Slashdot Mirror
Schneier Calls Quantum Cryptography Impressive But Pointless
KindMind writes "Bruce Schneier writes in Wired that quantum cryptography, while an awesome technology, is actually pointless (that is, of no commercial value). His point is that the science of cryptography is not the weak point, but the other links in the chain (like people, etc.) are where it breaks down."
He's too old to become a player in it, and maybe not even smart enough. Time for retirement Bruce.
...but as soon as I release my algorithm which factors the products of large prime numbers in log(n) time, they will be begging for quantum crypto.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
Are now running for their jobs.
Thanks bruce.
NO SIG
meow
It is pretty hard to argue that point as long as the world of security is a mass of users who leave passwords on sticky notes under the keyboard(Ultimate Hiding Spot!), accounts whose passwords can be reset with a mother's maiden name, and banks less interested in customer security than WoW is.
My (admittedly layman's) understanding is that, barring dramatic advances in factorization algorithms, or extraordinary advances in the computers running them, classical asymmetric key cryptography is more than adequate(plus the convenient advantages of working over data links that aren't spiffy optical fiber).
It has been and still is true that adept social engineering can break any security scheme, due to the vulnerability of the people involved. However, saying that it is pointless is about as valid as saying that the exploration of outer-space is pointless.
I don't think I need to explain that any further to this crowd.
Of blankness, I know nothing.
Someone encrypt his hard drive with quantum encryption...see how pointless it is then!
Obligatory blog plug: http://www.caseybanner.ca/
sure he says that now, but wait until he's stuck in 1965 with only Al telling him what Ziggy says. How will he get back to his own time if his messages are all unencrypted?
I think I remember reading that one of the hard to compute problems that quantum computing would make short work of was breaking standard cryptography. If I in fact did read that, and if it was true, then quantum cryptography might still have points.
Encryption is easy. Authentication is hard. Quantum cryptography is a solution of the wrong problem.
That's what they said about public key cryptography in the beginning too. And it defined an entire industry. ~Sticky
Quantum cryptography may appear like serious matter on close inspection, but when you look away, it's just a wave.
Do not trust this signature.
I think that having one less cause of defect during a transmisson by completly ruling out that data could either be unknowingly viewed, intercepted or altered by a middleman is a value not to be underestimated. It is certainly not pointless.
As far as I know, Switzerland already successfully tested it during last year's elections by transfering voting data from a few selected stations to the voting headquarters. Given all the problems with voting machines, that's a quite obvious area of application. However any data might change after the votes, it was not during that transmisson.
I have always thought of quantum cryptography more as something for CIA-to-Pentagon or Swiss-bank-to-Swiss-bank kinds of communication, not something for Aunt Tillie. I think the vulnerability of the system depends on who's using it.
[Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
A lot of folks in this thread haven't read the article, and are confusing quantum key exchange (which is what Schneier is talking about) with quantum computing. This isn't about using Schor's algorithm to factor large primes in P, this is about sending keys via a channel which can, through quantum effects, validate whether or not an eavesdropper is present.
What a pussy.
Bruce has said this dozens of times before this, and he's right. Quantum Cryptography (or alternatively, Quantum Key Distribution) has no commercial application today, outside of (maybe) a few paranoid and high-security government applications. But the latter can hardly be much of a commercial application, since the existence of a large government market would send a strong signal that governments aren't confident in existing cryptographic algorithms. That would be a bad signal to send.
Furthermore, QKD networks have issues including side channel attacks, where the machinery for transmitting/receiving photons actually leaks information via EM emissions, measurable power consumption, or even sound. In fact, one of the big issues they've had in research networks is that historically the transmission machinery has been noisy as hell.
It is far from pointless.
Poor implementation of cryptography and who you trust with the keys being unreliable do not mean that making it stronger has no practical benefit.
*I* can control who I give the keys to. Just because most people/implementations do not does not mean there isn't a reason for better cryptography.
The problem is that cryptography is used for many things that either are not important enough to the person that has the keys for them to protect. If I have the keys, and the only keys to my secret $1,000,000,000 lottery ticket, I will pretect it fiercely. Give it to my secretary who has no interest or knowledge of what it protects and she will write the key on a note
---"What did I say that sounded like 'Tell me about your day?'"---
CIA/Banks don't need public key cryptography (which is the only kind quantum computing could break, assuming they ever get it working).
If I was the CIA or a Swiss bank I'd be using 3DES - invented in the 70s and one of the most analyzed algorithms in all of history.
Like he says, the algorithm isn't the problem, it's the people who write choose crappy passwords. This is why the USA eventually dropped restrictions on crypto export - it's much easier to install a key logger or guess a password than to crack even a medium strength cipher.
No sig today...
Enlighten us... who said public key cryptography was pointless in the beginning?
ObCasinoRoyale
Even 3DES (or variations on it) is strong enough for all practical security problems.
AES was mainly developed because software DES is very inefficient, not because DES was broken*.
It's hard to see a practical benefit to developing new algorithms. Much better to devote the effort to analyzing the existing ones.
[*] Obviously plain 56-bit DES is quite weak these days but 3DES is still secure for the foreseeable future.
No sig today...
Bruce,
Whose attack are we defending from here? And who's being attacked? When you say there's no commercial value and only a few technophiles will use it, do you also include well-funded adversaries and governments in the commercial category -- or are they the technophiles?
I'm sure we all can think of many applications where it's a lot easier to attempt interception than go after the endpoints which would be heavily guarded and/or have highly trained personnel who would die rather than divulge information.
Obviously Quantum Cryptography isn't for individuals. I don't believe it was ever touted as such. But there are many technologies that are in use today that are very expensive and not meant for individuals. Probably the biggest example, literally, I can think of, is an aircraft carrier -- are you going to tell me it isn't worthy just because it's somewhat easier to sneak onto it a small boarding party than torpedo/bomb and sink without early detection?
I simply think you're mistaken in your dismissal. Although, I'm surprised you didn't think about the other scenarios besides a stake. Anyone using QC isn't going to use the equivalent of a stake for security. QC is more like an aircraft carrier and not a better deadbolt.
I thought the point of quantum cryptography was to break codes. Ie it provides a good algorithm to factor large numbers into primes, thus allowing governments with large expensive quantum computers to crack various SSL or other encrypted traffic. So I guess the economic value is that it provides a market (namely spy agencies) for expensive quantum computers.
Quantum encryption seems to fill a very particular niche (point to point communications) and doesn't seem to apply well to common encryption use cases (SSL , email encryption etc).
If public key encryption is broken, quantum encryption isn't going to be a good replacement for it for most things.
Boffoonery - downloadable Comedy Benefit for Bletchley Park
. . . "Using advanced quantum cryptography technologies, this system is unbreakable," announced the joint US and British officers in charge of the system, Aldrich Ames and OBE Kim Philby . . .
Sadly, the US Intelligence [sic] Services tend to rely too much on SIGINT instead of HUMINT.
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
What about the benefits of communicating under hundreds of feet of water without transmitting your location.
I didn't know Bruce Schneier is Chuck Noris' student.
...is obviously what we need. Get to work, Bruce.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
It is rather pointless to argue that there is no use for quantum cryptography because the current methods of distributing keys are strong enough for most users and the weakest link is usually somewhere else. If some companies, agencies, etc. decide to adopt an expensive quantum physics-based key distribution system, they will probably know quite well why they are putting money into it. You surely know that some IBM chap once said "There is a world market for about five computers." Fine. Nowadays, there is a world market for about five billion computers, but that's not the point. The point is that back then some companies were not reluctant to develop computers for that small market, and so are the folks who develop quantum key distribution systems today. Who knows, maybe it'll be commonplace technology in a few decades.
where's all that Karma?
But of course that's what they'd want you to think, isn't it?
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
I think quantum encryption of this variety could have an incredible practical application: true democracy. The internet has continued to make the world a smaller place, a trend I feel is only going to continue. One of the things relevant to this is that we can cut out the middleman. Geographically scattered groups can get together and form a single lobbying group as it is, for instance the huge Ron Paul fundraiser sites.
We can take this to the next level and actually be able to vote from home, on everything, eliminating the need for a representative democracy by instituting the purest form. Government would need some fundamental changes (namely expressly limiting the powers of each level of government, with the local town or county having the greatest power) but it could function as a real democracy.
The organizations that are going to spend the big bucks on quantum crypto are the ones that *will* keep the back door shut, i.e. have strong passwords and secure network policies - they're identified the need to communicate securely as a top priority, and they're willing to do what it takes to support the whole process. who cares if your average corporate network doesn't implement it, or implements it poorly?? it's more about extending the capability ceiling for specialized uses than it is about securing every meaningless email that you send out.
Comment removed based on user account deletion
Quantum cryptography is NOT an encryption scheme, it's an evesdropper detection system for a key exchange system. QC does NOT encryption the session key; it merely tells you that no one was listening in on that session key in flight. No QC system does anything about the payload and that's handled by traditional symmetric key encryption. The QC system is merely an alternative to aymmetric key exchange systems such as Diffie Hellmann, RSA, or ECC.
As a key exchange system, QC is extremely expensive at around $50K per box and it's also limited in range. It has zero mobility because you have to calibrate two fixed points. If you wanted to avoid asymmetric key exchange systems, it would be cheaper and more flexible to personally fly to the other site and hand deliver the encryption key. So this is one of the few times where I think Bruce makes a great point.
I have been there, and can give my impresson. I think, this is a big milestone for quantum cryptography. This has been the most massive and convincing demonstration of the technology up to the date, nothing like any before. Yet, it seems to have received relatively little press attention.
The demonstration was a conclusion of an European project in which several tens of research groups collaborated. The main thing it produced are network protocols for a quantum cryptography network. Several months ago, the plan for this demo was four quantum cryptographic links. However, it was easy to plug any quantum crypto link into the network, so six research groups and one commercial company ended up bringing their systems to Vienna (the latter, idQuantique, actually contributed three links to the network).
Out of these nine systems, seven performed flawlessly for several days, one worked for half an hour and then died (the secure key produced in the first half an hour was still used by the network; the failure was blamed on a software problem in that system), and one prototype did not quite survive the flight to Vienna (hard disk was trashed by baggage handlers). Given that most of the systems were research prototypes, the statistics actually looks good to me.
Since the network topology allowed for redundant paths between most of the nodes, the actual failure of one link and simulated failure of another did not prevent the network from operating. (The network topology on the picture as not quite complete: at the last moment, eighth link and one more node were added off the topmost node.) During the demo, there were shown securely encrypted video links between the nodes, and telephone calls. The video links were encrypted with AES with session keys provided by the network. The telephone calls were encrypted with one-time-pad provided by the network. Resiliency to failures was demonstrated: one link was broken on purpose (eavesdropping was simulated by inserting a polarizer, I think), and a key store in another was exhausted during one of the one-time-pad encrypted telephone calls. In both cases, the key distribution was automatically re-routed through other paths and nodes.
The network software implemented so far requires all nodes be trusted and secure. However, I know that algorithms are under development that would allow secure key distribution in a bigger network where up to a certain percentage of nodes might have been compromised.
The demo was on the first day of the meeting. The other two days were just a very good research conference, with no press attending. (I apologize if I got some details above not fully correct.)
Regarding Schenier's position, I respect it but it might be too short-sighted and grounded. And pessimistic. Remember the famous sayings how many computers the world has maybe a market for (five), 640 kB should be enough for everybody, and so on. Classical cryptography has a nasty property to be retroactively crackable. One can record the encrypted classical communication now, wait until it is broken, decipher. Puff, your old secret is suddenly public. For some types of secrets, this is just not an option. Also, Schenier conveniently misses the fact that one can use one-time-pad with quantum key, the combination IS unbreakable, and quantum key distribution speeds steadily improve.
A final remark, there appear to be three commercial companies actually selling quantum key distribution equipment:
17779 eligible voters in a district, 17779 'vote' as one. This is Russia.
...but as soon as I release my algorithm which factors the products of large prime numbers in log(n) time, they will be begging for quantum crypto.
Or switch to elliptic curve algorithms which use completely different math, and have the same security using a much lower number of bits (and thus are quicker and can be stored in less space).
How smart is their password checking? Sure, it may be good enough to reject "11012008" for next month's password, but what about "8002voN10"? No sticky note needed, just your calendar!
The issue isn't in the encryption, it's in the users. For instance, I surf the internet in a birthday suit. No firewall besides my gateway, and no spyware detection, and no persistent AV. I use Firefox so I'm not vulnerable to activeX bugs, and anything sketchy I download I scan with avg before opening. I am smart about what I open, and I trim the fat of all unnecessary subscription listings I might have ended up on so I receive fewer message (and spend less time/effort filtering the useful from the spam/spyware).
If I could teach everybody I know how to treat the internet the same way I do, all their computers would run a hell of a lot faster and I would never have to waste time fixing their computers again (we can all dream can't we?).
BTW, I password protect anything internet related that is not public (all but websites) because I have tried a port scanner before and know how easy it is to get pub space on a remote network with a little effort and a little knowledge. That includes strict security, like ban a user from my ftp server if the fail the password 5 times in a row.
Yeah, tell that to the militaries and governments of the world, who will be interested in QCryptography not only for the nearly unbreakable security, but (even more importantly) in using QComputing to break existing security measures.
I'm sure he's a genius, but it doesn't sound like he's thought this aspect totally through. It's an arms race... like it always has been.
If you can read this... 01110101 01110010 00100000 01100001 00100000 01100111 01100101 01100101 01101011
Especially the kind implemented with rubber hoses.
``Tension, apprehension & dissension have begun!'' - Duffy Wyg&, in Alfred Bester's _The Demolished Man_
To equate "pointless" and "of no commercial value" makes no sense. Academic research is certainly not pointless, but often it is of no commercial value, even in the long term.
...is actually pointless (that is, of no commercial value)...
It's an interesting definition of "pointless" he's got there; symptomatic of the ultra-capitalistic mindset that has just been demonstrated to be far from optimal by the current financial crisis. Look at it this way: He is saying that the only thing that matters in the world is whether you can make a profit. This is the ideological basis for such things a the lack of regulations that have brought us the crisis; it is also the reason why making a fast profit has been giving priority over long-term financial stability in so many companies, banks not least.
Apart from that - basic research is not pointless, even if there are no short-term profits to be made. Basic research is necessary because we are not able to tell what we are going to need to know in the future - take the early research into quantum mechanics. It was basic research, utterly pointless according to this definition, but we wouldn't have semiconductors today, and thus no PCs nor the endless numbers of electronic gadgets we have now, were it not for that "pointless" research.
It really is time to stop dreaming about "the market" as something magical that will sort everything out for us without requiring us to think and take responsibility.
I hope you realize that you've just pulled the shortest summary of the Emperor's New Clothes story.
The slightly longer version is this: an Emperor hired two... well, what today we'd call consultants or contractors, to weave him the most fabulous clothes ever made. So the guys just wasted the time and lived the good life on the Emperor's money, and not only they were nowhere near getting read, they hadn't even _started_. (Or maybe they were still painting UML sketches to seem like they're doing something;) So at one point, when the project was waaay overdue already, the Emperor started to want to see some results. So the two guys tell him that their cloth is so special that only very smart people see it, and stupid people can't see it at all. And they pretend to show him some empty air. Fearing that people will catch on that he's stupid, the emperor pretends to see the cloth. Then the same charade is repeated with the nobles and advisors, who too pretend to see the fabulous cloth. And when they have to pretend to be ready, they "dress" the emperor in the new "clothes" and parrade him naked through town, where the townspeople too pretend to see the clothes, lest someone catches wind that they're stupid.
In the original story, a kid shouting "the emperor is naked" is all it takes to unralvel the whole charade. IRL, most likely the people would have patted each other on the back and congratulated each other for not being as stupid as that simpleton child.
And I find that the story is an almost literal example of the burgeoning snake-oil business in IT nowadays. The exact same excuse is used: "if you can't see the fabulous benefits of our snake oil, it's only because you're stupid, ignorant, a has-been, a dinosaur, etc." You could rewrite the same story with "security/programming/IT consultants" as the two con artists, "reduced TCO" or "synergy" or "security" or "scalability" or any other buzzword-du-jour for the non-existent clothes, and cast a CIO and his yes-men as the emperor and his court... and the story wouldn't even be a fable. It would be a documentary of something that literally happens every day, exactly like that.
Well, except that they'd fire the guy shouting "the emperor is naked", congratulate each other for getting rid of that incompetent has-been, and pay for the rest of their lives to keep that crap snake-oil running. In our days, the two con artists get a fat maintenance contract to keep the Emperor's new clothes in best shape.
Now I don't know if Bruce is right or wrong, but you haven't addressed that either. You just decided that he's too stupid if he doesn't drink the Kool Aid. It's the Emperor's New Clothes all over again.
A polar bear is a cartesian bear after a coordinate transform.
One of the biggest problems with quantum crypto is its reliance on trusted relays. Quantum crypto is not end-to-end. Quantum crypto only works for original photons. However, it's pretty rare that you have a single strand of fiber between you and your far end. This means that you're trusting your service provider(s) to secure all the relays in-between. Given the AT&T/NSA fiasco, I can't imagine trusting them with that power.
Can't remember offhand but check out "The Code Book" by Simon Singh it has a lot of really interesting crypto history.
Anyways back when it was invented (twice actually, first time by british military intelligence and kept secret so Rivest, Shamir and Adleman could invent it later) it required way too much resources to be usable for field agents/general use.
Schneier talks about quantum crypto having no future; he points out that security is a chain that's as strong as its weakest link.
It's true that today, provided you're up-to-date on the research and don't accidentally create a weak key, something like RSA is extremely secure. However, to say it has no future is to basically say that nobody will ever find a way to definitively break RSA.
That seems quite narrow of him, for one because factorisation has not been proved to take exponential time, but even more so because he's saying a sufficiently powerful quantum computer will NEVER be built. In 30 years if you can buy a quantum computer that factors 8192-bit RSA in the time it takes to factor 128-bit RSA today, then using classical crypto would effectively become the equivalent of using "love", "sex", or "god" as your password.
But it's not pointless. As computers get faster and faster, eventually it will be trivial to brute force current encryption techniques. This is why we need to invent new ones that are harder to crack, so that we can always encrypt our data. Just because what we have works for now doesn't mean it will work forever. I don't want someone with a uber-Pentium999 to be able to crack my file in 50 years because we have no crypto that works!
So lets not leave open another attack vector, at least now they have to have physical access to the person's desk to look under their keyboard! We can focus on improving that while inventing quantum crypto.
If you take the view that quantum cryptography secures your data, then you're right, there are other problems. However there is big business in securing point-to-point links. Just ask NSA. The problem is you pretty regularly have to completely change out your equipment as new encryption algorithms are weakened or as computers increase in speed. With quantum cryptography, you could theoretically have the same encryption equipment for decades saving large amounts of money on replacing equipment.
I do security
"The math behind public key cryptography (the difficulty of factoring large integers), was considered pointless in the beginning."
I.E. the underlying technology was relegated to a minor curiousity, something mathematicians did on their spare time rather than an intensive research interest. Which made sense, who wants to figure out exactly how difficult a problem is to solve, we want to actually solve them. However, once an application was found for this math, a 10 Billion Dollar business ensued.
So, while it seems pointless now, someday, someone may find something interesting and novel to use this quantum mumbo jumbo for.
~Sticky
Where are my mod points when I need them? Alas, I fear your references were too old for most of these kids to get it...
---dragoness
If the point is commercial success, then we don't need to convince geeks or slashdotters that it is secure, we have to convince Aunt Milly that she should use it.
Aunt Milly will not be impressed with technology, nor by fancy words like quantum, nor by the impressive names of the vendor companies, nor by the endorsements of accrediting bodies she never heard of.
I think that Aunt Milli will never buy and use encryption unless she is told by her parish priest, or by the likes of Oprah Winfrey or Ed McMahon that she should buy it, trust it and use it.
We don't need technology, we need celebrity endorsements.