Slashdot Mirror

← Back to Stories (view on slashdot.org)

Quantum Cryptography Conquers Noise Problem

Posted by Soulskill on from the to-the-victor-go-the-quantum-spoils dept.

ananyo writes "Quantum-encryption systems that encode signals into a series of single photons have so far been unable to piggyback on existing telecommunications lines because they don't stand out from the millions of others in an optical fiber. But now, physicists using a technique for detecting dim light signals have transmitted a quantum key along 90 kilometers of noisy optical fiber. The feat could see quantum cryptography finally enter the mainstream. The researchers developed a detector that picks out photons only if they strike it at a precise instant, calculated on the basis of when the encoded photons were sent. The team's 'self-differentiating' detector activates for 100 picoseconds, every nanosecond. The weak charge triggered by a photon strike in this short interval would not normally stand out, but the detector measures the difference between the signal recorded during one operational cycle and the signal from the preceding cycle — when no matching photon was likely to be detected. This cancels out the background hum. Using this device, the team has transmitted a quantum key along a 90-kilometer fiber, which also carried noisy data at 1 billion bits per second in both directions — a rate typical of a telecommunications fiber."

48 of 79 comments (clear)

  1. Great news! by gagol · · Score: 2

    Where can I get buy my personal quantum crypto kit?

    --
    Tomorrow is another day...
    1. Re:Great news! by Bryansix · · Score: 1

      Seriously, I have no idea of the actual application of this technology.

    2. Re:Great news! by ark1 · · Score: 2

      Clavis

    3. Re:Great news! by angelbar · · Score: 1

      ooh My (possible) God. I home that you isn't one of the involved physicists. :)

      --
      -no sig today-
    4. Re:Great news! by noobermin · · Score: 1

      From The Fucking Article:

      You cannot measure a quantum system without noticeably disrupting it. That means that two people can encode an encryption key — for bank transfers, for instance — into a series of photons and share it, safe in the knowledge that any eavesdropper will trip the system’s alarms.

    5. Re:Great news! by Trax3001BBS · · Score: 1

      Seriously, I have no idea of the actual application of this technology.

      Unbreakable copy protection, DRM.

    6. Re:Great news! by kaws · · Score: 1

      Not sure if being sarcastic but... this technology wouldn't be able to be applied to DRM at all. This is just for communication between two machines.

    7. Re:Great news! by gweihir · · Score: 1

      There are none. Unless you want something far, far worse than existing technology in terms of capabilities, cost and reliability. I do not think this stuff will ever become mature, but if it does, expect it to take > 100 years from now. This is just scientists lying in order to get funding, there are no in any way relevant breakthroughs and there have been none since this started. And the physics used is also shaky, unlike moder cryptography which relies on mathematics that is solid.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    8. Re:Great news! by Anonymous Coward · · Score: 1

      moder cryptography which relies on mathematics that is solid.

      And except for the use of one time pads, modern cryptography methods can not be proven to be secure in the sense that there are not proofs of the nonexistence of fast cracking algorithms. They are all pretty much based on the idea that it should be hard to determine keys, etc. based on spending several years trying to come up with a way to break it, but don't exclude the possibility of someone developing a new attack down the line in any way.

      If implemented correctly, quantum encryption would only be broken under a few possibilities: quantum mechanics is wrong, researches did math wrong, or it was implemented incorrectly. The second two are both quite possible with traditional encryption methods. The first one has been well tested and would be quite a big deal if it comes up, with broken encryption being only a minor consequence (on par with discovering there are fast polynomial time algorithms for certain actions, or assuming NP is not P, etc.). The only big problem has been the last one, with broken schemes involving bad implementation in an effort to deal with noise... which would be counteracted by research like what is being presented here.

    9. Re:Great news! by gweihir · · Score: 1

      Ok, admitted, even the DLP has not proven to be hard except under unrealistic assumptions.

      Block ciphers are also a risk, but then when you do quantum-key-exchange, the next thing you do is communicated protected by a block-cipher with the exchanged key, so that is irrelevant. Because quantum-key-exchange is very, very slow, there is really no way around that. So you have to use classical crypto anyways and quantum key-exchange is just one more component that can fail.

      There is also the problem, that classical crypto is weakly sensitive to implementation errors and the risks are well understood (well, by people that get it, all the classical mistakes are still being made), while quantum key-exchange is strongly sensitive to implementation errors, because the theory was never indented to generate the security analyses needed for a crypto system, because strongly analog devices are always prone to have item deviations and because there is far, far less experience with them. And I maintain, quantum theory would not fall over when there were ways to occasionally get a the exchanged bits. That would already break the scheme.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  2. Hacking fun by MakersDirector · · Score: 1

    Next thing you know, they'll invent something that will bend light. Oh wait. They already have! It's called a Prism! And next thing you know... hackers will be 'hacking' light by bending it use natural magenetic forces. And cracking that unsafe light transmission, because we all know, light is NOT faster than electrcity....

    1. Re:Hacking fun by kubernet3s · · Score: 1

      Are you being sarcastic, trolling, or on drugs? I can't tell, you see, because of my internet Asperger's

    2. Re:Hacking fun by Anonymous Coward · · Score: 1

      . hackers will be 'hacking' light by bending it use natural magenetic forces

      Natural or unnatural in origin, magnetic fields don't bend light by themselves (some materials will affect light in ways that can be changed by a magnetic field... but in that case you could just use regular optics if you just want to bend). There is an exception due to QED... but requires magnetic fields orders of magnitudes higher than anything on Earth, only works on gamma rays because it gets weaker for longer wavelengths, and scatters instead of bends.

    3. Re:Hacking fun by kaws · · Score: 1

      The idea behind this is that the information is stored in a quantum state and any attempt to read (observe) the data breaks the quantum state. If someone were trying to do any intercepting then they would end up garbling the data on the other end thus tripping an alarm that something is wrong. In other words, this is really exciting because right now, there's no way to secretly intercept a quantum communication.

    4. Re:Hacking fun by MakersDirector · · Score: 1

      Not unless the matter is converted to energy and back again.

    5. Re:Hacking fun by kubernet3s · · Score: 1

      As a researcher in quantum mechanics, I can attest to the fact that everything you have said so far is either patently false, or has no basis in physical reality. You are confusing the photoelectric effect (a statement about the wave/particle duality of light due to the deBroglie relation) with an equation due to general relativity (a statement of the equivalence of mass and energy), which you state incorrectly (reducing your equation written as Et=mc^2*t^2 yields E=mct, which is false). The considerations of the time dependence of quantum mechanics are well understood, and do not involve "lumping energy" into a single point in time. The speed of light is not a time dependent quantity, nor does it imply that measurements cannot be taken instantaneous (see calculus, definition of the derivatice) and does not require "symmetrizing" in the form of multiplication by tim (which yields a distance, not an energy). It arises from differential equations describing the propagation of a wave through space, and changes in it result from increasing accuracy of experimental data (measurements of permittivity and permeability of free space, both quantities which are well defined for static and quasistatic phenomena). The equations relating these data to the speed of light are close to a century and a half old and have been valid for that entire period.

      Finally, the interaction of photons with electrons is well documented: it is the physical basis for the absorption of visible light. If you have some other explanation, me and my colleagues would be very interested to hear it.

    6. Re:Hacking fun by kubernet3s · · Score: 1

      Also, if this is a troll it's a really good one, and you win, and you can stop now.

    7. Re:Hacking fun by kaws · · Score: 1

      ANy attempts to read it would disrupt the quantum entanglement. This has nothing to do with matter in fact, it's mostly light. Now if you were trying for sarcasm, sorry I missed it.

  3. Not Typical Telecom by Anonymous Coward · · Score: 2, Informative

    "transmitted a quantum key along a 90-kilometer fiber, which also carried noisy data at 1 billion bits per second in both directions — a rate typical of a telecommunications fiber."

    Telecommunications fiber with a 90km (~50mi.) length would be considered backbone. Typically two fibers are used to send signal in both directions. Single fiber applications require different frequencies of light to both TX & RX. This single fiber application is only used in metro FTTX/GPON situations - never in backbone as the frequency splitting equipment adds relatively high amounts of loss to your signal, impacting how far you can go without regeneration.

    1. Re:Not Typical Telecom by noobermin · · Score: 1

      This is still a leap over the previous possibility, on the "expensive 'dark fibers'"...I think that was tfa's point. And the emphasis might have been the rate, not the specific setup. I don't think they are claiming the prototype is market ready...

  4. Re:20/20 transmission by avandesande · · Score: 4, Insightful

    Send a handshake message used to calculate transit time, and then another to specify when the next packet will be sent, or at what intervals. If it fails redo the handshake.

    --
    love is just extroverted narcissism
  5. How to use quantum key exchange? by timeOday · · Score: 1

    My understanding is this would allow you to send bits ensured that nobody else had seen them. But every router / repeater must do exactly that, to send them on the next hop. So really, this is just for when you believe you have one continuous fiber strand and want to make sure... correct? If so it does not allow individuals to communicate securely over the Internet, since there is no un-interrupted strand connecting the endpoints. For a truly private network, like connecting missile launch sites to a command center, or helping a domestic telco ensure its undersea hops aren't being spied on by a foreign power between repeaters, then I can see the utility.

    1. Re:How to use quantum key exchange? by gweihir · · Score: 1

      Not quite. But basically, you can only do optical switched circuits (no packed networks), and you cannot do amplification. Switched circuits are a failed technology, just look at ATM. And you still need a second network for the actual data transfer.

      That makes this thing completely useless in practice, except for dedicated, short links. But for them you can use pre-shared key to get the same level of security, or even higher, as this quantum stuff has already been broken numerous times. And 1:1 link can be put over the public Internet in the form of a VPN. For the quantum nonsense, you have to lay new fiber.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    2. Re:How to use quantum key exchange? by TheRealHocusLocus · · Score: 1

      The problem with so-called quantum crypto -- and I applaud slashdot calling it out, there is no crypto involved -- is it's not even a new deal for telecommunications, because we already have a demonstrably secure method: crypto.

      So it's all about laziness, the unwillingness to engage in the practice of secret key management. If your target market is comprised of folks who are unable or unwilling to manage their own security and want some black box to do it for them... well are we not approaching Dilbert-esque territory...?

      --
      <blink>down the rabbit hole</blink>
    3. Re:How to use quantum key exchange? by DMUTPeregrine · · Score: 1

      Quantum Cryptography is an outdated term, it should be called Quantum Key Distribution. It's essentially Diffie-Hellman without the possibility of a Man In The Middle attack going unnoticed.

      Sometimes you'll want to generate a new secret key, and not have the opportunity to physically travel to the same location as the other party. If you've already got an uninterrupted optical fiber and the QKD equipment you can generate new secret keys on demand. It's not likely to be practical for general use anytime soon, but there may be practical applications for a military or similar organization.

      --
      Not a sentence!
  6. Why is it called quantum "cryptography"? by Myria · · Score: 2

    Shouldn't it be more like, quantum tamper detection? It's just using one-time pad in such a way that the pad's transmission getting intercepted will trigger the tamper detection mechanism.

    --
    "Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
    1. Re:Why is it called quantum "cryptography"? by gweihir · · Score: 2, Insightful

      Pure marketing BS. It is "quantum modulation", no cryptography involved at all. At it is completely irrelevant anyways. The people doing this have to outright lie to get continued funding.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  7. Variation on time division multiplexing by Mostly+a+lurker · · Score: 2

    While the hardware challenges are undoubtedly substantial, the basic idea is just a variation on time division multiplexing, which has been extensively used since the days of the telegraph, well before 1900. If this receives a patent, I hope it is for some hardware advance and not just because of the sharing of the fibre.

  8. Re:20/20 transmission by JonySuede · · Score: 1

    no, the safe way would be to synchronized something like a good atomic clock in person, transmit periodically the the drift and sometime a key or a ping using the low energy hidden in plain sight technique

    --
    Jehovah be praised, Oracle was not selected
  9. Re:20/20 transmission by Time_Ngler · · Score: 1

    Why would the handshake need to be encrypted?

  10. Still completely irrelevant by gweihir · · Score: 3, Insightful

    There are numerous problems:
    1. You need _optical_ switches, i.e. switched circuits. That approach failed a long time ago. Anybody remember ATM?
    2. 90km is nothing. Amplification is impossible, so unless they reach 10'000km, this is completely irrelevant.
    3. Nobody needs it. Cryptography does fine. (No, this is at best "quantum modulation", no crypto involved.) If you are paranoid, use OTPs. They are far, far cheaper, far, far more reliable and completely compatible with existing networks.
    4. Remember, this is only key exchange, not actual data transmission. As such it is pretty useless, as you still need to rely on cryptography for the message transfer.
    5. The security guarantees are far, far weaker than people are made to believe. Just look at the history of successful compromises.
    6. Not even the physics may work out. Quantum theory is a _theory_, not established fact.

    Another worthless stunt.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:Still completely irrelevant by sFurbo · · Score: 2

      You might be right on the first 5, but your number 6 is misleading. If quantum mechanics was not a correct description of the world, the computer you used to write your message on would not work. Quantum mechanics is one of the most successful theories ever. Oh, and theory does not mean what you think it means (at least when scientists use the word).

    2. Re:Still completely irrelevant by jouassou · · Score: 3

      What physicists call a theory is basically what laymen call a fact; it's a hypothesis that people have tested empirically over and over again, without falsifying it. Quantum mechanics is one of the most tested theories we've got, so if that's not "established fact", I'm not sure what is. It's true that quantum mechanics and general relativity aren't really compatible, so physics is not "complete" yet; but quantum mechanics does accurately describe systems where gravitation is irrelevant.

      If you're still doubting that quantum mechanics can have real-world applications, here are some inventions that were based on quantum mechanics, from the top of my head: lasers, transistors and scanning tunneling microscopes. In addition, many other phenomena (chemistry, radioactive decay, degeneracy pressure, photoelectric effect, etc.) weren't really understood before quantum mechanics.

    3. Re:Still completely irrelevant by gweihir · · Score: 1

      It is not that simple. Some tiny variations could leave quantum theory intact, but completely break "quantum modulation". This is crypto. Some information leakage can easily invalidate it, even if it only happens under exotic conditions. In that case, everything works for most of the world, but an attacker can create said exotic conditions.

      I do indeed know what "theory" means here, namely well established model (not an exact description of reality) which still has flaws and inaccuracies. For the use in key-exchange, neither flaws nor inaccuracies are acceptable, as they can easily break the system. For most other uses that is not a problem, and the theory will work fine. There is one exception: If the areas of possible flaws and inaccuracies have been carefully examined whether they can break quantum-based key exchange, only then may it actually be secure. This has not been done in any meaningful way for quantum theory.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    4. Re:Still completely irrelevant by gweihir · · Score: 1

      I am a scientist. I know that. The problem is that even a well-established physical "theory" is only a model and can have tiny errors and inaccuracies. For use in key-exchange, these can easily be disastrous, while leaving most/all other uses intact. Also, for the case of quantum theory, the model is not complete. Simply following the press is already enough to see that. Maybe we will have a GUT one day and it will be accurate. That we do not indicates that even quantum theory is flawed, possibly only in subtle ways.

      A physical theory is always an approximation, unlike a mathematical theory. For cryptographic uses you need more than an approximation, as tiny things can break it.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    5. Re:Still completely irrelevant by gweihir · · Score: 1

      Indeed. And this type of tiny inaccuracies can (and has in the past) completely break any cryptographic use.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    6. Re:Still completely irrelevant by gweihir · · Score: 1

      1) You cannot have hops. For this to be secure it has to be done end-to-end, there is no other way. The exact same photon sent by the sender _must_ reach the reciever for any of the security properties to hold.
      2) 90km is worthless. You _cannot_ regenerate quantum signals. If you could, they would be completely insecure.
      3) It is not even somewhat secure at this time and several implementation have already been broken.
      4) If you need to rely in conventional crypto anyways, do the key exchange with that, and have only one attack surface instead of two.
      5) Look for yourself, you lazy slob. Google ("quantum encryotion broken") has several different breaks right on the first result page.
      6.) We are talking about physical theory here and a completely inappropriate use. Quantum Theory is mostly correct and accurate, but does not reach the precision needed for cryptographic use. Things like side-channels, exotic conditions, etc. all break crypto, but not Quantum Theory. Also Quantum Theory is incomplete.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    7. Re:Still completely irrelevant by gweihir · · Score: 1

      3. Just make the keys longer or use ElGamal. Crypto _is_ fine. And you are mixing apples and oranges. For block-ciphers, quantum computing (if it ever works for any meaningful input sizes, which is doubtful), gives you a square root. That means AES-256 goes down to AES-128 which is still secure. Not a problem at all.

      6. Wrong. It is not established fact for the precision and completeness needed for crypto use. Some tiny errors and variations are all it takes to completely break the key-exchange use, but leave Quantum Theory essentially intact.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    8. Re:Still completely irrelevant by gweihir · · Score: 1

      Not well enough for cryptographic use. For most uses, if it holds up in 1000 (or 1'000'000) experiments and fails in one ("measurement error"?) it is fine. For crypto, you need far better accuracy.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  11. Re:20/20 transmission by Anonymous Coward · · Score: 1

    Why would the handshake need to be encrypted?

    You need to securely communicate the handshake, because otherwise the eavesdropper can intercept that message, and increase the transit time to a point long enough that they then will be able to perform a man in the middle attack on the following quantum key distribution packets.

  12. Please help this simpleton ... by Taco+Cowboy · · Score: 1

    I gotta admit that I'm not familiar with photonic quantum cryptography.

    As far as I know, photonics means light, and light does reflect - and could even possibly be diverted (from one beam and splits it into two)

    Can the MIM (man in the middle) spit a beam into two, letting the "original" beam to travel to whoever the recipient while working on the "branch"?

    Would that approach cause a "noticeable disruption"?

    --
    Muchas Gracias, Señor Edward Snowden !
    1. Re:Please help this simpleton ... by sFurbo · · Score: 1

      Light consists of photons. In the limit of a one-photon signal, you cannot split it. Even with a handful of photons, splitting it is hard. I don't know how few photons they use in commercial quantum cryptography, but it is quite few.

    2. Re:Please help this simpleton ... by craigminah · · Score: 1

      Are you referring to light as a wave or as a particle?

  13. Re:20/20 transmission by somersault · · Score: 1

    If you're going to have to be together in person anyway, why not just generate/swap keys then..?

    --
    which is totally what she said
  14. basic question by __aaltlg1547 · · Score: 1

    Supposing I didn't get the message I was expecting to receive, how do I know it wasn't intercepted?

  15. But what attack does QC prevent? by BlueRaja · · Score: 1

    I still don't understand the benefit of Quantum Cryptography - it only prevents eavesdropping on the wire, right? It doesn't prevent a man-in-the-middle (where someone would receive the signal, read it, and retransmit it along the wire)?

    Assuming your machine is clean from infection, the big eavesdropping concerns today come from man-in-the-middle attacks: rerouted lan traffic (such as compromised clients running an ARP spoof), and intermediary nodes between endpoints (eg. your ISP, and the Internet backbone routers). The only thing QC prevents (actual, physical wiretapping), as I understand it, is not much of a concern anyways.

    1. Re:But what attack does QC prevent? by DMUTPeregrine · · Score: 1

      It does prevent MITM.

      Specifically, it is a key-distribution scheme that can't be attacked by a MITM attack, assuming the equipment behaves in an ideal manner. Most of the breaks of QKD systems have come from the fact that equipment does not behave in an ideal manner.

      --
      Not a sentence!
  16. Re:20/20 transmission by JonySuede · · Score: 1

    Because you want the key to be destroyed in case of eavesdrop. Suppose you swap a 64Gb one time pad with me, what assurance do you have that I did not copy the file to Alice ?

    --
    Jehovah be praised, Oracle was not selected