Slashdot Mirror
Scientific American on Quantum Encryption
prostoalex writes "Scientific American claims that advances in commercially available quantum encryption might obsolete the existing factorization-based solutions: "The National Security Agency or one of the Federal Reserve banks can now buy a quantum-cryptographic system from two small companies - and more products are on the way. This new method of encryption represents the first major commercial implementation for what has become known as quantum information science, which blends quantum mechanics and information theory. The ultimate technology to emerge from the field may be a quantum computer so powerful that the only way to protect against its prodigious code-breaking capability may be to deploy quantum-cryptographic techniques.""
Someone needs to write a Encryption routine that uses the source text as the key. THAT will really show 'em!
"Everything you know is wrong. (And stupid.)"
Moderation Totals: Wrong=2, Stupid=3, Total=5.
As far as I can tell, no cats were harmed in the making of these quantum cryptographic devices, although if you look inside the box, the act of looking at the cat inside may (or may not) kill it
"And we have seen and do testify that the Father sent the Son to be the Savior of the World" 1 John 4:14
The printer-friendly version puts it all on one nice and image free page.
Article here
Because you could implement Shor's factorization algorithm.
Quantum computing doesn't make threats.
It makes promises.
I'm not just gunna break yo' face, i'm going to quantum break yo' face, foo'!
Quantum computing provides an algorithm (Shor's), utilizing quantum mechanical manipulations, which factors numbers exponentially faster. Thus, factoring and checking factors takes the same amount of time.
This leads to the undesirable conclusion that encryption and decryption (by an intercepting 3rd party) of a signal take the same amount of time (up to a polynomial equivalence). In other words, the encryption is breakable, since the interceptor need only invest roughly the same amount of computational effort as the sender in order to crack the message.
That is why the creation of a quantum computer would "obsolete" present encryption. The point of quantum encryption is that it is not vulnerable to such attacks.
*I'm not just gunna break yo' face, i'm going to quantum break yo' face, foo'!*
so you gonna break his face and slam a cardboard box over his head? "no officer, his face is not smashed. however, if you take the box off it might cause it to be smashed or not"
world was created 5 seconds before this post as it is.
Quantum cryptography is a solution in search of a problem. It cannot implement public key/private key cryptography, and it can transmit only through a single uninterrupted fiber-optic cable, not over the internet at large. Given those limitations (which I don't think can be surmounted), one might as well use tremendous, digital one-time pads. Transmission of the pads to the relevant parties should be strictly easier than the quantum cryptographic solution: if nothing else, generate terabytes of noise, store it on a RAID, and put it in a car with ten intensely loyal guys. After you've done that, you can send up to that amount of data securely over the internet at large, and no amount of quantum hocus-pocus will be able to decode it.
I think [..] Eventually, we will have quantum computers capable of brute-forcing even quantum encryption...
Well, you think wrong. Quantum encryption cannot be 'brute-forced'. Because it's not 'encryption' in the conventional sense but rather 'secure transmission'. The data is not encoded, but rather transmitted in a way which makes eavesdropping impossible. Since you can't intercept any 'coded message', there is nothing for you to brute-force.
And this holds as long as what we know of quantum mechanics holds.
(More specifically, the Bell inequality. Which was verified in the famous Aspect experiment.)
So no, nothing in quantum physics is going to invalidate quantum encryption. And I wouldn't get my hopes up for future theories, either, because this 'wierdness' of quantum mechanics so well-verified experimentally that it'd be unlikely that any future theory would change it. (But hopefully explain it)
God, I love when slashdot covers advanced scientific stuff... then people like you who have no idea what they are talking about get to be mod'ed Insightful!
OK, there's two very different uses of quantum technology when applied to crypto problems:
1. If you had a quantum computer some problems like factorization become easy; therefore things like RSA would be instantly decryptable. The gotcha is that the current "state of the art" for quantum computers are still absolutely tiny and there are HUGE engineering challenges towards building one large enough to factor a real key (I think they're at the point now where they can factor numbers like "12"... so they have a bit of scaling before they can start attacking 300-digit numbers)
Of course there could be a massive breakthrough in quantum computer design tomorrow which would throw the whole crypto world on its head. That makes this area really interesting for crypto people.
Does NSA secretly have a quantum computer that can do that? I'd say its extremely unlikely... I'm sure they have people looking into it but they would have to be AMAZINGLY far ahead of the public research community to have actually built a full-size one.
2. What this article is talking about is "quantum encryption" what's really "quantum" about it is making an untappable fiber line by signalling using the characteristics of single photons. By using Heisenberg's uncertainty principal you can make it impossible for anyone to tap the line (and thus observe the photon states) without also randomizing the bits. It's really hard to get your head around but it actually works.
Note that nowhere here did we use a "quantum computer"... this is all using technology that exists today (obviously, since you can buy it)
So basically even if your adversary has a trillion dollar budget to attack you with they CANNOT tap that fiber line without destroying the communication in the process. It's physically not possible with any technology.
So unless the NSA has a whole undiscovered field of physics that the world doesn't know about they don't have "quantum decyption" As we understand physics today it's literally impossible to build such a device.
Quantum encryption is a misnomer, it should be called (and is, in some circles) quantum key distribution. It's all about how the key is transmitted, not how the data is secured. The encryption method is independant of how the key is distributed. Contrary to popular belief, it typically cannot be a one-time pad, since the bandwidth on the "key" channel is very limited due to the exact nature of the transmission. It can be, though, a constantly shifting AES key, or other type of data, making the datastream as a whole effectively unbreakable.
The problem lies in that you have to have a single, unbroken fiber optic connection between the two points, and this fiber optic connection is very limited in the amount of loss that it can withstand. That means you're geographically limited on how far the circuit might be able to travel. You're looking at a few hundred kilometers, at the absolute maximum.
Considering the amount of money you'd spend on putting the circuit in place versus the amount of money you'd lose if the data was compromised, it's very unlikely that anyone, anywhere will have a practical use for QKD/QE. Government and defense, maybe, but then only in very limited applications.
There is a chance that, should quantum computing become a reality and modern encryption algorithms can suddenly be cracked very, very easily that this method may see some use, and by no means is development a waste of time and effort. But, QC is still very much in the early stages, if a working system is ever developed at all.
Thta being said, PKI and courier delivery of key material will continue to be the order of the day for quite some time.
But in the current networks it'll only go around a couple of meteres at Max and you can't use an amplifier/repeater with this. So really, how are we going to use this in real life ?
Who said using it on current networks? In real life, custom networks are used, of course.
Sending information faster than light is likely not possible. The FAQ you linked to says that too. Currently, theory says no, and experiment can't tell. Some have chosen to interpret their experiments as supporting FTL transmission of information. But the majority do not agree with that interpretation.
Using photons in computers in any form is so far off that suggesting it as a solution to current day problems like die size vs clock speed is ridiculous.
give it a shot.
Particles that are treated best by quantum theory (such as photons, here) exhibit quantum states. Just think of them as metainformation about the particle, which is accurate to a first approximation and appropriate for this explanation. In this case, the light is polarized, which dictates some of its quantum metainformation.
The Heisenberg principle, which you've probably heard about, says that you cannot know the position and momentum of a particle exactly, simultaneously. You can know one or the other exactly, you can know both with noninfinitesimal error, but you can't know both. For big, heavy things, like macroscopic objects, the uncertainty is so small as to be irrelevant.
The quantum weirdness which results is as follows: an unobserved object simultaneously exists in a linear combination of multiple quantum states. That is, it exists as
(x*A+y*B+z*C)/(x+y+z)
Where A,B,C are quantum states and x,y,z are relative probabilities. If they add to 1, the x+y+z term falls out.
This is where schrodinger's cat. If you wait exactly long enough that the probability of the cat dying is 50%, the cat is exactly equal parts dead and alive. It's accurate, but I think it's confusing because it confuses the fact that quantum states really only apply to very small things, except in isolated cases like this.
Where the unbreakability of quantum encryption comes in is the observer. If you open the box, the cat is no longer both, it's just dead or alive. If you look at the photon, it's A,B, or C. You have destroyed the metainformation contained in the photon, because up until when you observed it, it was x parts A, y parts B, and z parts C.
This is unavoidable and fundamental to quantum mechanics.
For quantum encryption/communication not to work this way, we have to be wrong about quantum mechanics, and the fact that it's just so WEIRD is part of the reason I suspect it will work. It's so counterintuitive people have verified this many times.
However, it is perfectly reasonable to borrow a large sieve with a water tray - which both work on all the grains simultaneously - and then the job becomes doable in hours.
"A language that doesn't affect the way you think about programming, is not worth knowing" - Alan Perlis
Alice sends Bob a stream of photons. Each photon that is sent, Alice encodes a state of '1' or '0' on each photon.
Unfortunately, Due to Quantum Mechanics, Bob only has a 50% chance of actually reading the state of the photon. 50% of the time he gets '0' or '1', and 50% of the time he gets 'Unknown', and the photon is destroyed..
This is ok, because after receiving 1 million bits, Bob phones up Alice on an unsecured line and says I managed to read photon numbers 5,6,9,12,13,16....(+ approx 500,000 more), so I will use the state of these photons as a one time pad. Alice looks up the states she sent these photons, and now both parties have a one time pad to encrypt data.
Now, lets say there was an intruder attempting to intercept the key exchange. The intruder is also constrained QM, and can only read 50% of the photons, with the other 50% Destroyed. Because, the 50% of photons the intruder would receive, would be different to the 50% bob had read, it is impossible for the hacker to use the information sent using by bob to Alice, via the unsecured phone call, to build an equivalent one time pad.
Also, as the intruder is only able to forward a exact copy of just 50% of the photons to Bob, with the other 50%, now destroyed. He could replace this 50% of photons with his own set of random state photons, but this will be detected by Bob and Alice, as the one time pads would be different on this 50%, and the transmitted data using the pads would be corrupted.
If you have a quantum byte, i.e. 8 quantum bits, you can load it with 256 different integers simultaneously. You can do a single computation on the byte, and this computation is done simultaneously on all the 256 integers. This can easily be emulated, with 256 computers, as you suggest.
But, if you have a quantum computer with 256 quantum bits, you can do computations simultaneously on 2**256 integers. That's not easy to emulate with classical computers because we don't have enough of them.
The main problem with constructing algorithms for quantum computers is to read the result. When you read the 256-bits you only get a single number among the 2**256 which are stored there. Each of 2**256 integers has a probability associated with it, what you read is governed by this probability. Once you read, the state of the computer collapses to what you read, all the other information is lost.
Shor's algorithm solves this by ensuring that the result is periodic, the period being the solution to the problem. It then performs a Fourier transform on the state. Then reads it and gets the period with high probability.
Quantum entanglment cannot be used to send information faster than light, as explained here
So, you could send a key to the other end, but it wouldn't be the same key that you received, because the key is created during the exchange based on which photons were encoded in the same orientation they were measured. So, any protocol that uses this has to be designed to take advantage of this property to prevent man-in-the-middle attacks. Apparently the crypto boys and girls feel this is enough of an advantage to be done--I haven't inspected any protocols that do this, so I can't explain how it's achieved. But simply sending a long key and XORing the message with it isn't enough--the man in the middle could foil that by just generating a new key and reencrypting.
I'm sure someone has a good discussion of this up on the web. The question is if there's one that's accessible to the non-cryptographer.