Slashdot Mirror
Swedish Researchers Break 'Unbreakable' Quantum Cryptography (eurekalert.org)
New submitter etnoy writes: Quantum key distribution is supposed to be a perfectly secure method for encrypting information. Even with access to an infinitely fast computer, an attacker cannot eavesdrop on the encrypted channel since it is protected by the laws of quantum mechanics. In recent years, several research groups have developed a new method for quantum key distribution, called "device independence." This is a simple yet effective way to detect intrusion. Now, a group of Swedish researchers question the security of some of these device-independent protocols. They show that it is possible to break the security by faking a violation of the famous Bell inequality. By sending strong pulses of light, they blind the photodetectors at the receiving stations which in turn allows them to extract the secret information sent between Alice and Bob.
The point of quantum crypto is to be able to detect whether someone is eavesdropping on you. Blinding detectors is kind of a tell-tale sign that something is wrong and parties should stop transmitting.
"Quantum key distribution is supposed to be a perfectly secure method for encrypting information. Even with access to an infinitely fast computer, an attacker cannot eavesdrop on the encrypted channel since it is protected by the laws of quantum mechanics. In recent years, several research groups have developed a new method for quantum key distribution, called "device independence." This is a simple yet effective way to detect intrusion. Now, a group of Swedish researchers question the security of some of these device-independent protocols. They show that it is possible to break the security by faking a violation of the famous Bell inequality. By sending strong pulses of light, they blind the photodetectors at the receiving stations which in turn allows them to extract the secret information sent between Alice and Bob."
First of all, quantum key distribution is not a method for encrypting information. As its name judiciously indicates, it is a method to securely exchange encryption keys. This is not the same thing at all.
Second, the speed of the attacker's computer has no role in this attack and quantum key distribution has never claimed a code is unbreakable since there is no code to break here.
Third, quantum key exchange is a protocol, not a cipher. It relies on quantum mechanics features to tell Alice or Bob the just receive key is compromised or not since it is not possible for a man in the middle to observe the key without being noticed. That is the idea behind this mechanism. Once keys are securely exchanged between both parties, a classically encrypted communication can take place between both parties.
Of course, if you are blinding the receiver, it may be possible to tamper with the key, however, the blinded party should notice it has been blinded. The whole thing rests on very low luminosity photons exchange. If the light beam is too strong, it clearly no longer depicted the quantum characteristics needed to secure the key exchange. I don't really see where the problem is here since it is easy to determine the exchange can no longer be trusted due to high luminosity.
And finally, it seems to me this is old news.
Achille Talon
Hop!
Why are people always picking on Alice and Bob? All they want to do is live in peace, but they're thrown into black holes, sucked into whirlpools, and subjected to all sorts of unimaginable things.
When will they figure we are all plying games with them, and they believe they are talking in secret about secrets, secretly.
Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
Too bad FBI director James Comey doesn't read /. He'd see how insecure even the most thuoght to be secure secure things - like backdoors - are and perhaps lose the impulse to make things even less secure and start moving in the other direction.
You know, it's possible that somewhere in the FBI there's one highly capable James Corney who is right now mopping floors in the basement because every time he and James Comey were evaluated by their superiors, personnel mixed up their reviews, owing to an unfortunate choice of fonts on the review forms.
... allows them to extract the secret information sent between Alice and Bob.
See something, say something people ! - geesh.
It must have been something you assimilated. . . .
A few nations do not have a lot of hardened mil only networks. They have to use public telco networks passing into a lot of other nations domestic infrastructure thanks to competition policy and trade deals. :)
The way around having to use very public, foreign owned networks and satellites sourced from many different providers for gov and mil communications was often thought to be emerging quantum cryptography.
Australia is spending huge amounts of time, funding and effort to try and keep the idea of national public/private networks open to its very secure mil and gov communications needs.
An Unbreakable Code (24/08/2006)
http://www.abc.net.au/catalyst...
Real gov and mil networks or risk a new Engima 2.0 on public networks due to cost cutting and really having faith that quantum cryptography was good enough
Domestic spying is now "Benign Information Gathering"
Correct, and this is the same short explanation as I usually give, too. As always, the answer is much more complex (including the fact that we're not dealing with polarization in the Franson interferometer), but it gets the point across.
Quantum hacker.
QKD doees not work if you use a repeater station, unfortunately you need direct line-of sight.
Quantum hacker.
This has a strong smell of déjà vu. Something is secure within a domain of application. Attacker push the system outside of domain of application.
I am almost certain I did read something similar several years ago with quantum crypto and blinded receptor
I just knew Alice was up to something with Bob.
That fucking skank whore...
Left MS Windows for Linux Mint and never looked back!
Vote for Bernie in 2016!
With the available information it is impossible for technical people like those that read SlashDot to make sense of anything. There is either the paper itself, which would require slogging through dozens of other papers to even make sense of it, or there is journalistic fluff that is completely meaningless. When you write for an academic audience in your discipline area you should be terse and obscure. But not for a general but technical audience.
My understanding of Quantum encryption is that two qubits are produced at the same time and one is sent to the encrypter and the other to the decrypter. Detecting them destroys them, defeating Eve the eavesdropper.
More importantly the process of creating these produces random qubits and they cannot be created to a specific pattern. Thus they cannot be regenerated in the same pattern that they were created, making like hard for Mallory the man in the middle.
There still needs to be some sort of digital signature to detect Mallory. But the argument goes that that would need to be broken in real time, and Quantum encryption is all about reading the back traffic.
So which part of that story have you attacked? And leave out the bits about the Frigembroten Sniggens defrobulation principals.
And apparently nobody donated. Your point relevant to this story being...?
Il n'y a pas de Planet B.
Makarov's group attacked the E91 protocol, our paper attacks the Franson system. A significant difference is that we show the Franson system to be insecure even if the device is implemented with perfect devices. Makarovs papers are very well-written and interesting to read. I recommend starting to watch one of his YouTube lectures: https://www.youtube.com/watch?... , it is entertaining, highly interesting and is on a reasonable level for the average ./ reader.
Quantum hacker.
No, it shows that this method of key distribution might be borked, nothing more.
Short logic lesson, your reasoning is indistinguishable in form from: 3 is prime, therefore all numbers are prime.
Or more bluntly: (Ex) P(x) --> (Ax) P(x)
is falsifiable in first-order logic. In English, this is "if there exists some x such that P(x), then for all x it is the case that P(x)."
There is theoretically unbreakable crypto and crypto that is provably hard enough to break as to be unbreakable practically for a long, long time. The quantum-snake-oil "encryption" is neither. First, it has the requirement that some physical models are absolute truth. That would be a first in physics, so far there were always inaccuracies, and circumstances where the theoretical models failed. And second, it relies on a physical, analog implementation being perfect. That is uisually not possible to achieve.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
"Even with access to an infinitely fast computer, an attacker cannot eavesdrop on the encrypted channel since it is protected by the laws of quantum mechanics."
No method of quantum encryption is truly secure. The problem with these methods of quantum encryption is that they take too narrow a view of quantum physics and do not deal with the potential for attackers also using quantum techniques. If your quantum system has more energy and the right configuration it should be possible to break virtually any quantum encryption. - Many or most mathematical encryption methods are also vulnerable to the same methods for the same reasons.. Capture an encrypted source and it inevitably contains an information interference pattern leading to the key, it is merely a matter of devising the right geometry to break the barrier between source and destination.. This is because quantum fields in some models can go faster than light and the FTL geometry represents a point where the quantum system becomes fully deterministic.
The technology to use this is probably still ten to twenty years away though so it is not an immediate concern.. - Might just be possible that some secret military lab in the US can already do it, but very unlikely..
Below the speed of light Special Relativity is one of the most accurate theories in physics - above the speed of light..
I can't speak for Alice, but I'm getting sick and tired of having to do half of the encryption in the world. Most of the time it's just Lorem Ipsum anyway. I do this by moving rocks around in a desert, you know. It's not fun.
Aside from the one-time pad, there is no crypto that is provably hard to break.
All practical decryption is in NP, in that we can verify the correctness of the decryption in polynomial time. Therefore, the most we can say about crypto algorithms is that they may be (but, AIUI, are not provably) NP-complete. This means that they may be efficiently solvable. It seems unlikely, but we can't prove it otherwise. Alternately, we might find other ways to crack a given cipher. Again, it seems unlikely, but is there any proof that certain classes of ciphers require a certain minimum effort?
We're not going to brute-force a 256-bit key with any sort of computer we've managed to think of, if that's what you're thinking, but that's only one way to defeat crypto.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
You are very, very wrong on this. With a good key-schedule and a maximum message size used per key, even the Enigma is provable "hard to break", or rather impossible to break. It requires random keys and something like a maximum of 4k characters encrypted per key (if I remember the numbers right).
Your NP argument completely misses the point in several regards: First, for practical attacks, P is not "efficient". Second, what makes you think you can verify the correctness of decryption in the first place? That is not generally true, unless you only think simplistic toy examples happen in practice. And third, you can get information-theoretical security with quite a few practical set-ups for ciphertext-only attacks.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
True, there is a minimum text length to break ciphers, based on what is known of the cipher and the amount of redundancy in the language. (I don't think you'd have any real difficulty reading that last sentence with vowels omitted, for example, which means the vowels primarily provide redundancy.) A break requires a certain minimum of text.
As far as recognizing plaintext, this is automatic in cases with known plaintext or forced plaintext, and cipher experts want them to resist these attacks as well. As far as ciphertext attacks go, Otherwise, let's assume a 256-bit key used on 64-bit chunks. There are 2^256 possible keys, impossible to enumerate with a maximally efficient quantum computer using only the Solar System's resources. There are 2^64 possible inputs, and they map to 2^64 possible outputs. This means that the key determines the one-to-one mapping of 2^64 possible values to 2^64 possible values. The number of mappings is therefore (2^64)!. You can get an estimate of a factorial that's going to be not too horribly off in orders of magnitude with e^(2^64 * ln(2^64)), definitely in excess of 2^(2^64) mappings, of which we can use 2^256 because that's the number of keys.
If we have no idea what the plaintext will look like, we're stuck here. If we can expect some pattern, like text in a language, or numbers of a certain size, or something like that, we can recognize plaintext with several chunks. Suppose we know it's English text. English has an information content of roughly one bit per character, so let's call it two, so our 64-bit chunk contains 128 bits of information, so the odds that one 2^64 chunk will decipher into recognizable text given a random key is one in 2^57. If we have a few of these chunks, we can establish whether the given key can decipher a certain ciphertext into recognizable plaintext.
P can be efficient. For example, a O(log n) algorithm is in P. P means that, as the NSA piles up computer after computer, or your rival conducting corporate espionage allocates money for a really big AWS bill, the size of the crackable key goes up and up.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes