New Quantum Cryptography Speed Record

Roland Piquepaille writes "Physicists from the National Institute of Standards and Technology (NIST) have established a world's speed record for 'unbreakable' encryption with their cryptographic system based on the transmission of single photons. With this kind of method, messages cannot be intercepted without detection, meaning transmission is always safe. The NIST 'quantum key distribution' (QKD) system was used between two buildings located 730 meters apart for transmitting a stream of photons at a rate of 1 million bits per second. While it might not look very fast, its 100 times faster than with previous quantum distribution systems. This overview contains more details and references about information theory."

Unless you are talking one-time pads....

[Halo-]

The whole "unbreakable" thing is a little bit of a misnomer. Yes, you can detect if someone observes the transimission of the key, but that doesn't mean the encryption is unbreakable. In fact, it's not really encryption at all. It's simply a fancy type of secure, out-of-band key exchange. Once the key is exchanged, the parties will generally use it to key a symmetric algorithm like 3DES or AES. (At which point the encryption is only as strong as those algorithms...)

I realize I'm being painfully pendantic here, but when the self-proclaimed nerds start abusing a term, the general public is going to be hopelessly confused. (Think the whole hacker/cracker thing...)

Quantum key exchange is unbeleivably cool, but doesn't guanentee secure crypto. It just takes one of the weakest links in the chain, and makes it the strongest.

Re:Always?

[theLOUDroom]

Blah, blah, blah. Haven't we gotten tired of these trolls? In the context of the transmission itself, it is, actually, totally secure. It's obvious to anyone without an icepick in their frontal lobe that there are other potential weaknesses. However, in this important respect, QC is provably secure in a way that classical crypto cannot be.

Actually, quantum crypto is not "provably secure" anymore than standard cryptography.

QC relies on the ability to emit photons, and to known probability distribution of those photon emissions. The problem is, there is no hardware out there than can emit one and only one photon 100% of the time. I wouldn't be suprised if it turns out to be totally impossible to build hardware that does. (Like building hardware to perfectly measure a particle's position and speed is impossible.)

This means that an "undetectable" attack is totally possible. What needs to be done is the use of statistical methods and "privacy amplification" to make the probability of a significant undetected attack as low as possible. (Sort of like trying to make your keyspace really big with normal crypto.)

Re:Wouldn't this make DOS easier though?

[Tmack]

The deal with quantum transmission is you are sending the data as single photons (smallest divisible unit of light, like a molecule of a compound, or a single cell of a living thing). Meaning, if you read it, you absorb the message (recievers transform the optical signal, ie: photons of light, into electrical ones), or at least change it in some way. The only way to possibly intercept the transmission is to completely intercept it, keeping any form of it from reaching the true reciepient, knowing the protocol enough to keep the sender thinking it is sending to the original target (sending encrypted keys or something), or acting as a repeater while recording the values as they pass through. Since they are being broadcast, you would have to put your device directly in line-of-site between sender and target, something probably notacable. Keeping the sender and reciever unaware of a repeater would be difficult, as adding such a device would add a time delay to the transmission, something the encryption might be dependant on. As for transmission, you would have to have a repeater device along a long or complex span, something knowing the encryption method and is known to both sides of the span. It is easier to secure single points of transmission than entire cable or enven fiber cables, since you dont have to worry about people splicing into it without knowing about it. The only worry would be a DOS, somehow blocking the path of the transmission, something easily remidied with a large enough cannon.

tm

Implications for the Government?

[caitsith01]

This area really interests me, because it seems to fundamentally change the playing field regarding the use of encryption for simple privacy. Up until now, it has been a pretty safe bet that anything the Government (or Governments) wants to read, it can. Eventually most (all?) standard encryption can be broken with brute force,* and if there's one thing that governments have and like to use it's brute force.

*(yeah, yeah, your favourite open source encryption is unbreakable, I know, but come on, the government isn't going to enter any 'break this encryption' contests to show what a kewl ha>or it is and thereby advertise the fact that communications using said encryption are not actually secure, is it?)

However, with unbreakable encryption they can no longer just spend money until they are able to break it - it's actually impossible, they can't even intercept it. So it changes the situation in a quite fundamental way. Whether it's someone violating copyright between quantum encrypted locations, just talking without being eavesdropped on (you know, exercising their rights), or Osama and his friends planning the next September 11, it will be impossible to work out the contents of a communication.

I feel that over the middle-term this will lead to some or all of the following government responses:
- stronger laws allowing seizure of computers (i.e. the start and end points of an encrypted communication)
- even stronger laws about exporting or possibly even publishing information about this type of encryption 'in the national interest'
- laws requiring the divulging of passwords to law enforcement/intelligence officers with harsh penalties for a refusal to cooperate (this is already the case in some places I believe)
- possibly a lower standard of proof required before police/spies can act to exercise the above powers, in light of the difficulties they will have getting any evidence at all about encrypted communications
- an increase in 'why are you using encryption, are you a terrorist/communist/thought criminal or something' type rhetoric

What do others think? Does this really change the privacy landscape over the next 10-20 years? Will governments react regressively in the ways I suggest? How should pro-privacy people respond and fight such changes?

The reason the man-in-the-middle attack fails

[amalcon]

The reason the man-in-the-middle attack fails is that in order to recreate the stream accurately, you need more information than you can accurately read from the stream at once. IANAPhysicist, so you'll have to google it if you want to know the specifics, but basically to read the datastream one must make a bunch of guesses. Now, Bob has the luxury of being able to guess wrong without problems, but a man in the middle must guess correctly every time or risk corrupting the datastream.

QC and evesdropping

[some+guy+I+know]

eavesdrop without detection

Even if you can detect the evesdropping, by that time, it's too late; the evesdropper already has part of the message.
Granted, it's only a single bit, but it might be the most important bit of the message.

More seriously, depending on the protocol, the evesdropper may be able to intercept many bits before the intrusion is detected.
For example, if TCP/IP is implemented over the QC stream, the intruder may be able to get an entire packet before the receiver sends a "Stop; we're being evesdropped!" message back to the transmitter.
(Maybe more, with TCP/IP's sliding window.)
If the entire message fits in one packet ("Attack at dawn."), then the message has been compromised.
One way to avoid this would be to use a comm layer lower than TCP/IP that ACKs each bit, but this could be slow.
Another way would be to use the QC channel to exchange very large keys, then use them in another encryption layer if eavesdropping has not occured during key exchange.

Re:QC and evesdropping

[Karhgath]

The actual way it works is the following. (simplified to bits instead of qubits for the sake of simplicity, and I probably forgot some details here and there)

1) Alice generates a random number of bits.

2) Bob generates a random number of bits.

3) Alice sends bits sequence to Bob, and Bob reads them, noting the place where both are equal.

4) Bob tells Alice every place the bits are equal, over a CLASSICAL channel.

NOTE:
This is the part that needs understanding. The proof that you cannot evesdrop is as follow:

4a)If the bit that Alice sent is the same as Bob, but was intercepted at 3), Bob will see it as different, so the bit will be discarded.
4b)If the bit that Alice sent isn't the same as Bob, but was intercepted at 3), Bob will register it as the same and will try to use it. See 5).

5) Alice and Bob test a couple of bits to check the integrity, over a CLASSICAL channel. This is the critical part, you need a big enough sample to prove that it is equal, but not too big so that the attacker knows too much about the key. The sample needed isn't actually that big. If you have one bit wrong, it was eavesdropped or corrupted along the way. If you do not detect any wrong bit, it means that the attacker doesn't have much information about the key, if at all. If 4b) happened, this part will detect those 'bad bits' with accuracy.

6) Alice encrypt the message with the key and sends it to Bob as if it wasa one-time pad.

If you want more info about quantum computing, see a introduction by one of the forefathers of quantum computing, Gilles Brassard, who I had the joy to have a class with.

http://www.iro.umontreal.ca/~brassard/SSGRR.html

First Proven Useful Application?

[dmomo]

To crack the Curse of the Bambino for the Boston Red Sox.

Newtonian = struct; Quantum = object-oriented

[mec]

That's essentially correct: there is more information inside a quantum system than anybody can measure.

Quantum Cryptography: Privacy Through Uncertainty

Here's how I think about it as a computer programmer. Newtonian+Maxwell physics are like C data structures, where every member is public, and an experimenter can 'get' and 'set' arbitrary values. But quantum objects are like O-O objects: the internals are private; the objects have methods; and you can only use the methods; and there are no raw "set" and "get" methods!

So consider an electron with a 'measure_position' method and a 'measure_momentum' method. Calling e1.measure_position() affects the internal state of the electron (there are no const methods in nature -- everything you do to measure an object affects the object).

QC is based on the construction of quantum objects where there is no set of method calls that are sufficient to create a second object which is indistinguishable from the first one. In the Newtonian universe, you just memcpy() more objects, but in the quantum world, there is no memcpy() -- there are only the object methods found in nature.

Re: Original article

[Vadim+Makarov]

Also, not to diminish the achievements which I applaud, but to point out: the demonstration they did (B92 protocol with no reference pulse) in fact is not secure at all. These states can be detected unambiguously probabilistically and those where detection was successful can be re-sent with increased energy, which makes eavesdropping possibly given the low detection probability at Bob. They better do it with BB84 next time :)

Everything Can Be Hacked

[Long-EZ]

Hacker Rule #1: Everything can be hacked.

The Quantum Man In The Middle
To prevent the man-in-the-middle attack where a photon is intercepted and an identical photon is transmitted in its place, the sender and receiver rely on a very tight window in time. Any photons received outside that window are rejected. If you want to grab the quantum secured key, why not put a receiver in the middle that emits a quantum entangled photon? You intercept the sender's photon, and once you know its state you can change the state of the captured photon so its entangled twin has the same quantum state as the intercepted photon, and arrives at the correct time. You essentially use quantum entanglement to change the state of the imposter photon while it's in transit.

Quantum Brute Force
Quantum computing is emerging almost as fast as "quantum cryptography" (actually "quantum tamper resistant key transmission"). In the near future a good quantum computer will be fast enough to quickly break today's strong encryption. This is the same old game of making sure encryption is just strong enough that commercial users can't crack it but governments can. It's a moving target. Make your own VERY secure encryption algorithm that jumps fifty years down the path of Moore's Law. Add 32 bits to your key and you're secure. That'll piss off your government. So will tying up several hours on their massive supercomputers to learn that you used your favorite commercial encryption algorithm to send your grandmother's cream candy recipe to an internet cafe in South Africa. I'd never do that, but I'd be very tempted to send The Constitution and The Bill of Rights.