Slashdot Mirror


Quantum Cryptography Leaving the Lab

Theodore Logan writes "More than a year ago, MagiQ announced the world's first commercial quantum cryptography system (pdf), with ID Quantique following closely in their footsteps. Currently, the technology is limited to offering point-to-point connections up to a maximum distance of around 50 km, but this is likely to be greatly improved on in coming years. The systems available today are prohibitely expensive for the average Joe (MagiQ's are priced at more than $50,000 per unit), but one could envision a future in which they are built into the infrastructure by non-end user actors. Does this spell the end of the field of cryptography? Will systems like this ever become commonplace, or will they be reserved for sensitive financial transactions and military applications? What impact will quantum cryptography have on society? Good articles available from International Herald Tribune, EE Times and CNET."

22 of 345 comments (clear)

  1. How easy is it to implement ? by SloWave · · Score: 5, Interesting


    I've seen that regular geeks can build things such as quantum force microscopes in their own homes, how hard would it be for someone to build a quantum crypto system?

  2. I was watching some TV the other day by ObviousGuy · · Score: 0, Interesting

    A Japanese reporter was able to get an interview with a small Al Queda cell. He asked them how they communicated messages back and forth. The initial way, they said, was over the phone with code words and special phrases. This turned out to be less than adequate and computers, crypto, and the Internet became the primary means of updating Al Queda cells with new information. However, since the fall of Afghanistan the computer systems that Al Queda used at the home base have all been destroyed or confiscated by American troops.

    So what do they do now? Courier. Someone physically carries the message from person to person and is capable of destroying himself and the message at any sign of danger.

    If your data is so important that you need this level of crypto, try to remember that all it takes is a very determined person to come in and steal the machine. Crypto is one of those feel-good technologies that costs people a lot of money but doesn't really do much for anyone in the end.

    --
    I have been pwned because my /. password was too easy to guess.
  3. Re:point to point by Adriax · · Score: 2, Interesting

    Stick both ends onto your computer with a 49km loop of cable connecting the two. Then just compress your data, and send it through the loop constantly.
    Kinda like putting your pr0nship on a holding pattern where no one else can touch it.

    --
    I don't suffer from insanity, I enjoy every minute of it!
  4. Re:It's worse than that, it's physics Jim by Anonymous Coward · · Score: 3, Interesting

    Remember its only secure in the sense that you can tell that someone is sniffing the wire (fibre) because a packet (quanta) is altered. It does not stop someone reading this data if they really want / dont care about being known.

    You now need to build software on top that shuts down/reroutes the link if its not happy that the route is secure.

    For point to point applications (aggregated backbones etc) its great. For general networking
    (espicially multiplexed / contention based paradigms we have now) its not such a big deal.

    We will have to change the whole protocols, as you say to IP8 or whatever is needed.

  5. Agreed by Sanity · · Score: 3, Interesting

    This type of thing will become necessary once sufficiently powerful quantum computers become available, but until then - it is pretty hard to think of any applications for this that more conventional symmetric cryptography such as AES can't address.

  6. Uh Oh by nate1138 · · Score: 5, Interesting

    said Bob Gelfond, founder and CEO of MagiQ Technologies. "No
    matter what advances occur in digital computing, quantum encryption can never
    be deciphered, read or copied.


    These kinds of statements always amuse me. It may be the toughest thing yet, but there's no saying that our understanding of some of the properties of quantum physics aren't flawed. Science may yet prove him wrong.

    --
    Where's my lobbyist? Right here.
    1. Re:Uh Oh by TeatimeofSoul · · Score: 2, Interesting
      Oh, please! Everyone knows that QM is just a lowest order approximation of a massively non-linear theory, whatever it may be. And it's the linearity of QM that's at the root of the uncertainty principle, the non-cloning principle and, as someone wrote, Heisenberg's principal.

      Btw. The cryposystem you quoted is of a different kind than the machine in question here.

  7. naive by Rotting · · Score: 2, Interesting


    I will be the first to admit that I am somewhat ignorant in this matter. My understanding is that current crypto systems rely on the fact that keys take an extremely long time to be brute forced because currently computers are not efficient at all at factoring.

    As I mentioned before I am ignorant when it comes to this but doesn't it seem a little naive to say that their technology is 100% secure? I read the pdf and it sounds impressive but I still don't know about anything really being 100% secure for all time.

    1. Re:naive by Boglin · · Score: 2, Interesting
      As they said, you pick you own encryption algorithm. Frankly, if you want perfect security, you aren't going to be using public key encryption.

      As an example of something that COULDN'T be broken, let's say you are trying to send a simply 1K text message. Now, all you need is a random 1K string that the text can be XOR'ed against. Now, this may seem pretty insecure; after all, they just have to cycle through all the possible 1K keys that you could have made to find the message. The problem is, though, that cycling through every possible 1K key will produce every possible 1K message. They can't tell if the message was "Buy!" with a key of "Sell" or if it was "Sell" with the key being "Buy!". Then again, if could have been "Duck" with the key being "5A*q".

      Of course, there are problems with this system. First, you have to use a new, random key each time you send a message. Furthermore, if you're sending a ten gig message, you need a ten gig key. Finally, and most importantly, you need a secure way of getting the key to the message recipient. The MagiQ is a secure way of sending that key. The problem of generating a truly random key can also be handled through quantum mechanics. All that's left is the issue of sending the giant keys, which is more of a timing issue than anything else.

  8. Re:Of course.. by brokenin2 · · Score: 2, Interesting
    OK.. sorry for summarising.. but quantum computers can crack conventional encryption in a single cycle. They make it trivial to factor things down to prime numbers, no matter how large. And since this is the basis of most current cryptography, they will obsolete our current cryptography.



    Quantum cryptography (at least in under current theory) cannot be cracked, or intercepted, or decoded twice by two different entities. It is the king of the mountain as far as secure goes.



    There are huge problems in trying to transfer the information using quantum cryptography in a non point to point situation, but then again, isn't the point of cryptography (most of the time) to keep your communication as point to point as possible?



    Some day, the only way to transfer your information completely securely will be to lock that info into the spin of an electron, or the polarity of a photon, and store those in some secure phyisical media. Then transfer that physical media to the intended recipient, and later verify with them that they are the ones that decoded it. It'll be a pain, but it might be the only way to actually be secure in the end.



    Hopefully someone finds a way to automate that system to an extent, without losing it's completely secure nature. Optical switching that somehow manages not to touch that photon? Hmm..



    In this case though, quantum cryptography, and quantum computing both have a lot to do with how secure your data can be.

  9. Bruce Schneier doesn't care for it by Anonymous Coward · · Score: 3, Interesting

    See Bruce Schneier's comments about Magiq and quantum cryptography at Schneier.com:

    To quote:

    This isn't new. The basic science was developed in the early 1980s, and there have been steady advances in engineering since then. I describe how it all works--basically--in Applied Cryptography, 2nd Edition (pages 554-557).

    I don't have any hope for this sort of product. I don't have any hope for the commercialization of quantum cryptography in general; I don't believe it solves any security problem that needs solving. I don't believe that it's worth paying for, and I can't imagine anyone but a few technophiles buying and deploying it.

    It's not that quantum cryptography might be insecure; it's that we don't need cryptography to be any more secure.

  10. A way to break it? by Enigma_Man · · Score: 3, Interesting

    I was looking at this, and reading about it, and read how you cannot determine the state of the photons without changing their state, so someone cannot "watch" the photons fly past without affecting them. I'm assuming the black box on the other end is somehow able to read the original photons correctly?

    However... What if someone were to have their own "black box", break the fiberoptic line, put one end into the receiver of their black box, and the other end out. That way you wouldn't be watching the photons go by, and affecting them. You could read them with your own black box, then re-transmit the correct photon.

    Admittedly, this would be expensive, but if you are in dire need of reading something that had to be secured with quantum encryption, then money probably isn't of much concern.

    Is this an incorrect assumption, or analysis on my part? I'm not a quantum physicist by any means, but I couldn't glean enough info from the articles to tell otherwise.

    -Jesse

    --
    Nothing says "unprofessional job" like wrinkles in your duct tape.
    1. Re:A way to break it? by Enigma_Man · · Score: 2, Interesting

      Well... What I'm thinking of is this: You originally have two "black boxes" one sending photons, and the other receiving. I'm assuming that the receiving black box can actually read the info it's supposed to be getting, right?

      Now... Assume you wanted to transmit that data further than the 100 km. the spec lays out. You would need three black boxes, one in the middle to receive from the first, and re-transmit the data as photons to the next black box.

      Can that be done? Or am I just lacking in knowledge about quantum physics (which I know I am, but I like to think I have some grasp of it). What I was proposing is that someone wanting to intercept the key could just break the line, play "man-in-the-middle", and to each side, it looks like the photons are getting through un-molested.

      -Jesse

      --
      Nothing says "unprofessional job" like wrinkles in your duct tape.
  11. What is the use of this QC key exchange? by gay358 · · Score: 3, Interesting

    As far as I know, this quantum "cryptography" prevents just passive evesdropping (where the parties are able to notice evesdropping because of this quantum "cryptography"), but as it doesn't include any kind of authentication, active attact (where all the messages are captured and the attacker is able to send his own messages) should be successfull. It is possible for Eve to just hijack all the messages and pretend to be Bob when communicating with Alice and to pretend to be Alice when communicating with Bob. It is of course possible to make this "cryptography" more secure by using some classical cryptographical methods, like authentication. But if we have rely to public key algorithms (which might become obsolete by advances in quantum computing), then it is not clear to me what is the advantage of using quantum cryptography in the first place. If somebody has answer to this question, I would be glad to hear it.

  12. Wrong by antientropic · · Score: 5, Interesting

    Reading datas alter them. So the man in the middle will be detected.

    This is true for a passive attack, i.e., one were the attacker can only eavesdrop on a connection. However, in a man-in-the-middle attack, the attacker can also arbitrarily modify data. In particular you can have the following situation:

    Alice <----> Eve <----> Bob

    Here Alice thinks she is talking to Bob, but in fact she's talking to Eve, who decodes her packets, re-encodes them, and sends them to Bob. Unless Alice and Bob have some authentication mechanism (say, a shared secret key, or the other's public key), they have absolutely no way to tell that this is going on. The ability to detect eavesdropping on the quantum channel doesn't help at all, since Eve isn't eavesdropping - she's tunneling between two physically separate channels. Quantum cryptography does not differ in this respect from conventional cryptography: it's a basic fact of communication - how do you establish that the bits you are receiving come from the person/system from who you think they come?

  13. Re:Quantum Cryptography by Anonymous Coward · · Score: 1, Interesting

    Quote from one of the articles:

    In order to work in a networking environment and at greater distances, quantum repeaters - a kind of rudimentary quantum computer - must be added to regenerate the quantum bits.

    If these quantum repeaters can regenerate the quantum bits, could they not also read the quantum bits??

  14. Anecdote by mark-t · · Score: 5, Interesting
    In the CS department at my school last year, all the students were encouraged to attend a particular lecture on quantum computing that was being given one day, and after the lecture one of my classmates was rather disturbed about some of the possibilities that quantum computing would enable, specifically quantum cryptography.

    What I found rather peculiar about his view was that the reason he didn't like quantum cryptography was because it enabled organizations, such as a corrupt government perhaps, to be able to use this effectively unbreakable communication technique in order to avoid accountability to anyone else, while as long as encryption technologies remain crackable, there would always be some risk of being accountable to others for what they are communicating about.

    It didn't even seem to matter to him that his own communications would be secure with this technology... he just didn't like the idea of technology introducing a break in a chain of accountability.

  15. Quantum crypto is no better than regular crypto by SiliconEntity · · Score: 3, Interesting

    Your description is almost right, but after receiving the photons, Bob can't tell which ones were "good" or "bad". Instead, the two parties have to exchange cleartext information about which bases they used. Then the ones where they matched are the good photons which can encrypt the message.

    The problem is with this cleartext message about the bases. How do you stop an intermediary from altering this message, which could hide her attempts to snoop on the photons? This is the problem of sending an authenticated message, and quantum crypto won't help you with this.

    To send the authenticated cleartext message, you either need a tamper-proof channel between the parties, which is usually physically impossible, or you have to fall back on regular crypto, either public key or pre-shared key. So ultimately the supposedly unbreakable security of quantum crypto is in fact dependent on conventional cryptography. And if you're relying on conventional crypto anyway, why go to the expense of using quantum crypto?

    In short, there is a great deal of hype here. When closely examined, the physical and computational requirements of quantum crypto don't make sense for the real world. You either need an unrealistic tamper-proof channel, or you rely on regular crypto and get no more security than conventional crypto gives you.

    1. Re:Quantum crypto is no better than regular crypto by Anonymous Coward · · Score: 3, Interesting
      A pretty good analysis, but you're missing two points.
      1. Yes, quantum cryptography, by itself, can't authenticate the message. It can't change your motor oil or serve you breakfast in bed either, but so what? What it can do is something classical crypto can never do: it reveals passive eavesdropping on your communications.
      2. It might be necessary to rely on classical crypto to do the authentication. There also might be good quantum methods for doing that, but even if there aren't, it doesn't matter. People have already discovered classical authentication schemes that are provably perfectly secure. (They're analogous to the one-time pad for encryption.) So either way, there is no reason for authentication to weaken the system.
      When you put it all together, what you get is an absolutely secure protocol for transferring secret bits from point A to point B, no matter what attempted eavesdropping takes place in between. Useful? Maybe so, if you're paranoid enough to want your secrets safe forever. And again, this is something classical cryptography is incapable of delivering by itself.

      AC.

  16. Re:Not a question of if, but when by Anonymous Coward · · Score: 1, Interesting
    There's a flaw in your statement: All previous cipher schemes involved two-way algorithms to encrypt/decrypt (yes, even asymmetric encryption can be decrypted if the two prime numbers can be determined: if an easy way to factor large numbers quickly is ever discovered, all major encryption methods will be trivial to decrypt). Quantum encryption doesn't rely on this, though: it relies upon our understanding of physics. For quantum crypto to be "cracked", a few of our fundamentals in understanding the universe must be disproven. I'm not talking about "the earth is flat" kind of fundamentals, either; this would be "teleportation devices" kind of fundamental (which is far from trivial).

    Your assumption that "because it's always happened before, it must happen again" is a faulty one, doubly so since the method of encryption is so fundamentally different from any other method. It would be like saying the following:
    Every form of automobile fuel, from leaded to unleaded to today's ethanol, has eventually been shown to pollute the environment. It's unreasonable to believe that hydrogen fuel cells will not pollute the environment. It's not a question of if it will create pollution, but rather when we will notice the pollution.

    Perhaps someone will discover that hydrogen doesn't burn cleanly, or perhaps researchers will find flaws in the conversion of hydrogen and oxygen to water. But if history is any indication of the future, hydrogen fuel cells will pollute the environment.

    Make sense? Didn't think so.
  17. Quantum Crypto Provably Flawed? by theLOUDroom · · Score: 2, Interesting

    Is quantum crypto provably flawed?

    I see tons of posts stating the the link is "absolutely" secure, but it seems that isn't really the case. (see the bottom of the page.)

    What strikes me about all this is the following section:
    "each pulse should be attenuated to an average of about .1 photon to reduce the probability of generating a two-photon pulse that could be split and eavesdropped undetectably."


    What that says to me is that there is not way to 100% know you're transmitting just one photon.

    It sounds like there's no device that is capable of transmitting one and only one photon with 100% reliability. If this is the case, a lot of the arguments about how secure this is are vastly overstated.

    In the end QC would be vulnerable to a man-in-the-middle attack by watching for multi-photon emissions.

    If this is the case, a lot of the noise surrounding QC could turn out to be hype. Is there a quantum physicist in the house?

    --
    Life is too short to proofread.
  18. Re:It's worse than that, it's physics Jim by Listen+Up · · Score: 2, Interesting

    Wrong. Mathematics is both the language of the universe and the language of Physics (Mathematics and Physics are the only true understanding of our universe). Physics is unequivocally bound to Mathematics. Mathematics is not unequivocally bound to Physics. Mathematics itself is not bound to physical application, it is as perfect puzzle pieces to a grander system, its existence, laws and logical truths allows Physics to exist.

    Pure Mathematics is absolutely unforgiving. Applied Mathematics, such as Physics, only appears forgiving if the system is setup incorrectly for your model.