Slashdot Mirror

← Back to Stories (view on slashdot.org)

Position-Based Quantum Cryptography Proved Secure

Posted by timothy on from the where-were-you-when dept.

KentuckyFC writes "Physicists have developed a new kind of quantum cryptography that uses position measurements to guarantee the security of a message. The technique is based on triangulation. Alice uses several transmitters to send messages to Bob who returns them immediately at the speed of light. If the return arrives within a certain time period, Alice can be certain that Bob is where he says he is. Physicists proved a few years ago that when the messages are purely classical this method is not secure because Eve can use any number of receivers to work out where Bob is and then use this information to trick Alice. However, the same physicists have now proved that the quantum version of the same position-based scheme is perfectly secure, essentially because Eve cannot easily measure the value of any qubits in the message. Alice and Bob go on to use the qubits to exchange a cryptographic key, a one-time pad, that they use to encrypt a message. The beauty of the technique is that a message encrypted in this way can be read only by somebody at a specific location, something that governments, banks, and the military, not to mention everybody else, may find useful."

45 comments

  1. nonlocal results and human weak links by drDugan · · Score: 4, Insightful

    The position based exchange, of individual qubits, as describing in TFA is for key exchange, leading to a one-time pad . The interesting thing is that once the one time pad is securely created and delivered, the locality is then longer restricted, the " can then be used to send a perfectly secure message" from TFA can then be anywhere.

    But from a security point of view, this is nice, but a major part of security holes don't come from technology, they come from personnel and the ability to trick people. Unless you completely restrict the physical location of the people, information encrypted this "perfect" technology still falls prey to human foibles. As stated in TFA " theoretical security is not the same as practical security"

    1. Re:nonlocal results and human weak links by timeOday · · Score: 1

      But from a security point of view, this is nice, but a major part of security holes don't come from technology, they come from personnel and the ability to trick people.

      I think we are getting to the point of over-emphasizing that fact, as if cryptography were unimportant. OK, this might not show up in Outlook Express. But there really ARE important applications for secure wireless transmissions, and there really ARE extremely professional and well-funded researchers on the "other side" who will use every algorithmic trick in the book to crack them. If you look at WWII and the Cold War, cryptography was tremendously important. Even the cryptographic attacks on "everyday" technologies like WiFi and ATMs available to the average script kiddie are quite impressive. So I wouldn't be too blase about cryptography not being the weak link.

    2. Re:nonlocal results and human weak links by Monkeedude1212 · · Score: 1

      " theoretical security is not the same as practical security"

      Not to mention Applied security. This kind of encryption is nice in theory but how long until its deployable?

      But I get your point, technology only goes so far when you get people who don't know what a phishing attempt is, and/or leave their password on a post it on their monitor.

    3. Re:nonlocal results and human weak links by blair1q · · Score: 3, Interesting

      If you look at WWII and the Cold War, cryptography was tremendously important.

      It was even more important in WWI. The Germans had submarine warfare, and there was no sonar, making subs pretty much invincible. Germany also had a strong surface fleet. They succeeded in driving the Allied fleet out of the North Sea. They could have owned the entire ocean, cut off all trade and resupply of the Allies, taken Europe and then Britain, and then by degrees the rest of the world.*

      But the British had captured a German codebook and were using it to track subs and ships, made easier by the German practice of daily radio communications (admiralties being groups of control freaks with politically motivated bosses, they tended to be clingy that way.) They still considered the North Sea dangerous, but were able to maintain a blockade by patrolling the Channel and the North Atlantic.

      * - It's likely they wouldn't have had to "take" the U.S.; we at the time were isolationist and neutral, and in fact had welcomed a German submarine as heroes when she ran under the British blockade to get supplies from us. They used their biggest sub and gutted it for the trip, but the effectiveness was minimal so they never tried it again. The point is, if the British hadn't had control of the ocean, the Germans could have been trading with the world's prime source of natural resources all along while they were knocking down one nation after another, and America would have fed Germany right up until the moment Germany turned on America. Instead, the Germans got desperate, started attacking civilian vessels, sunk the Lusitania, disgusted us all, and put America on the side of the Allies, though it would be some time before we did more than supply them.

    4. Re:nonlocal results and human weak links by Bakkster · · Score: 2, Insightful

      I think we are getting to the point of over-emphasizing that fact, as if cryptography were unimportant. OK, this might not show up in Outlook Express. But there really ARE important applications for secure wireless transmissions, and there really ARE extremely professional and well-funded researchers on the "other side" who will use every algorithmic trick in the book to crack them. If you look at WWII and the Cold War, cryptography was tremendously important. Even the cryptographic attacks on "everyday" technologies like WiFi and ATMs available to the average script kiddie are quite impressive. So I wouldn't be too blase about cryptography not being the weak link.

      The best part is that both weaknesses were used to break the Enigma cipher. They first exploited weaknesses in the cipher itself (letters couldn't be encrypted to themselves) and then weaknesses in the operators (the lazy Nazi would frequently choose Der Fuhrer's birthday for his cipher).

      --
      Write your representatives! Repeal the 2nd Law of Thermodynamics!
    5. Re:nonlocal results and human weak links by Anonymous Coward · · Score: 0

      Security cannot be "declared," it must be proven. And establishing that "proof" requires time spent in the line of fire.

      - Steve Gibson

    6. Re:nonlocal results and human weak links by Arancaytar · · Score: 1

      So I wouldn't be too blase about cryptography not being the weak link.

      Also, it has to be said that the main reason cryptography is getting less emphasis as the weak link is the dramatic advance made in cryptography over the last few decades. It's not becoming less important, it's just become better. Since we get to the point where nobody could feasibly use an algorithmic brute-force attack against properly used household cryptography (OpenGPG), non-cryptographic attack vectors like social engineering or viruses are getting more emphasis.

    7. Re:nonlocal results and human weak links by owlstead · · Score: 1

      WWI was not about Hitler Germany or anything. It was basically a war between countries to see who could grab the most riches and colonies - at least as far as I can tell from the little history I got about it. If you look at the history between the US and the UK at that time, I would not think it strange that German subs were considered heroes.

      My history is not that good, but I know you have to look at facts like these from the perspective at that time. Not the current perspective, let alone the perspective offered after WWII.

  2. Hmm... by fuzzyfuzzyfungus · · Score: 4, Funny

    Could the work that has been done in "slowing" light be used to interfere with this?(or, more practically, since the speed of light varies based on the medium, would you need a completely accurate characterization of the contents of the light paths that the signal travelled over for your certainty to be valid?

    On the plus side, this will finally provide a way for Bob to prove to Alice's satisfaction that he isn't with Eve, and Alice will be able to demonstrate the same about Mallory. Bliss through superior quantum physics!

    1. Re:Hmm... by Itninja · · Score: 1

      No kidding. Somewhere on the network an engineer replaces CAT5 with fiber and POW!

      --
      I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
    2. Re:Hmm... by postbigbang · · Score: 1

      There are lots of ways to induce delta T. iTunes, as an example.

      Or in actuality, playing with the MPLS tables.

      Heaven help you if you're on WiFi and move out of the zone. You are so screwed.

      --
      ---- Teach Peace. It's Cheaper Than War.
    3. Re:Hmm... by Chris+Burke · · Score: 1

      On the plus side, this will finally provide a way for Bob to prove to Alice's satisfaction that he isn't with Eve, and Alice will be able to demonstrate the same about Mallory. Bliss through superior quantum physics!

      Yes as they let out a simultaneously blissful sigh of relief that Bob doesn't suspect that Eve is with Alice, and Alice doesn't suspect that Mal is with Bob.

      --

      The enemies of Democracy are
    4. Re:Hmm... by Anonymous Coward · · Score: 0

      http://science.slashdot.org/story/10/05/17/212212/Commercial-Quantum-Cryptography-System-Hacked... this is getting to be a little counterproductive, don't you think?

  3. general relativity destroys the security by rubycodez · · Score: 4, Interesting

    this only works in a perfectly flat space-time, if unknown or changing (known or caused by hostile party) curvatures are present the whole thing falls apart

    1. Re:general relativity destroys the security by onionman · · Score: 1

      this only works in a perfectly flat space-time, if unknown or changing (known or caused by hostile party) curvatures are present the whole thing falls apart

      You beat me to it. Yes, it's hard to see how this particular method would be useful on Earth. Of course, the research results are academically interesting even if there is no (immediate) practical application.

    2. Re:general relativity destroys the security by clone53421 · · Score: 1

      Unexpected curvature would make the travel path longer, which would make it slower, which would be detected by the system as an insecure connection.

      --
      Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
    3. Re:general relativity destroys the security by nospam007 · · Score: 1

      "Yes, it's hard to see how this particular method would be useful on Earth."

      If I was a drug dealer, I would like to know that the cell tower I'm talking through is inside the FBI car behind me.

    4. Re:general relativity destroys the security by blair1q · · Score: 1

      It's impractical where distance is involved, but could eliminate man-in-the-middle attacks at very short distances, say within a single interface between two separately secured networks.

      You'd have to have a chunk of neutronium to warp space enough to make that go out of skew on't treadle.

    5. Re:general relativity destroys the security by GofG · · Score: 1

      Be like Tevye, who used the subjunctive mood properly. "If I were a rich man".

      Do not be like Aiken, who used the subjunctive mood improperly. "If I was invisible".

      In the subjunctive mood, where we are talking about things which are not true, we use "were" instead of "was". :D

      --
      GFA/M/S d-- s: a--- C++++ UBL++$ P+ L+++ !E- W++ N+ !o K- w--- !O !M !V PS++ PE Y+ PGP+ t+++ 5- X+ R tv@ b++ DI++++ D+ G
    6. Re:general relativity destroys the security by rubycodez · · Score: 1

      no. it's still the fastest possible travel path, a space-time geodesic.

    7. Re:general relativity destroys the security by Anonymous Coward · · Score: 0

      Would it be theoretically possible to detect an equivalent of an Einstein's Cross in the used frequencies and determine the presence of the unexpected curvature?

    8. Re:general relativity destroys the security by onionman · · Score: 1

      "Yes, it's hard to see how this particular method would be useful on Earth."

      If I was a drug dealer, I would like to know that the cell tower I'm talking through is inside the FBI car behind me.

      The surface of the Earth is a rotating, accelerating reference frame located in several gravity wells (Earth's, the Moon's and the Sun's). Hence the proposed mechanism would not work with any transmitter/receiver combination located on Earth.

  4. Elderly scientist say something is impossible? by nefus · · Score: 1

    So a quantum crypto-cracking program wouldn't work? It'll be an ugly loop just like armor and armor piercing weapons. Wait for it...

  5. Requires zero latency by clone53421 · · Score: 1

    It would never work that perfectly in practice – at least not on the internet, definitely – because the latency on the internet is much too large. The time taken for a packet to travel from point A to point B is nowhere remotely close to the time it would take at the speed of light with no latency.

    --
    Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
  6. Only at a specific location by Anonymous Coward · · Score: 0

    The beauty of the technique is that a message encrypted in this way can be read only by somebody at a specific location

    Sure, it's quantum crypto, so you need to be at the other end of the optic fiber...

  7. Eve's always been a trouble maker. by fahrbot-bot · · Score: 2, Funny

    Eve can use any number of receivers to work out where Bob is and then use this information to trick Alice.

    I'm concerned that this Eve character keeps causing trouble. First for Adam, now Alice and Bob.

    --
    It must have been something you assimilated. . . .
    1. Re:Eve's always been a trouble maker. by Hurricane78 · · Score: 1

      But the fucks like a goddess! And everyone knows it. Unfortunately she never uses contraceptives. Which nobody knows.
      This explains why she’s the mother of every human ever. ;))

      --
      Any sufficiently advanced intelligence is indistinguishable from stupidity.
  8. iTunes, now with qubits. by retech · · Score: 1

    No doubt, while charging an extra $1 per song, Apple will spin this as a much needed feature.

  9. Obligatory: But Will PBQC by Anonymous Coward · · Score: 0

    run on Linux?

    Yours In Smolensk,
    Kilgore T.

  10. Re:Obligatory: But Will PBQC by clone53421 · · Score: 1

    Are you even the same Kilgore Trout who I remember from ages past? He was delightfully trollish and clever. You seem to merely crack dumb one-liners.

    --
    Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
  11. Quibble by westlake · · Score: 1

    The technique is based on triangulation. Alice uses several transmitters to send messages to Bob who returns them immediately at the speed of light. If the return arrives within a certain time period, Alice can be certain that Bob is where he says he is

    Alice can be certain that the repeaters are where they say they are.

    But Bob could be elsewhere - and his personal responses to these messages won't be - can't be - instantaneous.

  12. What about lasers? by Timothy+Brownawell · · Score: 1
    Lasers work by stimulated emission, which is a quantum process that makes identical copies of photons. Quantum cryptography relies on qbits not being copyable, so how does this not break it?

    The critical detail of stimulated emission is that the emitted photon is identical to the stimulating photon in that it has the same frequency, phase, polarization, and direction of propagation. The two photons, as a result, are totally coherent. It is this property that allows optical amplification to take place.

    1. Re:What about lasers? by pclminion · · Score: 1

      Stimulated emission is not perfect cloning. The monkey wrench which prevents lasers from violating the no-cloning rule is the non-zero probability of spontaneous emission. See this paper:

      Experimental Quantum Cloning of Single Photons

      Although perfect copying of unknown quantum systems is forbidden by the laws of quantum mechanics, approximate cloning is possible. A natural way of realizing quantum cloning of photons is by stimulated emission. In this context, the fundamental quantum limit to the quality of the clones is imposed by the unavoidable presence of spontaneous emission.

    2. Re:What about lasers? by Timothy+Brownawell · · Score: 1

      non-zero probability of spontaneous emission

      Ok, that makes sense. Thanks.

    3. Re:What about lasers? by Anonymous Coward · · Score: 0

      Lasers work by stimulated emission

      Oh yeah, talk dirty to me. Pull my hair, bitch -- that's it.

  13. A little to the left... by Anonymous Coward · · Score: 0

    No, back to the right. Up a little... Perfect! Now don't move!

    The above caption used to involve a TV, rabbit ears, and/or tin foil. How times do change...

  14. Easy solution: by Hurricane78 · · Score: 1

    Intentionally read ALL quantum encrypted transmissions, thereby making it impossible to use it, and forcing people to traditional channels. Then crack them. The traditional ways.

    Or: After Bob received the message, just call him, tell him you are the new admin, and they did not give you the password yet, but you were told to install $somethingBobReallyWants on his computer. So if he could kindly give him the password... ;)

    --
    Any sufficiently advanced intelligence is indistinguishable from stupidity.
  15. One small problem... by CODiNE · · Score: 1

    the location is specific to 500 miles around. ;)

    --
    Cwm, fjord-bank glyphs vext quiz
  16. proved secure... by nimbius · · Score: 1

    ...for now.

    --
    Good people go to bed earlier.
    1. Re:proved secure... by owlstead · · Score: 1

      It is certainly possible to prove something secure from a mathematical point of view. Since mathematics is more or less self contained, that's all right. Unfortunately, the real world isn't. So then you have all sorts of things to factor in:
      - errors in the assumptions
      - setups to avoid detection errors
      - side channel attacks on the detectors and transmitters
      - insecurities of the complete protocol
      - insecurities of the overal system
      - human errors
      etc. etc.

      The problem with quantum crypto always has been that the above are always more important than the security of any sufficiently strong cipher. And there are plenty sufficiently strong ciphers to choose from. Of course, even if it *currently* does not have a direct application does not mean that research on the matter is useless. Who knows what they'll find, and who knows what crypto-analysis will bring. At least it won't succeed in breaking any provably secure scheme itself.

  17. No, *not* proved secure. by Daffy+Duck · · Score: 3, Interesting

    From TFA:

    "Unfortunately we do not have a security proof, and we leave it as an open problem to find an attack or prove its security," they say.

    So how did the summary conclude "proved secure" from that?

  18. Sphere by Databass · · Score: 1

    Technically speaking, isn't there a sphere of locations that would all be the same light-distance from the message sender? (I'm picturing an equilateral triangle here.) I don't know how you'd read the qubits to know the distance, but if you could, maybe you could position yourself at one of those equal points and thus be the right distance (and time) away.

  19. Exciting news by Vadim+Makarov · · Score: 2, Informative

    There are two things about this publication that make it remarkable.

    1. This is a new useful information processing primitive that is only possible to do quantum, not in any classical information processing (the paper cites impossibility proof in classical domain). There's just a handful such quantum primitives known today (e.g., QKD, Shor's algorithm), so discovering one more is a great deal.

    2. It is practically implementable with today's quantum crypto hardware. In fact, I expect any lab that has a working free-space QKD system can be working on an experimental demonstration of location-restricted QKD right now. It may just take some software rewriting and a couple extra wi-fi links to assemble a full 2D-location QKD scheme.

    To be fair I must mention that the location primitive has been published two months ago by R. Malaney from Australia. However, his version was more difficult to implement (although also doable with today's experimental techniques), and notably it lacked QKD functionality. Now with this publication the scheme is complete and is even supplied with a security proof. My applauds to the authors.

    --
    17779 eligible voters in a district, 17779 'vote' as one. This is Russia.
  20. Who the hell comes up with those algorithms? by marcosdumay · · Score: 1

    At least they didn't prove its security. It works if, and only if conventional quantum cryptography works, what means, it doesn't work at all.

    Let me prove it is not secure:

    1. Bob places his transmiters, to triangulate Alice.
    2. Alice places her transmiter.
    3. Eve places a transmiter between each Bob's tranmiter and Alice's one. (That is, on the same configuration that would break the classical crypto.)
    4. Now, let's say Bob starts transmiting. He transmits the key encoded on the polarization of the wave.
    5. Eve reads the key. Yep, she changes it. She also blocks it, by jamming the frequency, cutting the fiber, or whatever.
    6. Eve now transmits another key to Alice, delayed by a constant amount of time from Bob's key. The delay must be exactly the sme (to the definition Alice can measure) on all transmiters.
    7. Alice gets Eve's key, and sends back the orientations.
    8. Eve gets the orientations, and stablish a shared key with Alice. She also blocks Alice's message.
    9. Eve now transmit her orientations to Bob, delayed by a constant amount on all her transmiters. Again, the delay will need to be exactly the same (to the definition Bob can measure) on all transmiters.
    10. Bob receives Eve's orientations, and stablishes a key with her.
    11. Eve is now (literaly) in the middle of the conversation.
    --
    Rethinking email