Australian Gov't May Employ a Homegrown Quantum Key System

mask.of.sanity writes "The Australian government is trialling a new Quantum Key Distribution (QKD) system built by Aussie scientists. QKD is considered the world's toughest security because the slightest attempt to intercept the one time keys, coded into lasers at the quantum level, will disrupt the beam. The technology differs from current cryptography tech primarily because it's cheap. Well, less than the $US100k price tag of rival systems. It uses off-the-shelf networking gear instead of proprietary technology, and is built on open standards, so it's easier to install. The random key is encoded at the quantum level in the sidebeam in the phase and amplitude, or brightness and colour, of a highly tuned laser beam. The creators, who built the system in part for their Ph.Ds, said it can be used to transport the most sensitive data like critical infrastructure and secret commercial IP. The days of hand-delivered security keys are numbered."

Quantum Leap

[d3ac0n]

So... you could say the Aussie scientists have taken a Quantum Leap in cryptography for the AU?

*rimshot*

Thank you, I'll be here all night! Remember to tip your waitress!

Re:Quantum Leap

I hear that the technology is called "Key Order Assignment by Laser Application".

Re:Quantum Leap

Instead of using the Qantas the airline they could use Quantas to teleport stuff.

Also remember to try the veal.

Re:Quantum Leap

I see what you did there.

Re:Quantum Leap

[RichardJenkins]

No, from what I understand the system involves strapping a key to a shark who'll swim it to the recipient. The friggin' laser shoots anyone trying to intercept it, thereby guaranteeing security.

Sharks with friggin laser beams have become more adundant as of late, which is why they can do this so cheaply.

Re:Quantum Leap

[mc1138]

Oh boy!

Re:Quantum Leap

We don't tip in australia. We pay our waitresses enough in base wages.

Re:Quantum Leap

[Slumdog]

Instead of using the Qantas the airline they could use Quantas to teleport stuff.

Definitely...definitely Quantas.

Re:Quantum Leap

[TimSSG]

Some puns are just unbearable. Tim S

Re:Quantum Leap

[MadMidnightBomber]

Quantum leap: (adj.) literally, to move by the smallest amount theoretically possible. In advertising, to move by the largest leap imaginable (in the mind of the advertiser). There is no contradiction.

- Tonkin's First Computer Dictionary

Re:Quantum Leap

[BiggerIsBetter]

Quantum leap: (adj.) literally, to move by the smallest amount theoretically possible. In advertising, to move by the largest leap imaginable (in the mind of the advertiser). There is no contradiction.

- Tonkin's First Computer Dictionary

"Quantum Leap": (1989) Scientist Sam Beckett finds himself trapped in time--"leaping" into the body of a different person in a different time period each week.

- The Internet Movie Database

Re:Quantum Leap

Some puns are just unbearable. Tim S

Why +5 insightful instead of +5 funny? C'mon guys... unBEARable? ;) ;)

Re:Quantum Leap

[segra]

They picked up everything they know from the Dolphins! http://en.wikipedia.org/wiki/Military_dolphin

All I want to know is...

[G33kDragon]

...can I encrypt messages with freakin' laser beams attached to the freakin' heads of the freakin' sharks? >

Re:All I want to know is...

[Slumdog]

...can I encrypt messages with freakin' laser beams attached to the freakin' heads of the freakin' sharks? >

"Life would be so much easier if we could just look at the source code." -- Dave Olson

Re:All I want to know is...

[fractoid]

Yes, but like any quantum cryptography method, it's still vulnerable to a SITM (Shark In The Middle) attack.

Quoth Schrodinger

The days of hand-delivered security keys are numbered

...but we can't tell you exactly how long you'll have to wait.

Re:Quoth Schrodinger

[Slumdog]

The days of hand-delivered security keys are numbered

...but we can't tell you exactly how long you'll have to wait.

We don't know if we can or cannot tell you, or even whether you or someone else will have to wait

What If...

[aaron+alderman]

QKD is considered the world's toughest security because the slightest attempt to intercept the one time keys, coded into lasers at the quantum level, will disrupt the beam.

What if you cross the beams?

Re:What If...

[MichaelSmith]

QKD is considered the world's toughest security because the slightest attempt to intercept the one time keys, coded into lasers at the quantum level, will disrupt the beam.

What if you cross the beams?

Don't!

Re:What If...

[Ragzouken]

That would be bad.

Re:What If...

[Hurricane78]

I'm a little fuzzy on the whole good/bad thing.
What do you mean by "bad"?

the randomly generated password is always FOUR

[DotDotSlashDot]

or FOUR xor FOUR
highly tuned?

Meh

It could be broken with an inverted tachyon beam through a phased modulator.

Is quantum cryptography desirable in this scenario

[joeflies]

In general I think that although standard key exchange methods are theoretically less secure than quantum key exchanges, at least the standard key exchange methods are a) well understood, b) tested and c) commercially supported.

Putting highly secret documents in the hands of a technology made by college students working on PHD thesis seems to be a premature use of this technology.

It's not the technology itself, but the implementation of the technology that I'd worry about. And cost doesn't seem to be a good reason to take a gamble.

as long as there is no...

[timmarhy]

... "your key has been intercepted, press OK to continue" popup, because you KNOW those public servants will just click OK and continue.

Re:as long as there is no...

[Toe,+The]

You're forgetting how government bureaucracy works. It would be something more like:

An interception event may have been detected. Do you wish to give permission to avoid preventing continuance?
Acknowledge - Defer

Re:as long as there is no...

Man, do you work for the outfit inside Microsoft that creates the error messages?

Quantum Key + Internet Filter?

[Narnie]

So... are the scientists that frustrated with the Aussie internet filter that they're employing a quantum key encryption system just so they can get their porn?

obligatory movie quote

[SuperBanana]

"That's not encryption. THIS, now THIS is encryption."

Re:obligatory movie quote

[master5o1]

No that's a spoon rot13.

Re:obligatory movie quote

There is no spoon.

Re:obligatory movie quote

[DittoBox]

That's no spoon. It's a french press.

Re:obligatory movie quote

[GrpA]

I see you've played Knifey Spooney before.

GrpA

Re:obligatory movie quote

Um, which movie is this?

http://www.google.com/search?hl=en&q=%22That's+not+encryption.+THIS%2C+now+THIS+is+encryption.%22&btnG=Google+Search&aq=f&oq=

Re:obligatory movie quote

[gnapster]

$ cat query | sed -e 's/encryption/a knife/' | google-search

Re:Is quantum cryptography desirable in this scena

[fuzzyfuzzyfungus]

Worse than that. The quantum stuff is really cool, and all kinds of useful for making sure a given bit of fiber isn't being eavesdropped on; but it is only link-level security. You have to have a run of fiber directly between hither and yon for communications to be secure. With ordinary crypto, you can use public internet or untrusted network segments controlled by others, or bailing wire or whatever. That is the ultimate limitation.

This is the 1st OTS OKD system...

...to store entangled photons in a Bose-Einstein Condensate confined inside an empty Fosters can.

Great for them!

[nog_lorp]

Now the Australian government can finally protect their communications from the myriad foreign governments trying to spy on their communications!

Oh, wait...

Re:Great for them!

[timmarhy]

what makes you think they aren't, and that it's only foreign governments that do the spying? fail.

Re:Great for them!

[domatic]

You're being facetious but any government is a subject of interest for foreign intelligence services. The Russians for one spy on Canada not because they're necessarily super interested in Canada but because they can glean information about the US or anybody else the Canadians deal with. It must also be said tech like this would afford more protection against the US intelligence services than the Russians. All intelligence serices employ both electronic eavesdropping and myriad forms of "humint" (human intelligence) but the Russians rely more heavily on things that their sources may not even realize they're divulging while the US seems more enamored of signals interception and tapping cables in odd places.

Re:Great for them!

[ozbird]

More likely, now Australian scientists can protect their communications from the proposed Internet filter.

Re:Great for them!

[Cimexus]

Guess where a great deal of the US's intelligence data is collected from. Hint: it's a large, dry country within long-range radio distance from China.

Guess where that data gets transmitted back to the US from? Hint: several top-secret joint US-Australian bases located in various places in Central Australia (i.e. the middle of nowhere)

And guess which country has more access to intelligence sharing with the US than any other allied nation (except for the UK)?

Australia's geographic position means a LOT of US intelligence data either is sourced from here or flows through here. So it's in all allied countries interests to have good encryption here ;)

Re:Great for them!

Besides the above mentioned coziness with the US, and a plethora of additions to the sites mentioned, does anybody even vaguely remember Echelon?
Albeit that the US Government networks are seemingly being raped by the Chinese, as are almost every nation's, the US Intelligence agencies are one of the bigger reasons their allies develop this type of technology.

Re:Great for them!

[In+hydraulis]

For those who may be interested:

Australian Security Intelligence Organisation: Penetration by the KGB

Re:Great for them!

Pine gap is believed to be one of the main ECHELON stations down under.

Wait a minute...

[nog_lorp]

It travels over fiber, and "the slightest attempt to intercept the one time keys, coded into lasers at the quantum level, will disrupt the beam".

How do you route it to its destination? Do you need a dedicated fiber line between the source and destination for this service to work?

Otherwise, why can't someone just, y'know, intercept it completely and then generate the same key again?

Re:Wait a minute...

[wdsci]

Last I heard, quantum cryptography did require a dedicated line. And you can't intercept and regenerate the signal because the laws of quantum physics make it impossible to measure enough information about the beam to generate a copy of it. The way quantum cryptography works (at least this is one simple scheme), the sender of the key transmits photons that are polarized in one of 4 directions: N-S, E-W, NE-SW, or NW-SE. But when you measure the photons, you have to choose whether to make a N-S vs. E-W measurement, or an NE-SW vs. NW-SE measurement - you can't make both. And if you choose the wrong one for any particular photon, the outcome of the measurement is random (and the original orientation of the photon is lost). Although, the sender and receiver of the key will have to compare notes via non-quantum means, to see which photons they measured using the same scheme, and if you have access to both the quantum channel and the non-quantum channel, I guess you could pull off a man-in-the-middle attack.

Re:Wait a minute...

[TinBromide]

So, someone with enough knowledge as to which orientation the key will be encoded on can intercept it and generate a new photon with the same recorded information? Because, as you say, you can't record EVERYTHING about a photon at once, and you destroy it as you filter/record it, wouldn't the receiver destroy it as they filter/record it?

I know that you use a simplified example based on the polarity of the measurements, but if a nefarious evil party had the same equipment configured the same way as the true reciever, he/she could intercept the key and generate a new photon with a passable key?

If the distribution of the keys are based on known, shared configurations, aren't those configurations just a key used to decode/attack the secondary encryption layer of the key? (photon orientation).

Re:Wait a minute...

[amirulbahr]

Not an expert on quantum crypto, but from the sounds of it you will need an all optical link. This does not preclude the possibility of switching and routing though. Many networking functions are already being implemented optically, for example wavelength based switching devices that are all optical, and optical regenerative repeaters. Many of the basic building blocks are already available or being perfected.

Re:Wait a minute...

[shadow_slicer]

The key is not encoded -- it is random. Both the "sender" and receiver have no idea what the photon's characteristics are. They both flip coins to see which type of measurement to make. Then they keep the bits where they made the same type of measurement and throw away the others.

Any intermediate party will either receive the photon (so the receiver won't) or not receive the photon (and can't measure it). Further, no intermediate party knows what measurements the sender and receiver will make so they can't make the same measurements. If the intermediary can't make the same measurements then it can't generate the same key, and can't generate a passable photon for the receiver. Assuming the sender and receiver have another channel which is secure against man in the middle attacks (though not necessarily secure against eavesdroppers), they can tell each other which type of measurements they made and know what to keep.

Re:Wait a minute...

[nog_lorp]

I understand now. +5 informative for you!

Re:Wait a minute...

[bh_doc]

And you can't intercept and regenerate the signal because the laws of quantum physics make it impossible to measure enough information about the beam to generate a copy of it.

What you say is mostly true, but slightly misleading. Google "quantum repeater". Basically, it is possible to intercept and regenerate the signal precisely, but in doing so you cannot know what that signal actually was.

[snip] and if you have access to both the quantum channel and the non-quantum channel, I guess you could pull off a man-in-the-middle attack.

A man-in-the-middle attack of this sort would basically be Eve "in between" Alice and Bob, where Alice has a quantum-encrypted channel to Eve, Eve has a separate independent quantum-encrypted channel to Bob, and Eve just forwards all the bits between Alice and Bob. Which, in the end, boils down to the fact that you still have to verify who you're really talking to at the other end of the protocol, just like any other cryptography scheme.

Re:Wait a minute...

[wdsci]

And you can't intercept and regenerate the signal because the laws of quantum physics make it impossible to measure enough information about the beam to generate a copy of it.

What you say is mostly true, but slightly misleading. Google "quantum repeater". Basically, it is possible to intercept and regenerate the signal precisely, but in doing so you cannot know what that signal actually was.

Actually I could say the same about what you say. Sure it's possible to intercept the quantum signal, but it is not possible to regenerate it precisely - by which I mean reproducing the original quantum state. Read up on the "no-clone theorem" - for example Wikipedia's article. It is possible to generate a new signal (state) that, if measured in the same basis, will produce the same result. But this is not the same as the original signal.

Re:Wait a minute...

[bh_doc]

I suspect we differ on the definition of "intercept". If you strictly mean "capture and extract information from", then I agree. Any measurement (the "extract information" part) will collapse the wavefunction, destroying the quantum coherences and ultimately (with approaching-unity probability) being detected by the QKD scheme. However, I was using the term in the more general sense of "have some device between", in which case what I said is entirely correct. Here's why:

Sure it's possible to intercept the quantum signal, but it is not possible to regenerate it precisely - by which I mean reproducing the original quantum state. Read up on the "no-clone theorem" - for example Wikipedia's article.

I'm well versed in the no-cloning theorem. As such, I know why it doesn't apply here. The no-cloning theorem is in relation to making an identical and independent copy of any (a general) quantum system whilst retaining the original system. In this context it would amount to producing a duplicate signal, independent but equal to the original signal. This is not possible under the no-cloning theorem. (I'll preempt a point here, too: Entanglement is not cloning, although it can sometimes look similar.)

But, intercepting and regenerating the signal does not necessarily involve ever having both the original and regenerated signals existing at the same time. Take an example of a kind of quantum repeater, a device that converts a photon signal into some other quantum state, say electron spin, and then converts that spin into a new photon signal. It's roughly the same idea as classical repeaters in long-distance fibre-optic communications. Now, I consider this operation to be an interception of the signal and generation of a new signal with the same information. It's a coherent process; all the quantum information in the original signal remains intact. But you can't get back the photons from the original signal, so the no-cloning theorem is not relevant. (A more detailed explanation of the workings of a quantum repeater could include entanglement, which also means no-cloning theorem is not relevent.)

A restriction on the device is that, to function, it cannot collapse the wavefunction. That means that (at a minimum) it cannot make a projective measurement of the quantum state. Thus, it cannot make any recorded measurement on the state, because that would require making a projective measurement, which would require defining a projection basis (randomly(!), because there's no better way), which would collapse the wavefunction, which would rightly end up being detected by the QKD scheme as eavesdropping.

So, you can have a device which intercepts and regenerates the signal, you just can't ask it any questions.

Re:Wait a minute...

[skeeto]

How do you route it to its destination? Do you need a dedicated fiber line between the source and destination for this service to work?

Whatever you do, just don't cross the streams.

Re:Wait a minute...

[Simetrical]

Assuming the sender and receiver have another channel which is secure against man in the middle attacks (though not necessarily secure against eavesdroppers)

Such as? This always seemed like the fatal flaw of QKD to me: you need to have a channel secure against MITM for it to be worth anything. Otherwise an attacker could just get Alice's key, make up a totally different key to transmit to Bob, and translate all further communications using the two keys.

So what MITM-proof channel do you use? The only plausible one I can think of is an ordinary communications channel encrypted with RSA or something. Except, oops, now you're just as vulnerable as you were before.

Under what practical circumstances will QKD produce any real increase in security, even a tiny one?

Re:Wait a minute...

[shadow_slicer]

The key point of QKD is it makes perfect secrecy (using one-time pads) practical. One-time pads are the most secure form of cipher. The only way anyone can decrypt something encrypted with a one-time pad is if they have the one-time pad--no amount of computing power will EVER be able to break it.

As for using RSA to secure QKD, it actually has significant benefits. Once the QKD is started, any tampering with the optical fiber will be detected at both ends, so a MITM will have to interrupt while the fiber is dark. If the key is switched every time the QKD is started then the MITM would have to break RSA within milliseconds with only a single authentication token. This will be infeasible for a LONG time.

There are also some other things they can do to verify it. They can use clock synchronization to verify that the photons are traveling along the known distance of the fiber optic cable. They can use multiple communication channels after the key is measured to reduce the probability of an undetected MITM attack (i.e. mail the hash of the key, call them using a telephone and compare hashes, post the hash on a website, email the hash, etc). The more they do, the more likely any MITM attack can be detected.

Not quantum?

[SoapBox17]

The summary says the information is encoded in the frequency and amplitude of the light. Quantum systems encode information in the spin of photons...

So is it just me, or is this not really a quantum system at all?

Re:Not quantum?

[khallow]

The communication model, that you refer to, can encode information via any pair of two state systems that can be quantum entangled. Pairs of photons happen to be a natural way to do that. I gather the approach of the article entangles the frequency and amplitude of small light pulses for a similar effect.

Re:Not quantum?

[mokus000]

Quantum mechanics applies to a *lot* more than just spin of photons. To name just one example, the classic double-slit experiment demonstrates quantum (or at least non-classical) behavior of the amplitude of light.

IMO, even if it's true that every "quantum system" developed up till now has been based on photon spin (which I don't believe), any system which depends on a quantum effect would qualify as a "quantum system." Note also that entanglement is not the only quantum effect which might be relevant here.

Re:Not quantum?

[iris-n]

Actually, I've never seen someone encoding information in the spin of photons. As a spin-1 particle, they are a 3-state system, not very cosy to use as a qubit.

Usually people encode information in the polarization of photons. In theoretical physics at least. But I guess for commercial uses its more practical to use frequency, as networking equipment are used to transmit it with high fidelity. But that's just a guess.

Pfft....

[gandhi_2]

Like Australia even HAS a quantum handgun. Er...wait.

Re:Pfft....

[JeanBaptiste]

Well it does. And it doesn't. Until you look anyways.

Is this a machine translation...

[John+Hasler]

From the original Strine?

> The random key is encoded at the quantum level in the sidebeam in the phase and
> amplitude, or brightness and colour, of a highly tuned laser beam.

Or is it just the gobbledegook it looks like?

Stupid. It won't work.

[Cyberax]

"The days of hand-delivered security keys are numbered"

Yeah, sure. Quantum key distribution DOES NOT protect against man-in-the-middle attack. So you'll still need to know that the channel is physically secure before transmitting quantum key.

Re:Stupid. It won't work.

Provided there is a middle.

It would be pretty easy for a goverment to setup something like a number station or some other route then piggy back off a faster land based system.

Hell i see an entire industry here once people start really caring about security.

You can't read my thesis!

[CrypticKev]

The creators, who built the system in part for their Ph.Ds

They will encrypt their thesis with it. If ever decrypted, their doctorates will be revoked!

Re:You can't read my thesis!

If they're using a one-time pad (like most Quantum Crypto proposals suggest), they won't ever be decrypted. The only way to attack a one-time pad is if a. it's used more than once or b. you have the key. Otherwise there's no attack that will enable you to distinguish it from any other random stream of bits of the same length.

Re:You can't read my thesis!

[Wanon]

I feel a plaintext attack would be quite effective here...

Endless Power

And it's powered by an endless supply of rabbits in sealed boxes.

Re:Is quantum cryptography desirable in this scena

[erbbysam]

Exactly. Is public key crypto broken enough to need to spend any money to switch over to QKD?
For that matter is public key crypto over the internet broken?

From the QKD guy in the article:
"Conventional cryptography is exposed to threats from advances in computing power that provide for brute force attacks,"
As long as you stay up to speed (ie. keeping your key sizes up to standards), I don't see how this is an issue...

Re:Security should be open for US bids

[master5o1]

why though?

Okay but why?

[MichaelSmith]

I am at a loss to understand why the Australian Government would want this standard of security. This requires a dedicated fibre so it only works over a short range and over a land line. The bulk of security issues would be with international communications (say diplomatic stuff), wireless communications (police, military etc) and office networks (the federal public service).

But quantum won't help you in any of those cases. Oh well. I doubt I will hear if it is ever actually used.

Re:Okay but why?

[dbIII]

I'm at a bit of a loss as to why you think a government doesn't have a military, police force or diplomats.

Re:Okay but why?

[tftp]

The GP says that military, police force or diplomats are not that likely to always have a dedicated fiber cable to Headquarters. Most communications to these folks are either wireless, or through switched (public) networks. For this quantum stuff to be usable you need to have a permanent need for high volume, high value link between stationary objects reasonably close to each other, like government buildings.

Re:Okay but why?

[MrMista_B]

Anything less secure is monitored casually by Chinese, American, and etc interests.

Really, I can't make it more simple than that.

Re:Okay but why?

[Cimexus]

Well in Canberra (capital city of Australia), most government departments in the Parliamentary Triangle (where all the major/important Government departments area) are connected by a such a dedicated fibre network, that is completely physically separated from the Internet and other public networks This is particularly the case in the defence/intelligence precinct (which is a cluster of buildings in one particular suburb).

Interestingly I tried Googling it and couldn't find much at all. But it exists ... I've used it myself as a contractor to several AU Federal Govt. departments. So you could use this kind of encryption on a network like that I imagine.

But yeah, this technology seems like it wouldn't have huge application outside of these rare, special types of networks.

Re:Okay but why?

[AHuxley]

Australia's internet packets may touch Australia's defense satellite operated by Singtel (Singapore government telco) at some point.

"SingTel's Optus bid part of 20-year spy operation?" http://www.zdnetasia.com/news/communications/0,39044192,38000285,00.htm

Re:Okay but why?

[Threni]

> I am at a loss to understand why the Australian Government would want this standard of security.

Derr...it's the Australian Government. Do have any idea what the Chinese, Russians or Americans could do with that kind of technology?

Re:Okay but why?

[MichaelSmith]

If a secure link like this is ever set up most of the stuff going through it will be .doc and .xls files anyway. Workstations on that network will be easy fodder for viruses, etc.

The Americans practically run the Australian security services anyway. They just have to ask and they get what they want. As for the Chinese and Russians you may have a point there but I doubt using a few links with quantum crypto will add any useful security. Like plugging a sieve.

Re:Okay but why?

[anto]

You are looking for ICON Perhaps it was the *awful* acronym that beat you :)

Re:Okay but why?

[tftp]

As for the Chinese and Russians you may have a point there

If history teaches us anything, intelligence services just love to have agents within the organization that they want to monitor. This way they have automatic decryption of materials, and on top of that they get information that was never sent through the wire - such as opinions, rumors, personal observations, copies of physical materials, etc. You can't replace Max Otto von Stirlitz with a tap on Schellenberg's phone.

attn: /.

for the love of god stop calling us aussies

do you call yourselves yanks? no?

fucking cut it out.

Re:attn: /.

But we do call ourselves Aussies, so I'm failing to grasp your analogy.

Re:attn: /.

So you are not an aussie, but an australian?
Strange man

Re:attn: /.

[burgundysizzle]

Some how "Australia Australia Australia Oi Oi Oi" just doesn't have the same ring to it as "Aussie Aussie Aussie Oi Oi Oi".

Re:attn: /.

ok. We will stop it, aussie.

Re:attn: /.

Don't get annoyed, just use Aussie rhyming slang:
  - Seppo -> Septic Tank -> Yank

Re:attn: /.

As a fellow Aussie, I have to disagree with your sentiment. Taking yourself too seriously is a recipe for boredom =)

Re:attn: /.

[Cimexus]

I have no problem with Americans calling us Aussies, since we often use the term to refer to ourselves as well.

But it would be nice if they pronounced it right. It's said 'Ozzie' (like Ozzy Osbourne), not 'ahh-sie'. The 's' is more like 'z'.

NB. Some Americans do say it right. But 90% don't.

Re:attn: /.

[MadMidnightBomber]

Agreed. Please everyone call them "residents of West Island".

Re:attn: /.

[BlackPignouf]

Will do, aussie!
Thanks for the tip, aussie!

PS: You can call me "cheese eating surrender monkey", BTW

Re:Is quantum cryptography desirable in this scena

[SpazmodeusG]

Exactly. Is public key crypto broken enough to need to spend any money to switch over to QKD? For that matter is public key crypto over the internet broken?

Yes. Think secret plans that can't get out, even in 20 years time.

Can you guarantee quantum computers won't be around in 20 years time?

Social Engineering.

[Twide]

However great this system may/will be, there is no doubt that it's weakness will be the human factor on either end.

Phase != color

yeah. the human eye doesn't perceive phase: the wavelength or frequency is color, but good luck finding a macro-world equivalent to phase.

Bigger fish to fry...

[Manip]

Sorry but you have $100k and you want to increase your security by wasting it on one highly secure pipe?

That is pretty sad. That money could be better allocated to toughen up systems or to employ spot checks on supposedly tough targets.

The truth is that almost no security breaches are conducted by cutting lines and intercepting the traffic (with the exception of satellite communications *cough* NSA *cough*).

Ultimately humans are the weakest part of the system, followed by the destination's security, and then last I'd say the transit between A->B.

Re:Bigger fish to fry...

[tg123]

Sorry but you have $100k and you want to increase your security by wasting it on one highly secure pipe?

That is pretty sad. That money could be better allocated to toughen up systems or to employ spot checks on supposedly tough targets.

The truth is that almost no security breaches are conducted by cutting lines and intercepting the traffic (with the exception of satellite communications *cough* NSA *cough*).

Ultimately humans are the weakest part of the system, followed by the destination's security, and then last I'd say the transit between A->B.

You discount transmission interception too quickly I feel. Echelon comes to mind and I believe alot of information is gathered this way. http://en.wikipedia.org/wiki/ECHELON

Im not sure but I wonder if this could be used to defeat Echelon ?

What is really cool about a one time pad system is that its secure from end to end as long as the key is kept secret. http://en.wikipedia.org/wiki/One-time_pad

this technology allows the secure exchange of keys. so all you have worry about now is the human factor

Cryptography...

[girlintraining]

Will always be vulnerable to a gun to your head and the question "What does it say?"

Try not to forget the human side of the equation when you're quoting statistics and mathematics.

Re:Cryptography...

[Eskarel]

This is true, but generally speaking, when you have an armed gunman in one of the endpoints of a high security communication, you have bigger problems than cryptography.

Re:Cryptography...

[gandhi_2]

Spoken like someone who has neither held a gun, nor a human head, let alone at the same time, while interrogating a cryptographer, in Australia.

How does one answer that question with respect to a 10 gig fiber connection? How fast can you say ones and zeros?

I'm pretty sure firearms are an OSI layer 1 problem.

Re:Cryptography...

[Simetrical]

Will always be vulnerable to a gun to your head and the question "What does it say?"

How many enemies of Australia would be willing to try and intercept their digital communications? How many would be willing to try and kidnap members of their military intelligence corps to interrogate them? The answers at the present time are approximately "all of them" and "none of them", respectively.

Intercepting data is a "Whoops, haha, guess someone must have been overenthusiastic, sorry, won't let you find out^H^H^H^H^H^H^H^H^H^H^H^Hit happen again" kind of thing. Capturing an Australian soldier or other person with security clearance for the purpose of interrogation is an act of war.

one time pad

[F�an�ro]

I do not get the advantages of this system over the one-time pad.
Is there anything this quantum key system could do that a courier carrying a terrabyte drive with a one-time pad once in a while could not?

The quantum key may not be interceptable in theory, but you still have to trust the sending and receiving equipment not to leak anything.
Auditing equipment advanced enough for quantum encryption sounds quite a bit harder than auditing a sealed box with a harddrive and a chip doing XORs for a one-time-pad.
And people with the neccessary trust and clearance AND the skills in quantum physics should be harder to come by.

Plus the bandwith of the quantum channel is low, so they are only sending the keys, and send the encrypted data by normal channels. So you also have to trust the encryption algorithm, while an OTP is provably unbreakable.

Re:one time pad

[blueg3]

Yes -- it can transmit large volumes of data without trusting (and suffering the latency and costs of) hand-couriered secure encryption keys delivered on drives.

Re:one time pad

[onto_dry_land]

No it can't. It requires an initial hand-couriered secure key before it can be used securely. The only difference is that the initial key can be smaller than the data you want to encrypt, but transporting huge amounts of data is easy enough that that's a pretty small advantage.

Re:one time pad

[OzRoy]

This *is* a one time pad. This is Quantum Key Distribution. The quantum part ensures your key has not been intercepted. Once the key is recieved by the other party the actual message is encrypted by using one time pad.

So the advantages of this over a courier is it's a hell of a lot faster and you guarantee the courier hasn't been mugged and had the pad copied.

Re:one time pad

[owlstead]

Yes, but you first have to build the infrastructure in a safe way. You cannot just start to communicate. The problem with Quantum cryptography [for key distribution using light] is that it only solves the part where you transfer the key. It's definitely cheaper and arguably more secure to transfer a bunch of disks (for redundancy, you don't want one hdd that can crash) than to build yourself system for Quantum Key Distribution. And it is infinitely more secure to put that money into other security properties of the system.

Just create two 512 or 521 bit ECC keys and swap the public keys. Make sure you've got your parties set up to handle any problems when they have been deployed, that's much more important. Use ECDH or simple ECC encryption when setting up 256 bit AES session keys, make sure that side channel attacks are not possible, and you've got yourself one heck of a secure line. No need for a one time pad at all, one time pads are simply not needed *at all*.

Re:one time pad

[onto_dry_land]

No, it's not faster than otp transported by courier. In both cases you have to transfer something with courier before you can start transmitting, and in both cases you can do that long before you want start transmitting so there is no lag when you decide to transmit. Also, in both cases you have to make sure your courier hasn't been mugged. With otp transported by courier you just have to make sure the pad has not been copied. With QKD you have to make sure both that the initial key has not been copied and that the device itself has not been tampered with.

Re:Security should be open for US bids

[Kalriath]

He must think Australia is a US government department.

It pretty much is, but that's not the point.

Re:Security should be open for US bids

[Miseph]

Because if you're not buying expensive and unnecessary products from the US, then you are a terrorist.

Re:Is quantum cryptography desirable in this scena

[domatic]

It could be a good compromise on the limitations of both. This could be used to transmit one-time pads in bursts and the pads could then be used over unsecured channels. As it stands, such pads have to be delivered or picked up by hand.

All this to protect a blacklist

Now no-one will figure out which IP's are blocked HAHAHAHAHA! *evil*

-zifr

How do you know?

How do you know that your key is being transmitted by a quantum mechanism that can't be deciphered? You really don't know what's in the box. Important keys will continue to hand delivered by people who realize their own limitations.

Who listens to the listeners

[j-stroy]

Could be used to send non-interceptable signals intercepts between listening data centres.. No one wants anyone to know what they're interests are.

what?

Whoever wrote that quoted paragraph should have taken that draft back their sources for proofing. "will disrupt the beam"..."in the sidebeam"..."phase and amplitude, or brightness and colour"

I don't expect tech journalists to know even basic quantum mechanics, but wow.

Obligatory Futurama...

[Samah]

Professor Farnsworth: No fair! You changed the outcome by measuring it!
http://futurama.wikia.com/wiki/The_Luck_of_the_Fryrish

so once you detect

so once yu detect these keys you effectively stop them
ya brilliant design
just keep interrupting the flow and routs and poof they are noobified

Sharks

[wraithguard01]

Now, if only they can put the lasers on some shark's head.

insightful/informative?

[SuperBanana]

Quoting Crocdile Dundee is insightful/informative? *forehead slap*
I don't think I have ever had a joke go over mod's heads and it result in being modded UP...

FOOL! Do you realise what you've done?

You've implied that Australia is not an important nation, and now all the Aussie /.ers are going to mod you (Score: -1, Pretend He Never Posted)!

Quantum cryptography

[rastos1]

Isn't it so, that quantum cryptography prevents attacker from obtaining the message without being noticed, but does not stop attacker that does not care whether he is noticed?

Transit Sidney Timetable

[speedtux]

They should use it to encrypt the Transit Sidney Timetable. That way, they can be certain it won't be pirated.

Re:Transit Sidney Timetable

-1, Can't even spell the joke's subject

Cryptodiagrams

[worip]

I guess Alice and Bob http://en.wikipedia.org/wiki/Alice_and_Bob were replaced in the design document with Sheila and Bruce!

Joke?

Could someone please explain the joke?

Re:Is quantum cryptography desirable in this scena

[kvezach]

You have to have a run of fiber directly between hither and yon for communications to be secure.

One can use quantum teleportation to build quantum repeaters. Add an out of band signal for addressing, and it shouldn't be that hard to make a quantum encrypted network - direct connection not required. If men in the middle rearrange the addressing data, the only thing that happens is that the signal doesn't arrive at the correct destination; the adversaries still can't clone the particle, so they still can't break quantum crypto.

Cheap

[YourExperiment]

The technology differs from current cryptography tech primarily because it's cheap. Well, less than the $US100k price tag of rival systems.

Ah yes, that's so much cheaper than current cryptography. Take TrueCrypt for example, which is, er, completely free.

Did the summary perhaps mean to state that this system is cheaper than other current quantum cryptography tech?

Re:Is quantum cryptography desirable in this scena

[R3d+Jack]

You never had to check each and every codebook delivered to ensure someone had not created a 1/4" slice in the side seal so they could insert a camera. I'm sure they don't use paper booklets anymore, but I'll bet the new media is just as susceptible to undetected interception. In addition, old media is still extremely useful, since an opponent need only record encrypted communications and play it back later. The U.S. suffered colossal damage in the 80's due to John Walker doing just that. The ability to simply transmit a key to be used with standard encryption is a huge advance.

Re:Is quantum cryptography desirable in this scena

[pacinpm]

All it does is safely transports a key used in ordinary crypto algorithm. So you may use the same futuristic quantum computers to break those keys.

If you really fear of quantum computers you should up your key length.

Obligatory Schneier Quote

[GregNorc]

"Quantum cryptography is back in the news, and the basic idea is still unbelievably cool, in theory, and nearly useless in real life."

Re:Is quantum cryptography desirable in this scena

[Simetrical]

Yes. Think secret plans that can't get out, even in 20 years time.

Can you guarantee quantum computers won't be around in 20 years time?

Not relevant. QKD is a key distribution system only. It has no implications for secure data storage. QKD is normally used (in theory) to transmit one-time pads, which are discarded immediately after the actual communication is received.

Storing something encrypted with a one-time pad is possible, of course. That would be equivalent to storing two copies (or n copies, with multiple pads) in such a way that you need to have both to get any information about the content other than an upper bound on its length. But QKD doesn't help you do that.

For once the .gov is one step ahead of you..

[anto]

In what must be a first the Aussie government is a step ahead of what is needed. Basically Canberra (the Nations capital & home of more government than you can poke a stick at) has a wonderful fiber network called ICON which happens to consist of dark fiber that is physically patched between agencies. Now that doesn't mean the QKD is a famously good idea since we already have really well thought through key distribution techniques, but it's not the lack of the network that will stop it.

Just Have to Extract the Data at the End

[Greyfox]

You can do this given a pair of needle nosed pliers and either a soft fleshy bit of the person you want to extract data from, or some of their teeth will also work.

That's way easier than trying to intercept their keys.

CriKey

[teko_teko]

I think a more suitable name would be the CriKey.

Re:Is quantum cryptography desirable in this scena

[SpazmodeusG]

Yes that's right it stops the keys being recorded.
I could record your encrypted traffic right now. In 20 years time when it may be feasible to decrypt that data i could take that recorded encrypted data and decrypt it.
So you need something right now that stops the data being recorded in the first place if you don't want that data possibly decoded in 20 years time.

Trialling isn't a word

[AP31R0N]

Trial is a noun, you can't catting or trailing. They are testing or experimenting. Why invent a non-word when simple words of the CORRECT part of speech exist?

Maybe the "key" word is "homegrown"...

[ibsteve2u]

...because I would think that any rational government would ponder how nibby Bush, Cheney, & PNAC, LLP turned out to be and give serious consideration to crypto technology that had a fair chance of not having a pipe to a certain black building in Maryland built-in.

Re:Is quantum cryptography desirable in this scena

[Simetrical]

Yes that's right it stops the keys being recorded.

I could record your encrypted traffic right now. In 20 years time when it may be feasible to decrypt that data i could take that recorded encrypted data and decrypt it.

So you need something right now that stops the data being recorded in the first place if you don't want that data possibly decoded in 20 years time.

I see your point. Of course, this is subject to the same problems as QKD generally: it only protects against eavesdroppers on channels where MITM already isn't possible for some reason. (Otherwise, I could agree on a key with Alice via QKD without letting her messages get to Bob, and agree on a totally different key with Bob posing as Alice.) I don't know of any practical example of a communications channel that's MITM-proof but not already eavesdropper-proof.