Slashdot Mirror
Quantum Cryptography: 100km Barrier Broken
jdfox writes "Toshiba Research Europe have just demonstrated quantum crypto over 100km fibre links. Sounds like there's still a fair bit of work to be done before it leaves the lab, but it's amazing that they've got as far as they have. There's another article about it, though still not much technical detail, here on the BBC and here on The Register."
>100km fibre links...there's still a fair bit of work to be done before it leaves the lab
;)
That must be a big lab! Or maybe they had 100km of fibre and they just looped it round and round and round.
Communication with quantum cryptography is inherently secure because it takes advantage of the physical properties of single photons. In the technique, each transmitted bit of a cryptographic key is encoded upon a single photon.
The sender and recipient each have a key to decode the photon stream, but any attempt to hack into the link and capture the key is doomed to failure as it alters the quantum state of the intercepted photons. These changes are easily detectable, revealing the presence of the hacker.
--------
Free your mind.
From the Register article:
Dosent quantum cryptography depend on the assumption that it is impossible to copy this stream of encoded photons without leaving a trace?
At the CLEO in Baltimore, researchers describe a record-breaking âunhackableâ(TM) link.
UK researchers have broken the distance record for quantum cryptography, the optical technique that enables âunhackableâ(TM) communication along an optical fiber.
Andrew Shields and colleagues from Toshiba Research Europe, UK, revealed their record-breaking link, which reaches over 100 km, at the Conference on Lasers and Electro-Optics (CLEO) in Baltimore, US.
âoeAs far as we are aware, this is the first demonstration of quantum cryptography over fibers longer than 100 km,â said Shields. âoeThe technique could be deployed in a wide range of commercial situations in less than three years.â
Communication with quantum cryptography is inherently secure because it takes advantage of the physical properties of single photons. In the technique, each transmitted bit of a cryptographic key is encoded upon a single photon.
The sender and recipient each have a key to decode the photon stream, but any attempt to hack into the link and capture the key is doomed to failure as it alters the quantum state of the intercepted photons. These changes are easily detectable, revealing the presence of the hacker.
In practice, attenuation in the optical fiber and noise in the detection unit limits the distance over which quantum cryptography works.
The Toshiba team was able to improve the link distance thanks to an ultra-low noise detector, which detects single photons. This detector is based on a GaAs/AlGaAs modulation doped field effect transistor (MODFET), which does not rely on avalanche processes and is therefore less prone to noise than conventional devices (see related story).
The previous transmission record of 87 km was set by researchers from the Japanese company Mitsubishi Electric in November last year. They also developed a novel kind of detector, which had a low dark-count probability, to extend the link distance.
Banks and government organizations are expected to be the first users of quantum cryptography systems when they become commercially available.
Author
Michael Hatcher is technology editor of Opto & Laser Europe magazine.
Bush is on fire and its not good for my lungs.
Sample the photons and generate new ones of the same type. Well I know I'm just another /.er commenting on math and physics matters knowing barely anything about it, but couldn't it work?
-Libertarian secular transhumanist
Toshiba Research Europe have just demonstrated quantum crypto over 100km fibre links. Sounds like there's still a fair bit of work to be done before it leaves the lab...
How could it not have left the lab? Is Toshiba's lab 100KM long? That's a pretty huge lab!
I'm generally "Interesting," "Insightful," and even "Funny" here. What the hell happens to me at parties?
Imagine, all you will need for you own photon ray gun/torpedo is a network cable with signal. Looks like the geek shall inherit the earth after all.
In the technique, each transmitted bit of a cryptographic key is encoded upon a single photon.
Actually it is not completely true, you cannot guarantee that you send out a single photon. Indeed, you don't. You try to approximate a single photon source by using weak laser pulses, but this does not mean you always send out a single photon (sometimes you send out more, sometimes you do not send out any at all). But every security proof consider the fact that you are able to send single photons (which is highly not trivial)
Actually this fact makes most implementations of quantum crypto protocols insecure to a class of attacks (PNS), even though they would take place in a very unrealistic framework (but you have to consider them).
This is great news for privacy. Sure, if Scully and Mulder want your box, they put a camera in your house, sniff the keyboard for the pw, or just take it via a warrent issued from a Judge who stamps his approval on anything that involves encryption and terrorism.
Overall, great for privacy. I sure as hell want Citibank using this on all their ATMs, Visa on the card readers, etc.
IANAQP, but it seems that if the intended receiver can decode the photons, any person in the middle could also decode the same photons and retrieve the message.
The key point here is that by observing them, the person in the middle changes their quantum state, thus making it immediately obvious to the intended receiver that the channel is insecure. So depending on the delay between the receiver determining this, and indicating to the sender to halt transmission, someone could still capture at least some data.
Or do I just have no clue what I'm talking about?
As the poster noted, light on the technical details... what are the error rates? is there any chance that their could be accidental quantum state changes, especially given that single photon transmission is really just *average* single photon transmission (sometimes more, sometimes none?)
Anyone that has a clue care to enlighten?
I was re-reading the Fabric of Reality (David Deutsch) ... which essentially covers Quantum interference / computing (with the arguement that Quantum computing is a result of multiple universes coming together and interfereing with one another) ... In any case this may be a little bit off topic ... but the book echos 'The Matrix Reloaded' in many ways ... Deutsch describes an 'Oracle' who knows everything ... A Virtual Reality machine that interfaces with the brain (even a picture that looks like something out of the Matrix) ... a multiverse (worlds within worlds etc..) ... and a Universal Virtual Reality Generator that can essentially recreate the environment we live in ... in real time. This book pre-dates the original Matrix by a year.
These guys in Switzerland even sell devices to do quantum crypto.
It's not that the message itself is unbreakable, it's the overall system and process that is unbreakable. The great thing about quantum cryptography is that if anyone does intercept and read your message somehow, you can see with complete certainty that it happened. That's the nature of quantum physics -- things change when observed. So if you don't get what you expected, you know the message has been compromised. From the BBC article:
"With quantum cryptography, the very act of intercepting a single photon on its way down an optical fibre would change the information it was carrying. "
Which cryptography would you prefer? One where you can never be sure if someone has cracked the code before it got to you, or one where if that happened you could tell immediately?
-------------
You don't send the message via the quantum method - all you are sending is the key for a one-time pad cipher. If it's intercepted, you don't use that key, you generate a new one and try to send it again.
A quantum state on a single qubit looks like this:
a|0> + b|1>,
where |0> and |1> are vectors, and a and b are complex numbers, and the total vector has a magnitude of 1. When we measure the state, it collapses into the |0> vector with probability |a|^2 and into the |1> vector with probability |b|^2. And of course |a|^2 + |b|^2 = 1.
So the hacker won't know what the arbitrary quantum state was. Observing the photon destroys the original state.
If there are several photons in the same arbitrary state, you can by measuring the qubits in different basis each time, come up with an approximation to the actual quantum state. If there are a 1000 of these photons, then basically we aren't gaining anything by having our information in Quantum form. So you want to avoid sending many duplicate photons for many of the states that you are sending.
You can't observe a photon without absorbing it. Once you've observed it, you've destroyed it. Atoms exchange energy by absorption and re-emission. The photon is either absorbed, or not, there's no in between. It's like binary.
I know quantum encryption is supposed to be the next big thing in cryptography, and make up for all the damage that quantum computers are supposed to do, but I just don't see it. Who has fibre all the way from them to their friend?
And encrypting each hop from me to my friend seems to hardly help at all. Now instead of the evesdropper being able to put a probe on any of the wires, they have to break into one of the routers. But really, who ever heard of someone stealing credit card numbers by digging up cables and putting a probe on them?
And besides, this still doesn't solve the authentication issue. You still need to be confident that the person at the other end is who you think they are. And it seems that solving that is at least as hard as doing the encryption once you know who you're talking to. Specifically, it seems likely that quantum computers will break all our current authentication schemes, but we have no reason to believe that they will break our symmetric ciphers. So even for people with fibre all the way to their friend, a provably secure symmetric cipher replacement is not very useful just yet.
Barring what the other poster said, you can also predict transmission times over fiber VERY accurately. Any time spent processing the photon information to create a new photon to retransmit would be longer than the total transmission time. This would be easily detected.
I have another interesting question though.. Would it be possible to combine this with the "laser teleportation" technology demonstrated earlier this year to have a REALLY secure wireless link? If so, 30 years from now, all communications might be so secure that we wouldn't have to worry about eavesdroppers.
"now we are sure -- the cat is dead"
You should probably be confident that something is wrong with quantum mechanics. Being confident that it's 100% correct would be like being confident 300 years ago that Newtonian mechanics was 100% correct. There's always something that turns out to be wrong.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
(This may be inaccurate as I'm recalling it from what I read in Simon Singh's "The Code Book", but I hope it explains the point.)
The idea is that you can measure the photons with only partial accuracy, and according to the setting of the measuring instrument. For example, if sending a photon in state Y, the measurement does not yield: "The photon was in state Y", but instead "The photon was probably in state X but maybe in state Y or Z, and not in state W.". Another measurement configuration could yield: "The photon was probably in state Y but maybe in state X or W, and not in state Z."
The "hacker" does not know the measurement configuration at the receiver and may try some arbitrary configuration of his own.
The problem is, when receiving the measurement result, for example that the photon was probably in state X, trying to retransmit it as X may be picked up as inconsistent at the real receiver's.
The measurement configuration itself for each bit can be agreed upon by a negotiation stage where a bitstream is sent accross random configurations of both the sender and receiver and then publically agreeing which bits of the sequence to use (knowing they have matching configurations, not letting a "hacker" enough information to know what configurations those are - leaving him with impossible guesswork).
Why was 100km a barrier in the first place?
Or is this just the first time someone bothered to try this over the distance in question.
If so, 30 years from now, all communications might be so secure that we wouldn't have to worry about eavesdroppers
Nope. I mean, it wouldn't be so expensive today to encrypt point-to-point links with a stream cipher. But the problem is, it has to go through a router at some point. And you just have to put a bug in the router, have it copying traffic... this stuff is multi-stage, there's no way you could tell if the router were hacked/bugged from the timing.
I think if you're going to fantasize about a future with no eavesdroppers, you may as well fantasize about IPSec.
I hereby place the above post in the public domain.
- P(x) is a function representing a public key, where x is a message and P(x) is the encrypted form of that message using key P().
- Analogously, S(x)is a function representing a secret key.
- P and S are chosen so that P(S(x)) == S(P(x)) == x.
- The general case of S(x) cannot easily be determined by inspection of P(x).
- Each person's secret key S is known only to themself, but their public key P is disseminated.
- Alice encrypts a message to Bob by sending Pbob(x). Bob evaluates Sbob(Pbob(x)) to determine x. No-one can intercept this message without knowing Sbob(), and see (4) above.
- Alice signs a message to Bob by sending Salice(x). Bob evaluates Palice(Salice(x)) to verify that the sender is Alice. No-one can fake this message without knowing Salice(), and see (4) above.
This breaks down at (4). We know from (3) that P(x) is not singular, and the inverse function P-1(x) is mathematically equivalent to S(x). The trick is in generating function-inverse pairs where the derivation of the inverse from first principles would require an extraordinary amount of computations, or in performing many, many computations in as short a time as possible, depending on which side of the fence you are on.Current schemes involve basically raising numbers to powers, ensuring that the greatest change occurs in the low-order digits and using modulo p arithemetic {think of a clock face numbered from 1 to p} to keep the numbers manageable. Recall that (x ** a) ** b
Quantum Cryptography:
- Alice sends photon stream to Bob.
- Some of Alice's photons fizzle out into nothing and don't make it as far as Bob.
- Eve intercepts some of Alice's photons.
- Every photon that Eve received will not be received by Bob.
- Bob has to compare what he received with what Alice sent in order to work out which photons went missing.
- Any information that Alice sent but Bob didn't receive is ignored.
- Alice and Bob now have two identical lists of zeros and ones, which can be used as an encryption key.
For me, this breaks down at (5). If Alice and Bob have to compare their notes somehow, then this is the weak point. It still requires some communication channel, which is susceptible to hi-jacking. If they discuss the sequences over a conventional phone line, it could be tapped. If they have to actually meet, why doesn't Alice just give her encryption key to Bob there and then?Or have I got this whole thing completely cocked up? If so can someone point out where?
Je fume. Tu fumes. Nous fûmes!