Slashdot Mirror


Quantum Cryptography Leaving the Lab

Theodore Logan writes "More than a year ago, MagiQ announced the world's first commercial quantum cryptography system (pdf), with ID Quantique following closely in their footsteps. Currently, the technology is limited to offering point-to-point connections up to a maximum distance of around 50 km, but this is likely to be greatly improved on in coming years. The systems available today are prohibitely expensive for the average Joe (MagiQ's are priced at more than $50,000 per unit), but one could envision a future in which they are built into the infrastructure by non-end user actors. Does this spell the end of the field of cryptography? Will systems like this ever become commonplace, or will they be reserved for sensitive financial transactions and military applications? What impact will quantum cryptography have on society? Good articles available from International Herald Tribune, EE Times and CNET."

97 of 345 comments (clear)

  1. It's worse than that, it's physics Jim by Space+cowboy · · Score: 5, Informative


    Since they make a point that they "Rely on the laws of physics", they're bound by them too (maths is far more forgiving :-). Both systems rely on the quantum state of photons being undisturbed, so they can only be used between point-to-point optically-networked devices assuming the act of optically switching the packets has the same effect as reading them (the quantum state will be lost). If this is true, no secure networks could be mass-produced using this, unless you trust all the intervening nodes...

    OTOH, it's the first generation of these devices, and perhaps IPv8 will somehow encode an encryption hierarchy (packets get encrypted sequentially in one direction, and decrypted on the way back, assuming the same route is taken, each node only needs to know the encryption to the next one worked ok to guarantee the encryption was ok. You'd still want to be in control of all the nodes along the way though...)

    As for price - if they can solve the networking issue, that'll come down dramatically - it'll be onboard in the equivalent of the BIOS that we have in ten years time (when we all have fibre to the home. Possible optimistic :-)

    Simon

    --
    Physicists get Hadrons!
    1. Re:It's worse than that, it's physics Jim by TedCheshireAcad · · Score: 5, Insightful

      It's nice for creating secure point-to-point links, but that's only roughly half of data security. Transmission security is great, but what happens when someone steals the hard drive out of the server?

      With all due respect to the quantum guys, the traditional byte-crunching cryptography kind of has the market by the balls here.

    2. Re:It's worse than that, it's physics Jim by jbf · · Score: 5, Insightful

      Being a networking geek as well as a security geek, I'll point out that the way Internet routing currently works, based on the commercial nature of the Internet, means that almost no routes are symmetric. This is because policies like hot potato routing, where one provider tries to get rid of a packet as quickly as possible. For example, if Sprint and UUNET have exchanges in San Francisco and DC, and a packet goes from a Sprint customer in Sacramento to a UUNET customer in Baltimore, the packet from Sac to Baltimore will go Sprint to San Fran and UUNET the rest of the way, but the return packet will go UUNET to DC and Sprint the rest of the way.

      Also, hop-by-hop security is not end-to-end security, so even if you do have all the routers in IPv8 using hop-by-hop encryption over petabit links, you'll still need end-to-end security.

      So to answer the question in the post, unless you can afford a leased line with a single fiber, and that fiber is lossless enough to not need repeaters, this is only for things like financial institutions and spy networks.

    3. Re:It's worse than that, it's physics Jim by Anonymous Coward · · Score: 3, Interesting

      Remember its only secure in the sense that you can tell that someone is sniffing the wire (fibre) because a packet (quanta) is altered. It does not stop someone reading this data if they really want / dont care about being known.

      You now need to build software on top that shuts down/reroutes the link if its not happy that the route is secure.

      For point to point applications (aggregated backbones etc) its great. For general networking
      (espicially multiplexed / contention based paradigms we have now) its not such a big deal.

      We will have to change the whole protocols, as you say to IP8 or whatever is needed.

    4. Re:It's worse than that, it's physics Jim by Rotting · · Score: 3, Insightful

      I was under the impression that quantum computing might bring the power needed (factoring) to give people the ability to brute force RSA, 3DES, etc...

      So wouldn't that make the secure transfer of the keys somewhat pointless?

    5. Re:It's worse than that, it's physics Jim by T-Ranger · · Score: 4, Insightful
      Quantum computing and Quantum cryptography are NOT the same thing.

      Realy Fast computers, including quantum computers, will brute force traditional (math based) crypto quicker then is possible now. Quantum cryptography is uncrackable unless you can figgure out a way to get around Heisenberg.

    6. Re:It's worse than that, it's physics Jim by Annoying · · Score: 5, Informative

      You are missing the ideal application of this. Transmitting one time pads and ensuring they have not been compromised in transit. Properly generated one time pads are the only uncrackable cryptography but suffer from the problem of transmitting the key. So the data can't be accessed even if sent over a normal network so long as you know that the pad wasn't compromised. Quantum cryptography allows you to *know* that the pad wasn't compromised.

    7. Re:It's worse than that, it's physics Jim by qcomp · · Score: 2, Informative
      I was under the impression that quantum computing might bring the power needed (factoring) to give people the ability to brute force RSA, 3DES, etc...

      RSA and other public-key cryptosystems relying on the (presumed) difficulty of things like factoring, finding solutions of the Pell Equation or computing Gauss sums are compromised by a quantum computer. DES, on the other hand, is a block cipher key and AFAIK there is no specific quantum-enhanced attack on it.

      So wouldn't that make the secure transfer of the keys somewhat pointless?

      no, since the ultimate encryption algorithm - which is unbreakable by both quantum and classical computers) just needs a secret random string of the same length as the message ("Vernam cipher") -- and this is just what "quantum cryptography" (quantum key distribution) allows to generate.
      distributing keys is only made pointless by a QC if you want to use them in a sub-par way, sending a message much longer than the key.

    8. Re:It's worse than that, it's physics Jim by qcomp · · Score: 2, Informative
      As long as it resolves to ones and zeros, it can be broken. Perhaps not easily, but it can be, if it is based on any arithmatic. In the end, it may prove that traditional crypto is more secure, using huge keys.

      wrong and right! The Vernam cipher or one-time pad is a provably secure encryption method. But is indeed a classical method that involves a key which is as long as the message. Quantum ethods only come in as a method (the only known one) for provably securely distributing such keys.

    9. Re:It's worse than that, it's physics Jim by Listen+Up · · Score: 2, Interesting

      Wrong. Mathematics is both the language of the universe and the language of Physics (Mathematics and Physics are the only true understanding of our universe). Physics is unequivocally bound to Mathematics. Mathematics is not unequivocally bound to Physics. Mathematics itself is not bound to physical application, it is as perfect puzzle pieces to a grander system, its existence, laws and logical truths allows Physics to exist.

      Pure Mathematics is absolutely unforgiving. Applied Mathematics, such as Physics, only appears forgiving if the system is setup incorrectly for your model.

    10. Re:It's worse than that, it's physics Jim by Deadplant · · Score: 2, Funny
      And we don't fully understand quantum physics, thus we can't be sure there isn't a way to generate something as funny sounding as an Anti-Heisenberg (insert star trek technical sounding blubbering) field. :)
      FYI they're called Heisenberg compensators and they can be found in the transporter systems.
    11. Re:It's worse than that, it's physics Jim by advance512 · · Score: 2, Informative

      RSA and 3DES are completely different. The first is an asymmetrical encryption algorith, the second is symmetrical. The point of asymmetrical encryption algorithms (or at least this one and all others I know of) is to solve the problem of key transportation - you need to send secure data to someone, so you want to encrypt it. But how do you give him the key, as you have no secure channels? RSA solves that by having a public and a private key, a public key which anyone can get to encrypt data, and a private key which only you have that can decrypt the data encrypted using the public key. Problem solved. The private key cannot be easily deduced by examining the public key or the encrypted data, and that has been proven mathematically. The amount of calculations needed to find the key depend on the key length, but it takes a very large amount of time for even the shortest length keys (we're talking decades). This process is called factoring and relies on a certain meaning being in the key, a certain logic. Quantum Computing (which I am not even going to try and explain) has way more computing power than today's computers for certain algorithms, and factoring algorithms are some of these. So, using quantum computers, factoring the private key of an RSA key-pair is a lot faster. Now, this is irrelevant when we're talking of Quantum Encryption, which has no connection at all to quantum computing, in this context. So don't mix the two terms. Quantum encrytion is a method of transferring data securely relying on certain physical laws to make sure that no one can read the data without the receiving side knowing of the leak. This has nothing at all to do with either symmetric or asymmetric encryption algorithms - it is a secure channel, and so - a solution to both the key transfer problem and better yet - to simple data transfer. The product reviewed here solves the key transfer problem by using quantum key transfer - this is a secure link based on quantum encryption (afaics), though apparently not very fast, as they could simply transfer the data but chose not to. This transfered key is used as a symmetric key in a symmetric encryption algorithm (which uses the same key to encrypt and decrypt data), which can be DES or 3DES in the QPN (from what I could see). Factoring isn't something related at all to symmetric algorithms. That's like talking of a clutch pedal for a car with an automatic gear: not relevant at all. The key in a symmetric encryption algorithm is simply a random number, which cannot be logically deduced looking at plain encrypted data, nor is there a public key (well, not exactly, but for this simplistic discussion - this will do). This is in contrast to the keys in an asymmetric encryption algorithms. And so, quantum computing will not help with this. (Even though I assume brute-forcing might be faster using quantum computing). I hope that clears it up a bit. The one thing I don't really get is that they do oddly talk of Diffie-Hellman in the QPN data sheet - if anyone can clarify this, I'd be interested to hear the explanation, as it makes no sense: Diffie-Hellman is an algorithm used for secure key transfer (generation actually), though it has its own vulnerabilities and downsides. I am not sure how this is related to quantum key transfer, though I assume it is just a method to transfer keys securely internally in a deeper layer of the system, beneath under the quantum key transfer layer - to prevent decryption, even if someone hacks into the system circulating the quantum encryption protection. Sorry for any typos, too tired to proofread this.

    12. Re:It's worse than that, it's physics Jim by advance512 · · Score: 2, Informative

      Oops. Let's try again, as Plain Old Text. Mods, delete the other post.

      RSA and 3DES are completely different. The first is an asymmetrical encryption algorith, the second is symmetrical.

      The point of asymmetrical encryption algorithms (or at least this one and all others I know of) is to solve the problem of key transportation - you need to send secure data to someone, so you want to encrypt it. But how do you give him the key, as you have no secure channels? RSA solves that by having a public and a private key, a public key which anyone can get to encrypt data, and a private key which only you have that can decrypt the data encrypted using the public key. Problem solved. The private key cannot be easily deduced by examining the public key or the encrypted data, and that has been proven mathematically. The amount of calculations needed to find the key depend on the key length, but it takes a very large amount of time for even the shortest length keys (we're talking decades). This process is called factoring and relies on a certain meaning being in the key, a certain logic.

      Quantum Computing (which I am not even going to try and explain) has way more computing power than today's computers for certain algorithms, and factoring algorithms are some of these. So, using quantum computers, factoring the private key of an RSA key-pair is a lot faster.

      Now, this is irrelevant when we're talking of Quantum Encryption, which has no connection at all to quantum computing, in this context. So don't mix the two terms. Quantum encrytion is a method of transferring data securely relying on certain physical laws to make sure that no one can read the data without the receiving side knowing of the leak. This has nothing at all to do with either symmetric or asymmetric encryption algorithms - it is a secure channel, and so - a solution to both the key transfer problem and better yet - to simple data transfer.

      The product reviewed here solves the key transfer problem by using quantum key transfer - this is a secure link based on quantum encryption (afaics), though apparently not very fast, as they could simply transfer the data but chose not to. This transfered key is used as a symmetric key in a symmetric encryption algorithm (which uses the same key to encrypt and decrypt data), which can be DES or 3DES in the QPN (from what I could see). Factoring isn't something related at all to symmetric algorithms. That's like talking of a clutch pedal for a car with an automatic gear: not relevant at all. The key in a symmetric encryption algorithm is simply a random number, which cannot be logically deduced looking at plain encrypted data, nor is there a public key (well, not exactly, but for this simplistic discussion - this will do). This is in contrast to the keys in an asymmetric encryption algorithms. And so, quantum computing will not help with this. (Even though I assume brute-forcing might be faster using quantum computing).

      I hope that clears it up a bit.

      The one thing I don't really get is that they do oddly talk of Diffie-Hellman in the QPN data sheet - if anyone can clarify this, I'd be interested to hear the explanation, as it makes no sense: Diffie-Hellman is an algorithm used for secure key transfer (generation actually), though it has its own vulnerabilities and downsides. I am not sure how this is related to quantum key transfer, though I assume it is just a method to transfer keys securely internally in a deeper layer of the system, beneath under the quantum key transfer layer - to prevent decryption, even if someone hacks into the system circulating the quantum encryption protection.

      Sorry for any typos, too tired to proofread this.

    13. Re:It's worse than that, it's physics Jim by Listen+Up · · Score: 2, Informative

      Wow, please do some research before posting. To truly understand the philosophy of Godel's theorem, you have to understand what he is talking about. Even in a 'perfect' system, you can create paradoxes out of the rules. This does not mean that the universe exists in any form of paradox or paradoxes within the universe exist naturally. It is correct to understand that Godel artificially created a system of paradox using mathematics, but he does not prove that mathematics can never be complete.

      Godel, although brilliant, has created a philosophy. Science and philosophy are an interesting dance, but science always wins.

      I believe you are also not clearly thinking out something you are referring to called "self-referential paradox". The symbolic systems we use to describe the universe are not separate from the universe: they are a part of the universe just as we are a part of the universe. Since we are within the system, our understanding is 'the system modeling itself'. The paradox you are referring to is that the completion of the model can never happen because of the basic self-referential paradox: The model is within the universe. Or you can view it n another way: The model models the universe. The universe includes the model. The model must model itself. The model must model the model of itself.. ad absurdum. This is interesting, although it would enlighten you to search in Google (since I am not sure you have access to a University research Library) and look for "Godel Incompleteness Theorem Counter Proofs". Godel appears to clearly not be a mechanist.

      On an interesting note to the CS majors on Slashdot. Godel also predicted that Artificial Intelligence can never be achieved, as there are only a finite number of variables that can be calculated using a machine. Will this be proven true? I do not believe so. As Godel was apparently not a mechanist, it follows that he would have concluded that statement.

      In layman's terms, do some research before posting a reply next time, Anonymous Coward.

    14. Re:It's worse than that, it's physics Jim by Zangief · · Score: 2, Funny

      Quantum cryptography is uncrackable unless you can figgure out a way to get around Heisenberg.

      Bah, how difficult it can be?...

    15. Re:It's worse than that, it's physics Jim by acgetchell · · Score: 2, Informative

      There's a number of inaccuracies/misconceptions here. Let's clarify:

      First, the magic of Quantum Cryptography is NOT that the signal cannot be eavesdropped on without being detected -- that's simple non-relativistic quantum mechanics. The trick to QC is that there's an algorithm which can calculate exactly which bits were sniffed, so that a key can be composed of the remaining safe bits. For example, I wish to transmit a PGP private key of 2048 bits. Eavesdropper E picks up half the message. Using QC, I can calculate which part of the message was compromised, and construct the private key of the 1024 bits that are pristine (this is an oversimplification: the algorithm is nondeterministic, but that's the essential point).

      Classical switching, such as networks, cannot occur in QC, because no FANOUT operation is allowed. This is a consequence of the no-cloning theorem.

      QC can be done with photons, molecules in NMR, electrons, etc. Anything that can be reduced to an EPR pair (or alternately, a Hadamard gate) is a basis for QC.

      A quantum computer, by itself, does not give you an O(1) prime-number crunching machine. You need an algorithm which can leverage the strength of the quantum computer. Shor's algorithm does polynomial-time factoring of numbers, and Grover's algorithm does O(sqrt(N)) selection from a list.

      Finally, we have a pretty good handle on NRQM and even Quantum Field Theory; quantum mechanics is pretty-well understood in the realm of physics we observe now.

      And before someone says "quantum gravity", first tell me what you mean by the term, since it really hasn't been defined yet in terms of physical theory -- meaning there are lots of candidates (string theory, braneworlds, Kaluza-Klein theory, etc), but no results.

      --
      "Invincibility is in oneself, vulnerability in the opponent." --Sun Tzu
    16. Re:It's worse than that, it's physics Jim by Brinkmanship · · Score: 2, Informative

      Actually if the quantum channel is 100% efficient there is no way to break the code as any act of eavesdropping will completely destroy the eavesdropped content and the eavesdropper will not be able to reproduce the lost content to send on to the receiver because she only has one half of an Einstein-Podolsky-Rosen pair, the other half of which is held by the transmitter.

  2. How easy is it to implement ? by SloWave · · Score: 5, Interesting


    I've seen that regular geeks can build things such as quantum force microscopes in their own homes, how hard would it be for someone to build a quantum crypto system?

  3. point to point by TedCheshireAcad · · Score: 2, Funny

    Great, point to point security, but how do I encrypt all my pr0n with it?

    1. Re:point to point by Adriax · · Score: 2, Interesting

      Stick both ends onto your computer with a 49km loop of cable connecting the two. Then just compress your data, and send it through the loop constantly.
      Kinda like putting your pr0nship on a holding pattern where no one else can touch it.

      --
      I don't suffer from insanity, I enjoy every minute of it!
    2. Re:point to point by Rick.C · · Score: 5, Funny
      how do I encrypt all my pr0n with it?

      I've heard you can use steganography to hide your data in .JPGs ;)

      --
      You were 80% angel, 10% demon. The rest was hard to explain. - Over The Rhine
      "Math in a song is good."-Linford
  4. MagiQ server at bargain based prices by stecoop · · Score: 4, Insightful

    So we had a slashdot article today about CEOs should be held responsible for security at their organization. Then the law should be written to hold companies responsible for security should be fined 3 x $50,000 = +-$150,000. That would make MagiQ' server a bargain at only $50,000.

  5. Quantum Cryptography by Anonymous Coward · · Score: 5, Insightful

    I never understood how quantum cryptography is not vulnerable to normal man in the middle attacks. Anyone care to explain?

    1. Re:Quantum Cryptography by AndrewHowe · · Score: 4, Insightful

      The man in the middle can't reliably retransmit, so can always be detected. Unfortunately, as I see it, this means that he can DOS the connection.

    2. Re:Quantum Cryptography by fullpunk · · Score: 5, Informative

      Reading datas alter them. So the man in the middle will be detected. I'm not a professional, but I understood that you have to destroy the photon to read its information.

    3. Re:Quantum Cryptography by Anonymous Coward · · Score: 3, Informative

      The key is sent with a single photon for a bit. A simple way of looking at it is that by measuring (spying) the photon, you unavoidably change it (randomly flip the bit), causing checksums in the protocol to fail and alarm bells to go off. Heisenberg's Uncertainty Principal or something.

    4. Re:Quantum Cryptography by Xeo+024 · · Score: 5, Informative
      Here is a nice article I found about it:

      The purpose of cryptography is to transmit information in such a way that access to it is restricted entirely to the intended recipient. Originally the security of a cryptotext depended on the secrecy of the entire encrypting and decrypting procedures; however, today we use ciphers for which the algorithm for encrypting and decrypting could be revealed to anybody without compromising the security of a particular cryptogram. In such ciphers a set of specific parameters, called a key, is supplied together with the plaintext as an input to the encrypting algorithm, and together with the cryptogram as an input to the decrypting algorithm.The encrypting and decrypting algorithms are publicly announced; the security of the cryptogram depends entirely on the secrecy of the key, and this key must consist of any randomly chosen, sufficiently long string of bits.

      Read more here

    5. Re:Quantum Cryptography by VCAGuy · · Score: 4, Informative

      Essentially, Quantum Cryptography works because of Heisenberg's Uncertainty Principle and a thought experiment known as Schrodinger's cat. Basically, when one of these devices transmits a bit, it does so as a single photon with a known "spin." By observing that photon, you modify the very physical properties of that photon and corrupt the data. The man in the middle has no way to reconstruct the data because he has no way of knowing the given properties of a photon in the seqence. Further, that serves to DOS the connection (becuase the man in the middle cannot retransmit the same quantum sequence), thus causing the units to switch off and declare an alarm.

      It's similar to Schrodinger's cat: Schrodinger comprised a thought experiement where a cat was put into a sealed box with a poison and a radioactive atom. In the course of 1 hour, the atom has a 50/50 chance of decaying, thus killing the cat. At the end of the hour, the cat is neither dead or alive, but in a state of flux. It's not until you observe the system that you fix the state of the cat as being dead or alive.

      --
      Q: "Why do sound techs say 'check 1, 2'?"
      A: "Cause if they could count any higher they'd be lighting techs."
    6. Re:Quantum Cryptography by AndrewHowe · · Score: 2, Informative

      Sort of. It's part of a negotiation sequence. Read Xeo 024's qubit.org link, it explains it pretty well.

    7. Re:Quantum Cryptography by Anonymous Coward · · Score: 3, Funny

      Unfortunately, as I see it, this means that he can DOS the connection.

      Er well to do anything at all with a quantum line you need access to the fiber, at which point Denial of Service is most easily performed with a large axe. :->

    8. Re:Quantum Cryptography by Elwood+P+Dowd · · Score: 2, Funny

      Yeah, what your other respondent said.

      The definition of a man in the middle is that he can DOS your connection. There's no communication method that isn't vulnerable to disconnection. Even telepathy, as evidenced by Magneto's anti-Xavier helmet.

      --

      There are no trails. There are no trees out here.
    9. Re:Quantum Cryptography by Mateito · · Score: 2, Funny

      > Unfortunately, as I see it, this means that he can DOS the connection.

      As you saw it, you DOS'ed it. :)

      (Quantum wave funcion collapse induced by observation. Play on words. Hey.. give me a break.. its Monday).

  6. Solution looking for a problem by heironymouscoward · · Score: 4, Insightful

    For a niche market, it may be useful. But the mass market is hardly suffering because of weak cryptography.

    New technologies gives us a nice warm feeling, but the banal truth is that what most people need is better use of existing technology.

    Still, I assume spooks and crooks will be investing heavily in quantum cryptography, and we'll see the first quantum walkie-talkies within 10-15 years.

    --
    Ceci n'est pas une signature
  7. Does this spell the end of the field... by Anonymous Coward · · Score: 3, Informative

    Does this spell the end of the field of cryptography?

    Uh, no. Quantum key distribution is completely useless unless you have a cryptographic algorithm and protocol using that key for encryption. I suppose you could just send the message over quantum channels, but a quantum channel for key distribution is probably many orders of magnitude too slow for the acutal data.

    1. Re:Does this spell the end of the field... by gpinzone · · Score: 4, Informative

      There's no guessing about the encryption method. It's a One Time Pad. Only the key is sent through the quantum link. After it's received, you can send the encrypted data any way you like. Send it over the Internet though the most insecure channels. It makes no difference as long as the key is secure and non-deterministic.

    2. Re:Does this spell the end of the field... by Anonymous Coward · · Score: 2, Insightful

      Er if the link is to slow for the data it is to slow for an OTP key... it has to be the same size as the data.

      (Or do they mean that the quantum link will be transmitting OTP key continously..? How will the parties know which part of the key to use? Er ok they could transmit that on the quantum channel too... maybe it could work.)

    3. Re:Does this spell the end of the field... by Theodore+Logan · · Score: 3, Informative

      Who the hell moderated this informative? QC uses one time pads, and since one time pads are provably secure, that's that. No need for fancy cryptographic algorithms. The "quantum" bit of it merely ascertains that the pad was not read by a man in the middle by making use of the EPR paradox, but other than that, this is the same algorithm as Gilbert Vernam developed more than 80 years ago (which is why one time pads are sometimes called Vernam ciphers).

      --

      "If you think education is expensive, try ignorance" - Derek Bok

    4. Re:Does this spell the end of the field... by Rich0 · · Score: 2, Informative

      I suppose you could just send the message over quantum channels, but a quantum channel for key distribution is probably many orders of magnitude too slow for the acutal data.

      You can't just send the data over the quantum channel - it could be intercepted.

      Quantum cryptography does not prevent interception of messages. It merely allows the sender and recipient to know that a message was intercepted.

      So a practical QC scheme would be:

      1. Send one-time-pad to recipient.
      2. See if message was intercepted. If so, send somebody with a baseball bat down the wire to take care of the problem.
      3. If key was not intercepted, use it to encrypt the message and send that conventionally.

      If speed is a problem you could send a conventional symmetric key, but that is less secure than sending an OTP.

      While I'm sure QC is slower than 10gigabit ethernet over fiber, it is probably fast enough for many purposes. There really isn't any reason that it can't go as fast as any other technology. It just isn't that mature yet.

    5. Re:Does this spell the end of the field... by Rich0 · · Score: 2, Insightful

      Actually, they can specify what part of the OTP to use in the clear - as long as the OTP itself is secure you don't have to be secret about referring to it - as long as you don't re-use it.

      Even if the link is slow it could have value in situations where burst bandwidth is greater than the QC link, but average bandwidth is not, as long as the OTP is cached. The message is sent conventionally, and as long as enough cached OTP is available it could be decrypted instantly.

      QC can also be used to send symmetric cipher keys, but of course it is no longer unbreakable if you do that (but it does not rely on the difficulty of factoring primes or calculating discrete logs).

      QC is just an excellent mechanism for key exchange with the sender/recipient given complete knowledge of whether the key was intercepted (so that presumably they could discard the key if it were). You can't use it to directly send messages since it does not prevent interception - it just lets you know if it was intercepted...

  8. In the PDF by Rosco+P.+Coltrane · · Score: 4, Funny

    "No matter what advances occur in digital computing, quantum encryption can never be deciphered, read or copied"

    Linux already has an interface that you can move your critical documents to and they'll never be deciphered, read or copied: /dev/null

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  9. Insensitive Applications by handy_vandal · · Score: 4, Funny

    Will systems like this ever become commonplace, or will they be reserved for sensitive financial transactions and military applications?

    Quantum crypto will be very useful for insensitive financial/military applications. Example:

    "All right, you worthless son-of-a-bitch -- pay your goddamned taxes, or we blow you away!"

    -kgj

    --
    -kgj
  10. Re:Of course.. by Anonymous Coward · · Score: 4, Funny

    Dude, "quantum stuff" != "other quantum stuff".

    Nice attempt to score an easy +5 insightful...

  11. First thing that comes to mind... by DarkHand · · Score: 5, Funny

    Freenet: Quantum Encryption Edition

  12. Re:Of course.. by Amiga+Lover · · Score: 5, Funny

    I fear the Quantum DRM that'll follow.

  13. Agreed by Sanity · · Score: 3, Interesting

    This type of thing will become necessary once sufficiently powerful quantum computers become available, but until then - it is pretty hard to think of any applications for this that more conventional symmetric cryptography such as AES can't address.

  14. Link Security by silas_moeckel · · Score: 2

    All this is in link security it wills top people from tapping into fiber between endpoints (currently 50km not exactly usefull distance) this might be usefull for a paranoid campus setting or for military short distance communications. It would be nice for point to point open air laser links (I think it can be applied to that dont see any reason it cant but not 100% sure) But overall this dosent realy do much of anything usefull beyond that. I would hope they are working on longer distances though it would seem that since the quantum stuff is allways in sync and has little do to with speed of light while the laser light does have those issues so it would seem like a timing issue, again though in quantum physics I'm just an interested observer.

    --
    No sir I dont like it.
  15. Uh Oh by nate1138 · · Score: 5, Interesting

    said Bob Gelfond, founder and CEO of MagiQ Technologies. "No
    matter what advances occur in digital computing, quantum encryption can never
    be deciphered, read or copied.


    These kinds of statements always amuse me. It may be the toughest thing yet, but there's no saying that our understanding of some of the properties of quantum physics aren't flawed. Science may yet prove him wrong.

    --
    Where's my lobbyist? Right here.
    1. Re:Uh Oh by jponster · · Score: 2, Insightful

      but what if you have a quantum computer? surely this would break all conventional encryuption, but can a quantum computer beat quantum encryption?

      Anyone for a game of "Cryptographic Top Trumps"??

    2. Re:Uh Oh by Lord+of+Ironhand · · Score: 2, Informative
      No it can't. Conventional encryption relies on the fact that it is very hard to factor large numbers; and a quantum computer can break that since it can quickly factor large numbers.

      However, quantum cryptography does not rely on large numbers that are hard to factor, but on the fact that it is impossible (according to currently known physics, as correctly pointed out) for someone to eavesdrop without being detected.

      www.qubit.org has this explanation:

      The basic idea of cryptosystems (B) is as follows. A sequence of correlated particle pairs is generated, with one member of each pair being detected by each party (for example, a pair of so-called Einstein-Podolsky-Rosen photons, whose polarisations are measured by the parties). An eavesdropper on this communication would have to detect a particle to read the signal, and retransmit it in order for his presence to remain unknown. However, the act of detection of one particle of a pair destroys its quantum correlation with the other, and the two parties can easily verify whether this has been done, without revealing the results of their own measurements, by communication over an open channel.

      So to use this for safe communication, you would send some random data through the connection, and once you are sure there were no eavesdroppers, you can use this random data as the key for normal symmetrical encryption. And if the random key is as large as the data you encrypt with it, even normal symmetrical encryption can't be cracked with a quantum computer.

    3. Re:Uh Oh by Beryllium+Sphere(tm) · · Score: 5, Informative

      Shamir has already described how to attack quantum key exchange. His attack, which I've talked about before here, is like Alexander the Great's attack on the Gordian Knot. You don't try to solve a problem designed to be unsolvable: instead you step back and figure out what the *real* problem is and solve that.

      Besides the Shamir attack, there's always the wait-for-your-opponent-to-screw-up attack. One time pads are theoretically unbreakable, with mathematically provable security. This didn't stop the US from reading the Venona intercepts. The Soviets had used one time pads two times, and that mistake destroyed the security.

    4. Re:Uh Oh by TeatimeofSoul · · Score: 2, Interesting
      Oh, please! Everyone knows that QM is just a lowest order approximation of a massively non-linear theory, whatever it may be. And it's the linearity of QM that's at the root of the uncertainty principle, the non-cloning principle and, as someone wrote, Heisenberg's principal.

      Btw. The cryposystem you quoted is of a different kind than the machine in question here.

  16. Re:I was watching some TV the other day by Rosco+P.+Coltrane · · Score: 2, Funny

    Crypto is one of those feel-good technologies that costs people a lot of money but doesn't really do much for anyone in the end.

    Okay then, why don't you send me your credit card number in plain text then? no need to encrypt it, it's just feel-good technology, and I'm really an honest guy...

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  17. naive by Rotting · · Score: 2, Interesting


    I will be the first to admit that I am somewhat ignorant in this matter. My understanding is that current crypto systems rely on the fact that keys take an extremely long time to be brute forced because currently computers are not efficient at all at factoring.

    As I mentioned before I am ignorant when it comes to this but doesn't it seem a little naive to say that their technology is 100% secure? I read the pdf and it sounds impressive but I still don't know about anything really being 100% secure for all time.

    1. Re:naive by Boglin · · Score: 2, Interesting
      As they said, you pick you own encryption algorithm. Frankly, if you want perfect security, you aren't going to be using public key encryption.

      As an example of something that COULDN'T be broken, let's say you are trying to send a simply 1K text message. Now, all you need is a random 1K string that the text can be XOR'ed against. Now, this may seem pretty insecure; after all, they just have to cycle through all the possible 1K keys that you could have made to find the message. The problem is, though, that cycling through every possible 1K key will produce every possible 1K message. They can't tell if the message was "Buy!" with a key of "Sell" or if it was "Sell" with the key being "Buy!". Then again, if could have been "Duck" with the key being "5A*q".

      Of course, there are problems with this system. First, you have to use a new, random key each time you send a message. Furthermore, if you're sending a ten gig message, you need a ten gig key. Finally, and most importantly, you need a secure way of getting the key to the message recipient. The MagiQ is a secure way of sending that key. The problem of generating a truly random key can also be handled through quantum mechanics. All that's left is the issue of sending the giant keys, which is more of a timing issue than anything else.

  18. Quantum Crypto != Quantum Computing by ponds · · Score: 5, Informative

    Too bad quantum crypto and quantum computing have absolutely nothing in common.

    Quantum crypto is a misnomer, it isnt even crypto at all. It's an intrusion detection system. Quantum crypto works by sending sensitive photons through a tight channel as bits which will get disturbed by an eavesdropper. Where as electrical signal on a wire expects static, and a wiretap isnt noticed.

    Quantum computing however, works on electron entanglement, and is pretty far off.

  19. Re:Of course.. by brokenin2 · · Score: 2, Interesting
    OK.. sorry for summarising.. but quantum computers can crack conventional encryption in a single cycle. They make it trivial to factor things down to prime numbers, no matter how large. And since this is the basis of most current cryptography, they will obsolete our current cryptography.



    Quantum cryptography (at least in under current theory) cannot be cracked, or intercepted, or decoded twice by two different entities. It is the king of the mountain as far as secure goes.



    There are huge problems in trying to transfer the information using quantum cryptography in a non point to point situation, but then again, isn't the point of cryptography (most of the time) to keep your communication as point to point as possible?



    Some day, the only way to transfer your information completely securely will be to lock that info into the spin of an electron, or the polarity of a photon, and store those in some secure phyisical media. Then transfer that physical media to the intended recipient, and later verify with them that they are the ones that decoded it. It'll be a pain, but it might be the only way to actually be secure in the end.



    Hopefully someone finds a way to automate that system to an extent, without losing it's completely secure nature. Optical switching that somehow manages not to touch that photon? Hmm..



    In this case though, quantum cryptography, and quantum computing both have a lot to do with how secure your data can be.

  20. You, sir, are grossly misinformed by sczimme · · Score: 4, Insightful


    and I can't believe anyone actually modded you up. So crypto is just a "feel-good technolog[y]" and "doesn't really do much for anyone in the end"? Have you ever used a VPN? Or SSL? Or anything in the PGP/GPG genre? Why?

    Crypto is not perfect but it is extremely useful in certain situations. You apparently believe that since crypto doesn't solve all of our problems that we shouldn't use it at all.

    PS If you think that "a very determined person" stealing the machine will render all crypto ineffective, you need some remedial reading on the topic. (Not a flame - just an observation.) Here is a hint: multi-level security.

    --
    I want to drag this out as long as possible. Bring me my protractor.
  21. magiq whitepaper by dave_t_brown · · Score: 5, Informative

    Here is a whitepaper from MagiQ on their technology.

  22. Social Chaos and Anarchy by bruthasj · · Score: 2, Funny

    What impact will quantum cryptography have on society?

    It will be the end of us all! I will *never* purchase GMO-computers They will spread into neighboring villages and corporate monopolies such as Consanto will patent with royalties accumulated on a per atom basis.

    Oh, the humanity!

  23. Theorys and more by thogard · · Score: 4, Informative

    Quantom theorys are already out of the lab and in the real world. Old computer hardware is based on NAND and XOR gates but Toffoli and Fredkin gates are useful in the modern world and because you can revser them, once you start building DES/AES/RSA engines out of them, you can start to short circut some of the brute force attaces in very interesting ways. Combined with the real world ability to pre-compute and store data sets in the order of 3e12 bytes at a time, there are many crypt attacks now open to anyone with a good collection of hard drives.

  24. Re:Of course.. by tomstdenis · · Score: 5, Informative

    "OK.. sorry for summarising.. but quantum computers can crack conventional encryption in a single cycle. They make it trivial to factor things down to prime numbers, no matter how large. And since this is the basis of most current cryptography, they will obsolete our current cryptography."

    This is bullshit. First off, you have to assume that

    a) non-trivial Quantum computers can be constructed at all [who says there are not limits?]

    b) The time per solution is not greater than a brute force attack.

    I mean sure a single cycle AES cracker would be cool. But if the machine took 2^100 years to build who gives a shit?

    This type of hype always pisses me off.

    To boot as I understand it, QC only "attacks" in sqrt time by meet-in-the-middle approaches. So AES-256 would provide all the security ya need.

    Tom

    --
    Someday, I'll have a real sig.
  25. Bruce Schneier doesn't care for it by Anonymous Coward · · Score: 3, Interesting

    See Bruce Schneier's comments about Magiq and quantum cryptography at Schneier.com:

    To quote:

    This isn't new. The basic science was developed in the early 1980s, and there have been steady advances in engineering since then. I describe how it all works--basically--in Applied Cryptography, 2nd Edition (pages 554-557).

    I don't have any hope for this sort of product. I don't have any hope for the commercialization of quantum cryptography in general; I don't believe it solves any security problem that needs solving. I don't believe that it's worth paying for, and I can't imagine anyone but a few technophiles buying and deploying it.

    It's not that quantum cryptography might be insecure; it's that we don't need cryptography to be any more secure.

  26. Not a question of if, but when by dmccarty · · Score: 5, Insightful
    Every cipher scheme, from the Greeks' steganography to the Romans' alphabet substitution to today's 3DES and other schemes, has eventually been broken. It's unreasonable to believe that quantum cryptography will be invulnerable to attacks forever. It's not a question of if it can be broken, but rather when it will be broken.

    Perhaps someone will discover a work-around to Heisenberg's uncertainty principle, or perhaps researchers will find flaws in the implementation of the algorithm. But if history is any indication of the future, quantum cryptography will eventually be cracked.

    --
    Have fun: Join D.N.A. (National Dyslexics Association)
    1. Re:Not a question of if, but when by Cecil · · Score: 2, Informative

      That's not at all true. First of all, the quantum part is seperate from the cryptography part. It's primary purpose is to provide you a conduit over which you can send data and be absolutely sure that if someone other than your recipient saw it, the recipient will know.

      The one-time pad, which is only feasable by quantum cryptography, is impossible to decrypt without the key. Or rather, impossible to know which decryption is correct, as you can easily decrypt it into whatever you want.

      You have no idea whether:
      "5preio2309d91kcn2s02ia"
      actually means:

      "al-Qaeda strikes again" or
      "Hi there, how are you?" or
      "ZekdjEs322SKE#aap2MZal"

      and so on. You can say it means whatever you want, but you'll never really have any idea if that is what it meant or not unless you have the key.

      Yes, someone may break quantum cryptography, but to say that it will happen because is has happened before is silly.

  27. Solving the wrong problem by Paul+Johnson · · Score: 5, Insightful
    Quantum crypto is only useful over point to point for short distances because it relies on properties of photons that cannot be amplified (if they could be amplified then you could clone the signal and the security would be lost). Its also very very slow (kilobits per second at best). The way it is used is as a key distribution system. The heavy lifting of actually transmitting the data is done by ordinary crypto. So its no stronger than the ordinary crypto. The only thing in favour of quantum key distribution is that you can change the key very frequently.

    But these days if you want to intercept data then cracking the crypto is one of the last avenues you would try anyway. Far easier to crack the end points, suborn a trusted employee or any of the other common attacks. Security is only as strong as the weakest link. Quantum crypto merely reinforces one of the strongest links.

    --
    You are lost in a twisty maze of little standards, all different.
    1. Re:Solving the wrong problem by dmccarty · · Score: 2, Informative
      So its no stronger than the ordinary crypto.

      I think that's a little too simple. The quantim crypto part is used to transmit a one-time pad, which is probably unbreakable. However, one-time pads suffer from key-distributions problems, which is where the quantum bit--no pun intended*--comes in. So it makes for a nice marriage between the two.

      * A desparate punster submitted ten puns to a local newspaper to try to win the grand punster prize. His hopes were dashed, however, to find out that not only did he not win the prize, but no pun in ten did.

      --
      Have fun: Join D.N.A. (National Dyslexics Association)
  28. won't the Government just make this illegal? by RiotXIX · · Score: 3, Insightful

    I wouldn't be surprised if the Government prevented this from becoming common place: I remember them doing something like this before, where they wouldn't allow 40-bit encryption system for the public (or something like that), because it meant the NSA couldn't crack it in a reasonable time. Privacy is illegal. If the government can't tap your phone calls and read your e-mails, then they won't allow the public to use that technology. Or at least until the war on terrorism ends (should be sometime around the extinction of human nature and mankind).

    --
    "You know you don't act like a scientist, you're more like a game show host." Dana Barret
  29. What the hell?.. by Chitlenz · · Score: 2, Funny

    Is a non-end user actor?

    For some reason I have this vision of Gary Bussey making a drug deal...

    heh - chitlenz

    --
    Imagination is the silver lining of Intelligence.
  30. How quantum crypto works by ColonelPanic · · Score: 5, Informative

    (Based on memory of Bruce Schneier's description in Applied Cryptography)

    Alice sends Bob a series of polarized photons.
    There are four possibilities: -, |, /, and \.

    Bob sets up his polarization detector randomly so that each "qbit" is measured either for horizontal/vertical polarization or diagonal polarization. If a - or | photon hits the detector and it was set up for horizontal/vertical, he gets a good bit, otherwise a bad bit. And if a / or \ photon hits the detector and it was set up for diagonal polarization, same story. The key point is this: if the detector was set one way and the photon is polarized the other, it is in principle impossible to know its true polarization.

    So Bob has a sequence of photons, some of which he knows, and some he doesn't, and he knows which are which. He sends Alice a clear-text message saying which ones he knows. Alice then encrypts the true plaintext by XOR'ing it with the values of the photons that Bob knows, using some convention like "- and / are 0, | and \ are 1".

    Example:
    Alice sends...: - \ - | / - | (random)
    Bob's detector: + + X + X X + (random)
    Bob's result..: - ? ? | / ? |
    Bob's response: 1 0 0 1 1 0 1
    Key...........: 0 1 1 1


    If Eve tries to listen in on the photons Alice sends to Bob, she perturbs them irrevocably.

    A bad description -- go buy Bruce's book for a better one.

    --
    "Skill shows through where genius wears thin." -Wittgenstein || Religion: uniting aviation and architecture.
  31. Because linear key improvement isn't an advantage. by expro · · Score: 5, Informative

    The reason most encryption works is because when you linearly increase key size, you exponentially increase the amount of time required to crack the key if you have no special knowledge, meaning it is much more difficult (impossible for practical purposes) to decrypt without a key than encrypt or decrypt with the necessary keys.

    Doubling the key size may only double the work of the one encrypting and decrypting using a key but exponentially increases the work of the one trying to break it without a key. Almost no matter how easy it is to crack a short key, you can increase key size until the advantage of linear versus exponential is overwhelming.

    But quantum computing -- encoding the problem into the quantum matrix, not to be confused with the quantum encryption described in this article -- threatens to be able to solve such problems in linear time instead of exponential time.

    This means that when the user doubles the size of his key instead of exponentially (enormously) increasing the amount of work to solve the problem, it only doubles the amount of work required to crack it, which would make decryption a simple footrace even if you do not have the key, if the amount of work required to crack the key is proportional to the amount of work required to encrypt / decrypt instead of an exponential relationship.

    Primes would not seem to be adequate at all, if quantum computing allows them to be solved linearly. At best, if you could find something that had the difficulty of non-quantum primes under quantum computing, then perhaps you could use that.

  32. A way to break it? by Enigma_Man · · Score: 3, Interesting

    I was looking at this, and reading about it, and read how you cannot determine the state of the photons without changing their state, so someone cannot "watch" the photons fly past without affecting them. I'm assuming the black box on the other end is somehow able to read the original photons correctly?

    However... What if someone were to have their own "black box", break the fiberoptic line, put one end into the receiver of their black box, and the other end out. That way you wouldn't be watching the photons go by, and affecting them. You could read them with your own black box, then re-transmit the correct photon.

    Admittedly, this would be expensive, but if you are in dire need of reading something that had to be secured with quantum encryption, then money probably isn't of much concern.

    Is this an incorrect assumption, or analysis on my part? I'm not a quantum physicist by any means, but I couldn't glean enough info from the articles to tell otherwise.

    -Jesse

    --
    Nothing says "unprofessional job" like wrinkles in your duct tape.
    1. Re:A way to break it? by Molecular+Mechanic · · Score: 3, Informative

      You are thinking in terms of classical physics. On the quatum level, the properties that are to be measured do not actually exist until an attempt is made to measure them. All that exists is a wave function representing the combined probablities of the various properties momentum, spin, location, etc.

      Furthermore, in accord with the Heisenberg uncertainty principle, you cannot determine all of the properties, of, for example, an electron. Knowing (measuring) one property makes the others unknowable (NOT unmeasurable). For example, if you measure the postion of an electron, then you cannot also know the energy that electron has at that instant, and vice versa. Thus, what property you choose to measure determines what you can know.

      Back to crpto - the system uses spin as the property measured, because pairs of particles with opposite spins can be created and sent to different places. No one can know the spin of each particle until the measurement is made. At that point, the other particle must have the opposing spin (you now know this because of conservation of spin).

      If someone intercepts the particle, they must first know which property to measure. Once it is measured, though, they are exposed and the information is, essentially destroyed.

      The universe is nothing more that probability. See Douglas Adams for further elaboration.

      Molecular Mechanic

    2. Re:A way to break it? by Enigma_Man · · Score: 2, Interesting

      Well... What I'm thinking of is this: You originally have two "black boxes" one sending photons, and the other receiving. I'm assuming that the receiving black box can actually read the info it's supposed to be getting, right?

      Now... Assume you wanted to transmit that data further than the 100 km. the spec lays out. You would need three black boxes, one in the middle to receive from the first, and re-transmit the data as photons to the next black box.

      Can that be done? Or am I just lacking in knowledge about quantum physics (which I know I am, but I like to think I have some grasp of it). What I was proposing is that someone wanting to intercept the key could just break the line, play "man-in-the-middle", and to each side, it looks like the photons are getting through un-molested.

      -Jesse

      --
      Nothing says "unprofessional job" like wrinkles in your duct tape.
    3. Re:A way to break it? by menscher · · Score: 2, Informative
      It's been a few years since I've thought about QCrypto, but what you're proposing is an extension to the intended use.

      The "standard" use of these devices is for point-to-point communication. Put one end in the White House and the other in the Pentagon (about 40km away) and you have a communications channel that can not be sniffed without detection. So far, so good.

      But this doesn't scale well. Talking from DC to Moscow would probably require some sort of relay system, just as a relay system would be required if we wanted to have this enter people's homes (otherwise you'd need direct fiber connections between you and everyone you ever want to talk to). So now the relays need to be "trusted", and the possibility of a MITM attack is introduced.

      As you have discovered, QC protects the security of the link, not the endpoints, relays, etc.

      Disclaimer: IAAPP (I *am* a particle physicist)

  33. What is the use of this QC key exchange? by gay358 · · Score: 3, Interesting

    As far as I know, this quantum "cryptography" prevents just passive evesdropping (where the parties are able to notice evesdropping because of this quantum "cryptography"), but as it doesn't include any kind of authentication, active attact (where all the messages are captured and the attacker is able to send his own messages) should be successfull. It is possible for Eve to just hijack all the messages and pretend to be Bob when communicating with Alice and to pretend to be Alice when communicating with Bob. It is of course possible to make this "cryptography" more secure by using some classical cryptographical methods, like authentication. But if we have rely to public key algorithms (which might become obsolete by advances in quantum computing), then it is not clear to me what is the advantage of using quantum cryptography in the first place. If somebody has answer to this question, I would be glad to hear it.

  34. Re:I was watching some TV the other day by Comatose51 · · Score: 2, Insightful

    Obviously everything we use involves trade-offs. The more secure it is, the more difficult it is to use. Having a human courier might be very secure but I doubt Internet commerce would be where it is today if that's all we used. You have to weight the benefits and the costs. A blanket statement like that is silly. At some point, we have to decide that even if a technology is not absolutely secured, it is good enough. Whatever lost we might experience is offset by the gains. This is why we continue to use imperfect technology. If all we do is use the perfect solution, we wouldn't be pass sticks and stones in our development.

    --
    EvilCON - Made Famous by /.
  35. The statement stands by Chuck+Chunder · · Score: 2, Insightful

    He said (my emphasis) "No matter what advances occur in digital computing, quantum encryption can never be deciphered, read or copied." and he's right. It would take advances in our knowledge of quantum physics to change that, not advances in digital computing.

    --
    Boffoonery - downloadable Comedy Benefit for Bletchley Park
  36. Wrong by antientropic · · Score: 5, Interesting

    Reading datas alter them. So the man in the middle will be detected.

    This is true for a passive attack, i.e., one were the attacker can only eavesdrop on a connection. However, in a man-in-the-middle attack, the attacker can also arbitrarily modify data. In particular you can have the following situation:

    Alice <----> Eve <----> Bob

    Here Alice thinks she is talking to Bob, but in fact she's talking to Eve, who decodes her packets, re-encodes them, and sends them to Bob. Unless Alice and Bob have some authentication mechanism (say, a shared secret key, or the other's public key), they have absolutely no way to tell that this is going on. The ability to detect eavesdropping on the quantum channel doesn't help at all, since Eve isn't eavesdropping - she's tunneling between two physically separate channels. Quantum cryptography does not differ in this respect from conventional cryptography: it's a basic fact of communication - how do you establish that the bits you are receiving come from the person/system from who you think they come?

    1. Re:Wrong by skifreak87 · · Score: 3, Informative

      Informally, it's impossible to observe say the spin of a photon without pretty much destroying it. So you'd have to reconstruct a photon w/ the same spin. However photons also have other properties which you cannot measure at the same time (Heisenberg's uncertainty principle), so basically the man-in-the-middle attack fails because the man in the middle cannot get all the information required to retransmit the photon exactly as is. There are ways using entanglement to test and make sure the photon is exactly what Alice sent (I don't know specifics off the top of my head).

      Basically, no way to recreate the bit you receive in such a way that Bob wont know it was modified.

    2. Re:Wrong by TeatimeofSoul · · Score: 2, Informative

      Spins don't enter into it. A photon with spin +/-1 is means it is circularly polarised. In this matter all photons are spin 0, what you measure is the angle of polarisation. In one system an angle of 0 means the bit is zero and an angle of 90 degrees means the bit is one. In the other system the angles are 45 and 135 degrees. If you know a photon has an angle of 0/90, you would pass it through a filter which blocks, say, the photons with an angle of 0 and then put a detector behind the filter. If it blips then you've read a one.
      If you don't know what system the photon was encoded in, you will have to guess. When you guess incorrectly, the result of your measurement will be 0/1 randomly (indepentantly, of course, of what the photon was representing in the correct system), this is what the 45 degrees are about. When she guesses correctly, Eve can manufacture a new photon which is sufficiantly identical to the original to fool Bob. However, half (on average) of her incorrect guesses will give her away.

  37. Re: Applications of quantum cryptography by some+guy+I+know · · Score: 4, Insightful
    Transmission security is great, but what happens when someone steals the hard drive out of the server?
    Agreed.
    To the question asked by the artcle submitter:
    Does this spell the end of the field of cryptography?
    the answer is no (at least, not yet), because quantum cryptography (in its present form) may be useful for encrypting communications, but it is ineffective for encrypting stored data.
    --
    Those who sacrifice security to condemn liberty deserve to repeat history or something. - Benjamin Santayana
  38. A Useful but Long Quote. by fermion · · Score: 5, Informative
    I quote from the preface of Bruce Schneier Secrets and Lies, without permission

    I have written this book partly to correct a mistake.

    Seven years ago I wrote another book: Applied Cryptography. In it I described a mathematical utopia: algorithms that would keep your deepest secrets safe for millennia, protocols that could perform the most fantastical electronic interactions-unregulated gambling, undetectable authentication, anonymous cash-safely and securely. In my vision cryptography was the great technological equalizer; anyone with a cheap (and getting cheaper every year) computer could have the same security as the largest government. ...I went so far as to write: "It is insufficient to protect ourselves with laws; we need to protect ourselves with mathematics."

    It's just not true. Cryptography can't do any of that.

    It's not that cryptography has gotten weaker since 1994, or that the things I described in that book are no longer true; it's that cryptography doesn't exist in a vacuum.

    Cryptography is a branch of mathematics. And like all mathematics, it involves numbers, equations, and logic. Security, palpable security that you or I might find useful in our lives, involves people: things people know, relationships between people, people and how they relate to machines. Digital security involves computers: complex, unstable, buggy computers.

    Mathematics is perfect; reality is subjective. Mathematics is defined; computers are ornery. Mathematics is logical; people are erratic, capricious, and barely comprehensible.

    The error of Applied Cryptography is that I didn't talk at all about the context. I talked about cryptography as if it were The Answer(TM). I was pretty naïve.

    The result wasn't pretty. Readers believed that cryptography was a kind of magic security dust that they could sprinkle over their software and make it secure. ... A colleague once told me that the world was full of bad security systems designed by people who read Applied Cryptography.

    Since writing the book, I have made a living as a cryptography consultant: designing and analyzing security systems. To my initial surprise, I found that the weak points had nothing to do with the mathematics. They were in the hardware, the software, the networks, and the people. Beautiful pieces of mathematics were made irrelevant through bad programming, a lousy operating system, or someone's bad password choice. ...

    Any real-world system is a complicated series of interconnections. ... No system is perfect; no technology is The Answer(TM).

    This is obvious to anyone involved in real-world security. In the real world, security involves processes. It involves preventative technologies, but also detection and reaction processes, and an entire forensics system to hunt down and prosecute the guilty. Security is not a product; it itself is a process. And if we're ever going to make our digital systems secure, we're going to have to start building processes.

    A few years ago I heard a quotation, and I am going to modify it here: If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology.

    This book is about those security problems, the limitations of technology, and the solutions.

    --
    "She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
  39. Anecdote by mark-t · · Score: 5, Interesting
    In the CS department at my school last year, all the students were encouraged to attend a particular lecture on quantum computing that was being given one day, and after the lecture one of my classmates was rather disturbed about some of the possibilities that quantum computing would enable, specifically quantum cryptography.

    What I found rather peculiar about his view was that the reason he didn't like quantum cryptography was because it enabled organizations, such as a corrupt government perhaps, to be able to use this effectively unbreakable communication technique in order to avoid accountability to anyone else, while as long as encryption technologies remain crackable, there would always be some risk of being accountable to others for what they are communicating about.

    It didn't even seem to matter to him that his own communications would be secure with this technology... he just didn't like the idea of technology introducing a break in a chain of accountability.

    1. Re:Anecdote by SB9876 · · Score: 2, Insightful

      While quantum cryptography is something we should be concerned about, it won't allow governments and organizations to operate without accountability. From what I understand about state of the art quantum 'cryptography', it's purely a means to ensure that no one is listening in on your communication line. The actual cryptography on both ends is no more unbeatable than what already exists.

      Also, you've still got other lines of evidence - bodies, eye witnesses, etc.

  40. Quantum crypto is no better than regular crypto by SiliconEntity · · Score: 3, Interesting

    Your description is almost right, but after receiving the photons, Bob can't tell which ones were "good" or "bad". Instead, the two parties have to exchange cleartext information about which bases they used. Then the ones where they matched are the good photons which can encrypt the message.

    The problem is with this cleartext message about the bases. How do you stop an intermediary from altering this message, which could hide her attempts to snoop on the photons? This is the problem of sending an authenticated message, and quantum crypto won't help you with this.

    To send the authenticated cleartext message, you either need a tamper-proof channel between the parties, which is usually physically impossible, or you have to fall back on regular crypto, either public key or pre-shared key. So ultimately the supposedly unbreakable security of quantum crypto is in fact dependent on conventional cryptography. And if you're relying on conventional crypto anyway, why go to the expense of using quantum crypto?

    In short, there is a great deal of hype here. When closely examined, the physical and computational requirements of quantum crypto don't make sense for the real world. You either need an unrealistic tamper-proof channel, or you rely on regular crypto and get no more security than conventional crypto gives you.

    1. Re:Quantum crypto is no better than regular crypto by Anonymous Coward · · Score: 3, Interesting
      A pretty good analysis, but you're missing two points.
      1. Yes, quantum cryptography, by itself, can't authenticate the message. It can't change your motor oil or serve you breakfast in bed either, but so what? What it can do is something classical crypto can never do: it reveals passive eavesdropping on your communications.
      2. It might be necessary to rely on classical crypto to do the authentication. There also might be good quantum methods for doing that, but even if there aren't, it doesn't matter. People have already discovered classical authentication schemes that are provably perfectly secure. (They're analogous to the one-time pad for encryption.) So either way, there is no reason for authentication to weaken the system.
      When you put it all together, what you get is an absolutely secure protocol for transferring secret bits from point A to point B, no matter what attempted eavesdropping takes place in between. Useful? Maybe so, if you're paranoid enough to want your secrets safe forever. And again, this is something classical cryptography is incapable of delivering by itself.

      AC.

  41. Frank Frink says... by fxer · · Score: 3, Funny

    "Will systems like this ever become commonplace?"

    I predict that quantium crypto computers will be so large as to fill an entire building, and only the 5 richest people in the world will be able to afford them

  42. Re:Of course.. by brokenin2 · · Score: 2, Informative

    a) non-trivial Quantum computers can be constructed at all [who says there are not limits?

    OK, why would you assume some arbitrary limit on the number of quantum gates that can be linked together? You only need to link as many gates as the bits of encryption you're trying to crack. I know that currently quantum computers are only factoring numbers like 15, and that the methods that are used to link the gates are not easy, but there is no reason that the exact same methods can't be used to link more gates.

    b) The time per solution is not greater than a brute force attack.

    OK, now I know you're just a complete dumbass! Do you know anything about quantum computing? I don't know how long you think it takes an electron to change state, but in case you're wondering, it's not very long. All of the work in a quantum computer is actually done before you ask for the solution. The actual work side also takes virtually no time. You'll simply be asking it the same question every time, and it calculates all the answers for you (over simplified to the point of being wrong, but at this point it seems quite necessary) and you simply tell it which answer you'd like. The time it takes for all this to happen is short enough that I doubt it could be measured. Even if the different gates in your computer are miles or light years apart, the quantumly linked actions are (were last time I read) considered to be instantaneous (yes, faster than light). The slowest part of the system will be where you want to interface your quantum computer with the "real" world.

    This type of hype always pisses me off.

    Why don't you read some literature the explains quantum computing and then read your comments again. If you haven't read anything about how it actually works, then you can only depend on the /. headlines or other one-line summaries of the technology. Contrary to popular belief, it's really not all that confusing. It's just an interesting way to exploit something that was observed in nature (like most other inventions). Try something like "The Feynman Processor". It's kinda old now (everything is "in the future"), but it's all explained so that my cat could understand it given enough time.

    I fear that I've greatly over-estimated the average /. reader.

  43. Re:Agreed - But... by mik · · Score: 2, Insightful
    it is pretty hard to think of any applications for this that more conventional symmetric cryptography such as AES can't address.

    Here's one - it is easy to listen in on today's encrypted comms... It is easy to identify inderesting endpoints (US DOD, etc), it is cheap to write likely interesting messages to disk. A few years from now, you just set your Qomputer to decrypt all those stored comms. Just because it is in the past doesn't mean that it is stale (how old is your SSN/bank acount number/etc? How long has that sleeper cell been active?)

    Anyone who can afford a wiretap and a diskfarm today and a QC tomorrow will be able to crack an awful lot of sensitive traffic.

  44. What application? by Kjella · · Score: 4, Insightful

    One-time pads can only transfer as much data as the pad length, that is the nature of them. Rehashing them and whatever leave you open to attacks. So you need to transfer N bytes of pad to get N bytes of data securely. Well, if you already have a secure quantum line, why not send N bytes of data?

    Now, if you could transfer a small symmetric key (well, at least on the order of bytes or kilobytes, not gigabytes), on the other hand...

    Oh and one more thing - don't forget to have some kind of checksum on the OTP - if someone replaced the OTP with another OTP (standard man-in-the-middle attack) you wouldn't know... after all, it's only random data. The pads may no longer match, but who'd notice?

    Kjella

    --
    Live today, because you never know what tomorrow brings
    1. Re:What application? by Surt · · Score: 2, Informative

      Transmitting a large one time pad to an agent in the field can allow them to use that one time pad _later_.

      --
      "Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
  45. Re:Of course.. by Prof.Phreak · · Score: 2, Informative

    Why don't you read some literature the explains quantum computing...

    Last I heard, there is still a ton of comp-sci problems that are hard, even in the quantum world. NP problems will still be NP problems---quantum computers don't help with those.

    Also, unless some really major innovations come up, we won't see quantum computers anytime soon (and I mean in centuries, not years).

    --

    "If anything can go wrong, it will." - Murphy

  46. Quantum Crypto Provably Flawed? by theLOUDroom · · Score: 2, Interesting

    Is quantum crypto provably flawed?

    I see tons of posts stating the the link is "absolutely" secure, but it seems that isn't really the case. (see the bottom of the page.)

    What strikes me about all this is the following section:
    "each pulse should be attenuated to an average of about .1 photon to reduce the probability of generating a two-photon pulse that could be split and eavesdropped undetectably."


    What that says to me is that there is not way to 100% know you're transmitting just one photon.

    It sounds like there's no device that is capable of transmitting one and only one photon with 100% reliability. If this is the case, a lot of the arguments about how secure this is are vastly overstated.

    In the end QC would be vulnerable to a man-in-the-middle attack by watching for multi-photon emissions.

    If this is the case, a lot of the noise surrounding QC could turn out to be hype. Is there a quantum physicist in the house?

    --
    Life is too short to proofread.
  47. depends on the potential payoffs by zogger · · Score: 2, Insightful

    "cracking" something like that will still be most doable with social engineering. Depending on what the crack is really worth, employees with access can be bought off, scared off, or usually a combination of the two. If it's extremely valuable information that is needed by the cracker (say a state sponsered attempt against a critical defense or financial entity, etc), then kidnapping and torture might be used-say.

    It's in the payoffs what people will risk, and how hard you make it for the cracker.

    Give you a real world example in security. This is researchable BTW. When a lot of states passed the "two or three strikes and you're out" laws, intending to have better "security" for their populations, a curious thing happend, violent crime went up, as criminals who before were satisfied with the risk/reward ratio suddenly realised that if they got popped or identified that that might face life switched to more violent crimes because they had "nothing to lose" if they were caught and convicted. If you are going to get life for your third even small time felony conviction, and manslaughter is life, well..... that's what happened.

    The same thing will happen in the cybersecurity end of things, because the data trying to be stolen is valuable from the "real world" applications that the data represents.(I am not considering casual defacement and sport by kiddies). Make it TOO hard for traditional cracking, I predict a lot more actual physical insecurity for employees of those places, and more blackmail/bribery attempts, all the way to the director or CIO levels.

    you develop missiles, then you adversary needs anti missiles, then you need anti anti missiles, and so forth. Security is always analogous to an arms race, yes?

    1. Re:depends on the potential payoffs by T-Ranger · · Score: 2, Insightful
      Social engineering has always been an alternate to cracking. For some individules, social engineering has been easier then cracking. Very frequently physcial security is the weakest link in the chain.

      Look at the FBI, NSA, CIA. (MI-5, GCHQ, MI-6) Just because the NSA can do all kinds of nasty computer based spying doesnt mean that the humans over at the CIA have nothing to do. And just because the NSA developes lots of nifty security things does not mean that the FBI no longer has to search for moles within the system and spys outside of it.

      For that matter, just because the US has these intelligence and counter-intelligence groups does not remove the need for naval and military forces.

  48. Re:Generating that "random" number? by advance512 · · Score: 2, Informative

    The random number can be generated in many ways. Computers have PRNGs, Pseudo-Random Number Generators which can rely on several different sort-of random data: system time, memory contents, disk contents, mouse movements, etc. The problem with such PRNGs is that they usually use reproducable data to generate the random number - mouse activity can be guessed (activity patterns), system time can be guessed (the range of possible values for the system timer, time is global after all), memory contents can be guessed (operating system and programs running, etc) - it is at the very least easier to guess these and try all possible combinations than guessing cosmic radiation patterns, for example, which are truely random. This "guessing" is what cuts down possibilities and makes brute-forcing in a smaller field of possibilities an option. To beat this, real RNGs (i.e. non-pseudo) rely on truely (theoretically) random occurences, such as atmospheric noise (http://www.random.org).

    Thermal noise can not be easily detected from afar (afaik), and if you're close physically - you might as well just take the data by physical force. But guessing the possible thermal noise based on know patterns makes guessing the pseudo-random number that much easier.

  49. Re:IANAMBMSI by tadmas · · Score: 2, Informative

    Using RSA as an example, here's a less-than-six-step process for finding the private key given the public key (exponent e and modulus m=pq):

    (1) Factor m into p and q (both distinct primes).
    (2) Calculate phi(m) = (p-1)(q-1).
    (3) Find the reciprocal of e in this new modulus phi(m). That's the private key.

    Once you have step 1, the rest takes a very short amount of time (less than a second). And you don't even need a sample message....

    The problem is you can solve for the third thing, but some things are harder to solve for than others. All of the security of public key cryptosystems depend on the "hardness" of the "third thing" you need to solve for.

    To give an easy example of how one way can be harder than the other, try doing this problem by hand:

    Given y = x^3 - x^2 + 5x - 4,
    (1) Find y given x=3.
    (2) Find x given y=10.

    Why is one way harder than the other? Because it's easy to multiply things together, but not so easy to factor. It's the same thing with cryptosystems. So, I doubt anyone will find a simple algorithm to make them equally "easy." The best factoring algorithms in the world are still nowhere as simple as multiplication.

    OTOH, quantum computing can do exponential time problems in something like linear time, so a quantum computer could just factor and we'd be done with it. No need for a fancy mathematical algorithm. We already know how to do it -- it's built right into the cryptosystem.