New Quantum Cryptography Speed Record

Roland Piquepaille writes "Physicists from the National Institute of Standards and Technology (NIST) have established a world's speed record for 'unbreakable' encryption with their cryptographic system based on the transmission of single photons. With this kind of method, messages cannot be intercepted without detection, meaning transmission is always safe. The NIST 'quantum key distribution' (QKD) system was used between two buildings located 730 meters apart for transmitting a stream of photons at a rate of 1 million bits per second. While it might not look very fast, its 100 times faster than with previous quantum distribution systems. This overview contains more details and references about information theory."

Always?

[mrgrey]

meaning transmission is always safe

Always is a powerful word. Nothing is totally secure.

Re:Always?

Indeed, but if it were possible to eavesdrop without detection, implications for physics would be just as great as for cryptology.

Ya cannae change the laws of physics
- Scotty, Chief Engineer

in KB/s

[moberry]

1,000,000 / 8 = 125,000
125,000 /1024 = 122.1

Not to bad for not using wireless undetectable (so far) encryption.

Wouldn't this make DOS easier though?

[foidulus]

This is the thing I don't understand about quantum cryptography(maybe someone can explain it to me). If someone were to try to listen in, would you still be able to read the information being sent? If not, wouldn't this make DOS attacks relatively easy? The information isn't any good if you cannot transport it.

Re:Wouldn't this make DOS easier though?

[Tmack]

The deal with quantum transmission is you are sending the data as single photons (smallest divisible unit of light, like a molecule of a compound, or a single cell of a living thing). Meaning, if you read it, you absorb the message (recievers transform the optical signal, ie: photons of light, into electrical ones), or at least change it in some way. The only way to possibly intercept the transmission is to completely intercept it, keeping any form of it from reaching the true reciepient, knowing the protocol enough to keep the sender thinking it is sending to the original target (sending encrypted keys or something), or acting as a repeater while recording the values as they pass through. Since they are being broadcast, you would have to put your device directly in line-of-site between sender and target, something probably notacable. Keeping the sender and reciever unaware of a repeater would be difficult, as adding such a device would add a time delay to the transmission, something the encryption might be dependant on. As for transmission, you would have to have a repeater device along a long or complex span, something knowing the encryption method and is known to both sides of the span. It is easier to secure single points of transmission than entire cable or enven fiber cables, since you dont have to worry about people splicing into it without knowing about it. The only worry would be a DOS, somehow blocking the path of the transmission, something easily remidied with a large enough cannon.

tm

Re:Wouldn't this make DOS easier though?

[corvi42]

The whole point of quantum crypto is that if someone did try to act as a repeater, then they would be detected. This is not because you would "see" them standing there intercepting your data ( although that would be a possibility ), but because the protocol used to transmit the information securely would reveal the fact that the data had been intercepted and then retrasmitted.

The basics are like this. Small particles ( like photons of light ) have a property called spin. You can set the spin of a particle when you transmit it by using the right kind of gear. You can test the spin of the particle in several different ways, but not all spins can be detected correctly by all tests. So if you have no idea what the spins are, you can't know which test to use. So if you use a random sequence of tests, you will sometimes have the right test, and sometimes not. So to transmit information, our protocol works like this ( taken from "The Code Book" by Simon Singh, p.346-7 ):

1) Alice sends Bob a series of photons, and Bob measures them.

2) Alice tells Bob on which occasions he measured them in the correct way. Although Alice is telling Bob when he made the correct measurement, she is not telling him what the correct result should have been, so this conversation can be tapped without any risk to security ).

3) Alice and Bob discard the measurements that Bob made incorrectly, and concentrate on those that he made correctly in order to create an identical pair of onetime pads.

4) Alice and Bob test the integrity of their onetime pads by testing a few of the digits.

5) If the verification procedure is satisfactory, they can use the onetime pad to encrypt a message; if the verification reveals errors, they know that the photons were being tapped by Eve, and they need to start all over again.

It is true that Eve could listen in on the line, intercepting photons sent by Alice and try to recreate the same stream of photons to Bob with the same spins. However, she can only use a test once, she can't copy a photon and test it using several different tests. So she will inevitably use the wrong test on a number of photons, and so not know what the true spin ought to be, and so can't reproduce them. She also can't know what series of tests Bob will use to test the photons he is receiving. So inevitably what would happen is this: Eve uses the wrong test on some photons, doesn't know what their spins ought to be, sends out some with different spins; Bob however uses the correct tests on some of those photons that Eve "made up", but gets different results from Alice ( because some of the spins are different from what Alice originall sent ), so when they compare results it becomes obvious that they don't have the same sequence of results. Furthermore, Eve can't know where the errors are going to come up and how she should fix them, so she couldn't intervene successfully in this verification step to make it seem correct when its not.

Long story short - you can't make a successful repeater ( down side to this is you can't use any network for transmitting the photons, as a network necessarily involves repeaters - aka routers/gateways - you must have a direct line from sender to receiver so the photons don't get altered ).

Encryption error!

[Phidoux]

Error -3647194 - An error occurred during the encryption of your file - Pigeon

Obligatory Futurama quote!

[Daath]

Farnsworth: "No fair! You changed the outcome by measuring it!"

heheh :)

Re:Nothing that haven't been done before

[__aagctu1952]

It's just like morse code, just waaaaaaaaaaaay faster!

Nah, it's like morse code, only if you look at what you receive the probability wave collapses and the cat dies. This means quantum cryptography uses up a heck of a lot of cats, and this is why there's a limit on its practical usability and speed in the real world...

*cough*

Re:Man in the Middle?

[Cyclopedian]

I think your premise fails because you are using an established methods that worked for certain electrical and computer principles. Quantum Cryptography (QC) is something entirely different than what's been done in the past. Current methods cannot merely just be used on QC just because it worked in the past for other levels of physics.

-Cyc

Unless you are talking one-time pads....

[Halo-]

The whole "unbreakable" thing is a little bit of a misnomer. Yes, you can detect if someone observes the transimission of the key, but that doesn't mean the encryption is unbreakable. In fact, it's not really encryption at all. It's simply a fancy type of secure, out-of-band key exchange. Once the key is exchanged, the parties will generally use it to key a symmetric algorithm like 3DES or AES. (At which point the encryption is only as strong as those algorithms...)

I realize I'm being painfully pendantic here, but when the self-proclaimed nerds start abusing a term, the general public is going to be hopelessly confused. (Think the whole hacker/cracker thing...)

Quantum key exchange is unbeleivably cool, but doesn't guanentee secure crypto. It just takes one of the weakest links in the chain, and makes it the strongest.

Hang on...

[m00nun1t]

I don't understand all this stuff about quantam cryptography. Let's get to the core of the issue:

Can it help me download pr0n faster or not?

Implications for the Government?

[caitsith01]

This area really interests me, because it seems to fundamentally change the playing field regarding the use of encryption for simple privacy. Up until now, it has been a pretty safe bet that anything the Government (or Governments) wants to read, it can. Eventually most (all?) standard encryption can be broken with brute force,* and if there's one thing that governments have and like to use it's brute force.

*(yeah, yeah, your favourite open source encryption is unbreakable, I know, but come on, the government isn't going to enter any 'break this encryption' contests to show what a kewl ha>or it is and thereby advertise the fact that communications using said encryption are not actually secure, is it?)

However, with unbreakable encryption they can no longer just spend money until they are able to break it - it's actually impossible, they can't even intercept it. So it changes the situation in a quite fundamental way. Whether it's someone violating copyright between quantum encrypted locations, just talking without being eavesdropped on (you know, exercising their rights), or Osama and his friends planning the next September 11, it will be impossible to work out the contents of a communication.

I feel that over the middle-term this will lead to some or all of the following government responses:
- stronger laws allowing seizure of computers (i.e. the start and end points of an encrypted communication)
- even stronger laws about exporting or possibly even publishing information about this type of encryption 'in the national interest'
- laws requiring the divulging of passwords to law enforcement/intelligence officers with harsh penalties for a refusal to cooperate (this is already the case in some places I believe)
- possibly a lower standard of proof required before police/spies can act to exercise the above powers, in light of the difficulties they will have getting any evidence at all about encrypted communications
- an increase in 'why are you using encryption, are you a terrorist/communist/thought criminal or something' type rhetoric

What do others think? Does this really change the privacy landscape over the next 10-20 years? Will governments react regressively in the ways I suggest? How should pro-privacy people respond and fight such changes?

Re:Implications for the Government?

[m.koch]

*(yeah, yeah, your favourite open source encryption is unbreakable, I know, but come on, the government isn't going to enter any 'break this encryption' contests to show what a kewl ha>or it is and thereby advertise the fact that communications using said encryption are not actually secure, is it?)

Pardon? The known encryption algorithms are insecure because the government doesn't say it can't break them? Reminds me of a little story where a man claps his hands to get rid of elephants in his house. The proof that it works? There are no elephants in his house.

Also it seems strange to imply that Schneier et al are just a bunch of idiots.

QC and evesdropping

[some+guy+I+know]

eavesdrop without detection

Even if you can detect the evesdropping, by that time, it's too late; the evesdropper already has part of the message.
Granted, it's only a single bit, but it might be the most important bit of the message.

More seriously, depending on the protocol, the evesdropper may be able to intercept many bits before the intrusion is detected.
For example, if TCP/IP is implemented over the QC stream, the intruder may be able to get an entire packet before the receiver sends a "Stop; we're being evesdropped!" message back to the transmitter.
(Maybe more, with TCP/IP's sliding window.)
If the entire message fits in one packet ("Attack at dawn."), then the message has been compromised.
One way to avoid this would be to use a comm layer lower than TCP/IP that ACKs each bit, but this could be slow.
Another way would be to use the QC channel to exchange very large keys, then use them in another encryption layer if eavesdropping has not occured during key exchange.

Re:QC and evesdropping

[OblongPlatypus]

But if you sent "attack at dawn", then realized an enemy had been eavesdropping, wouldn't you just attack at dusk instead?

Then again, the enemy would know that you knew he was eavesdropping, so he might anticipate that...

Somehow, this reminds me of Vizzini.

Re:QC and evesdropping

Your last paragraph is the way that QC is actually used (or so I have read in some random QC article):

(1) Sender generates long random key
(2) Sender transmits key
(3) Receiver receives key
(4) Received acks that the key has been received securely
(4A) Design of a secure "ack" channel is an interesting question, don't know the answer for that off the top of my head!
(5) Sender computes (message XOR key)
(6) Sender transmits (message XOR key)
(7) Receiver receives (message XOR key)
(8) Receives computes ((message XOR key) XOR key) == message

Re:QC and evesdropping

[gpinzone]

Even if you can detect the evesdropping, by that time, it's too late; the evesdropper already has part of the message. Granted, it's only a single bit, but it might be the most important bit of the message.

No, no, no, no. All you're sending is the key. If the key is compromised, all you have to do is throw that key away and send another key. No actual data from the message is sent. Once the key is received, and you know it hasn't been comprimised, you can send the encrypted data through any unsecure channel you like at any speed. You could cache the keys in advance so the transmission can be unaffected by a DOS attack on the quantum transmission.

Re:QC and evesdropping

[Karhgath]

The actual way it works is the following. (simplified to bits instead of qubits for the sake of simplicity, and I probably forgot some details here and there)

1) Alice generates a random number of bits.

2) Bob generates a random number of bits.

3) Alice sends bits sequence to Bob, and Bob reads them, noting the place where both are equal.

4) Bob tells Alice every place the bits are equal, over a CLASSICAL channel.

NOTE:
This is the part that needs understanding. The proof that you cannot evesdrop is as follow:

4a)If the bit that Alice sent is the same as Bob, but was intercepted at 3), Bob will see it as different, so the bit will be discarded.
4b)If the bit that Alice sent isn't the same as Bob, but was intercepted at 3), Bob will register it as the same and will try to use it. See 5).

5) Alice and Bob test a couple of bits to check the integrity, over a CLASSICAL channel. This is the critical part, you need a big enough sample to prove that it is equal, but not too big so that the attacker knows too much about the key. The sample needed isn't actually that big. If you have one bit wrong, it was eavesdropped or corrupted along the way. If you do not detect any wrong bit, it means that the attacker doesn't have much information about the key, if at all. If 4b) happened, this part will detect those 'bad bits' with accuracy.

6) Alice encrypt the message with the key and sends it to Bob as if it wasa one-time pad.

If you want more info about quantum computing, see a introduction by one of the forefathers of quantum computing, Gilles Brassard, who I had the joy to have a class with.

http://www.iro.umontreal.ca/~brassard/SSGRR.html

What about keyloggers and stuff?

[joda]

Even thought that in theory, the encrypted messages (or whatever is sent) can't be read, you still have the problems before and after encryption.
Especially these days with worms and trojans affecting even the most _secure_ environments (*bad memories about some american nuclear power plant*). You can expect someone somewhere to get some spyware or keylogging-thingie onto a sender or reviever's system. (or sometimes even enough with just getting it onto the network on each end in question.)
I recall visiting a webshop somewhere who sold a small (read less than half an inch) plug, which you put in between the keyboard and the comp, which could log several megs of typed in text. Later it's just to harvest ...

Maybe I'm just paranoid, but if you can't trust your coworkers 130% in these cases, you're still toast unless you put the machine (and yourself) in a vault and throw away the key. /joda

the weakest link in the chain

[WormholeFiend]

is human.

while it's true that cryptography like this improves security, those encrypted messages are still transmitted between people, and people are not corruption-proof.

Original article

[Vadim+Makarov]

Here is the original article (PDF, should be downloadable) in Optics Express.

Aaahhh! and it runs Linux. Mod me up.

("We are currently using a Linux operating system with custom drivers for the boards.")

Re:Always? The Copenhagen interpretation...

[turnstyle]

"Indeed, but if it were possible to eavesdrop without detection, implications for physics would be just as great as for cryptology."

Perhaps when somebody eavesdrops, a cat is killed?

Or does the universe split in two, one in which the eavesdrop has occured, and one in which it has not?