Slashdot Mirror

← Back to Stories (view on slashdot.org)

Quantum Encryption Implementation Broken

Posted by timothy on from the but-this-was-a-quantum-drawing-board dept.

I Don't Believe in Imaginary Property writes "Professor Johannes Skaar's Quantum Hacking group at NTNU have found a new way to break quantum encryption. Even though quantum encryption is theoretically perfect, real hardware isn't, and they exploit these flaws. Their technique relies on a particular way of blinding the single photon detectors so that they're able to perform an intercept-resend attack and get a copy of the secret key without giving away the fact that someone is listening. This attack is not merely theoretical, either. They have built an eavesdropping device and successfully attacked their own quantum encryption hardware. More details can be found in their conference presentation."

23 of 133 comments (clear)

  1. Successfully broken before anybody was using it! by FooAtWFU · · Score: 5, Funny

    Now that's efficiency for you, folks!

    --
    The World Wide Web is dying. Soon, we shall have only the Internet.
  2. This is why we can't have nice things by PixieDust · · Score: 5, Funny

    Can we please get to play with some of these emerging technologies before someone goes breaking them? This is why we can't have nice things! You intellectuals and your tinkering....

  3. And they call it... by fuzzyfuzzyfungus · · Score: 5, Funny

    Schrödinger's Hack!

    1. Re:And they call it... by Itninja · · Score: 5, Funny

      Sure, they call it that....and they don't. It's complicated.

      --
      I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
  4. Broken by Wowsers · · Score: 4, Funny

    There's only one way to look at this story, the quantum encryption may or may not be broken, or maybe partially so, so both cases could be true at the same time.

    --
    Take Nobody's Word For It.
  5. Fond memories by temcat · · Score: 3, Informative

    Hehe, that master student you will see at the second linked page is me ten years ago :-)

    1. Re:Fond memories by geekoid · · Score: 3, Funny

      You went back in time and took a picture of yourself?

      --
      The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
    2. Re:Fond memories by Verdatum · · Score: 2, Funny

      Holy crap, the plot of the movie Primer suddenly makes sense to me!

  6. Nothing to see here. Move along. by nacturation · · Score: 3, Insightful

    How is it news that a flawed implementation of a perfectly secure algorithm can be taken advantage of? Cryptographers have been doing side channel attacks for a long time.

    --
    Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
    1. Re:Nothing to see here. Move along. by lgw · · Score: 2, Insightful

      You do realize that "quantum crypto" is not any kind of cryptography, right? (Beyond the most general sense of "secret writing", I guess). It's a "provably secure" means of detecting eavesdroppers. Except, as with most "provably secure" systems, it turned out to be flawed.

      --
      Socialism: a lie told by totalitarians and believed by fools.
    2. Re:Nothing to see here. Move along. by lgw · · Score: 2, Insightful

      I don't understand your point. A company is selling a system marketed as "quantum cryptography" and "provably secure". This commercial product was broken by a fairly normal approach to breaking comm security. "Quantum cryptography" is a marketing buzzword term (buzzphrase?) largely created by this company.

      I suppose pedantically one could say "a commercial appliance marketed as provably secure quantum cryptography was broken", but most people understood the intended meaning: this much hyped "quantum crypto" doodad is no real improvement in practical comm security.

      --
      Socialism: a lie told by totalitarians and believed by fools.
    3. Re:Nothing to see here. Move along. by lgw · · Score: 2, Insightful

      If the device was using traditional public key encryption they could have done the exact same attack.

      That was pretty much my point too. I have no insight into the motivation of the researchers, but this product is snake oil becuase it can be broken by the exact same attacks that work against a system not "protected by the Magic of Quantum(TM) - now with extra magic!" The thing that differentiates this product from competing comm security products adds no security in practice.

      --
      Socialism: a lie told by totalitarians and believed by fools.
    4. Re:Nothing to see here. Move along. by QuantumG · · Score: 2, Insightful

      further hardening the strongest element in a security system does not provide additional security

      Of course it does. You're taking a rule of thumb and holding it up as gospel while completely misunderstanding the purpose of it.

      --
      How we know is more important than what we know.
  7. Re:Prototype fallible, news at 11. by temcat · · Score: 2, Insightful

    Not a specific prototype but a whole class of QC setups.

  8. Re:I've heard this before by inviolet · · Score: 3, Insightful

    And Communism works, IN THEORY.

    No it doesn't. The theory of Communism proposes that humans will work for the betterment of their fellow tribe members. This works in small tribes where everyone knows each other (families and 'communes'), but was known in advance to fail for larger groups. The theory is bunk because it utterly fails to understand the fact that personal economic incentives are the primary driver of human behavior.

    As was Marx's derivation of the value of the worker. He completely missed the fact that the value-add comes from the synergistic arrangement (arranged by the entrepreneur) of worker, raw materials, and the means of production.

    --
    FATMOUSE + YOU = FATMOUSE
  9. Re:I've heard this before by lgw · · Score: 3, Insightful

    Actually, Marx's main flaw was in how he valued technology. The man wasn't a starry-eyed idiot, but he just failed to see the value of automation - something not so obvious in his time. Marx directly claimed that machines cannot lower the cost of goods, because machines would naturally be sold for the value of the labor they replaced. Most of the benefit of capitalism is that technology reduces the cost of goods, so that our standard of living improves continuously over time despite the common man never getting a larger share of the wealth.

    At any given point in time, the only reason capitalism does any better job of creating a "synergistic arrangement of worker, raw materials, and the means of production" is that capitalism self-corrects for corruption faster (companies fail faster than governments). In practice this is a minor factor as successful companies quickly infiltrate government to create regulations that raise barriers to competition (markets are never free for long).

    Over generations, however, the advance of technology is huge - far more important that the distribution of wealth to one's standard of living. And free markets (to the exten they exist) are far and away the best stimulus for new technology. This is why established firms so often seek government regulation: to prevent (or at least slow) disruptive technology.

    --
    Socialism: a lie told by totalitarians and believed by fools.
  10. Re:Intercept-Resend Attack by gnieboer · · Score: 3, Funny

    Because Intellectual Property Hoggers International got a patent on a man-in-the-middle (TM) attack and the accountants at the university wouldn't pay the licensing fees, so they had to come up with a COMPLETELY NEW and different attack to avoid patent litigation, thus the incredibly novel "intercept-resend attack" (patent pending).

  11. You didn't RTFA, did you? by Anonymous Coward · · Score: 2, Insightful

    > How is it news that a flawed implementation of a perfectly secure algorithm can be taken advantage of?

    Because it's a very technically impressive hack that breaks the guarantees we love quantum encryption for (the idea that we can detect eavesdropping) and it does it in a fairly general way, using a weakness in an important piece of hardware (the single photon detectors) that's used in many quantum cryptography setups.

    It may not be surprising to you, but the technology used isn't so trivial as you make it sound. Read their conference presentation if you want to see. The only reason I didn't write more of it into the summary is because I didn't want to butcher all the explanations when I could let you read the original.

    - IDBIIP

  12. Taking the least publishable unit to the extreme by nedlohs · · Score: 4, Funny

    1. Build quantum encryption system with a security flaw in the implementation.
    2. Publish!
    3. Exploit the flaw.
    4. Publish!
    5. Fix the flaw.
    6. Publish!

  13. Re:I've heard this before by Bigjeff5 · · Score: 2, Interesting

    You defend the idea of Communism, yet hint at exactly why it doesn't work. Pure Communism cannot and will not ever work for the same reasons that pure Democracy cannot and will not work - natural cooperation breaks down when the group size becomes so large that individuals do not know every other member of the group on a personal level. Our congress would not function if it got much larger than it is. If it grew to over 1,000 members our government would almost certainly collapse, as there would be no way to prevent the tyranny of the masses.

    Incidentally, Capitalism doesn't get it right either, but it much better accounts for human nature than Communism does on a large scale. Pure Capitalism misses the mark because it assumes we are completely self-serving, seeking only for our own best advantage. This is not the case - there is altruism within us, and while not as prevalent as our self-serving nature, it tends to screw up the Capitalist ideal if not taken account for. Incidentally this altruistic streak really screws with Game Theory, making it completely unreliable. In any case, Capitalism does not correct the wealth disparity between the rich and the poor, however it does improve -everyone's- position, making a poor capitalist much richer than a poor communist.

    Regarding Carl Marx, I commit a conscious logical fallacy with any of his ideas ever since I did a research paper on the man in junior high. He was a serious piece of shit human being who would rather bemoan his status in the world than get off his ass and work to provide food for his starving family. I have absolutely no respect for him or any of his ideas, and you will never convince me of the value his concepts while invoking his name. When I read about him, all I really wanted to do was kick his whiny little ass. Incidentally, I feel the same way about-able bodied people who make excuses about why they cannot work or need support when I see for-hire signs not a half a block down from where they panhandle. That Carl Marx was able to gain world wide notariety and respect probably for a number of centuries while being a piece of shit human being just pisses me off even more.

    --
    Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
  14. Re:Successfully broken before anybody was using it by Korin43 · · Score: 2, Informative

    Too bad this has nothing to do with antivirus software or firewalls..

  15. Re:Successfully broken before anybody was using it by Arancaytar · · Score: 2, Interesting

    I raise you a Vigenere - used by the Confederates after it was successfully broken by Babbage.

    (Also, apparently they changed the password twice during the course of the war.)

  16. Re:I've heard this before by DragonWriter · · Score: 2, Insightful

    I believe he simply meant free markets, but the free market is the cornerstone of capitalism.

    That changes the claim, but doesn't justify either the original or the revised version.

    For a good comparison, look at the Cold War and Communist Russia vs Capitalist America.

    Russia was -- when the USSR was founded -- something like a half-century or more behind Western Europe and the US technology, and probably two centuries socially. And was devastated by war (like most of Europe, but unlike the US.) It then went through several years of civil war that further wrecked the econom, made a brief attempt under the NEP to build a sustainable economy without an immediate threat of major war, then returned to war mobilization for the short term in the 1930s, was again -- like much of Europe and again unlike the US -- devastated by war again, and then got into a global economic and military competition with an opposing block that was far ahead in starting position.

    So, even if Leninist/Stalinist Russia was a good study in Communist theory (which, given how radically Leninism rewrote Marxism with no real theoretical basis, only the recognition that Russia wasn't in the condition which Marxist theory saw as a precondition for the socialism that was the first step to Communism, is a pretty hard case to make), and the US was a good study in Capitalist theory (which, given that like most advanced economies, the US from the mid-20th century was a mixed economy, is also a hard case to make), the comparison between the two in direct competition -- given the difference in starting conditions -- wouldn't be a particularly good way to compare the theoretical systems in any broad way.