Slashdot Mirror

← Back to Stories (view on slashdot.org)

Quantum Cryptography Broken, and Fixed

Posted by kdawson on from the knowing-the-unknowable dept.

schliz writes in with research out of Sweden in which researchers showed that, looking at a quantum cryptographic system as a whole, it was possible for an eavesdropper to extract some information about the QC key, thus reducing the security of the overall system. The team then proposed a cheap and simple fix for the problem. "The advanced technology was thought to be unbreakable due to laws of quantum mechanics that state that quantum mechanical objects cannot be observed or manipulated without being disturbed. But a research team at Linköping University in Sweden claim that it is possible for an eavesdropper to [get around the limitations] without being discovered. In a research paper, published in the international engineering journal IEEE Transactions on Information Theory (abstract), the researchers propose a change in the quantum cryptography process that they expect will restore the security of the technology."

25 of 118 comments (clear)

  1. So is the cat dead? by EmbeddedJanitor · · Score: 5, Funny

    Quantum stuff is so illogical to us mortals that you'd expect attempting to break it would just make it stronger.

    --
    Engineering is the art of compromise.
    1. Re:So is the cat dead? by Tackhead · · Score: 5, Funny
      > Quantum stuff is so illogical to us mortals that you'd expect attempting to break it would just make it stronger.

      Which is precisely what happened.

      In a research paper, published in the international engineering journal IEEE Transactions on Information Theory (abstract), the researchers propose a change in the quantum cryptography process that they expect will restore the security of the technology.

      By being sufficiently precise about the nature of the insecurity, they changed the probability of its being insecure!

      Furthermore, now that we know it's secure again (that is, we've proven it to be secure, effectively computing the probability of insecurity to be precisely zero), we no longer know anything about the nature of the system's security holes again!

      That was all supposed to be a lead-up to a Heisenberg Uncertainty Principle joke, but it's actually a pretty good description of how computer security works in even the non-quantum world. The more secure you think your system is, the more likely it is you'll get 0wn3d in some completely unexpected way. The known unknowns aren't the ones you've gotta worry about, and nailing them down doesn't do anything about the unknown unknowns, other than to collapse the joke's waveform into something resembling a Don Rumsfeld speech.

      In anything other than a Slashdot quantum crypto discussion, that sort of whiplash-inducing change of joke subjects would be highly improbable. As it stands, I'm going to shift gears a third time and hand it off to Douglas Adams.

      Zaphod: Tackhead, is this sort of thing going to happen every time you post using the Infinite Improbability joke drive?
      Tackhead: Very probably, I'm afraid.

    2. Re:So is the cat dead? by NotQuiteReal · · Score: 4, Funny
      You can increase the complexity by using a tri-state cat.

      It can be either alive or dead or both alive and dead.

      We call these three states alive, dead and zombie.

      There, I hope that sheds some photons on the matter.

      --
      This issue is a bit more complicated than you think.
    3. Re:So is the cat dead? by tzanger · · Score: 5, Funny

      I thought a tri-state cat would be alive, dead and high-impedance.

    4. Re:So is the cat dead? by bh_doc · · Score: 5, Funny

      *sigh* Dude, the whole point of the bi-state cat is that both alive and dead is exactly the state the cat ends up in. It's a superposition until you measure it. That's why it's so bizarre. Schrodinger's cat is a zombie.

    5. Re:So is the cat dead? by Thanshin · · Score: 3, Funny

      The tri-state cat should be alive, dead or dog.

  2. I know the solution by jollyreaper · · Score: 5, Funny

    They were connecting the computers via cat-5 cable. Everyone knows you're supposed to use Schrödinger's cat-5 cable in that sort of application.

    --
    Kwisatz Haderach
    Sell the spice to CHOAM
    This Mahdi took Shaddam's Throne
  3. There is no such thing as absolute security by Anonymous Coward · · Score: 4, Insightful

    If data is stored, with the intent and purpose of actually being retrievable at some time in the future, and a mechanism exists to access said data, then it is not absolutely secure because it has been designed to be retrieved.
    As long as there is even one access method there exists the opportunity to expoloit it somehow.

    1. Re:There is no such thing as absolute security by Anne_Nonymous · · Score: 3, Funny

      If you love your data, let it go. If it returns to you, it's yours.

  4. That wacky quantum cryptography by Anonymous Coward · · Score: 5, Funny

    It was actually broken AND fixed at the SAME TIME!

    1. Re:That wacky quantum cryptography by mrbluze · · Score: 5, Funny

      It was actually broken AND fixed at the SAME TIME! Kind of like a Windows Update.
      --
      Do it yourself, because no one else will do it yourself. [beta blockade 10-17 Feb]
  5. Re:Wah? by mrbluze · · Score: 5, Interesting

    The advanced technology was thought to be unbreakable due to laws of quantum mechanics that state that quantum mechanical objects cannot be observed or manipulated without being disturbed.

    Well the worst thing about an encrypted stream is that you trust it, not really knowing if someone is listening half way down the line. If you get a hint that it's being listened to, you can start sending garbage (or misinformation) down the line so as to confuse the hell out of the eavesdropper, whilst taking up alternative methods of communication or something.

    This makes me wonder if cryptography needs to become cleverer. I mean, depending on the type of data you're sending, might there be a role in padding encrypted streams with 'honeypot' data, like random bits of vaguely interesting crap that the expected listener might want to be interested in. Sort of a live equivalent of Truecrypt's plausible deniability.

    What do people think about that?

    --
    Do it yourself, because no one else will do it yourself. [beta blockade 10-17 Feb]
  6. Re:One time pad by dotancohen · · Score: 3, Funny

    Just use a one time pad. That way she won't know where to find you when he wants his daddy?
    --
    It is dangerous to be right when the government is wrong.
  7. Article is a dupe... by The+Master+Control+P · · Score: 5, Informative

    Just like the last time, the laws of quantum physics still work and it is still impossible to observe a quantum system without altering it. The researchers found that the classical authentication protocols that prevent man-in-the-middle attacks were insufficient.

  8. Initialization vector by andrewsb · · Score: 3, Informative

    This bit from the article sounds like they just added an initialization vector (see wikipedia for definition):

    "The researchers propose an additional, non-quantum exchange of a small amount of random bits that are separate from the quantum key."

  9. Re:Wah? by MadnessASAP · · Score: 3, Interesting

    It doesn't matter. The moment he tries to read the stream to see whether the data is garbage or not he has changed the quantum properties and the receiver will know someone is listening. It is theoretically impossible to discern anything about the stream without being detected.

    --
    I may agree with what you say, but I will defend to the death your right to face the consequences of saying it.
  10. The End of The Science of Cryptography by Whiteox · · Score: 4, Informative

    There was an interesting book on cryptography which I loaned to a friend, that surmised that the law of cryptography which state that every code can be broken is now defunct due to quantum cryptography.
    This in effect means that the science of cryptography has met its end in terms of development.
    Like the game of checkers, there are no more moves to make.
    At the time of publication (2002?), the longest distance an encrypted quantum message sent and received was approximately 50kms and considered to be impossible to break.

    --
    Don't be apathetic. Procrastinate!
  11. Alice and Bob are sick today. We need some answers by failedlogic · · Score: 3, Funny

    As I don't know what I'm supposed to know about quantum cryptography, where can I find Alice and Bob to explain it to me? I feel sorry for them though. I'm always bugging them for an explanation and they always oblige. I'm really pissed off though. Every time, I want a different opinion, there they are in every book - Alice .... and .... Bob. Why must *they* always explain to me the most difficult concept in computing. If they aren't doing their jobs, as is obvious with QC, we need some new instructors. If I were either of them, I'd quit my day job. Since nobody understands QC, and anyone that does can't simplify it for the rest of us, they're setting themselves up for massive overtime or heart attack.

  12. Re:One time pad by bh_doc · · Score: 3, Informative

    But how do you transmit that pad between parties?

    That is exactly the point of quantum cryptography. The cryptographic key is the one time pad, negotiated between two parties, using superposition (and in some cases entanglement) in order to come to agreement on the pad and at the same time detect evesdroppers.

  13. Re:Alice and Bob are sick today. We need some answ by bh_doc · · Score: 3, Interesting

    [N]obody understands QC, and anyone that does can't simplify it for the rest of us
    You've just summed up the entirety of quantum physics. Really, it's impossible to simplify it enough for the general public to both know what it means (as in, the behaviours it predicts) and "understand" it in any intuitive way. Hell, most physicists don't understand it in that sense. It just isn't intuitive (for common definitions of the word). So some of the time (probably more than we'd like to admit) we just plug in the math. And it works.
  14. No, not really by Moraelin · · Score: 4, Insightful

    No, not really. QC only works over dedicated, point-to-point fibre optic lines.

    Do you understand that one crucial aspect? If I want to talk to you completely securely, with quantum handshake, and able to detect eavesdroppers, I would need one uninterrupted strand of fibre from Germany to wherever you are. Screw 50kms, we're talking potentially tens of thousands of kilometres.

    Or a chain of routers along the way that we both trust blindly to not be compromised, because each breaks that quantum handshake, and each is a point where someone could eavesdrop. You can't tunnel QC over such a hop, so it's a bit like having SSL only from your computer to your ISP, then have it decrypted there and re-encrypted to the next hop, and so on.

    It's also pretty much against the whole idea of a network like the Internet. Since again, it needs dedicated uninterrupted point-to-point connections, not a loose mesh of routing machines. (You _could_ transmit the rest over the internet once you negotiated a key over QC, but: 1. you still need a dedicated connection for that handshake, and 2. you still need normal cryptography for the actual transmission then.)

    For two John Does like us it's already pretty infeasible to go QC all the way.

    Even for someone like the US Army:

    1. Good luck having an all-QC connection from Washington to Baghdad. Even in 50 km segments, you need a lot of basically routers every 50 km on the ocean floor, each of them being a potential eavesdropping point. So if you ditch normal cryptography, you'd need to do... what? Park a couple of submarines near each of them to make damn sure the Russkies and Chinese don't tamper with them? Have permanent manned bases on the ocean floor every 50 km, with a company of soldiers watching each router, and watching each other so none of them can be a double agent and tamper with it?

    2. And what do you do if someone drops a depth charge on one of those? You sure you don't want some regular crypto as backup?

    3. That still doesn't help your communication to your airplanes, tanks, cruise missiles, etc, there. You can't tie a cable from each of them to Washington.

    Etc.

    So basically... well, let me put it mildly: I don't know what book you've read, or by what author, but I'd bet it wasn't written by someone who knows much about cryptography. It sounds more like the kind of predictions made by self-styled "pundits" like Cringely or Dvorak. Or, of course, any other of the many like them.

    --
    A polar bear is a cartesian bear after a coordinate transform.
  15. Re:Wah? by something_wicked_thi · · Score: 3, Informative

    1. Alice sends the key to Bob, in the open, unencrypted, but using a random base-4 encoding. There are two states for a 1 bit and two states for a 0 bit.

    2. Bob reads the key, but, due to the random encoding, he can read only half of it (you can read only if the receiver is in the same state as the sender), so Bob sees some random subset of the bits. This random subset is the key. Alice does not know which subset this is.

    3. Bob transmits the configuration he used to read the stream back to Alice. Alice compares the configuration to her own configuration for sending data and derives which bits Bob saw. They now both know the key.

    It is impossible to read the bits without changing them, in which case Bob will see something different from what was sent, so the keys won't match.

    It is also impossible to derive the key from the configuration that is sent back by Bob because it only specifies how the bits were read, not what the bits were.

    This is, of course, vulnerable to a man-in-the-middle attack, however.

  16. Re:Wah? by catprog · · Score: 4, Informative

    The thing is you can only accurately read about 50% of the photons.

    When Eve reads the message changes to 50% correct, 50% incorrect.

    When Bob gets the photons his 50% will consist of 25% correct and 25% incorrect ones. (assuming true randomness)

    When Alice and Bob compare there keys they will see the discrepancy.

    Then the 1 and 0 are XORs with the message and then the result is sent.

    http://en.wikipedia.org/wiki/Quantum_cryptography#Polarized_photons_-_Charles_H._Bennett_and_Gilles_Brassard_.281984.29

    --
    My Transformation Website
    Kindle Books http://www.catprog.org/rev
    Interactive CYOA http://www.catprog.org/st
  17. Re:Wah? by temcat · · Score: 3, Informative

    Eve cannot read the stream because 0s and 1s are sent, shall we say, in two coordinate systems (bases) randomly chosen by Alice. The receiver, be it Bob or Eve, cannot in principle measure these basis, only guess them (randomly). If you guess right, you correctly receive 0 or 1. If you guess wrong, you receive garbage. After the transmission Alice and Bob tell each other (over a classical channel) the bases they chose for each bit, and they discard the bits for which they chose different bases. Then they check (and discard) some subset of bits for discrepancies. If Eve was measuring the stream during the transmission, she would inevitably introduce errors by wrongly guessing some bases. Therefore, if error rate is higher than a certain threshold, Alice and Bob conclude that their communication was eavesdropped and discard the transmission altogether.

    Then there's the separate question of Eve messing with the classical communication between Alice and Bob, but AFAIK it has also been successfully dealt with.

  18. Broken QC FAQ by jalar · · Score: 3, Informative

    See http://www.mai.liu.se/~jalar/qkg/faq.html?lang=en