Quantum Cryptography Leaving the Lab
Theodore Logan writes "More than a year ago, MagiQ announced the world's first commercial quantum cryptography system (pdf), with ID Quantique following closely in their footsteps. Currently, the technology is limited to offering point-to-point connections up to a maximum distance of around 50 km, but this is likely to be greatly improved on in coming years. The systems available today are prohibitely expensive for the average Joe (MagiQ's are priced at more than $50,000 per unit), but one could envision a future in which they are built into the infrastructure by non-end user actors. Does this spell the end of the field of cryptography? Will systems like this ever become commonplace, or will they be reserved for sensitive financial transactions and military applications? What impact will quantum cryptography have on society? Good articles available from International Herald Tribune, EE Times and CNET."
I've seen that regular geeks can build things such as quantum force microscopes in their own homes, how hard would it be for someone to build a quantum crypto system?
A Japanese reporter was able to get an interview with a small Al Queda cell. He asked them how they communicated messages back and forth. The initial way, they said, was over the phone with code words and special phrases. This turned out to be less than adequate and computers, crypto, and the Internet became the primary means of updating Al Queda cells with new information. However, since the fall of Afghanistan the computer systems that Al Queda used at the home base have all been destroyed or confiscated by American troops.
So what do they do now? Courier. Someone physically carries the message from person to person and is capable of destroying himself and the message at any sign of danger.
If your data is so important that you need this level of crypto, try to remember that all it takes is a very determined person to come in and steal the machine. Crypto is one of those feel-good technologies that costs people a lot of money but doesn't really do much for anyone in the end.
I have been pwned because my
Stick both ends onto your computer with a 49km loop of cable connecting the two. Then just compress your data, and send it through the loop constantly.
Kinda like putting your pr0nship on a holding pattern where no one else can touch it.
I don't suffer from insanity, I enjoy every minute of it!
Remember its only secure in the sense that you can tell that someone is sniffing the wire (fibre) because a packet (quanta) is altered. It does not stop someone reading this data if they really want / dont care about being known.
You now need to build software on top that shuts down/reroutes the link if its not happy that the route is secure.
For point to point applications (aggregated backbones etc) its great. For general networking
(espicially multiplexed / contention based paradigms we have now) its not such a big deal.
We will have to change the whole protocols, as you say to IP8 or whatever is needed.
This type of thing will become necessary once sufficiently powerful quantum computers become available, but until then - it is pretty hard to think of any applications for this that more conventional symmetric cryptography such as AES can't address.
said Bob Gelfond, founder and CEO of MagiQ Technologies. "No
matter what advances occur in digital computing, quantum encryption can never
be deciphered, read or copied.
These kinds of statements always amuse me. It may be the toughest thing yet, but there's no saying that our understanding of some of the properties of quantum physics aren't flawed. Science may yet prove him wrong.
Where's my lobbyist? Right here.
I will be the first to admit that I am somewhat ignorant in this matter. My understanding is that current crypto systems rely on the fact that keys take an extremely long time to be brute forced because currently computers are not efficient at all at factoring.
As I mentioned before I am ignorant when it comes to this but doesn't it seem a little naive to say that their technology is 100% secure? I read the pdf and it sounds impressive but I still don't know about anything really being 100% secure for all time.
Quantum cryptography (at least in under current theory) cannot be cracked, or intercepted, or decoded twice by two different entities. It is the king of the mountain as far as secure goes.
There are huge problems in trying to transfer the information using quantum cryptography in a non point to point situation, but then again, isn't the point of cryptography (most of the time) to keep your communication as point to point as possible?
Some day, the only way to transfer your information completely securely will be to lock that info into the spin of an electron, or the polarity of a photon, and store those in some secure phyisical media. Then transfer that physical media to the intended recipient, and later verify with them that they are the ones that decoded it. It'll be a pain, but it might be the only way to actually be secure in the end.
Hopefully someone finds a way to automate that system to an extent, without losing it's completely secure nature. Optical switching that somehow manages not to touch that photon? Hmm..
In this case though, quantum cryptography, and quantum computing both have a lot to do with how secure your data can be.
See Bruce Schneier's comments about Magiq and quantum cryptography at Schneier.com:
To quote:
This isn't new. The basic science was developed in the early 1980s, and there have been steady advances in engineering since then. I describe how it all works--basically--in Applied Cryptography, 2nd Edition (pages 554-557).
I don't have any hope for this sort of product. I don't have any hope for the commercialization of quantum cryptography in general; I don't believe it solves any security problem that needs solving. I don't believe that it's worth paying for, and I can't imagine anyone but a few technophiles buying and deploying it.
It's not that quantum cryptography might be insecure; it's that we don't need cryptography to be any more secure.
I was looking at this, and reading about it, and read how you cannot determine the state of the photons without changing their state, so someone cannot "watch" the photons fly past without affecting them. I'm assuming the black box on the other end is somehow able to read the original photons correctly?
However... What if someone were to have their own "black box", break the fiberoptic line, put one end into the receiver of their black box, and the other end out. That way you wouldn't be watching the photons go by, and affecting them. You could read them with your own black box, then re-transmit the correct photon.
Admittedly, this would be expensive, but if you are in dire need of reading something that had to be secured with quantum encryption, then money probably isn't of much concern.
Is this an incorrect assumption, or analysis on my part? I'm not a quantum physicist by any means, but I couldn't glean enough info from the articles to tell otherwise.
-Jesse
Nothing says "unprofessional job" like wrinkles in your duct tape.
As far as I know, this quantum "cryptography" prevents just passive evesdropping (where the parties are able to notice evesdropping because of this quantum "cryptography"), but as it doesn't include any kind of authentication, active attact (where all the messages are captured and the attacker is able to send his own messages) should be successfull. It is possible for Eve to just hijack all the messages and pretend to be Bob when communicating with Alice and to pretend to be Alice when communicating with Bob. It is of course possible to make this "cryptography" more secure by using some classical cryptographical methods, like authentication. But if we have rely to public key algorithms (which might become obsolete by advances in quantum computing), then it is not clear to me what is the advantage of using quantum cryptography in the first place. If somebody has answer to this question, I would be glad to hear it.
Reading datas alter them. So the man in the middle will be detected.
This is true for a passive attack, i.e., one were the attacker can only eavesdrop on a connection. However, in a man-in-the-middle attack, the attacker can also arbitrarily modify data. In particular you can have the following situation:
Here Alice thinks she is talking to Bob, but in fact she's talking to Eve, who decodes her packets, re-encodes them, and sends them to Bob. Unless Alice and Bob have some authentication mechanism (say, a shared secret key, or the other's public key), they have absolutely no way to tell that this is going on. The ability to detect eavesdropping on the quantum channel doesn't help at all, since Eve isn't eavesdropping - she's tunneling between two physically separate channels. Quantum cryptography does not differ in this respect from conventional cryptography: it's a basic fact of communication - how do you establish that the bits you are receiving come from the person/system from who you think they come?
Quote from one of the articles:
In order to work in a networking environment and at greater distances, quantum repeaters - a kind of rudimentary quantum computer - must be added to regenerate the quantum bits.
If these quantum repeaters can regenerate the quantum bits, could they not also read the quantum bits??
What I found rather peculiar about his view was that the reason he didn't like quantum cryptography was because it enabled organizations, such as a corrupt government perhaps, to be able to use this effectively unbreakable communication technique in order to avoid accountability to anyone else, while as long as encryption technologies remain crackable, there would always be some risk of being accountable to others for what they are communicating about.
It didn't even seem to matter to him that his own communications would be secure with this technology... he just didn't like the idea of technology introducing a break in a chain of accountability.
File under 'M' for 'Manic ranting'
Your description is almost right, but after receiving the photons, Bob can't tell which ones were "good" or "bad". Instead, the two parties have to exchange cleartext information about which bases they used. Then the ones where they matched are the good photons which can encrypt the message.
The problem is with this cleartext message about the bases. How do you stop an intermediary from altering this message, which could hide her attempts to snoop on the photons? This is the problem of sending an authenticated message, and quantum crypto won't help you with this.
To send the authenticated cleartext message, you either need a tamper-proof channel between the parties, which is usually physically impossible, or you have to fall back on regular crypto, either public key or pre-shared key. So ultimately the supposedly unbreakable security of quantum crypto is in fact dependent on conventional cryptography. And if you're relying on conventional crypto anyway, why go to the expense of using quantum crypto?
In short, there is a great deal of hype here. When closely examined, the physical and computational requirements of quantum crypto don't make sense for the real world. You either need an unrealistic tamper-proof channel, or you rely on regular crypto and get no more security than conventional crypto gives you.
Your assumption that "because it's always happened before, it must happen again" is a faulty one, doubly so since the method of encryption is so fundamentally different from any other method. It would be like saying the following:
Make sense? Didn't think so.
Is quantum crypto provably flawed?
.1 photon to reduce the probability of generating a two-photon pulse that could be split and eavesdropped undetectably."
I see tons of posts stating the the link is "absolutely" secure, but it seems that isn't really the case. (see the bottom of the page.)
What strikes me about all this is the following section:
"each pulse should be attenuated to an average of about
What that says to me is that there is not way to 100% know you're transmitting just one photon.
It sounds like there's no device that is capable of transmitting one and only one photon with 100% reliability. If this is the case, a lot of the arguments about how secure this is are vastly overstated.
In the end QC would be vulnerable to a man-in-the-middle attack by watching for multi-photon emissions.
If this is the case, a lot of the noise surrounding QC could turn out to be hype. Is there a quantum physicist in the house?
Life is too short to proofread.
Wrong. Mathematics is both the language of the universe and the language of Physics (Mathematics and Physics are the only true understanding of our universe). Physics is unequivocally bound to Mathematics. Mathematics is not unequivocally bound to Physics. Mathematics itself is not bound to physical application, it is as perfect puzzle pieces to a grander system, its existence, laws and logical truths allows Physics to exist.
Pure Mathematics is absolutely unforgiving. Applied Mathematics, such as Physics, only appears forgiving if the system is setup incorrectly for your model.