Slashdot Mirror
Scientific American on Quantum Encryption
prostoalex writes "Scientific American claims that advances in commercially available quantum encryption might obsolete the existing factorization-based solutions: "The National Security Agency or one of the Federal Reserve banks can now buy a quantum-cryptographic system from two small companies - and more products are on the way. This new method of encryption represents the first major commercial implementation for what has become known as quantum information science, which blends quantum mechanics and information theory. The ultimate technology to emerge from the field may be a quantum computer so powerful that the only way to protect against its prodigious code-breaking capability may be to deploy quantum-cryptographic techniques.""
Someone needs to write a Encryption routine that uses the source text as the key. THAT will really show 'em!
"Everything you know is wrong. (And stupid.)"
Moderation Totals: Wrong=2, Stupid=3, Total=5.
As far as I can tell, no cats were harmed in the making of these quantum cryptographic devices, although if you look inside the box, the act of looking at the cat inside may (or may not) kill it
"And we have seen and do testify that the Father sent the Son to be the Savior of the World" 1 John 4:14
Why does quantum computing threaten present encryption?
Someone set us up the bomb, so shine we are!
The arm's race continues. Then they'll have to invent Super Turbo Quantum Mofo Encryption to stay one step ahead.
The printer-friendly version puts it all on one nice and image free page.
Article here
I think this is only another example in a long line of encryption that was quite secure when envisioned, but then as computers became more and more powerful, became less and less secure. Eventually, we will have quantum computers capable of brute-forcing even quantum encryption...
How about they just issue LOP's on silk?
A feeling of having made the same mistake before: Deja Foobar
I for one welcome our new quantum-cryptographical overlords.
tshtuatpptenaynrirragagcuoyomq
so long bits, hello tits.
Trinary digITs here we come!
lol: You see no door there!
Will the need for an unbroken end-to-end light pipe finally lead to enough demand to light up some of that dark fibre that is sitting on the telco's books?
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Quantum cryptography is a solution in search of a problem. It cannot implement public key/private key cryptography, and it can transmit only through a single uninterrupted fiber-optic cable, not over the internet at large. Given those limitations (which I don't think can be surmounted), one might as well use tremendous, digital one-time pads. Transmission of the pads to the relevant parties should be strictly easier than the quantum cryptographic solution: if nothing else, generate terabytes of noise, store it on a RAID, and put it in a car with ten intensely loyal guys. After you've done that, you can send up to that amount of data securely over the internet at large, and no amount of quantum hocus-pocus will be able to decode it.
"Jon, we have a situation. We need your to do your stuff."
The real advantage of using entangled photons would be in sending information faster than light. Entangled Photons in Computers actually might solve all the copper issues in speed we're having in chip DIE size vs clock speed (as in how to get a signal from one end of the chip to the other in a single clock signal).
Quidquid latine dictum sit, altum videtur
"...a quantum computer so powerful that the only way to protect against its prodigious code-breaking capability may be to deploy quantum-cryptographic techniques."
scary stuff....however, a simpsons quote comes to mind:
Alien 1: It seems the earthlings won.
Alien 2: Did they? That board with a nail in it may have defeated us. But the humans won't stop there. They'll make bigger boards and bigger nails, and soon, they will make a board with a nail so big, it will destroy them all!
[both aliens laugh evilly, for quite some time]
This sig contains repetition and redundancy.
Is this new? A proof of concept for any encryption cracking should be a video game patch. So it stands on top for a couple hours, only to be knocked down by crackers a short time later. Is this really something new? Every time a new patch comes out it's like the world expects it to stop everything.
Lets be realistic, if we didn't leave our trash on the table at the mall where would the guy that gets paid to clean it up go? Same with security. If we didn't have people to break into stuff, where would all the security professionals go? There's no stopping it, might as well enjoy it. Keep quantum costly and that will be its firewall, keep quantum available to only the elite and that will be the encryption, put it on newegg and watch me buy one, meaning the technology is no longer useful and has been hacked.
I truly don't see how anything that travels outside of ones' self could ever be secure. As soon as your password reaches your fingertips and is typed, data is no longer secure.
It's like replacing a steel deadbolt with titanium, meanwhile the door is wooden, the hinges are brass, and there's a large window right next to it.
The only possible uses are extremely high-value applications like banking and the military. Even then I'd spend my money elsewhere.
The breaking RSA stuff is unrelated (quantum computers, not quantum key exchange) and pure speculation. RSA isn't going away for a loooong time.
Democracy is two wolves and a sheep voting on lunch.
If someone tries to intercept this stream of photons--call her Eve--she cannot measure both modes, thanks to Heisenberg.
That's wrong. The Uncertainty Principle merely states that an observer cannot measure both position and momentum with arbitrary precision.
God, I love when slashdot covers advanced scientific stuff... then people like you who have no idea what they are talking about get to be mod'ed Insightful!
OK, there's two very different uses of quantum technology when applied to crypto problems:
1. If you had a quantum computer some problems like factorization become easy; therefore things like RSA would be instantly decryptable. The gotcha is that the current "state of the art" for quantum computers are still absolutely tiny and there are HUGE engineering challenges towards building one large enough to factor a real key (I think they're at the point now where they can factor numbers like "12"... so they have a bit of scaling before they can start attacking 300-digit numbers)
Of course there could be a massive breakthrough in quantum computer design tomorrow which would throw the whole crypto world on its head. That makes this area really interesting for crypto people.
Does NSA secretly have a quantum computer that can do that? I'd say its extremely unlikely... I'm sure they have people looking into it but they would have to be AMAZINGLY far ahead of the public research community to have actually built a full-size one.
2. What this article is talking about is "quantum encryption" what's really "quantum" about it is making an untappable fiber line by signalling using the characteristics of single photons. By using Heisenberg's uncertainty principal you can make it impossible for anyone to tap the line (and thus observe the photon states) without also randomizing the bits. It's really hard to get your head around but it actually works.
Note that nowhere here did we use a "quantum computer"... this is all using technology that exists today (obviously, since you can buy it)
So basically even if your adversary has a trillion dollar budget to attack you with they CANNOT tap that fiber line without destroying the communication in the process. It's physically not possible with any technology.
So unless the NSA has a whole undiscovered field of physics that the world doesn't know about they don't have "quantum decyption" As we understand physics today it's literally impossible to build such a device.
Quantum encryption is a misnomer, it should be called (and is, in some circles) quantum key distribution. It's all about how the key is transmitted, not how the data is secured. The encryption method is independant of how the key is distributed. Contrary to popular belief, it typically cannot be a one-time pad, since the bandwidth on the "key" channel is very limited due to the exact nature of the transmission. It can be, though, a constantly shifting AES key, or other type of data, making the datastream as a whole effectively unbreakable.
The problem lies in that you have to have a single, unbroken fiber optic connection between the two points, and this fiber optic connection is very limited in the amount of loss that it can withstand. That means you're geographically limited on how far the circuit might be able to travel. You're looking at a few hundred kilometers, at the absolute maximum.
Considering the amount of money you'd spend on putting the circuit in place versus the amount of money you'd lose if the data was compromised, it's very unlikely that anyone, anywhere will have a practical use for QKD/QE. Government and defense, maybe, but then only in very limited applications.
There is a chance that, should quantum computing become a reality and modern encryption algorithms can suddenly be cracked very, very easily that this method may see some use, and by no means is development a waste of time and effort. But, QC is still very much in the early stages, if a working system is ever developed at all.
Thta being said, PKI and courier delivery of key material will continue to be the order of the day for quite some time.
Uh, don't you know about Area 51? You didn't get the memo, eh?
stuff
I don't think that the NSA has substantially better quantum encryption / computing than the rest of us. My main line of evidence is that they are still throwing enormous gobs of money at unclassified research into quantum computing.
One such example is the innocuously named "Laboratory for Physical Sciences". Please note the rather conspicuous key-shaped logo. I toured their facility a few years back while looking for a job. At the time the NSA was buying them just about anything they wanted provided it might have applications in quantum computing. This included a rather sophisticated chip fabrication lab and clean room.
I don't know if we will ever really have quantum computers, but the NSA sure doesn't want to be late to the party if we do.
give it a shot.
Particles that are treated best by quantum theory (such as photons, here) exhibit quantum states. Just think of them as metainformation about the particle, which is accurate to a first approximation and appropriate for this explanation. In this case, the light is polarized, which dictates some of its quantum metainformation.
The Heisenberg principle, which you've probably heard about, says that you cannot know the position and momentum of a particle exactly, simultaneously. You can know one or the other exactly, you can know both with noninfinitesimal error, but you can't know both. For big, heavy things, like macroscopic objects, the uncertainty is so small as to be irrelevant.
The quantum weirdness which results is as follows: an unobserved object simultaneously exists in a linear combination of multiple quantum states. That is, it exists as
(x*A+y*B+z*C)/(x+y+z)
Where A,B,C are quantum states and x,y,z are relative probabilities. If they add to 1, the x+y+z term falls out.
This is where schrodinger's cat. If you wait exactly long enough that the probability of the cat dying is 50%, the cat is exactly equal parts dead and alive. It's accurate, but I think it's confusing because it confuses the fact that quantum states really only apply to very small things, except in isolated cases like this.
Where the unbreakability of quantum encryption comes in is the observer. If you open the box, the cat is no longer both, it's just dead or alive. If you look at the photon, it's A,B, or C. You have destroyed the metainformation contained in the photon, because up until when you observed it, it was x parts A, y parts B, and z parts C.
This is unavoidable and fundamental to quantum mechanics.
For quantum encryption/communication not to work this way, we have to be wrong about quantum mechanics, and the fact that it's just so WEIRD is part of the reason I suspect it will work. It's so counterintuitive people have verified this many times.
It is impossible to crack quantum encryption.
It's a bit of a misleading name, but the actual encryption part of these techniques is the one time pad which has been a known technique for a long time now. It is mathmatically proven to be impossible to break a one time pad as long as you use a truely random key.
The quantum part of this new technique is just the method of transmitting the key to the other person. With it you can guarantee that no one else has listened in and knows what the key is.
And an inside job will always prove unstoppable. "Treachery is the primary way," observes Seth Lloyd, an expert in quantum computation at the Massachusetts Institute of Technology. "There's nothing quantum mechanics can do about that."
A properly implimented one time pad using a truly random key is impossible to crack.
Quantum encryption is based on the one time pad, and it overcomes the weakness of how you guarantee your key has been transmitted to the other person without anyone else knowing it.
you just hang around until one pops up
Actually, following Heisenburg dictum (using analog methods, of course), it's more along the lines of you popping up where it is - make sure to wear clean underware at all times while you wait.
Anyone seen John? He was right here a minute ago...
Even though the T in tits stands for Ternary, modding the parent OT displays a humourless soul.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
In my job as a contractor for a government agency, I've had the opportunity to read a lot about the history of crytopgrahy and code breaking. If there's one thing I've learned, it's that one time pads are unbreakable (when properly created and handled). Does quantum computing affect this unbreakability?
Referencing going postal, the semaphor towers would be the 'optical fibre' in discworld they erect a canvas sheeting to block the LOS between two towers, and:
a) send a sequence of messages to jam the machanics (a 'woodpecker' ala a buffer overflow worm)
b) send a creepy posthumous message
I am sure after they spend loads on quantum cryptography, and tell all theit employees that QUANTUM is protecting them, it will be easier than ever to call up and ask for the email they just received over quantum to be faxed to your office, because your 'damned' quantum line is down again.
Oh I forgot: ----spoiler warning----
#hostfile 0.0.0.0 primidi.com 0.0.0.0 www.primidi.com 0.0.0.0 radio.weblogs.com
Finally we can start research stating that P=NP without worry that our discovery would empty our accounts.
Anagram("United States of America") == "Dine out, taste a Mac, fries"
Well, it is much more difficult to make a quantum computer than it is to make a quantum cryptography system: the only difficult thing of a quantum cryptographic system is having a single photon source: if I remember right the heisemberg uncertianty principle for phase and number states that if you know exactly how many photons you emit, you will never know when you actually emit them; and viceversa, if you know when you emit them, you really don't know how many you emitted. Also, as emitted photons will follow a poissonian distribution, the most likely time for another photon to be emitted is right after the other one; so you can eavesdrop by catching one photon and not the other. But I very much doubt that a quantum computer will be made before 10-20 years: there is a process called decoherence that basically "damages" your quantum states as you try to scale them up to macroscopic objects. That is the reason you do not see a really big "shrodinger's cat": the time for which the cat is dead or alife would be so short that it has absolutely no meaning. We manage to scale up the quantum states only to a "few" atoms.
Not the content of the actual encrypted message. Distributing the encryption keys in this way guarantees that whenever a bit in the key is intercepted by an eavesdropper, the sender/receiver would detect it so that could abandon this bit. Then the receiver uses the key to encrypt the actual message and sends it on an open chanel, which is still interceptable by an eavesdropper, but as long as the encryption is One-Time Pads encryption and the previous key generation uses a true random source, crypt-analysis againsted the ciphertext would be impossible.
Alice sends Bob a stream of photons. Each photon that is sent, Alice encodes a state of '1' or '0' on each photon.
Unfortunately, Due to Quantum Mechanics, Bob only has a 50% chance of actually reading the state of the photon. 50% of the time he gets '0' or '1', and 50% of the time he gets 'Unknown', and the photon is destroyed..
This is ok, because after receiving 1 million bits, Bob phones up Alice on an unsecured line and says I managed to read photon numbers 5,6,9,12,13,16....(+ approx 500,000 more), so I will use the state of these photons as a one time pad. Alice looks up the states she sent these photons, and now both parties have a one time pad to encrypt data.
Now, lets say there was an intruder attempting to intercept the key exchange. The intruder is also constrained QM, and can only read 50% of the photons, with the other 50% Destroyed. Because, the 50% of photons the intruder would receive, would be different to the 50% bob had read, it is impossible for the hacker to use the information sent using by bob to Alice, via the unsecured phone call, to build an equivalent one time pad.
Also, as the intruder is only able to forward a exact copy of just 50% of the photons to Bob, with the other 50%, now destroyed. He could replace this 50% of photons with his own set of random state photons, but this will be detected by Bob and Alice, as the one time pads would be different on this 50%, and the transmitted data using the pads would be corrupted.
So there, mr. big britches!
STOP. You're being farmed.
Actually, all of the quantum principles quantum computing is based on are actually experimentally proven. Indeed, quantum computers have been built, except that they are currently restricted to a few qubits. A factorization of 15 with Shor's algorithm has already succeeded.
An unsolved problem, however, is how to build larger quantum computers. Maybe it's impossible in practice to get more than a few individually controllable qubits sufficiently protected from the environment. But that's quite a different statement than the one you made.
Well, probably you just tried to troll anyway.
The Tao of math: The numbers you can count are not the real numbers.
Why do you assume the GP post is lazy. Perhaps they agree with Albert, I know I do. Mathematics can model reality extremely well. I think it breaks down when our Gravity Model says there can be an infinitely large mass in an infinitely small space. I also think QM breaks down with "spooky action".
Because I think that, I also think research (particularly emprical reseach) into black holes and entanglement is a "good thing" regardless of it's potential value. Albert (who like slashdotters could not understand the US patent office) started his ponderings because someone else discovered that the speed of light is constant, so he plugged it into Issac's maths and thunk fer awhile. Issac is said to have gained insperation from an apple but it is more likley it was from Kepler, Galileo, Copernicus,(Issac despised giving credit),... It may just be that we need another Issac to discover a branch of mathematics that will resolve these issues. Perhaps if we resolve it we will be able to talk to all our other multiverse selves who already know we haven't worked it out yet.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
So the big question is: Why does Alice have so many secrets? Why does she feel compelled to tell Bob everything? And what is up with Eve, always budding in?
Personally I think there's something going on between Eve and Bob, that they're not telling us. But damned if I can't break their code.
yo.
I've known about id Quantique for a while, and have no relationship with them other than I think they rock. One of the more interesting things they sell is Quantum Random Number Generators. These babies work by sending a stream of photons at a half-silvered mirror. Each photon will be either transmitted or reflected, though it is impossible to tell which beforehand. A single photon detector on the other side of the mirror turns the reflection/transmission event into a bit. This bit is PURELY RANDOM. This is one of the *few* ways to get purely random numbers.
If you encrypt a message with a purely random OTP, it is *impossible* to decipher without that pad. As opposed to mixing functions based on entrpic randomness which are merely insanely complicated to decipher. Freaking cool. Here's a url. http://www.idquantique.com/qrng.html
If you have the quantum equipment anyway, it's no problem to generate true random numbers. Just produce vertically polarized photons and then measure them in diagonal direction. This guarantees complete independence of the resulting bits from each other (i.e. no correlation), and for perfect vertical and diagonal arrangement also equal probability of 0 and 1. But it's the independence which is really crucial; it's simple to create an unbiased random bit stream from a biased one if the individual bits are independent: Just split the original bit stream into pairs of bits, then throw away all pairs where both bits are the same, and for the remaining pairs always take the first bit. For a stream of independent bits, this guarantees a stream of equally probable independent bits. The bias of the original stream just affects the data rate.
The Tao of math: The numbers you can count are not the real numbers.
Have been looking for you a long time.
I have a new project for you.
Or just asking. Like they do right now.
This signature intentionally left blank
Does NSA secretly have a quantum computer that can do that? I'd say its extremely unlikely...
Actually, they do! And the infinite improbability field that it generated is the true reason behind the November election results.
So what you're saying, basically, is that you can't tap into quantum encryption without destroying the communication/ randomizing the bits in the process and that the nsa isn't THAT far ahead of current public research and that , oh hang on
Mongrel News all the news that fits and froths
Because you'd be simulating a process that would require more cpu power than simply brute forcing the problem would use.
As poster above explained, it would take as long as doing it the hard way with a regular computer PLUS the overhead of the simulation.
Mycroft
https://signup.leagueoflegends.com/?ref=4c3ed6600b6ea
1. Not all current public/private key schemes rely on factorization. RSA does though, as does DSA I think. But not ECC at least, I don't know so many other.
2. To implement Shor's algorithm, quantum computers have to scale. I don't know how it works but it couldn't possibly check more than 2^n keys at once, where n is the number of qubits.
Naturally if n is large, any key can be cracked. But I doubt that quantum effects scale well. So far it's been about a dozen qubits, and well... 2^12 at once is impressive. But compared to a 1024 bit RSA key (which has somewhere around 2^128 valid keys), you'd have to do 2^112 iterations.
I've seen a couple theoretical suggestions about how you could build a lattice grid using nanotechnology to allow it to scale, but it is all extremely theoretical. With any of the current methods of quantum computers, the noise would drown any quantum effects long before they gor to encryption-cracking scales.
Kjella
Live today, because you never know what tomorrow brings
The problem with Quantum key exchange is that it's unauthenticated. Since you don't know who's on the other end, you're vulnerable to a man-in-the-middle attach. Someone could be tapping into the line.
So you authenticate using standard public key techniques, making the whole shebang not much more secure than the (non-quantum) authentication mechanism you use. But vastly more expensive.
Of course this is also just a form of encryption where you have to exchange codes first (both the sender and the receiver must know that language, that is, they must memorize the code. Or of course they could have a grammar book/dictionary (i.e. a written-down version of the code) for that. Which then has the disadvantage that an unauthorized third party may get it.
And it's a code which is hard to change. Say one of the group changes sides, then your whole investment in that code (creating a complete language, and then both sender and receiver having learn it) is immediatly completely worthless.
The Tao of math: The numbers you can count are not the real numbers.
What you say is true, but WRT 1. I don't think you're paranoid enough. When DES was first set up, the NSA not only knew about differential cryptanalysis, but had had it for long enough that they were worried other people would discover it. They have more conventional computing power *and* more mathematicians than any other institution in the world. There is no theoretical barrier to having a big working QC, it's all engineering. The NSA has one, count on it.
I am trolling
It'd be UNBELIEVABLY ahead of the private sector if the NSA had quantum computers capable of factoring current keys now. Shor's algorithm requires a large number of qubits to factor an n-bit number (Shor registers + QFT + exponentiation), plus however many qubits are necessary for error-correcting codes to prevent your entanglements from breaking down.
Furthermore, even though Shor's algorithm can factor in roughly linear time, it still has a work factor present. You may have to run the quantum Fourier transform multiple times before you get an acceptable discrete log to finish the equation with, thanks to the joys of trying to extract a single value from a superposition.
And yes, IBM made a 7-qubit NMR-based QC a while ago and tested Shor's algorithm on it, factoring 15 into 3 and 5. NMR QCs are not currently scalable though, which prompted some scientists to prematurely declare quantum computing as a dead end.
Even if it is untappable, wouldn't it be vulnerable to a man-in-the-middle attack?
...unless there's a flaw in this analogy, I don't see how this protects again a man-in-the-middle attack.
Alice is sending a key to Bob. Hacker intercepts the key exchange and sends his own key to Bob. Bob tries to report back, but is also intercepted. He reports back to hacker which bits he got of the hacker's key, hacker reports back to Alice which bits he got of Alice's key. Then the hacker sits in the middle reencrypting on-the-fly.
Personally, I thought it was only good to transfer messages securely. For example, if the key was known to the sender, reciever and the hacker, the hacker could still not intercept it without destroying the message in the process.
Kjella
Live today, because you never know what tomorrow brings
Before you'll know it the will be another hot-or-not spinoff called "is my cat dead-or-not" and it will be a bunch of blank pictures.
I don't get it.
- weak measurement.
This is the point. We're not talking about 'engineering'. This is physics. Well they may had discovered the 'yellow holes' in universe, and nobody knows that, or whatever. Anyway, even in the atomic bomb project, which was really a huge and secret one, the physics of it was universally known before they started building paloa lto. The can be as far as you want in 'engineering', but what is needed here is physics, and is much more profitable for them to keep their ears open till some discover shows up in the public scientisc community, and use it, and put zillios of engineers on it.
Still, a quantum computer turns crypto back into an arms race again.
Back in the days of enigma and such, when one side upped its computer technology, the other side added a wheel to its cipher machines. That would last a few years and then everybody is upgrading again.
RSA has been around since the 70's, and has remained stable the whole time. It made crypto practical to use, and ended the arms race by making crypto hundreds of orders of magnitude harder to crack. Ditto for modern symmetric ciphers, which aren't prone to cracking by quantum computers, but which are less practical to use.
If quantum computers come out, then RSA is basically dead. Sure, you'll be able to use 1 million bits, for a few years, until somebody adds a few more qbits to their machines and improves their implementation. It could potentially lower the utility of crypto in general unless you're protecting a secret for only a few years.
Just a thought, maybe off-topic. I think articles like this one show the inherent flaw in anti-circumvention laws. While the american government says "if you put a lock on something it's unlawful to break it, develop something that breaks it, tell someone how to make something that breaks it etc. etc." we're all seeing where technology is going: quantum computing (sorry if this term is not the right one, have mercy, I'm italian, I mean the ability to compute using quantum mechanics principles) could very well break any kind of lock we know today. This is more proof that high-level, modern technology and copyright/anti-circumvention laws can't possibly coexist as long as copyright has the form and shape it has today. Either laws change or technology stops. Sorry if this comment was too much off-topic.
No, what he's attempting to do is describe entanglement - the presently baffling feature of quantum mechanices. As Heisenberg would tell you, any attempt to measure the state of a photon (an entangled pair of a photon in this case) will in fact alter the state of the photon itself and consequently sound an alarm bell if the data (many photons!) is corrupt at the other end. However, a sub-atomic group in Paris - ENS- have made progress in findinf ways to not measure the magnitude of a photon, but rather measure the phase shift of tiny rubidium rods as they pass through a photon. This still makes a change of course but a change that is even more difficult to detect! It's fascinating stuff and arguably the future of communication and computing, and who knows even replication...
problem with making a quantum computer, you have to somehow isolate a bunch of particles so they have absolutely no interaction with each other or with anything else. Kinda hard to do. It's been done for very small numbers of particles, for very short times. And if the theory is correct, there are really steep limiting curves to how many and how long you can have particles in the proper state before they decohere. So I wouldnt expect to see a quantum computer at Wal-Mart for many many decades.
This sort of encryption was used a lot in World War 1 where they would take words and phrases and replace them with other words. For example a single word "keyboard" may mean "Arial attack". These sorts of codes were broken. Usually by people good at crosswords.
A more famous case of decrypting this sort of cypher is Egyptian Hyroglyphics. Sure they were never ment to be a code but since knowledge of how to read it was lost it became one.
Dancin_Santa has it exactly right -- the NSA isn't gonna buy this technology from some company, shit -- they probably pioneered the first system capable of producing a quantum algorithm in the first place!
What I meant was, what's the point if I can just cut the fibre and put a transmitter/receiver pair in the middle?
http://www.lkb.ens.fr/recherche/qedcav/english/eng lishframes.html
I can't see PETA, or event myself for that matter, going along with a quantum encryption system when every time you unencrypt and open the box/vault/computer/etc. there is a 50/50 chance of killing a cat.
But thats not hacking, thats manual labour ; ) ..
DNA encryption and carrier pigeons...
Yeah, I needen't bother, especially since ~90% of the time there is a windows machine on the end ;)
No amount of educating people on the world of physics and mankind's knowledge thereof is going to help here, because people just plain want to believe the junk-science-tinfoil-hat notions that the 'US gubmint is waaaay ahead'. For some that's more entertaining than the truth, and I guess people have a hard time 'disentangling' truth and entertainment. Still, one should never stop trying to educate, I suppose.
So, you could send a key to the other end, but it wouldn't be the same key that you received, because the key is created during the exchange based on which photons were encoded in the same orientation they were measured. So, any protocol that uses this has to be designed to take advantage of this property to prevent man-in-the-middle attacks. Apparently the crypto boys and girls feel this is enough of an advantage to be done--I haven't inspected any protocols that do this, so I can't explain how it's achieved. But simply sending a long key and XORing the message with it isn't enough--the man in the middle could foil that by just generating a new key and reencrypting.
I'm sure someone has a good discussion of this up on the web. The question is if there's one that's accessible to the non-cryptographer.
TFA says that by doing so you will corrupt the qubits unalterably in a way that is detectable by the sender and receiver, which is also why it is impossible to use signal amplifying repeaters to extend the range of the transmission.
Assuming that it is unbreakable is dangerous. Quantum Theory while a very good theory is not the end of the story. The quantum systems people study to understand what is happening when a photon is emitted and transmitted through a optical fibber are also a simplification of what really happens and although the assumptions made are good ones there may be some subtle effect present that is only apparent when you solve a much more detailed (currently unsolvable) problem that more closely models reality. There may turn out to be away to crack it. No one can say for sure.
No, the bits have a property that is shared between their endpoints. If you insert 2 more endpoints in the middle, then
the original enpoints no longer have the shared property.
The first thing that Alice and Bob do is to check that they
have the shared property on a small set of the bits, and thus an evesdropper will be detected immediately.
It's a bit more complicated than that, but the essential thing is to note that it's impossible to duplicate a quantum state. Once you've read it, you've extracted one bit of information from it, but the original contained more than one bit of information. Therefore the MITM can't reproduce what he was sent, merely what he read, which is different 50% of the time.
I wrote a obfuscated self-modifying perl script which would let you play with such a scheme. Alas it requires some knowledge of how the scheme works in order to use it.
Also FatPhil on SoylentNews, id 863
A lot of people here are (rightly so) pointing out that QCrypt is of limited use because it's only good for a straight run of fiber and is therefore useless for anything over ~100km at most. Well, wouldn't it be a relatively trivial matter to install trusted amplification stations that could verify the integrity of the transmission over the last link, and then bang it out over the next link? It'd be like a normal network, except your links would be shorter and your "routers" would have to be a whole hell of a lot more secure, but is there any fundamental reason why it wouldn't work?
Facts do not cease to exist because they are ignored. - Aldous Huxley
There's just not enough bandwidth available on existing QCrypt links to send an OTP - AFAIK the plan is to use a strong conventional aystem like AES and send the key, just a few dozen bytes, over the QCrypt network, then send the multi-megabyte encrypted message in a more conventional way.
Facts do not cease to exist because they are ignored. - Aldous Huxley
Didn't you listen to Narim? He said to Carter that quantum physics is tough to them as a disproved theory!
Geez...and i thought there are more enlightened people watching stargate here.
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
Is it possible to detect whether or not something quantum-encrypted is being transmitted? There's plenty of information you can garner from a transmission based on the start and stop time, frequency, source and destination, duration, etc. - Scott
(The following is a post I wrote a month ago to a different forum.)
I don't really see Quantum Cryptography being wildly popular. The big downer is that you need a continuous, clear point-to-point transmission between the two people talking. If Alice is in Los Angeles and Bob is in Tokyo, then you need a trans-Pacific undersea QC fiber-optic channel temporarily dedicated to just Alice and Bob (no packet switching) AND you can't have any classic repeaters to boost signal strength. That second requirement pretty much kills it for distances greater than 50 miles or so.
You could add repeaters, and have each repeater decrypt/re-encrypt, but then an attacker can tap into a repeater undetected and the biggest benefit of QC is lost.
There's a technique for building a quantum repeater. Basically, the gist is something like this:
That is, you can entangle entangled particles to "transmit" the entanglement. If I'm getting this correctly, Alice would transmit half a pair to Randy, Randy would transmit half a different pair to Bob, then Randy would entangle his two halves so that Alice and Bob would have a direct pair. However, since you can't tell if two particles are still entangled without measuring them (and thus losing entanglement), the odds of an A:B pair staying coherent would be (A:R)*(R:B), or (A:R)^2 if all things are equal. Each repeater would add its own factor, so n hops (n-1 repeaters plus final delivery) means p^n chance of a good end-to-end entanglement. Since p<1, the channel bandwidth drops VERY rapidly with an increase in the number of hops. If you have 2Mparticle/s optic links (after accounting for the fact that you throw away every other photon), and 50% decohere on each link, that means 1Mbit/s bandwidth for a direct link, 500kbit/s bandwidth if you add one repeater, and continuing to drop in half for each extra repeater. My gut says there's a tradeoff between inter-repeater distance (big distance = less coherence) and hops (more repeaters = faster drop), and that you have to optimize for the local maxima depending on the exact link parameters. Ugh. That means if you upgrade to better link cables, you potentially need to re-locate all the repeaters in the world.
This might be bearable if you just use the QC link as a key exchange medium, then switch to classic secret-key crypto (e.g. AES) over the Internet once you've agreed on a key. Sending even a huge 512-bit AES key over 20 hops (same link parameters as above) would take just under 5 minutes, which is a pretty decent re-keying interval. 20 hops would get you 1000 miles with near-future tech. (Although 20 DS1-size links would be dedicated just to your re-keying channel, so it'd be hideously expensive. A single non-Internet-connected DS1 runs about $500/month in my area. But I could see it happening between e.g. universities or military bases.)
So, with all those problems in mind, don't expect QC to take over anytime in the next half-century or so. Until a working quantum computer is built (and quantum computers are actually harder than quantum crypto), public-key crypto like RSA and DSA (the stuff that SSL runs on) is still safe and doesn't have as much hassle. And, thankfully, quantum computers don't do jack shit against secret-key crypto. (They can shave 1 bit off your secret key, but that's trivial. They aren't magic wands.)
Range Voting: preference intensity matters
I've created all possible user accounts on the system, each with all possible passwords.
I can't tell you who is logged on, you may or may not be, if I looked, then we'd know, but it would defeat the point.
I think your disk is full and empty at the same time.
We reached a CPU resource bottleneck, or then again, maybe we haven't.
I'd like to say I got a good backup, what do you think?
O=='=++
How much you want to bet that the practical difficulty of building an n-bit quantum computer turns out to be exponential in n?
So building a 1024 qubit computer would be 2**1022 times harder than building a 2 qubit computer, in other words.
Even if these hypothetical systems crack at the rate of megaflops per nanosecond, it's still possible to scale conventional crypto to the point where brute force takes longer than universal proton decay. This looks like NSA fudd to me, analogous to those flying saucer reports in Iran.
``Tension, apprehension & dissension have begun!'' - Duffy Wyg&, in Alfred Bester's _The Demolished Man_
Everyone is saying a one time pad is "impossible" to break... I would like to respectfully disagree. I think it's amazingly improbable that you could break it. The reason? There is the remotest chance that you could guess the OTP correctly. Not very likely that you could luck into that... but still a mathematical physical real possibility. And I suppose the same would be true of the quantum encryption.
Part of the process necessary for quantum encryption to work is a second communications channel, which the parties use to communicate which bits in the quantum stream to use for encryption.
The parties then use that channel (or possibly a third channel) to transmit the encrypted data.
If an evesdropper can mount a man-in-the-middle attack against both (all three) channels, then he/she can compromise the encryption.
With a trillion-dollar budget, this should be doable in many cases.
Those who sacrifice security to condemn liberty deserve to repeat history or something. - Benjamin Santayana
Well, I guess the vulnerability could be found in the repeaters. They move the state of one photon to another for longer distance transmissions. In the article: Ultimately cryptographers want some form of quantum repeater--in essence, an elementary form of quantum computer that would overcome distance limitations. Now, I understand that tapping a fiber line to grab photons would changer their state and allow for detection, but I can't believe it is impossible to grab the state of the photons somehow. My small brain has an idea, someone shoot it down please. Here goes. If a quantum repeater allows can 'mimic' a photons state, why can't a repeater be hacked to make copies? That is a repeater repeater. All of this is too Star Trek for me, going back to VB coding now... Brain hurts...
--Always, I mean never..., No I mean always check your references.--
Re random bits - they're only as perfect as your measurement of a right angle. However, it's pretty easy to unbias nearly random independent bits, so that's not a show stopper.
FP.
Also FatPhil on SoylentNews, id 863
Quantum cryptography is the encoding of communications using a quantum technique which allows the guaranteed detection of any intrusion or interception of the communication. Prototype systems now available. Not to be confused with quantum computers, a technology which could theoretically allow successful code-cracking computations which are beyond the power of current computers. Quantum computers are theoretically possible, but only the most basic building blocks of the technology have been demonstrated to date. And it should be noted that cryptographic engineers have already documented half a dozen techniques for intercepting quantum cryptographic communications without violating any laws of physics by simply outsmarting the builders and operators of such systems. For example, by taking advantage of the error correction built into the sender's hardware to make it repeat data blocks without notifying the human operator. Or overloading the receiver's detector by shining a laser down the optical fibre, causing it to read all zeroes.
Holey moley, oops. I just said what you said.
I should get some sleep...
Also FatPhil on SoylentNews, id 863
None of them answer the most basic questions facing geeks today:
Screw public keys and I don't care how long a password I have to type: What's the best way to encrypt my network drive dedicated to porn?
How long before some big bad TLA gubmint agency will be able to break that encryption?
When one of these scholarly journals simply and directly answers those two questions, crypto-challenged geeks everywhere will rejoice.
The threat of quantum computing to conventional cryptography is twofold. First, it provides novel factoring algorithms that attack specific contemporary cryptosystems that rely on certain mathematical problems used for key exchange being 'hard'; in the future we defend against this by moving to new core problems that are hard int he new computational domain. The second (to simplify rather) is the potential to 'brute force' the key space of cryptosystems in general by trying exponentially many keys in parallel. One time pads remain secure, because they consume enough key bits to keep all decrypts equiprobable (up to length). Although for key distribution this property of equiprobable decrypts is essential (because the task is one of maintaining the size of the keyspace for an attack on subsequent stages in a protocol), for many tasks it suffices just to provide enough sufficiently probable alternatives that the correct candidate decryption cannot be recognised. For example, if I have as a front end to my cryptosystem a codebook that says '0 = sell the stock, 1 = meet me for lunch, 2 = I am having an affair with your wife, 3 = I think it may rain', then even a one-bit key should keep me safe from the SEC (though it now matters whether the recipient is, in the real world, married).
The point is this: the absolute mathematical defense against bruteforcing is a key space the size of the message space. But it also suffices to compress the message before encryption with sufficient competence that the full key space generates many plausible decrypts (where 'many' means specifically that the cost of verifying them exceeds the value of the message).
I suspect that since quantum computation is in principle limited by readout, increasing the difficulty of recognising a decrypt becomes the key defense to this attack.
This makes data compression very important to future security (and patents in the field a significant threat).
There are actually commercial products (MagiQ) that do quantum encrypted links over fiber. If this product is properly made, I could well see it obsoleting any classical crypto tunnels (like VPN etc). Hell, you just layer the classical crypto over the quantum secured link anyway. I have recently been talking with professors at a major North American university who will in fact be dissecting this equipment; but yeah, classical crypto simply can't compete with equipment like this. You put up the quantum crypto link on fiber, then any classical crypto underneath.
This implementation of quantum cryptography is, in essense, a secure negotiation of a one-time-pad that can be used in any symetric key algorithm.
You sly dog: you got me monologuing! - Syndrome
Look! Someone writing something new in FORTRAN! It's hardly ever seen outside of zoos now.
[aussie] This stuff is REALLY DANGEROUS! [/aussie]
$META_SIG_JOKE
Because light soft of "bounces" down a fiber optic, being reflected from the walls, could you (very carefully) strip off the insulation, and put a bend in the fiber, and collect the stray photons whose angle of incidence wasn't shallow enough to be reflected?
Chip H.
That's amazing (re: distilling truly random bits from a biased bitstream). I had no idea that was possible, or even that simple, but of course it makes sense in 20/20 hindsight. Do you know if all methodologies to generate computed randomness via something like environmental sampling (e.g., /dev/random) take advantage of this to purify the random bitstream?
Whoa, what are you talking about? Would you mind linking us to this mathematical proof of the impossibility to crack a one-time pad? Because the fact of the matter is that someone could try every possible one-time pad of a set size... and they could try all the sizes between 1 and kingdom come, and with infinite time they are garunteed to find the right pad... so please elaborate what you mean there...
Gravity Sucks
Its not that easy... the system described above is set up to send single photons (or nothing) through the fiberoptic cable... bleeding photons out would just intercept the signal, and those bits would be invalidated from being used in the key.
Gravity Sucks
In case anyone was thinking, elliptic curve encryption will also be considered broken if a Quantum computer is built
The AACS key is NOT 0xF606EEFD628B1CA427BEA93A9CA9773F
An alternative to using RSA, DSA, or other encryption methods which rely on the difficulty of factoring is Elliptic Curve Encryption. As far as I know, nobody has come up with a theory for how quantum computing might be used to crack ECE. What I do not know is how hard it might be to come up with such a thing, or how long it might take to become available once the theory is mapped out.
RSA-oriented solutions are going to get the lion's share of the attention and development for a while, because it is so popular. Unless ECE catches on in a big way, and/or RSA is widely viewed as useless, there won't be much market incentive to develop an ECE-oriented solution. At least, that's my opinion. So in the meantime, ECE-encrypted data might be safer than RSA/DSA-encrypted data.
-- TTK
yeah, but if the sender doesn't realize it in time and/or doesn't have appropriate countermeasures, you might get enough of a message.
but see what you don't realize is that what passes in the fiberoptic cable is the encryption key... so the bits you would get would never be a part of the final key... the bleeding would just introduce some more zero's and as described in the article, the system is based off the bits that are recieved... the reciever of the signal (over fiberoptic) tells the sender which bits it recieved, they do some checking on some of those bits to make sure they recieved what they were supposed to, but if the recipient doesn't get certain bits (the ones that bled out), its not a big deal. They just don't use those as part of the key... You can capture all the message, if you hack the internet communication, but the point is that it will be encrypted using a big key that was sent via fiberoptic, and you would have no idea what the key was, other than the fact that whatever number bit you caught will NOT have been used in the making of the key.
Gravity Sucks
In this case I'm not talking about quantum encryption. The parent believed it was almost impossible to read a signal on a fibre optic cable so there is no point in having quantum encryption.
mea culpa, My Apologies to you.:)
Gravity Sucks
A fast search on google reveale no protocols immune to man-in-the-middle attacks.
I foud 3 different kinds of protoclos, the entangled fottonws are one of them, but all of them rely on the original message going till Bob.
Rethinking email
I read it. It's very interesting. It sould have potiential but they still have yet to carry out a real lab test. So far it has all ben thought experiments. But, given the right minds, a thought experiment is as good as the real thing. I think they may be on to something big ..
Yeah you could say it's a speed issue.
one way to look at it is that you <I> could simulate a 16 processor computer on a 1 processor computer, but it would take 16 times as long plus the overhead. Assuming that the single processor computer is running the same processor as the 16 processor computer is using 16 of.
A quantum computer is sorta running all possible keys at ONCE, to simulate this a transistor computer would have to simulate each quantum state iserially, effectively trying each key one after the other while maintaining the overhead of pretenting to be a quantum computer. Whereas normal brute forceing is just trying each key one after the other.
You should always be able to brute force the key faster than simulating a quantum computer trying all of them.
And modern ciphers such as des and aes rely on brute forcing the keys taking WAY to long to be pratical.
Though what's practical depends on how long your willing to wait for an answer and how much $$ (hardware) your willing to throw at it. If some scientist had come up with a universal cure for cancer that also extended quality life-span to 200+ years and proved it, but fell off a cliff without explaining it and the only copy of how it worked was locked behind encryption I'm quite shure putting a few billion dollars of computer power on the task 24/7 for a decade would be considered quite pratical. The e-mail of joe blow admitting he stole a few hundreed dollars while working at McDonalds however is probably not practicle to do more than check if it's rot-13 'encrypted or not'.
Mycroft
https://signup.leagueoflegends.com/?ref=4c3ed6600b6ea
Quantum links have been around since the 80s.
http://www.qlinklives.org/
https://www.eff.org/https-everywhere