Slashdot Mirror
New Quantum Cryptography Speed Record
Roland Piquepaille writes "Physicists from the National Institute of Standards and Technology (NIST) have established a world's speed record for 'unbreakable' encryption with their cryptographic system based on the transmission of single photons. With this kind of method, messages cannot be intercepted without detection, meaning transmission is always safe. The NIST 'quantum key distribution' (QKD) system was used between two buildings located 730 meters apart for transmitting a stream of photons at a rate of 1 million bits per second. While it might not look very fast, its 100 times faster than with previous quantum distribution systems. This overview contains more details and references about information theory."
1,000,000 / 8 = 125,000 /1024 = 122.1
125,000
Not to bad for not using wireless undetectable (so far) encryption.
Yes, but even if they fire multiple photons, you can't pick out individual photons from the stream without disturbing others, and you especially can't pick out only the ones that are duplicates, which would be necessary to pull off a man in the middle attack undetected.
RTFA:
"Compared to previously described QKD systems, the major difference in the NIST system is the way it identifies a photon from the sender among a large number of photons from other sources, such as the sun. To make this distinction, scientists time-stamp the QKD photons, then look for them only when one is expected to arrive."
Replaying the stream later (even _if_ it was possible) would make it arrive at the WRONG TIME. Hence, the stream was messed with.
Compared to previously described QKD systems, the major difference in the NIST system is the way it identifies a photon from the sender among a large number of photons from other sources, such as the sun. To make this distinction, scientists time-stamp the QKD photons, then look for them only when one is expected to arrive. "To be effective, this observation time has to be very short," says NIST physicist Joshua Bienfang. "But the more often you can make these very brief observations, then the faster you can generate keys.
Assuming "very short" means milliseconds, then without some other even honking faster send/receive technology there is no way you can intercept the photons and resend them without the receiver noticing.
Rats, foiled again...
Now, just do that quickly and repeatedly, with parity checks every few bits, and the man in the middle can't interecept more than one block... which might be enough for just a handful of digits, but not enough to decode message.
Your last paragraph is the way that QC is actually used (or so I have read in some random QC article):
(1) Sender generates long random key
(2) Sender transmits key
(3) Receiver receives key
(4) Received acks that the key has been received securely
(4A) Design of a secure "ack" channel is an interesting question, don't know the answer for that off the top of my head!
(5) Sender computes (message XOR key)
(6) Sender transmits (message XOR key)
(7) Receiver receives (message XOR key)
(8) Receives computes ((message XOR key) XOR key) == message
Aaahhh! and it runs Linux. Mod me up.
("We are currently using a Linux operating system with custom drivers for the boards.")
17779 eligible voters in a district, 17779 'vote' as one. This is Russia.
Speed is defined in physics as "Distance traveled divided by the time of travel", so that would make time a derivative of it's self?
You stopped pasting the definition at a crucial point. Here is where you left off from your own reference link::
The limit of this quotient as the time of travel becomes vanishingly small; the first derivative of distance with respect to time.
This is not a dream, not a dream...we are transmitting from the year 1-9-9-9.
Even if you can detect the evesdropping, by that time, it's too late; the evesdropper already has part of the message. Granted, it's only a single bit, but it might be the most important bit of the message.
No, no, no, no. All you're sending is the key. If the key is compromised, all you have to do is throw that key away and send another key. No actual data from the message is sent. Once the key is received, and you know it hasn't been comprimised, you can send the encrypted data through any unsecure channel you like at any speed. You could cache the keys in advance so the transmission can be unaffected by a DOS attack on the quantum transmission.
Not to pile on to the other posters, but:
As has been elucidated elsewhere here, the physical nature of QC prevents eavesdropping because of the nature of quantum mechanics. Traditional cryptography is based on bits, as you are no doubt aware; bits exist in purely binary format.
Quantum bits, or qubits, on the other hand, are physical photons, not binary data, and as such, they exist in several states at once; you might have a single qubit that is right circularly polarized, or left vertically polarized. The point is, you have far more to work with than a single binary digit -- theoretically, since the mechanical equations are complex (in the mathematical sense), you have an infinite number of possible values for any one qubit. (This is the quantum principle of superposition, btw.)
What this means is that you can send a photon of light polarized in a particular fashion to represent an ordinary bit. If your partner on the far end uses a polarizer to "read" your photon, he will either affect it or not, depending on whether his polarizer is oriented in the same direction as yours.
So what you ("Alice", in crypto-speak) do is, you randomly switch polarizers on the photon you shoot towards Bob, your crypto-speak partner. Now let's say that Alice uses "up" and "down" as her binary states, and that she alternates random polarizers of vertical or diagonal condition. Vertical polarizers don't affect vertical particles; diagonal ones do. (I think.) Therefore, when Alice polarizes vertically, the original state is unchanged, but when she polarizes diagonally, the original state changes.
Moreover, when the diagonal polarizer changes the data, it does so randomly. This is a basic principle of quantum mechanics; the vertical photon can become EITHER northeast-southwest OR southeast-northwest (the two diagonal states), and until it is measured, it has an exactly equal chance of becoming either when it is polarized. So what Bob sees on the other end is a seemingly random collection of vertical and diagonal data. And if, in combination with alternating her polarizers randomly, Alice randomly alternates her original data between vertical and diagonal states (again, choosing one of the two binary diagonal conditions to be "1" or "0"), then her data is impossible to detect.
Or is it? Because, of course, Bob has to be able to read it. So Bob slaps on a polarizer of his own, again, randomly alternating them. So some of Bob's polarizers will match Alice's, and some of them will be different -- about 50% of the time, they'll match. And if Bob's polarizer matches Alice, then the original data can be reconstructed, since we know how polarizers treat photons.
So how does Bob know if Alice and he have the same polarizers? Simple. He calls and asks her. They go through a list of each photon (usually several thousand, although there's no reason why it couldn't be millions) and compare polarizer choices. Those that match, they keep. Those that don't, they toss. They'll have, on average, about half the original data left -- and that becomes the basis of the secret key for their traditional crypto transmission. (Because you toss out so much data, you can't really use quantum to transmit plaintext in itself.)
But wait, you say. Since Bob calls Alice over the telephone (gasp!) or uses email (horrors!) to request and send his polarizer data, couldn't that be obtained by an eavesdropper? Sure. It's virtually guaranteed to be intercepted. But so what? Eve can't do anything about it.
Let's say that Eve gets in the middle of the exchange and puts in her own polarizers. (Since that's the only way to read the data.) Now, she doesn't know which polarizer Alice is using at any one time, so she has to randomize them herself, just like Bob. And if she guesses right, she will not affect the data that Alice is sending Bob. The problem, though, is if she guesses wrong. At that point, she changes the data that Bob reads.
So when Bob and Alice compare their dat
The whole point of quantum crypto is that if someone did try to act as a repeater, then they would be detected. This is not because you would "see" them standing there intercepting your data ( although that would be a possibility ), but because the protocol used to transmit the information securely would reveal the fact that the data had been intercepted and then retrasmitted.
The basics are like this. Small particles ( like photons of light ) have a property called spin. You can set the spin of a particle when you transmit it by using the right kind of gear. You can test the spin of the particle in several different ways, but not all spins can be detected correctly by all tests. So if you have no idea what the spins are, you can't know which test to use. So if you use a random sequence of tests, you will sometimes have the right test, and sometimes not. So to transmit information, our protocol works like this ( taken from "The Code Book" by Simon Singh, p.346-7 ):
1) Alice sends Bob a series of photons, and Bob measures them.
2) Alice tells Bob on which occasions he measured them in the correct way. Although Alice is telling Bob when he made the correct measurement, she is not telling him what the correct result should have been, so this conversation can be tapped without any risk to security ).
3) Alice and Bob discard the measurements that Bob made incorrectly, and concentrate on those that he made correctly in order to create an identical pair of onetime pads.
4) Alice and Bob test the integrity of their onetime pads by testing a few of the digits.
5) If the verification procedure is satisfactory, they can use the onetime pad to encrypt a message; if the verification reveals errors, they know that the photons were being tapped by Eve, and they need to start all over again.
It is true that Eve could listen in on the line, intercepting photons sent by Alice and try to recreate the same stream of photons to Bob with the same spins. However, she can only use a test once, she can't copy a photon and test it using several different tests. So she will inevitably use the wrong test on a number of photons, and so not know what the true spin ought to be, and so can't reproduce them. She also can't know what series of tests Bob will use to test the photons he is receiving. So inevitably what would happen is this: Eve uses the wrong test on some photons, doesn't know what their spins ought to be, sends out some with different spins; Bob however uses the correct tests on some of those photons that Eve "made up", but gets different results from Alice ( because some of the spins are different from what Alice originall sent ), so when they compare results it becomes obvious that they don't have the same sequence of results. Furthermore, Eve can't know where the errors are going to come up and how she should fix them, so she couldn't intervene successfully in this verification step to make it seem correct when its not.
Long story short - you can't make a successful repeater ( down side to this is you can't use any network for transmitting the photons, as a network necessarily involves repeaters - aka routers/gateways - you must have a direct line from sender to receiver so the photons don't get altered ).
There are a thousand forms of subversion, but few can equal the convenience and immediacy of a cream pie -Noel Godin
Actually, this doesn't work for anything other than key distribution anyway, because half of your bits will be lost due to guessing the mode wrong (let alone noise, interference, etc). If you were actually trying to send a message, you would have to contend with a whole lot of errors. However, it's possible to determine after the fact exactly which bits were lost due to quantum, so the ends can determine the secret that they share, even though it's impossible to say when you're picking the bits which ones will get through.
The important thing about this scheme is that, after the transfer, the ends can determine where the deletions (bits that got randomized) were, but they can't determine this until after the bits have been transferred. If the receiver could find errors without assistance (due to use of error correction), then the scheme would not have any security, because an active adversary could repair the message to cover the intrusion. Of course, without error correction, transferring your data isn't going to work.
Of course, you have to verify that you actually agree on the key by sending random bits from it to check. Otherwise, an attacker could have intercepted the whole thing and sent on junk, such that the attacker has half the key and the receiver has random data, and the attacker will get half the message and the receiver will get nothing.
Wrong. Quantum cryptography is about key exchange, which is definately part of cryptography.
Apart from that, cryptography does not only deal with encryption. Integrity and authentication are just as important (if not more).
There are two dimensions of "original alignment", represented by non-commutative operators. Any attempt to extract precise information about one dimension will fuzz out the other dimension, and vice versa. This includes systems of multiple detectors.
Put it this way: suppose you had a bunch of position detectors, and a bunch of momentum detectors, and you combined them somehow. Do you think you could beat the Heisenberg Uncertainty Principle that way? I doubt it.
It's like trying to build a perpetual motion machine. The laws of thermodynamics are very general and don't tell us how any specific machine cannot generate energy for free, but they do indicate that every machine must fail to produce free energy. It would require extraordinary evidence from an actual machine to upset those laws.
Similarly, the laws of observables in QM prevent two observables from being measured with high precision if the operators for those observables do not commute. The onus is on a challenger to produce a machine that simultaneously measures two such observables with high precision. It will take a lot more than "hey, let's glue N detectors together" to upset such a well-tested physical theory.