Slashdot Mirror
Scientists Make Quantum Encryption Breakthrough
Madas writes "Scientists working in Cambridge have managed to make quantum encryption completely secure (registration required) by
putting decoy pulses in the key transmission stream. According to the story this paves the way for safe, encrypted high-speed data links. Could this allow completely private transmission of data away from snooping eyes and ears? Or will it mean film studios can stop movies from being copied when traveling on the internet?"
My girlfriend makes them all the time.
I'll form my OWN solar system! With blackjack! And hookers!
... not encryption. Quantum encryption or even computing is as pie in the sky as ever.
Or will it mean film studios can stop movies from being copied when traveling on the internet?
No. Not at all.
Quantum "encryption" foils interception of a data stream. That has nothing to do with copying a file and resending it once it reaches its destination.
You don't really have a girlfriend. But top marks for thinking anybody would ever believe you!
Researchers have managed to close a loophole in quantum cryptography that could allow a hacker to determine a secret key transmitted using the technology.
Working at Toshiba Research Europe in Cambridge, scientists found that laser diodes used to transmit keys used to encrypt data, known as Quantum Key Distribution (QKD), sometimes transmitted more than one photon at a time. Quantum encryption works by transmitting key data as a stream of single photons.
Should an eavesdropper try to intercept the transmission, monitoring a single photon would change the state of that photon, and this would make both ends of the transmission aware that the data had been eavesdropped. However, the laser diodes can sometimes transmit more than one photon and so a hacker could monitor the second photon, leaving the first photon unchanged and this would not alert anyone that the key transmission had been compromised.
But scientists have now added decoy photons to the key data. When an eavesdropper now tries to monitor extra photons, they will also monitor the decoy photons. Scientists said these decoy photons or "decoy pulses" are weaker on average and so very rarely contain two or more photons.
If an eavesdropper attempts a pulse-splitting attack, they will transmit a lower fraction of these decoy pulses than signal pulses. By monitoring the transmission of the decoy and signal pulses separately this type of intervention can be detected, according to scientists.
By introducing decoy pulses, the researcher found that stronger laser pulses could be used securely, increasing the rate at which keys may be sent. By using this method keys could be transmitted securely over a 25km fibre to an average bit rate of 5.5kbits/sec, a hundred-fold increase on previous efforts.
"Using these new methods for QKD we can distribute many more secret keys per second, while at the same time guaranteeing the unconditional security of each," said Dr Andrew Shields, Quantum Information group leader at Toshiba Research Europe. "This enables QKD to be used for a number of important applications such as encryption of high bandwidth data links."
The researchers also discovered a second method to push bit-rates even higher for QKD. The scientists have created the first semiconductor diode that can be controlled with electrical signal input to emit only single photons at a wavelength compatible with optical fibres. This 'single photon source' method eliminates the problem of multi-photon pulses altogether, claimed the research.
The single photon diode has a structure similar to an ordinary semiconductor light emitting diode (LED), but measures just 45 nm in diameter and 10 nm in height. The dot can hold only a few electrons and so can only ever emit one photon at a time at the selected wavelength. The source operates with only electrical signals, which is essential for practical applications such as QKD. Initial trials with the new device, reported recently in the scientific journal Applied Physics Letters, showed the multi-photon rate from the device to be fives times lower than that of a laser diode of the same intensity.
What is the last sentence doing there: "Or will it mean film studios can stop ..."? It's clear from the preceding text that that (i.e., copy while travelling, not copy afterwards) is one of the potential uses. So it's completely redundant. At the same time, the implicature of this particular phrase suggests Something Bad: Big Companies are trying to stop You from your Right To Download, or something akin, implying that these "researchers" have hidden agendas and are enemies of open source, Linux, Ruby, Apache and probably of world peace. That's of course complete and utter nonsense, so the last sentence should have been cut out by the editor. Why didn't that happen? And what's the link to www.absolutegadget.com doing there? Who gains by putting this link on the /. front page?
If you're only protecting the transport from spying eyes (with quantum encryption or whatever), that's only a part of what you need to protect your data.
This is the same reason why many, if not most, "SSL-protected" or "SSH-protected" servers are really sitting ducks: interesting data is still sitting in the clear on the endpoint servers' hard drives. (And don't get me started about "AUTH TLS" email forwarding...)
I've seen summaries with better understanding of technical topics in my local, small town, tabloid newspaper.
Really what nerd approves a summary like that?
Quantum encryption is quite a misleading expression since the quantum mechanics is only used to securely transmit a cryptographic key ... not encrypting the message.
The biggest drawback of this technology is not that it is in fact a key distribution method rather than an encryption scheme. It is that, as with pretty much all QKD systems, this only works if you have a continuous fibre-optic cable from one end to the other. That might be fine for linking two embassies or two military facilities but it makes it a bit useless for the Internet.
If intelligent life is too complex to evolve on its own, who designed God?
Now I can make posts on slashdot without anyone being able to read them. Privacy at last!
'DVD' Jon breaks quantum encryption, APS sues claiming its against the laws of physics.
Elsewhere in the comments people have correctly pointed out that it isn't encryption at all and that it is fundamentally incompatible with any router, switch, bridge or even repeater.
There's also the limit of 5.5 kbps, though that might be improved.
The issue that should have killed this idea ten years ago when Shamir pointed it out is that an attacker who has spliced the fiber can read the polarizer without ever looking at a single one of the transmitted photons.
Send the $#$@! key material by bonded courier in a tamper-evident package if it's that important. If for some reason that's not enough then split (e.g. Blakely-Shamir) the key material into shares, send each separately, and recombine when needed.
The process obviously won't stop copying material but my question is could the same or a similar technology be used to create a dedicated display screen? Let's say with quantum entangled particles as an example you directly drove a screen from a linked source. For every screen manufactured a dedicated chip was loaded into the system linked to your display device. No lines would be needs to transmit the data but like a traditional TV reciever there would be no signal to tap it simply drives the screen. You order your content on demand and there's nothing to record so no piracy but if it was a one time purchase situation you wouldn't have to worry about lost, damaged or degraded media. It would solve most of the complaints except for those wanting free material. It would eliminate a lot of the distribution issues and end the dependence on satelites. No more screwed up signals when there's a lot of solar activity. Granted we're talking decades away but there is a potential for secured storage and distribution of media.
Actually, quantum encryption and computing are different things.
Quantum encryption is, well, basically nothing about using quantum mechanics to _encrypt_, but to send the key (and maybe the data too). The idea is that you send single photons. So basically if someone tapped into the line, you can't split the photon and get only a bit of the signal. Either you get it or the endpoint gets it, but not both. It makes man-in-the-middle attacks a bit harder. In fact, it claims to make it outright impossible.
Since the whole idea here is to elliminate the possibility for a man in the middle, intrusion detection is something valuable. Mind you, if the sending single photons was as un-interceptable as originally claimed, intrusion should be simply not possible, so I'm a bit stumped as to why would they want to detect something impossible. Maybe they know something we don't about how impossible it really is? (E.g., come to think of it, a laser kind of device inserted on the line could multiply that original photon thousands of times, all the clones having the exact same phase, polarisation, whatever.)
It may be pie-in-the-sky, I don't know, but at least it's one of those sane ideas that aren't too impossible to understand even for the layman. The only "quantum" thing about it is that you send individual quanta of light, i.e., photons. Since it's only one and it's indivisible, only one endpoint can get it. All simple and sane, IMHO.
Quantum computing, on the other hand, I don't know... there must be some sane researchers out there who know what they're doing, no doubt. But the media and marketting hype has drowned it all in so much bullshit it could fertilize a few acres, so from the layman (even with a decent grasp of physics and computing) point of view, it's hard to even tell what it would _really_ do, how it would work at all, and how would it be useful at all.
I've even seen such bullshit claims like that it basically holds all possible states at the same time, so it can calculate anything instantly, since the solution state is already one it simultaneously holds. Which is blatantly bull. If it simply holds all possible states at the same time, that's as good as saying that it has no state at all, or you can't measure it. To get an answer out of the computer, you need to get out of it a particular state which represents the result of the calculation. By that logic I could give you a CD with all possible 4 million DWORD (4 byte, 32 bit) values, from -2 million to 2 million, one of which is the result to your problem. There you go, any problem that has a DWORD result already has the result on that CD, so it was "calculated" instantly. Isn't it an impressive feat? I don't even know your problem, but that CD already has the result to it. It's also completely freakin' useless, if you don't know which one of them. That CD as such holds no more actual usable information that that it's a 32 bit number, which you knew in the first place.
Not saying that that's what the actual researchers study, but that's the kind of bogus info that you see from the outside. It's damn hard to tell if it's actually something that might work, or just snake oil to get a clueless VC's money. On par with extracting free energy out of water, the Infinium console, and other such fine con schemes that some people actually dumped millions into.
The only sorta working quantum implementations so far, are basically not even as much quantum computers as hyped, as glorified analog computers. The thing about quantum mechanics is that 99% of it are probabilities.
As some trivial examples, you can't tell for example exactly where an electron is in a potential well (e.g., in a CMOS transistor), or in some cases even if it is still in the potential well or it's out of it already, but you can calculate a probability cloud of, basically, what are the chances of it being in this particular point. Or if you do interference with electrons (think the school physics experiment with shining a light through two thin slots, o
A polar bear is a cartesian bear after a coordinate transform.
Assuming the receiving mail server has a correctly signed certificate, it is practically impossible to intercept the mail in transit from one server to another. The catch it, the encrypted path is not guaranteed from end-to-end. If I send you an email, I will send it over a TLS connection to my mail server. It will then send it to your mail server (identified by MX), which may then forward it for several hops before it actually reaches you. I have no way of guaranteeing that the connection is secure beyond the first hop (my laptop to my mail server). Anything else might be no better than plain text because it might be plain text. If you want secure email, you need to use some kind of end-to-end encryption such as PGP and make sure you exchange keys over a secure out-of-band channel. Or, you can just accept that email isn't secure.
I am TheRaven on Soylent News
Yeah, cos that's a great use of the tag system. Can't wait for the moment a few months hence where I need to find all articles where the headline wasn't proof-read. Just like I want to look up all the stories where someone made a mistake (search 'doh'), find all the Steve Balmer articles (search 'chairthrowing') or all the stories about problems for trad Slashdot villains (search: 'haha')
The tag system is broken, but there's nothing wrong with the implementation. People can't tag correctly. Look below, all real tags.
The point being that you can use the eavesdropper-aware channel to exchange a key-pair that you KNOW hasn't been intercepted. After that you can use any medium as your safe channel.
It seems to me that the search system can already find articles via keywords. Tags are most useful when they add meta-information that cannot be inferred by a keyword search. Whilst it's unlikely "proofyourfuckingheadlines" is going to be useful for many people, tags like "haha" and "doh" might be conceivably useful, as they give information beyond a search for words in the article summary could provide.