First Quantum Cryptographic Data Network

jdubs writes to tell us ScienceDaily is reporting that scientists at Northwestern University and BBN Technologies have demonstrated the first truly quantum cryptographic data network. From the article: "Kumar's research team recently demonstrated a new way of encrypting data that relies on both traditional algorithms and on physical principles. This QDE method, called AlphaEta, makes use of the inherent and irreducible quantum noise in laser light to enhance the security of the system and makes eavesdropping much more difficult. Unlike most other physical encryption methods, AlphaEta maintains performance on par with traditional optical communications links and is compatible with standard fiber optical networks."

Quantum post

[BadAnalogyGuy]

This post is not insightful!

Will we know?

[SanityInAnarchy]

We know a working quantum computer, on a sufficient scale, can crack modern encryption in something like linear time, or at least better than the current exponential time. We know that no such computer exists now, or at least not on sufficient scale to enable the NSA to snoop all our encrypted traffic.

Or (tinfoil hat time) do we really? Will we know when this happens, or will it be classified and snapped up by the government? Would we notice that? (The way we did with the a-bomb -- contests were held for whose work could be classified the fastest.) Or would we only notice years later, when it's finally leaked...

Re:Will we know?

[johndoe42]

Really? Last I heard, quantum computers were not known to be able to solve NP-hard problems in polynomial time, and, in the absence of cryptographic breakthroughs, breaking symmetric ciphers ought to be difficult NP problems. Grover's algorithm might help, but only enough to reduce the rate of exponential growth a bit (i.e. 256-bit encryption will stuff be effectively unbreakable by any technology, unless BQP >= NP).

That being said, quantum computers can easily break RSA, ElGamal, and related schemes (using Shor's algorithm, for example). But this quantum encryption thing, absent any details, doesn't look like it's trying to do assymetric encryption.

See http://en.wikipedia.org/wiki/Quantum_computing for more info.

Re:Will we know?

The problem is one of information theory - read Cryptonomicon for a good fictional overview of these type of issues - the problem is that *if* they had a working quantum decrypter could they use it yadda yadda, well, there's two options - either they start using it left right and centre and soon everyone *knows* that the NSA can read encrypted data (in which case the bright monkeys will switch back to one-time pads and the hell that is key exchange) - or the NSA will be very clever about it and only act on that information they have decrypted that they can explain coming from other sources, such as:-
1. crack PGP1024-bit message using quantum goodiness
2. get juicy intelligence from message
3. 'bust' someone in the 'organisation' who had access to this information
4. go public with/act upon the intelligence, claiming where needed 'x told us everything'

The whole issue is one the allies had to deal with throughout WWII since they had cracked enigma and so wanted to act on the intelligence without letting the axis know that we could read their codes.

Having said all that though - I'm a big believer in the cock-up Vs. conspiracy theory, meaning given two situtations it is usually always the case that the conspiracy is fantasy.

Re:Will we know?

[strider44]

I don't mean to be a pedant but this article has nothing to do with quantum computing. It just has to do with using quantum mechanics to design a data stream that is impossible to be eavedropped on according to quantum physics. See Wikipedia for more details.

Re:Will we know?

[ajs]

As far as I know, you usually need asymmetric encryption to reasonably set up temporary symmetric encryption.

Yes and no. Let's step back and cover what is currently done:

Typically you generate a public/private key and give one out to the world (the "public" part, though in most systems that's an arbitrary distinction). The reason you do this is because it's "safe" to give out the public part (no one can decrypt your messages with it) and it gets around the horrible problems inherent in trying to move a key around that *can* decrypt your data (such as those used in symetric key systems). Now you could just stop there, and encrypt all of your data using the target's public key, but it turns out that that's fairly computationally expensive.

In order to speed up the process, you can just use the public key to encrypt a random, one-time session key that you use as the input to a (much faster) symmetric key algorithm such as IDEA, blowfish, twofish, DES, 3DES, etc. Now you have a fast communication path and, as long as the symmetric key system is believed to be at least as strong as the asymetric key system, you have not lost any security.

Now, if symetric key is so much faster, why don't we just use THAT? Well, we would, except that it's a pain to get the symetric key to the target without compromising it. You could, for example, send it via U.S. Post (slow, and not 100% reliable), send it over a private communication channel like a leased line (expensive, not secure), etc. There are other ways too. For example, you can NOT send the key, but have an out-of-band agreement as to how they are generated. For exaple, you might agree to use a pseudo-random number generator (PRNG) wiht a particular seed on a particular date, generating a new key each day. That's not too bad for some purposes, by typically it's not strong enough for truly important information, as PRNGs tend to have their own flaws, and anyone who finds out what you're doing essentially has every key you'll ever use until you exchange a new seed.

What quantum encryption changes is this: it gives you a secure channel over which to communicate (usually at low bandwidth), so you can use it to move a key for symmetric key encryption, and then perform your encryption with that. If anyone evesdrops on the connection, you are guaranteed to know (because the data will be changed, and presumably you've built in appropriate checksums so that you will realize that you now have line noise), and you won't use that key (providing trivial denial of service, which is why this isn't good for non-physical communications).

Quantum computing essentially replaces asymetric key encryption for short, physical links in terms of providing a secure way to exchange symmetric keys. If it gets up to the point that high volumes of data can be moved through the quantum link (which the article is not describing), then you can just move a one-time pad through the link, and your encryption algorithm will be a simple xor.

Can some-one please explain?

[kwikrick]

The article does not explain at all what quantum cryptograpy is and how it's different from the cryptograpy we all know. Ah, but here's wikipedia to the rescue http://en.wikipedia.org/wiki/Quantum_encryption:

Quantum cryptography uses quantum mechanics for secure communications. Unlike traditional cryptography, which employs various mathematical techniques to restrict eavesdroppers from learning the contents of encrypted messages, quantum cryptography is based on the physics of information. Eavesdropping can be viewed as measurements on a physical object -- in this case the carrier of the information. Using quantum phenomena such as quantum superpositions or quantum entanglement one can design and implement a communication system which can always detect eavesdropping. This is because measurements on the quantum carrier of information disturbs it and therefore leaves traces.

Friggin Quantum crap.

[Rob+T+Firefly]

I'm sick of Quantum Cryptography. Every time I try and encrypt something, this smartass time-travelling scientist guy takes over my body, kisses some girl I know, and solves one of my lifelong problems before disappearing in a flash of cartoon FX.