but it seems that if the intended receiver can decode the photons, any person in the middle could also decode the same photons and retrieve the message.
The key point here is that by observing them, the person in the middle changes their quantum state, thus making it immediately obvious to the intended receiver that the channel is insecure. So depending on the delay between the receiver determining this, and indicating to the sender to halt transmission, someone could still capture at least some data.
Or do I just have no clue what I'm talking about?
As the poster noted, light on the technical details... what are the error rates? is there any chance that their could be accidental quantum state changes, especially given that single photon transmission is really just *average* single photon transmission (sometimes more, sometimes none?)
Anyone that has a clue care to enlighten?
I was re-reading the Fabric of Reality (David Deutsch) ... which essentially covers Quantum interference / computing (with the arguement that Quantum computing is a result of multiple universes coming together and interfereing with one another) ... In any case this may be a little bit off topic ... but the book echos 'The Matrix Reloaded' in many ways ... Deutsch describes an 'Oracle' who knows everything ... A Virtual Reality machine that interfaces with the brain (even a picture that looks like something out of the Matrix) ... a multiverse (worlds within worlds etc..) ... and a Universal Virtual Reality Generator that can essentially recreate the environment we live in ... in real time. This book pre-dates the original Matrix by a year.
These guys in Switzerland even sell devices to do quantum crypto.
It's not that the message itself is unbreakable, it's the overall system and process that is unbreakable. The great thing about quantum cryptography is that if anyone does intercept and read your message somehow, you can see with complete certainty that it happened. That's the nature of quantum physics -- things change when observed. So if you don't get what you expected, you know the message has been compromised. From the BBC article:
"With quantum cryptography, the very act of intercepting a single photon on its way down an optical fibre would change the information it was carrying. "
Which cryptography would you prefer? One where you can never be sure if someone has cracked the code before it got to you, or one where if that happened you could tell immediately?
-------------
Well, this certainly clears some points.
If I understood you well, a transmission can be intercepted, but once this is done, it'll be immediately noticed.
I should agree that this will offer some major advantages for securing protocols......... 10x.
1. No sig. 2. ???? 3. Profit!!!
You don't send the message via the quantum method - all you are sending is the key for a one-time pad cipher. If it's intercepted, you don't use that key, you generate a new one and try to send it again.
While I will make no claim to understand a good bit of this technology, what sort of applications currently need such a link (and can justify the need to spend the undoubtably huge wad of cash)?
What would need more than conventional encryption with huge keys at the moment?
Note that I stress "currently". Its pretty clear that a good ways down the road either computers will brute force 2048 bit keys in a few seconds or a way to factor huge primes will come along.
-phish
Why does the observation of the recipient change the quantum state of the photons, thereby making it unreadable to the recipient too?
A quantum state on a single qubit looks like this:
a|0> + b|1>,
where |0> and |1> are vectors, and a and b are complex numbers, and the total vector has a magnitude of 1. When we measure the state, it collapses into the |0> vector with probability |a|^2 and into the |1> vector with probability |b|^2. And of course |a|^2 + |b|^2 = 1.
So the hacker won't know what the arbitrary quantum state was. Observing the photon destroys the original state.
It has been proven that Quantum Cryptology is secure provided that someone doesn't steal your qubits and the axioms of Quantum Mechanics hold.
I think this technology would do well in the casino industry.
Sometimes they might not want the feds knowing absolutely everything.
Is there a law against that?
_______________________________
The Spiders are coming
No, someone can steal your qubits, it is not a problem!
;-)
The problem is, the name Quantum Cryptography is misleading. Actually, this is a key agreement.
Suppose Alice and Bob wants to share a common secret key. To do this, they have to agree on some common shared bits. If qubits are stolen, then Bob does not receive a them, so this does not bring any problems (because they both see the qubits have been stolen, they simply do not use them to generate the key). As long as they have more correct bits than the eavesdropper has, they can construct a secret key (and the technique used here goes under the name of privacy amplification, which is a not so trivial fact in information-theoretical crypto).
Of course quantum mechanics has to hold...
On a different note: do the photons change state just before you intercept/read them, while you're reading them or after you've finished reading them? I would assume the latter, otherwise the recipient also won't be able to read them without changing... All very confusing stuff to me :)
If there are several photons in the same arbitrary state, you can by measuring the qubits in different basis each time, come up with an approximation to the actual quantum state. If there are a 1000 of these photons, then basically we aren't gaining anything by having our information in Quantum form. So you want to avoid sending many duplicate photons for many of the states that you are sending.
You can't observe a photon without absorbing it. Once you've observed it, you've destroyed it. Atoms exchange energy by absorption and re-emission. The photon is either absorbed, or not, there's no in between. It's like binary.
I know quantum encryption is supposed to be the next big thing in cryptography, and make up for all the damage that quantum computers are supposed to do, but I just don't see it. Who has fibre all the way from them to their friend?
And encrypting each hop from me to my friend seems to hardly help at all. Now instead of the evesdropper being able to put a probe on any of the wires, they have to break into one of the routers. But really, who ever heard of someone stealing credit card numbers by digging up cables and putting a probe on them?
And besides, this still doesn't solve the authentication issue. You still need to be confident that the person at the other end is who you think they are. And it seems that solving that is at least as hard as doing the encryption once you know who you're talking to. Specifically, it seems likely that quantum computers will break all our current authentication schemes, but we have no reason to believe that they will break our symmetric ciphers. So even for people with fibre all the way to their friend, a provably secure symmetric cipher replacement is not very useful just yet.
guess I have no idea how this works then. What is the big difference between sending generic what~have~you "data" over vast distances with fiber optics and sending "quantum encrypted" data, that makes this distance limit? I read about the turbo charged photons in the article, still makes no sense to me, aren't all the data streams with fiber based on photons anyway? Is it of an acceptable loss limit thing (zero acceptable?), or what?
thanks in advance to anyone who can explain this for us pea brains
slashdot is fun, there's a head 'sploder for me everyday!
Barring what the other poster said, you can also predict transmission times over fiber VERY accurately. Any time spent processing the photon information to create a new photon to retransmit would be longer than the total transmission time. This would be easily detected.
I have another interesting question though.. Would it be possible to combine this with the "laser teleportation" technology demonstrated earlier this year to have a REALLY secure wireless link? If so, 30 years from now, all communications might be so secure that we wouldn't have to worry about eavesdroppers.
I don't think this will help banks very much.
It just gives Slammer/Bugbear/etc. a faster and cooler (but not at the same time) means of propagation.
"now we are sure -- the cat is dead"
I thought that quantum cryptography was the following:
Location A has a proton that is spinning in one direction while Location B has another proton from the same atom which is also spinning in the same exact direction at the same speed as the result of some sort of natural phenomenon.
When one location shoots the proton with a beam of some sort to make it spin in the other direction at a different speed the proton at the second location starts to do exactly what the proton at the first location was doing that presenting an unhackable method of generating keys.
Is this right?
This is strange. How can the intended recipient know what state is if the hacker can't?
I've googled (google'd?) around a bit but can't find a clear answer to this question, provided it exists: Can a quantum computer do what a classical computer can't? Now, from what I've gathered, a machine based on qbits can make intractable problems tractable. What would take billions of years to compute can be done in seconds. But what I want to know is if quantum computing can reach beyond the limits of a Turing Machine. However simple they may seem to a child, there are problems my Athlon could never solve even with infinite time and memory. Is this question still unanswered ?
You should probably be confident that something is wrong with quantum mechanics. Being confident that it's 100% correct would be like being confident 300 years ago that Newtonian mechanics was 100% correct. There's always something that turns out to be wrong.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
This may be wrong, but I'll mention it anyway.
Consider this scenario:
A --> B is intercepted by E, who responds to A (and thus gets 100% of the information). There is now essentially an A E connection, but A things he's talking to B. E then sets up a connection to B, pretending to be A, and retransmits the data.
It seems to avoid this requires some sort of host-identity verification mechanism.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
(This may be inaccurate as I'm recalling it from what I read in Simon Singh's "The Code Book", but I hope it explains the point.)
The idea is that you can measure the photons with only partial accuracy, and according to the setting of the measuring instrument. For example, if sending a photon in state Y, the measurement does not yield: "The photon was in state Y", but instead "The photon was probably in state X but maybe in state Y or Z, and not in state W.". Another measurement configuration could yield: "The photon was probably in state Y but maybe in state X or W, and not in state Z."
The "hacker" does not know the measurement configuration at the receiver and may try some arbitrary configuration of his own.
The problem is, when receiving the measurement result, for example that the photon was probably in state X, trying to retransmit it as X may be picked up as inconsistent at the real receiver's.
The measurement configuration itself for each bit can be agreed upon by a negotiation stage where a bitstream is sent accross random configurations of both the sender and receiver and then publically agreeing which bits of the sequence to use (knowing they have matching configurations, not letting a "hacker" enough information to know what configurations those are - leaving him with impossible guesswork).
Why was 100km a barrier in the first place?
Or is this just the first time someone bothered to try this over the distance in question.
What, has slashdot been ravaged by temperence fanatics?
autopr0n is like, down and stuff.
You might not care if they see you are listening in. but what if they are exchanging secret keys for normal encryption over the quantum channel? Then you care.. because if they know their key exchange was compromised, they won't use those keys.. that's the kind of thing this is for.
As for when they change state, they change state when you are observing them (say, when they hit a detector). An observer in this case is no different than the desired recipient.... it's just that once you receive it, you cannot recreate it....
If this is the case, adding repeaters could easily be feasible to achieve any distance. Each repeater would just generate a new quantum key to connect to the next repeater in line, and they would have to be monitor any interception attempts. It wouldn't matter that the key changes, bceause you're still ensuring that each segment is secure.
If I'm understanding this correctly, it sounds like it could be very useful already today for the network or data link layer in secure networks, but not really feasible for direct use by client software.
-j
So the concept here is that if I try and passively read the photons during transport I will destroy them making it obvious too the other end that I have been listening.
However would it not be possible to simply insert a system between the two hosts (A & B) that are trying to transmit and then have your device pretend to be system B to system A and pretend to be system A to system B. This should ensure that it is possible to get all of the data transmitted. A tad more complicated than doing it passively but you would still end up with a very hard to detect eavs dropping system.
Is there any really good reason this wouldnt work, excluding detection during installation when the fiber goes dead for a minute.
37 - what does it stand for really...
Basically, it can only be read once. Just say you send a crypto key using this method to a friend. An evil hacker intercepts it and gets the key. Because it's intercepted, it never gets to your friend. Your friend, or rather, his quantum crypto protocol, tells you that it never got the key. You send another new key, repeat until hacker gets bored.
The hacker cannot simply intercept and repeat the key, because his interception modifies the photon before he gets a chance to read it. If he retransmitted his intercepted key, your friends computer wouldn't be able to understand it, would ignore it as corrupted, and ask for another key.
Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
This is a sucessor to the key-handcuffed-to-courier's-wrist set of cryptosystems. It's for embassies, military bases, and so forth. Not for you and me and the neighbor kid.
At any velocity Newtonian mechanics is incorrect; the reason it's not a problem at small velocities is that the error term is very small. But if you were to make measurements to arbitrary precision, Newtonian mechanics would give you wrong results at any speed.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
Use an axe, it's only usefull if they can transmit something.
Analogies don't equal equalities, they are merely somewhat analogous.
If so, 30 years from now, all communications might be so secure that we wouldn't have to worry about eavesdroppers
Nope. I mean, it wouldn't be so expensive today to encrypt point-to-point links with a stream cipher. But the problem is, it has to go through a router at some point. And you just have to put a bug in the router, have it copying traffic... this stuff is multi-stage, there's no way you could tell if the router were hacked/bugged from the timing.
I think if you're going to fantasize about a future with no eavesdroppers, you may as well fantasize about IPSec.
I hereby place the above post in the public domain.
Urk, this is dragging out my recollection of an article I read (paper version, no web version yet) in New Scientist about a week ago but...
IIRC, there is a new technique in the quantum world for observing the states of particles without changing their states - it's got something to do with recording data with accuracy smaller than the size of the error in a single experiment, but with repeated experiments the real value of the measurement starts to become apparent.
A quick google for "weak measurement" brings up pages way above my head so I can't go into it any further - but could this pose a problem for quantum crpytography? As I understand it, as multiple experiments are required there's no way of retreiving the data from a single transmission but then again that's how *I* understand it and IANAPhysicist.
-Rob.
It's still a simple OTP encryption - it's just that they'll know if anyone's intercepted some of the key on the way.
oh brave new world, that has such people in it!
It's theoretically impossible to eavesdrop without being detected. As others have mentioned here, in practice when a 'photon' is sent, actually more then one are sent because they use very very faint flashes of light from a lazer.
It is theoretically possible that an attacker could someone split off a few of those photons, letting the rest proceed to their destination, in which case the attacker may not part of the key that Alice and Bob agree upon. Other ways to attack the protocol have been established as well.
For example, what if the attacker over-runs Bob's position and gains access to the quantum channel, and then successfully authenticates himself to Alice as Bob. Now Alice is securely exchanging keys with the attacker.
Nice round numbers that are powers of ten are not "barriers".
Check for example the quantum cryptography setup description on a resarch page:
Only after a measurement run is completed, Alice and Bob compare their lists of detections to extract the coincidences and generate the quantum keys. Taking into account the time uncertainties of all measurement electronics in our system, we can implement a coincidence window of 5 ns. All the communication for generating the quantum keys and testing the security of the quantum channel is done by Alice's and Bob's personal computers via the standard computer network.
- P(x) is a function representing a public key, where x is a message and P(x) is the encrypted form of that message using key P().
- Analogously, S(x)is a function representing a secret key.
- P and S are chosen so that P(S(x)) == S(P(x)) == x.
- The general case of S(x) cannot easily be determined by inspection of P(x).
- Each person's secret key S is known only to themself, but their public key P is disseminated.
- Alice encrypts a message to Bob by sending Pbob(x). Bob evaluates Sbob(Pbob(x)) to determine x. No-one can intercept this message without knowing Sbob(), and see (4) above.
- Alice signs a message to Bob by sending Salice(x). Bob evaluates Palice(Salice(x)) to verify that the sender is Alice. No-one can fake this message without knowing Salice(), and see (4) above.
This breaks down at (4). We know from (3) that P(x) is not singular, and the inverse function P-1(x) is mathematically equivalent to S(x). The trick is in generating function-inverse pairs where the derivation of the inverse from first principles would require an extraordinary amount of computations, or in performing many, many computations in as short a time as possible, depending on which side of the fence you are on.Current schemes involve basically raising numbers to powers, ensuring that the greatest change occurs in the low-order digits and using modulo p arithemetic {think of a clock face numbered from 1 to p} to keep the numbers manageable. Recall that (x ** a) ** b
Quantum Cryptography:
- Alice sends photon stream to Bob.
- Some of Alice's photons fizzle out into nothing and don't make it as far as Bob.
- Eve intercepts some of Alice's photons.
- Every photon that Eve received will not be received by Bob.
- Bob has to compare what he received with what Alice sent in order to work out which photons went missing.
- Any information that Alice sent but Bob didn't receive is ignored.
- Alice and Bob now have two identical lists of zeros and ones, which can be used as an encryption key.
For me, this breaks down at (5). If Alice and Bob have to compare their notes somehow, then this is the weak point. It still requires some communication channel, which is susceptible to hi-jacking. If they discuss the sequences over a conventional phone line, it could be tapped. If they have to actually meet, why doesn't Alice just give her encryption key to Bob there and then?Or have I got this whole thing completely cocked up? If so can someone point out where?
Je fume. Tu fumes. Nous fûmes!
Remember steel has elastic properties. When you push or pull a steel rod, it deforms slightly as the individual molecules squash up against one another, then revert back to their original arrangement. The deformity actually travels all the way along the rod. Try it yourself using a stretched "Slinky" spring sometime, giving it a jerk towards or away from yourself or even to the side, and observing how the deformity travels .....
..... the sound will travel along the bar much quicker than through the air}, but it still isn't faster than light. This suggests a quantum limit on those physical properties of materials which determine speed of sound - anyone care to enlighten us?
Using a laser you can send messages at the speed of light. Using a steel rod you can send messages at the speed of sound in steel {which you can measure yourself, and compare to the speed of sound in air, by listening to a long steel bar as someone taps it
Note that in the case of someone speaking into a hollow steel tube, sound waves are prevented from spreading out {and therefore losing volume} by being reflected off the tube walls {think of this as an acoustic version of fibre optics}. Some sound also travels through the tube walls themselves. The reflected sound takes a longer path than the direct sound, but the wall-borne sound arrives quicker; and the longer the tube, the harder it is to work out what is being said.
Je fume. Tu fumes. Nous fûmes!
Well, you don't need quantum mechanics to explain this. Just remember that the forces between the atoms are electromagnetic, and therefore every disturbance in the metal (like sound waves) cannot be transmitted faster than those forces - which, being electromagnetic, of course themselves travel with the speed of electromagnetic disturbances = electromacnetic waves. And that, of course, is the speed of light.
The Tao of math: The numbers you can count are not the real numbers.
Not that easy to make it brief, but I'll give it a shot.
The sent bit is polarized as either vertical(1)/horizontal(0) or the two diagonals as 1/0 in a same way. If you try to measure weather it's vertical/horizontal, but the sent bit was one of the diagonal polarities you get randomly 1 or 0. And naturally if you try to measure the correct polarities you get the intended bit 1 or 0.
The receiver can measure the polarity in of those two different ways. Upon receiving he picks the polarity measurement of choice in random, because he cannot know of which method he should use. Naturally he'll select about 50% correctly. For those his measurements are valid.
He can then simply call the sender and tell which polarity directions he used in each bit and the sender can then afterwards tell which were correct.
The essential thing here is that a man-in-the-middle hacker cannot receive and retransmit because prior to knowing of which polarity the original qubits in the stream was he cannot be certain any of his received bits, thus making it impossible for him to resend it to the originally intended receiver.
1 Earth is warming, 2 It's us, 3 it's royally bad, 4 we need to take action NOW
The point of quantum cryptography is that you never have to reuse a key. I can generate a one-time pad, perhaps using a radioactive source to provide randomness, and transmit it over the quantum link. The advantage of this is that I can be certain it has reached my correspondent without being intercepted, and I can now encode my _real_ message and send it over conventional channels.
You only use the quantum link for key exchange, not for sending the actual messages. If one of the keys is compromised, you'll know about it, and not use it - assuming you're not quite monumentally stupid, which can't be ruled out.
The only way to defeat quantum cryptography would be to have a spy at the other end.
Real Daleks don't climb stairs - they level the building.
Shame, I thought I might have discovered something ;-) Makes total sense, though. Thank you.
..... Is a bridge rectifier connected to a noise source a manifestation of Maxwell's Daemon?
'bout the moniker, BTW
Je fume. Tu fumes. Nous fûmes!