Slashdot Mirror
Code for Unbreakable Quantum Encryption
An anonymous reader writes "ITO is running a story on NIST's latest quantum encryption key generation. From the article: 'Raw code for "unbreakable" quantum encryption has been generated at record speed over optical fiber at NIST. The work is a step toward using conventional high-speed networks such as broadband Internet and local-area networks to transmit ultra-secure video for applications such as surveillance.'"
Why go fast when you can go anywhere? O|||||||O
Let's see what DVD Jon has to say about this first...
This message encrypted with rotsqrt(-1).
People really need to quit referring to anything as "unbreakable" or 100% secure.
Well a one time pad is considered unbreakable if employed correctly.
However, if you reuse the same pad over again and over again it tends to be easier to break. Maybe that is why they call it a one time pad though...
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
The article is about quantum encryption, not computing. IIRC, quantum encryption employs the quantum characteristics of photons to make it impossible to eavesdrop on a communication without altering it, thus rendering it uncrackable. Whereas quantum computing employs the overlapping of quantum states of systems in order to provide a kind of natural ability to perform "parallel" computations.
If it weren't for deadlines, nothing would be late.
All together now: "this has nothing to do with quantum computing".
This system exploits quantum mechanics to detect if someone is interecepting and retransmitting the signal. That's why it's called Quantum KEY Distribution. There's nothing "quantum" about the encryption itself. It is also of limited use since it requires an unbroken fiber-optic connection between the two devices.
The idea of quantum cryptography is that you have some form of signal sent both ways that only the receivers can receive, since it can't be tapped in the middle due to detected signal loss and single-atomic-unit transmissions being measured. It's pointless, because anything the actual receiver can do, I can do too, and anything the actual receiver can't do I can't do either.
Eeeehh... Quantum entaglment encryption isn't that simple.
Here is a site by Colossalstorage that explains one of the patents involved in it:
http://colossalstorage.net/entangled.htm
To give a layman's translation... You take two photons and entagle them and then send them down two fiber optic line of the same length (say 4km) and then a device on each end determines which direction the spin is.
Since the spin is the same for the particles regardless of how far apart they are (no information being transfered faster than the speed of light) they have a reference of what the other party is seeing.
Now of course particle spin is random, but the key factor is knowing what the other party is seeing.
Now, you can use the spin as a one time pad and basically encrypt everything based off this... Or rather changes are you'll need another method of communication such as having the actual encrypted data on another fiber line and knowing the spin of the photon gives you the key to unencrypt it.
Now if someone spliced the fiber line, you instantly know it has been comprised because data no longer unencrypts because the particle spin changed on observation and chances are unless the eves dropper has the ability to observe particle spin he might not get much useful data either.
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
QC is unbreakable in the mathematical sense. It's a souped-up OTP, which cannot be broken by an outside party, period. Note the word "outside". You can't install a sniffer on the wire, copy the message and decrypt it later. Aside from effectively infinite key length, with QC your intrusion will be detected in real time.
Insider attacks (mole, rootkit, spy camera, etc) which occur AFTER reception and decryption do not count, because the encryption method has nothing to do with that.
The one big vulnerability with OTPs is that you've now got to send the key securely. Since it is equal in size to the message and is only valid for one message, it is equally hard to send the key securely as it is to send the message securely. Because the pad is pure randomness, it is possible (using existing methods) to send the pad by public key encryption, as it is non-trivial for someone intercepting the message to know how to decrypt it, as it's hard to know when you've broken the encryption. One piece of randomness looks much like another.
Generally, though, people take shortcuts. Instead of using a full-sized one-time pad, a much smaller, repeatedly-used pad is used instead, with some form of pseudo-random mangling to churn things up so that it acts in a very similar manner to a one-time pad. This is generally how stream ciphers work.
Quantum Cryptography - if used sensibly - would involve transmitting a gigantic OTP. Far bigger than the one you need. You then drop all of the bytes that are intercepted. The only bytes used in the pad are the ones the intercepting person does NOT have, so you know the pad is free of holes.
A "better" solution would be to not transmit the key at all, but somehow exploit photon teleportation to deliver the key in a secure manner. However, if you could do that, you wouldn't need encryption in the first place.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Which is exactly why this is a solution looking for a problem. No one ever breaks modern crypto when it's used correctly. Attacking the periphery of the system is orders of magnitude easier. Your resources are much better spent guarding against insider attacks than buying the next useless whiz-bang crypto device.
Democracy is two wolves and a sheep voting on lunch.