Slashdot Mirror

← Back to Stories (view on slashdot.org)

Quantum Cryptography Broken, and Fixed

Posted by kdawson on from the knowing-the-unknowable dept.

schliz writes in with research out of Sweden in which researchers showed that, looking at a quantum cryptographic system as a whole, it was possible for an eavesdropper to extract some information about the QC key, thus reducing the security of the overall system. The team then proposed a cheap and simple fix for the problem. "The advanced technology was thought to be unbreakable due to laws of quantum mechanics that state that quantum mechanical objects cannot be observed or manipulated without being disturbed. But a research team at Linköping University in Sweden claim that it is possible for an eavesdropper to [get around the limitations] without being discovered. In a research paper, published in the international engineering journal IEEE Transactions on Information Theory (abstract), the researchers propose a change in the quantum cryptography process that they expect will restore the security of the technology."

6 of 118 comments (clear)

  1. Re:Wah? by mrbluze · · Score: 5, Interesting

    The advanced technology was thought to be unbreakable due to laws of quantum mechanics that state that quantum mechanical objects cannot be observed or manipulated without being disturbed.

    Well the worst thing about an encrypted stream is that you trust it, not really knowing if someone is listening half way down the line. If you get a hint that it's being listened to, you can start sending garbage (or misinformation) down the line so as to confuse the hell out of the eavesdropper, whilst taking up alternative methods of communication or something.

    This makes me wonder if cryptography needs to become cleverer. I mean, depending on the type of data you're sending, might there be a role in padding encrypted streams with 'honeypot' data, like random bits of vaguely interesting crap that the expected listener might want to be interested in. Sort of a live equivalent of Truecrypt's plausible deniability.

    What do people think about that?

    --
    Do it yourself, because no one else will do it yourself. [beta blockade 10-17 Feb]
  2. Fundamental Flaw in Quantum[Anything] by thinktech · · Score: 1, Interesting

    The whole thing strikes me as a theory in a vacuum, I don't believe that ANY quantum object is invulnerable to observation. At it's core, this is a theory on paper that has no real-world solution. It's like the perfect gas. It simply doesn't exist. And any "fix" will invariably need fixing again. When did common-sense stop making sense in science?

    --
    What's up with this box everyone has to think inside of or outside of? Why does there have to be a box?
  3. Re:There is no such thing as absolute security by Slashdot+Suxxors · · Score: 2, Interesting

    So how do you retrieve something that's not retrievable?

  4. Re:Wah? by MadnessASAP · · Score: 3, Interesting

    It doesn't matter. The moment he tries to read the stream to see whether the data is garbage or not he has changed the quantum properties and the receiver will know someone is listening. It is theoretically impossible to discern anything about the stream without being detected.

    --
    I may agree with what you say, but I will defend to the death your right to face the consequences of saying it.
  5. Re:Alice and Bob are sick today. We need some answ by bh_doc · · Score: 3, Interesting

    [N]obody understands QC, and anyone that does can't simplify it for the rest of us
    You've just summed up the entirety of quantum physics. Really, it's impossible to simplify it enough for the general public to both know what it means (as in, the behaviours it predicts) and "understand" it in any intuitive way. Hell, most physicists don't understand it in that sense. It just isn't intuitive (for common definitions of the word). So some of the time (probably more than we'd like to admit) we just plug in the math. And it works.
  6. Re:No, not really by taylor · · Score: 2, Interesting

    Actually, quantum cryptography can work with non-secured intermediate repeater stations. In essence, rather than attempting to send the random bits directly, one attempts to build an entangled pair of quantum bits, one at each end of the repeater chain. This is trying to build a specific state, which can be verified before use. The random key is generated using the non-classical correlations of the entangled pair (for more info, one can google "Ekert quantum repeater").

    As you might expect, the protocol for this case is very different from that used in classical repeaters: one cannot measure the signal and amplify it, because doing so would negate the security you are attempting to establish. Instead, a quantum repeater focuses on the specific task of creating an entangled state at the either end, which can then be used to generate cryptographically secure random bits. Because one can verify the final state at the ends of the system before it is used, and independently of malicious users in the middle, a quantum repeater is no more susceptible to an intercept attack than a short-distance single fiber approach. Again, both are susceptible to a complete man-in-the-middle replacement / redirect.