Slashdot Mirror
Australian Company Claims Laser-Based Quantum Crypto is "Unbreakable" (Video)
The QuintessenceLabs website doesn't mince words when it comes to self-promotion. It boasts that they are "The world’s first company to harness the quantum properties of lasers to herald a new generation of data security." InvestCanberra says, "the defense and security policy and procurement centre of Australia is the natural location for large conglomerate defense and security corporations and specialist cyber security, advanced communications and radar, ICT and surveillance businesses alike," and goes on to list QuintessenceLabs as one of several "locally headquartered companies that have grown into internationally successful organizations."
Here's another statement taken from the company's website: "QuintessenceLabs is the first in the world to exploit a new generation of quantum cryptographic technology which enables unbreakable, secure storage and communication of sensitive information through the generation of an ultra-secure cryptographic key." Unbreakable? That's a strong boast. Is it true? And even if it's only partly true, your upper management may call on you to explain (and possibly implement) laser-based quantum security, so you need to know what it is and how it works -- and whether it's something your company (or your client companies) need.
Here's another statement taken from the company's website: "QuintessenceLabs is the first in the world to exploit a new generation of quantum cryptographic technology which enables unbreakable, secure storage and communication of sensitive information through the generation of an ultra-secure cryptographic key." Unbreakable? That's a strong boast. Is it true? And even if it's only partly true, your upper management may call on you to explain (and possibly implement) laser-based quantum security, so you need to know what it is and how it works -- and whether it's something your company (or your client companies) need.
This is not a new technology, and have been under lab testing for a while now. The problem is that what's theoretically unbreakable isn't that secure in practice. Turns out it's quite hard to distinguish between eavesdropping and noise.
You cannot break the key in a properly implemented OTP. You have no way knowing which of the 8 zillion possible valid plaintexts was actually sent.
The weaknesses are only:
* If the OTP repeats-- that is, the key is not the same length as the message. For an unbreakable 2KB OTP message, you need a 16000bit key (2KB).
* If the OTP is generated deterministically-- it is not random.
* Key distribution is vulnerable. No matter what method you use, unless it is face to face, the OTP can be "broken" by intercepting the key.
* Key storage. If anyone captures your OTP booklet or file, you have no security whatsoever.
If you figure those out, its "perfectly" secure-- but as mentioned it basically requires face-to-face before hand OTP distribution and storing the OTP keys in a physical, airgapped vault.