Slashdot Mirror
Code for Unbreakable Quantum Encryption
An anonymous reader writes "ITO is running a story on NIST's latest quantum encryption key generation. From the article: 'Raw code for "unbreakable" quantum encryption has been generated at record speed over optical fiber at NIST. The work is a step toward using conventional high-speed networks such as broadband Internet and local-area networks to transmit ultra-secure video for applications such as surveillance.'"
Why go fast when you can go anywhere? O|||||||O
Let's see what DVD Jon has to say about this first...
People really need to quit referring to anything as "unbreakable" or 100% secure. It's never going to happen. Just as making anything idiot proof, they will always build a better idiot. Saying it's unbreakable is just going to challenge someone to do it.
IMAGE VERIFICATION IS EVIL!
I'd like to think that this would be used for something useful like secure financial transactions or transmission of other personal data, but it is disc ouraging to see that TFA focuses on securing video transmissions.
Linux : Hotrod
am I correct in ascertaining that the key is generated using some of the quantum properties of very small particles?
In that case, how is the key shared with the end terminal? In what way is the key generation reproducible at the remote computer to decrypt the signal?
This message encrypted with rotsqrt(-1).
Sure, this protects you from *eavesdropping* "the rules of quantum mechanics ensure that anyone intercepting the key is detected", but not from a *man-in-the-middle attack*, where E is cutting every wire between A and B, independently negotiating keys with A and B, and translating back and forth between the two encryptions.
My question, however, is this: Once hackers obtain quantum computers themselves to use for cracking quantum codes, will they actually have to run them? After all, it was just proven that a quantum program doesn't even have to run to come up with an answer. That's all we need - a new generation of lazy quantum hackers! What's this world coming to? What happened to good old-fashioned dishonest work?
"A little misunderstanding? Galileo and the Pope had a little misunderstanding."
I'm not sure I want to live in the world we're building for ourselves.
RU sure all this stuff makes it better? I mean _really sure_? Or are you just telling yourself it'll all be OK, somehow, some way, some day.
I filed a patent for my tin foil suit back in 1986.
Anger has its uses. Here, let me show you.
I need to go back to college and take some physics classes. It seems quantum physics is becoming a part of day to day life, and I really have nothing but the most basic laymans understanding to go on.
If someone could please explain to me how the quantum code can be transmitted over wires, myself and other normal people would greatly appreciate it. They say that they generate the quantum code using photons, but, how can the photons be sent with the message? Also, wouldn't checking the code to see if it had been tampered with actually change the code?
I JUST DONT GET IT.
If it can be decrypted its not unbreakable. Unbreakable encryption is easy, just not that usefull if you ever want access to what you encrytped.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
The current state of cryptography is that people can have either secure communication but possibility for man-in-the-middle attacks or secure communication with a requirement for a third party or prior knowledge (previously exchanged key etc). All systems must comply with this basic law, since if you can't ascertain the identity of the other party without relying solely on its information, you need somebody else to tell you or some memory of that entity. If you thus rely solely on the other entity to declare itself as anything, you cannot make for a secure cryptographic channel.
The idea of quantum cryptography is that you have some form of signal sent both ways that only the receivers can receive, since it can't be tapped in the middle due to detected signal loss and single-atomic-unit transmissions being measured. It's pointless, because anything the actual receiver can do, I can do too, and anything the actual receiver can't do I can't do either. Without prior knowledge, it's not anyhow more secure than current systems. With prior knowledge, it might be ever so slightly more secure, yet not much (on the order of 10^-40 % less chance of decryption).
Quantum cryptography is near pointless.
Ok, maybe I missed something back when I took QM in college, but photons are the only particle of light, aren't they? They are not the only electromagentic particle, but are the only constituents of the light we see. Or has the universe become even stranger and no one told me?
GetOuttaMySpace - The Anti-Social Network
Sorry, but this *is* unbreakable.
No, it is not. A cryptosystem is only as strong as its weakest link. In Quantum Cryptography the weakest link is not the actual encryption but the authentication of both parties. If Eve pretends to be Bob to Alice and vice versa, Quantum Cryptography can be broken faster than the Caesar code this Italian mafioso was using.
OS Reviews: Free and Open Source Software
That's like giving a DEA agent in Columbia a "bulletproof" vest.
Only if the pretense occurred during keysharing, which isn't a problem mathematical cryptography can address. In other words, you're only correct because you're redefining the entire argument--quantum cryptography is unbreakable, and a system which uses quantum cryptography can be broken. Big whoop.
So if your "secure" stream must be used to transmit a key the same size as the actual data (bit for bit) and, being effectively a one-time pad, you should never re-use the same key (makes storing the key ahead of time basically pointless) then why not just send the actual data over the "secure" stream and do away with the public stream altogether?
=Smidge=
What about the noise of some of the photons being lost (absorption)? The system has to be stable against it. Ergo, one can hide herself under the noise threshold.
PS. It has been 20 years since my quantum mechanics exams.
I do not believe in karma. "Funny"=-6. Do good and forbid evil. Yours, Oft-Offtopic Flamebaiting Troll.
The article is about quantum encryption, not computing. IIRC, quantum encryption employs the quantum characteristics of photons to make it impossible to eavesdrop on a communication without altering it, thus rendering it uncrackable. Whereas quantum computing employs the overlapping of quantum states of systems in order to provide a kind of natural ability to perform "parallel" computations.
If it weren't for deadlines, nothing would be late.
whenever I'm looking for them, they're not there!!!!
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
I'm completely baffled. The article says that the system transmits bits of "key" over a quantum-secured channel, and that "The rules of quantum mechanics ensure that anyone intercepting the key is detected." It then says that video is encrypted, using one key bit per video bit.
Why not just send the video itself over the quantum-secured channel?
In both cases, if someone was "detected" intercepting the key, you'd have to stop sending your information, so why not just send the information of the quantum channel and stop immediately if interception were detected?
"How to Do Nothing," kids activities, back in print!
where is the code ?
v
By sending the key, they will notice its interception, and never send the sensitive data, thus never risking any part of it. To just send the data would confer the ability to steal it, though with the senders knowledge.
They're there affecting their effect.
Photons travel in optic fibers just fine - polarization state and all. Around corners, bent by index of refraction gradients and bouncing off index of refraction continuities, etc.
Might as well be using line-of-sight and telescopes, as some (but not all) of the experiments did.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
So the code is unbreakable. It's also highly susceptible to DOS attacks. As soon as someone attempts to view the photons, they disrupt the key, which will disrupt the transmission of information. In the case of surveillance, I would think that this is as least as useful as being able to watch the stream itself.
Wasnt MD5 Encryption once referred to as Unbreakable ??
"What happend to just paying for a product without being constantly nibbled to death by Credit Card Ducks?"
I've always had an issue with quantum encryption that doesn't so much stem from the technical aspects so much as from the basic requirements of any cypher.
Probably the most basic requirement of any encryption system is that it be able to send the encoded message quickly and easily. If I have an ultra secure magic box that I want to use to send key information to someone, but I can't get him the box, then it's useless to me. Now, the details of the transfer of information generally don't come into play when discussing most cyphers because the details of transfer are completely unrelated to the particular cypher being used. But quantum encryption is different. Any evesdropping on a transfer line will corrupt the message, not allowing the receiving party a chance to decode it. This makes jamming any line as simple as listening in (and of course, if we weren't worried about people listening in, we wouldn't need encryption in the first place). So does anyone here know how this issue is being addressed?
I came here for a good argument
I don't think you can send information down the quantum channel. You entangle two photons. One goes to person A, one to person B. Person A measures the spin of one, and becuase they are entangled, he now knows that the other has opposite spin. He uses the spin to generate one bit of a one time pad, knowing that person B can derive that bit from his photon. There is no way of encoding information in those bits, it is random which way the spin is until you measure it, and then you know the spin of both particles. So the quantum part is only useful in sending a string of completely random bits, perfect for a one time pad, considerably less so for actual data. If the photon is intercepted along the way, person B won't get the photon and can not decrypt the data stream, therefore, he knows that the quantum chanel is compromised. At least, that's how I understand it.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
If you send the data in the clear and it is intercepted, then it may never reach you, so you will not know it has been intercepted.
Instead, by sending a key, you can wait until the key has arrived safely and been confirmed before sending any of the data. If the key was intercepted, a new key should be generated. The Quantum Wotsit ensures that no-one can intercept it and resend it without you knowing.
As I see it, the only flaw would be in confirming reception of the quantum key... an attacker could spoof the "Key received" message in some way, and so fool the sending system into thinking that it was now safe to send the encrypted data...
The one big vulnerability with OTPs is that you've now got to send the key securely. Since it is equal in size to the message and is only valid for one message, it is equally hard to send the key securely as it is to send the message securely. Because the pad is pure randomness, it is possible (using existing methods) to send the pad by public key encryption, as it is non-trivial for someone intercepting the message to know how to decrypt it, as it's hard to know when you've broken the encryption. One piece of randomness looks much like another.
Generally, though, people take shortcuts. Instead of using a full-sized one-time pad, a much smaller, repeatedly-used pad is used instead, with some form of pseudo-random mangling to churn things up so that it acts in a very similar manner to a one-time pad. This is generally how stream ciphers work.
Quantum Cryptography - if used sensibly - would involve transmitting a gigantic OTP. Far bigger than the one you need. You then drop all of the bytes that are intercepted. The only bytes used in the pad are the ones the intercepting person does NOT have, so you know the pad is free of holes.
A "better" solution would be to not transmit the key at all, but somehow exploit photon teleportation to deliver the key in a secure manner. However, if you could do that, you wouldn't need encryption in the first place.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Faith is a willingness to accept something w/o complete proof and to act on it. Reason allows you to correct that faith.
The article says no such thing. It talks about "generating" a key, not transmitting one. What the technique does is produce two identical copies of random bits at the two endpoints. You cannot choose which bits are produced, so what you do is use them as a one time pad.
..."for applications such as surveillance"
Ya, right! You know that the only people using this technology is going to be porn site webmasters, trying to keep their feeds from Amsterdam secure.
"Seven years of college down the drain. Might as well join the f-ing Peace Corps." - John 'Bluto' Blutarsky
Let's be a little more clear.
OTP is unbreakable through direct cryptanalysis.
OTP is NOT unbreakable if the "opposition" gets the a hold of the pad somehow.
So, employed correctly implies that 1) you only use the pad once, 2) the pad is distributed to both A and B in secrecy, the the opposition (C) getting it, and 3) that pad is truly random. (IOW, it can't be some obvious pattern).
Those three conditions are a heck of a lot harder to implement than you might think because at some point, the key (the pad) must be distributed to A and B or from A to B in plaintext.
My blog
He likes to drag them around and make noise with them. He's a big tabby tom - about 17 pounds and a yard long. Now if I could teach him to teach the paper...
So you're saying that you're certain that there can't be certainty?
You know, saying that it's impossible to make something unbreakable, is just going to challenge someone to do it.
Okay, I read wikipedia on this, but I really fail to see how you cannot mount a man in the middle attack.
If Alice and Bob are going to do the key exchange thing, what is to stop Eve from stepping into the middle before it begins. Then Alice actually winds up doing a key exchange with Eve and Eve does a corresponding (but different one) with Alice.
Sure the quantum things is going to ensure the keys are different, but that is not going to help Alice and Bob unless they actually have a secure channel to compare them on. Without that, Eve can just continuously translate between Bob and Alice, decrypting with the one key and re-encrypting with the other, and no one will be none the wiser.
Really, as far as I can see, this is only any good if you have another secure channel (and if you have that, apart from a postmortem evaluation, why are you doing all this anyway).
If i'm not mistaken then that is exactly how one uses entangled particles (photons in your example). the idea is that when two particles are entangled then if alice reads the spin of her particle she will get the same reading as bob (provided they use the same base to messure the spin). The problem with transmitting information (and the reason why this doesnt break the "nothing goes faster then the speed of light" rule) is that the entangled pair can not be created to read to a predefined spin (= bit value). Thus the result is a correlated but random result. ideal for setting up a OTP but no good for actual information exchange. on the other hand i'm no quantum computer scientist nor a physicist so all the usual disclaimers apply here.
Great! So it works well, until someone cracks god's RNG.
This seems to be a deffinition problem. What is not possible (as the wiki article points out) is a man in the middle _where A and B end up with the same key_. However if we assume that Mallory is also between A and B for all conventional communication (i.e. not the quantum chanel) then things are different. A and M agree on a key, and M and B agree on a different key. then when A and B use normal channels to acertain if they can understand each other (implying they have agreed on the same key.) now Mallory can act as a go between decrypting A's messages and rencrypting them to B. So A and B believe they can understand each other and M is sitting happily in the middle. this is ofcourse a more general problem though. namely that all one ever can verify in the digital world (quantum or not) is that one is communicating with a key (be it a OTP, pk/sk pair, symetric key or whatever) but NOT with an entity. i.e. you are not sending a message to Alice but to alice's key. who knows who actually owns alice's key. maybe not alice at all. as it so happens, solving this problem was the main motivation behind the invention of PKI and Certifactes. These attempt to establish a chain of trust linking a key to an entity. pure quantum key exchange algorithms do nothing to deal with this problem though and thus suffer from the same type of man in the middle as an anonymous deffie hellman does.
As long as there are people in the security chain, they can be bribed or otherwise suborned.
What good is quantum encryption if it is trivial to block communications by any party by trying to intercept?
If the message doesn't go through, what good is it?
Even if OTP is employed correctly (used once, truly random, completely secret), there are still a finite amount of possible combinations that a message can represent. A sufficiently short message and knowing the context of the message will greatly reduce the security of any system.
For example, if an eavesdropper is expecting a "yes" or "no" communication and captures a 2 character message: not so secure anymore, eh?
In the end, everything has a breaking point. The point of using encryption is to make discovery more difficult, not completely impossible.
This is not my sig.
Whenever an undercover agent needs to report to HQ, all he has to do is dig up the street and lay optical fibre ..
The amount of nonsense some people will keep saying just to get attention is staggering.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
First, the important thing about quantum encryption is the generation of the key. The actual message can be encrypted any old way - it doesn't matter. In this case, the key is used as a one-time pad.
Now, here's how it works:
First, you have some sort of quantum particle. The exact nature of the particle doesn't matter, you just need two different ways to encode a 0 or 1. We'll call these two methods A and B. If you encode a bit using method A, and the receiver uses method A, it should correctly tell you that the bit is a 0 or 1. If, however, the receiver attempts to use method B to decode the particle, it should randomly report a 0 or 1, so the receiver has no idea which is right.
Now, here's the method. First, the sender creates a random string of 0s and 1s, and encodes them using a random sequence of encoding methods (the A or B methods). He sends this to the receiver, who attempts to decode it with a random sequence of A or B methods. This gives the receiver a key, though anytime the receiver used a different method than the sender, the particular bit may be incorrect (50% chance). Then, the receiver sends his sequence of decoding methods to the sender, who then checks it against his sequence and tells the receiver which ones were guessed correctly.
So, now both the sender and receiver know which bits of the sequence were received successfully, and which bits were randomized by the receiver's attempt at decoding. They both ignore the randomized bits, and whatever is left over is used as the cipherkey.
Voila! Both sender and receiver have the cipherkey, and the sender then encodes the text, transmits it, and the receiver unencrypts it.
Now, why is this secure? Because of wave-function collapse. Remember when we created two methods of encoding 0s and 1s? That was very important. Due to the nature of quantum information, if you use the wrong method to decode the bit, the bit is set to whatever it happened to return. Basically, if you encode a bit with method A, then decode it with method B, it then acts like it was encoded with B forevermore. If you try using method A on it, you'll just get another random value. You can't get it back to the pre-measurement state. Thus, there are no do-overs. You measure it wrong once, and you can never try again with the other method. So, if an eavesdropper happens to ever guess wrong when the receiver guesses right, there is no way to correct the mistake. That bit is now random, with a 50% chance of being right and a 50% chance of being wrong. The eavesdropper can easily tell whether or not it's random by listening to the sender and receiver exchange decoding methods, but he can never tell what the correct value is.
Thus, if they guess wrong once, their code has a 50% chance of having one bit wrong. That's easy enough to test - just try to decode the ciphertext twice. But if they guess wrong twice, there are two random bits in their key. That means four possible keys. Three wrong guesses yields 8 possible keys. You see where this is going. If you have a long enough key, the eavesdropper is bound to guess wrong lots of times, giving him too many keys to effectively test. On average, 1/4 of the of the guesses will be wrong (1/2 will be invalid because the receiver guessed wrong, and 1/2 of the remaining will be guessed wrong by the eavesdropper), so a quarter of the guesses will be random. 30 random guesses gives a billion possible keys. 40 gives a trillion. With a codebit for every messagebit (which is how it works in the encoding scheme used by these guys), a video (which consists of millions of bits at minimum) will produce more possible keys for an eavesdropper than there are particles in the universe.
This wave-function collapse thing is how you know if an eavesdropper exists. They receive the bit, decode it with one method or another, then retransmit it. If they guessed wrong, though, then the bit they resend is random, and has a chance of being wrong. Again, with a long enough key, it's vi
Yes, as we currently understand interaction on a quantum level, it's unbreakable.
To assume it's permanently unbreakable assumes that all theories stay prefectly intact, exactly as specified, for all time and that no one comes up with any edge cases that no one else had previously considered.
For a good 150 years, Newton's F = M x A where A=9.81m/s for the earth worked pretty well. Then an irksome German guy came along and came up with a more refined understanding. Newton's theory didn't stop being a pretty damn good approximation - it just turned out there were subtle variations to it that allowed for more complex theories.
Similarly, the Germans were absolutely confident that Enigma was unbreakable to any practical degree. No matter how many mathematicians you could throw at it or how could your cracking code, it would be effectively impossible to break - even if you break one code, you couldn't break the next in any kind of a timely manner. Unfortunately for them, a British postal worker invented this cool thing that could do it a whole new way. The German theory that Enigma was effectively unbreakable remained true in their world that was lacking knowledge of computers.
Right now, it's true, our understanding of electrons is such that, should we attempt to observe one, we fundamentally change it and thus reveal our attempt.
And, in ten or fifty or a hundred years time, some other upstart patent clerk (which will account for 90% of the world's population as current patent law is going) will come up with some weird system that we can't even guess at now.
All of the "properly" educated cryptologists will mock him and say, "The theory has been upheld for decades, centuries even. You can't observe an electron without disturbing it!" and he will carry on placing his weird jumble of quarks or whatever the hell he comes up with in close proximity to a butterfly flapping in Asia and read it unobserved. After he breaks enough of those codes and profits enough from the stolen data, they'll eventually, begrudgingly, begin to accept that... gosh, there might just be an expansion or refinement to the theory that, whilst the theory appeared just as true as Newton's view of gravity, there are things that aren't covered in our arrogance.
But, if you guys would like to religiously quote current theory, and ideally get jobs for banks etc. - the rest of would love to profit off accepting that we may not be all knowing and that, who knows, sometimes new variations on current theories do get discovered. The longer your refuse to accept that, the longer we can exploit your determination and the richer we can get by doing so.
...the source of randomness is in itself pattern-free. Also, they are highly inpractical for real usage, as it requires exchanging the key (thorugh a "less secure" method).
Quantum entanglement provides a way to distribute the pad from A to B that is not cleartext. Well, technically it provides a way to generate the same OTP at A and B at the same time while guaranteeing no one else intercepted it, but it's effectively the same.
Quantum crypto, a technology that can finally enable private communications for the masses, without being snooped on by the bosses and the government, and what killer app do we see?
Surveillance, on us. Unbreakable, uncrackable without detection, so our paranoia-clamped citizenry can rest easy that our boss and our government can surveil anyone they like without fear of having some third party, such as a lawyer, see what they are watching.
Mind-boggling. A pro-authoritarian mindset slipped in so easily.
Wee! I just registered for Slashdot. I had posted this previously as a coward, but here it is under my own name. First, the important thing about quantum encryption is the generation of the key. The actual message can be encrypted any old way - it doesn't matter. In this case, the key is used as a one-time pad. Now, here's how it works: First, you have some sort of quantum particle. The exact nature of the particle doesn't matter, you just need two different ways to encode a 0 or 1. We'll call these two methods A and B. If you encode a bit using method A, and the receiver uses method A, it should correctly tell you that the bit is a 0 or 1. If, however, the receiver attempts to use method B to decode the particle, it should randomly report a 0 or 1, so the receiver has no idea which is right. Now, here's the method. First, the sender creates a random string of 0s and 1s, and encodes them using a random sequence of encoding methods (the A or B methods). He sends this to the receiver, who attempts to decode it with a random sequence of A or B methods. This gives the receiver a key, though anytime the receiver used a different method than the sender, the particular bit may be incorrect (50% chance). Then, the receiver sends his sequence of decoding methods to the sender, who then checks it against his sequence and tells the receiver which ones were guessed correctly. So, now both the sender and receiver know which bits of the sequence were received successfully, and which bits were randomized by the receiver's attempt at decoding. They both ignore the randomized bits, and whatever is left over is used as the cipherkey. Voila! Both sender and receiver have the cipherkey, and the sender then encodes the text, transmits it, and the receiver unencrypts it. Now, why is this secure? Because of wave-function collapse. Remember when we created two methods of encoding 0s and 1s? That was very important. Due to the nature of quantum information, if you use the wrong method to decode the bit, the bit is set to whatever it happened to return. Basically, if you encode a bit with method A, then decode it with method B, it then acts like it was encoded with B forevermore. If you try using method A on it, you'll just get another random value. You can't get it back to the pre-measurement state. Thus, there are no do-overs. You measure it wrong once, and you can never try again with the other method. So, if an eavesdropper happens to ever guess wrong when the receiver guesses right, there is no way to correct the mistake. That bit is now random, with a 50% chance of being right and a 50% chance of being wrong. The eavesdropper can easily tell whether or not it's random by listening to the sender and receiver exchange decoding methods, but he can never tell what the correct value is. Thus, if they guess wrong once, their code has a 50% chance of having one bit wrong. That's easy enough to test - just try to decode the ciphertext twice. But if they guess wrong twice, there are two random bits in their key. That means four possible keys. Three wrong guesses yields 8 possible keys. You see where this is going. If you have a long enough key, the eavesdropper is bound to guess wrong lots of times, giving him too many keys to effectively test. On average, 1/4 of the of the guesses will be wrong (1/2 will be invalid because the receiver guessed wrong, and 1/2 of the remaining will be guessed wrong by the eavesdropper), so a quarter of the guesses will be random. 30 random guesses gives a billion possible keys. 40 gives a trillion. With a codebit for every messagebit (which is how it works in the encoding scheme used by these guys), a video (which consists of millions of bits at minimum) will produce more possible keys for an eavesdropper than there are particles in the universe. This wave-function collapse thing is how you know if an eavesdropper exists. They receive the bit, decode it with one method or another, then retransmit it. If they guessed wrong, though, then the bit they resend is random, and has a chance of being wrong. Again,
I've heard a lot of nonsense and/or misinformation about QC on this newspost already.
QC is a method of exchanging secure and random key data (usually a one time pad (OTP)). Following the key exchange, the data to be sent is encrypted with the key and transmitted over any non-secure channel.
Scientific American ran an excellent article about this about a year ago: SciAm Article
I also did a full semester's worth of study on this topic, so I hope that I am well informed.
There are two basic ways to carry out QC:
Both methods are completely secure from interception attacks.
The first method uses entangled photon pairs which are randomly generated from some secured source in the middle. The photons are then read at either end. As long as the source is not compromised, the method is secure. Even if the source is compromised, the attacker cannot triplicate the entangled photons, and also cannot read out the photons without compromising their entangled state. Thus, fake non-entangled photons would have to be sent out, possibly alerting the communicating parties.
The other method, OTP negotiation, is much more developed and stable as of today. Alice (the sender) and Bob (the receiver) begin by establishing a one-time key for use with a cipher (such as an XOR cipher). Alice starts by choosing an orientation (orthagonal or diagonal) and then choosing a value (1 or 0).
For example, Orthagonal values are '-' for 1 and '|' for 0, while Diagonal values are '/' for 1 and '\' for 0.
Alice sends one of these 4 possible polarized photons to Bob, who chooses either the Orthagonal filter or Diagonal filter.
The Orthagonal filter is a polarized filter in the '-' direction. '-' photons pass through and register 1, while '|' photons are blocked and register a 0. However, Diagonal photons have a 50/50 chance by quantum mechanics to twist into the filter, so the readout of a Diagonal photon is unreliable.
Similarly, Diagonal filters cannot read Orthagonal photons accurately.
Quantum mechanics ensures that nobody can read both orientation schemes at once accurately, and because the photon may twist through the wrong filter, a measurement can only be taken once correctly.
After the photon reaches Bob and he has measured it, Alice tells Bob which orientation she used (Orthagonal or Diagonal). Bob then tells Alice whether or not he used the right filter. If he used the right one, they keep the bit, otherwise it is discarded.
This process repeats for the entire length of the message.
If Eve is intercepting the line, however, she will have to choose a filter and risk twisting the photon.
For example: Alice chooses '\'. Eve intercepts and reads using Orthagonal, and the photon twists into '-'. Bob then reads using Diagonal, giving the twisted value '/' (1). Since Alice and Bob both chose the same orientation, the bit is retained. However, the bit is incorrect, leading to errors in encryption.
To detect problems or an interceptor, Alice and Bob perform a keycheck when they finish the negotiation. Alice selects several values at random and sends their values and positions to Bob, who checks them and reports back. If any discrepancies are noted, the entire key is invalidated and the process starts over on a new channel. Otherwise, the check bits are discarded and encryption can proceed.
As noted, this is a lot of work for a simple encryption, considering that modern ciphers such as RSA-4096 are unbreakable by modern computers. However, quantum computers (capable of breaking RSA in nanoseconds) will eventually present a danger to these ciphers.
Thus, QC is not yet practical, unless you believe the NSA can break RSA, but it has already proven to be mathematically and practically unbreakable.
The word
Man in the middle attack. Capture like recepiant and send like sender.
Another option is to package the values up into blocks and use a cryptographically authenticating block chaining method. That way, if someone attempts to build their own chain, the chaining method will fail to authenticate correctly. That way, even if a MitM found a way to block reception of the original OTP, the recipient would still know that the key had been intercepted.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
They really are "unbreakable" according to a specific mathematical meaning of that. If (when?) such schemes are broken, they will be broken by exploiting something else.
...
This application of QM allows you to exchange data where the laws of physics themselves guarantee that no one but God could eavesdrop on the data in transit without you knowing about it. So they *can* eavesdrop, you'll just know if they do. They can also steal the data before or after it is transmitted (e.g. NSA has the hardware secretly cache all keys sent over it for later recovery, or whatever). The endpoint computers probably aren't unbreakable, although they may be very close if they're made by the NSA or someone. And if you're getting hardware like this, you *ought* to have a good admin, but I digress.
Okay, so you have this super-ultra good link where you can send data and *know* that no one intercepted it. What now? Well, you have a few options:
A) Send one-time pad data. This encryption method is perfect--EVERY plaintext of the proper length is a possible decryption of any given ciphertext. And you would be padding the length, anyhow. So long as you use a good random source for the pad's data, you'll be fine. Of course, if you use a random source that's somehow deficient, well... Note that it would be good practice to compress (i.e. zip, 7z, rar, whatever) the data before sending it to increase its entropy. Doing this is good for many reasons and is pretty much always helpful when encrypting things.
B) Send keys. You can send secret keys and use your favorite normal cipher. Because you know if someone was eavesdropping (and can discard any keys they eavesdropped upon), you will know that the key is secret (unless, of course, an endpoint is compromised). Now, so long as you're using a good cipher here, you'll be fine. Of course, if your cipher is deficient here, you're hosed. One good thing about this is that you can keep making new secret keys, to limit how much damage it does if an adversary breaks your cipher. This is a very helpful thing to do because some attacks require a lot of ciphertext, and you're not putting out all that much ciphertext for them to use to recover your key if the key changes for each message. Suddenly they have a lot of crumbs, when they need a large block, all encrypted with the same key(s).
C) A little of each. There may be reasons to do both. Maybe you want to send short text messages or small files and these can all be done via a true one time pad, but the large files are more efficient to do via some stream cipher. After all, with a stream cipher you only have to transmit file + a relatively small key, whereas a true OTP requires you to send 2 * file worth of data, the first being the OTP, and the second being file [xor] OTP. And that's neglecting overhead, of course. Normally, you want to do a number of things I'm neglecting here to avoid misc. side channel attacks that could reveal things like how large a message you're sending, *that* you're currently sending a message, etc., which can all leak information.
After all, if you know that A is asking B whether or not A should do something (which you know via other means) and you saw A transfer the ciphertext ^s@ or possibly ÿÿ it wouldn't take a genius to figure out that one was yes and the other was no with or without an OTP
Parent is splitting hairs. TFA's audience is not people who have taken quantum physics, so it's allowed to "dumb things down" a bit.
Hint: it-observer.com seems to be geared towards IT middle managers, and the last time I checked, QM wasn't listed as a prerequisite for an MBA.
Why the hell is this modded troll? The poster makes an excellent point. Do you want the government/cartel/whomever to be able to spy on you so perfectly? In a system where they know the second you try to mess with it? I'm really suprised for what passes as a troll around here. Do you want to be watched?
I sure as hell don't.
Happiness does not come from having much, but from being attached to little.
I'm going to revoke the force with which I said that. I've read a few links and it seems like MITM attacks are more broadly defined than the impression I had. HOWEVER, I stand by it to the point that usually a MITM attack is what I said:
Wikipedia lists eavesdropping as a possible MITM attack, but also says "MITM is typically used to refer to active manipulation of the messages, rather than passively eavesdropping."
Both Network Security by Kaufman, Perlman, and Speciner, and Computer Secuity: Art and Science by Bishop define MITM as the more narrow definition I gave.
A Blackhat conference paper defines it more broadly, but includes my definition and doesn't include eavesdropping.
They use photons to exchange a One Time Pad, using a dedicated point-to-point fibre link. They then use the Internet to transfer the video. This doesn't add up, to my way of thinking. If you have a dedicated point-to-point fibre link, you'd use that for the video. How does their quantum cryptography fare as soon as the fibre link is no longer point-to-point, but is a normal trunk with repeaters and routers and stuff not owned by the two people having the conversation? Now if this was entanglement, well... but I'm equally confused how you distribute your entangled photons in the first place, and how this doesn't hit the age-old key distribution problem??
And you have no idea about cryptography
The whole point of using "quantum mechanics" is just to deliver the cryptographic key in a way that CANNOT be eavesdropped successfully without violating the whole Law of Physic (think equivalent of "This message will self-destruct after reading in 3... 2... 1... Pschiiit!")
As always said, a whole system is just as secure as the weakest link in the chain.
If they're using their "New Uber-Secure(r) Quantum(tm) Link" to transmit keys for some stupid rot13-alike cryptographic scheme, there's no doubt the content will be cracked in an incredibly fast time, no matter if the key is unkown.
As a matter of fact, that what happened to the CSS crypting used in DVDs (no key are used in libdvdcss to crack it), and that's what happened to Enigma at the end of World War II (some ancestrors of computers where used to brute force the code using some clever tricks to reduce the key space)
If this key-exchange channel is used for video (as the article tells) and the crypto scheme used is AACS as with other future video product (which some already claim to have found way to crack - and are waiting that AACS is deployed before publishing their method) DVD Jon will have a fun time cracking it.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
by the very act of observing quanta, you change them...
As far as I can see, Quantum Encryption is still vulnerable to a man-in-the-middle attack, as long as the malicious interloper can also intercept the "secondary channel" over which Alice and Bob compare their notes and the insecure channel over which the final data will be sent. What QKE really relies on is that Alice doesn't know for certain whether Bob will receive any given one of her bits transmitted over the quantum channel as a "zero" or a "one", and so they have to compare notes over a secondary communications channel before anything can be exchanged using the key. What's said over this channel is not the key itself, but the key EORed with random zeros and ones {which can be inferred by Alice or Bob, but nobody else who did not see the bits sent or received}, and so is ordinarily meaningless to anyone trying to eavesdrop. But if Mallory has a suitable receiver like Bob's and transmitter like Alice's, and records whatever he receives from Alice exactly the way Bob is doing, then it should be possible to reconstruct the keys for both legs of the transmission {Alice to Mallory and Mallory to Bob} from what is already known.
There are a lot of reasons why this would be hard to do, but it's not strictly impossible. And it's exactly the sort of system that's likely to be used where the stakes are high.
Je fume. Tu fumes. Nous fûmes!
So maybe I'm stupid but heres an obvious question.
What is the advantage of quantum cryptography over zero knowledge protocols such as SRP?
There absoultely needs to be some prior 'out of band' knowledge established between 'Bob' and 'Alice' to prevent MITM by a 'Malice' tapping both classical and quantum channels and operating it's own proxy beam splitter...
so it seems to me that the quantum advantage is reduced to a prior knowledge requirement which makes it a weakest link canceling any advantage of the quantum channel alltogeather. It's just harder to do, not impossible.
The keys are calculated. Not stolen.
- As far as I've heard a few of the first de-css-ing software used cracked keys to decrypt content. They depend on managing to get some keys to work. And were also legally challenged.
- libdvdcss depends on calculating alone by itself some possible keys. It doesn't matter if the companies using CSS do keep safely their key.
In one case protecting the key is important. Quantum cryptography helps.
In the other case it doesn't matter how safe the key is, the algo it self is flawed and can be cracked even without capturing an original key.
by "no key are used in libdvdcss to crack it" I meant no _stolen_ key is ever used inside. It wasn't necessary to steal a key to unlock content. Un breakable key transmission channel is irrevelant.
I hope I'm clearer now.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]