Slashdot Mirror
Scientific American on Quantum Encryption
prostoalex writes "Scientific American claims that advances in commercially available quantum encryption might obsolete the existing factorization-based solutions: "The National Security Agency or one of the Federal Reserve banks can now buy a quantum-cryptographic system from two small companies - and more products are on the way. This new method of encryption represents the first major commercial implementation for what has become known as quantum information science, which blends quantum mechanics and information theory. The ultimate technology to emerge from the field may be a quantum computer so powerful that the only way to protect against its prodigious code-breaking capability may be to deploy quantum-cryptographic techniques.""
Will the need for an unbroken end-to-end light pipe finally lead to enough demand to light up some of that dark fibre that is sitting on the telco's books?
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Quantum cryptography is a solution in search of a problem. It cannot implement public key/private key cryptography, and it can transmit only through a single uninterrupted fiber-optic cable, not over the internet at large. Given those limitations (which I don't think can be surmounted), one might as well use tremendous, digital one-time pads. Transmission of the pads to the relevant parties should be strictly easier than the quantum cryptographic solution: if nothing else, generate terabytes of noise, store it on a RAID, and put it in a car with ten intensely loyal guys. After you've done that, you can send up to that amount of data securely over the internet at large, and no amount of quantum hocus-pocus will be able to decode it.
I don't think that the NSA has substantially better quantum encryption / computing than the rest of us. My main line of evidence is that they are still throwing enormous gobs of money at unclassified research into quantum computing.
One such example is the innocuously named "Laboratory for Physical Sciences". Please note the rather conspicuous key-shaped logo. I toured their facility a few years back while looking for a job. At the time the NSA was buying them just about anything they wanted provided it might have applications in quantum computing. This included a rather sophisticated chip fabrication lab and clean room.
I don't know if we will ever really have quantum computers, but the NSA sure doesn't want to be late to the party if we do.
If you have the quantum equipment anyway, it's no problem to generate true random numbers. Just produce vertically polarized photons and then measure them in diagonal direction. This guarantees complete independence of the resulting bits from each other (i.e. no correlation), and for perfect vertical and diagonal arrangement also equal probability of 0 and 1. But it's the independence which is really crucial; it's simple to create an unbiased random bit stream from a biased one if the individual bits are independent: Just split the original bit stream into pairs of bits, then throw away all pairs where both bits are the same, and for the remaining pairs always take the first bit. For a stream of independent bits, this guarantees a stream of equally probable independent bits. The bias of the original stream just affects the data rate.
The Tao of math: The numbers you can count are not the real numbers.
Even if it is untappable, wouldn't it be vulnerable to a man-in-the-middle attack?
...unless there's a flaw in this analogy, I don't see how this protects again a man-in-the-middle attack.
Alice is sending a key to Bob. Hacker intercepts the key exchange and sends his own key to Bob. Bob tries to report back, but is also intercepted. He reports back to hacker which bits he got of the hacker's key, hacker reports back to Alice which bits he got of Alice's key. Then the hacker sits in the middle reencrypting on-the-fly.
Personally, I thought it was only good to transfer messages securely. For example, if the key was known to the sender, reciever and the hacker, the hacker could still not intercept it without destroying the message in the process.
Kjella
Live today, because you never know what tomorrow brings
Still, a quantum computer turns crypto back into an arms race again.
Back in the days of enigma and such, when one side upped its computer technology, the other side added a wheel to its cipher machines. That would last a few years and then everybody is upgrading again.
RSA has been around since the 70's, and has remained stable the whole time. It made crypto practical to use, and ended the arms race by making crypto hundreds of orders of magnitude harder to crack. Ditto for modern symmetric ciphers, which aren't prone to cracking by quantum computers, but which are less practical to use.
If quantum computers come out, then RSA is basically dead. Sure, you'll be able to use 1 million bits, for a few years, until somebody adds a few more qbits to their machines and improves their implementation. It could potentially lower the utility of crypto in general unless you're protecting a secret for only a few years.
Just a thought, maybe off-topic. I think articles like this one show the inherent flaw in anti-circumvention laws. While the american government says "if you put a lock on something it's unlawful to break it, develop something that breaks it, tell someone how to make something that breaks it etc. etc." we're all seeing where technology is going: quantum computing (sorry if this term is not the right one, have mercy, I'm italian, I mean the ability to compute using quantum mechanics principles) could very well break any kind of lock we know today. This is more proof that high-level, modern technology and copyright/anti-circumvention laws can't possibly coexist as long as copyright has the form and shape it has today. Either laws change or technology stops. Sorry if this comment was too much off-topic.
What I meant was, what's the point if I can just cut the fibre and put a transmitter/receiver pair in the middle?