Slashdot Mirror
Researchers Simplify Quantum Cryptography
Stony Stevenson writes "Quantum cryptography, the most secure method of transmitting data, has taken a step closer to mainstream viability with a technique that simplifies the distribution of keys. Researchers at NIST claim that the new 'quantum key distribution' method minimizes the required number of detectors, the most costly components in quantum crypto. Four single-photon detectors are usually required (these cost $20K to $50K each) to send and decode cryptography keys. In the new method, the researchers designed an optical component that reduces the required number of detectors to two. (The article mentions that in later refinements to the published work, they have reduced the requirement to one detector.) The researchers concede that their minimum-detector arrangement cuts transmission rates but point out that the system still works at broadband speeds."
Either this post is first or it isn't. I won't know until I press submit.
Women are like electronics: you don't know how damaged they are until you try to turn them on.
It is impossible to crack because there is no way to decode it without the right key. Algorithms like RSA or DES can be brute forced with enough horse power, for instance, when the quantum computer is invented it could make short work of them. Quantum cryptology will be the only defense.
The big deal is that the cracking time for non-quantum algorithms reduces to O(n) for length n keys. OTOH, for quantum encryption, the cracking time minimum threshold is O(n^n) for length n keys. Hyperbolically, the linear analog is also true in that with quantum decryption, it is possible to crack non-quantum algorithms in O(n) time (again for length n keys), but quantum algorithms require O(n^n) to decrypt. Note that without the correct key, the quantum algorithm requires O(n^n) regardless of whether the cracker is employing spherical numerical analysis techniques or advanced quantum distribution array matrices.
The fact of the matter is that quantum encryption provides much greater security than standard algorithmic encryption.
I think you've misunderstood something. "Quantum encryption" is something of a misnomer. It's actually a physical process that can be used by Alice and Bob to establish a commonly shared secret that is random (and unknown to even Alice and Bob before the process starts). This secret is then typically used as a one-time pad.
________
Entranced by anime since late summer 2001 and loving it ^_^
Every time I hear about Alice and Bob, I now think of this
The sexy part is that if there is a third party who tries to eavesdrop, the attempt will both fail and can be detected by the two communicating parties, and that the security of quantum cryptography has nothing to do with the lack of ability to factor large numbers, but is instead based on physical principles (quantum mechanics). Of course, the sensitivity to eavesdropping means that the system is probably vulnerable to a denial of service attack, depending on how the two communicating parties relate to eavesdropping.
Otherwise, you are perfectly correct. Many cryptographers, including Bruce Schneier, believe that quantum cryptography is a solution to the wrong problem. Nowadays, most probably, the least secure part of your communication system isn't in your key distribution scheme, but is somewhere else --- like in social engineering, or the computer systems which deal with the decrypted cleartext.
It's a summertime Northern Hemisphere and a wintertime Southern Hemisphere. Slice the world the other way and its daytime in one hemisphere and nighttime in the other. And its always dark down here in my parents' basement.
You also failed to mention that it is impossible to eavesdrop on the communication of the keys. This is probably the most important part because it can make one time pad encryption useful on computer networks. Without quantum cryptography, your one time pad is only as safe as how you send it (RSA encryption, chaos encryption, snail mail). Additionally, quantum cryptography can't be reverse engineered to find the algorithm for your one time pad.
This is all nice, but it is going to be tricky to implement it in the future. How do you send a photon from one computer to another a long distance away without using repeaters or branches? It will be a little tricky. Would this require a fiber optic connection between every computer that wants to communicate with quantum encryption? Or can you adjust the medium so that photons are transmitted and branched undisturbed?
There is only one cryptography scheme with proven secrecy, and that is the one time pad. Even if you assume no errors occur in its implementation, no physicist can guarantee there will never be discovered a way to eavesdrop on transmissions that use Quantum Cryptography. In contrast with the one time pad a Mathematician can more or less prove, at least to the extent you can prove anything at all, that eavesdropping is only possible if the implementation is flawed.
In practice none of this is relevant since the hassles associated with correctly implementing either QC or a OTP are sufficiently large that for most applications they are both inferior to public key cryptography and symmetric ciphers. There are some exceptions, but the only way you could possibly justify describing quantum cryptography as "the most secure way to transmit data" would be by ignoring so many aspects of information security that it will have no relevance to practical applications.
The reason Eve can't just generate a new pad is because there are two methods of generating a photon and two methods of measuring a photon. Each method of generating a photon has a matched way of measuring it. If you use the matched measurement method you correctly get the bit Alice sent. If you use the incorrect method you get a random 0 or 1 no matter what bit Alice sent. Eve (and Bob too) has no way of telling which method Alice used. In quantum key distribution, after sending the photons, Alice would contact Bob over a different channel. They would tell which method they used, and if they used matching methods keep that bit. If they used different methods they would throw out the bit. If Eve regenerated the bits, she could not have used the same methods as Alice since she doesnt know which methods were used. So Alice and Bob's keys won't match up which will result in any information passed between them to be undecodable and they will know someone eavesdropped.
Quantum Key Distribution is, in its most naive form, still vulnerable to man in the middle attacks. It makes it a little more difficult because you must be able to intercept information on two different channels (the quantum channel and the classical electronic channel), but it is still doable. (There are, however, cryptographic methods of detecting man in the middle attacks, but thats a subject for another time).
The laws of probability forbid it!
I'm all for R&D into pure science, and I'm not bagging the concept of quantum cryptography, but why does this need to be a commercial product?
Is there really anyone out there paranoid enough to need/want this besides various three-letter agencies? Maybe this is proveably secure, we think, but what is more likely - Someone finds a loophole in the very weird world of quantum mechanics that makes quantum cryptography as we know it obsolite, or someone figures out a way to find prime factors of obsenely large numbers in a reasonable time.
This article is about how it may be possible have a quantum crypto setup with a bandwidth of maybe 1024kbps by spending only $20k-$50k on one component to the system. I bet there is a lot of other components.
Compare this with a basic commodity PC, which can could encrypt 1024kbps using AES with ridiculous ease.
You are comparing apples with oranges. The bit your mathematician can "prove" is only part of the problem quantum encryption aims to solve. Ie quantum encryption also includes key exchange (and in fact typically uses a one time pad for the data transfer).
You can't simply ignore the key exchange problems on the mathematicians side.
Perhaps the laws of physics that are supposed to protect quantum encryption will turn out to be false but based on our current understanding there is no better way to do it.
How is your mathemetician going to distribute his one time pad?
Boffoonery - downloadable Comedy Benefit for Bletchley Park
Plus with quantum encryption you can utilize lunar wainshafts to feed the unilatral phase dectractors and Karnot-Graham meters.
...
The laws of probability forbid it!
I was with you up until about there. It occurs to me that there are any number of mathematical terms that could be combined at random to induce the same effect in me, and I wonder if this is true of all the people who modded you up.
I think i'm just gonna take your word for it.
DRM: Terminator crops for your mind!
It's not so hard, let me explain:
spherical numerical analysis techniques: That is standard maths; If you need to compute something involving for instance a cow, you start with "Assume a spherical cow with radius R".
advanced quantum distribution array matrices: That just your normal quantum distribution array matrices but with the new icons and toolbar.
From what I understand, quantum computing will basically allow the equivalent of massively parallel computation, so you can find the key that solves the message easily. In RSA, it means that it could factor the large prime numbers that make up the public key, and mathematically generate the private key from those.
It is pitch black. You are likely to be eaten by a grue.
"Conventional" encryption algorithms can be brute forced even without the correct key - it will just take a really long time. As I understand it, the point of quantum cryptography is that it is completely impossible to break, because the transmission would be scrambled the moment someone tries to tap the connection.
Don't expect the above to be completely correct, though - I'm hardly a cryptography expert (which doesn't stop me from putting a reference in my sig).
Tomato wedge sperm darts that are Republican.
Here's something I've never understood. Alice prepares a one-time pad and sends it along using this quantum dealie. Eve intercepts it. Now supposedly this thing changes every time someone observes it, but could Eve just generate a new one based on the data she acquired? Alice created one 'from scratch', why can't Eve?
... Again, hopefully you remember from your school days that, if you send that polarized light though a second filter at an angle to the first, a proportion of the light gets through (cos^2 theta). But, QM says that you cannot predict which photons will make it through the second filter, it's entirely probabilistic.
,|-> to transmit her bit and Bob used or |V>. She can retransmit that value but, if Alice sent |+> or |-> instead then she'll have corrupted the bit. If she measures or |-> but if Alice sent |H> or |V> then she'll corrupt that bit instead. Infact, on average, regardless of which measurement she makes, she'll end up corrupting 1/2 of the values that Alice and Bob have "successfully" exchanged.
Lookup quantum cloning and the "no cloning theorem".
But basically (and this is a naive implementation that won't actually work), Alice transmits to Bob using linearly polarized photons. Now, if you remember from your school days, if you shine a light though a polarization filter and then through another filter at the same angle, all the light that gets through the first filter gets through the second filter as well.
So, let Alice transmit a horizontally polarized photon |H> if she wants to send a 1 and |V> if she wants to send a 0.
Bob uses a horizontally polarized filter = 1 (the photon gets through and he detects it, = 0. The photon gets stopped and he doesn't detect it.
So far, so good but... Eve does exactly what you suggested and measures the photon and then regenerates it - so Bob doesn't see any difference.
Now it starts getting clever
So as well as using |H>,|V> to transmit 1 and 0, Alice also uses |+>,|-> where these are 45 degree polarizations. Alice uses one or the other completely at random.
Bob, when he measures at his end also choses whether to measure the horizontal polarization = Alice and Bob use the same polarization angle so Bob detects the photon
= Alice and Bob use crossed polarization filters so Bob doesn't detect the photon
= Alice and Bob's filters are at 45 degrees so Bob may or may not detect a photon
= ditto
= ditto
= ditto
= Alice and Bob use the same polarization angle so Bob detects the photon
= Alice and Bob use crossed polarization filters so Bob doesn't detect the photon
Once Alice and Bob have done this, Bob tells Alice which measurement he's done (over a classical channel, they don't care who might eavesdrop.) If Alice and Bob have used the same basis - i.e. Alice used |H>,|V> to transmit her bit and Bob used
Now Eve can get really clever. Instead of measuring the photon, she can clone it and then measure her clone. Now it turns out that there is a limit to how good her cloning machine can be so, although it won't corrupt half of the bits that Alice and Bob transmit, it will corrupt at least 1/6.
(Actually, in the naive scheme outlined above I think Eve can do:
a|H> + b|V> => a|HH> + b|VV>, store her photon, wait for Bob to measure, eavesdrop the message from Bob to Alice and then make the same measurement on her stored photon. But this only works because the only possible values for a,b in the naive scheme are (0,1), (1,0), (1/sqrt2,1/sqrt2), (1/sqrt2, -1/sqrt2) but I'm right on the limits of my understanding of QM and entangled photons now so I could be completely wrong)
Tim.
God said, "div D = rho, div B = 0, curl E = -@B/@t, curl H = J + @D/@t," and there was light.
...quantum cryptography now requires 30% less cats and 46% fewer radioactive isotopes.
Random Thoughts From A Diseased Mind (Not For Dummies)
People are mixing up two different things here - quantum transmission, the one you can't read unnoticed, and encryption/decryption using quantum computers and algorithms.
The first one has been demonstrated, and works over limited distances.
The second is an "advanced concept", right next to fusion reactors.
I'm aging rapidly, I bought a new game and had no idea if my machine was good for it.
Not immediately, I suppose. It's interesting to note that a proper database system would discrete-ize the posting numbers to arrive at a definite first post, even though relativity makes a mockery of first posts.
Hey wait, that shouldn't be possible.
> Quantum cryptography, the most secure method of transmitting data,
Technically it would only be tied at best with a one-time pad, and, at worst, slightly less secure. I wonder if it has codes that could be cracked by social engineering, as one time pad's could, or if you must physically have the proper connection device.
But I hear it's also possible to do a quantum simulation of the entire universe using a quantum device. Hence it may be trivial to crac...hey, waitaminnit!
Maybe this whole universe is someone's attempt to quantum crack some encoded pr0n. DAMMIT!
DAMMIT! My life is just being a cog in someone's un-encoding of some pr0n! >:(
Actually, I feel my life is more valuable doing that then it turning out this universe was Yahweh's twice-patched fuckup (Noah, and Jesus) wise and perfect plan all along.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
I was just discussing entanglement swapping with my supervisor the other day, actually. Neat concept. Roughly, person A has two entangled photons, A1 and A2. Person B has similar, B1 and B2. They both send their 1 photons to C. C entangles A1 and B1 and because of this, A2 and B2 are now entangled. This can then be used to generate a bit of a key.
We were actually discussing it in the context of producing entanglement between ions (good for storage/memory) and photons (good for transmission), since in the real-world it's unlikely actual repeaters will receive photons from both parties at the same time so that the entanglement can be swapped.