Slashdot Mirror

← Back to Stories (view on slashdot.org)

Australian Company Claims Laser-Based Quantum Crypto is "Unbreakable" (Video)

Posted by Roblimo on from the when-you-positively-absolutely-need-to-keep-your-crypto-key-to-yourself dept.

The QuintessenceLabs website doesn't mince words when it comes to self-promotion. It boasts that they are "The world’s first company to harness the quantum properties of lasers to herald a new generation of data security." InvestCanberra says, "the defense and security policy and procurement centre of Australia is the natural location for large conglomerate defense and security corporations and specialist cyber security, advanced communications and radar, ICT and surveillance businesses alike," and goes on to list QuintessenceLabs as one of several "locally headquartered companies that have grown into internationally successful organizations."

Here's another statement taken from the company's website: "QuintessenceLabs is the first in the world to exploit a new generation of quantum cryptographic technology which enables unbreakable, secure storage and communication of sensitive information through the generation of an ultra-secure cryptographic key." Unbreakable? That's a strong boast. Is it true? And even if it's only partly true, your upper management may call on you to explain (and possibly implement) laser-based quantum security, so you need to know what it is and how it works -- and whether it's something your company (or your client companies) need.

84 comments

  1. So...? by fahrbot-bot · · Score: 4, Funny

    Laser-Based Quantum Crypto is "Unbreakable"

    Sharks: 1
    NSA: 0

    --
    It must have been something you assimilated. . . .
    1. Re:So...? by lgw · · Score: 2

      Well, "quantum crypto" should really be called "quantum key distribution". It's the key distribution part that's "unbreakable" - the rest is just AES or whatever. However, key management is the interesting part of cryptography for attackers: it's easier to somehow find the key than to attack the math.

      And the quantum aspect doesn't actually prevent an attacker from snooping during key distribution, but it does provably let you discover that snooping has happened, and act accordingly, which is a valuable thing. (Tapping fiber-optic lines is really easy - not sure why people think it's hard: you just bend the line tight enough for some light to escape, or connect a tap with the same impedance as the line, or whatever.)

      --
      Socialism: a lie told by totalitarians and believed by fools.
    2. Re:So...? by SQLGuru · · Score: 1, Funny

      But will it protect one's Bitcoins?

    3. Re:So...? by sexconker · · Score: 0

      but it does provably let you discover that snooping has happened

      Not it doesn't. Alice can't differentiate between Bob reading the message and an attacker performing a MITM attack.
      If Alice can generate a message and transmit it over a wire so can anyone with access to the wire, regardless of whether you're sending electrons, photons, or tachyons. Exchanging keys over the wire will always be susceptible to MITM attacks. "Quantum" and "laser" don't help anymore than "leprechaun".

      There are 2 ways to securely communicate.

      1: Use a known and unbreakable encryption algorithm along with keys you've previously exchanged in a secure manner (in person, very quietly, without writing shit down, etc.).

      2: Use an encryption algorithm known only to the parties intending to communicate. Try not to use ROT13. It's trivial to shit out an algorithm that is so complex and bizarre no one will ever figure it out, but hard to make one that is also easy to use without leaving shit for your enemies to find.

      The ultimate end-game for both options is a one-time pad.

    4. Re:So...? by mlts · · Score: 1

      Quantum crypto reminds me of holographic storage. Yes, it works, but there are not many efforts in the real world implementing it.

      The quantum crypto link isn't really about sending data. It is mainly creating a key and sending it via a secure link (where both sides will either resend, or keep generating random bits until they have enough non-snooped key material.)

      However, encrypted data just goes through normal lines. Normal data gets 256 bit AES. Really secure stuff can go via one time pads.

      Of course there are valid attacks on quantum cryptography, usually at how it is implemented. Will this next product from Down Under be any more secure? Time will tell.

    5. Re:So...? by Jane+Q.+Public · · Score: 1

      This depends on your definition of "quantum crypto".

      End-to-end quantum cryptography allows you to know whether your communication has been intercepted. It IS theoretically immune to MITM. Simple quantum key generation or exchange however, may not be.

    6. Re:So...? by hawguy · · Score: 1

      2: Use an encryption algorithm known only to the parties intending to communicate. Try not to use ROT13. It's trivial to shit out an algorithm that is so complex and bizarre no one will ever figure it out, but hard to make one that is also easy to use without leaving shit for your enemies to find.

      Do you have a reference for this? The prevailing wisdom suggests that it's quite difficult to create a secure encryption algorithm - so difficult that only a few algorithms are in widespread use. An algorithm that is complex and bizarre is also complex to prove that it's secure, and could have some fatal weakness that's unearthed that makes cracking it feasible.

    7. Re:So...? by lgw · · Score: 2

      Not it doesn't. Alice can't differentiate between Bob reading the message and an attacker performing a MITM attack.

      If that were all it did, it would still be valuable, as it's harder to hide a device that can do that than it is to hide a simple tap. But that's not true - that's the "quantum" part.

      Alice sends Bob a photon polarized along a basis randomly chosen by Alice. Bob measures the polarization along a randomly chosen basis. If the bases were the same, one bit was successfully sent, if not it's noise (polarization as measured "up-down" gives no information at all about what you would have measured "left-right", and you can only ever measure one of them, you can't possibly measure both.) After the message is sent, Alice tells Bob (non-secretly) what the basis for every photon was, and the discard all the bits where they didn't randomly line up. The bits where they did randomly agree are the message - the key in this case.

      Eve, our eavesdropper, can measure the polarization along some basis, sure, but can't know what basis Alice chose, so the best Eve can do is emit a photon polarized the same say as measured with Eve's basis. If Eve receives all of Alice's photons, and sends photons to Bob, she can only get the transmission right half the time - the chance of guessing right (and thus being undetected) is the same as the chance of guessing the key in the first place.

      --
      Socialism: a lie told by totalitarians and believed by fools.
    8. Re:So...? by medv4380 · · Score: 1

      I'm pretty sure if I was transmitting with tachyons you'd have to have access to the past to intercept it. Which means you would have had to have already intercepted it, or it would be impossible to intercept.

    9. Re:So...? by fahrbot-bot · · Score: 1

      All sharks know is that Alice, Bob and Eve are delicious. [Chomp, chomp, chompity chomp.]

      --
      It must have been something you assimilated. . . .
    10. Re:So...? by Geoffrey.landis · · Score: 3, Interesting

      but it does provably let you discover that snooping has happened

      Not it doesn't. Alice can't differentiate between Bob reading the message and an attacker performing a MITM attack

      .This depends on your definition of "quantum crypto".
        End-to-end quantum cryptography allows you to know whether your communication has been intercepted. It IS theoretically immune to MITM. Simple quantum key generation or exchange however, may not be.

      Right. Alice can differentiate between Bob reading the message and a Man in the Middle interception, because to intercept the message, the man in the middle has to read the quantum bit -- that is, in the photon case, measure the polarization-- and reading it destroys it. The Man in the Middle can't then send on a copy of the quantum bit, because of the quantum no-cloning theorem. She can send a photon polarized in a way identical to the way she read the photon-- but that only works if the receiver, Bob, happens to choose the same polarization to measure that the Man in the Middle chose to measure.

      There is, however, a footnote to this. Eve actually can clone the photon (cloning photons is what a laser does). But she can't clone it perfectly-- or, more specifically, she can't be sure that the "cloned" photon is actually a copy of the original, or a spurious ("spontaneous emission") photon that happens to be in the same place. So, if she clones the photon, and measures one copy, and sends the other copy on, this shows up as noise in the signal-- exactly the same as stray light. So, Eve can read some of the message, if she's sufficiently clever, but how much is limited by how much noise the people communicating will accept in the signal without realizing that they are tapped.

      --
      http://www.geoffreylandis.com
    11. Re:So...? by Anonymous Coward · · Score: 0

      The unsinkable Titanic

    12. Re:So...? by Jane+Q.+Public · · Score: 1

      "So, Eve can read some of the message, if she's sufficiently clever, but how much is limited by how much noise the people communicating will accept in the signal without realizing that they are tapped."

      Right. So if you're using any kind of compression or other scheme that requires accurate reception of a whole packet to re-assemble it (via CRC as a check for example), you can render that partial interception non-useful to your MITM.

      It's pretty much theoretical at this point, since we really don't have practical end-to-end quantum crypto yet. But it may not be too far off.

    13. Re:So...? by sexconker · · Score: 1

      2: Use an encryption algorithm known only to the parties intending to communicate. Try not to use ROT13. It's trivial to shit out an algorithm that is so complex and bizarre no one will ever figure it out, but hard to make one that is also easy to use without leaving shit for your enemies to find.

      Do you have a reference for this? The prevailing wisdom suggests that it's quite difficult to create a secure encryption algorithm - so difficult that only a few algorithms are in widespread use. An algorithm that is complex and bizarre is also complex to prove that it's secure, and could have some fatal weakness that's unearthed that makes cracking it feasible.

      Widespread use of such algorithms by militaries, spies, serial killers, etc. that are typically only cracked when enemies get their hands on encoding/decoding materials.

      For example, using a reference text such as a book or newspaper, using daily events such as weather/temperature/baseball scores, etc. all as part of a convoluted transformation scheme.

      For example: The Dodgers beat the Mariners 4 to 2 in their last game, the temperature in Timbucktoo was 62 degrees as reported in a specific newspaper, and you've got Moby Dick as a reference text. Today is the 27th of the month so you start from the 27th word on the 2nd page of the 4th chapter and use the first 62 characters as your key in a more traditional substitution cypher. But today is also a Thursday so you discard every 7th character then split the cyphertext into rows of 20 characters long and use only the odd rows, appended by the 4th, 8th, etc rows in reverse before decoding.
      Then if the decoded message contains the keyword "absolute" and the Dodgers won, you then follow a substitution map for certain words, if the Dodgers lost you use a different map.
      Etc. etc. etc.

      It can be as crazy as you want and no one will ever be able to figure it out without coming across your own notes (or program) that use you to decode and encode shit. Or it can be as simple as "The red crow flies at midnight." and "But the bacon is nearly cooked.". It all hinges on knowing wtf to do with such a message, and getting all parties on the same page for that represents the key exchange.

    14. Re:So...? by viperidaenz · · Score: 0

      Why is the man in the middle a woman?

      the man in the middle has to read the quantum bit .... . She can send a photon polarized in a way...

      Giving the entities a gender and then mixing it up half way through only confuses people.

    15. Re:So...? by Anonymous Coward · · Score: 0

      We've already been doing this for years using diode breakover voltage noise. This is also a quantum effect, it is much easier to scale (does require some calibration but so do these lasers). it's fairly simple to place billions of diodes on a single chip, but I doubt you could do the same thing with lasers. This isn't really a big deal. Heck if you invest in it you are wasting a lot of money.

      And it's still no more unbreakable than any truly random number fed into any of today's crypto algorithms.

    16. Re:So...? by hawguy · · Score: 1

      What you described is not an encryption algorithm. Its a key exchange protocol (or possibly a one time pad)

    17. Re:So...? by master5o1 · · Score: 1

      Try not to use ROT13.

      Cool. I'll continue to use LOLcryption.

      --
      signature is pants
    18. Re:So...? by MickLinux · · Score: 1

      That's hy we developed the Rot13 OTP. It's easy to use, and since it's a one time pad,it's absolutely secure.

      --
      Correct Horse Battery Staple: 72 bits of entropy. Enter "Correct H" into google. When it generates the phrase, that's
    19. Re:So...? by Anonymous Coward · · Score: 0

      If you can't reliably create a photon in a specific manner, then how can Alice do it?

      Because Alice can create photons entangled with her own photons that she measures, while any eavesdropper is unable to duplicate the entangled photon. While the eavesdropper can emit a photon of any specific single photon state or superposition of single photon states, they won't be able to measure the full state of the original photon or emit one that is in a state that maintains the correlated statistics of the original photons Alice measured.

      If Alice is created a random photon along with her message, then how does Bob know what to expect (in order to verify shit) since neither can measure the photon without fucking with it?

      They can check after the photon has been sent to see if the statistics correlate as they should. This exchange could be done in public or anywhere, because it doesn't contain enough information for an eavesdropper to generate the key. Any attempt to re-emit the photon would break the correlation, letting Alice and Bob know the bits they sent is compromised. Since it is meant for key exchange, Alice can just create a new key and send it again if they think the eavesdropper is no longer listening, or decide to block further communication on that route. No information gets comprised, only an unused key that they know not to use.

      A pre-shared key is the ONLY way to protect information in transit.

      Except for the quantum scheme of using entangled states to share a key. Once the key is confirmed to not be comprised, they now have a key to exchange actual information over whatever classic scheme that is convenient. The biggest problem is real world systems have too much noise, and how they've dealt with noise so far amounts to sending information with multiple photons or ignoring events that could be an eavesdropper picking off part of the message. If exchanges could be done with 100% of photons sent being received and measured correctly, then it is impossible to break. How useful that amounts to in real life over real distances and communication equipment is a different story, so far.

    20. Re:So...? by Anonymous Coward · · Score: 0

      There is a whole host of quantum crypto companies selling end-to-end key exchange devices on the market.
      I am confused by this article since this company isn't the first, or the news story is 10 years old.

      Like the diffie-helman keyexchane neither parties can send a message, they can only send random bits to each other and in the end share a random key.
      The key is then used as a one-time-pad, which is proven to be unbreakable encryption.

      It works simply as this, random bits (with 4 states instead of 2) are send. The receiver can detect the 4 states of the bits, however it can really only detect 2 of the states, because of the "can't measure speed and position at the same time" kind of thing. By sending data back to the sender it can figure out how many errors where made. If the error rate becomes worse then there is an listener; because an attacker can also not figure out speed and position at the same time, because it is fundamentally impossible.

    21. Re:So...? by Big+Hairy+Ian · · Score: 1

      Do they know what Quantum means?

      --

      Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.

    22. Re:So...? by fahrbot-bot · · Score: 1

      Do they know what Quantum means?

      Does it matter? Verizon doesn't. (eg: "FiOS Quantum")

      --
      It must have been something you assimilated. . . .
    23. Re:So...? by FreedomFirstThenPeac · · Score: 1

      Better be a one-time pad that is NOT generated using any pseudo-random number algorithms or you are toast.

      --
      "There is no god but allah" - well, they got it half right.
  2. feh by Black+Parrot · · Score: 2

    "laser based" is irrelevant, except as a way to get the quantum effects.

    And even if those effects are real, I'm guessing that 'quantum' is not able to provide stronger encryption, only to make it easier to *break* encryption.

    Tell your boss to spend the money on a new yacht instead.

    --
    Sheesh, evil *and* a jerk. -- Jade
    1. Re:feh by Freshly+Exhumed · · Score: 1

      "Laser" is just the marketing hook buzzword. It could be replaced in this story with "Cosmic Ray", "Neutrino", etc. as people find ways to get the desired "quantum" properties.

      --
      I deny that I have not avoided attaining the opposite of that which I do not want.
    2. Re:feh by geekoid · · Score: 2

      Tell you boss to hire a quantum encryption consultant.

      Don't mention the consultant happens to be your friend. Charge 225 an hour, split the difference.

      By yourself a yacht.

      --
      The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
    3. Re:feh by master5o1 · · Score: 1

      Quantum is also a a marketing hook buzzword.

      --
      signature is pants
  3. NSA just shat themselves by Anonymous Coward · · Score: 0

    This will never see the market. Prediction.

    1. Re:NSA just shat themselves by Anonymous Coward · · Score: 0

      By 2016 all our mobile devices will be protected using this technology. Prediction.

      Now if I had any faith in my prediction I wouldn't have to post as AC.

  4. False sense of security... by MozeeToby · · Score: 1

    I've not heard any explanation for how such systems prevent a man in the middle attack, I suspect the answer is simply that they don't. Of course, if you were to combine quantum cryptography with more pedestrian forms you might be able to make the claim, but if you're going to do that aren't there easier methods of unbreakable communication?

    1. Re:False sense of security... by Anonymous Coward · · Score: 0

      I've not heard any explanation for how such systems prevent a man in the middle attack, I suspect the answer is simply that they don't.

      Quantum secured transmission prevents eavesdroppers. Well, that's not entirely true either, it makes a very unstable communication situation that will be obviously disrupted in the case of an eavesdropper. While there are other techniques that can be used to make 2-party-only communications, quantum secured methods have the advantage that there is no known way to recreate a photon with the same properties as the one you had to intercept to XOR against that bit that was sent in a clear channel (assuming you even know which property is being used to modify the data feed).

      Any location that the signal is decoded is vulnerable. Always has been, always will be. In practice, quantum secured communications are the modern take on one-time-pad crypto. Send the key by one channel, the data by another, and put the bulk of your effort in making sure that one of those is safe so that the other side is useless even if intercepted.

    2. Re:False sense of security... by MozeeToby · · Score: 0

      While there are other techniques that can be used to make 2-party-only communications, quantum secured methods have the advantage that there is no known way to recreate a photon with the same properties as the one you had to intercept to XOR against that bit that was sent in a clear channel (assuming you even know which property is being used to modify the data feed).

      You don't need to if you're truly a man in the middle, what you need is two setups just like the people you are eavesdropping on. During negotiation, you receive a photon from Alice, you send a different photon on to Bob. When information comes down, you decrypt it with the first photon, read what you want, then re-encrypt it with the second.

    3. Re:False sense of security... by sexconker · · Score: 1

      I've not heard any explanation for how such systems prevent a man in the middle attack, I suspect the answer is simply that they don't.

      Quantum secured transmission prevents eavesdroppers. Well, that's not entirely true either, it makes a very unstable communication situation that will be obviously disrupted in the case of an eavesdropper. While there are other techniques that can be used to make 2-party-only communications, quantum secured methods have the advantage that there is no known way to recreate a photon with the same properties as the one you had to intercept to XOR against that bit that was sent in a clear channel (assuming you even know which property is being used to modify the data feed).

      Any location that the signal is decoded is vulnerable. Always has been, always will be. In practice, quantum secured communications are the modern take on one-time-pad crypto. Send the key by one channel, the data by another, and put the bulk of your effort in making sure that one of those is safe so that the other side is useless even if intercepted.

      Alice sure as hell knew how to create that photon, and Bob either:
      A: Knew what to expect in the message (or meta data) in order to verify that photon was legit.
      B: Didn't actually verify shit.

      If an attacker can't generate a specific photon, they can generate any photon and generate the data the same way Alice did.
      The only way to detect such an attack is to have a timing window so tight that the attacker can't do that. The internet being what it is, and even dedicated fiber links being what they are, this won't work in practice. If you want to be secure you won't be able to communicate reliably. If you want to communicate reliably you'll have to accept reduced security.

      A MITM attack is always possible if you send the key and the message over the line(s). Something has to be transmitted in a secure way before you can use it as a basis for securing further messages.

    4. Re:False sense of security... by suutar · · Score: 1

      http://en.wikipedia.org/wiki/Q... has an explanation of how to do it in such a way that the existence of a person in the middle can be detected. It boils down to "A flips a coin while sending each photon, B flips a coin when receiving each photon, they ignore photons where the coins came up differently, and if the bits where the coins were the same are perturbed by an eavesdropper, messages will be corrupted visibly." Yeah, comparing the coins is out of band, but it doesn't have to be secure because the attacker can't go back and use that information; the photons have flown already. This shows that the _real_ strength of it is that the photon stream the key gets derived from can't be recorded.

    5. Re:False sense of security... by Anonymous Coward · · Score: 0

      You seem to have no idea what quantum encryption actually does and may lack some basic understanding of quantum mechanics itself. You can't clone any given photon in an arbitrary state. Just because someone can make it doesn't mean you can copy it, as for a single photon you can't even measure the full state. You can't send a random state either, because you don't know what set of basis states Bob is going to measure, as the protocol allows for him to chose that himself, with no prior information need to be exchanged.

  5. In before... by scrubed · · Score: 1

    Snowden reveals quantum NSA giant mirror hacking conspiracy.

  6. Not the First by Anonymous Coward · · Score: 0

    Quantum Cryptography, if implemented correctly, does result in essentially unbreakable results. From my memory of the subject (admittedly several years stale), the only manner in which a properly implemented system may be broken requires unreasonable conditions (such as Eve being capable of controlling cosmic rays directed at detectors).

    That said, if the the photon detectors are not of sufficient selectiveness, there is a small amount of tolerance to attack. However, even then, it would be virtually impossible to accomplish reliably outside of a laboratory where one may control all parameters.

    Finally, this system is not the first, as I was aware of systems commercially available over a decade ago. The market, to date, has not been large. That said, with increasing prevalence of information that governments and other entities are acting as Eves, that might change.

  7. stupid claim by bloodhawk · · Score: 0, Troll

    Claiming unbreakable is idiotic and is just an indicator that the people at said company have no imagination. We have no idea what new techniques will be developed over the next year or 2 let alone decades and to make a claim something is unbreakable is just asking to be shot down, look how well the "unbreakable" claim worked for Oracle.

    1. Re:stupid claim by RobotSpider · · Score: 2

      Doesn't have to be unbreakable indefinitely. Only has to be unbreakable until the VC checks clear.

  8. "Unbreakable"? by fustakrakich · · Score: 1

    Then for sure it will declared illegal for the general public.

    --
    “He’s not deformed, he’s just drunk!”
  9. for tl:dr by clovis · · Score: 1

    It's a one-time pad system. OTP systems are theoretically unbreakable. The weakness of OTP systems occurs during the exchange or transmission of the OTP to the recipient.
    They claim that "Any attempt to intercept the exchange of the key causes detectable variations in the quantum states carrying the cryptographic key, alerting both sender and receiver to the attack and allowing them to take mitigating action."

    It appears to me that the catch is that transmissions must remain on the fiber link of their equipment, I.E., in-house.
    Did I understand that correctly?

    1. Re:for tl:dr by Anonymous Coward · · Score: 0

      It does need a single optical/radio path to the destination.
      With moving mirrors, or a robot that switches fibres you could create a network of quantum lines, between multiple entities. This would maintain a single optical path requirement. if we can use QKD on copper lines you could use an old analogue telephone switch, sadly they were all destroyed.

  10. Even if true, not really helpful by joe_frisch · · Score: 1

    It should be possible in theory to create a quantum communication system that can't be tapped in any way. For it to be useful though, there is the issue of cost, reliability, error rate, bandwidth etc.

    Even then if I had an absolutely perfect system - two boxes that magically communicate with each other, I still haven't solved the great majority of data loss issues. Most data loss is not from people breaking strong encryption, it is from weakness in the entire system - from data left for memory scrapers, to people with inappropriate system access, to people who write their passwords on yellow-stickeys.

    Think about it - even the NSA wasn't able to protect their sensitive data.

    There might be cases where this technology would help, but I suspect they are pretty rare .

  11. *NOTHING* is unbreakable by gman003 · · Score: 1, Insightful

    There is no perfectly secure system - there is ALWAYS a way to break it. Even one-time pads, which are mathematically as perfect as the source of random numbers they use, are subject to MITM attacks and to trying to break the random key (the Soviets tried to do this - even atmospheric radio noise isn't completely, 100% unpredictable).

    And that's ignoring the fact that what you want to protect is information - the channel it's transmitted on is not the only place it exists. Is it stored anywhere? Is the storage physically secure? If encrypted on-disk, how secure is the key storage? If it's only in two people's memory, how hard are *they* to bribe? Or break - lead-pipe cryptanalysis is a pretty powerful tool.

    1. Re:*NOTHING* is unbreakable by Anonymous Coward · · Score: 0

      the [people who spent $1B on mind control technology] tried to do this

      FTFY... much less impressive when you write it this way, though.

    2. Re:*NOTHING* is unbreakable by Trachman · · Score: 1

      One-time pads are considered a symmetric encryption and considered as insensitive to MITM. Also one-time pads, if implemented properly, are considered unbreakable because you will be getting a bona fide random text. Not truly random, but theoretically considered unbreakable.

    3. Re:*NOTHING* is unbreakable by LordLimecat · · Score: 4, Informative

      You cannot break the key in a properly implemented OTP. You have no way knowing which of the 8 zillion possible valid plaintexts was actually sent.

      The weaknesses are only:
        * If the OTP repeats-- that is, the key is not the same length as the message. For an unbreakable 2KB OTP message, you need a 16000bit key (2KB).
        * If the OTP is generated deterministically-- it is not random.
        * Key distribution is vulnerable. No matter what method you use, unless it is face to face, the OTP can be "broken" by intercepting the key.
        * Key storage. If anyone captures your OTP booklet or file, you have no security whatsoever.

      If you figure those out, its "perfectly" secure-- but as mentioned it basically requires face-to-face before hand OTP distribution and storing the OTP keys in a physical, airgapped vault.

  12. Silliness by Anonymous Coward · · Score: 0

    The various surveillance systems aren't sniffing data streams and breaking encryption. They are either monitoring unencrypted endpoints OR they are mining the databases with full knowledge of the endpoints.

    Google, Microsoft, Facebook, etc just lets the NSA log into their endpoint systems and gets the data residing there. No crypto needed. The NSA doesn't have magic decryption software.

  13. Snake oil alert. Run away. by jcochran · · Score: 1

    Looking at their web site, I notice a few things. Namely, if you want any specifics, you need to "Inquire" by providing contact information so that their horde of sales representatives can contact you with the information you desire. But for the bit of information you can get without giving them contact information, I quote the following little gem from their web site involving modes of operation.

    Key Expansion

    When very high rates of data encryption are necessary, key expansion can be used in which the QKD key material is expanded through a deterministic random bit generator (DRBG) algorithm to produce the one time pad key. This mode reduces the amount of QKD key material necessary for encryption, yet still provides exceptionally high data confidentiality.

    I find it quite enlightening that they claim that using "Key expansion" that they create a "one time pad". That immediately raises all sorts of red flags since what's created isn't a "one time pad". And the fact that they obviously don't know the actual meaning of that phrase calls into question their competence about cryptography.

     

  14. Old news by Hentes · · Score: 3, Informative

    This is not a new technology, and have been under lab testing for a while now. The problem is that what's theoretically unbreakable isn't that secure in practice. Turns out it's quite hard to distinguish between eavesdropping and noise.

    1. Re:Old news by Anonymous Coward · · Score: 0

      It's not even that - this is a hardware random number generator. It's not even distributing the key - the rest of the system is just conventional classical cryptography. The 'quantum' part of this is just the source of entropy.

  15. So it's a random number generator? by JMZero · · Score: 1

    And, like any random source, you can use it for an unbreakable one time pad. That's cool.

    So I guess the question is "are there problems with current hardware random number generators?", and probably "what are the failure states for this new method, how do they arise, and how hard are they to detect?"

    Regardless of those answers, there's still going to be limited utility for something like this. I don't think a lot of gamers are worried about game randomness not being random enough (which is a ridiculous application suggested in the video).

    --
    Let's not stir that bag of worms...
    1. Re:So it's a random number generator? by Anonymous Coward · · Score: 0

      Yes, it's a random number generator. You can also generate random numbers from measuring the decay of a radioactive isotope, but do you wan't that in your rack mount server. Plexiglass cases and lasers are much cooler.

  16. Helps to know conventional crypto's weaknesses. by hey! · · Score: 1

    Well tested, familiar conventional crypto algorithms are very, very hard to break. With correctly generated keys of sufficient length, they are practically unbreakable for longer than most secrets need to be kept.

    But that doesn't mean *systems* built around those algorithms are unbreakable. It's all that stuff around the strong cryptographic algorithms that introduces weakness.

    So claims of "unbreakable" algorithms or system components don't get me excited. If you want to make me sit up and take notice, claim that your invention makes secure cryptographic systems *simpler*.

    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
    1. Re:Helps to know conventional crypto's weaknesses. by AHuxley · · Score: 1

      The problem for Australia is the lack of dedicated hardened Australian only mil communications networks.
      The mil networks used are telco quality, shared and owned/built by other countries.
      Australia hopes to escape this hardware reality by using secure Australian quantum tech.
      Any network and Australian only data is super safe... from Asia, faith based spies, Russians, GCHQ, NSA, EU...
      Australia faces staff issues with many of its experts been very close to other countries - faith, generations of shared mil work, rapid expansion of new language needs, rushed contractors and other needed experts.
      The issue is really with the backgrounds of cleared staff.

      --
      Domestic spying is now "Benign Information Gathering"
    2. Re:Helps to know conventional crypto's weaknesses. by hey! · · Score: 1

      Although the ties to other countries, the shared work, etc. also describes scholarly research and peer review -- the very things you need to put faith in some kind of cryptographic scheme.

      If you have a problem that you don't know who to trust, a proprietary black box is no solution. Then you're trusting both the box and the person selling it to you.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  17. Unbreakable, for now. by Anonymous Coward · · Score: 0

    Any crypto can be considered 'unbreakable' until someone actually breaks it. This too will be broken, but how long until then, and how expensive the resources to do so.
    Besides, the most consistent way of breaking any crypto is do an end run by 'attacking' the wetware, aka people are your weak link in keeping secrets. If you still don't understand, look up 'Social Engineering'.

  18. It just might be secure. by MobSwatter · · Score: 1

    If they could just do something about that NSA backdoor.

  19. Wrong: Social Hacks Still Work by BoRegardless · · Score: 1

    And so does reading passwords on tape stuck inside of drawers.

  20. "Partly true"? What? by wonkey_monkey · · Score: 3, Insightful

    Unbreakable? That's a strong boast. Is it true? And even if it's only partly true...

    ...then it's false.

    --
    systemd is Roko's Basilisk.
    1. Re:"Partly true"? What? by Anonymous Coward · · Score: 0

      It is both true ad false at the same time, unless it is observed!

    2. Re:"Partly true"? What? by Anonymous Coward · · Score: 0

      Unbreakable? That's a strong boast. Is it true? And even if it's only partly true...

      ...then it's false.

      No, it is true. There are several unbreakable encryption methods, many of them very old. Eg, a properly implemented "one time pad" is 100% unbreakable. The German enigma machine did essentially this, but was not implemented properly. The same "pad" was used multiple times and, if I remember correctly, a few messages in plain text were found allowing the Allies to gain even more information about how the machine worked.

      To me this is just highly manipulative marketing. Apple did something similar to this in some of the older commercial. Apple get talking about how its computers could not get viruses. Well, that is pretty much true, but only if you use the strict computer science definition of virus. Since the vast majority of people how have no formal or diligent informal study/training in CS the general public thinks virus = all malware.

      I agree that there are many unbreakable encryption methods, but so far as I know there are zero 100% secure encryption methods. Encryption become inherently vulnerable, by its very nature, for several reasons:

      1-People design and implement the encryption; human errors are unavoidable
      1a-Since it is made by humans it requires the implicit trust that whoever made the encryption scheme and/or the person you are communicating with is trustworthy and not sabotaging the process
      2-At some point everything must be decrypted, making it a simple matter (relative to breaking the encryption) of capturing the message at this point
      3-Strong encryption, due to the rise in computing power, currently is too complex for humans to do 100% sans computers.
      3a-Computers are not secure and can always be breached by a determined attacker
      4-In the end an entity may torture you for the key

      And probably many more reasons.

  21. You're partly right. by Anonymous Coward · · Score: 0

    Unbreakable? That's a strong boast. Is it true? And even if it's only partly true...

    ...then it's false.

    unless you're only concerned with the true part.

  22. Commercial hype by Tony+Isaac · · Score: 1

    The fact that they even claim it's unbreakable makes it obvious that the claim is just commercial hype.

    Every new encryption technology is unbreakable at first. But with time, somebody always comes up with a way to defeat the system. Always.

    Real researchers are always careful to qualify their claims. For example, they might say that "it is unbreakable by today's processors using known technologies."

  23. bad idea by v1 · · Score: 1

    Don't tell a crowd of nerds that your new product is unbreakable, unless you actually want them to try very, very hard to break it. It's like waving a flag at a bull, you'd better have your pads laced up nice and snug, because you're goin' for a ride.

    --
    I work for the Department of Redundancy Department.
  24. Sarcasm? by Anonymous Coward · · Score: 0

    I can't tell if you're being sarcastic or not. The "eavesdropper" is classically named "Eve".

    1. Re:Sarcasm? by MtlDty · · Score: 1

      I can't tell if you're being sarcastic or not. The "eavesdropper" is classically named "Eve".

      Yes, but the point was that 'Eve' is also known as 'the man in the middle'.
      Maybe she had a sex change.

  25. Nobody "needs" this by gweihir · · Score: 1

    As with all such schemes, this only does the key exchange. You still have conventional crypto in use for the data transfer. And quantum crypto implementations have been broken before, so even if the quantum-mechanic assumptions hold up (and that is a big "if"), this is likely far from "unbreakable". It has a number of severe limitations though, like needing its own network (in addition) and inability to route or switch traffic.

    Basically worthless.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  26. Unbreakable - Til We Find NSA Shill Backdoor by Anonymous Coward · · Score: 0

    Unbreakable, until we find out who was sent, convinced, or co-opted to put the "back door" in the code.

    Sorry if I seem a bit jaded by all this, but I've been watching this surveillance madness since McCarthyism and COINTELPRO: just assume they know anything you send or say to more than three people. Never stop fighting; out think them and we'll out last them.

    Yours,

    Hippie with a Tire Iron

  27. BS by gnu-sucks · · Score: 1

    I call BS. All they are doing is generating noise from a laser. Anyone can do this with a laser and a detector diode. Splitting the beam and subtracting is nothing novel. I did this back in junor high in science class. (Back then a laser was a much bigger deal, but still.)

    His discussion of the ADC is nice, but again, that's standard stuff. Same goes for his TLS talking points.

    These guys are pumping out buzz words faster than their FPGA.

  28. Does this solution cost more than two hard disks? by WaffleMonster · · Score: 1

    Wonder what the value prop for quantum approach v. a few TB hard disks where (:RDRAND:) is used to fill each with the same garbage installed at each peer. A modern HDD is more than enough for years of voice, email, and file transfers all without any fancy lasers, beam splitters or having to part with countless thousands of dollars.

    While in anything resembling a real network with lots of communicating parties the required number of disks quickly become impractical are there any remaining differences worth considering? There is still an initial classic key required on both sides subject to compromise as any deployed hard disk would. If you securely erase data at both peers as randomness is consumed you effectively have your forward secrecy. If hard disks are compromised...well does not the same risk apply to encryption key compromise? If you compromise initial classic keys you can own any future quantum rekey mechanism just the same by operating a MITM proxy.

    Assuming traffic would have to be pretty specific and special to invest your time on quantum crypto vs any number of seemingly fine encryption algorithms providing forward secrecy with no known vulnerabilities ..the potential market has got to be quite small for quantum crypto regardless of whether it works as advertised or not.

  29. Perhaps if you have 70 million peoples credit by ralphaostrander · · Score: 1

    Card numbers you need this.

  30. ID Quantique? by jiadran · · Score: 1

    How is this different from the commercial solution that ID Quantique offers now already for several years?

    http://www.idquantique.com/

  31. Re:Shenanigans by multimediavt · · Score: 0

    Oh, so now we get modded down for calling out concocted stories? Yup, that's about the limit for me. 1. To date there is no working quantum computer that has even been properly validated, so no. 2. Since when do editors post non-submitted content, or content not referencing the submitter? 3. SHENANIGANS!!!

  32. http://al-nqaa.com by hossamagag99 · · Score: 1

    http://al-nqaa.com/