Slashdot Mirror
Quantum Cryptography Broken, and Fixed
schliz writes in with research out of Sweden in which researchers showed that, looking at a quantum cryptographic system as a whole, it was possible for an eavesdropper to extract some information about the QC key, thus reducing the security of the overall system. The team then proposed a cheap and simple fix for the problem. "The advanced technology was thought to be unbreakable due to laws of quantum mechanics that state that quantum mechanical objects cannot be observed or manipulated without being disturbed. But a research team at Linköping University in Sweden claim that it is possible for an eavesdropper to [get around the limitations] without being discovered. In a research paper, published in the international engineering journal IEEE Transactions on Information Theory (abstract), the researchers propose a change in the quantum cryptography process that they expect will restore the security of the technology."
Quantum stuff is so illogical to us mortals that you'd expect attempting to break it would just make it stronger.
Engineering is the art of compromise.
Again in English please?
They were connecting the computers via cat-5 cable. Everyone knows you're supposed to use Schrödinger's cat-5 cable in that sort of application.
Kwisatz Haderach
Sell the spice to CHOAM
This Mahdi took Shaddam's Throne
If data is stored, with the intent and purpose of actually being retrievable at some time in the future, and a mechanism exists to access said data, then it is not absolutely secure because it has been designed to be retrieved.
As long as there is even one access method there exists the opportunity to expoloit it somehow.
It was actually broken AND fixed at the SAME TIME!
50% more secure then then Titanic and Space Shuttle combined!
"I guess I'm gonna fade into Bolivian."
Change Bob's name to Robert?
The whole thing strikes me as a theory in a vacuum, I don't believe that ANY quantum object is invulnerable to observation. At it's core, this is a theory on paper that has no real-world solution. It's like the perfect gas. It simply doesn't exist. And any "fix" will invariably need fixing again. When did common-sense stop making sense in science?
What's up with this box everyone has to think inside of or outside of? Why does there have to be a box?
It is dangerous to be right when the government is wrong.
It's quantum right? So there's really just a probability of it being broken or fixed at any given point in time...
Wait, so it was both broken AND not broken? Don't open the box! Just leave it as it is and we can have a half-cryptographic solution forever.
[
The title of their paper is "Security Aspects of the Authentication Used in Quantum Cryptography." That would make an awesome title for a book that aimed to cover every single security aspect of the authentication used in QC, but not a paper that simply points out that (duh!) you shouldn't allow the eavesdropper to see the key.
python -c "x='python -c %sx=%s; print x%%(chr(34),repr(x),chr(34))%s'; print x%(chr(34),repr(x),chr(34))"
"If you break it, fix it."
Just like the last time, the laws of quantum physics still work and it is still impossible to observe a quantum system without altering it. The researchers found that the classical authentication protocols that prevent man-in-the-middle attacks were insufficient.
This bit from the article sounds like they just added an initialization vector (see wikipedia for definition):
"The researchers propose an additional, non-quantum exchange of a small amount of random bits that are separate from the quantum key."
... So, this quantum break-fix happening in this way, is what, a one-in-a-gwee-zillion event? Does that make it statistically a ... Quantum Singularity?
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
There was an interesting book on cryptography which I loaned to a friend, that surmised that the law of cryptography which state that every code can be broken is now defunct due to quantum cryptography.
This in effect means that the science of cryptography has met its end in terms of development.
Like the game of checkers, there are no more moves to make.
At the time of publication (2002?), the longest distance an encrypted quantum message sent and received was approximately 50kms and considered to be impossible to break.
Don't be apathetic. Procrastinate!
What's really going to bake your noodle later on is, would you still have broken it if I hadn't said anything?
---- Please be nice in case my Slashdot karma ~= my real life karma.
As I don't know what I'm supposed to know about quantum cryptography, where can I find Alice and Bob to explain it to me? I feel sorry for them though. I'm always bugging them for an explanation and they always oblige. I'm really pissed off though. Every time, I want a different opinion, there they are in every book - Alice .... and .... Bob. Why must *they* always explain to me the most difficult concept in computing. If they aren't doing their jobs, as is obvious with QC, we need some new instructors. If I were either of them, I'd quit my day job. Since nobody understands QC, and anyone that does can't simplify it for the rest of us, they're setting themselves up for massive overtime or heart attack.
But how do you transmit that pad between parties?
That is exactly the point of quantum cryptography. The cryptographic key is the one time pad, negotiated between two parties, using superposition (and in some cases entanglement) in order to come to agreement on the pad and at the same time detect evesdroppers.
No, not really. QC only works over dedicated, point-to-point fibre optic lines.
Do you understand that one crucial aspect? If I want to talk to you completely securely, with quantum handshake, and able to detect eavesdroppers, I would need one uninterrupted strand of fibre from Germany to wherever you are. Screw 50kms, we're talking potentially tens of thousands of kilometres.
Or a chain of routers along the way that we both trust blindly to not be compromised, because each breaks that quantum handshake, and each is a point where someone could eavesdrop. You can't tunnel QC over such a hop, so it's a bit like having SSL only from your computer to your ISP, then have it decrypted there and re-encrypted to the next hop, and so on.
It's also pretty much against the whole idea of a network like the Internet. Since again, it needs dedicated uninterrupted point-to-point connections, not a loose mesh of routing machines. (You _could_ transmit the rest over the internet once you negotiated a key over QC, but: 1. you still need a dedicated connection for that handshake, and 2. you still need normal cryptography for the actual transmission then.)
For two John Does like us it's already pretty infeasible to go QC all the way.
Even for someone like the US Army:
1. Good luck having an all-QC connection from Washington to Baghdad. Even in 50 km segments, you need a lot of basically routers every 50 km on the ocean floor, each of them being a potential eavesdropping point. So if you ditch normal cryptography, you'd need to do... what? Park a couple of submarines near each of them to make damn sure the Russkies and Chinese don't tamper with them? Have permanent manned bases on the ocean floor every 50 km, with a company of soldiers watching each router, and watching each other so none of them can be a double agent and tamper with it?
2. And what do you do if someone drops a depth charge on one of those? You sure you don't want some regular crypto as backup?
3. That still doesn't help your communication to your airplanes, tanks, cruise missiles, etc, there. You can't tie a cable from each of them to Washington.
Etc.
So basically... well, let me put it mildly: I don't know what book you've read, or by what author, but I'd bet it wasn't written by someone who knows much about cryptography. It sounds more like the kind of predictions made by self-styled "pundits" like Cringely or Dvorak. Or, of course, any other of the many like them.
A polar bear is a cartesian bear after a coordinate transform.
But how do you know who your negotiating with for your snazzy new encryption key is really someone you want to be talking to? The answer is standard (non quantum) algorithms to verify trust which are still succeptable to standard attacks. The one-time-pad properties of the magical quantum channel mearly make it harder to carry out such attacks.
Again, I think I have a quantum girlfriend.
In a sense.
A number of Polarised photons are sent.
The person receiving uses one of 2 filters/readers .
Use the right filter and you get the correct bit.
Use the wrong filter and half of the time you get the correct bit and the other time you get the wrong one. This means if you incept the key you can not send the same set of photons on.
Discard the ones that you used the wrong filter on and then compare your key with the other person. (over an un-encrypted line). If there are too many errors then it has been incepted and the key is discarded.
Then using the key you can XOR binary data in a un-decodable stream which can be sent over an un-encrypted line
My Transformation Website
Kindle Books http://www.catprog.org/rev
Interactive CYOA http://www.catprog.org/st
This article in IEEE Spectrum contains more details and comments from Bruce Schneier and others.
Simple answer.
a one-time-pad is unbreakable but needs keys to be distrubted.
QC is used to send the keys and if it is incepted it can be detected and the key discarded.
My Transformation Website
Kindle Books http://www.catprog.org/rev
Interactive CYOA http://www.catprog.org/st
Yes, but I get the feeling QC will always be easy to disrupt. Yeah, the end users are gonna know about it, but if they're relying on it, then it could be a problem.
I gues I'm saying there may be future non-crack based (D)DOS attacks on this!
See http://www.mai.liu.se/~jalar/qkg/faq.html?lang=en
Here's the future in a nutshell. 1- Quantum cryptography becomes the norm. 2- Someone figures out a clever way to eavesdrop on it. 3- Since that person has also effectively violated the laws of physics, they go on to invent the transporter or starship or some other far-cooler thing, even though their original intention was to be a jerk or thief. 4- History only remembers them as the inventor of the cool thing. Universities are named after the person.
I disagree. Best example is an atom from a radioactive isotope. Say, one atom of radioiodine. Radioiodine decays by beta emission with a halflife of 8 days, so if you have a single atom then there is a 50% chance it will have decayed after 8 days.
Now the crucial point is that to the best of our knowledge, this is a truly random event, meaning there is no measurement calculation or theory you could use to predict if it will decay within 8 days or not, not even in principle.
It's unlike a pair of dice where the outcome is in principle predictable by analyzing the forces momentum and impacts the dice undergo. If quantum mechanics is a good theory ( and to date it has not disagreed with a single empirical experiment ) then the decay of radioactive atoms is absolutely random, and it is not merely technologically difficult to predict when a given atom will decay, it is physically impossible.
Some people don't believe this. Some people like to cling to the idea that we just don't know enough about sub-atomic physics and that some day quantum mechanics will be proven inaccurate in this respect. While it is technically impossible for a physical theory to give an absolute proof, every single empirical experiment today agrees with the assumption that radioactive decay is truly random.
There are even experiment's whose results and outcomes are expected to differ depending on if the randomness is truly random or pseudo-random in nature. The exact design of such an experiment is rather complicated, but such experiments exist, and these experiments appear to confirm that certain physical phenomena are indeed truly random.
Now, I don't think what I just wrote is hard to understand. Depending on your personality it may be hard to believe or accept, but understanding what I just said is not tricky. There is no infallible proof to determine that what I just said is correct, but every physical experiment performed to date agrees quite well with it, and perhaps more crucially: Some physical experiments would be very difficult to explain if this was NOT correct. Now the reasons for that last claim are a little* hard to understand, but what the claim actually says is not something which can't be explained with relative ease
*here "a little" is the underestimate of the month.
You are (mostly) correct. However, your example is of one relatively simple aspect of quantum mechanics. You haven't even touched on the real meat of quantum mechanics: Superposition, entanglement, action at a distance, wave-particle duality, many worlds interpretation... all that "spooky" junk. I'd like to see an intuitive, understandable explanation of that. Honestly, I would.