Slashdot Mirror
Schneier Calls Quantum Cryptography Impressive But Pointless
KindMind writes "Bruce Schneier writes in Wired that quantum cryptography, while an awesome technology, is actually pointless (that is, of no commercial value). His point is that the science of cryptography is not the weak point, but the other links in the chain (like people, etc.) are where it breaks down."
...but as soon as I release my algorithm which factors the products of large prime numbers in log(n) time, they will be begging for quantum crypto.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
Are now running for their jobs.
Thanks bruce.
NO SIG
meow
It is pretty hard to argue that point as long as the world of security is a mass of users who leave passwords on sticky notes under the keyboard(Ultimate Hiding Spot!), accounts whose passwords can be reset with a mother's maiden name, and banks less interested in customer security than WoW is.
My (admittedly layman's) understanding is that, barring dramatic advances in factorization algorithms, or extraordinary advances in the computers running them, classical asymmetric key cryptography is more than adequate(plus the convenient advantages of working over data links that aren't spiffy optical fiber).
It has been and still is true that adept social engineering can break any security scheme, due to the vulnerability of the people involved. However, saying that it is pointless is about as valid as saying that the exploration of outer-space is pointless.
I don't think I need to explain that any further to this crowd.
Of blankness, I know nothing.
Someone encrypt his hard drive with quantum encryption...see how pointless it is then!
Obligatory blog plug: http://www.caseybanner.ca/
Encryption is easy. Authentication is hard. Quantum cryptography is a solution of the wrong problem.
That's what they said about public key cryptography in the beginning too. And it defined an entire industry. ~Sticky
Quantum cryptography may appear like serious matter on close inspection, but when you look away, it's just a wave.
Do not trust this signature.
I have always thought of quantum cryptography more as something for CIA-to-Pentagon or Swiss-bank-to-Swiss-bank kinds of communication, not something for Aunt Tillie. I think the vulnerability of the system depends on who's using it.
[Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
What a pussy.
Bruce has said this dozens of times before this, and he's right. Quantum Cryptography (or alternatively, Quantum Key Distribution) has no commercial application today, outside of (maybe) a few paranoid and high-security government applications. But the latter can hardly be much of a commercial application, since the existence of a large government market would send a strong signal that governments aren't confident in existing cryptographic algorithms. That would be a bad signal to send.
Furthermore, QKD networks have issues including side channel attacks, where the machinery for transmitting/receiving photons actually leaks information via EM emissions, measurable power consumption, or even sound. In fact, one of the big issues they've had in research networks is that historically the transmission machinery has been noisy as hell.
That's what I was thinking as I read a bunch of these posts. The only thing quantum computing and quantum encryption have in common is the word "quantum."
Quantum computers use the superposition of states to form qubits used to do computations using multiple numbers at the same time.
Quantum encrypting uses polarization of light and different alignments of filters to communicate a shared key used to encrypt data. If someone's listening in, they will disturb the polarization causing red flags to go up during the communication of the key. That tells you it's not safe to transmit the message. Furthermore, even if you did, it would just be garbled anyway.
The downside to quantum encryption is that you have to have an uninterrupted fiber optic line from one point to the other. If, at any point, that line has to go through a switch of some sort, you now have a weak point in the encryption where someone can be listening in without you knowing.
It's probably important, too, to point out that we have both quantum computers and quantum encryption. However, the current quantum computers don't have nearly enough qubits to be a threat to public key encryption and the single fiber optic line constraint of quantum encryption is holding it back.
Until quantum computers have thousands of qubits and are easily obtainable, we don't have much to worry about anyway.
This post approved by Shampoo.
Quantum encryption seems to fill a very particular niche (point to point communications) and doesn't seem to apply well to common encryption use cases (SSL , email encryption etc).
If public key encryption is broken, quantum encryption isn't going to be a good replacement for it for most things.
Boffoonery - downloadable Comedy Benefit for Bletchley Park
Don't you think that the optical fiber you're dragging behind the sub will be a dead giveaway?
I'm aging rapidly, I bought a new game and had no idea if my machine was good for it.
It isn't a new algorithm, it's a secure method to share a secret. You use the photon states to establish a shared secret and then used that shared secret as the key for a one-time pad (which is unbreakable). No one can eavesdrop the key exchange because quantum mechanics prevents that, and no one can break the one-time pad used for transmission of the actual payload over conventional lines, because it is mathematically unbreakable.
If you were the CIA you'd be using AES as that is the US Government standard.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
It is rather pointless to argue that there is no use for quantum cryptography because the current methods of distributing keys are strong enough for most users and the weakest link is usually somewhere else. If some companies, agencies, etc. decide to adopt an expensive quantum physics-based key distribution system, they will probably know quite well why they are putting money into it. You surely know that some IBM chap once said "There is a world market for about five computers." Fine. Nowadays, there is a world market for about five billion computers, but that's not the point. The point is that back then some companies were not reluctant to develop computers for that small market, and so are the folks who develop quantum key distribution systems today. Who knows, maybe it'll be commonplace technology in a few decades.
where's all that Karma?
Comment removed based on user account deletion
I have been there, and can give my impresson. I think, this is a big milestone for quantum cryptography. This has been the most massive and convincing demonstration of the technology up to the date, nothing like any before. Yet, it seems to have received relatively little press attention.
The demonstration was a conclusion of an European project in which several tens of research groups collaborated. The main thing it produced are network protocols for a quantum cryptography network. Several months ago, the plan for this demo was four quantum cryptographic links. However, it was easy to plug any quantum crypto link into the network, so six research groups and one commercial company ended up bringing their systems to Vienna (the latter, idQuantique, actually contributed three links to the network).
Out of these nine systems, seven performed flawlessly for several days, one worked for half an hour and then died (the secure key produced in the first half an hour was still used by the network; the failure was blamed on a software problem in that system), and one prototype did not quite survive the flight to Vienna (hard disk was trashed by baggage handlers). Given that most of the systems were research prototypes, the statistics actually looks good to me.
Since the network topology allowed for redundant paths between most of the nodes, the actual failure of one link and simulated failure of another did not prevent the network from operating. (The network topology on the picture as not quite complete: at the last moment, eighth link and one more node were added off the topmost node.) During the demo, there were shown securely encrypted video links between the nodes, and telephone calls. The video links were encrypted with AES with session keys provided by the network. The telephone calls were encrypted with one-time-pad provided by the network. Resiliency to failures was demonstrated: one link was broken on purpose (eavesdropping was simulated by inserting a polarizer, I think), and a key store in another was exhausted during one of the one-time-pad encrypted telephone calls. In both cases, the key distribution was automatically re-routed through other paths and nodes.
The network software implemented so far requires all nodes be trusted and secure. However, I know that algorithms are under development that would allow secure key distribution in a bigger network where up to a certain percentage of nodes might have been compromised.
The demo was on the first day of the meeting. The other two days were just a very good research conference, with no press attending. (I apologize if I got some details above not fully correct.)
Regarding Schenier's position, I respect it but it might be too short-sighted and grounded. And pessimistic. Remember the famous sayings how many computers the world has maybe a market for (five), 640 kB should be enough for everybody, and so on. Classical cryptography has a nasty property to be retroactively crackable. One can record the encrypted classical communication now, wait until it is broken, decipher. Puff, your old secret is suddenly public. For some types of secrets, this is just not an option. Also, Schenier conveniently misses the fact that one can use one-time-pad with quantum key, the combination IS unbreakable, and quantum key distribution speeds steadily improve.
A final remark, there appear to be three commercial companies actually selling quantum key distribution equipment:
17779 eligible voters in a district, 17779 'vote' as one. This is Russia.
And what references do you have on this information? Your ass, I suppose.
I work with quantum computing. You forgot to say that qubits aren't some magical beings that appear out of the thin air, they have to be physically implemented somehow. And, IMHO, using polarization of light is the most promising technique. And you can transmit quantumly encrypted information via any system that can be used to make qubits.
Quantum computing and quantum crypto have everything in common. In fact, quantum crypto is one tiny consequence of quantum computation and information.
The point is, quantum crypto was never intended to be used as the standard encryption, just a perfectly (yes, perfect. Not even quantum computers can break it.) secure means of transmitting a small amount of critical information. To be used, let's see, to transmit private keys of classical crypto, or attack orders in times of war, that kind of stuff.
And to break RSA isn't that big a deal. It appears that quantum computers can't accelerate considerably the solution of NP-complete problems. So, we could move from the factorization of a large number to finding a hamiltonian cycle of a graph.
entropy happens
Shut your mouth!
I think you need to read some facts about Bruce Schneier!
http://geekz.co.uk/schneierfacts/
This is my footer. There are many like it, but this one is mine.
...is actually pointless (that is, of no commercial value)...
It's an interesting definition of "pointless" he's got there; symptomatic of the ultra-capitalistic mindset that has just been demonstrated to be far from optimal by the current financial crisis. Look at it this way: He is saying that the only thing that matters in the world is whether you can make a profit. This is the ideological basis for such things a the lack of regulations that have brought us the crisis; it is also the reason why making a fast profit has been giving priority over long-term financial stability in so many companies, banks not least.
Apart from that - basic research is not pointless, even if there are no short-term profits to be made. Basic research is necessary because we are not able to tell what we are going to need to know in the future - take the early research into quantum mechanics. It was basic research, utterly pointless according to this definition, but we wouldn't have semiconductors today, and thus no PCs nor the endless numbers of electronic gadgets we have now, were it not for that "pointless" research.
It really is time to stop dreaming about "the market" as something magical that will sort everything out for us without requiring us to think and take responsibility.