Slashdot Mirror

← Back to Stories (view on slashdot.org)

First Bank Transfer via Quantum Cryptography

Posted by timothy on from the sneaky-atoms dept.

An anonymous reader writes with today's announcement that "the Austrian project for Quantum Cryptography made the world's first Bank Transfer via Quantum Cryptography Based on Entangled Photons; see also Einstein-Podolski-Rosen Paradoxon." (For more background, see the recent Slashdot post "Quantum Cryptography Leaving the Lab.")

28 of 310 comments (clear)

  1. Unexpected Consequences by etLux · · Score: 5, Funny

    Yes, but... what will I now need to decode my bank statements?

  2. But... by DonServo · · Score: 5, Funny

    Wouldn't checking if the transfer went through alter your balance? :-P

    1. Re:But... by Anonymous Coward · · Score: 5, Funny

      I looked in my account and found out my cat was dead.

      You know the two-slit experiment? Well, its just like that
      -- standard explanation for weird quantum things when you don't know the right answer.

    2. Re:But... by blincoln · · Score: 5, Interesting

      You know the two-slit experiment? Well, its just like that
      -- standard explanation for weird quantum things when you don't know the right answer.

      I was just reading about that last night in The Elegant Universe.

      For those who haven't heard of it before, here's the experiment:

      - take a wall with light shining on it from a projector.

      - place a board in-between the wall and the projector that interrupts the beam of light. The board should have two vertical slits cut in it, which can be opened and closed independently of each other.

      If you open just the left one, you get a vertical bar of light on the wall.

      If you open just the right one, you also get a vertical bar of light on the wall, offset from the one that was there with the left one open.

      Now, intuitively you would think that if you opened both at once, you would just get two vertical bars of light, but you don't. Wave interference means you get a whole bunch of light and dark vertical bars on the wall.

      Here's the spooky quantum-mechanical part - the same interference effect happens even if the projector is designed to only emit one photon at a time, then wait until it has hit the wall (or the board) before sending another. You will still get the bands of dark and light.

      Pretty weird, eh?

      --
      "...always new atoms but always doing the same dance, remembering what the dance was yesterday." -Richard Feynman
    3. Re:But... by lightray · · Score: 4, Informative

      Have you actually tried it?

      When I first read about the double slit experiment, I said to myself, "That can't be!"

      I cut two slits into a piece of cardboard and directed a flashlight beam through the slits at a wall.

      And I observed exactly what one would expect, two diffuse bright spots. I said, "Hmph."

      Of course, when I learned a little more, it was obvious why this didn't work. In order to see the interference pattern, your light must be coherent and columnated (as from a laser), and your slits must be very close together, and narrow (with dimensions similar to the wavelength of light). You pretty much need to use a laser as your light source, and rather than a "board" with slits, a sheet of metal with two very thin slits cut into it, very close together.

      Something I found very fascinating is that the diffraction pattern you get is the fourier transform of the pattern of slits the system of interference exactly implements the fourier transform integral!

  3. Unfortunately... by Anonymous Coward · · Score: 5, Funny

    ...I can't observe my checking account balance without lowering it.

  4. Quantum tracking number... by gevmage · · Score: 5, Funny

    So the transaction slip presumably says:

    Your transaction number has a 90% probability of being between 8765432 and 8765478.

    Have a 75% nice day.

    --
    Craig Steffen
    http://www.craigsteffen.net
  5. My check bounced by Anonymous Coward · · Score: 5, Funny

    Due to Insufficient Cat.

  6. Re:Entangled Photons by Professr3 · · Score: 5, Funny
    Please be Bill Gates, please be Bill Gates, please be Bill Gates...

    When in doubt, mod +1 funny and pray

  7. Due to the Heisenberg Uncertainty Principle... by gid13 · · Score: 4, Funny

    ... there has been a bank error in your favour. Collect $200. :)

  8. Proof of Concept by radoni · · Score: 4, Insightful

    ..but why do we need this?

    The biggest hole in security is usually the people operating technology. Ever want something, call up and ask for it.

    What does the ability to have uncrackable encryption do to thwart social engineering tactics?

    --
    SIGERR: laziness exceeds quota
    1. Re:Proof of Concept by onion2k · · Score: 5, Insightful

      Firstly, the security this sort of thing provides is at a different stage in the process to anything a social attack would work on, so the two concepts are unrelated.

      Secondly, even if they were related, you're appear to be suggesting we might as well not bother patching one future security hole because a different one also exists? Thats crazy. We should tackle all security risks, not just one particular one.

      Lastly, socially engineered attacks are most often people giving up a PIN or forging a signature. That affects one account per attack. If a cracker gets past the sort of stage that Quantum Cryptography protects they have the opportunity to automate and reap every transaction the bank carries out.

      Now which is the bigger problem?

      --
      http://twitter.com/onion2k
  9. trade ya by theMerovingian · · Score: 4, Funny


    I'll give you my entangled photons in exchange for chocolate.

    --
    "If you think you have things under control, you're not going fast enough." --Mario Andretti
  10. Quantum Crypto Provably Flawed? by theLOUDroom · · Score: 5, Interesting

    I'm asking this question again because it came a bit to late to the last discussion I posted it in

    Is quantum crypto provably flawed?

    I've seen tons of blurbs stating the the link is "absolutely" secure, but it seems that isn't really the case. (see the bottom of the page.)

    What strikes me about all this is the following section:
    "each pulse should be attenuated to an average of about .1 photon to reduce the probability of generating a two-photon pulse that could be split and eavesdropped undetectably."


    What that says to me is that there is not way to 100% know you're transmitting just one photon.

    It sounds like there's no device that is capable of transmitting one and only one photon with 100% reliability. If this is the case, a lot of the arguments about how secure this is are vastly overstated.

    In the end QC would be vulnerable to a man-in-the-middle attack by watching for multi-photon emissions.

    If this is the case, a lot of the noise surrounding QC could turn out to be hype. (The big plus for quantum crypto is that it's supposedly immune to this.) Is there a quantum physicist in the house?

    --
    Life is too short to proofread.
    1. Re:Quantum Crypto Provably Flawed? by gunnk · · Score: 5, Interesting

      I think you're worried about something that happens, but isn't a useful eavesdropping technique. Suppose that you have a device for emitting single photons. Further suppose that the emitter accidentally emits two photons for a single bit 1% of the time.

      If an eavesdropper successfully split the extra photons off, they have successfully captured 1% of the data stream. First off, that's not much data if you want to reconstruct something meaningful in the way of information carried by the stream.

      Another problem, however, is the effect of the splitter on the rest of the stream. When a single photon passes the splitter, which path does it choose? If I'm not mistaken, that choice will be at random. If so, then the presence of the splitter becomes immediately detectable because half the single photon pulses never reach their destination. In fact, the number missing is likely to be so close to 50% that the presence of the splitter should be obvious to the bank.

      --
      Life is short: void the warranty.
  11. Heisenberger by jabbadabbadoo · · Score: 5, Funny
    According to Heisenberger, my money is going to be both here and there. And if I'm to check my balance, the result will be inaccurate because I'm checking it up.

    Nah, back to those good ol' electrons.

    1. Re:Heisenberger by Nuklearwanze · · Score: 4, Funny

      well you have to decide: either know where your money is, or how much it is...

  12. Re:Complicated by Anonymous Coward · · Score: 5, Funny

    "I may know how to program with code, but damned if i know how futons work!"

    Simple: fold the futon up when you want to use it as a couch and then fold it back down when you want to use it as a bed.

  13. snake oil by Kallahar · · Score: 4, Insightful

    Bruce Schneier covered why quantum cryptography doesn't solve any security/secrecy problems in his December 15, 2003 Crypto-Gram.

    "It's like defending yourself against an approaching attacker by putting a huge stake in the ground. It's useless to argue about whether the stake should be fifty feet tall or a hundred feet tall, because the attacker is going to go around it. Even quantum cryptography doesn't "solve" all of cryptography: the keys are exchanged with photons, but a conventional mathematical algorithm takes over for the actual encryption."

  14. Why MIM doesn't work by gevmage · · Score: 4, Insightful
    I've seen a few presentations/demos on this. Basically the idea is the transmission runs on probability. Each photon has a certain probability of being lost. So the receiving station knows what the general frequency that it can expect, and if its not, the signal is being tampered with.

    The reason that the man-in-the-middle attack doesn't work is that by doing so, you introduce two sets of attenuation rather than one. If the message is intercepted and then re-transmitted, the message has now been sent through the attenuation cycle twice. This means that instead of the signal being modified by the original attenuation function, it's modified by the attenuation function squared, which is easy to distinguish.

    --
    Craig Steffen
    http://www.craigsteffen.net
  15. Re:How does it defeat repeaters? by einstein · · Score: 5, Informative

    because you wouldn't know which photons contain the data. as soon as you touch it, the other end knows it's datastream has been tampered with.

    This is a good overview.

    --

    I post links to stuff here

  16. quantum jokes galore by TMB · · Score: 4, Funny

    Yeah, but filling out the slip for "1/sqrt(2) |deposit> - i/sqrt(2) |withdrawal>" is a pain, and thanks to the epoch of inflation my balance is now much smaller than the rest of the universe... luckily, even in an income vacuum my balance randomly jumps up, but only for REEEEAAALLLLYY short lengths of time. I've been hawking radiation for a while but everyone says it's just a two slit operation.

    Okay, I'm done now.

    [TMB]

  17. Re:How Immediate is Immediate? by mangu · · Score: 4, Informative
    Is this instantaneous? Wouldn't that violate the whole speed-o-light thing?


    Yes and no. (Well, we *are* talking quantum stuff here, aren't we?) Do a google for "bell inequality" and see if you can get anything from the results. Basically, the answer is , yes, it is instantaneous. And no, it doesn't violate the speed-of-light limitation because you cannot get any useful information transmitted that way. You see, there are two photons which are interlocked. The first photn came at the speed of light and it contains the information you are looking for. The second photon, which serves to validate the quantum key is redundant from the information point of view, it doesn't carry the bank account balance, it only serves to detect tampering in the system.

  18. Re:How does it defeat repeaters? by saddino · · Score: 4, Informative

    In order to "read" the photon, you will need to measure the polarization of that photon. But, due to quantum mechanics, as soon as you measure the polarization (for example, with a filter), you will in effect have changed its polarization, and thus its original, actual polarization will be unknown to you. And that's the trick. In essence, the message is "read once." Even if you happen to use the exact same filter as the sender, and read the original photon (and message) for yourself, you can not retransmit the photon with its original, actual polarization -- and thus your "clean one" will arrive at the destination as garbage (thus notifying the receiver that the message has been compromised).

    For more info read this primer.

  19. (not any less oily than others) by griffjon · · Score: 4, Insightful

    First, Schneier really loves his stake-in-the-ground idea. He used it to describe cryptography in general in his "Secrets and Lies" book (which, IMHO, doesn't hold a candle to the quality of his applied crypto books. In fact, it feels more like a book-long commercial for his managed security business)

    Anyway, sure. QC alone ain't gonna help you. But if it's a stake in a ground that's part of a fence, it damn well matters if it's 100 ft tall vs 1 ft tall, or even 10 ft tall.

    Does it 'solve' security problems? No, of course not, because as many many many people have already said, in this post and in many other places, the way to defeat the best crypto in the world is to look under a keyboard and copy down the relevant password/phrase that the user wrote on a sticky-note there. (or other social engineering tricks)

    It does make security easier, as it prevents MITM attacks, requires (for now) specialized hardware, and provides really-tough-to-decode crypto. So, if you have the rest of your process working, yes, QC can help by being a more secure technology.

    But think of the inverse. OK, so, crypto is like a stake in the ground, it doesn't matter what size or where it is. So, let's all use DES, because it's an established standard!

    You are only as secure as your weakest link, obviously. You'd be stupid if crypto turns out to be your weakest link, as even not counting QC, there's lots of good, secure crypto processes available.

    --
    Returned Peace Corps IT Volunteer
  20. Unwanted side effect... by chinton · · Score: 4, Funny

    Don't look to closely at your account balances, lest they become more uncertain.

  21. Quantum Cryptographic Communications & 1-time by chongo · · Score: 4, Informative
    I have seen several postings related to the "unbreakable Vernam / One-Time pad cipher". The Vernam Cipher, or one-time pad is not a the ''super-duper unbreakable solves all your problems'' cipher that some people think it is.

    Yes, Quantum Cryptographic Communications (QCC) can help with the requirement that the one-time pad must be transmitted in private. However the one-time pad cannot be reused so your key must be the same size as your text. Thus far, Quantum Cryptographic Communications is not a speedy high bandwidth form of communication. It might be OK to transmit a small key but to date it is not OK for sending, in a reasonable period of time, huge one-time pad keys that are as big as your original message.

    Another thing people sometimes gloss over about Vernam one-time pads is that your cipher is only as good as your random number generator! If you generate your one-time pad using the v7 libc rand(3) function your one-time pad is next to useless.

    Another important aspect of Quantum Cryptography (Quantum Cryptography is not simply limited to communications) is random number generation. Quantum Cryptographic Random Number Generation (QCRNG) is a useful tool in generating keys (one-time pads, block cypher keys, public/private key pairs, etc.).

    The importance of QCRNG goes beyond Vernam one-time pads. You want a cryptographically strong RNG such as a QCRNG when you generate your session keys. Sending predictable keys over a QCC protected link is next to useless!

    Now IF you have:

    • near perfect communication privacy (such as with QCC)
    • near perfect one-time pad generation (such as with QCRNG)
    • near perfect key management (one-time use, no leakage, destruction after use, etc.)
    • near perfect ... etc.

    then you will begin to approach the ''unbreakable cypher level'' that some people think you get with Vernam One-Time Pad Ciphers.

    --
    chongo (was here) /\oo/\
  22. It seems impractical by Orthogonal+Jones · · Score: 4, Insightful


    OK, I am not a believer in quantum cryptography for one big reason -- fiber loss. Someone please enlighten me if I'm wrong.

    The loss of standard single-mode fiber is about 0.1-0.2 dB/km. Therefore, unless the distance is short (as in this demonstration), the transmitter must send multiple photons to ensure a decent probability of providing the receiver with one photon.

    For example, if the span is 100 km long (20 dB loss), then on average only 1 out of every 100 transmitted photons will reach the receiver.

    The situation is worse for autocompensating quantum-crypto systems (e.g., polarization-based encoding), because the photons must survive a round trip through the fiber.

    Therefore, the relatively high power at the transmitter implies that an attacker can tap into the fiber near the transmitter, subtract (on average) only 1 photon, and remain undetected by the receiver.

    Furthermore, typical optical amplifiers add noise (3 dB noise figure for your standard erbium-doped amplifier). The added noise photons would screw up the link, so amplifiers are out.

    In the end, it seems to me that quantum crypto is good for table-top demos, and maybe for short jaunts across a metro area. But it is NOT absolutely perfect, at which point computationally difficult encryption is more attractive.