Slashdot Mirror
Scientists Make Quantum Encryption Breakthrough
Madas writes "Scientists working in Cambridge have managed to make quantum encryption completely secure (registration required) by
putting decoy pulses in the key transmission stream. According to the story this paves the way for safe, encrypted high-speed data links. Could this allow completely private transmission of data away from snooping eyes and ears? Or will it mean film studios can stop movies from being copied when traveling on the internet?"
Researchers have managed to close a loophole in quantum cryptography that could allow a hacker to determine a secret key transmitted using the technology.
Working at Toshiba Research Europe in Cambridge, scientists found that laser diodes used to transmit keys used to encrypt data, known as Quantum Key Distribution (QKD), sometimes transmitted more than one photon at a time. Quantum encryption works by transmitting key data as a stream of single photons.
Should an eavesdropper try to intercept the transmission, monitoring a single photon would change the state of that photon, and this would make both ends of the transmission aware that the data had been eavesdropped. However, the laser diodes can sometimes transmit more than one photon and so a hacker could monitor the second photon, leaving the first photon unchanged and this would not alert anyone that the key transmission had been compromised.
But scientists have now added decoy photons to the key data. When an eavesdropper now tries to monitor extra photons, they will also monitor the decoy photons. Scientists said these decoy photons or "decoy pulses" are weaker on average and so very rarely contain two or more photons.
If an eavesdropper attempts a pulse-splitting attack, they will transmit a lower fraction of these decoy pulses than signal pulses. By monitoring the transmission of the decoy and signal pulses separately this type of intervention can be detected, according to scientists.
By introducing decoy pulses, the researcher found that stronger laser pulses could be used securely, increasing the rate at which keys may be sent. By using this method keys could be transmitted securely over a 25km fibre to an average bit rate of 5.5kbits/sec, a hundred-fold increase on previous efforts.
"Using these new methods for QKD we can distribute many more secret keys per second, while at the same time guaranteeing the unconditional security of each," said Dr Andrew Shields, Quantum Information group leader at Toshiba Research Europe. "This enables QKD to be used for a number of important applications such as encryption of high bandwidth data links."
The researchers also discovered a second method to push bit-rates even higher for QKD. The scientists have created the first semiconductor diode that can be controlled with electrical signal input to emit only single photons at a wavelength compatible with optical fibres. This 'single photon source' method eliminates the problem of multi-photon pulses altogether, claimed the research.
The single photon diode has a structure similar to an ordinary semiconductor light emitting diode (LED), but measures just 45 nm in diameter and 10 nm in height. The dot can hold only a few electrons and so can only ever emit one photon at a time at the selected wavelength. The source operates with only electrical signals, which is essential for practical applications such as QKD. Initial trials with the new device, reported recently in the scientific journal Applied Physics Letters, showed the multi-photon rate from the device to be fives times lower than that of a laser diode of the same intensity.
What is the last sentence doing there: "Or will it mean film studios can stop ..."? It's clear from the preceding text that that (i.e., copy while travelling, not copy afterwards) is one of the potential uses. So it's completely redundant. At the same time, the implicature of this particular phrase suggests Something Bad: Big Companies are trying to stop You from your Right To Download, or something akin, implying that these "researchers" have hidden agendas and are enemies of open source, Linux, Ruby, Apache and probably of world peace. That's of course complete and utter nonsense, so the last sentence should have been cut out by the editor. Why didn't that happen? And what's the link to www.absolutegadget.com doing there? Who gains by putting this link on the /. front page?
You'd think that people here would know better than to ask such silly things by now, wouldn't you? Does it really take that much thinking to realize that you can't give someone access to data and not give them access at the same time?
Even if you had some special quantum device to allow people to watch something once, only to have its quantum state collapse (or whatever), you could still record the output. With a camcorder, if it came to that.
"Trying to make bits uncopyable is like trying to make water not wet." - Bruce Schneier, cryptography expert
Elsewhere in the comments people have correctly pointed out that it isn't encryption at all and that it is fundamentally incompatible with any router, switch, bridge or even repeater.
There's also the limit of 5.5 kbps, though that might be improved.
The issue that should have killed this idea ten years ago when Shamir pointed it out is that an attacker who has spliced the fiber can read the polarizer without ever looking at a single one of the transmitted photons.
Send the $#$@! key material by bonded courier in a tamper-evident package if it's that important. If for some reason that's not enough then split (e.g. Blakely-Shamir) the key material into shares, send each separately, and recombine when needed.
Yeah, cos that's a great use of the tag system. Can't wait for the moment a few months hence where I need to find all articles where the headline wasn't proof-read. Just like I want to look up all the stories where someone made a mistake (search 'doh'), find all the Steve Balmer articles (search 'chairthrowing') or all the stories about problems for trad Slashdot villains (search: 'haha')
The tag system is broken, but there's nothing wrong with the implementation. People can't tag correctly. Look below, all real tags.