Slashdot Mirror

← Back to Stories (view on slashdot.org)

Schneier Calls Quantum Cryptography Impressive But Pointless

Posted by timothy on from the science-fair-project dept.

KindMind writes "Bruce Schneier writes in Wired that quantum cryptography, while an awesome technology, is actually pointless (that is, of no commercial value). His point is that the science of cryptography is not the weak point, but the other links in the chain (like people, etc.) are where it breaks down."

31 of 233 comments (clear)

  1. sure... by Lord+Ender · · Score: 4, Insightful

    ...but as soon as I release my algorithm which factors the products of large prime numbers in log(n) time, they will be begging for quantum crypto.

    --
    A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
    1. Re:sure... by Prof.Phreak · · Score: 5, Funny

      factors the products of large prime numbers in log(n) time

      That's easy, just use sqrt(n) computers.

      --

      "If anything can go wrong, it will." - Murphy

    2. Re:sure... by moderatorrater · · Score: 3, Interesting

      Quantum crypto does just that, if I remember correctly. Because of the nature of quantum mechanics, you can't intercept the message without simultaneously changing it. Having changed it, you're unable to hide your eavesdropping. The mathematics and science of cryptography is always the strongest thing about security, it's just those darned humans continually screwing things up.

    3. Re:sure... by Lachryma · · Score: 5, Funny

      Give me any large prime, and I will factor it for you instantly!

    4. Re:sure... by cowscows · · Score: 4, Insightful

      Yeah, but in any commercially useful application of the technology, you're going to have computers at each end dealing with the data once it's decrypted.

      That's Schneier's whole point really. The weak link isn't actually sending encrypted data, it's dealing with the data at either end of chain. For the data to be useful, it has to be decrypted at some point in time, and the listener's computer has to know how to do the decryption. An attacker isn't going to attack the encrypted data stream. They're going to attack either the source or the listener, and either get the stored decrypted data, or get the stored encrypted data and the necessary info to decrypt it.

      If your total communications network consists only of a encrypted communications line, plus a computer on each end, and both of those computers have no other connection to any other sort of network, and also have foolproof physical security, then maybe the encryption line might become the weakest point. But in the real world, computers are generally interconnected with many others, allowing lots of directions to attack from.

      Unless someone comes up with some amazing breakthrough that makes factoring very large numbers trivial, there aren't really any practical cases where the encrypted data stream is the likely target of an attack.

      --

      One time I threw a brick at a duck.

    5. Re:sure... by h4rm0ny · · Score: 4, Insightful


      Taking care of the human and physical security is my business. It's the encryption technology that I can't control / verify. So give me encryption that I can trust and I'll be able to assess my security based on the things that I can control / verify myself. Schneier has no business telling me "your set up is flawed so there's no point in giving you secure encryption." It's for me to judge and all I want is to ensure that no weak links come in from outside my control, i.e. a flawed algorithm or technology.

      --

      Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
    6. Re:sure... by stony3k · · Score: 4, Insightful

      What he's actually telling you is that the existing encryption is good enough. You really need to spend more time fixing the human problems since that's where most of the attacks come from.
      He's basically telling that we've reached or are close to the point of diminishing returns, where advances in cryptology (newer algorithms or quantum crypto) can no longer be justified based on the increase in cost for these advances versus the % of attacks on existing crypto.

      --
      Freedom is not worth having if it does not include the freedom to make mistakes. - Mahatma Gandhi
    7. Re:sure... by hellop2 · · Score: 4, Funny

      Yeah, but it's a small infinity.

      --
      How many more years will slashdot have an off-by-one error on your Score in your profile?
  2. A billion photons... by alexborges · · Score: 5, Funny

    Are now running for their jobs.

    Thanks bruce.

    --
    NO SIG
    1. Re:A billion photons... by The+Moof · · Score: 5, Funny

      No need to worry, I'll just observe them and put them out of their misery.

  3. ummmm by EncryptedSoldier · · Score: 5, Funny

    meow

    1. Re:ummmm by grcumb · · Score: 3, Funny

      Er...

      "Bruce Schneier knows the state of Schroedinger's cat?"

      Actually, he remains ambivalent until someone asks him.

      --
      Crumb's Corollary: Never bring a knife to a bun fight.
  4. Hard to argue with the general point. by fuzzyfuzzyfungus · · Score: 4, Interesting

    It is pretty hard to argue that point as long as the world of security is a mass of users who leave passwords on sticky notes under the keyboard(Ultimate Hiding Spot!), accounts whose passwords can be reset with a mother's maiden name, and banks less interested in customer security than WoW is.

    My (admittedly layman's) understanding is that, barring dramatic advances in factorization algorithms, or extraordinary advances in the computers running them, classical asymmetric key cryptography is more than adequate(plus the convenient advantages of working over data links that aren't spiffy optical fiber).

    1. Re:Hard to argue with the general point. by Rogerborg · · Score: 4, Insightful

      Yes, I was thinking of putting a lock on my front door, but then I thought "Fuggit, I'll just forget to lock it sooner or later, so why waste the money?"

      --
      If you were blocking sigs, you wouldn't have to read this.
    2. Re:Hard to argue with the general point. by gnick · · Score: 4, Insightful

      I think your analogy is a little bit off. You've got a front door with a standard lock, a dead-bolt, two chains, and a huge rock sitting behind it for security. Now you're faced with a decision whether or not to upgrade your dead-bolt to a super-duper-heavy-duty-dead-bolt. But, since your wife leaves the garage door wide open 4 days a week and no amount of persuasion will convince her to stop, the decision not to upgrade seems like a no-brainer.

      --
      He's getting rather old, but he's a good mouse.
    3. Re:Hard to argue with the general point. by CroDragn · · Score: 5, Interesting

      The problem is that in the next 10-20 years there will be a extrordinary advance in commercial computers. Quantum computers, which are fantastic at breaking present day encryption, have made some major advances in the lab recently, and it wouldn't surprise me to see them operating at the government/corporate level within 20 years or so. Once these are in place, normal security will be very weak and something such as quantum security schemes will be required for most applications. So yes, quantum security is useless now, but hopefully research into it will provide with a practial model about the same time quantum computers make it necessary.

    4. Re:Hard to argue with the general point. by Tanktalus · · Score: 4, Insightful

      Which is worse: a password that you can remember, or changing passwords every 30/60/90 days to a new password such that you can never keep up, and thus need to write it down *somewhere*?

      Sometimes, the very processes intended to make us more secure (by forcing a password change regularly) instead make the entire system less secure (because "I forgot my password" too many times and you'll end up out of a job, so better to write it down than to lose your job!).

      Sorry, just griping about new policies at $work.

    5. Re:Hard to argue with the general point. by CrashPoint · · Score: 4, Funny

      And what good is that plane-proof roof going to be when the Mole People come tunneling up through your foundation?

    6. Re:Hard to argue with the general point. by bornwaysouth · · Score: 3, Funny

      No problem. I live in a total concrete and steel, all-walls, roof and floor, bunker.
      Made by a big International company - bin Laden Group, based in Jidda.
      Works perfectly.

      To communicate with you, I am thumping on the walls.

      If you are listening, could you please cut a hole in the wall.
      An upgrade is necessary - I need air.

  5. While I appreciate the spirit of the article... by hajihill · · Score: 4, Insightful

    It has been and still is true that adept social engineering can break any security scheme, due to the vulnerability of the people involved. However, saying that it is pointless is about as valid as saying that the exploration of outer-space is pointless.

    I don't think I need to explain that any further to this crowd.

    --
    Of blankness, I know nothing.
    1. Re:While I appreciate the spirit of the article... by db32 · · Score: 4, Insightful

      It is pointless. He is absolutely right and it isn't even remotely close to the space exploration issue. He didn't say the research was pointless, he said the practical application of the research is pointless. The crypto isn't the weak point, so making that point stronger is pointless.

      You just spent a million dollars on your uber leet super crypto secure link to transmit your highly classified secret data to your home office. You also wrote the key down on a stickey note on the front of the device and left it posted on your monitor that faces a window. You might as well have used the cheapest encryption available because it isn't a math attack that is going to break it, its stupid user tricks.

      --
      The only change I can believe in is what I find in my couch cushions.
    2. Re:While I appreciate the spirit of the article... by tyler.lee · · Score: 4, Informative

      Social Engineering is definitely the weakest link! I can't remember where I found the article, but it was about a team of guys (tiger team) who STRICTLY used social engineering to obtain confidential information from companies. Including employee records with SSN's, with a 100% success rate. They have never walked out of a building without getting what they came in for...and this is all done from walking around inside the building.

    3. Re:While I appreciate the spirit of the article... by db32 · · Score: 3, Informative

      no you missed the point. I am well aware that no real crypto system even in use today uses "written down" keys. But there are emissions at both ends of unencryoted data. One time pad all you want, your encryption means squat if it is still easy for me to get at your data in unencrypted form. It is way easier to trojanize Bobs computer with promises of naked Alice pictures than to pull a man in the middle attack or code breaking. If I can compromise your data with so many other cheap methods why would I ever care how strong your crypto is? I'm not going to invest in expensive, difficult, and time consuming efforts. He'll I could probably buy off both Alice and Bob for less than the price of anything that could break modern crypto in a reasonable time.

      --
      The only change I can believe in is what I find in my couch cushions.
  6. Solving the wrong problem by Checkered+Daemon · · Score: 5, Interesting

    Encryption is easy. Authentication is hard. Quantum cryptography is a solution of the wrong problem.

  7. What Schneier is trying to say: by paniq · · Score: 5, Funny

    Quantum cryptography may appear like serious matter on close inspection, but when you look away, it's just a wave.

    --
    Do not trust this signature.
  8. Who are the users? by SirGarlon · · Score: 4, Interesting

    I have always thought of quantum cryptography more as something for CIA-to-Pentagon or Swiss-bank-to-Swiss-bank kinds of communication, not something for Aunt Tillie. I think the vulnerability of the system depends on who's using it.

    --
    [Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
  9. Re:I know what to do by KDR_11k · · Score: 5, Funny

    This is Bruce Schneier we're talking about. Bruce Schneier can decrypt quantum encryption by giving it a stern look.

    --
    Justice is the sheep getting arrested while an impartial judge declares the vote void.
  10. What a pussy. by Anonymous Coward · · Score: 4, Funny

    What a pussy.

  11. Re:Quantum Key Exchange not Quantum Computing by SpicyLemon · · Score: 5, Informative

    That's what I was thinking as I read a bunch of these posts. The only thing quantum computing and quantum encryption have in common is the word "quantum."

    Quantum computers use the superposition of states to form qubits used to do computations using multiple numbers at the same time.

    Quantum encrypting uses polarization of light and different alignments of filters to communicate a shared key used to encrypt data. If someone's listening in, they will disturb the polarization causing red flags to go up during the communication of the key. That tells you it's not safe to transmit the message. Furthermore, even if you did, it would just be garbled anyway.

    The downside to quantum encryption is that you have to have an uninterrupted fiber optic line from one point to the other. If, at any point, that line has to go through a switch of some sort, you now have a weak point in the encryption where someone can be listening in without you knowing.

    It's probably important, too, to point out that we have both quantum computers and quantum encryption. However, the current quantum computers don't have nearly enough qubits to be a threat to public key encryption and the single fiber optic line constraint of quantum encryption is holding it back.

    Until quantum computers have thousands of qubits and are easily obtainable, we don't have much to worry about anyway.

    --
    This post approved by Shampoo.
  12. Who is they? by Chuck+Chunder · · Score: 4, Insightful

    Quantum encryption seems to fill a very particular niche (point to point communications) and doesn't seem to apply well to common encryption use cases (SSL , email encryption etc).

    If public key encryption is broken, quantum encryption isn't going to be a good replacement for it for most things.

    --
    Boffoonery - downloadable Comedy Benefit for Bletchley Park
  13. About the quantum network demo by Vadim+Makarov · · Score: 5, Informative
    Schneier's article appears to be a reaction to the recent quantum network demo set up in the city of Vienna and surroundings. For those who missed it, here is some information.

    I have been there, and can give my impresson. I think, this is a big milestone for quantum cryptography. This has been the most massive and convincing demonstration of the technology up to the date, nothing like any before. Yet, it seems to have received relatively little press attention.

    The demonstration was a conclusion of an European project in which several tens of research groups collaborated. The main thing it produced are network protocols for a quantum cryptography network. Several months ago, the plan for this demo was four quantum cryptographic links. However, it was easy to plug any quantum crypto link into the network, so six research groups and one commercial company ended up bringing their systems to Vienna (the latter, idQuantique, actually contributed three links to the network).

    Out of these nine systems, seven performed flawlessly for several days, one worked for half an hour and then died (the secure key produced in the first half an hour was still used by the network; the failure was blamed on a software problem in that system), and one prototype did not quite survive the flight to Vienna (hard disk was trashed by baggage handlers). Given that most of the systems were research prototypes, the statistics actually looks good to me.

    Since the network topology allowed for redundant paths between most of the nodes, the actual failure of one link and simulated failure of another did not prevent the network from operating. (The network topology on the picture as not quite complete: at the last moment, eighth link and one more node were added off the topmost node.) During the demo, there were shown securely encrypted video links between the nodes, and telephone calls. The video links were encrypted with AES with session keys provided by the network. The telephone calls were encrypted with one-time-pad provided by the network. Resiliency to failures was demonstrated: one link was broken on purpose (eavesdropping was simulated by inserting a polarizer, I think), and a key store in another was exhausted during one of the one-time-pad encrypted telephone calls. In both cases, the key distribution was automatically re-routed through other paths and nodes.

    The network software implemented so far requires all nodes be trusted and secure. However, I know that algorithms are under development that would allow secure key distribution in a bigger network where up to a certain percentage of nodes might have been compromised.

    The demo was on the first day of the meeting. The other two days were just a very good research conference, with no press attending. (I apologize if I got some details above not fully correct.)

    Regarding Schenier's position, I respect it but it might be too short-sighted and grounded. And pessimistic. Remember the famous sayings how many computers the world has maybe a market for (five), 640 kB should be enough for everybody, and so on. Classical cryptography has a nasty property to be retroactively crackable. One can record the encrypted classical communication now, wait until it is broken, decipher. Puff, your old secret is suddenly public. For some types of secrets, this is just not an option. Also, Schenier conveniently misses the fact that one can use one-time-pad with quantum key, the combination IS unbreakable, and quantum key distribution speeds steadily improve.

    A final remark, there appear to be three commercial companies actually selling quantum key distribution equipment:
    --
    17779 eligible voters in a district, 17779 'vote' as one. This is Russia.