First Secure Quantum Crypto Network Up and Running

John Lam was one of many readers to send in news that on Thursday, "at a conference in Vienna, Austria, as reported by the BBC, a European Community science working group built a quantum backbone using 200-km of standard commercial optical fiber running among seven sites and successfully demonstrated the first secure quantum cryptographic key distribution network. In addition, each of the seven links used a different kind of quantum encryption, demonstrating interoperability between the technologies. To paraphrase, the project focused on the trusted repeater paradigm and developed an architecture allowing seamless integration of heterogeneous quantum-key distribution-link devices in a unified framework. Network node-modules managing all classical communication tasks provide the underlying quantum devices with authentic classical channels. The node-module architecture uses a layered model to provision network-wide, end-to-end, provably secure key distribution."

Re:Teleportation?

[argent]

http://en.wikipedia.org/wiki/Quantum_teleportation

If I recall correctly, not the first

[fwice]

Under DARPA sponsorship, and together with our academic colleagues Harvard University and Boston University, BBN Technologies has recently built and begun to operate the world's first Quantum Key Distribution (QKD) network. The DARPA Quantum Network employs 24x7 quantum cryptography to provide unprecedented levels of security for standard Internet traffic flows such as web-browsing, e-commerce, and streaming video.

The DARPA Quantum Network became fully operational on October 23, 2003 in BBN's laboratories, and has run continuously since.

source: http://bbn.com/technology/information_security/quantum_cryptography

Re:If I recall correctly, not the first

[Yvanhoe]

And the first attacks are there as well...

Re:Secure Key exchange.

[locofungus]

Hmmm, not sure I agree with that assessment.

if you had a *perfect* 256bit symmetric key encryption, if you counted just bit flips and no other inefficiency of the system, on average it would take more energy to break the key than there is usable energy in the known universe

A perfect computer can have no entropy change provided it never forgets anything.

Storing all 2^256 keys would require 2^264 bits. There are estimated to be roughly 10^80 particles in the universe ~ 2^265. It's not immediately obvious to me that the problem is theoretically intractable in the known universe.

A perfect 256bit symmetric cypher key falls to an oracle for messages >> 256 bits. Quantum key exchange together with OTP is safe against an oracle (in that you can never show the oracle to be correct)

Tim.

Re:Secure Key exchange.

[meringuoid]

But they were talking about quantum key exchange. Assuming that they're then using a standard symmetric key to encrypt the link it's still theoretically breakable, just the key exchange that isn't.

Let the key be at least as long as the message itself; then you have a one-time pad, which is unbreakable.

"no cloning" theorem dictates how repeaters work

[Cordath]

Quantum key distribution (QKD) relies on the fact that a single measurement can only reveal partial information about its state. i.e. The same fundamental physical property that makes QKD work also makes it impossible to "read" a photon at a trusted repeater station and then resend an identical copy. This would violate the "no cloning" theorem. Instead, the trusted repeater would have to exchange a key with both the sender and receiver. This obviously requires trust and slows things down, but it's not unreasonable in a European bank network where many banks that both trust each other are physically located within a short distance of each other. (Current QKD is limited to links of distances of about 150 km due to loss in fiber, and the secret key bitrates at these distances are not good.)

End point to end point QKD is possible with what are called quantum repeaters. In this scheme, the repeater station creates single photon pairs and sends them to the adjacent links in the chain. At each link, bell state measurements are performed that create a daisy-chain of entanglement swapping until, ultimately, the sender and receiver at the two ends of the chain are left with an entangled pair that they can use to create a key. In this scheme, the repeaters actually gain no information about the entangled pair that the sender and receiver wind up with, and the sender and receiver are able to detect tampering just as they can with other forms of QKD. The result is a repeater network over which secure communication is possible even if the repeaters are untrusted. The worst case scenario, theoretically, is that the eavesdropper just cuts the line so that communication isn't possible.

This technology works experimentally, but will not be practical until quantum memory (i.e. light storage) becomes practical. The problem is that, without memory, each link in the entanglement chain has to receive photons at the same instant in time. With loss happening randomly in all the links, the probability of this happening is no greater than the probability of a photon traveling directly from the sender to the receiver. Ergo, you gain nothing.

Quantum memory is a hot field of research and several experimental groups have shown promising results using a variety of approaches. In short, QKD will not be limited to trusted relay networks for long.