Slashdot Mirror

← Back to Stories (view on slashdot.org)

Quantum Cryptography Ready For Wide Adoption?

Posted by ryuzaki0 on from the decode-this dept.

An anonymous reader points us to an interview with the founder of quantum cryptography pioneer MagiQ Technologies. From the article: "Q: When do you think we'll see service providers offer quantum cryptography services to their end-customers? A: This will happen within one year and we'll see fairly wide adoption within the next three years. We are working with big carriers such as Verizon and AT&T as well as some companies that own fiber networks. The goal is to embed quantum cryptography into the technology infrastructure so it becomes totally transparent to the end-user..." The cost of a pair of MagiQ boxes to implement point-to-point encryption on a 120-km link is $100,000 plus service.

125 comments

  1. SNAKE OIL! by LiquidCoooled · · Score: 4, Insightful

    The only way to see if this works is to break the fibre connection and see if it notices.
    Oh lookie, the amazing thing is - a normal fucking fibre circuit will notice as well.

    There is no quantum tech yet.

    This is just going to increase our month subscriptions without giving any benefits, we will still use encryption on every required connection and will still have open holes alopng the way (last mile), so who exactly does it benefit?

    I suggest any carrier should pay them with money stored in a quantum envelope. You are certain it contained $100,000 before you sealed it up, if its not there now it must have been intefered with.

    --
    liqbase :: faster than paper
    1. Re:SNAKE OIL! by vertinox · · Score: 2, Insightful

      The only way to see if this works is to break the fibre connection and see if it notices.

      What happens if you splice the line and put a repeater in that also reads the data passing through it?

      Fiber optics are tappable you know.

      You may notice a short downtime...

      --
      "I am the king of the Romans, and am superior to rules of grammar!"
      -Sigismund, Holy Roman Emperor (1368-1437)
    2. Re:SNAKE OIL! by LiquidCoooled · · Score: 1

      Thats my point.

      If(allDark) showMessage("PANIC: 1337 haxx0rs have broken in.");

      --
      liqbase :: faster than paper
    3. Re:SNAKE OIL! by Amouth · · Score: 2, Insightful

      or you can just bend the fiber and catch what little bit makes it out.. or you could splice in a larger pice of glass like -|- and read it from the edge of the incerted glass - sure you would notice the beem being weaker but that amount depends on the size of the glass inserted - if you are looking up close you only need to divert alittle of the light to read it.. and the link wouldn't ever have to go down for it to happen - fiber is leaky.. just read the leaks or make your own.. no need to read and repeat just read

      --
      '...if only "Jumping to a Conclusion" was an event in the Olympics.'
    4. Re:SNAKE OIL! by Anonymous Coward · · Score: 2, Funny

      What happens if you splice the line and put a repeater in that also reads the data passing through it?

      I don't know, let's ask the NSA: bomb kill president dirty bomb panties assassination murder terrorist nukular boom boom anthrax

    5. Re:SNAKE OIL! by E++99 · · Score: 1
      or you can just bend the fiber and catch what little bit makes it out.. or you could splice in a larger pice of glass like -|- and read it from the edge of the incerted glass - sure you would notice the beem being weaker but that amount depends on the size of the glass inserted - if you are looking up close you only need to divert alittle of the light to read it.. and the link wouldn't ever have to go down for it to happen - fiber is leaky.. just read the leaks or make your own.. no need to read and repeat just read

      Um, that's the whole point of quantum "cryptography", as I understand it ... you encode your message with individual photons. You can't divert off a little bit of the photon. Of course, what would prevent you from using a repeater, I have no idea, and am inclined to agree that it is snake oil.
    6. Re:SNAKE OIL! by Neoncow · · Score: 1

      I assume while you do this, [organisation using quantum crypto] will have shot you.

    7. Re:SNAKE OIL! by enbody · · Score: 1
      What happens if you splice the line and put a repeater in that also reads the data passing through it?


      You cannot reconstruct the quantum state of an individual photon so a repeater isn't possible. In fact, that is the point.

    8. Re:SNAKE OIL! by orgelspieler · · Score: 2, Insightful

      In true quantum cryptography, you cannot use a repeater. This is due to the Observer Effect. By measuring the quantum state of a particle, you change it. A professor explained it to me back in the 90s, but I can't remember all the details.

    9. Re:SNAKE OIL! by m0ok1e · · Score: 1

      You don't have to actually splice the line, if you can get physical access to the line you can bend it and with the right equipment read all the data off the line without any interruption of the normal service. There are videos of this being done, where they capture a broadcast on a fiber wire and there is no noticeable difference on the original signal.

    10. Re:SNAKE OIL! by da+cog · · Score: 3, Interesting

      The "data" that is being sent is not classical information, but quantum information in the form of "qubits". Ergo, you cannot intercept and then "read" it in the sense that your post is describing.

      Specifically, what is being sent is one half of two perfectly entangled qubits. The fact that they are "entangled" means that if the two people involved each measure their qubit using the same basis, they will always get the same answer.

      When you intercept one of the two qubits, you can measure it but in the process you destroy it, and you cannot create a new qubit that is entangled with the one kept by the sender. Thus, the final recipient of the qubit will no longer get qubits entangled with the original sender's, and so even when the two of them measure with the same basis they are no longer guaranteed to get the same result. In fact, on average 50% of the time they will disagree -- equivalent to what would happen if they both just generated independent random strings of bits.

      Now you might say: why not have the repeater just generate a qubit such that the recipient will get the same measurement result as you did? The answer is that you cannot do this because you cannot know in advance what basis he will use to measure the qubit. In the case of photons, he could measure it in a horizontal/vertical basis, or he could measure it in a diagonal basis. (For each measurement he will pick one or the other on a random basis.) If you polarize your photon horizontally (which might correspond to a classical value of "0"), then the other guy will get a random result when he measures it in the diagonal basis. You can only hope to guess right 50% of the time.

      Part of the QC protocol is to share selected strings of bits to make sure that they are in fact in ownership of a common secret. If these strings differ 50% of the time, then they know that someone was reading them in the middle.

      Thus, the whole point of QC is that it is impossible to put repeaters in the middle to intercept the data without this resulting in a detectable error rate in the shared secret.

      --
      Snarkiness is inversely proportional to wisdom because it emphasizes feeling right rather than being right.
    11. Re:SNAKE OIL! by Mr.+Firewall · · Score: 2, Informative

      ...if you can get physical access to the line you can bend it and with the right equipment read all the data off the line without any interruption of the normal service.

      Nope. Not with quantum crypto. First, you can't read the data because it destroys the data. Second, it will DEFINITELY interrupt the normal service! (because you've destroyed the data)

      There are videos of this being done, where they capture a broadcast on a fiber wire and there is no noticeable difference on the original signal.

      You're thinking ordinary fiber-optics. Quantum is a whole different world.

      --
      In times of universal deceit, telling the truth gets you modded -1 Troll
    12. Re:SNAKE OIL! by Anonymous Coward · · Score: 0

      And that's the problem with quantum encryption: it's far too susceptible to DOS attacks.

    13. Re:SNAKE OIL! by skarphace · · Score: 3, Insightful
      And that's the problem with quantum encryption: it's far too susceptible to DOS attacks.
      Which is why the tech should only be used on networks that value confidentiality more then service. Quantum Cryptography is NOT a technology for the internet and if anyone tries to convince you of that, they're wrong.
      --
      Bullish Machine Tzar
    14. Re:SNAKE OIL! by MrNaz · · Score: 3, Interesting

      It's known as the Heisenberg Uncertainty Principle. It states that with regards to any particle, you can know either its location or its state of motion but not both. This is due to the fact that in order to observe something, you need to "see" it, which requires that at least one photon touch it. If a photon touches a particle, it will impart energy to it, changing its state. Thus, you will know its location, but you cannot know how the photon has changed the particle's state unless you bounce another photon off it, causing another change.

      The way I understand so-called "quantum cryptography", is that it sends a known number of photons with known states down the fiber. Any attempt to intercept them will change their state and/or their number. A repeater will not be able to reproduce exactly the photonic pattern that the sender sent. This, combined with a kind of hashing or packet digest, will tell the receiver if the data packets were tampered with along the way. The message is not sent as a series of light pulses, but as individual photons which are polarised in one direction or another, representing 0s and 1s, with carrier photons that indicate the representational state at any given point in time. Because photons are discrete, there can be no leakage, hence any attempt to "tap" into or read the data en route will be detected.

      That is the theory. I am very, very skeptical that the real units actually work that way, as the precision required, it would seem to me, is not currently feasible in commercial products. Counting and measuring photons and whatnot are the preserve of facilities like CERN.

      I read this in bits and pieces, I know very little about quantum cryptography, so my understanding may be flawed. In fact, it may be that I have just pulled all this straight out of my arse. It wouldn't be the first time.

      --
      I hate printers.
    15. Re:SNAKE OIL! by LiquidCoooled · · Score: 1

      One question, what magical technology have we got that can transmit and receive these qubits?
      (if possible please refrain from using the word laser or photodiode)

      I read on their site a wonderful description (here if you are interested):

      The interaction between ions and single photons is quite weak; therefore it has to be enhanced by placing the trapped ions inside an optical resonator (i.e. between two very good, suitably arranged mirrors). This leads to a strong coupling between the light field in the resonator and the ions. Shining appropriate laser pulses on the ion in question, its state can then be mapped to the state of the resonator field (see, e.g. [6]. Similarly the state of the resonator field can be mapped on the state of an ion. To complete the interface, the resonator field must be coupled to a traveling light field, e.g. in an optical fiber. For the output, one can just wait for the photons in the resonator to leak out into the transmission line. For the input, more care is needed to circumvent the reflection of most incoming photons at the mirrors, but carefully designed laser pulses may "open up" the resonator to incoming photons. These proposals are quite close to what can currently be done in the lab, and their realization should be achieved in the coming years.

      In other words, shining a laser through a filter at both ends.
      If the length of the cable increases or is flexed sufficiently the frequency sync won't match and oh look your machine will tell you it has been modified.

      It is literally a smoke and mirrors problem.

      --
      liqbase :: faster than paper
    16. Re:SNAKE OIL! by NonViviDaSola · · Score: 0

      You cannot theoretically tap a quantum communication. You have to alter the photon stream in order to measure it. This is more of a quantum transport than quantum encryption. It guarantees that noone can eavesdrop on the communication. Combined with conventinal authentication, it can provide a very secure and authenticated communication channel.

    17. Re:SNAKE OIL! by NonViviDaSola · · Score: 0

      One further note. This company does not provide single photon technology. It is very unlikely but still possible to eavesdrop on the conversation if the quantum communication uses more than one photon per bit of data as they do. Single photon technology is still in the works.

    18. Re:SNAKE OIL! by fbjon · · Score: 1
      panties
      Just great, now we'll have the whole army after us!
      --
      True confidence comes not from realising you are as good as your peers, but that your peers are as bad as you are.
    19. Re:SNAKE OIL! by somersault · · Score: 1

      I thought that was the cheat for a 3 star rating?

      --
      which is totally what she said
    20. Re:SNAKE OIL! by shutdown+-p+now · · Score: 1
      It's known as the Heisenberg Uncertainty Principle.
      No, what matters here is the observer effect, to which the GP referred. As for the uncertainty principle, it's about the precision to which you can know a particle's position and its momentum, and the corellation between those two; and the cause of phenomenon it describes is not disturbance of particle during observation.
    21. Re:SNAKE OIL! by orgelspieler · · Score: 1

      Thanks. I wasn't 100% sure I was right. Like I said, it was a long time ago that I attended that lecture.

  2. Short answer by Rob+T+Firefly · · Score: 5, Funny
    Quantum Cryptography Ready For Wide Adoption?
    Yes and/or no.
    --
    Slashdot Burying Stories About Slashdot Media Owned
    1. Re:Short answer by An+anonymous+Frank · · Score: 1

      Actually, how does it go; you change the outcome by measuring it? So, could we then discover the key, by looking for it? (Yeah, I'm in a silly mood.)

    2. Re:Short answer by Tackhead · · Score: 1
      > > Quantum Cryptography Ready For Wide Adoption?
      >
      >Yes and/or no.

      I could tell you, but then I'd have to collapse this wave function that describes your cat.

    3. Re:Short answer by GnomeChompsky · · Score: 1

      OR is already inclusive! You don't need and there.

    4. Re:Short answer by Anonymous Coward · · Score: 0

      That comment wasn't all that funny until I read it...

    5. Re:Short answer by wirelessbuzzers · · Score: 1

      I'd have to collapse this wave function that describes your cat.

      Is that what they're calling it these days?

      --
      I hereby place the above post in the public domain.
    6. Re:Short answer by somersault · · Score: 1

      Plus, you can't divide and by or.

      --
      which is totally what she said
    7. Re:Short answer by Anonymous Coward · · Score: 0

      nullity anyone? :S

    8. Re:Short answer by somersault · · Score: 1

      I propose mandatoryandority.

      --
      which is totally what she said
  3. Huh? by jrwr00 · · Score: 1

    How in the hell does this work? Why can the interfaces just have inboard encryptions?

    --
    WulframII - Free Online Mutiplayer 3D Tank Shooting Game
    1. Re:Huh? by pdbaby · · Score: 2, Interesting
      Assuming you're not Bruce Schneier making a joke, the point of quantum cryptography is to try and bring perfectly mathematically secure encryption to a point-to-point connection. Normal encryption is good enough but not perfect (i.e. given an infinite amount of time and money, you can break any standard encryption algorithm)

      The only perfectly secure algorithm is one where the key is:
      • The same length as the key (or "never reused, even within the message" if you want to think of it that way)
      • Completely Random
      A one time pad satisfies this (and that's the basic idea Quantum Cryptography is based on

      Because the resulting ciphertext then is just as random. The problem is that you've replaced a secret with another secret of the same size -- which is only a benefit if you've securely transported a briefcase with a copy of the random key you used.

      In terms of practical application for you and me, encrypting traffic with VPNs is practical and really secure. Quantum Cryptography depends on being physically point-to-point, which is its flaw... making it unsuitable for most communication

      Of course, there are better ways to find secrets sent across a perfectly secure link. Like infiltrating the organisation and reading the secret on the noticeboard :)

      --
      Global symbol "$deity" requires explicit package name at line 2. - If only $scripture started "use strict;"
    2. Re:Huh? by ukatoton · · Score: 1

      The key is the same length as itself? I believe that's true in all cryptographic forms that use a key

    3. Re:Huh? by Mr.+Firewall · · Score: 1

      ...the point of quantum cryptography is to try and bring perfectly mathematically secure encryption to a point-to-point connection.

      Wrong. Quantum cryptography isn't mathematical at all. And it does not rely on keys.

      --
      In times of universal deceit, telling the truth gets you modded -1 Troll
    4. Re:Huh? by Jesus_666 · · Score: 0

      What, we just connect every computer to every other computer and buy a couple dozen billion crypto boxes, then everyone will be completely secure when they visit addons.mozilla.org.

      --
      USE HOT GRITS WITH STATUE OF NATALIE PORTMAN (NAKED AND PETRIFIED)
    5. Re:Huh? by Anonymous Coward · · Score: 0

      Wrong. Quantum encryption sends a one time pad via fiber and the encrypted message via regular channels.

    6. Re:Huh? by fluffy99 · · Score: 1

      I was under the impression that regular cryptography was used and it was the quantum hocus-pocus that was used to setup and exchange the session keys?

    7. Re:Huh? by kulnor · · Score: 1

      You're right, quantum cryptography is a misnomer for quantum key distribution. The difference is that it's based on the laws of physics and uses symmetric key encryption algorithms rather than public key based mathematical method such as RSA that can in theory be broken given enough time to factor a large number. The major threat to RSA are quantum computer as they'll will be able to factor numbers much faster than classic computers. This could happen in the next 5-20 years. Unless you can break (or change) the laws of physics, quantum key distribution is perfectly safe. It makes the one time pad (and therefore perfect encryption) possible.

    8. Re:Huh? by Anonymous Coward · · Score: 0
      The key is the same length as itself
      Damn my not pressing the Preview button the 2nd time!
  4. What about the terrorists? by Anonymous Coward · · Score: 0

    But what about the national security and GWoT?

    1. Re:What about the terrorists? by Anonymous Coward · · Score: 0

      its not GWoT its "The War Against Terror".... TW... Oh I see.... bad FLA..

  5. Military? by Anonymous Coward · · Score: 0

    So, how long as the military had this capability?

    They (DARPA) is the largest funder of quantum research.

  6. Cryptography != Security by mpapet · · Score: 3, Insightful

    As a component of a broader security system, cryptography is valuable and solves many problems.

    History shows that the weak links in systems employing cryptography is usually some other part of the system. DVD's are an obvious example.

    Outside of gov't agencies and the mega-corps that service them, I don't see this taking off like the ipod. The PHB's in the banking world certainly won't understand why this is better than the systems they have now.

    --
    http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
    1. Re:Cryptography != Security by mcrbids · · Score: 3, Insightful

      Outside of gov't agencies and the mega-corps that service them, I don't see this taking off like the ipod. The PHB's in the banking world certainly won't understand why this is better than the systems they have now.

      Funny that. When I read the price, my first thought was that this would very possibly explode!

      It all comes down to benefits vs. cost. When there are billions of dollars on the line, protecting it with a mere $100,000 seems like chump change. And each $100,000 purchase helps prove a marketplace that will then lower costs.

      With every new technology, there's an "adoption curve" where the price drops to a point where it makes sense at high economic levels. So the wealthy and the megacorps adopt the technology because it pays to do so. By doing so, the inventor/developer recoups their initial investments into the technology, and it begins to pay to reduce the price in order to encourage a larger marketplace.

      Wash, rinse, repeat, and soon the new technology is available at very affordable prices to average people.

      This doesn't happen to *all* technologies. For example, general aviation (EG: light, 1-12 person aircraft) is still pretty firmly entrenched in the ranks of the wealthy, for a variety of reasons. All too few people talk about the "family plane". But even in this case, commercial aviation is very reachable by the average Joe, a la SouthWest airlines.

      So, to have perfectly unbreakable encryption over a 120 km link for just $100,000? I think that would get the attention of quite a number of large and middle-sized organizations, banks, and perhaps data warehouses.

      --
      I have no problem with your religion until you decide it's reason to deprive others of the truth.
    2. Re:Cryptography != Security by morgan_greywolf · · Score: 1

      This doesn't happen to *all* technologies. For example, general aviation (EG: light, 1-12 person aircraft) is still pretty firmly entrenched in the ranks of the wealthy, for a variety of reasons. All too few people talk about the "family plane". But even in this case, commercial aviation is very reachable by the average Joe, a la SouthWest airlines.
      \

      You can get into ultralights for under $3,000. Granted this is really not "general aviation", but it's definitely affordable to just about anyone with a decent-paying steady job.

      --
      My blog
    3. Re:Cryptography != Security by mcrbids · · Score: 1

      You can get into ultralights for under $3,000. Granted this is really not "general aviation", but it's definitely affordable to just about anyone with a decent-paying steady job.

      I don't know where you are, but the sub-$3,000 ultralights that I've seen look awfully reminiscent of a death-trap. Something that won't leave your spouse a widow starts about $10,000 and goes up fast from there.

      Also, ultralights and sport planes have serious limitations - limitations on flight in controlled airspace, over urban areas, at night, etc. making them almost useless for any practical purpose.

      --
      I have no problem with your religion until you decide it's reason to deprive others of the truth.
    4. Re:Cryptography != Security by arose · · Score: 1
      So, to have perfectly unbreakable encryption over a 120 km link for just $100,000? I think that would get the attention of quite a number of large and middle-sized organizations, banks, and perhaps data warehouses.
      Unless you plan to transport huge amounts of data you can have perfectly unbreakable encryption far, far cheaper--a number of harddrives full of randomness shipped once in a while between the locations. Another plus is that guarding a car for 120km once in a while is far easier then replacing 120km of fibre every time someone breaks the cable.
      --
      Analogies don't equal equalities, they are merely somewhat analogous.
  7. And how does this fit in with federal law? by porkchop_d_clown · · Score: 1

    Isn't there a law requiring telecom providers to make their lines available for government monitoring?

    Are companies really going to buy "private fiber" or is this really only for DoD use?

    --
    Clear, Dark Skies
    1. Re:And how does this fit in with federal law? by Anonymous Coward · · Score: 0

      Isn't there a law requiring telecom providers to make their lines available for government monitoring?

      Only if they have a search warrant....

    2. Re:And how does this fit in with federal law? by t00le · · Score: 1

      Well,

      Providers have to provide an aggregation point or means of access. So it boils down to either a port on the provider side in promiscuous mode (outside of the secure channel) or an imperceptible channel in some form of monitoring mode.

      In the case of these end-points it raises a very good question as to how providers would code an interception point into this technology. One would think that taking an uber-secure channel and programmatically coding in a "backdoor" for lawful intercept would be humorous by Orwellian standards.

      --
      When the only tool you have is a hammer, every problem looks like a nail
  8. I'm sure they could do it. by Daniel_Staal · · Score: 2, Insightful

    But I'd rather the lines were upgraded to support faster speeds first. That should be a higher priority than embedding encryption into the network. There is little pressing need for better encyption, but more data bandwidth would help a lot of things.

    --
    'Sensible' is a curse word.
    1. Re:I'm sure they could do it. by TheRaven64 · · Score: 1

      More to the point, encryption is pretty much worthless unless it is end-to-end. It's fine making a segment of fibre 100% secure, but if that's just the middle hop, and the bits either side are leaky then it's worthless. This kind of thing might be useful for businesses that have their own, private, unswitched, fibre lines, but for everyone else it is just an expensive false sense of security. Until someone builds a reasonable-sized, working quantum computer, mathematical encryption is likely to be better for most things.

      --
      I am TheRaven on Soylent News
  9. Funny thing is by rbunce · · Score: 3, Insightful

    by definition Quantum cryptography can not be run on real networks were you have to do things like routing.

    1. Re:Funny thing is by Anonymous Coward · · Score: 0

      by definition Quantum cryptography can not be run on real networks were you have to do things like routing.

      Just use entanglement swapping. You can route without actually looking at the data. Of course, the destination address would have to be in the plain.

    2. Re:Funny thing is by danpsmith · · Score: 1
      by definition Quantum cryptography can not be run on real networks were you have to do things like routing.

      I don't know, I for one was persuaded by their guarantee that 50% of the time it works, everytime.

      --
      Judges and senates have been bought for gold; Esteem and love were never to be sold.
  10. Totally useless by Jimmy_B · · Score: 3, Insightful

    In practice, quantum cryptography doesn't achieve anything that regular crypto systems like SSL or ipsec don't. Quantum cryptography is theoretically unbreakable, whereas SSL is believed but not mathematically proven to be unbreakable. In either case, it's easiest for an attacker to compromise one of the endpoints, so it's not a big difference. SSL is cheap, easy and widely deployed. So why would anyone spend $100,000+ per link on untested quantum cryptography hardware, when you could roll out ipsec much more cheaply?

    1. Re:Totally useless by udderly · · Score: 1

      Step 1. Introduce unnecessary product with the words "quantum" or "nano" in it.
      Step 2. Get someone to post it on slashdot.
      Step 3. ???
      Step 4. Profit!

    2. Re:Totally useless by Anonymous Coward · · Score: 0

      Vendor kickbacks. This is the reason for *most* insanely bad technology/product procurement decisions in the corporate world.

    3. Re:Totally useless by Chirs · · Score: 4, Informative

      The benefit of quantum cryptography is in secure key exchange. With regular systems you don't know if someone is sniffing the packets going through your fiber.

      With quantum key exchange, the very act of diverting a photon to "sniff" it disturbs the signal enough that the far end can detect it.

      Once you've exchanged keys (at a low bit-rate) you then use standard encryption techniques to exchange the actual data.

    4. Re:Totally useless by jomama717 · · Score: 3, Informative

      I was about to post the same thing after reading this from the "MagiQ" website, linked from the article. The paragraph entitled "Quantum Cryptography" is very informative, assuming it is accurate.

      --
      while [ 1 ]; do echo -n -e "\xe2\x95\xb$((($RANDOM&1)+1))"; done
    5. Re:Totally useless by aetherworld · · Score: 1

      Oh no my friend. Quantum cryptography is for when quantum computers are actually available. Quantum computing eliminates the problem of prime/integer factorization so a quantum computer can break SSL within seconds.

      That's no longer a mathematical problem but a physical problem then.

    6. Re:Totally useless by bcrowell · · Score: 2, Insightful
      OK, so this company will sell a big ISP a way to build a line that's immune to theoretical future attacks using quantum computing. The problem is that it costs a large amount of money, and those attacks are only theoretical. Their web site says the threat is that someone could collect a large amount of SSL-encrypted data, then decrypt it someday in the future using a quantum computer. Well:
      1. Most criminals aren't in the habit of undertaking gigantic economic efforts for uncertain returns at some unknown date in the future.
      2. Hypothetical criminals who want to collect SSH packets for later analysis can collect terabytes worth any time they like, simply because the nature of the internet is that it's designed so that packets are passed through machines that aren't trusted. An ISP could spend $100k to get quantum encryption on 100 miles worth of fiber, but realistically, criminals don't need and don't have physical access to the fiber anyway.
      3. Very little data has the kind of long-term economic value that would justify this kind of effort by criminals. Their web site gives the example of medical data. WTF? Suppose I have gonorrhea. Thirty years from now, a Russian gangster says, "we have medical records from 2006, is proving you had gonorrhea; you pay us money, or we tell family." Is this a realistic threat?
      --
      Find free books.
    7. Re:Totally useless by Anonymous Coward · · Score: 0

      Unfortunately "sniffing" isn't the only possible man-in-the-middle attack. A more sophisticated one uses 2 copies of the hardware used at the endpoints to negociate 2 different keys with the two endpoints. Then it's just a matter of playing a translation game when next phase starts (exchange of actual data).

    8. Re:Totally useless by aetherworld · · Score: 1

      Who said you should buy it now? But once a quantum computer is finished, someone has the tool to decrypt all information ever encrypted with RSA (which is based on the fact that prime factorization cannot be solved with an acceptable O() complexity). That includes PGP, GPG, SSL.

      Better safe than sorry.

    9. Re:Totally useless by bcrowell · · Score: 1

      Once you've exchanged keys (at a low bit-rate) you then use standard encryption techniques to exchange the actual data.
      Correct me if I'm wrong, but doesn't this imply that the hardware this company is selling is completely useless with standard protocols? Using TCP/IP and SSH, for example, I assume there's no way to arrange to do the key exchange over one physical connection, and then switch to a different one for the actual exchange of data.

      --
      Find free books.
    10. Re:Totally useless by jomama717 · · Score: 1

      From what I gathered in the article and from the company's website I think any deployment would involve two boxes, on at the sender's end and one at the receiver's end, and all communication would be between those boxes using their own protocol. For example a supplier may have a particularly paranoid retailer that requests the use of this technology for all purchase order information. I've done jobs at companies that used dedicated lines for some trading partners in the interest of security, I think this is the same idea with the added benefit of the quantum encryption.

      --
      while [ 1 ]; do echo -n -e "\xe2\x95\xb$((($RANDOM&1)+1))"; done
    11. Re:Totally useless by E++99 · · Score: 1
      Oh no my friend. Quantum cryptography is for when quantum computers are actually available. Quantum computing eliminates the problem of prime/integer factorization so a quantum computer can break SSL within seconds.

      Sure, unless it turns out to be impossible.

      That's no longer a mathematical problem but a physical problem then.

      But right now, breaking quantum cryptography is a physical problem, not a mathematical problem. It's based upon the presumption that a photon cannot be detected without disturbing it. Contrary to various articles, this is not the Heisenberg Uncertainty Principle. Nor can it be proved mathematically. Maybe someone at the NSA already knows how to read photons without disturbing them! That's why mathematically provable security is the goal. You can't prove the difficulty of factoring or discrete logs either, but at least it's a very old problem. If you have extremely sensitive data, it would be, IMO, extremely stupid to wager its security on the accuracy of a single assertion of modern particle physics!
    12. Re:Totally useless by bcrowell · · Score: 1

      Hmm...OK, but then I have a hard time understanding the threat they hypothesize on their web site. The threat they talk about is that bad guys do packet sniffing, and record all the packets, anticipating that when quantum computers become available, they'll be able to decrypt them. If you're using a dedicated line, I don't see how that scenario works.

      --
      Find free books.
    13. Re:Totally useless by jomama717 · · Score: 1

      Yeah, not sure either. I imagine the companies that I worked at that did use dedicated lines did so as an alternative to using fancy protocols (AS1,2,3, sftp, etc.) so the benefit of the quantum encryption is suspect, I agree. Either the fiber optic line can still be shared or this product is relying entirely on its novelty (oooh... quantum ) for its success.

      --
      while [ 1 ]; do echo -n -e "\xe2\x95\xb$((($RANDOM&1)+1))"; done
    14. Re:Totally useless by scoonbutt · · Score: 1

      Amen. This is definitely "security by obscurity", since the quantum physics involved are obscure to pretty much everyone, including the people builing the encryption! Integer factoring is obscure, too, but it's been obscure for a very looooong time.

    15. Re:Totally useless by Beryllium+Sphere(tm) · · Score: 1

      Key exchange in the presence of an eavesdropper is a solved problem already.

      Don't waste resources reinforcing the strongest link in a chain.

    16. Re:Totally useless by Anonymous Coward · · Score: 0
      The benefit of quantum cryptography is in secure key exchange.
      I'm not very familiar with quantum cryptography beyond basic theory, but I have read enough to know about key exchange such as Elliptic Curve Diffie-Hellman. Considering you can derive a 256-bit shared secret in under a millisecond using modern implementations (e.g., Curve25519) for free using software, what benefits do I gain by spending thousands of dollars on these MagiQ boxes?
    17. Re:Totally useless by CryoPenguin · · Score: 1

      Right. There are already conventional key exchange algorithms that are as good as conventional encryption. If you're worried enough about conventional algorithms being broken to switch to quantum, then you have to use it for the data transfer too, not just for key exchange. (Unless your conventional algorithm is a one-time pad, in which case quantumly sending the key is enough. Which is actually how the standard formulation of QC works. But in terms of bandwidth usage, that's the same as sending the message over the quantum channel.)

      QC requires that you have a direct fiber-optic connection between the two parties. In short, what it provides is a guarantee that you'll notice if someone splices into your fiber, and gives you a chance to abort communication before the eavesdropper gains any information.

      If you use a dedicated line without the quantum part, that's proof against random people on the internet, but someone with a shovel and various optic hardware could still snoop on it (and then maybe break the conventional encryption). Too paranoid for you? sure, but some businesses/governments might not want to take even that risk.

      (yes, I am a quantum physicist)

    18. Re:Totally useless by fabs64 · · Score: 1

      If you're talking about using public private pairs then it's not a solution because they are provably breakable, just not practically.

      If you're not, then what are you talking about?

      Also PP pairs can be beaten by a true man in the middle attack

  11. It's strictly point-to-point. by porkchop_d_clown · · Score: 4, Insightful

    Worse, they talk about "repeaters" to extend the range past 120km - which is scary, because it implies they are decrypting/recrypting at the repeater.

    Can you say "Physical Security"? I knew you could.

    --
    Clear, Dark Skies
    1. Re:It's strictly point-to-point. by BeBoxer · · Score: 1

      Yeah, I noticed that too. I could be wrong, but I'm pretty sure that quantum encryption is based on measuring the properties of single photons. Any sort of repeater or amplifier is going to replace the original photons with new ones. Even an EDFA or Ramen amp is replacing the photons which enter the amp with (multiple) new ones. Sure, they have identical properties for the purposes of classical equipment, but the quantum properties aren't preserved. That's the whole point. Nothing can interact with the transmitted photons without detection. A classical amp would be detected. And if you invented some quantum amplifier which could increase the distance without detection, that box could be used as a tap.

      Basically, this is doomed to only be useful on short, dedicated, fiber circuits. The range can't be increased with current technology, and any future technology which can increase the range can almost certainly be used to copy (sorry, "teleport" as the quantum guys would say) the encrypted stream.

    2. Re:It's strictly point-to-point. by raftpeople · · Score: 2, Insightful

      If the repeater decrypts and then re-encrypts the message for further transmission then you can extend the range. Clearly that opens up the problem of tapping into the repeater, but with good physical security it's better than nothing.

    3. Re:It's strictly point-to-point. by Bender0x7D1 · · Score: 1

      You also lose half of your Q-bits at each repeater. Since it relies on the sender and receiver being in-phase with each other, there is a 50% chance they aren't and what the receiver detects is worthless. (Either + or x configuration.) So if we have 3 "routers" we only end up with 1/16 of the key bits originally sent - 1/(2^4) - since we also have to count the receiver as missing half of the bits.

      If we are talking a New York to Los Angeles connection, with only 120km per link, we would need at least 30 repeaters so would get 1/1000000000 of the bits through. Definitely NOT a long range solution.

      --
      Reading code is like reading the dictionary - you have to read half of it before you can go back and understand it.
    4. Re:It's strictly point-to-point. by Chirs · · Score: 1

      I wonder if you could build some sort of repeater that doesn't actually "look" at the photons, but rather entangles a new photon in such a way that it aquires the properties of the old photon, while the old photon is destroyed.

      Thus, you would preserve the quantum encryption because you didn't actually extract any information from the system.

      Seems like it would work from an information theory point of view...not sure how you would do it from a practical perspective.

    5. Re:It's strictly point-to-point. by Anonymous Coward · · Score: 0

      That would accomplish nothing. Photons don't get 'tired': your 'fresh' one would be just as good as the old one. To compensate for 50% loss every x km of fiberoptics there's no way around it you have to *amplify* the signal: receive one photon and emit two copies of it. This doesn't work from a quantum information theory point of view.

    6. Re:It's strictly point-to-point. by BeBoxer · · Score: 1

      Sure, it's better than nothing. But is it better than a conventional encryption box which you can buy today for much cheaper? And works over any type of link?

    7. Re:It's strictly point-to-point. by tbo · · Score: 1

      Disclaimer: IAAQIR (I Am A Quantum Information Researcher).

      Worse, they talk about "repeaters" to extend the range past 120km - which is scary, because it implies they are decrypting/recrypting at the repeater.

      Not necessarily. It's possible in principle to build a "quantum repeater", which receives, "purifies", stores, and retransmits qubits without measuring them. By purification, I mean using either quantum error correction, or quantum entanglement distillation in conjunction with quantum teleportation. Such a scheme was proposed by Duan, et al, in Nature 414 413 (2001).

      Duan's scheme gives polynomial scaling of resources with distance, which is good news. The bad news is that building a quantum repeater requires reliable quantum memory, which is experimentally difficult.

      The lower tech alternative is "cascading" or simple chaining of QKD transceivers. The catch here is that if one of the intermediate transceivers is tampered with and compromised, you lose.

  12. In Other News ... by Diglielo · · Score: 2, Funny

    Founder of quantum cryptography company predicts widespread adoption within three years.
    Inventor of Segway predicts widespread adoption within three years.
    Executive of personal hovercraft company predicts widespread adoption within three years.
    Early investors in free energy scheme predict widespread adoption within three years.

    1. Re:In Other News ... by Anonymous Coward · · Score: 0

      My quantum cryptography is full of eels.

    2. Re:In Other News ... by Harmonious+Botch · · Score: 1

      Yes...but he looked at it. So now its going to happen.

    3. Re:In Other News ... by sgt.greywar · · Score: 1

      Indeed this reeks of a developer trying to market an unfinished and unrefined "product" that no one actually needs just yet.

      --
      Laborare Est Orare
  13. More Than One Way To Do It Again by Doc+Ruby · · Score: 2, Funny

    Perl already does QM programming. Maybe the entanglement timemachine experiment in Spring 2008 will have been successful, and Perl hackers willam haven been sending code through the loop back to the 2002 CPAN?

    --

    --
    make install -not war

  14. Quantum Crypto does not solve anything! by tradeoph · · Score: 5, Interesting

    I can't stand all the hype around Quantum Crypto. If you have a close look at it, you'll see that it doesn't solve anything...

    When you transmit bits with QC the law of physics guarantee that nobody will see them, even if some genius breaks all the math behind classical crypto. This is all very well but the throughput is too low, thus QC is used to transmit a key which is then used to encrypt the data. Thus you still need symmetric crypto to encrypt your data.

    Now, something everybody seems to ignore: QC does not authenticate the transmission. I can buy two magiQ boxes and set up a man in the middle attack. QC can not prove whether you are exchanging bits with the original sender or with some monkey in the middle. To solve this problem the QC vendors suggest:

    • Physical monitoring of the fiber: if you can guarantee nobody touches your fibre, you don't need any crypto!
    • Using certificates: Ooops, so now we need asymmetric crypto too, so our QC system relies both on symmetric and asymmetric crypto. Why do we need QC for then?
    • Use a shared secret that is programmed into the boxes when they are delivered: If you already have a shared secret, you don't need to exchange a key with QC, you can derive the key from your shared secret...
    So even if you use QC, you still need to rely on all the classical crypto to make it work. So it is just as good as classical crypto, without routing.
    1. Re:Quantum Crypto does not solve anything! by marcosdumay · · Score: 1

      Well, the shared secret does not really work. But it's being pushed by the same people that hype QC...

      --
      Rethinking email
    2. Re:Quantum Crypto does not solve anything! by LiquidCoooled · · Score: 1

      Your analysis corresponds with what I said right at the start, snake oil.

      The principle of sending a single photon down the tube and ensuring nobody can measure it without effect is well understood, however there is no method currently to send a single photon down the 120km tubes.

      These magic black boxes have to rely on other information to know whats happening (Signal strength, signal variation, timing etc).

      Security by obscurity is no substitute.

      If it really was a magic box, the whole 120km could be out in the open public streets and the boxes would know whether the signal was intercepted or monitored.

      --
      liqbase :: faster than paper
    3. Re:Quantum Crypto does not solve anything! by da+cog · · Score: 3, Insightful

      You post sounds like it is based on a misconception that QC is allowing Alice to transmit to Bob a secret. This is not what is going on at all; rather, a shared secret is being generated that Alice does not even know until the end of the process. In classical crypto, a man could sit in the middle and figure out the secret that is shared between Alice and Bob. In properly implemented quantum crypto, however, this is not possible. The best he could do -- using the very man in the middle attack that you described -- is to have one secret that is shared with Alice, and a separate secret that is shared with Bob, when Alice and Bob both think that they have a secret that is shared with each other. It is unlikely that Alice and Bob would take very long to notice that they are using different keys, given that this would produce garbage in every single message that they exchanged.

      It's true that he could then hijack ALL communication channels between Alice and Bob, decrypt messages using one key and then re-encrypt them using the other, but... it would probably be easier just to bribe the people doing the transmitting and receiving to tell him what the messages were. I don't think that most people who are serious about security are claiming that QC is a miricule cure, just that it makes one part of the system much, much more secure.

      It might be the case that the benefit is not worth the cost, given that the weakest link tends to be the human element, but this is much different than it being "just as good as classical crypto", or a form of "snake oil".

      --
      Snarkiness is inversely proportional to wisdom because it emphasizes feeling right rather than being right.
    4. Re:Quantum Crypto does not solve anything! by kyb · · Score: 2, Insightful

      Only benefit of QCrypto over classical crypto: It stops evesdropping. Problem: It doesn't stop some forms of man in the middle. All this stuff you've said is true, but I don't think it really contradicts the parent. QCrypto is hyped as being unbeatable, which it clearly isn't. The massive effort you think it would take to hijack ALL communications channels between Alice and Bob, is really not that big a deal- you wouldn't man in the middle the QCrypto link unless you knew the other channel the message is going over and could MitM that too. I'm still massively unimpressed with QCrypto. On top of that, there are other ways that may be just as effective at stopping evesdropping, see "hold the photons" by Bruce Scheier in wired.

    5. Re:Quantum Crypto does not solve anything! by Ernesto+Alvarez · · Score: 1

      But the point is that no matter how good is QC, all an attacker has to do (provided he cannot bribe an operator or infiltrate a spy) is to buy two of these boxes and set a man in the middle attack.
      Assuming nobody does something stupid with keying material in classic cryptography, these boxes are as good as any other diffie-hellman boxes you could buy for much less.

      These devices provide a means of not getting your keys compromised because someone had the chance to copy them, but is does nothing else. It has some advantages, but they're not so great.

      Plus, as someone else posted, after the man in the middle attack the fibre is broken and has to be replaced. Nasty, even if you just cut the fiber to deny the use of the channel.

      --
      GPG 0x1B479C78
    6. Re:Quantum Crypto does not solve anything! by Vellmont · · Score: 2, Insightful


      It's true that he could then hijack ALL communication channels between Alice and Bob, decrypt messages using one key and then re-encrypt them using the othe

      I thought this is EXACTLY what a man-in-the-middle attack was. If you have another communication channel that doesn't have an attacker between Alice and Bob, Alice and Bob are always going to figure out that they aren't sharing the same key.

      but... it would probably be easier just to bribe the people doing the transmitting and receiving to tell him what the messages were

      Well sure.. but it's also easier to do that than crack conventional cryptography. So given this, what advantage does quantum cryptography have?

      --
      AccountKiller
  15. Troll is almost entirely incorrect by billstewart · · Score: 3, Informative
    Quantum Cryptography is established real technology. It's not particularly *useful*, but it's real.


    You won't have gaping security holes in the last mile if you buy this stuff - it's designed to work on end-to-end dark fiber. You'll still need crypto for other reasons, and you'll still have gaping holes inside your wiring closets, but last mile won't be a problem. The range of the system is 120km, so if you're trying to connect buildings together that are farther apart than that, you do have a physical security problem you'll need to manage at your repeater locations.


    This won't increase your phone bills unless you buy it. It's not a system designed for carriers to put in their network backbones - it's designed for an end-user customer to buy dark fiber service between a pair of buildings and put these boxes on the ends. The carriers generally charge a pile of money for that kind of service, and the more people buying it, the better their economies of scale, so if you're a consumer who's not buying this, that's slightly positive for you.


    The carriers won't need to pay them with quantum money - the end customers will need to pay in real money...

    --

    Bill Stewart
    New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
    1. Re:Troll is almost entirely incorrect by Beryllium+Sphere(tm) · · Score: 1

      >if you're trying to connect buildings together that are farther apart than that, you do have a physical security problem you'll need to manage at your repeater locations.

      In quantum terms, a repeater is the same as a measurement. If they can run through repeaters, they're not relying on quantum physics for security. If their claims are correct, they're limited to the length of unrepeated fiber.

      Problem is, even without the trivial attack that Shamir proposed a decade ago, it's hard to see what real security need this technology answers. It does low bit rate secure key distribution. There are already secure key exchange algorithms, and if you don't trust those you can put a DVD of key material into the next armored car run, and if you don't thing armored cars are secure enough you can put it in a tamper-resistant container inside a box full of decoys, and if you don't trust that then buy insurance.

  16. Fiber costs matter more than hardware here by billstewart · · Score: 1
    Remember that the users aren't just buying the hardware - they also need to get dedicated end-to-end fiber. In some cases, that can be cheap (e.g. you're just going down the street and you can rent conduit and run your own fiber), but if you're buying telco services and going any distance, you're usually going to be dropping a few tens of thousands of dollars a month. In some parts of George-Gilder-Land, it's cheaper than that, but not usually.


    There are some economies of scale for the telcos if they start dealing with more dark fiber, which would be a fine thing, but the monthly costs are going to limit the user base more than the $100K hardware cost. The real tradeoff is between the service costs and the ability to distract auditors by pointing at the high-tech shiny thing.

    --

    Bill Stewart
    New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
  17. This isn't about network backbones by billstewart · · Score: 1
    It sounds like you think this device is being made for telcos to put into their network backbones to make them more secure, and you're saying that you'd rather have them upgrade either the network backbones or the access connections to your house? That's not what this is for.


    This is a device that security-paranoid end users like banks or governments can buy, to put on the ends of building-to-building dark fiber service that they'd rent from the telcos. The reason a vendor like this would be working with telcos is to deal with service technology issues like fiber splices, and general service issues like finding out where dark fiber is available or can be constructed.

    --

    Bill Stewart
    New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
  18. I'm Ready! by ReidMaynard · · Score: 1

    I just ordered my Flying Car today, with optional quantum encryption!

    --
    -- www.globaltics.net

    Political discussion for a new world

  19. Dumbest idea ever by saleenS281 · · Score: 1

    So they're going to spend billions implementing encryption on the wire why? AT&T of all carriers should see what a stupid investment that is. NOBODY in their right mind would trust them with secure data anymore. Cats out of the bag, you help the gov't spy on people. As if I or anyone else is going to believe you won't give the US Gov't special access to unencrypted data. Leave encryption up to the end users.

  20. We already have good cryptography... by Bugs42 · · Score: 1

    It's called ROT-26 and I'm using it right now.

    --
    Programmer: an ingenious device that converts caffeine into code.
  21. You're argument is incorrect by wwwrench · · Score: 2, Insightful

    I had mod points, but what the hell, this is an important point....

    You are correct in pointing out (as most responsible qcrypto people do), that qcrypto needs authentication.

    However, your argument doesn't follow


    So even if you use QC, you still need to rely on all the classical crypto to make it work. So it is just as good as classical crypto, without routing.


    The reason is that:

    1) The authentication only needs to be secure for a second or two. I just use it foil a man-in-the-middle-attack or authenticate part of the protocol. So, if I use public key authentication, and the public key is then cracked, no problem, I've already used it to authenticate. The cracked key is now useless to the attacker. So, my attacker may even have a quantum computer, but she would still need more than a few seconds to crack the classical crypto.

    2) Authenticating a message uses a very small amount of key (logarithmic), so if I start off with a small key from magicQ, then I can expand it, thus generating an arbitrary large amount of secret key from a tiny "seed". Thus sometimes, qcrypto is called "key expansion".

    So, if you want to protect your data against future attacks (who knows how good algorithms and computers will get), or when we start needing to worry about quantum computers, then we will have to switch to quantum crypto-- it is just a matter of time.

    As an aside, no responsible qcrypto person would suggest monitoring the fibre as a solution.

    --

    Deconstruct the State
    1. Re:You're argument is incorrect by Rich0 · · Score: 1

      So, if I use public key authentication, and the public key is then cracked, no problem, I've already used it to authenticate. The cracked key is now useless to the attacker.

      Only if you can generate and communicate securely a new public key every time the link goes down. I guess it is possible in theory. Also - this assumes that you can't crack a public key in realtime - unlikely but theoretically possible. If an interceptor can crack asymmetric crypto quickly enough then you won't be able to spot him.

      If you don't reauthenticate frequently there might also be attacks that depend on timing and switching the channel back and forth from a direct conneciton to an intercepted/retransmitted one. These could probably be defeated with good design (simultaneous key-exchange and authentication).

    2. Re:You're argument is incorrect by lakiw · · Score: 1

      I think I remember reading that MagicQ uses a second data channel for authentication that is not "encrypted" by quantum cryptography, (it's closer to steganography than encryption). The quantum channel has a 50% loss rate due to the craziness of quantom mechanics. In fact that's how they try to prevent replay attacks since if someone sniffs it they only see 50% of the data, and when they resend what they have the receiver see an error rate of 75% instead of the normal 50%, (aka 50% of 50%). The receiver then uses the data channel which is encrypted useing a shared key to relay what it's error rate was, and which quantum bits it was able to read. For example if the sender sent the following message

      1011100101

      and the receiver replied that it saw bits 1, 2, 5, 8 and 9, both of them would save 10110 as the key to use in a different device, (aka this is a way to transmit keys to be used in conventional encryption devices). You could use this to send conventional traffic as well, but the 50% bit loss rate is a killer.

      It's not perfect security since it relies on conventional encryption techniques so it's still possible to do a man in the middle attack against it, but depending on how they implimented the data channel such an attack might be hard to pull off. That being said, I have a hard time thinking of a problem where this would be a good cost-effective solution for it.

    3. Re:You're argument is incorrect by Vellmont · · Score: 1


      1) The authentication only needs to be secure for a second or two. I just use it foil a man-in-the-middle-attack or authenticate part of the protocol. So, if I use public key authentication, and the public key is then cracked, no problem, I've already used it to authenticate.

      err.. OK. And when you need to generate a new public key (because your original one was cracked) how do you transmit it to the other party? How did the other party get the original public key?

      --
      AccountKiller
  22. SSL is quite breakable by ab762 · · Score: 2, Informative

    as it relies only on being intractable. Throw enough (quantum) resources at it, and it is directly breakable. The fact that on average it takes CPU-centuries is irrelevant to "unbreakable".

    1. Re:SSL is quite breakable by ifoxtrot · · Score: 1

      I don't tend to be particularly picky, but talking about SSL as though it is an encryption algorithm is a tad inaccurate.

      SSL is a protocol which can make use of a wide variety of different encryption algorithms in different manners. There's an asymmetric encryption element, mainly for authentication & session key exchange, and a symmetric encrpytion element for the secrecy of ongoing communications. Talk about "breaking SSL" is somewhat misleading -- I think talking about breaking RSA, Diffie-Hellman, DES or AES is much more precise, and meaningful.

      Lets face it, if a quantum computer somehow arrives that can factor numbers bigger than 15 (current limit I believe), asymmetric encryption algorithms will be much more shaky, but that doesn't necessarily mean the end of symmetric encryption.

    2. Re:SSL is quite breakable by ab762 · · Score: 1

      Absolutely - you can even configure SSL to use no encryption at all.

  23. Wretched Flaccidity. by hypoxide · · Score: 1

    Great, now hackers are going to need degrees in quantum physics just to steal porn.

    --
    Anything can, could, and will happen.
  24. Hrm. by porkchop_d_clown · · Score: 1

    It's an interesting idea, I honestly don't know.

    --
    Clear, Dark Skies
  25. Nope, it actually works by Mr.+Firewall · · Score: 1

    What happens if you splice the line and put a repeater in that also reads the data passing through it?

    Uh, Dude, you need to do a little bit of reading on quantum cryptography.

    The whole point is that you can't do that. Well you can do it, but... everything goes "poof".

    --
    In times of universal deceit, telling the truth gets you modded -1 Troll
  26. Power Switch by Anonymous Coward · · Score: 0

    I heard there will be a 3-way power switch for the box; on, off and both.

  27. Quantum computing and DNF by adrianbaugh · · Score: 1

    Quantum computing cards will be a requirement for Duke Nukem Forever. That's why it's taking so long to ship... So when these become widespread, DNF will surely not be far behind!

    --
    "'I pass the test,' she said. 'I will diminish, and go into the West, and remain Galadriel.'"
    - JRR Tolkien.
  28. Stop the Myth by rdv · · Score: 1

    About half the comments here are on base; some of the others are way out in the weeds. Those who are interested in this topic might like my blog posting at Stop the Myth. It includes some links to some relatively sane analyses of what QKD will and will not be useful for. I do expect QKD to be useful at some point, but at the moment I expect its utility to be in restricted settings. Quantum repeaters are a long way off; they are one of my current research topics. They will be useful for general distributed quantum computation, as well as QKD.

  29. Long term secrecy by Ignatius · · Score: 1

    I work at a research company which designs, among other things, quantum crypto hardware. One important aspect of quantum crypto is that, once the channel is authenticated, the communication (more more precisely: the establishment of the key) cannot be wiretapped and stored away for later decryption. It's basically a method to strech a pre-shared secret (necessary for authentication) almost arbitraily, which can then be used as one-time-pad to encrypt the subsequent classical communication, rendering it unconditionally secure.

    This makes sense if you need your secrets to last for a very long time in the face of a determined and resourceful attacker, outlasting potential breakthroughs in mathematics or quantum computing. Of course, only few customers actually need this level of security. However, if the secrets you are protecting are worth several billions, the cost for quantum hardware can be negligable, esp. when compared with all the other security measures you will have to take to make up a secure overall system.

  30. US Gov't Secret "Super Quantum" bit by XHIIHIIHX · · Score: 1

    Thing is, the Gov't has got a quantum superbit that can monitor the activities of all the other quantum bits. So they don't need the telco's to sniff traffic glue for them anymore, they can get the really good stuff while sitting under cheyenne mountain. That's my theory and I'm sticking to it.

  31. Known Unknowns by Anonymous Coward · · Score: 0

    I would not rush to adopt quantum cryptography. It's a field in a state of flux (no pun intended) with regular breakthroughs, and plenty of unsolved problems. In the absence of a complete theory of physics, and the amount of research into coherence, non-destructive inference of quantum states, etc., it seems premature to be using hype and buzz words like 'impossible'. The discrete logarithm problem has withstood three decades of analysis - the irony being that the realization of practical quantum computing would render it obselete - and yet mathematicians have still not proven that this is a 'hard' problem in classical computation. QM is a fascinating field, and it's reasonable to expect breakthroughs that nobody has forseen. Exciting times for science, but it demands a healthy level of scepticism and constructive criticism by the cryptographic community.

  32. Re: Long term secrecy: there are much cheaper ways by zielaj · · Score: 1

    The point about long-term secrecy is interesting, however, it can be cheaply addressed with classical cryptography, in a provably secure way (NOT depending on any computational assumptions like RSA).

    http://athome.harvard.edu/dh/hvs.html

    You still need more assumptions than with QC, which is why I don't exactly buy this approach, but if you really need long-term security, you might consider this scheme.

    As for QC, it is expensive, point-to-point only, and makes sense only if you are worried about somebody breaking RSA or a similar problem. But the worst thing about QC is that we have no practical experience with it. QC may be theoretically unbreakable, but what about all the accompanying software and the normal communication channels that are necessary for QC to work, and standard attacks against those channels? QC is not only quantum transmission, but the whole suite of accompanying (classical) protocols, whose implementation might be seriously broken. We don't know. Why should anyone spend large amounts of money on something that may be, and in the current implementation probably is, broken and not secure at all?

  33. QC of ROT256 by DonZorro · · Score: 1

    Quality Control of ROT256 will secure all your information

    1. Re:QC of ROT256 by bartman227 · · Score: 1

      I'm sorry I can't post my opinion here...this is not a secure line. *Click*

  34. Mod -1 by Anonymous Coward · · Score: 0


    Mod -1 "About as funny as a burning orphanage"

  35. Re: Long term secrecy: there are much cheaper ways by Ignatius · · Score: 1

    from http://en.wikipedia.org/wiki/Hyper-encryption:
    "hyper-encryption can be proved to be information-theoretically secure, providing the storage bound cannot be surpassed."

    Assuming a limited amount of storage for your adversary is a much more optimistic assumption than the mathematical assumptions underlying conventional encryption schemes and not comparable to the unconditional security provided by quantum crypto. It basically relies on the fact that the rate of both, the entropy source as well as the communication channel times your maximum communication latency is lower than the capacity of any feasable storage device. I doubt that this conditions can be reliably met, at least in the realm of fiber-bound communication (certainly not, if you want it to be cheaper than current quantum schemes).

    As for the novelty of quantum crypto: Of course, there is not much practical experience, but this is the same with any new classical encryption algorithm. The problem is also easily avoided: Simply sandwich the quantum crypto between two layers of conventional cryptography, all with their own authentication and key-setup. Nobody is suggesting to completly replace classical crypto by quantum, after all. - It's just another brick in the wall of your overall security system (and the rest of the wall, esp. the human portion, is usually the expensive part).