Slashdot Mirror
Quantum Cryptography Gets Nanotube Boost
c1ay writes "In an article at the ScienceDaily News it is reported that two researchers at the University of Rochester have discovered a new property of carbon nanotubes, ideal photon emission. "The emission bandwidth is as narrow as you can get at room temperature," says Lukas Novotny, professor of optics at Rochester and co-author of the study. Such a narrow and steady emission can make such fields as quantum cryptography and single-molecule sensors a practical reality. RSA and Elliptic Curve wouldn't stand a chance against this unbreakable encryption."
That is true only if the numbers are completely random and never repeat. If a one-time pad's numbers ever repeat, even by chance, then hypothetically it can be broken. So if you have a true, perfect random-number generator, you may be correct.
Not in this case. It's one of the deeply ingrained features of quantum cryptography, that the act of reading the message, even in the encrypted form, changes the content. It is in fact unbreakable, on a very elementary physical level.
Quantum cryptography is very interesting--an absolutely bizarre manifestation of one of the most spooky and anti-intuitive features of quantum mechanics. The very premise gave Einstein fits.
But where RSA is used (and, barring an as of yet undiscovered in the open world weakness, elliptic curve cryptography) quantum cryptography has no application.
Quantum cryptography is built on the quantum entanglement of photon pairs, who's wave function must remain un-collapsed by measurement or perturbation until decode. This feature is both quantum cryptography's strength and weakness:
It's a strength because any Eve eavesdropping is irrefutably revealed.
It's a weakness because it limits the applications to such Alices and Bobs where between actual original photons may be reliably transmitted.
RSA and various other "Newtonian" cryptographic schemes make use of mathematical transforms rather than physical properties of individual particles and survive re-transmission with their essential properties intact; for example, over a packet switched network.
What RSA may not ultimately stand a chance against are quantum computers, which according to a variation of Moore's law I might have been the first to state (at DEFCON 9), will within a decade surpass then available classical computers and will (in theory) be exceptionally good at cracking encrypted documents.
Assuming the NSA doesn't already have a good working quantum computer...
And assuming it's possible to continue adding entangled qubits...
Anyway, Moores law says the power of classical computers increases as 2^(Y/1.5), where Y is years. So far, roughly, quantum computers are increasing in power as 2^2^(Y/2), which should make em about 10^225 times as powerful as today's classical computers in 2 decades, and if that turns out to be so, then RSA really won't stand a chance. It might be a bummer for some: 4096 bit PGP keys are assumed to be safe against, for example, the combined efforts of all computers to be built according to Moores law between now and any normal lifetime, or at least well past the statute of limitations. But if quantum computer development continues apace, that assumption may be problematically flawed.
But it's not quantum encryption that's the threat, it's quantum computers. Quantum encryption isn't any more unbreakable than whatever data method underlays it, though it's a fine way to transmit a stream of random numbers. The "key" is that it is, apparently, physics-ally impossible to intercept the stream of photons without causing a measurable effect. So Alice and Bob can be absolutely sure their one time pad is known only to them...
as long as no one is looking over their shoulders...
All this talk about cryptography sure is sexy, but how about something practical, like a computer monitor with resolution so high you can't even see the pixels? I want a screen that is indistinguishable from a sheet of paper.
Have fun, you'll never get it.
And no, uudecoding it isn't the "solution". Uudecode then try and brute force the result.
RSA and Elliptic Curve wouldn't stand a chance against this unbreakable encryption
Oh yeah, that cheap and easy cryptography technology that can be performed on a CPU in a wristwatch or smartcard and be can used for encryption, signing, PKI infrastructure, n of m schemes etc will be instantly replaced by a system that's only good to transmit bits with a guarantee that the recipient will be able to detect if someone else is reading the traffic. Yawn.
"Mary had a crypto key, she kept it in escrow, and everything that Mary said, the Feds were sure to know."
Can anybody comment on whether this new result applies to generating single photons?
Noone has ever created a One time Pad plugin for outlook.
Think about it. Create a random one time Pad of a few hundred MB. Burn it on 2 cd-r. Put one in your safe and hand the other to BOB in person.
Now just use the pad piece by piece for your secure transmissions. It should last for years if you dont sent porn or warez....
As long as you use every part of the pad only once, even if the attacker gets the plaintext of one message the others wont be compromised.
HI O WISE PRINCE. WHT TOOK U SO DAM LONG?
I am wondering what will happen with security everywhere when quantum computers step into every day life. Classic methods like RSA will be solved in a minute. What about quantum cryptography ? does it stand a chance against quantum computers ? and what will be the effect on society, if nothing can be encrypted any more ?
You seem to be under the impression that decrypting a one time pad is just a case of trying different keys and watching the results for output that makes sense. That is laughably incorrect.
Brute forcing is a method you use to decrypt a known ciphertext using a known algorithm. It involves trying every possible key in the algorithm, and examining what plaintext would result. Given, say, 1024 bits of ciphertext, and a simple symmetric algorithm with a little 56 bit key, you could run the decryption with each of the 2^56 possible keys, giving you 2^56 possible different plaintext renderings of that 1024 bit message. Out of all the possible messages that 1024 bits could communicate (2^1024 of them), we've narrowed down the field to just 2^56 - in other words, we've reduced the field by a factor of 2^968 (that's about a googol cubed). Assuming the message was originally written in in a natural human language, like English, there is a lot of redundancy built in to the message. On average, one character of English communicates 1.4 bits of information - encoded in ASCII, that means you've only got 1.4 bits of actual data encoded in every byte of the original message. So, of the 2^1024 possible messages the ciphertext could encode, only 2^(1024/8*1.4) of them - about 2^179 - contain the right proportions of characters to make any kind of sense in English. But remember, we eliminated 1-(1/googol^3) of the possible messages by examining which messages could possibly be generated by a valid key. So, the odds of more than one of those 2^179 messages making any kind of sense are somewhat less than one in a googol squared.
But with a one-time-pad as your algorithm, the key is exactly the same length as the message. So, to bruteforce it, your 2^1024 bits of ciphertext has to be decrypted using 2^1024 different one time pads. Again, only 2^179 of the possible decrypts will actually make any kind of sense. But because we've tried 2^1024 different keys, we obtained 2^1024 different candidate plaintexts - which means that 2^179 of them look like they might make sense. In other words, we've got almost a googol different English language plaintexts - all of which could have been encrypted to make the same ciphertext, depending on the one time pad used. It's a little like saying 'A CD is just a stream of numbers. If we burned every possible CD, starting from 0000000..(50 odd million bits)...000001 up to 11111....11111, one of them will contain the next album Hendrix would have made if he'd lived'. It's true, but somewhat useless.
So, one time pads are, indeed, completely non-brute-forceable.
They can be cracked if they aren't used correctly or if they aren't generated correctly. Take two messages accidentally encrypted with the same one time pad, and the game's up - both messages will be revealed. If the pad isn't truly random, then the keyfield gets reduced. You only need to reduce the keyfield by a factor of, oo, about 2^179 (well, it'll vary depending on the length of the ciphertext), to start getting to the point where the number of plausible plaintexts generatable from any valid key is small enough to be interesting. If you generate your random numbers with a pseudorandom generator, the key size is effectively reduced to the size of the key used to seed the generator.
Imagine being able to administer a drug test to an employee by simply swabbing the mouse or keyboard after hours. Suddenly, being in the same room as someone who had smoked some pot recently. (A recent famous drug case found cocaine traces on the paper currency in the pockets of many people in the court room - even the judge.)
Imagine being able to screen people for EVERYTHING as they pass through a "metal" detector at the airport. If you even touch a firearm within a few days of take-off, you'll have residue on your fingers.
If this can be tuned for genetic testing, then films like GATTACA will be more science and less fiction.
OK, now I've got to go scrub my hands for an hour.
Detecting cancer before it starts is not profitable.
Allowing patients to get cancer, and subjecting them to millions of dollars worth of surgery, chemicals, and radiation therapy ARE profitable.
Which solution do you think the big pharmaceutical companies are going to fund research for?
These are my friends, See how they glisten. See this one shine, how he smiles in the light.