Scientific American on Quantum Encryption

prostoalex writes "Scientific American claims that advances in commercially available quantum encryption might obsolete the existing factorization-based solutions: "The National Security Agency or one of the Federal Reserve banks can now buy a quantum-cryptographic system from two small companies - and more products are on the way. This new method of encryption represents the first major commercial implementation for what has become known as quantum information science, which blends quantum mechanics and information theory. The ultimate technology to emerge from the field may be a quantum computer so powerful that the only way to protect against its prodigious code-breaking capability may be to deploy quantum-cryptographic techniques.""

Re:Quantum Encryption

[k98sven]

I think [..] Eventually, we will have quantum computers capable of brute-forcing even quantum encryption...

Well, you think wrong. Quantum encryption cannot be 'brute-forced'. Because it's not 'encryption' in the conventional sense but rather 'secure transmission'. The data is not encoded, but rather transmitted in a way which makes eavesdropping impossible. Since you can't intercept any 'coded message', there is nothing for you to brute-force.

And this holds as long as what we know of quantum mechanics holds.
(More specifically, the Bell inequality. Which was verified in the famous Aspect experiment.)

So no, nothing in quantum physics is going to invalidate quantum encryption. And I wouldn't get my hopes up for future theories, either, because this 'wierdness' of quantum mechanics so well-verified experimentally that it'd be unlikely that any future theory would change it. (But hopefully explain it)

Re:Don't verb adjectives

God, I love when slashdot covers advanced scientific stuff... then people like you who have no idea what they are talking about get to be mod'ed Insightful!

OK, there's two very different uses of quantum technology when applied to crypto problems:

1. If you had a quantum computer some problems like factorization become easy; therefore things like RSA would be instantly decryptable. The gotcha is that the current "state of the art" for quantum computers are still absolutely tiny and there are HUGE engineering challenges towards building one large enough to factor a real key (I think they're at the point now where they can factor numbers like "12"... so they have a bit of scaling before they can start attacking 300-digit numbers)

Of course there could be a massive breakthrough in quantum computer design tomorrow which would throw the whole crypto world on its head. That makes this area really interesting for crypto people.

Does NSA secretly have a quantum computer that can do that? I'd say its extremely unlikely... I'm sure they have people looking into it but they would have to be AMAZINGLY far ahead of the public research community to have actually built a full-size one.

2. What this article is talking about is "quantum encryption" what's really "quantum" about it is making an untappable fiber line by signalling using the characteristics of single photons. By using Heisenberg's uncertainty principal you can make it impossible for anyone to tap the line (and thus observe the photon states) without also randomizing the bits. It's really hard to get your head around but it actually works.

Note that nowhere here did we use a "quantum computer"... this is all using technology that exists today (obviously, since you can buy it)

So basically even if your adversary has a trillion dollar budget to attack you with they CANNOT tap that fiber line without destroying the communication in the process. It's physically not possible with any technology.

So unless the NSA has a whole undiscovered field of physics that the world doesn't know about they don't have "quantum decyption" As we understand physics today it's literally impossible to build such a device.

Re:TFA is quite ..umm.. cryptic

But in the current networks it'll only go around a couple of meteres at Max and you can't use an amplifier/repeater with this. So really, how are we going to use this in real life ?

Who said using it on current networks? In real life, custom networks are used, of course.

Sending information faster than light is likely not possible. The FAQ you linked to says that too. Currently, theory says no, and experiment can't tell. Some have chosen to interpret their experiments as supporting FTL transmission of information. But the majority do not agree with that interpretation.

Using photons in computers in any form is so far off that suggesting it as a solution to current day problems like die size vs clock speed is ridiculous.

Re:Uhh...

[tftp]

If you have a ton of sand with some gold nuggets mixed in, it's kinda tedious to manually inspect every grain of sand and throw it away if it doesn't look like gold.

However, it is perfectly reasonable to borrow a large sieve with a water tray - which both work on all the grains simultaneously - and then the job becomes doable in hours.

Re:Baloney.

[OzRoy]

I quote the apropriate part from the article for the lazy parent who has not RTFA.

Ultimately cryptographers want some form of quantum repeater--in essence, an elementary form of quantum computer that would overcome distance limitations. A repeater would work through what Albert Einstein famously called "spukhafte Fernwirkungen," spooky action at a distance. Anton Zeilinger and his colleagues at the Institute of Experimental Physics in Vienna, Austria, took an early step toward a repeater when they reported in the August 19, 2004, issue of Nature that their group had strung an optical-fiber cable in a sewer tunnel under the Danube River and stationed an "entangled" photon at each end. The measurement of the state of polarization in one photon (horizontal, vertical, and so on) establishes immediately an identical polarization that can be measured in the other.

And it continues on this page http://www.sciam.com/article.cfm?chanID=sa006&arti cleID=000479CD-F58C-11BE-AD0683414B7F0000&pageNumb er=3&catID=2

Re:Don't verb adjectives

[Phurd+Phlegm]

What I meant was, what's the point if I can just cut the fibre and put a transmitter/receiver pair in the middle?

The reason you can't do that is that unless you send each photon using the same orientation the guy on the other end won't get the right measurements on some of them. You only get a correct measurement on those photons that you measured in the same orientation the sender used. For the ones you measured in the wrong orientation, you get a random result (if the orientation is off by 90 degrees, I believe there is no correlation at all--if off by 45 degrees there is some correlation but there's still a random component). So for those cases (which essentially amount to 1/2 the bit string) you're sending random values. This means that the key as received will be wrong.

So, you could send a key to the other end, but it wouldn't be the same key that you received, because the key is created during the exchange based on which photons were encoded in the same orientation they were measured. So, any protocol that uses this has to be designed to take advantage of this property to prevent man-in-the-middle attacks. Apparently the crypto boys and girls feel this is enough of an advantage to be done--I haven't inspected any protocols that do this, so I can't explain how it's achieved. But simply sending a long key and XORing the message with it isn't enough--the man in the middle could foil that by just generating a new key and reencrypting.

I'm sure someone has a good discussion of this up on the web. The question is if there's one that's accessible to the non-cryptographer.