Slashdot Mirror
Quantum Cryptography Leaving the Lab
Theodore Logan writes "More than a year ago, MagiQ announced the world's first commercial quantum cryptography system (pdf), with ID Quantique following closely in their footsteps. Currently, the technology is limited to offering point-to-point connections up to a maximum distance of around 50 km, but this is likely to be greatly improved on in coming years. The systems available today are prohibitely expensive for the average Joe (MagiQ's are priced at more than $50,000 per unit), but one could envision a future in which they are built into the infrastructure by non-end user actors. Does this spell the end of the field of cryptography? Will systems like this ever become commonplace, or will they be reserved for sensitive financial transactions and military applications? What impact will quantum cryptography have on society? Good articles available from International Herald Tribune, EE Times and CNET."
Since they make a point that they "Rely on the laws of physics", they're bound by them too (maths is far more forgiving
OTOH, it's the first generation of these devices, and perhaps IPv8 will somehow encode an encryption hierarchy (packets get encrypted sequentially in one direction, and decrypted on the way back, assuming the same route is taken, each node only needs to know the encryption to the next one worked ok to guarantee the encryption was ok. You'd still want to be in control of all the nodes along the way though...)
As for price - if they can solve the networking issue, that'll come down dramatically - it'll be onboard in the equivalent of the BIOS that we have in ten years time (when we all have fibre to the home. Possible optimistic
Simon
Physicists get Hadrons!
I've seen that regular geeks can build things such as quantum force microscopes in their own homes, how hard would it be for someone to build a quantum crypto system?
Great, point to point security, but how do I encrypt all my pr0n with it?
So we had a slashdot article today about CEOs should be held responsible for security at their organization. Then the law should be written to hold companies responsible for security should be fined 3 x $50,000 = +-$150,000. That would make MagiQ' server a bargain at only $50,000.
I never understood how quantum cryptography is not vulnerable to normal man in the middle attacks. Anyone care to explain?
For a niche market, it may be useful. But the mass market is hardly suffering because of weak cryptography.
New technologies gives us a nice warm feeling, but the banal truth is that what most people need is better use of existing technology.
Still, I assume spooks and crooks will be investing heavily in quantum cryptography, and we'll see the first quantum walkie-talkies within 10-15 years.
Ceci n'est pas une signature
Does this spell the end of the field of cryptography?
Uh, no. Quantum key distribution is completely useless unless you have a cryptographic algorithm and protocol using that key for encryption. I suppose you could just send the message over quantum channels, but a quantum channel for key distribution is probably many orders of magnitude too slow for the acutal data.
"No matter what advances occur in digital computing, quantum encryption can never be deciphered, read or copied"
/dev/null
Linux already has an interface that you can move your critical documents to and they'll never be deciphered, read or copied:
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Will systems like this ever become commonplace, or will they be reserved for sensitive financial transactions and military applications?
Quantum crypto will be very useful for insensitive financial/military applications. Example:
"All right, you worthless son-of-a-bitch -- pay your goddamned taxes, or we blow you away!"
-kgj
-kgj
Dude, "quantum stuff" != "other quantum stuff".
Nice attempt to score an easy +5 insightful...
Freenet: Quantum Encryption Edition
I fear the Quantum DRM that'll follow.
A Japanese reporter was able to get an interview with a small Al Queda cell. He asked them how they communicated messages back and forth. The initial way, they said, was over the phone with code words and special phrases. This turned out to be less than adequate and computers, crypto, and the Internet became the primary means of updating Al Queda cells with new information. However, since the fall of Afghanistan the computer systems that Al Queda used at the home base have all been destroyed or confiscated by American troops.
So what do they do now? Courier. Someone physically carries the message from person to person and is capable of destroying himself and the message at any sign of danger.
If your data is so important that you need this level of crypto, try to remember that all it takes is a very determined person to come in and steal the machine. Crypto is one of those feel-good technologies that costs people a lot of money but doesn't really do much for anyone in the end.
I have been pwned because my
Many scientists have foretold the end of RSA with the advent of quantum computers. With these super fast computers you could factorize any prime within an acceptional window.
So why can't we use quantum computers to generate HUGE (really HUGE) primes so that even quantum computers won't be able to factorize easily?
The point is that quantum computers break ordinary cryptography, at least prime-based RSA-type stuff. So when everyone has a quantum machine on their desktop, we'll all need quantom crypto, because nothing else will be secure anymore.
Media that can be recorded and distributed can be recorded and distributed.
-kfg
This type of thing will become necessary once sufficiently powerful quantum computers become available, but until then - it is pretty hard to think of any applications for this that more conventional symmetric cryptography such as AES can't address.
All this is in link security it wills top people from tapping into fiber between endpoints (currently 50km not exactly usefull distance) this might be usefull for a paranoid campus setting or for military short distance communications. It would be nice for point to point open air laser links (I think it can be applied to that dont see any reason it cant but not 100% sure) But overall this dosent realy do much of anything usefull beyond that. I would hope they are working on longer distances though it would seem that since the quantum stuff is allways in sync and has little do to with speed of light while the laser light does have those issues so it would seem like a timing issue, again though in quantum physics I'm just an interested observer.
No sir I dont like it.
said Bob Gelfond, founder and CEO of MagiQ Technologies. "No
matter what advances occur in digital computing, quantum encryption can never
be deciphered, read or copied.
These kinds of statements always amuse me. It may be the toughest thing yet, but there's no saying that our understanding of some of the properties of quantum physics aren't flawed. Science may yet prove him wrong.
Where's my lobbyist? Right here.
If you can get a man in the middle both on the quantum channel and on the public channel then quantum encryption helps fuck all.
I will be the first to admit that I am somewhat ignorant in this matter. My understanding is that current crypto systems rely on the fact that keys take an extremely long time to be brute forced because currently computers are not efficient at all at factoring.
As I mentioned before I am ignorant when it comes to this but doesn't it seem a little naive to say that their technology is 100% secure? I read the pdf and it sounds impressive but I still don't know about anything really being 100% secure for all time.
Too bad quantum crypto and quantum computing have absolutely nothing in common.
Quantum crypto is a misnomer, it isnt even crypto at all. It's an intrusion detection system. Quantum crypto works by sending sensitive photons through a tight channel as bits which will get disturbed by an eavesdropper. Where as electrical signal on a wire expects static, and a wiretap isnt noticed.
Quantum computing however, works on electron entanglement, and is pretty far off.
Quantum cryptography (at least in under current theory) cannot be cracked, or intercepted, or decoded twice by two different entities. It is the king of the mountain as far as secure goes.
There are huge problems in trying to transfer the information using quantum cryptography in a non point to point situation, but then again, isn't the point of cryptography (most of the time) to keep your communication as point to point as possible?
Some day, the only way to transfer your information completely securely will be to lock that info into the spin of an electron, or the polarity of a photon, and store those in some secure phyisical media. Then transfer that physical media to the intended recipient, and later verify with them that they are the ones that decoded it. It'll be a pain, but it might be the only way to actually be secure in the end.
Hopefully someone finds a way to automate that system to an extent, without losing it's completely secure nature. Optical switching that somehow manages not to touch that photon? Hmm..
In this case though, quantum cryptography, and quantum computing both have a lot to do with how secure your data can be.
Anything you send into /dev/null comes out in an alternate universe in /dev/random. Don't expect to be able to understand it any more than their universe can understand your /dev/null.
and I can't believe anyone actually modded you up. So crypto is just a "feel-good technolog[y]" and "doesn't really do much for anyone in the end"? Have you ever used a VPN? Or SSL? Or anything in the PGP/GPG genre? Why?
Crypto is not perfect but it is extremely useful in certain situations. You apparently believe that since crypto doesn't solve all of our problems that we shouldn't use it at all.
PS If you think that "a very determined person" stealing the machine will render all crypto ineffective, you need some remedial reading on the topic. (Not a flame - just an observation.) Here is a hint: multi-level security.
I want to drag this out as long as possible. Bring me my protractor.
Here is a whitepaper from MagiQ on their technology.
What impact will quantum cryptography have on society?
It will be the end of us all! I will *never* purchase GMO-computers They will spread into neighboring villages and corporate monopolies such as Consanto will patent with royalties accumulated on a per atom basis.
Oh, the humanity!
Quantom theorys are already out of the lab and in the real world. Old computer hardware is based on NAND and XOR gates but Toffoli and Fredkin gates are useful in the modern world and because you can revser them, once you start building DES/AES/RSA engines out of them, you can start to short circut some of the brute force attaces in very interesting ways. Combined with the real world ability to pre-compute and store data sets in the order of 3e12 bytes at a time, there are many crypt attacks now open to anyone with a good collection of hard drives.
I call'em quarkers.
as long as the current internet infrastructure works like this it won't be widely adopted. why? simply because it is a quite expensive way of communicating between n different spots if you have to install n! fiber cables.
Only morons moderate based on a sig.
"OK.. sorry for summarising.. but quantum computers can crack conventional encryption in a single cycle. They make it trivial to factor things down to prime numbers, no matter how large. And since this is the basis of most current cryptography, they will obsolete our current cryptography."
This is bullshit. First off, you have to assume that
a) non-trivial Quantum computers can be constructed at all [who says there are not limits?]
b) The time per solution is not greater than a brute force attack.
I mean sure a single cycle AES cracker would be cool. But if the machine took 2^100 years to build who gives a shit?
This type of hype always pisses me off.
To boot as I understand it, QC only "attacks" in sqrt time by meet-in-the-middle approaches. So AES-256 would provide all the security ya need.
Tom
Someday, I'll have a real sig.
See Bruce Schneier's comments about Magiq and quantum cryptography at Schneier.com:
To quote:
This isn't new. The basic science was developed in the early 1980s, and there have been steady advances in engineering since then. I describe how it all works--basically--in Applied Cryptography, 2nd Edition (pages 554-557).
I don't have any hope for this sort of product. I don't have any hope for the commercialization of quantum cryptography in general; I don't believe it solves any security problem that needs solving. I don't believe that it's worth paying for, and I can't imagine anyone but a few technophiles buying and deploying it.
It's not that quantum cryptography might be insecure; it's that we don't need cryptography to be any more secure.
Perhaps someone will discover a work-around to Heisenberg's uncertainty principle, or perhaps researchers will find flaws in the implementation of the algorithm. But if history is any indication of the future, quantum cryptography will eventually be cracked.
Have fun: Join D.N.A. (National Dyslexics Association)
I suspect the first mainstream application of this will involve watching porn at the office.
We are one consciousness experiencing itself subjectively. Back to you with the weather, Bob!
You said quantum waaaay too many times. Who do you think you are, the late Mr. Carl "billions and billions" Sagan?
"Do you suppose that's why God lives in the Heavens? Because he lives in fear of His creations?" - Steve Buscemi
As far as I know, this quantum "cryptography" prevents just passive evesdropping (where the parties are able to notice evesdropping because of this quantum "cryptography"), but as it doesn't include any kind of authentication, active attact (where all the messages are captured and the attacker is able to send his own messages) should be successfull. It is possible for Eve to just hijack all the messages and pretend to be Bob when communicating with Alice and to pretend to be Alice when communicating with Bob.
It is of course possible to make this "cryptography" more secure by using some classical cryptographical methods, like authentication. But if we have rely to public key algorithms (which might become obsolete by advances in quantum computing), then it is not clear to me what is the advantage of using quantum cryptography in the first place. If somebody has answer to this question, I would be glad to hear it.
But these days if you want to intercept data then cracking the crypto is one of the last avenues you would try anyway. Far easier to crack the end points, suborn a trusted employee or any of the other common attacks. Security is only as strong as the weakest link. Quantum crypto merely reinforces one of the strongest links.
You are lost in a twisty maze of little standards, all different.
I wouldn't be surprised if the Government prevented this from becoming common place: I remember them doing something like this before, where they wouldn't allow 40-bit encryption system for the public (or something like that), because it meant the NSA couldn't crack it in a reasonable time. Privacy is illegal. If the government can't tap your phone calls and read your e-mails, then they won't allow the public to use that technology. Or at least until the war on terrorism ends (should be sometime around the extinction of human nature and mankind).
"You know you don't act like a scientist, you're more like a game show host." Dana Barret
Is a non-end user actor?
For some reason I have this vision of Gary Bussey making a drug deal...
heh - chitlenz
Imagination is the silver lining of Intelligence.
(Based on memory of Bruce Schneier's description in Applied Cryptography)
/, and \.
Alice sends Bob a series of polarized photons.
There are four possibilities: -, |,
Bob sets up his polarization detector randomly so that each "qbit" is measured either for horizontal/vertical polarization or diagonal polarization. If a - or | photon hits the detector and it was set up for horizontal/vertical, he gets a good bit, otherwise a bad bit. And if a / or \ photon hits the detector and it was set up for diagonal polarization, same story. The key point is this: if the detector was set one way and the photon is polarized the other, it is in principle impossible to know its true polarization.
So Bob has a sequence of photons, some of which he knows, and some he doesn't, and he knows which are which. He sends Alice a clear-text message saying which ones he knows. Alice then encrypts the true plaintext by XOR'ing it with the values of the photons that Bob knows, using some convention like "- and / are 0, | and \ are 1".
Example:
Alice sends...: - \ - | / - | (random)
Bob's detector: + + X + X X + (random)
Bob's result..: - ? ? | / ? |
Bob's response: 1 0 0 1 1 0 1
Key...........: 0 1 1 1
If Eve tries to listen in on the photons Alice sends to Bob, she perturbs them irrevocably.
A bad description -- go buy Bruce's book for a better one.
"Skill shows through where genius wears thin." -Wittgenstein || Religion: uniting aviation and architecture.
The reason most encryption works is because when you linearly increase key size, you exponentially increase the amount of time required to crack the key if you have no special knowledge, meaning it is much more difficult (impossible for practical purposes) to decrypt without a key than encrypt or decrypt with the necessary keys.
Doubling the key size may only double the work of the one encrypting and decrypting using a key but exponentially increases the work of the one trying to break it without a key. Almost no matter how easy it is to crack a short key, you can increase key size until the advantage of linear versus exponential is overwhelming.
But quantum computing -- encoding the problem into the quantum matrix, not to be confused with the quantum encryption described in this article -- threatens to be able to solve such problems in linear time instead of exponential time.
This means that when the user doubles the size of his key instead of exponentially (enormously) increasing the amount of work to solve the problem, it only doubles the amount of work required to crack it, which would make decryption a simple footrace even if you do not have the key, if the amount of work required to crack the key is proportional to the amount of work required to encrypt / decrypt instead of an exponential relationship.
Primes would not seem to be adequate at all, if quantum computing allows them to be solved linearly. At best, if you could find something that had the difficulty of non-quantum primes under quantum computing, then perhaps you could use that.
I was looking at this, and reading about it, and read how you cannot determine the state of the photons without changing their state, so someone cannot "watch" the photons fly past without affecting them. I'm assuming the black box on the other end is somehow able to read the original photons correctly?
However... What if someone were to have their own "black box", break the fiberoptic line, put one end into the receiver of their black box, and the other end out. That way you wouldn't be watching the photons go by, and affecting them. You could read them with your own black box, then re-transmit the correct photon.
Admittedly, this would be expensive, but if you are in dire need of reading something that had to be secured with quantum encryption, then money probably isn't of much concern.
Is this an incorrect assumption, or analysis on my part? I'm not a quantum physicist by any means, but I couldn't glean enough info from the articles to tell otherwise.
-Jesse
Nothing says "unprofessional job" like wrinkles in your duct tape.
As far as I know, this quantum "cryptography" prevents just passive evesdropping (where the parties are able to notice evesdropping because of this quantum "cryptography"), but as it doesn't include any kind of authentication, active attact (where all the messages are captured and the attacker is able to send his own messages) should be successfull. It is possible for Eve to just hijack all the messages and pretend to be Bob when communicating with Alice and to pretend to be Alice when communicating with Bob. It is of course possible to make this "cryptography" more secure by using some classical cryptographical methods, like authentication. But if we have rely to public key algorithms (which might become obsolete by advances in quantum computing), then it is not clear to me what is the advantage of using quantum cryptography in the first place. If somebody has answer to this question, I would be glad to hear it.
This will eventually be a problem for non-quantum algorithms, but if you need to protect against quantum decryption, then you can just use quantum ENcryption with extremely massive key sizes.
Quantum Bittorrent version 10.0 here we come!
He said (my emphasis) "No matter what advances occur in digital computing, quantum encryption can never be deciphered, read or copied." and he's right. It would take advances in our knowledge of quantum physics to change that, not advances in digital computing.
Boffoonery - downloadable Comedy Benefit for Bletchley Park
Reading datas alter them. So the man in the middle will be detected.
This is true for a passive attack, i.e., one were the attacker can only eavesdrop on a connection. However, in a man-in-the-middle attack, the attacker can also arbitrarily modify data. In particular you can have the following situation:
Here Alice thinks she is talking to Bob, but in fact she's talking to Eve, who decodes her packets, re-encodes them, and sends them to Bob. Unless Alice and Bob have some authentication mechanism (say, a shared secret key, or the other's public key), they have absolutely no way to tell that this is going on. The ability to detect eavesdropping on the quantum channel doesn't help at all, since Eve isn't eavesdropping - she's tunneling between two physically separate channels. Quantum cryptography does not differ in this respect from conventional cryptography: it's a basic fact of communication - how do you establish that the bits you are receiving come from the person/system from who you think they come?
Does this spell the end of the field of cryptography?
What does this mean? Is this asking if it spells the end of traditional crypto?
I thought the way these quantum devices worked was to simply use quantum crypto to do a key exchange, and then it used that key for AES or whatever, rolling the key frequently. If this is the case, I would think it's far from the end of traditional crypto.
Need Free Juniper/NetScreen Support? JuniperForum
Quantum crypto in this sense is mostly a nonissue, because of the limited range.
What's more interesting is cryptography done on quantum computers. This promises to make traditional cryptography useless. However, there will be new algorithms usable on quantum computers that keep cryptography alive. The transition could be painful - I haven't heard anything about how it could be handled smoothly.
This is like the advent of the flying car or the amphibious car. Yeah, it looks cool, but does it justify the marginal increase in cost? Frankly, I'm not putting up waystations every 50 km from here to my bank just to protect the few cents I do have. 128-bit encryption is good enough for now, and if it isn't 4096-bit encryption will be good enough for the next few millenia, assuming Moore's law holds constant. Remember, no matter how fast your computer is, 2^4096 is still a big damn number, and unless you've got a 4096 bit architecture, the coding is going to be truly nasty.
"Anyone who attempts to generate random numbers by deterministic means is living in a state of sin." -- John von Neumann
I think uncrackable dedicated lines have a limited use because of geography. If you want to give a friend a uncrackable message you give him a copy of your table of random numbers and layout your command interface on top of that. Use each number once and there is nothing to crack, just random numbers flying by, no pattern. All you can do is steal the code-book itself.
With the current trend of huge memory chips becoming very cheap and small you can use it to have a garage door opener which cannot be cracked with radio signals, you must read the physical chip. You can also steer a robot and no one can crack the communication, only the physical robot or remote control itself.
All you need is a true random number generator to make sure any future supercomputer cannot see any pattern in the generation. Luckily we are pushing the limits of Moore's law and gateways get so small that we can get 100% uncertainty of whether or not a signal goes through when we send it. Future cpu's may get a random number unit next to the fpu and integer unit.
--
Dennis SCP
The state of public key cryptology today uses mathmatical constructs which can be attacked using math. You do not want to use mathmatical constructs when designing a cryptosystem unless it is the only way. Public/asymetric cryptosystems (RSA/Diffie-Hellman) uses number theory. To public knowledge factorization of large primes or the discrete log problem are thought to be hard. Think of it this way triple des which does not use mathmatical constructs is very secure with a effective key space of 2^112, by comparison RSA needs a key space of 2^1024 bits because it can me attacked with math. If they can get quantem cryptology to work large distances we will see the end of RSA/diffie-hellman.
I've heard you can use steganography to hide your data in .JPGs ;)
.JPGs in data :-)
I've heard that Pr0n viewers in Russia hide their
I just type my sig in the reply form...
To the question asked by the artcle submitter:the answer is no (at least, not yet), because quantum cryptography (in its present form) may be useful for encrypting communications, but it is ineffective for encrypting stored data.
Those who sacrifice security to condemn liberty deserve to repeat history or something. - Benjamin Santayana
The proof that without authentication a man in the middle attack is always possible requires only logic. Does it make much sense to give people who cannot grasp logic an explanation?
Out of the goodness of my heart Ill give one anyway. Quantum cryptography uses a public channel on which the information about the statistics of the quantum events is send so both parties can detect eavesdropping. This channel is assumed to only allow ease dropping but not diversion or alteration. The public channel's "routing" provides the authentication I mentioned before.
When that assumption is broken, by putting a man in the middle on the public channel, you can use a man in the middle attack on the quantum channel too.
I have written this book partly to correct a mistake.
Seven years ago I wrote another book: Applied Cryptography. In it I described a mathematical utopia: algorithms that would keep your deepest secrets safe for millennia, protocols that could perform the most fantastical electronic interactions-unregulated gambling, undetectable authentication, anonymous cash-safely and securely. In my vision cryptography was the great technological equalizer; anyone with a cheap (and getting cheaper every year) computer could have the same security as the largest government. ...I went so far as to write: "It is insufficient to protect ourselves with laws; we need to protect ourselves with mathematics."
It's just not true. Cryptography can't do any of that.
It's not that cryptography has gotten weaker since 1994, or that the things I described in that book are no longer true; it's that cryptography doesn't exist in a vacuum.
Cryptography is a branch of mathematics. And like all mathematics, it involves numbers, equations, and logic. Security, palpable security that you or I might find useful in our lives, involves people: things people know, relationships between people, people and how they relate to machines. Digital security involves computers: complex, unstable, buggy computers.
Mathematics is perfect; reality is subjective. Mathematics is defined; computers are ornery. Mathematics is logical; people are erratic, capricious, and barely comprehensible.
The error of Applied Cryptography is that I didn't talk at all about the context. I talked about cryptography as if it were The Answer(TM). I was pretty naïve.
The result wasn't pretty. Readers believed that cryptography was a kind of magic security dust that they could sprinkle over their software and make it secure. ... A colleague once told me that the world was full of bad security systems designed by people who read Applied Cryptography.
Since writing the book, I have made a living as a cryptography consultant: designing and analyzing security systems. To my initial surprise, I found that the weak points had nothing to do with the mathematics. They were in the hardware, the software, the networks, and the people. Beautiful pieces of mathematics were made irrelevant through bad programming, a lousy operating system, or someone's bad password choice. ...
Any real-world system is a complicated series of interconnections. ... No system is perfect; no technology is The Answer(TM).
This is obvious to anyone involved in real-world security. In the real world, security involves processes. It involves preventative technologies, but also detection and reaction processes, and an entire forensics system to hunt down and prosecute the guilty. Security is not a product; it itself is a process. And if we're ever going to make our digital systems secure, we're going to have to start building processes.
A few years ago I heard a quotation, and I am going to modify it here: If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology.
This book is about those security problems, the limitations of technology, and the solutions.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
As you can see from the replies above Quantum security if venerable to Man-In-the Middle attacks where you think your talking to one person but your actually not.
Now after you overcome the problem of Man in the Middle you must overcome Tempest Attacks which captures the output radiation of electronic devices to gather sensitive data. I once saw a program that illustrated this that used two TV's side by side. One had a picture and the second one was very close and finely tuned to see the image on the first screen. Yeah it was a simple demonstration but illustrates that security is tough.
Hire one of our displaced IT Workers as a courier. If anyone tries to steal the message, he'll destroy himself. Either way the unemployment rate goes down.
It's rare that you're presented with a knob whose only two positions are Make History and Flee Your Glorious Destiny.
What I found rather peculiar about his view was that the reason he didn't like quantum cryptography was because it enabled organizations, such as a corrupt government perhaps, to be able to use this effectively unbreakable communication technique in order to avoid accountability to anyone else, while as long as encryption technologies remain crackable, there would always be some risk of being accountable to others for what they are communicating about.
It didn't even seem to matter to him that his own communications would be secure with this technology... he just didn't like the idea of technology introducing a break in a chain of accountability.
File under 'M' for 'Manic ranting'
Your description is almost right, but after receiving the photons, Bob can't tell which ones were "good" or "bad". Instead, the two parties have to exchange cleartext information about which bases they used. Then the ones where they matched are the good photons which can encrypt the message.
The problem is with this cleartext message about the bases. How do you stop an intermediary from altering this message, which could hide her attempts to snoop on the photons? This is the problem of sending an authenticated message, and quantum crypto won't help you with this.
To send the authenticated cleartext message, you either need a tamper-proof channel between the parties, which is usually physically impossible, or you have to fall back on regular crypto, either public key or pre-shared key. So ultimately the supposedly unbreakable security of quantum crypto is in fact dependent on conventional cryptography. And if you're relying on conventional crypto anyway, why go to the expense of using quantum crypto?
In short, there is a great deal of hype here. When closely examined, the physical and computational requirements of quantum crypto don't make sense for the real world. You either need an unrealistic tamper-proof channel, or you rely on regular crypto and get no more security than conventional crypto gives you.
In the US, there will no doubt be a law passed in short order making it illegal for consumers to own any quantum crypto devices. The only people who will be allowed to have them will be the government, and maybe banks, so long as they provide the government with their keys...
Quantum Cryptography is an Intrusion Detection System.
It tells you if someone stole your message.
Great.
It seems that this technology is limitted to photonic transmission. Is that the case or can this technology be applied to wireless transmission media as well?
Your monitor is staring at you.
"Will systems like this ever become commonplace?"
I predict that quantium crypto computers will be so large as to fill an entire building, and only the 5 richest people in the world will be able to afford them
Okay, we've established that quantum cryptography is, for all intents and purposes, immune to traditional attemps to break into encrypted data. Is it possible that quantum physics could also provide a mechanism for stealing the information without it being detected?
--- Don't ever trust a woman until she's dead- B.B. King
You are being a fucktard. People are asking questions, seeking to reduce their ignorance of the topic, and you're sitting there being a cunt. You posted something without any backing, which roughly translated to "I think I know more about this than you, nyah nyah". This is worth precisely nothing. Please adjust your attitude before you post again.
You mean that by observing the state of my quantum-encoded music, it will collapse states and become unreadable? What's the advantage over regular DRM?
Every cipher scheme ... has eventually been broken.
Okay. But Steg is not a cipher. Nor are quantum transmissions ciphers.
And I'd like to see the proof that a one-time pad can be broken.
that voice telephone wasn't needed. And if it was ever invented there would be no practical use for it.
This was shortly before it was invented.
There are some very smart people in the world who are incredibly short sighted. Quantum Cryptography will be very handy when quantum computers become common place making cracking current codes not much of an issue. And I don't think people realize how much technology is packed into a modem. Building quantum modems "cheaply" is a good first step to building more general computing systems based on that technology.
And just to cut people off at the pass, the 640K comment was made for exactly one chip at one point in time in a debate over how much of the 1MB of ram supported by the chip should be given to the user for program use.
Ben
Work Safe Porn
I was assuming he knew what he was talking about, and just trying to get him to justify the validity of the hidden assumption of the public channel not being alterable.
I never understood how quantum cryptography is not vulnerable to normal man in the middle attacks. Anyone care to explain?
It is completely vulnerable to the man in the middle attack. There is no authentication provided by quantum cryptography, and authentication is the only prevention for the man in the middle attack. Most people hear statements like "Quantum cryptography is immune to evesdropping by the laws of physics" and assume that includes an immunity to the man in the middle attack, but it does not. (In particular, the principle of indistinguishable particles seems to prohibit quantum authentication.)
Alice <--> Man <--> Bob
Alice thinks she's talking to Bob, but is actually talking to Man on a completely secure channel. Likewise with Bob. All that Man must do is compromise both the quantum and the classical channel, and the man in the middle attack is successful.
The solution to this, is that there must be another classical method of authentication used, and then the maximum security of the connection is reduced to the security of that classical authentication method. After a connection is authenticated by classical means, the quantum encrypted connection can be used as a "key growing" connection, and can continue to share keys securely which can be used for further authentication in the future. Thus, a quantum encrypted connection which has been authenticated by a known good method (such as a trusted agent carrying a CD in a briefcase), can be used with confidence to grow keys and relay information in the future with a provably secure connection.
It is possible to encrypt at a 'higher' layer. Fibre Channel SCSI payloads can be encrypted transparently, this has already been done. MagicQ plus storage encryption = (JBOD) hard disk encryption
a) non-trivial Quantum computers can be constructed at all [who says there are not limits?
/. headlines or other one-line summaries of the technology. Contrary to popular belief, it's really not all that confusing. It's just an interesting way to exploit something that was observed in nature (like most other inventions). Try something like "The Feynman Processor". It's kinda old now (everything is "in the future"), but it's all explained so that my cat could understand it given enough time.
/. reader.
OK, why would you assume some arbitrary limit on the number of quantum gates that can be linked together? You only need to link as many gates as the bits of encryption you're trying to crack. I know that currently quantum computers are only factoring numbers like 15, and that the methods that are used to link the gates are not easy, but there is no reason that the exact same methods can't be used to link more gates.
b) The time per solution is not greater than a brute force attack.
OK, now I know you're just a complete dumbass! Do you know anything about quantum computing? I don't know how long you think it takes an electron to change state, but in case you're wondering, it's not very long. All of the work in a quantum computer is actually done before you ask for the solution. The actual work side also takes virtually no time. You'll simply be asking it the same question every time, and it calculates all the answers for you (over simplified to the point of being wrong, but at this point it seems quite necessary) and you simply tell it which answer you'd like. The time it takes for all this to happen is short enough that I doubt it could be measured. Even if the different gates in your computer are miles or light years apart, the quantumly linked actions are (were last time I read) considered to be instantaneous (yes, faster than light). The slowest part of the system will be where you want to interface your quantum computer with the "real" world.
This type of hype always pisses me off.
Why don't you read some literature the explains quantum computing and then read your comments again. If you haven't read anything about how it actually works, then you can only depend on the
I fear that I've greatly over-estimated the average
If I read this correctly it seems they are are just sending the encryption key over this "secured line" What about the message itself? They only take care of transmitting the key over an unbreakable channel.. How are they trasmitting the actualy message?
AcmeShells.com The cheapest Eggdrop
If you send a file to /dev/null (assuming you stored the document on a disk drive) the data is still on the hard drive, it is just in blocks that are no longer marked as used. Even overwriting that data with other data several times will not get rid of the data in total, and an agency with enough budget could recover it. Actual total destruction requires several overwrites of specific bit sequences to muddy things up enough to make data recovery extremely difficult, though not unfeasable.
Ignorance kills, complacency kills, hatred kills, but usually not the ones guilty of them.
Quantum Authentication
With these huge budget cuts, poor Quanty had to get a job out of the academia after his fellowship was finally cancelled.
To do list for Windows
Here's one - it is easy to listen in on today's encrypted comms... It is easy to identify inderesting endpoints (US DOD, etc), it is cheap to write likely interesting messages to disk. A few years from now, you just set your Qomputer to decrypt all those stored comms. Just because it is in the past doesn't mean that it is stale (how old is your SSN/bank acount number/etc? How long has that sleeper cell been active?)
Anyone who can afford a wiretap and a diskfarm today and a QC tomorrow will be able to crack an awful lot of sensitive traffic.
Just to clarify, the reason the "indistinguishable particles" objection fails is: this scheme is meant to authenticate the information that the particle is carrying (the state of the particle), rather than the particle itself. That is, Eve can switch particles on you, but if the state is not the same as the original, you can find out.
One-time pads can only transfer as much data as the pad length, that is the nature of them. Rehashing them and whatever leave you open to attacks. So you need to transfer N bytes of pad to get N bytes of data securely. Well, if you already have a secure quantum line, why not send N bytes of data?
Now, if you could transfer a small symmetric key (well, at least on the order of bytes or kilobytes, not gigabytes), on the other hand...
Oh and one more thing - don't forget to have some kind of checksum on the OTP - if someone replaced the OTP with another OTP (standard man-in-the-middle attack) you wouldn't know... after all, it's only random data. The pads may no longer match, but who'd notice?
Kjella
Live today, because you never know what tomorrow brings
To address your first paragraph.... Why do you assume there is no limit? Maybe circuit building is a O(n^10) process?
To address your second paragraph.... "time per solution" meant the time it takes to make the actual device. If it takes 2^100 years to design an AES cracker I don't care.
Overall... I never said QC is impossible. I just hate how people spin [forgive the pun] things to no logical ends.... OMG they can factor the number 15. That means the technology works. Doesn't mean it will scale. Factoring 15 and a 1000-bit composite are not the same order of magnitude.
Similarly AES is not a trivial algorithm. Designing a QC for AES may prove to be intractable. Which means all the QC hype in the world won't break AES.
Who knows. Keep an open mind and don't make stupid conclusions like "crypto is dead" or "your mother is a whore".
Tom
Someday, I'll have a real sig.
Why don't you read some literature the explains quantum computing...
Last I heard, there is still a ton of comp-sci problems that are hard, even in the quantum world. NP problems will still be NP problems---quantum computers don't help with those.
Also, unless some really major innovations come up, we won't see quantum computers anytime soon (and I mean in centuries, not years).
"If anything can go wrong, it will." - Murphy
Is quantum crypto provably flawed?
.1 photon to reduce the probability of generating a two-photon pulse that could be split and eavesdropped undetectably."
I see tons of posts stating the the link is "absolutely" secure, but it seems that isn't really the case. (see the bottom of the page.)
What strikes me about all this is the following section:
"each pulse should be attenuated to an average of about
What that says to me is that there is not way to 100% know you're transmitting just one photon.
It sounds like there's no device that is capable of transmitting one and only one photon with 100% reliability. If this is the case, a lot of the arguments about how secure this is are vastly overstated.
In the end QC would be vulnerable to a man-in-the-middle attack by watching for multi-photon emissions.
If this is the case, a lot of the noise surrounding QC could turn out to be hype. Is there a quantum physicist in the house?
Life is too short to proofread.
Ok, so weird optical quantum cryptography is one thing. It will take an age for it to become generally relevant due to the need for special fibre lines and devices and known paths.
What's more significant is the question "What will happen once quantum cryptanalysis (sponsored to the tune of GIGA$$ no doubt today by Uncle Sam's shady agencies) breaks all known conventional strong encryption?"
Think about it.
Quantum cryptanalysis will completely change the future course of Internet and Web architecture. While today we're clearly heading for nebulous but indestructable steganographic, strong-encrypted P2P virtual private networks (for business use, for personal and group use), that whole model breaks down if all conventional strong crypto is broken, as may very well happen with quantum cryptanalysis.
That is a REALLY SIGNIFICANT fork in the road coming up in the near future of the InterWeb.
Where are we going and why are we in a handbasket?
...again though in quantum physics I'm just an interested observer.
Just an observer? Well that changes everything!Now what I want to know is if someday someone discovers a way around the uncertainty principle, would that be considered circumvention if this was used for protection of copyrighted media?
Just a thought....
I know encryption schemes such as RSA rely on the difficult of integer factorization as opposed to the ease of multiplying two prime numbers together/generating a prime number. And I know we have a provable quantum integer factorization algorithm (that factored 15 into 3 and 5) that works in sqrt(n) time I believe. What about other encryption methods such as ECC (elliptic curve cryptography) which rely on the difficulty of the discrete logarithm problem (or in the case of ECC, the elliptic curve discrete logarithm problem which according to wikipedia "is [belived to be] significantly more difficult than DLP."). Will quantum computers be able to make these problems easy enough to brute-force them faster than exponential time?
What effect does a cable cut in your point-to-point fiber link have on the quantum state? If the cable is repaired, there's at least one glass-to-glass (or plastic-to-plastic) junction where there wasn't before.
Chip H.
"cracking" something like that will still be most doable with social engineering. Depending on what the crack is really worth, employees with access can be bought off, scared off, or usually a combination of the two. If it's extremely valuable information that is needed by the cracker (say a state sponsered attempt against a critical defense or financial entity, etc), then kidnapping and torture might be used-say.
It's in the payoffs what people will risk, and how hard you make it for the cracker.
Give you a real world example in security. This is researchable BTW. When a lot of states passed the "two or three strikes and you're out" laws, intending to have better "security" for their populations, a curious thing happend, violent crime went up, as criminals who before were satisfied with the risk/reward ratio suddenly realised that if they got popped or identified that that might face life switched to more violent crimes because they had "nothing to lose" if they were caught and convicted. If you are going to get life for your third even small time felony conviction, and manslaughter is life, well..... that's what happened.
The same thing will happen in the cybersecurity end of things, because the data trying to be stolen is valuable from the "real world" applications that the data represents.(I am not considering casual defacement and sport by kiddies). Make it TOO hard for traditional cracking, I predict a lot more actual physical insecurity for employees of those places, and more blackmail/bribery attempts, all the way to the director or CIO levels.
you develop missiles, then you adversary needs anti missiles, then you need anti anti missiles, and so forth. Security is always analogous to an arms race, yes?
And don't gimme that "not physically possible to crack" heisenberg uncertainty BS. Quantum cryptography is very advanced, but if information can be extracted from a medium (floppy, CD, Photon, whatever) somebody will figure out some way to do it.
Please note the most important part of the article:
"Again, Alice and Bob share a secret key k unknown to Eve."
Like I said, authentication can ONLY be done when there is already a secret key in common. Thus, your security is reduced to the security of the transmission of that secret key. Then quantum encryption only works as a key growing method.
That is, Eve can switch particles on you, but if the state is not the same as the original, you can find out.
Except that you can't find out, because your means of finding out is through the classical channel, which Eve has also compromised. In essence, both parties are holding a perfectly secure conversation with Eve. They just don't know it's Eve.
http://en.wikipedia.org/wiki/Shor%27s_algorithm
"Many public key cryptosystems, such as RSA, will become obsolete if Shor's algorithm is ever implemented in a practical quantum computer."
Are there any encryption systems that would not be obsolete if a quantum computer becomes practical?
As someone said elsewhere in this conversation: Collect and store all the encrypted information now, and crack it later when quantum computers come online.
That's correct. No such thing as a free lunch, after all! My only point was that there is a way to do authentication "quantumly".
If the music is encoded like in that transmission, that the information collapses once read, then well, the use for DRM could be buy-once use-once media. Would be pretty annoying, especially since THE LAW makes it illegal to circumvent it, however easy (plug in recorder to output) it might be.
I'm still trying to figure out what people mean by 'social skills' here.
So a symmetric key requires a random number--how is it generated? If it's just thermal noise at the sender, it shouldn't be detected, right?
-I am an elective eunuch.
Uhh you do realise that NP contains P? If they weren't still NP, then quantum computers would be making them SLOWER
Anyway, quantum computers are okay at some NP problems. They unfortunately don't do very well on NP-hard problems. But "hard" NP problems which are not NP-hard, such as factoring and discrete log, sometimes get sped up a little.
They may also have huge implications in databases. Grover's algorithm could be quite useful for very very very large databases.
Here's my much cheaper alternative for UNBREAKABLE CRYPTOGRAPHY in the same conditions. Buy two massive RAID arrays ($1000 each = $2000). Completely fill them with identical random data, probably from a thermodynamic random number generator (let's guess $1000 -- it's to avoid a snooper second-guessing a software random number generator). Put one in a honda civic ($9000) and drive it to your other location. Have at least three people in the car at the time to minimize the odds of in-transit funny business. Drop it off at Point B and come back. (50km round trip = 2 hours' round trip * $60/man-hour * 3 men = $360. About 80 miles at 30mpg and $1.70 per gallon of gas = $4.54. Assume no tolls. We're not paying for car depreciation since we bought the damn car expressly for this.)
Now when you need to transmit data securely between the points, start going through your 10TB of one-time pad. It should last quite a while, assuming you aren't sending mountains of full-length DVD rips. If you constrain it to email, most places should go for years on this much one-time pad.
When you run out of data on your one-time pad, obviously you can't reuse it. That wouldn't be UNBREAKABLE CRYPTOGRAPHY. Instead, drive the civic (you kept it, right?) to Point B and come back with the RAID. You only need to send one person since the RAID doesn't contain sensitive data anymore; he can copy it if he wants (Same $4.54 gas price, and $120 of labor). Fill both RAIDs with fresh random data. Bring the second RAID back to Point B (all three guys gotta go this time, since it's full of sensitive data: $364.54).
So I've set up a system of UNBREAKABLE CRYPTOGRAPHY between two points less than 50km apart for no more than $12,364.54, a full $37,365.46 cheaper than that crack team of physicist/MBAs could offer you. Plus you get a good-condition used car out of it. Every few years, you'll have to pay $489.08 to refresh the one-time pads, so eventually the costs will even out. Assuming the one-time pads last 5 years, it should take 382 years of using my method before it's as expensive as the Quantum Thingamahoozy installation.
Maybe their market sector is immortals. Even so, you could invest the $37,365.46 in a money market and far surpass that over 382 years. At a mere annual 6% interest (compounded continuously), you'd turn it into $3,358,641,610,230,000, whereas if you put it into the Quantum Thingamahoozy, you'd only break even. So they must be targeting financially foolish immortals, which seems to me to be a small market sector. If they're that foolish, after all, they probably can't afford the $50,000 price tag in the first place.
Using RSA as an example, here's a less-than-six-step process for finding the private key given the public key (exponent e and modulus m=pq):
(1) Factor m into p and q (both distinct primes).
(2) Calculate phi(m) = (p-1)(q-1).
(3) Find the reciprocal of e in this new modulus phi(m). That's the private key.
Once you have step 1, the rest takes a very short amount of time (less than a second). And you don't even need a sample message....
The problem is you can solve for the third thing, but some things are harder to solve for than others. All of the security of public key cryptosystems depend on the "hardness" of the "third thing" you need to solve for.
To give an easy example of how one way can be harder than the other, try doing this problem by hand:
Given y = x^3 - x^2 + 5x - 4,
(1) Find y given x=3.
(2) Find x given y=10.
Why is one way harder than the other? Because it's easy to multiply things together, but not so easy to factor. It's the same thing with cryptosystems. So, I doubt anyone will find a simple algorithm to make them equally "easy." The best factoring algorithms in the world are still nowhere as simple as multiplication.
OTOH, quantum computing can do exponential time problems in something like linear time, so a quantum computer could just factor and we'd be done with it. No need for a fancy mathematical algorithm. We already know how to do it -- it's built right into the cryptosystem.
No, no, yes, and none. Next!
Democracy is two wolves and a sheep voting on lunch.
but quantum computers can crack conventional encryption in a single cycle. They make it trivial to factor things down to prime numbers, no matter how large. And since this is the basis of most current cryptography, they will obsolete our current cryptography.
It's helpful to couch the terms a little; quantum computers would be able to reduce RSA & discrete log (including elliptic curve cryptography) to poly time operations; however, symmetric key encryption schemes would not be as adversely effected.
For example, it's thought that the key lengths for AES et al would need to double in the face of quantum computers (so from 128 bits to 256) in order to retain their same current level of security -- not nearly as dire a prospect.
and also ... i read that 'any' tampering whatsoever with the optics holding/being the key, is going to break the cryptic armour. I would be interested to know what that 'any' actually is. Does that include routing ? tunneling ? Or even worse ... NAT ? Looks like ipv6 is going to make it after all than huh. ;-)
... quantum blah blah'. I don't think most hackers even care about cyphers and computing power to break keys. All you need to do, is send an e-mail with a small vbscript attached to it (and a xxx screensaver) to capture keystrokes ... that's it !
...
I'm also concerned with some articles headlining 'Hackers be aware
I think what we'd really need, is to educate every computer user in the world about passwords/passphrases and their importance
bye,
Gert
KnOwLeDgE iS pOwEr, ShArE iT !
The information cannot be (logically) routed, tunneled, or NATted, because the actual physical photons must travel from source to destination without being "touched".
All logical routing, tunneling, and NATting involves reading information from a packet, which destroys its "quantumality".
Now, if the routing information part of the packet could be read and a router could physically switch an optical fiber before the quantum-encrypted part of the packet arrived, it might be possible to physically route photons, and thus a quantum-encrypted message.
AFAIK, this is beyond the capability of existing hardware.
Those who sacrifice security to condemn liberty deserve to repeat history or something. - Benjamin Santayana
detecting photons involves destroying them though, right? you'd accidentally destroy the message as you detected all the photons, looking for duplicates, right? wrong?
GrimRC