Researchers Simplify Quantum Cryptography

Stony Stevenson writes "Quantum cryptography, the most secure method of transmitting data, has taken a step closer to mainstream viability with a technique that simplifies the distribution of keys. Researchers at NIST claim that the new 'quantum key distribution' method minimizes the required number of detectors, the most costly components in quantum crypto. Four single-photon detectors are usually required (these cost $20K to $50K each) to send and decode cryptography keys. In the new method, the researchers designed an optical component that reduces the required number of detectors to two. (The article mentions that in later refinements to the published work, they have reduced the requirement to one detector.) The researchers concede that their minimum-detector arrangement cuts transmission rates but point out that the system still works at broadband speeds."

Quantum Post!

[Majik Sheff (930627)]

Either this post is first or it isn't. I won't know until I press submit.

Re:Quantum Post!

[FrYGuY101 (770432)]

Either this post is first or it isn't. I won't know until I press submit.

No fair! You changed the outcome by posting it!

Re:

[mrsteveman1 (1010381)]

Only Bruce Schneier knows for sure

Re:

[calmond (1284812)]

Hey, has anyone seen my cat...

Yay! Saved!

[SEWilco (27983)]

With this simplification, thousands of cats are saved from having to deliver code keys.

Oblig XKCD

[azakem (924479)]

Every time I hear about Alice and Bob, I now think of this [xkcd.com]

Broadband Speeds

[enoz (1181117)]

Describing the rate as "Broadband Speeds" is about as useful as describing the performance of a supercar as "roadworthy" (there's your car analogy).

For reference, in Australia not only does the incumbent Telco consider 256/64kbps to be broadband, but they also describe it as "Fast [bigpond.com]".

Re:

[TubeSteak (669689)]

Describing the rate as "Broadband Speeds" is about as useful as describing the performance of a supercar as "roadworthy" (there's your car analogy).

Quantum cryptography doesn't need to be all that fast.
The whole point is to be able to securely pass an encryption key.
Then you can encrypt and use any method you like for transporting the encrypted data.
Whether it's Australian 'fast', Internet2 fast, or a stationwagon full of Terabyte hard drives fast.

Broadband?

[Tubal-Cain (1289912)]

What speeds are they calling broadband? 200Kbps?

Re:

[spazdor (902907)]

I would mod you funny but I've already posted further up. :(

Not the most secure

[BlueParrot (965239)]

There is only one cryptography scheme with proven secrecy, and that is the one time pad. Even if you assume no errors occur in its implementation, no physicist can guarantee there will never be discovered a way to eavesdrop on transmissions that use Quantum Cryptography. In contrast with the one time pad a Mathematician can more or less prove, at least to the extent you can prove anything at all, that eavesdropping is only possible if the implementation is flawed.

In practice none of this is relevant since the hassles associated with correctly implementing either QC or a OTP are sufficiently large that for most applications they are both inferior to public key cryptography and symmetric ciphers. There are some exceptions, but the only way you could possibly justify describing quantum cryptography as "the most secure way to transmit data" would be by ignoring so many aspects of information security that it will have no relevance to practical applications.

Re:

[Cairnarvon (901868)]

-1 Failed Attempt at Sounding Insightful.
Quantum cryptography schemes are guaranteed to inform both Alice and Bob if their communication is intercepted. That's the entire point, and what has everyone so excited about quantum cryptography in the first place. Secrecy in the sense of undecryptability isn't the point of quantum cryptography (as data isn't even *encrypted* in the classical sense), just certainty that there are no eavesdroppers.
Your post just suggests that you haven't actually read anything about

Re:

[Creepy Crawler (680178)]

Ok. What is an observer?

Or better yet, what would happen if some new device could record without observing?

---Quantum cryptography isn't a cipher. It's a method of transmitting data, which does one specific thing, which is guarantee that you'll be able to tell if people have attempted to eavesdrop. It's not a complete cryptosystem; it's not meant to be. It's meant to be just one component of cryptosystems, and in doing what it does, it's provably secure in the sense that secure is being used here.

Of course

Re:

[Cairnarvon (901868)]

Ok. What is an observer?

Or better yet, what would happen if some new device could record without observing?

I spend most of my time debating creationists, not laypersons who misunderstand quantum physics, but I bet physicists get as tired of shouting "IT DOESN'T WORK LIKE THAT" at people like you as I do at creationists.

It's probably pretty accurate though, but is it accurate to trust?

You'll remember Feynman once compared our understanding of quantum physics to measuring the distance between New York a

Re:

[locofungus (179280)]

Or better yet, what would happen if some new device could record without observing?

"record without observing" doesn't make sense. In the words of Pauli, "That's not right. That's not even wrong." But trying to guess that you mean "observe without affecting in any way".

Then you can violate causality. Give me a device that can "record without observing" and I'll build you a device to communicate faster than the speed of light.

Tim.

Apples and oranges

[Chuck Chunder (21021)]

There is only one cryptography scheme with proven secrecy, and that is the one time pad. Even if you assume no errors occur in its implementation, no physicist can guarantee there will never be discovered a way to eavesdrop on transmissions that use Quantum Cryptography. In contrast with the one time pad a Mathematician can more or less prove, at least to the extent you can prove anything at all, that eavesdropping is only possible if the implementation is flawed.

You are comparing apples with oranges. The b

Re:

[Creepy Crawler (680178)]

---How is your mathemetician going to distribute his one time pad?

A one time pad guarantees perfect secrecy. A QC channel allows secrecy as any "listening" devices become in part with the system, thereby allowing detection.

I do think this is a bit excessive by stating.. Data is always time-dependent. Therefore, we only need protect data for X amount of years.

What combination of encryption technologies can we use to make the data physically hard to crack? We need a multi-tiered encryption setup that uses mul

Re:

[locofungus (179280)]

QC allows you to securely exchange a OTP. And it doesn't depend on using entangled particles at all.

Until Mrs. Tenney becomes sloppy.

[Mateorabi (108522)]

You do realize that QC is just a method of securly distributing a one-time-pad between two endpoints, right? They don't use the photons to send the message data, that gets XORed later and sent via normal channels. So if everyone is wrong about quantum mechanics translates directly to "the OTP implementation is flawed". While OTPs are hard to implement (Where did I put that onionpaper again?) the whole point of developing QC is to get to the point someday where it IS practical/hasslefree to distribute the

... at this level the weakest link

[Fallen Andy (795676)]

is people. Either reusing an OTP or failing to RTFM for the QC equipment. It doesn't really matter that it would take e.g. the NSA longer than the time to the heat death of the universe to "crack" a cipher if $100k in a suitcase can "crack" Alice.

For a really really good look at security, try to track down the earliest black+white TV series of Mission Impossible - (almost no gadgets, lots of neat social engineering).

Andy

Why is this practical?

[Johnno74 (252399)]

I'm all for R&D into pure science, and I'm not bagging the concept of quantum cryptography, but why does this need to be a commercial product?

Is there really anyone out there paranoid enough to need/want this besides various three-letter agencies? Maybe this is proveably secure, we think, but what is more likely - Someone finds a loophole in the very weird world of quantum mechanics that makes quantum cryptography as we know it obsolite, or someone figures out a way to find prime factors of obsenely large numbers in a reasonable time.

This article is about how it may be possible have a quantum crypto setup with a bandwidth of maybe 1024kbps by spending only $20k-$50k on one component to the system. I bet there is a lot of other components.
Compare this with a basic commodity PC, which can could encrypt 1024kbps using AES with ridiculous ease.

Re:

[mrcaseyj (902945)]

I was thinking that it would be foolhardy to trust that some discovery in quantum physics would not render quantum cryptography insecure. But then I realized two things. First, you can always just use QC to wrap conventional cryptography so you get the security of both. Second, conventional cryptography can be eavesdropped on and recorded to be broken someday when weaknesses or more computational power is available. With QC your communications can't even be recorded for future breaking until some new physic

Re:

[Chuck Chunder (21021)]

but what is more likely - Someone finds a loophole in the very weird world of quantum mechanics that makes quantum cryptography as we know it obsolite, or someone figures out a way to find prime factors of obsenely large numbers in a reasonable time.

Given that we don't know it makes sense to have both.

Advances in quantum computing may make the factoring problem an easy one.

Of course the commercial applications are rather niche right now and cost is no small part of that, but how many things often start that

Thanks to this new breakthrough...

[Ihmhi (1206036)]

...quantum cryptography now requires 30% less cats and 46% fewer radioactive isotopes.

Re:

[by Anonymous Coward]

It is impossible to crack because there is no way to decode it without the right key. Algorithms like RSA or DES can be brute forced with enough horse power, for instance, when the quantum computer is invented it could make short work of them. Quantum cryptology will be the only defense.

Re:

[khellendros1984 (792761)]

From what I understand, quantum computing will basically allow the equivalent of massively parallel computation, so you can find the key that solves the message easily. In RSA, it means that it could factor the large prime numbers that make up the public key, and mathematically generate the private key from those.

Re:what's the big deal

[arotenbe (1203922)]

"Conventional" encryption algorithms can be brute forced even without the correct key - it will just take a really long time. As I understand it, the point of quantum cryptography is that it is completely impossible to break, because the transmission would be scrambled the moment someone tries to tap the connection.

Don't expect the above to be completely correct, though - I'm hardly a cryptography expert (which doesn't stop me from putting a reference in my sig [wikipedia.org]).

Re:what's the big deal

[BadAnalogyGuy (945258)]

The big deal is that the cracking time for non-quantum algorithms reduces to O(n) for length n keys. OTOH, for quantum encryption, the cracking time minimum threshold is O(n^n) for length n keys. Hyperbolically, the linear analog is also true in that with quantum decryption, it is possible to crack non-quantum algorithms in O(n) time (again for length n keys), but quantum algorithms require O(n^n) to decrypt. Note that without the correct key, the quantum algorithm requires O(n^n) regardless of whether the cracker is employing spherical numerical analysis techniques or advanced quantum distribution array matrices.

The fact of the matter is that quantum encryption provides much greater security than standard algorithmic encryption.

Re:what's the big deal

[by Anonymous Coward]

You also failed to mention that it is impossible to eavesdrop on the communication of the keys. This is probably the most important part because it can make one time pad encryption useful on computer networks. Without quantum cryptography, your one time pad is only as safe as how you send it (RSA encryption, chaos encryption, snail mail). Additionally, quantum cryptography can't be reverse engineered to find the algorithm for your one time pad.

This is all nice, but it is going to be tricky to implement it in the future. How do you send a photon from one computer to another a long distance away without using repeaters or branches? It will be a little tricky. Would this require a fiber optic connection between every computer that wants to communicate with quantum encryption? Or can you adjust the medium so that photons are transmitted and branched undisturbed?

Re:what's the big deal

[mapsjanhere (1130359)]

People are mixing up two different things here - quantum transmission, the one you can't read unnoticed, and encryption/decryption using quantum computers and algorithms.
The first one has been demonstrated, and works over limited distances.
The second is an "advanced concept", right next to fusion reactors.

Mod parent up

[bh_doc (930270)]

I was just discussing entanglement swapping with my supervisor the other day, actually. Neat concept. Roughly, person A has two entangled photons, A1 and A2. Person B has similar, B1 and B2. They both send their 1 photons to C. C entangles A1 and B1 and because of this, A2 and B2 are now entangled. This can then be used to generate a bit of a key.

We were actually discussing it in the context of producing entanglement between ions (good for storage/memory) and photons (good for transmission), since in the

Re:

[SeekerDarksteel (896422)]

Plus with quantum encryption you can utilize lunar wainshafts to feed the unilatral phase dectractors and Karnot-Graham meters.

...

Re:

[spazdor (902907)]

spherical numerical analysis techniques or advanced quantum distribution array matrices.

I was with you up until about there. It occurs to me that there are any number of mathematical terms that could be combined at random to induce the same effect in me, and I wonder if this is true of all the people who modded you up.

I think i'm just gonna take your word for it. :)

Re:what's the big deal

[MrMr (219533)]

It's not so hard, let me explain:
spherical numerical analysis techniques: That is standard maths; If you need to compute something involving for instance a cow, you start with "Assume a spherical cow with radius R".
advanced quantum distribution array matrices: That just your normal quantum distribution array matrices but with the new icons and toolbar.

Re:

[gweihir (88907)]

The fact of the matter is that quantum encryption provides much greater security than standard algorithmic encryption.

In your dreams. No quantum computer exists that can break encryption used today by a very, very large margin. It seems doubtful whether researchers can get beyond a few bits at all, let alone scale up to a few thousands. Presently this is all hype to get research money. There have been much more similar things that failed and only very few that deliverd on their claims.

Re:what's the big deal

[Inf0phreak (627499)]

I think you've misunderstood something. "Quantum encryption" is something of a misnomer. It's actually a physical process that can be used by Alice and Bob to establish a commonly shared secret that is random (and unknown to even Alice and Bob before the process starts). This secret is then typically used as a one-time pad [wikipedia.org].

Re:

[menace3society (768451)]

Here's something I've never understood. Alice prepares a one-time pad and sends it along using this quantum dealie. Eve intercepts it. Now supposedly this thing changes every time someone observes it, but could Eve just generate a new one based on the data she acquired? Alice created one 'from scratch', why can't Eve?

Re:

[Firehed (942385)]

Presumably because the one-time pad is your decryption key. Encryption wouldn't be especially useful if you could just put in a password (not "the" password, but "a" password) and unlock the secrets, would it?

That's my best guess, I've never really understood the theory either. It IS quantum physics, after all.

Re:what's the big deal

[SeekerDarksteel (896422)]

The reason Eve can't just generate a new pad is because there are two methods of generating a photon and two methods of measuring a photon. Each method of generating a photon has a matched way of measuring it. If you use the matched measurement method you correctly get the bit Alice sent. If you use the incorrect method you get a random 0 or 1 no matter what bit Alice sent. Eve (and Bob too) has no way of telling which method Alice used. In quantum key distribution, after sending the photons, Alice would contact Bob over a different channel. They would tell which method they used, and if they used matching methods keep that bit. If they used different methods they would throw out the bit. If Eve regenerated the bits, she could not have used the same methods as Alice since she doesnt know which methods were used. So Alice and Bob's keys won't match up which will result in any information passed between them to be undecodable and they will know someone eavesdropped.

Quantum Key Distribution is, in its most naive form, still vulnerable to man in the middle attacks. It makes it a little more difficult because you must be able to intercept information on two different channels (the quantum channel and the classical electronic channel), but it is still doable. (There are, however, cryptographic methods of detecting man in the middle attacks, but thats a subject for another time).

Re:

[Urkki (668283)]

This is how I understand it: In normal cryptography, you have to worry about "the man in the middle" intercepting the message and then cracking it at their leisure. In quantum crypto, "the man in the middle" can't do this. They need the keys beforehand to even record the message. And another thing is, they can't just eavesdrop passively, they must do actual "man in the middle", ie. intercept the message and re-send it in real time.

Somebody correct me if I'm badly mistaken...

Re:

[locofungus (179280)]

Here's something I've never understood. Alice prepares a one-time pad and sends it along using this quantum dealie. Eve intercepts it. Now supposedly this thing changes every time someone observes it, but could Eve just generate a new one based on the data she acquired? Alice created one 'from scratch', why can't Eve?

Lookup quantum cloning and the "no cloning theorem".

But basically (and this is a naive implementation that won't actually work), Alice transmits to Bob using linearly polarized photons. Now, if

Re:

[locofungus (179280)]

Grrr. < needed :-(

Here's something I've never understood. Alice prepares a one-time pad and sends it along using this quantum dealie. Eve intercepts it. Now supposedly this thing changes every time someone observes it, but could Eve just generate a new one based on the data she acquired? Alice created one 'from scratch', why can't Eve?

Lookup quantum cloning and the "no cloning theorem".

But basically (and this is a naive implementation that won't actually work), Alice transmits to Bob using linearly p

Re:

[ILuvRamen (1026668)]

yeah, so it's completely random and comes out of nowhere. But a gigantic equation based on an exact millisecond on the computer's clock might as well have come from nowhere too cuz nobody can record or measure that. But the next couple replies actually make sense (almost) about how it prevents eavesdropping. I still don't buy the completely made up, cat in a box, quantum flux until someone "measures it" even though measures it doesn't make sense in the tradition sense and is unproven in the absolute mole

Re:

[locofungus (179280)]

You don't transmit the message using QC, you transmit a OTP. So if Eve does intercept it then all she gets is a bunch of random bits, Alice and Bob detect the interception, throw the OTP away and start again.

The best that Eve can do is a DOS attack.

Tim.

Impossible to eavesdrop, otherwise, a big yawn

[Mathinker (909784)]

The sexy part is that if there is a third party who tries to eavesdrop, the attempt will both fail and can be detected by the two communicating parties, and that the security of quantum cryptography has nothing to do with the lack of ability to factor large numbers, but is instead based on physical principles (quantum mechanics). Of course, the sensitivity to eavesdropping means that the system is probably vulnerable to a denial of service attack, depending on how the two communicating parties relate to eavesdropping.

Otherwise, you are perfectly correct. Many cryptographers, including Bruce Schneier, believe that quantum cryptography is a solution to the wrong problem. Nowadays, most probably, the least secure part of your communication system isn't in your key distribution scheme, but is somewhere else --- like in social engineering, or the computer systems which deal with the decrypted cleartext.

Re:

[gweihir (88907)]

There is an even bigger problem with quantum ''encryption'': The pysical models are only ever exact to some degree. It is quite possible that some minor, not yet discoverd, effect exists that completely breaks security. If you really want to be secure, definitely stick to the stuff we understand.

Not much

[Mathinker (909784)]

From Wikipedia:

Quantum encryption technology provided by the Swiss company Id Quantique was used in the Swiss canton (state) of Geneva to transmit ballot results to the capitol in the national election occurring on Oct. 21, 2007.[8]

In 2004, the world's first bank transfer using quantum cryptography was carried in Vienna. An important cheque, which needed absolute security, was transmitted from the Mayor of the city to an Austrian bank.[9]

Both of these look like special uses set up for publicity by vendors.

Re:

[gweihir (88907)]

Both of these look like special uses set up for publicity by vendors.

They are. Nobody competent would use quantum techniques for things that really need to be secure. The physics is not that well established, for one thing, leading to an unknown risks. Sure, the properties look nice, but when was the last time a fundamental physical theory turned out to be not quite accurate? Yes, that is true, when the current theory replaced the last one. That has happened so far to every theory except the respective curr

Re:

[BlockedThreads (870266)]

It's a summertime Northern Hemisphere and a wintertime Southern Hemisphere. Slice the world the other way and its daytime in one hemisphere and nighttime in the other. And its always dark down here in my parents' basement.

Re:

[spazdor (902907)]

Whoa boy, you are right about that.