Scientific American on Quantum Encryption

prostoalex writes "Scientific American claims that advances in commercially available quantum encryption might obsolete the existing factorization-based solutions: "The National Security Agency or one of the Federal Reserve banks can now buy a quantum-cryptographic system from two small companies - and more products are on the way. This new method of encryption represents the first major commercial implementation for what has become known as quantum information science, which blends quantum mechanics and information theory. The ultimate technology to emerge from the field may be a quantum computer so powerful that the only way to protect against its prodigious code-breaking capability may be to deploy quantum-cryptographic techniques.""

Whole Article, One page

[chadw17]

The printer-friendly version puts it all on one nice and image free page.
Article here [sciam.com]

Re:Uhh...

[k98sven]

Because you could implement Shor's factorization algorithm [senko-corp.co.jp].

Re:Uhh...

[Dr. Weird]

Encryption, as it stands now (the classical kind), relies on an asymmetric computational task. For example, it is much easier to check that the a list of numbers are the factors of another number than it is to factorize the number. In fact, the latter is, to the best of current computer science knowledge, exponentially slower than the first.

Quantum computing provides an algorithm (Shor's), utilizing quantum mechanical manipulations, which factors numbers exponentially faster. Thus, factoring and checking factors takes the same amount of time.

This leads to the undesirable conclusion that encryption and decryption (by an intercepting 3rd party) of a signal take the same amount of time (up to a polynomial equivalence). In other words, the encryption is breakable, since the interceptor need only invest roughly the same amount of computational effort as the sender in order to crack the message.

That is why the creation of a quantum computer would "obsolete" present encryption. The point of quantum encryption is that it is not vulnerable to such attacks.

Re:Uhh...

[Omniscientist]

Well with current encryption methods you usually have a public key and a secure key. Let's say I give everyone here my public key. Well then everyone can encrypt me messages, but only I can decode it with my secure key. However within that public keys lies the secrets of the secure key, but it would take an extremely long time to break the public key cipher. With quantum computing, which can perform really hard factorizations quickly, it would make the whole many current cryptographic schemes obsolete, because it would be so easy to crack the public key. Therefore the only solution to this is the introduction of quantum cryptography, which would theoretically be able to avoid being cracked easily, RTFA for more.

TFA is quite ..umm.. cryptic

[Gopal.V]

Eventhough it looks as if it has been written for a layman , the article is quite cryptic (and IMHO nothing new).

If someone tries to intercept this stream of photons--call her Eve--she cannot measure both modes, thanks to Heisenberg. If she makes the measurements in the wrong mode, even if she resends the bits to Bob in the same way she measured them, she will inevitably introduce errors. Alice and Bob can detect the presence of the eavesdropper by comparing selected bits and checking for errors.

Ok, if you use a single photon to send the information , it cannot be eavesdropped. But in the current networks it'll only go around a couple of meteres at Max and you can't use an amplifier/repeater with this. So really, how are we going to use this in real life ?. The concept has been there for decades now - ie an OTP created with entropy drawn from the quantum uncertainity rather than just psuedo random codes.

The real advantage of using entangled photons would be in sending information faster than light. [ucr.edu] Entangled Photons in Computers [sciencedaily.com] actually might solve all the copper issues in speed we're having in chip DIE size vs clock speed (as in how to get a signal from one end of the chip to the other in a single clock signal).

That's not what the Uncertainty Principle says

[Anonymous Coward]

If someone tries to intercept this stream of photons--call her Eve--she cannot measure both modes, thanks to Heisenberg.

That's wrong. The Uncertainty Principle merely states that an observer cannot measure both position and momentum with arbitrary precision.

Quantum Encryption is Not Encryption

[Uhlek]

Quantum encryption is a misnomer, it should be called (and is, in some circles) quantum key distribution. It's all about how the key is transmitted, not how the data is secured. The encryption method is independant of how the key is distributed. Contrary to popular belief, it typically cannot be a one-time pad, since the bandwidth on the "key" channel is very limited due to the exact nature of the transmission. It can be, though, a constantly shifting AES key, or other type of data, making the datastream as a whole effectively unbreakable.

The problem lies in that you have to have a single, unbroken fiber optic connection between the two points, and this fiber optic connection is very limited in the amount of loss that it can withstand. That means you're geographically limited on how far the circuit might be able to travel. You're looking at a few hundred kilometers, at the absolute maximum.

Considering the amount of money you'd spend on putting the circuit in place versus the amount of money you'd lose if the data was compromised, it's very unlikely that anyone, anywhere will have a practical use for QKD/QE. Government and defense, maybe, but then only in very limited applications.

There is a chance that, should quantum computing become a reality and modern encryption algorithms can suddenly be cracked very, very easily that this method may see some use, and by no means is development a waste of time and effort. But, QC is still very much in the early stages, if a working system is ever developed at all.

Thta being said, PKI and courier delivery of key material will continue to be the order of the day for quite some time.

I don't know if I can make this clear, but I'll

[whimsy]

give it a shot.

Particles that are treated best by quantum theory (such as photons, here) exhibit quantum states. Just think of them as metainformation about the particle, which is accurate to a first approximation and appropriate for this explanation. In this case, the light is polarized, which dictates some of its quantum metainformation.

The Heisenberg principle, which you've probably heard about, says that you cannot know the position and momentum of a particle exactly, simultaneously. You can know one or the other exactly, you can know both with noninfinitesimal error, but you can't know both. For big, heavy things, like macroscopic objects, the uncertainty is so small as to be irrelevant.

The quantum weirdness which results is as follows: an unobserved object simultaneously exists in a linear combination of multiple quantum states. That is, it exists as

(x*A+y*B+z*C)/(x+y+z)

Where A,B,C are quantum states and x,y,z are relative probabilities. If they add to 1, the x+y+z term falls out.

This is where schrodinger's cat. If you wait exactly long enough that the probability of the cat dying is 50%, the cat is exactly equal parts dead and alive. It's accurate, but I think it's confusing because it confuses the fact that quantum states really only apply to very small things, except in isolated cases like this.

Where the unbreakability of quantum encryption comes in is the observer. If you open the box, the cat is no longer both, it's just dead or alive. If you look at the photon, it's A,B, or C. You have destroyed the metainformation contained in the photon, because up until when you observed it, it was x parts A, y parts B, and z parts C.

This is unavoidable and fundamental to quantum mechanics.

For quantum encryption/communication not to work this way, we have to be wrong about quantum mechanics, and the fact that it's just so WEIRD is part of the reason I suspect it will work. It's so counterintuitive people have verified this many times.

Re:Ridiculously overblown

[OzRoy]

Classical methods are not just as good.

Any public-private key encryption can be broken through brute force. What keeps them secure is that most of the time it takes a long time to break them.

With the development of quantum computers (which some people believe can be done within the next 20 years) it will only take a few seconds to break ANY public/private key encrypted message.

A message sent using quantum encryption cannot be broken by brute force.

Re:Uhh...

[Anonymous Coward]

But, as usual, the media hypes this too much. Presently only two useful algorithms for quantum computers are known. A search in an unordered set, which runs as sqrt(N) (as compared to N for traditional computers), and Shor's algorithm for factoring numbers. The most widely used public key cryptography (RSA) is based on the difficulty of factoring numbers, but it would not be technically difficult to replace it with another asymmetric scheme, e.g. based on elliptic functions. No quantum algorithms are known which obsoletes this.

Re:That's not what the Uncertainty Principle says

[jericho4.0]

Actually, it's more general than that, and applies to other mesurables (noncommuting observables) of a quantum mechanical system. In this case, spin.

Re:Baloney.

[imagin8or]

In the world of cryptography, there is no greater problem than key distribution. If I have a bank, and I want a secure connection to the head office, I need a big enough one-time pad to cover all the transactions for, say, a month. This is nigh-on impossible, as the amount of data is too huge. It also creates a huge weak point in the whole operation in allowing someone to infiltrate the courier, block deliveries, copy the data, etc. Public key cryptography (mainly via RSA) was the answer to that problem. A public server can hold people's public keys, and only the intended recipient can read messages encrypted with them. So now, RSA is used to encrypt the key for a symmetric cryptosystem which is subsequently used. Quantum computing, however, breaks that security by making the private key available from knowing only the public key. Sure, the devices are not that big yet, but people like those I work for are working on scaleable technology that will put large devices within reach. Sure, for most people, it's not an issue. Only people with million-dollar quantum computers could break their encryption and steal their credit card data. But governments still need secure communication, and banks still need to secure their transactions. So for those with a serious need, there is Quantum Key Distribution, as outlined in the article. QKD is not 'breakable' in any sense. You cannot only intercept the classical communication channel and somehow obtain the original data. The only possible attacks are based on good access to the fibre used for the quantum key. Some of us can see methods of intercepting the key with various degrees of success if you can get to the fibre. The easier ones rely on non-ideal implementation of the method - multi-photon bursts, polarisation dependent fibre, insensitivity to mode biasing. Oh, and the traditional piggy-in-the-middle trick is (and always will be) entirely undetectable.

Re:I don't know if I can make this clear, but I'll

[Anonymous Coward]

Student of Murray Gell-Mann (sp? I always forget) quite a few years back. Never did finish my post doc in QCD, the money back in 96 to get into computers was way too good to pass up.

The problem is that everyone wants to turn this cat into a magical cat that is 50% dead. The problem is that the cat is being observed ALL THE TIME. The particles of the cat are "observed" (what a terrible choice of words) by other particles interacting with it. This is why the cat exists at all.

If you were to try to claim that the cat is 50% dead in the box, I could just as easily claim that it is 50% not even in the box. Until you open the box, you would not know whether or not it was in there.

But particles are not cats. Cats are made up of particles. Particles interact with each other. When two particles interact, they "observe" each other (for the most part, there are exceptions that are too complicated to go into in such a small space ;-) . So because of this, there is no point at which a particle is in a nether state. It either exists or it doesn't exist. It either has some property or it doesn't have some property.

The thing that is difficult to understand is that although the particle has been observed, it does not cease to exist until its energy has been transferred to another particle (entropy) and it retains its waveform despite having been "observed".

When a particle "blinks out", its energy and momentum (and other properties like spin, etc) are preserved such that if the particle "blinks in" again it will retain those properties. However, from the time it blinked out until the time it blinked in, it ceased to exist in our observable universe. This gives rise to the theory that the particle entered another dimension which allows it to retain those properties without having to exist in this dimensional existence. Very heady stuff (or as we sometimes say here at /., "Very space opera")

So either you can stick with your elementary physics and remain befuddled, by confusing the probability of an event happening with the actual event happening, or you can accept that just because a probability is given does not mean that something must fulfill the percentages of the probability in and of itself.

Easy explination of Quantum Encryption....

[tonywestonuk]

Alice sends Bob a stream of photons. Each photon that is sent, Alice encodes a state of '1' or '0' on each photon.

Unfortunately, Due to Quantum Mechanics, Bob only has a 50% chance of actually reading the state of the photon. 50% of the time he gets '0' or '1', and 50% of the time he gets 'Unknown', and the photon is destroyed..
This is ok, because after receiving 1 million bits, Bob phones up Alice on an unsecured line and says I managed to read photon numbers 5,6,9,12,13,16....(+ approx 500,000 more), so I will use the state of these photons as a one time pad. Alice looks up the states she sent these photons, and now both parties have a one time pad to encrypt data.

Now, lets say there was an intruder attempting to intercept the key exchange. The intruder is also constrained QM, and can only read 50% of the photons, with the other 50% Destroyed. Because, the 50% of photons the intruder would receive, would be different to the 50% bob had read, it is impossible for the hacker to use the information sent using by bob to Alice, via the unsecured phone call, to build an equivalent one time pad.

Also, as the intruder is only able to forward a exact copy of just 50% of the photons to Bob, with the other 50%, now destroyed. He could replace this 50% of photons with his own set of random state photons, but this will be detected by Bob and Alice, as the one time pads would be different on this 50%, and the transmitted data using the pads would be corrupted.

Re:Uhh...

[Anonymous Coward]

The point with a quantum computer is as follows. Overly simplified.

If you have a quantum byte, i.e. 8 quantum bits, you can load it with 256 different integers simultaneously. You can do a single computation on the byte, and this computation is done simultaneously on all the 256 integers. This can easily be emulated, with 256 computers, as you suggest.

But, if you have a quantum computer with 256 quantum bits, you can do computations simultaneously on 2**256 integers. That's not easy to emulate with classical computers because we don't have enough of them.

The main problem with constructing algorithms for quantum computers is to read the result. When you read the 256-bits you only get a single number among the 2**256 which are stored there. Each of 2**256 integers has a probability associated with it, what you read is governed by this probability. Once you read, the state of the computer collapses to what you read, all the other information is lost.

Shor's algorithm solves this by ensuring that the result is periodic, the period being the solution to the problem. It then performs a Fourier transform on the state. Then reads it and gets the period with high probability.

Re:Uhh...

[maxwell demon]

An n qubit computer is a general 2^n state quantum system. Now emulating an N state quantum system means manipulating vectors of N complex numbers.

Let's try an example: Let's assume that we need only as much precision that we can use a fixed point numer format with a size of one byte. Then a complex number will need 2 bytes, and the vector to just store the quantum state of an n-bit quantum computer will therefore need 2^(n+1) bytes.

According to Wikipedia, there are 6*10^79 atoms in the universe (taking the upper limit of the range given there). That's about 2^265. Now assume we would build a classical computer which stores one (classical) bit in every atom of the whole universe, then our universe-sized classical computer would have 2^262 Bytes of memory. This would be just enough to emulate a quantum computer with only 261 qubits. Now, take a key length of more than 261 bits, and you are completely safe from that universe-sized classical computer.

But not only the memory requirements scale exponentially, also the calculation time does. Given that the simple brute-force algorithm for factorization also has exponential time, I guess that bute-force would probably consistently beat an emulated quantum computer.

However, if someone built a real quantum computer with 261 qubits, he'd just need 261 atoms for storing the state (assuming 1 qubit/atom), and the calculation time would be far from exponential.

Re:TFA is quite ..umm.. cryptic

[timbos]

Ok, if you use a single photon to send the information , it cannot be eavesdropped. But in the current networks it'll only go around a couple of meteres at Max and you can't use an amplifier/repeater with this.

Not so. My girlfriend [hw.ac.uk] is working on this. They have managed to send keys at large data-rates over conventional networks up to a distance of several tens of kilometers. In fibre networks, this distance approaches the pitch of the amplifiers.

You are right about not being able to amplify the signal though.

Re:TFA is quite ..umm.. cryptic

[OzRoy]

Quantum entanglment cannot be used to send information faster than light, as explained here [cornell.edu]