Quantum Cryptography Ready For Wide Adoption? 125
An anonymous reader points us to an interview with the founder of quantum cryptography pioneer MagiQ Technologies. From the article: "Q: When do you think we'll see service providers offer quantum cryptography services to their end-customers? A: This will happen within one year and we'll see fairly wide adoption within the next three years. We are working with big carriers such as Verizon and AT&T as well as some companies that own fiber networks. The goal is to embed quantum cryptography into the technology infrastructure so it becomes totally transparent to the end-user..." The cost of a pair of MagiQ boxes to implement point-to-point encryption on a 120-km link is $100,000 plus service.
SNAKE OIL! (Score:4, Insightful)
Oh lookie, the amazing thing is - a normal fucking fibre circuit will notice as well.
There is no quantum tech yet.
This is just going to increase our month subscriptions without giving any benefits, we will still use encryption on every required connection and will still have open holes alopng the way (last mile), so who exactly does it benefit?
I suggest any carrier should pay them with money stored in a quantum envelope. You are certain it contained $100,000 before you sealed it up, if its not there now it must have been intefered with.
Cryptography != Security (Score:4, Insightful)
History shows that the weak links in systems employing cryptography is usually some other part of the system. DVD's are an obvious example.
Outside of gov't agencies and the mega-corps that service them, I don't see this taking off like the ipod. The PHB's in the banking world certainly won't understand why this is better than the systems they have now.
I'm sure they could do it. (Score:3, Insightful)
Funny thing is (Score:3, Insightful)
Totally useless (Score:4, Insightful)
It's strictly point-to-point. (Score:5, Insightful)
Can you say "Physical Security"? I knew you could.
Re:SNAKE OIL! (Score:3, Insightful)
What happens if you splice the line and put a repeater in that also reads the data passing through it?
Fiber optics are tappable you know.
You may notice a short downtime...
Re:Cryptography != Security (Score:4, Insightful)
Funny that. When I read the price, my first thought was that this would very possibly explode!
It all comes down to benefits vs. cost. When there are billions of dollars on the line, protecting it with a mere $100,000 seems like chump change. And each $100,000 purchase helps prove a marketplace that will then lower costs.
With every new technology, there's an "adoption curve" where the price drops to a point where it makes sense at high economic levels. So the wealthy and the megacorps adopt the technology because it pays to do so. By doing so, the inventor/developer recoups their initial investments into the technology, and it begins to pay to reduce the price in order to encourage a larger marketplace.
Wash, rinse, repeat, and soon the new technology is available at very affordable prices to average people.
This doesn't happen to *all* technologies. For example, general aviation (EG: light, 1-12 person aircraft) is still pretty firmly entrenched in the ranks of the wealthy, for a variety of reasons. All too few people talk about the "family plane". But even in this case, commercial aviation is very reachable by the average Joe, a la SouthWest airlines.
So, to have perfectly unbreakable encryption over a 120 km link for just $100,000? I think that would get the attention of quite a number of large and middle-sized organizations, banks, and perhaps data warehouses.
Re:SNAKE OIL! (Score:3, Insightful)
Re:Totally useless (Score:3, Insightful)
Re:It's strictly point-to-point. (Score:3, Insightful)
You're argument is incorrect (Score:3, Insightful)
You are correct in pointing out (as most responsible qcrypto people do), that qcrypto needs authentication.
However, your argument doesn't follow
So even if you use QC, you still need to rely on all the classical crypto to make it work. So it is just as good as classical crypto, without routing.
The reason is that:
1) The authentication only needs to be secure for a second or two. I just use it foil a man-in-the-middle-attack or authenticate part of the protocol. So, if I use public key authentication, and the public key is then cracked, no problem, I've already used it to authenticate. The cracked key is now useless to the attacker. So, my attacker may even have a quantum computer, but she would still need more than a few seconds to crack the classical crypto.
2) Authenticating a message uses a very small amount of key (logarithmic), so if I start off with a small key from magicQ, then I can expand it, thus generating an arbitrary large amount of secret key from a tiny "seed". Thus sometimes, qcrypto is called "key expansion".
So, if you want to protect your data against future attacks (who knows how good algorithms and computers will get), or when we start needing to worry about quantum computers, then we will have to switch to quantum crypto-- it is just a matter of time.
As an aside, no responsible qcrypto person would suggest monitoring the fibre as a solution.
Re:SNAKE OIL! (Score:2, Insightful)
Re:Quantum Crypto does not solve anything! (Score:4, Insightful)
It's true that he could then hijack ALL communication channels between Alice and Bob, decrypt messages using one key and then re-encrypt them using the other, but... it would probably be easier just to bribe the people doing the transmitting and receiving to tell him what the messages were. I don't think that most people who are serious about security are claiming that QC is a miricule cure, just that it makes one part of the system much, much more secure.
It might be the case that the benefit is not worth the cost, given that the weakest link tends to be the human element, but this is much different than it being "just as good as classical crypto", or a form of "snake oil".
Re:SNAKE OIL! (Score:3, Insightful)
Re:Quantum Crypto does not solve anything! (Score:2, Insightful)
Re:Quantum Crypto does not solve anything! (Score:3, Insightful)
It's true that he could then hijack ALL communication channels between Alice and Bob, decrypt messages using one key and then re-encrypt them using the othe
I thought this is EXACTLY what a man-in-the-middle attack was. If you have another communication channel that doesn't have an attacker between Alice and Bob, Alice and Bob are always going to figure out that they aren't sharing the same key.
but... it would probably be easier just to bribe the people doing the transmitting and receiving to tell him what the messages were
Well sure.. but it's also easier to do that than crack conventional cryptography. So given this, what advantage does quantum cryptography have?