Slashdot Mirror

← Back to Stories (view on slashdot.org)

How To Build a Quantum Eavesdropper

Posted by kdawson on from the perfection-is-not-a-requirement dept.

KentuckyFC writes "Quantum encryption is perfectly secure, in theory. In practice, however, there are loopholes. Now Japanese scientists have designed a quantum eavesdropper that exploits one of these loopholes to listen in to quantum conversations. QC's security arises from the impossibility of making a perfect copy of a quantum object without destroying it — so the sender and receiver can always tell if they've been overheard. But it turns out that an eavesdropper can make imperfect copies and use them to extract information from a quantum message without alerting sender or receiver (abstract). The Japanese design does just this. That should worry banks and government agencies that have begun to use some of the commercial quantum encryption systems now available."

11 of 67 comments (clear)

  1. Oh no. by interstellar_donkey · · Score: 4, Funny

    But Al, why haven't I leaped?

    Ziggy says there's a 98.5% chance that your security is flawed.

    --
    The Internet is generally stupid
    1. Re:Oh no. by TomRK1089 · · Score: 3, Funny

      Also, when your account info went into the test chamber, it....sorta got swiss cheesed.

  2. Ob. LOTR by HungSoLow · · Score: 5, Funny

    I've been droppin' no eaves sir.

    1. Re:Ob. LOTR by kestasjk · · Score: 3, Funny

      A little late for doing quantum physics experiments don't you think Sam?

      --
      // MD_Update(&m,buf,j);
  3. Logical disconnect by jandersen · · Score: 4, Insightful

    How can one say that it is "theoretically impossible", when somebody has made a practical counterexample? It just means that the theory wasn't good enough - or more likely, that the wrong conclusions were made from the theory.

  4. Banks using modern crypto? Hah! by StandardCell · · Score: 3, Interesting

    The banking sector is probably one of the slowest in terms of uptake of new crypto technologies. A huge number are still using 3DES or RC4 for symmetric to protect customers transactions. If you don't believe me, check out Citibank's Online Banking with "highly modern" RC4. I've seen 40-bit encryption on current express-pay keytags at a certain coffee chain which is almost trivial to crack with little cost by today's computers. In too many cases, it's the same old HSMs accelerating crypto transactions in servers as were in the last decade.

    Granted, 3DES is actually not truly that bad in terms of its 112-bit effective security compared to AES-128 (though it's not the weak point when you use 80-bit effective RSA1024). However, just because ANSI X9 has started including modern technologies like ECC and AES or other technologies like quantum crypto are promising, you can bet that the banking industry will be one of the last groups to take up more modern crypto technology. Heck, even the NSA is mandating Suite B with ECC and AES by 2010 for government security! It's one of the few government agencies to actually act faster than the private sector.

    Finally, I wonder if the original poster could show the relevant ANSI X9 aka banking security standard which calls out quantum crypto. I don't think I've seen one, and the banking industry typically lives and dies by X9.

  5. You fool! by scipiodog · · Score: 5, Funny

    By listening in with the Quantum eavesdropper, you've changed what they were actually saying!

    --
    http://clightnirish.wordpress.com/
  6. Re:Not so hard by mea37 · · Score: 3, Interesting

    If N is too high, you don't get enough information.

    If N is too low, you drive the error rate high enough that the communication is no longer regarded by the parties as secure.

    N is always either too high, too low, or both.

  7. Re:Not so hard by Anonymous Coward · · Score: 3, Insightful

    I thought quantum encryption first established a one-time pad for secure communications. It uses a protocol to ensure that any quanta not arriving or changed in any way are discarded. Only the quanta verified between Alice and Bob get used for the pad. So, a)diverting quanta during the pad-establishing time gains you nothing, and b)diverting quanta during communication gets you quanta randomly encrypted according to a pad about which you have now knowledge.

    It seems copying quanta such that no change is detectable is the only way to make this work.

  8. tough abstract by Main+Gauche · · Score: 3, Interesting

    It's a lucky thing the summary was good, because the only thing I could learn from the linked abstract is that "Francesco" is a Japanese name.

  9. No need to worry about this by QuantumV · · Score: 5, Informative
    But it turns out that an eavesdropper can make imperfect copies and use them to extract information from a quantum message without alerting sender or receiver (abstract). The Japanese design does just this.

    This is wrong. The eavesdropper gets imperfect copies and so does the receiver. If the quality of the receiver's copies are as bad as the eavesdropper's, any working quantum crypto setup will abort and not try to make a secret key out of it.

    That should worry banks and government agencies that have begun to use some of the commercial quantum encryption systems now available.

    Nobody needs to worry about these kinds of attacks, as the software in all commercial quantum crypto systems automatically checks and takes care of these kinds of attacks. What the paper shows is how to implement in practice a class of attacks that has been known for years how to do in theory.

    There are other attacks on quantum crypto systems that actually attack loopholes in the implementation, and some of these have previously been discussed on slashdot here