Slashdot Mirror
Quantum Cryptography Leaving the Lab
Theodore Logan writes "More than a year ago, MagiQ announced the world's first commercial quantum cryptography system (pdf), with ID Quantique following closely in their footsteps. Currently, the technology is limited to offering point-to-point connections up to a maximum distance of around 50 km, but this is likely to be greatly improved on in coming years. The systems available today are prohibitely expensive for the average Joe (MagiQ's are priced at more than $50,000 per unit), but one could envision a future in which they are built into the infrastructure by non-end user actors. Does this spell the end of the field of cryptography? Will systems like this ever become commonplace, or will they be reserved for sensitive financial transactions and military applications? What impact will quantum cryptography have on society? Good articles available from International Herald Tribune, EE Times and CNET."
So we had a slashdot article today about CEOs should be held responsible for security at their organization. Then the law should be written to hold companies responsible for security should be fined 3 x $50,000 = +-$150,000. That would make MagiQ' server a bargain at only $50,000.
I never understood how quantum cryptography is not vulnerable to normal man in the middle attacks. Anyone care to explain?
For a niche market, it may be useful. But the mass market is hardly suffering because of weak cryptography.
New technologies gives us a nice warm feeling, but the banal truth is that what most people need is better use of existing technology.
Still, I assume spooks and crooks will be investing heavily in quantum cryptography, and we'll see the first quantum walkie-talkies within 10-15 years.
Ceci n'est pas une signature
It's nice for creating secure point-to-point links, but that's only roughly half of data security. Transmission security is great, but what happens when someone steals the hard drive out of the server?
With all due respect to the quantum guys, the traditional byte-crunching cryptography kind of has the market by the balls here.
Many scientists have foretold the end of RSA with the advent of quantum computers. With these super fast computers you could factorize any prime within an acceptional window.
So why can't we use quantum computers to generate HUGE (really HUGE) primes so that even quantum computers won't be able to factorize easily?
Being a networking geek as well as a security geek, I'll point out that the way Internet routing currently works, based on the commercial nature of the Internet, means that almost no routes are symmetric. This is because policies like hot potato routing, where one provider tries to get rid of a packet as quickly as possible. For example, if Sprint and UUNET have exchanges in San Francisco and DC, and a packet goes from a Sprint customer in Sacramento to a UUNET customer in Baltimore, the packet from Sac to Baltimore will go Sprint to San Fran and UUNET the rest of the way, but the return packet will go UUNET to DC and Sprint the rest of the way.
Also, hop-by-hop security is not end-to-end security, so even if you do have all the routers in IPv8 using hop-by-hop encryption over petabit links, you'll still need end-to-end security.
So to answer the question in the post, unless you can afford a leased line with a single fiber, and that fiber is lossless enough to not need repeaters, this is only for things like financial institutions and spy networks.
but what if you have a quantum computer? surely this would break all conventional encryuption, but can a quantum computer beat quantum encryption?
Anyone for a game of "Cryptographic Top Trumps"??
and I can't believe anyone actually modded you up. So crypto is just a "feel-good technolog[y]" and "doesn't really do much for anyone in the end"? Have you ever used a VPN? Or SSL? Or anything in the PGP/GPG genre? Why?
Crypto is not perfect but it is extremely useful in certain situations. You apparently believe that since crypto doesn't solve all of our problems that we shouldn't use it at all.
PS If you think that "a very determined person" stealing the machine will render all crypto ineffective, you need some remedial reading on the topic. (Not a flame - just an observation.) Here is a hint: multi-level security.
I want to drag this out as long as possible. Bring me my protractor.
as long as the current internet infrastructure works like this it won't be widely adopted. why? simply because it is a quite expensive way of communicating between n different spots if you have to install n! fiber cables.
Only morons moderate based on a sig.
The cool thing about quantum entanglement is, if you even look at the data in the middle, you remove the probability elements from the quantum states (in effect) which is easily detectable from the other end. In other words, there's no real way to perform a man-in-the-middle attack.
Perhaps someone will discover a work-around to Heisenberg's uncertainty principle, or perhaps researchers will find flaws in the implementation of the algorithm. But if history is any indication of the future, quantum cryptography will eventually be cracked.
Have fun: Join D.N.A. (National Dyslexics Association)
But these days if you want to intercept data then cracking the crypto is one of the last avenues you would try anyway. Far easier to crack the end points, suborn a trusted employee or any of the other common attacks. Security is only as strong as the weakest link. Quantum crypto merely reinforces one of the strongest links.
You are lost in a twisty maze of little standards, all different.
I wouldn't be surprised if the Government prevented this from becoming common place: I remember them doing something like this before, where they wouldn't allow 40-bit encryption system for the public (or something like that), because it meant the NSA couldn't crack it in a reasonable time. Privacy is illegal. If the government can't tap your phone calls and read your e-mails, then they won't allow the public to use that technology. Or at least until the war on terrorism ends (should be sometime around the extinction of human nature and mankind).
"You know you don't act like a scientist, you're more like a game show host." Dana Barret
Er if the link is to slow for the data it is to slow for an OTP key... it has to be the same size as the data.
(Or do they mean that the quantum link will be transmitting OTP key continously..? How will the parties know which part of the key to use? Er ok they could transmit that on the quantum channel too... maybe it could work.)
Obviously everything we use involves trade-offs. The more secure it is, the more difficult it is to use. Having a human courier might be very secure but I doubt Internet commerce would be where it is today if that's all we used. You have to weight the benefits and the costs. A blanket statement like that is silly. At some point, we have to decide that even if a technology is not absolutely secured, it is good enough. Whatever lost we might experience is offset by the gains. This is why we continue to use imperfect technology. If all we do is use the perfect solution, we wouldn't be pass sticks and stones in our development.
EvilCON - Made Famous by
He said (my emphasis) "No matter what advances occur in digital computing, quantum encryption can never be deciphered, read or copied." and he's right. It would take advances in our knowledge of quantum physics to change that, not advances in digital computing.
Boffoonery - downloadable Comedy Benefit for Bletchley Park
I was under the impression that quantum computing might bring the power needed (factoring) to give people the ability to brute force RSA, 3DES, etc...
So wouldn't that make the secure transfer of the keys somewhat pointless?
The state of public key cryptology today uses mathmatical constructs which can be attacked using math. You do not want to use mathmatical constructs when designing a cryptosystem unless it is the only way. Public/asymetric cryptosystems (RSA/Diffie-Hellman) uses number theory. To public knowledge factorization of large primes or the discrete log problem are thought to be hard. Think of it this way triple des which does not use mathmatical constructs is very secure with a effective key space of 2^112, by comparison RSA needs a key space of 2^1024 bits because it can me attacked with math. If they can get quantem cryptology to work large distances we will see the end of RSA/diffie-hellman.
To the question asked by the artcle submitter:the answer is no (at least, not yet), because quantum cryptography (in its present form) may be useful for encrypting communications, but it is ineffective for encrypting stored data.
Those who sacrifice security to condemn liberty deserve to repeat history or something. - Benjamin Santayana
Actually, they can specify what part of the OTP to use in the clear - as long as the OTP itself is secure you don't have to be secret about referring to it - as long as you don't re-use it.
Even if the link is slow it could have value in situations where burst bandwidth is greater than the QC link, but average bandwidth is not, as long as the OTP is cached. The message is sent conventionally, and as long as enough cached OTP is available it could be decrypted instantly.
QC can also be used to send symmetric cipher keys, but of course it is no longer unbreakable if you do that (but it does not rely on the difficulty of factoring primes or calculating discrete logs).
QC is just an excellent mechanism for key exchange with the sender/recipient given complete knowledge of whether the key was intercepted (so that presumably they could discard the key if it were). You can't use it to directly send messages since it does not prevent interception - it just lets you know if it was intercepted...
Realy Fast computers, including quantum computers, will brute force traditional (math based) crypto quicker then is possible now. Quantum cryptography is uncrackable unless you can figgure out a way to get around Heisenberg.
While quantum cryptography is something we should be concerned about, it won't allow governments and organizations to operate without accountability. From what I understand about state of the art quantum 'cryptography', it's purely a means to ensure that no one is listening in on your communication line. The actual cryptography on both ends is no more unbeatable than what already exists.
Also, you've still got other lines of evidence - bodies, eye witnesses, etc.
Here's one - it is easy to listen in on today's encrypted comms... It is easy to identify inderesting endpoints (US DOD, etc), it is cheap to write likely interesting messages to disk. A few years from now, you just set your Qomputer to decrypt all those stored comms. Just because it is in the past doesn't mean that it is stale (how old is your SSN/bank acount number/etc? How long has that sleeper cell been active?)
Anyone who can afford a wiretap and a diskfarm today and a QC tomorrow will be able to crack an awful lot of sensitive traffic.
One-time pads can only transfer as much data as the pad length, that is the nature of them. Rehashing them and whatever leave you open to attacks. So you need to transfer N bytes of pad to get N bytes of data securely. Well, if you already have a secure quantum line, why not send N bytes of data?
Now, if you could transfer a small symmetric key (well, at least on the order of bytes or kilobytes, not gigabytes), on the other hand...
Oh and one more thing - don't forget to have some kind of checksum on the OTP - if someone replaced the OTP with another OTP (standard man-in-the-middle attack) you wouldn't know... after all, it's only random data. The pads may no longer match, but who'd notice?
Kjella
Live today, because you never know what tomorrow brings
Just a note: Shamir's attack does not refute the security of quantum cryptography. It doesn't apply to a quantum transmitter designed without any active polarization switching elements.
"cracking" something like that will still be most doable with social engineering. Depending on what the crack is really worth, employees with access can be bought off, scared off, or usually a combination of the two. If it's extremely valuable information that is needed by the cracker (say a state sponsered attempt against a critical defense or financial entity, etc), then kidnapping and torture might be used-say.
It's in the payoffs what people will risk, and how hard you make it for the cracker.
Give you a real world example in security. This is researchable BTW. When a lot of states passed the "two or three strikes and you're out" laws, intending to have better "security" for their populations, a curious thing happend, violent crime went up, as criminals who before were satisfied with the risk/reward ratio suddenly realised that if they got popped or identified that that might face life switched to more violent crimes because they had "nothing to lose" if they were caught and convicted. If you are going to get life for your third even small time felony conviction, and manslaughter is life, well..... that's what happened.
The same thing will happen in the cybersecurity end of things, because the data trying to be stolen is valuable from the "real world" applications that the data represents.(I am not considering casual defacement and sport by kiddies). Make it TOO hard for traditional cracking, I predict a lot more actual physical insecurity for employees of those places, and more blackmail/bribery attempts, all the way to the director or CIO levels.
you develop missiles, then you adversary needs anti missiles, then you need anti anti missiles, and so forth. Security is always analogous to an arms race, yes?