Slashdot Mirror


Quantum Cryptography Leaving the Lab

Theodore Logan writes "More than a year ago, MagiQ announced the world's first commercial quantum cryptography system (pdf), with ID Quantique following closely in their footsteps. Currently, the technology is limited to offering point-to-point connections up to a maximum distance of around 50 km, but this is likely to be greatly improved on in coming years. The systems available today are prohibitely expensive for the average Joe (MagiQ's are priced at more than $50,000 per unit), but one could envision a future in which they are built into the infrastructure by non-end user actors. Does this spell the end of the field of cryptography? Will systems like this ever become commonplace, or will they be reserved for sensitive financial transactions and military applications? What impact will quantum cryptography have on society? Good articles available from International Herald Tribune, EE Times and CNET."

19 of 345 comments (clear)

  1. It's worse than that, it's physics Jim by Space+cowboy · · Score: 5, Informative


    Since they make a point that they "Rely on the laws of physics", they're bound by them too (maths is far more forgiving :-). Both systems rely on the quantum state of photons being undisturbed, so they can only be used between point-to-point optically-networked devices assuming the act of optically switching the packets has the same effect as reading them (the quantum state will be lost). If this is true, no secure networks could be mass-produced using this, unless you trust all the intervening nodes...

    OTOH, it's the first generation of these devices, and perhaps IPv8 will somehow encode an encryption hierarchy (packets get encrypted sequentially in one direction, and decrypted on the way back, assuming the same route is taken, each node only needs to know the encryption to the next one worked ok to guarantee the encryption was ok. You'd still want to be in control of all the nodes along the way though...)

    As for price - if they can solve the networking issue, that'll come down dramatically - it'll be onboard in the equivalent of the BIOS that we have in ten years time (when we all have fibre to the home. Possible optimistic :-)

    Simon

    --
    Physicists get Hadrons!
    1. Re:It's worse than that, it's physics Jim by Annoying · · Score: 5, Informative

      You are missing the ideal application of this. Transmitting one time pads and ensuring they have not been compromised in transit. Properly generated one time pads are the only uncrackable cryptography but suffer from the problem of transmitting the key. So the data can't be accessed even if sent over a normal network so long as you know that the pad wasn't compromised. Quantum cryptography allows you to *know* that the pad wasn't compromised.

  2. Does this spell the end of the field... by Anonymous Coward · · Score: 3, Informative

    Does this spell the end of the field of cryptography?

    Uh, no. Quantum key distribution is completely useless unless you have a cryptographic algorithm and protocol using that key for encryption. I suppose you could just send the message over quantum channels, but a quantum channel for key distribution is probably many orders of magnitude too slow for the acutal data.

    1. Re:Does this spell the end of the field... by gpinzone · · Score: 4, Informative

      There's no guessing about the encryption method. It's a One Time Pad. Only the key is sent through the quantum link. After it's received, you can send the encrypted data any way you like. Send it over the Internet though the most insecure channels. It makes no difference as long as the key is secure and non-deterministic.

    2. Re:Does this spell the end of the field... by Theodore+Logan · · Score: 3, Informative

      Who the hell moderated this informative? QC uses one time pads, and since one time pads are provably secure, that's that. No need for fancy cryptographic algorithms. The "quantum" bit of it merely ascertains that the pad was not read by a man in the middle by making use of the EPR paradox, but other than that, this is the same algorithm as Gilbert Vernam developed more than 80 years ago (which is why one time pads are sometimes called Vernam ciphers).

      --

      "If you think education is expensive, try ignorance" - Derek Bok

  3. Re:Quantum Cryptography by fullpunk · · Score: 5, Informative

    Reading datas alter them. So the man in the middle will be detected. I'm not a professional, but I understood that you have to destroy the photon to read its information.

  4. Re:Quantum Cryptography by Anonymous Coward · · Score: 3, Informative

    The key is sent with a single photon for a bit. A simple way of looking at it is that by measuring (spying) the photon, you unavoidably change it (randomly flip the bit), causing checksums in the protocol to fail and alarm bells to go off. Heisenberg's Uncertainty Principal or something.

  5. Re:Quantum Cryptography by Xeo+024 · · Score: 5, Informative
    Here is a nice article I found about it:

    The purpose of cryptography is to transmit information in such a way that access to it is restricted entirely to the intended recipient. Originally the security of a cryptotext depended on the secrecy of the entire encrypting and decrypting procedures; however, today we use ciphers for which the algorithm for encrypting and decrypting could be revealed to anybody without compromising the security of a particular cryptogram. In such ciphers a set of specific parameters, called a key, is supplied together with the plaintext as an input to the encrypting algorithm, and together with the cryptogram as an input to the decrypting algorithm.The encrypting and decrypting algorithms are publicly announced; the security of the cryptogram depends entirely on the secrecy of the key, and this key must consist of any randomly chosen, sufficiently long string of bits.

    Read more here

  6. Quantum Crypto != Quantum Computing by ponds · · Score: 5, Informative

    Too bad quantum crypto and quantum computing have absolutely nothing in common.

    Quantum crypto is a misnomer, it isnt even crypto at all. It's an intrusion detection system. Quantum crypto works by sending sensitive photons through a tight channel as bits which will get disturbed by an eavesdropper. Where as electrical signal on a wire expects static, and a wiretap isnt noticed.

    Quantum computing however, works on electron entanglement, and is pretty far off.

  7. Re:Quantum Cryptography by VCAGuy · · Score: 4, Informative

    Essentially, Quantum Cryptography works because of Heisenberg's Uncertainty Principle and a thought experiment known as Schrodinger's cat. Basically, when one of these devices transmits a bit, it does so as a single photon with a known "spin." By observing that photon, you modify the very physical properties of that photon and corrupt the data. The man in the middle has no way to reconstruct the data because he has no way of knowing the given properties of a photon in the seqence. Further, that serves to DOS the connection (becuase the man in the middle cannot retransmit the same quantum sequence), thus causing the units to switch off and declare an alarm.

    It's similar to Schrodinger's cat: Schrodinger comprised a thought experiement where a cat was put into a sealed box with a poison and a radioactive atom. In the course of 1 hour, the atom has a 50/50 chance of decaying, thus killing the cat. At the end of the hour, the cat is neither dead or alive, but in a state of flux. It's not until you observe the system that you fix the state of the cat as being dead or alive.

    --
    Q: "Why do sound techs say 'check 1, 2'?"
    A: "Cause if they could count any higher they'd be lighting techs."
  8. magiq whitepaper by dave_t_brown · · Score: 5, Informative

    Here is a whitepaper from MagiQ on their technology.

  9. Theorys and more by thogard · · Score: 4, Informative

    Quantom theorys are already out of the lab and in the real world. Old computer hardware is based on NAND and XOR gates but Toffoli and Fredkin gates are useful in the modern world and because you can revser them, once you start building DES/AES/RSA engines out of them, you can start to short circut some of the brute force attaces in very interesting ways. Combined with the real world ability to pre-compute and store data sets in the order of 3e12 bytes at a time, there are many crypt attacks now open to anyone with a good collection of hard drives.

  10. Re:Of course.. by tomstdenis · · Score: 5, Informative

    "OK.. sorry for summarising.. but quantum computers can crack conventional encryption in a single cycle. They make it trivial to factor things down to prime numbers, no matter how large. And since this is the basis of most current cryptography, they will obsolete our current cryptography."

    This is bullshit. First off, you have to assume that

    a) non-trivial Quantum computers can be constructed at all [who says there are not limits?]

    b) The time per solution is not greater than a brute force attack.

    I mean sure a single cycle AES cracker would be cool. But if the machine took 2^100 years to build who gives a shit?

    This type of hype always pisses me off.

    To boot as I understand it, QC only "attacks" in sqrt time by meet-in-the-middle approaches. So AES-256 would provide all the security ya need.

    Tom

    --
    Someday, I'll have a real sig.
  11. How quantum crypto works by ColonelPanic · · Score: 5, Informative

    (Based on memory of Bruce Schneier's description in Applied Cryptography)

    Alice sends Bob a series of polarized photons.
    There are four possibilities: -, |, /, and \.

    Bob sets up his polarization detector randomly so that each "qbit" is measured either for horizontal/vertical polarization or diagonal polarization. If a - or | photon hits the detector and it was set up for horizontal/vertical, he gets a good bit, otherwise a bad bit. And if a / or \ photon hits the detector and it was set up for diagonal polarization, same story. The key point is this: if the detector was set one way and the photon is polarized the other, it is in principle impossible to know its true polarization.

    So Bob has a sequence of photons, some of which he knows, and some he doesn't, and he knows which are which. He sends Alice a clear-text message saying which ones he knows. Alice then encrypts the true plaintext by XOR'ing it with the values of the photons that Bob knows, using some convention like "- and / are 0, | and \ are 1".

    Example:
    Alice sends...: - \ - | / - | (random)
    Bob's detector: + + X + X X + (random)
    Bob's result..: - ? ? | / ? |
    Bob's response: 1 0 0 1 1 0 1
    Key...........: 0 1 1 1


    If Eve tries to listen in on the photons Alice sends to Bob, she perturbs them irrevocably.

    A bad description -- go buy Bruce's book for a better one.

    --
    "Skill shows through where genius wears thin." -Wittgenstein || Religion: uniting aviation and architecture.
  12. Because linear key improvement isn't an advantage. by expro · · Score: 5, Informative

    The reason most encryption works is because when you linearly increase key size, you exponentially increase the amount of time required to crack the key if you have no special knowledge, meaning it is much more difficult (impossible for practical purposes) to decrypt without a key than encrypt or decrypt with the necessary keys.

    Doubling the key size may only double the work of the one encrypting and decrypting using a key but exponentially increases the work of the one trying to break it without a key. Almost no matter how easy it is to crack a short key, you can increase key size until the advantage of linear versus exponential is overwhelming.

    But quantum computing -- encoding the problem into the quantum matrix, not to be confused with the quantum encryption described in this article -- threatens to be able to solve such problems in linear time instead of exponential time.

    This means that when the user doubles the size of his key instead of exponentially (enormously) increasing the amount of work to solve the problem, it only doubles the amount of work required to crack it, which would make decryption a simple footrace even if you do not have the key, if the amount of work required to crack the key is proportional to the amount of work required to encrypt / decrypt instead of an exponential relationship.

    Primes would not seem to be adequate at all, if quantum computing allows them to be solved linearly. At best, if you could find something that had the difficulty of non-quantum primes under quantum computing, then perhaps you could use that.

  13. Re:A way to break it? by Molecular+Mechanic · · Score: 3, Informative

    You are thinking in terms of classical physics. On the quatum level, the properties that are to be measured do not actually exist until an attempt is made to measure them. All that exists is a wave function representing the combined probablities of the various properties momentum, spin, location, etc.

    Furthermore, in accord with the Heisenberg uncertainty principle, you cannot determine all of the properties, of, for example, an electron. Knowing (measuring) one property makes the others unknowable (NOT unmeasurable). For example, if you measure the postion of an electron, then you cannot also know the energy that electron has at that instant, and vice versa. Thus, what property you choose to measure determines what you can know.

    Back to crpto - the system uses spin as the property measured, because pairs of particles with opposite spins can be created and sent to different places. No one can know the spin of each particle until the measurement is made. At that point, the other particle must have the opposing spin (you now know this because of conservation of spin).

    If someone intercepts the particle, they must first know which property to measure. Once it is measured, though, they are exposed and the information is, essentially destroyed.

    The universe is nothing more that probability. See Douglas Adams for further elaboration.

    Molecular Mechanic

  14. A Useful but Long Quote. by fermion · · Score: 5, Informative
    I quote from the preface of Bruce Schneier Secrets and Lies, without permission

    I have written this book partly to correct a mistake.

    Seven years ago I wrote another book: Applied Cryptography. In it I described a mathematical utopia: algorithms that would keep your deepest secrets safe for millennia, protocols that could perform the most fantastical electronic interactions-unregulated gambling, undetectable authentication, anonymous cash-safely and securely. In my vision cryptography was the great technological equalizer; anyone with a cheap (and getting cheaper every year) computer could have the same security as the largest government. ...I went so far as to write: "It is insufficient to protect ourselves with laws; we need to protect ourselves with mathematics."

    It's just not true. Cryptography can't do any of that.

    It's not that cryptography has gotten weaker since 1994, or that the things I described in that book are no longer true; it's that cryptography doesn't exist in a vacuum.

    Cryptography is a branch of mathematics. And like all mathematics, it involves numbers, equations, and logic. Security, palpable security that you or I might find useful in our lives, involves people: things people know, relationships between people, people and how they relate to machines. Digital security involves computers: complex, unstable, buggy computers.

    Mathematics is perfect; reality is subjective. Mathematics is defined; computers are ornery. Mathematics is logical; people are erratic, capricious, and barely comprehensible.

    The error of Applied Cryptography is that I didn't talk at all about the context. I talked about cryptography as if it were The Answer(TM). I was pretty naïve.

    The result wasn't pretty. Readers believed that cryptography was a kind of magic security dust that they could sprinkle over their software and make it secure. ... A colleague once told me that the world was full of bad security systems designed by people who read Applied Cryptography.

    Since writing the book, I have made a living as a cryptography consultant: designing and analyzing security systems. To my initial surprise, I found that the weak points had nothing to do with the mathematics. They were in the hardware, the software, the networks, and the people. Beautiful pieces of mathematics were made irrelevant through bad programming, a lousy operating system, or someone's bad password choice. ...

    Any real-world system is a complicated series of interconnections. ... No system is perfect; no technology is The Answer(TM).

    This is obvious to anyone involved in real-world security. In the real world, security involves processes. It involves preventative technologies, but also detection and reaction processes, and an entire forensics system to hunt down and prosecute the guilty. Security is not a product; it itself is a process. And if we're ever going to make our digital systems secure, we're going to have to start building processes.

    A few years ago I heard a quotation, and I am going to modify it here: If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology.

    This book is about those security problems, the limitations of technology, and the solutions.

    --
    "She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
  15. Re:Uh Oh by Beryllium+Sphere(tm) · · Score: 5, Informative

    Shamir has already described how to attack quantum key exchange. His attack, which I've talked about before here, is like Alexander the Great's attack on the Gordian Knot. You don't try to solve a problem designed to be unsolvable: instead you step back and figure out what the *real* problem is and solve that.

    Besides the Shamir attack, there's always the wait-for-your-opponent-to-screw-up attack. One time pads are theoretically unbreakable, with mathematically provable security. This didn't stop the US from reading the Venona intercepts. The Soviets had used one time pads two times, and that mistake destroyed the security.

  16. Re:Wrong by skifreak87 · · Score: 3, Informative

    Informally, it's impossible to observe say the spin of a photon without pretty much destroying it. So you'd have to reconstruct a photon w/ the same spin. However photons also have other properties which you cannot measure at the same time (Heisenberg's uncertainty principle), so basically the man-in-the-middle attack fails because the man in the middle cannot get all the information required to retransmit the photon exactly as is. There are ways using entanglement to test and make sure the photon is exactly what Alice sent (I don't know specifics off the top of my head).

    Basically, no way to recreate the bit you receive in such a way that Bob wont know it was modified.