Slashdot Mirror

← Back to Stories (view on slashdot.org)

Schneier Calls Quantum Cryptography Impressive But Pointless

Posted by timothy on from the science-fair-project dept.

KindMind writes "Bruce Schneier writes in Wired that quantum cryptography, while an awesome technology, is actually pointless (that is, of no commercial value). His point is that the science of cryptography is not the weak point, but the other links in the chain (like people, etc.) are where it breaks down."

22 of 233 comments (clear)

  1. Of course he does by Anonymous Coward · · Score: 0, Insightful

    He's too old to become a player in it, and maybe not even smart enough. Time for retirement Bruce.

  2. sure... by Lord+Ender · · Score: 4, Insightful

    ...but as soon as I release my algorithm which factors the products of large prime numbers in log(n) time, they will be begging for quantum crypto.

    --
    A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
    1. Re:sure... by A+non-mouse+Coward · · Score: 1, Insightful

      I agree. If the quantum crypto community wants to use that quantum computing power to factor the large primes in RSA, then the quantum computing community could justify selling us their quantum crypto. Make a need, sell a solution.

      In reality, it's always going to be the "endpoints" that are the problem. We still cannot even know with 99.999% certainty that a transaction to a remote application came from a specific user. We use bloated software with tens of millions of lines of code. Even the best error rates per thousand lines of code suggests a nearly uncountable number of bugs in any common OS (FOSS included), any of which could open up a channel for an adversary to do anything with data that you could do ... but without your knowledge.

      Researchers should leave the crypto alone and catch up the end points first. Once we have formally (mathematically) provably secure code running on our machines (on the same level that we can prove that the proverbial "Eve" can't brute force Alice's and Bob's eternal public key crypto), then we can revert to crypto research.

      --
      libertarian: (n) socially liberal, financially conservative; neither left, nor right.
    2. Re:sure... by cowscows · · Score: 4, Insightful

      Yeah, but in any commercially useful application of the technology, you're going to have computers at each end dealing with the data once it's decrypted.

      That's Schneier's whole point really. The weak link isn't actually sending encrypted data, it's dealing with the data at either end of chain. For the data to be useful, it has to be decrypted at some point in time, and the listener's computer has to know how to do the decryption. An attacker isn't going to attack the encrypted data stream. They're going to attack either the source or the listener, and either get the stored decrypted data, or get the stored encrypted data and the necessary info to decrypt it.

      If your total communications network consists only of a encrypted communications line, plus a computer on each end, and both of those computers have no other connection to any other sort of network, and also have foolproof physical security, then maybe the encryption line might become the weakest point. But in the real world, computers are generally interconnected with many others, allowing lots of directions to attack from.

      Unless someone comes up with some amazing breakthrough that makes factoring very large numbers trivial, there aren't really any practical cases where the encrypted data stream is the likely target of an attack.

      --

      One time I threw a brick at a duck.

    3. Re:sure... by h4rm0ny · · Score: 4, Insightful


      Taking care of the human and physical security is my business. It's the encryption technology that I can't control / verify. So give me encryption that I can trust and I'll be able to assess my security based on the things that I can control / verify myself. Schneier has no business telling me "your set up is flawed so there's no point in giving you secure encryption." It's for me to judge and all I want is to ensure that no weak links come in from outside my control, i.e. a flawed algorithm or technology.

      --

      Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
    4. Re:sure... by stony3k · · Score: 4, Insightful

      What he's actually telling you is that the existing encryption is good enough. You really need to spend more time fixing the human problems since that's where most of the attacks come from.
      He's basically telling that we've reached or are close to the point of diminishing returns, where advances in cryptology (newer algorithms or quantum crypto) can no longer be justified based on the increase in cost for these advances versus the % of attacks on existing crypto.

      --
      Freedom is not worth having if it does not include the freedom to make mistakes. - Mahatma Gandhi
    5. Re:sure... by sarkeizen · · Score: 2, Insightful

      It's the encryption technology that I can't control / verify.

      First of all lets define what is being discussed: Bruce is talking about Quantum Cryptography that is to say a Quantum Key Distribution System.

      Now...let's kick your ignorant ass.

      A Quantum Key Distribution system isn't really any more under your control or verifiable by you than one that uses SSL. Both can have flawed implementations both are probably way beyond your skill set to verify.

      So give me encryption that I can trust

      A quantum key distribution system is NOT unbreakable encryption. Period. It simply gives you perfect assurance that your encryption keys are given (and hopefully known) only to the person they are intended.

      You still need an encryption algorithm to USE those keys. That algorithm could be the worst one on the planet.

      Schneier has no business telling me "your set up is flawed so there's no point in giving you secure encryption."

      What he seems to be talking about is relative risk. One of those things I find that people, the media, bloggers and especially you are inordinately bad at evaluating.

      Key transmission is not only one of the things we generally don't have to worry about it doesn't even seem to appear on your list of ignorant gripes...

      to wit:

      It's for me to judge and all I want is to ensure that no weak links come in from outside my control, i.e. a flawed algorithm or technology.

      And QKDS doesn't fix a flawed encryption algorithm or a flawed implementation.

    6. Re:sure... by Anonymous Coward · · Score: 2, Insightful

      But as you point out, I'm ignorant and it's beyond my skill set to verify the technical aspects of a security method (I can only verify my configuration of it against my reading)

      Let's just go over this slowly, then, so you'll understand.

      1. Quantum Cryptography is not encryption, it's key exchange.

      2. It does not guarantee that nobody was listening. Only that you will know if somebody was listening. That's why it's only for key exchange. You exchange the key, and if someone was listening, you throw away the key and try again.

      3. Once you have a key that nobody else have seen, you use *regular* symmetric encryption (like AES) for the message itself.

      Now, given that you can already use AES without Quantum anything, can we do the key exchange part with the guarantee that noone saw the key with simpler technology?

      The answer is yes. There exists a method so simple that even an ignorant can understand it. It's called "bringing the key over yourself". Not "having someone bring over the key", because the security of that depends on if you can trust him or not. But bring the key yourself, then you know if you showed the key to anyone on the way.

      But but but, you might say. A plane trip across the world just to bring over the key is expensive.
      In that case: You missed the part about needing an optic cable from one site to the other. Not an internet connection and a VPN. A dedicated cable. No switches or anything on the way (they would have to listen, just like the attacker, thus breaking everything). What does a cable across the Atlantic cost? A huge lot more than a couple of plane tickets.

  3. While I appreciate the spirit of the article... by hajihill · · Score: 4, Insightful

    It has been and still is true that adept social engineering can break any security scheme, due to the vulnerability of the people involved. However, saying that it is pointless is about as valid as saying that the exploration of outer-space is pointless.

    I don't think I need to explain that any further to this crowd.

    --
    Of blankness, I know nothing.
    1. Re:While I appreciate the spirit of the article... by db32 · · Score: 4, Insightful

      It is pointless. He is absolutely right and it isn't even remotely close to the space exploration issue. He didn't say the research was pointless, he said the practical application of the research is pointless. The crypto isn't the weak point, so making that point stronger is pointless.

      You just spent a million dollars on your uber leet super crypto secure link to transmit your highly classified secret data to your home office. You also wrote the key down on a stickey note on the front of the device and left it posted on your monitor that faces a window. You might as well have used the cheapest encryption available because it isn't a math attack that is going to break it, its stupid user tricks.

      --
      The only change I can believe in is what I find in my couch cushions.
  4. Re:Hard to argue with the general point. by Rogerborg · · Score: 4, Insightful

    Yes, I was thinking of putting a lock on my front door, but then I thought "Fuggit, I'll just forget to lock it sooner or later, so why waste the money?"

    --
    If you were blocking sigs, you wouldn't have to read this.
  5. Re:Hard to argue with the general point. by gnick · · Score: 4, Insightful

    I think your analogy is a little bit off. You've got a front door with a standard lock, a dead-bolt, two chains, and a huge rock sitting behind it for security. Now you're faced with a decision whether or not to upgrade your dead-bolt to a super-duper-heavy-duty-dead-bolt. But, since your wife leaves the garage door wide open 4 days a week and no amount of persuasion will convince her to stop, the decision not to upgrade seems like a no-brainer.

    --
    He's getting rather old, but he's a good mouse.
  6. one less cause of defect by Catil · · Score: 1, Insightful

    I think that having one less cause of defect during a transmisson by completly ruling out that data could either be unknowingly viewed, intercepted or altered by a middleman is a value not to be underestimated. It is certainly not pointless.
    As far as I know, Switzerland already successfully tested it during last year's elections by transfering voting data from a few selected stations to the voting headquarters. Given all the problems with voting machines, that's a quite obvious area of application. However any data might change after the votes, it was not during that transmisson.

  7. Not news by dachshund · · Score: 2, Insightful

    Bruce has said this dozens of times before this, and he's right. Quantum Cryptography (or alternatively, Quantum Key Distribution) has no commercial application today, outside of (maybe) a few paranoid and high-security government applications. But the latter can hardly be much of a commercial application, since the existence of a large government market would send a strong signal that governments aren't confident in existing cryptographic algorithms. That would be a bad signal to send.

    Furthermore, QKD networks have issues including side channel attacks, where the machinery for transmitting/receiving photons actually leaks information via EM emissions, measurable power consumption, or even sound. In fact, one of the big issues they've had in research networks is that historically the transmission machinery has been noisy as hell.

  8. Re:Hard to argue with the general point. by Tanktalus · · Score: 4, Insightful

    Which is worse: a password that you can remember, or changing passwords every 30/60/90 days to a new password such that you can never keep up, and thus need to write it down *somewhere*?

    Sometimes, the very processes intended to make us more secure (by forcing a password change regularly) instead make the entire system less secure (because "I forgot my password" too many times and you'll end up out of a job, so better to write it down than to lose your job!).

    Sorry, just griping about new policies at $work.

  9. Re:ummmm by florescent_beige · · Score: 2, Insightful

    Er...

    "Bruce Schneier knows the state of Schroedinger's cat?"

    --
    Equine Mammals Are Considerably Smaller
  10. Who is they? by Chuck+Chunder · · Score: 4, Insightful

    Quantum encryption seems to fill a very particular niche (point to point communications) and doesn't seem to apply well to common encryption use cases (SSL , email encryption etc).

    If public key encryption is broken, quantum encryption isn't going to be a good replacement for it for most things.

    --
    Boffoonery - downloadable Comedy Benefit for Bletchley Park
  11. Re:Hard to argue with the general point. by mapsjanhere · · Score: 2, Insightful

    I don't know, I remember 20 years ago in grad school (damn I'm getting old) people were doing cutting edge research on non-linear optic materials, sure to be the next thing allowing truly optical computers. Worked nice in the lab, and I still haven't seen an optical transistor in any advanced computer I'd bought since. Quantum computing has to make the step from the lab to the usable machine before I start buying into it's amazing predicted powers.
    Plus, their power is only predicted to be amazing against our current popular algorithms, if I have to bet of what's easier, coming up with a new algorithm that is not susceptible to quantum computing brute force attacks or making a quantum computer work, my bet is on the former.

    --
    I'm aging rapidly, I bought a new game and had no idea if my machine was good for it.
  12. Re:Nuclear Subs by mapsjanhere · · Score: 2, Insightful

    Don't you think that the optical fiber you're dragging behind the sub will be a dead giveaway?

    --
    I'm aging rapidly, I bought a new game and had no idea if my machine was good for it.
  13. Re:Nope, he's right... by devman · · Score: 2, Insightful

    It isn't a new algorithm, it's a secure method to share a secret. You use the photon states to establish a shared secret and then used that shared secret as the key for a one-time pad (which is unbreakable). No one can eavesdrop the key exchange because quantum mechanics prevents that, and no one can break the one-time pad used for transmission of the actual payload over conventional lines, because it is mathematically unbreakable.

  14. It's ok to develop stuff for a small user base by danimrich · · Score: 2, Insightful

    It is rather pointless to argue that there is no use for quantum cryptography because the current methods of distributing keys are strong enough for most users and the weakest link is usually somewhere else. If some companies, agencies, etc. decide to adopt an expensive quantum physics-based key distribution system, they will probably know quite well why they are putting money into it. You surely know that some IBM chap once said "There is a world market for about five computers." Fine. Nowadays, there is a world market for about five billion computers, but that's not the point. The point is that back then some companies were not reluctant to develop computers for that small market, and so are the folks who develop quantum key distribution systems today. Who knows, maybe it'll be commonplace technology in a few decades.

    --
    where's all that Karma?
  15. The point of pointless research by jandersen · · Score: 2, Insightful

    ...is actually pointless (that is, of no commercial value)...

    It's an interesting definition of "pointless" he's got there; symptomatic of the ultra-capitalistic mindset that has just been demonstrated to be far from optimal by the current financial crisis. Look at it this way: He is saying that the only thing that matters in the world is whether you can make a profit. This is the ideological basis for such things a the lack of regulations that have brought us the crisis; it is also the reason why making a fast profit has been giving priority over long-term financial stability in so many companies, banks not least.

    Apart from that - basic research is not pointless, even if there are no short-term profits to be made. Basic research is necessary because we are not able to tell what we are going to need to know in the future - take the early research into quantum mechanics. It was basic research, utterly pointless according to this definition, but we wouldn't have semiconductors today, and thus no PCs nor the endless numbers of electronic gadgets we have now, were it not for that "pointless" research.

    It really is time to stop dreaming about "the market" as something magical that will sort everything out for us without requiring us to think and take responsibility.