First Bank Transfer via Quantum Cryptography

An anonymous reader writes with today's announcement that "the Austrian project for Quantum Cryptography made the world's first Bank Transfer via Quantum Cryptography Based on Entangled Photons; see also Einstein-Podolski-Rosen Paradoxon." (For more background, see the recent Slashdot post "Quantum Cryptography Leaving the Lab.")

Proof of Concept

[radoni]

..but why do we need this?

The biggest hole in security is usually the people operating technology. Ever want something, call up and ask for it.

What does the ability to have uncrackable encryption do to thwart social engineering tactics?

Re:Proof of Concept

[onion2k]

Firstly, the security this sort of thing provides is at a different stage in the process to anything a social attack would work on, so the two concepts are unrelated.

Secondly, even if they were related, you're appear to be suggesting we might as well not bother patching one future security hole because a different one also exists? Thats crazy. We should tackle all security risks, not just one particular one.

Lastly, socially engineered attacks are most often people giving up a PIN or forging a signature. That affects one account per attack. If a cracker gets past the sort of stage that Quantum Cryptography protects they have the opportunity to automate and reap every transaction the bank carries out.

Now which is the bigger problem?

How does it defeat repeaters?

[Thinkit4]

What I don't understand is why can't you cut the line and put in something like a repeater. When you read a bit, you change that photon, but then you just transmit a clean one with the same value (or maybe even change it to confuse).

snake oil

[Kallahar]

Bruce Schneier covered why quantum cryptography doesn't solve any security/secrecy problems in his December 15, 2003 Crypto-Gram.

"It's like defending yourself against an approaching attacker by putting a huge stake in the ground. It's useless to argue about whether the stake should be fifty feet tall or a hundred feet tall, because the attacker is going to go around it. Even quantum cryptography doesn't "solve" all of cryptography: the keys are exchanged with photons, but a conventional mathematical algorithm takes over for the actual encryption."

Why MIM doesn't work

[gevmage]

I've seen a few presentations/demos on this. Basically the idea is the transmission runs on probability. Each photon has a certain probability of being lost. So the receiving station knows what the general frequency that it can expect, and if its not, the signal is being tampered with.

The reason that the man-in-the-middle attack doesn't work is that by doing so, you introduce two sets of attenuation rather than one. If the message is intercepted and then re-transmitted, the message has now been sent through the attenuation cycle twice. This means that instead of the signal being modified by the original attenuation function, it's modified by the attenuation function squared, which is easy to distinguish.

(not any less oily than others)

[griffjon]

First, Schneier really loves his stake-in-the-ground idea. He used it to describe cryptography in general in his "Secrets and Lies" book (which, IMHO, doesn't hold a candle to the quality of his applied crypto books. In fact, it feels more like a book-long commercial for his managed security business)

Anyway, sure. QC alone ain't gonna help you. But if it's a stake in a ground that's part of a fence, it damn well matters if it's 100 ft tall vs 1 ft tall, or even 10 ft tall.

Does it 'solve' security problems? No, of course not, because as many many many people have already said, in this post and in many other places, the way to defeat the best crypto in the world is to look under a keyboard and copy down the relevant password/phrase that the user wrote on a sticky-note there. (or other social engineering tricks)

It does make security easier, as it prevents MITM attacks, requires (for now) specialized hardware, and provides really-tough-to-decode crypto. So, if you have the rest of your process working, yes, QC can help by being a more secure technology.

But think of the inverse. OK, so, crypto is like a stake in the ground, it doesn't matter what size or where it is. So, let's all use DES, because it's an established standard!

You are only as secure as your weakest link, obviously. You'd be stupid if crypto turns out to be your weakest link, as even not counting QC, there's lots of good, secure crypto processes available.

It seems impractical

[Orthogonal+Jones]

OK, I am not a believer in quantum cryptography for one big reason -- fiber loss. Someone please enlighten me if I'm wrong.

The loss of standard single-mode fiber is about 0.1-0.2 dB/km. Therefore, unless the distance is short (as in this demonstration), the transmitter must send multiple photons to ensure a decent probability of providing the receiver with one photon.

For example, if the span is 100 km long (20 dB loss), then on average only 1 out of every 100 transmitted photons will reach the receiver.

The situation is worse for autocompensating quantum-crypto systems (e.g., polarization-based encoding), because the photons must survive a round trip through the fiber.

Therefore, the relatively high power at the transmitter implies that an attacker can tap into the fiber near the transmitter, subtract (on average) only 1 photon, and remain undetected by the receiver.

Furthermore, typical optical amplifiers add noise (3 dB noise figure for your standard erbium-doped amplifier). The added noise photons would screw up the link, so amplifiers are out.

In the end, it seems to me that quantum crypto is good for table-top demos, and maybe for short jaunts across a metro area. But it is NOT absolutely perfect, at which point computationally difficult encryption is more attractive.

Re:Hype

[janbjurstrom]

I came away with a different understanding of what they did (granted, I only read the press release, pdf link; and I have just about no knowledge in quantum mechanics, so chances are I don't get it right).

From the press release (emphasis mine):

The measuring results are then converted into a string of 0s and 1s the cryptographic key. The sequence of the numbers 0 and 1 is, due to the laws of quantum physics, completely random. Identical strings of random numbers, used as the key for encoding the information, are produced both in the bank and the City Hall.

The information is encoded using the so-called "one time pad" procedures. Here, the key is as long as the message itself. The message is linked with the key bit by bit and then transferred via the glass fibre data channel.

I read this as, they not only exchanged keys, but in fact transmitted an encrypted message as well(?)

On the interception/security issue, the press release says (again, my emphasis):

Eavesdropping can be detected already during the production of the key before the transfer of the encoded message has even started. Any intervention into the transfer of the photons changes the sequence of the number strings at the measuring stations. In case of eavesdropping, both partners receive an unequal sequence. By comparing part of the key, any eavesdropping effort can be discerned. Though the eavesdropper is able to prevent the transfer of the message, he is unable to gain any information contained in the message!

From what I read, a message cannot be stolen. If I understand this correctly, communication can be prevented (which is a weakness of course), but cannot be intercepted and decrypted by an eavesdropper. Am I misunderstanding, and/or are they possibly mixing theory with their actual accomplishment?