Scientists Make Quantum Encryption Breakthrough 156
Madas writes "Scientists working in Cambridge have managed to make quantum encryption completely secure (registration required) by
putting decoy pulses in the key transmission stream. According to the story this paves the way for safe, encrypted high-speed data links. Could this allow completely private transmission of data away from snooping eyes and ears? Or will it mean film studios can stop movies from being copied when traveling on the internet?"
it is an intrusion detection breakthorough (Score:2, Informative)
Full Text (Score:5, Informative)
Working at Toshiba Research Europe in Cambridge, scientists found that laser diodes used to transmit keys used to encrypt data, known as Quantum Key Distribution (QKD), sometimes transmitted more than one photon at a time. Quantum encryption works by transmitting key data as a stream of single photons.
Should an eavesdropper try to intercept the transmission, monitoring a single photon would change the state of that photon, and this would make both ends of the transmission aware that the data had been eavesdropped. However, the laser diodes can sometimes transmit more than one photon and so a hacker could monitor the second photon, leaving the first photon unchanged and this would not alert anyone that the key transmission had been compromised.
But scientists have now added decoy photons to the key data. When an eavesdropper now tries to monitor extra photons, they will also monitor the decoy photons. Scientists said these decoy photons or "decoy pulses" are weaker on average and so very rarely contain two or more photons.
If an eavesdropper attempts a pulse-splitting attack, they will transmit a lower fraction of these decoy pulses than signal pulses. By monitoring the transmission of the decoy and signal pulses separately this type of intervention can be detected, according to scientists.
By introducing decoy pulses, the researcher found that stronger laser pulses could be used securely, increasing the rate at which keys may be sent. By using this method keys could be transmitted securely over a 25km fibre to an average bit rate of 5.5kbits/sec, a hundred-fold increase on previous efforts.
"Using these new methods for QKD we can distribute many more secret keys per second, while at the same time guaranteeing the unconditional security of each," said Dr Andrew Shields, Quantum Information group leader at Toshiba Research Europe. "This enables QKD to be used for a number of important applications such as encryption of high bandwidth data links."
The researchers also discovered a second method to push bit-rates even higher for QKD. The scientists have created the first semiconductor diode that can be controlled with electrical signal input to emit only single photons at a wavelength compatible with optical fibres. This 'single photon source' method eliminates the problem of multi-photon pulses altogether, claimed the research.
The single photon diode has a structure similar to an ordinary semiconductor light emitting diode (LED), but measures just 45 nm in diameter and 10 nm in height. The dot can hold only a few electrons and so can only ever emit one photon at a time at the selected wavelength. The source operates with only electrical signals, which is essential for practical applications such as QKD. Initial trials with the new device, reported recently in the scientific journal Applied Physics Letters, showed the multi-photon rate from the device to be fives times lower than that of a laser diode of the same intensity.
Mod parent up - it's easy to steal from servers... (Score:3, Informative)
This is the same reason why many, if not most, "SSL-protected" or "SSH-protected" servers are really sitting ducks: interesting data is still sitting in the clear on the endpoint servers' hard drives. (And don't get me started about "AUTH TLS" email forwarding...)
Re:Stop piracy? (Score:3, Informative)
ahem (Score:3, Informative)
Point to point (Score:5, Informative)
Re:ahem (Score:5, Informative)
Public key encryption is, in practice, used pretty much the same way as well. Public key algorithms are generally used as part of a secure key exchange protocol rather than encrypting a message as directly.
The drawbacks others haven't mentioned (Score:5, Informative)
There's also the limit of 5.5 kbps, though that might be improved.
The issue that should have killed this idea ten years ago when Shamir pointed it out is that an attacker who has spliced the fiber can read the polarizer without ever looking at a single one of the transmitted photons.
Send the $#$@! key material by bonded courier in a tamper-evident package if it's that important. If for some reason that's not enough then split (e.g. Blakely-Shamir) the key material into shares, send each separately, and recombine when needed.
Re:ahem (Score:3, Informative)
The problem with popular public key algorithms is that they are based on the assumption that the opponent doesn't have enough computationnal power in order to break it in a reasonnable amount of time, or he doesn't know a polynomial determinist algorithm to do so.
The big advantage of using quantum key distribution is that it will (ideally) ensure that the cryptographic key you get has not been sniffed, and that you can securely exchange a key which is long enough in order to use a one time pad (which is an unconditionnaly secure way of encrypting a message).
Re:ahem (Score:3, Informative)
Good random numbers are easy to obtain. There are any number of physical phenomena whose randomness is quantum in origin and therefore unpredictable. Just use one of them in a heavily-shielded room to ensure that none of your data leaks and you're golden.
The hard part of using OTPs isn't generating the pads, it's transmitting and storing them securely. QC addresses secure transmission (though you still have to take care to avoid MITM attacks).
Re:Stop piracy? (Score:3, Informative)
And the only thing you need to transfer the signal is apparently an uninterrupted fibre-optic line.
But this is basically Google and Wikipedia speaking, so I'm waiting for a real expert to correct me on this.
Quantum cryptography and man-in-the-middle (Score:1, Informative)
Re:Stop piracy? (Score:3, Informative)
Re:They're different things (Score:3, Informative)
The problem w/ QC is having enough entangled qubits to get up to useful capacity..and its an insanely difficult engineering challenge.
http://en.wikipedia.org/wiki/Quantum_computing [wikipedia.org] is a good intro to QC.
While I agree that VC's will hype anything, your post is FUD crossed witha bit of 'get off my lawn, young whippersnappers'; its also clear that you didn't spend 5 minutes researching QC before you held forth on it. Yes, it will be specialized and won't replace normal digital computers.
Don't take this personally, but the fact that I can find complete nonsense at 5 insightful is one of the reasons that I don't read slashdot comments much; there is rarely a more misleading source of information available.
Re:ahem (Score:2, Informative)
Alice sends a stream of photons to Bob with random linear and circular polarisation. Call the string of bits represented by the linear polarisation 'a' - up is 1 and down is 0. The string represented by the circular polarisation we'll call 'b' - clockwise is 1 and anticlockwise is 0.
Once Bob has received all the photons he tells Alice and she publicly announces all the bits of b. Bob discards the bits for 'a' which were transmitted in a photon for which his value for 'b' differs from what Alice announced. For example if Alice says b(i) = 1 but Bob has received b(i) = 0 he discards a(i). Bob also notifies Alice of which bits he has discarded.
The line will have noise so a number of b(i) are expected not to match. However if a large number do not match it can be assumed that an attacker is listening in. If an attacker had been listening they would have only been able to measure a(i) or b(i) but not both. They would have to retransmit the photon and guess the value of whichever of a(i) or b(i) they did not measure. Due to the randomness of a and b they would have only a 0.5 probability of being sucessful for each photon. This becomes exponentially small as the number of photons is increased. When they are unsuccessful at reconstructing the photon Bob notices and discards that bit.
If Alice and Bob agree on enough bits of b then it can be safely assumed there is no attacker and the remaining bits of 'a' are a key known only to them. This is a rather simplified description of what actually happens, but it should be enough to demonstrate that naive man-in-the-middle attackers like cutting the wire won't work.
Re:Stop piracy? (Score:2, Informative)
Re:ahem (Score:2, Informative)
Re:They're different things (Score:3, Informative)
The point is not that intrusion is impossible - but that it is always possible to detect intrusion (and hence abort the key distribution process if it is not secure).
The point of the decoys is, AFAIK, essentially bandwidth: it makes it easier to detect intrusion nd less of the "key" has to be sacrificed for that purpose.
The basic point of quantum key distribution (QKD) is that any eavesdropping attempt will unavoidably (by, at your preference, the uncertainty principle, the no-cloning principle, or monogamy of entanglement) introduce noise into the data shared by the two communication partners -- and that the amount of noise in the transmitted data (which is in practice also unavoidable, even if there is no eavesdropping at all) allows one to put a strict upper bound on any information a possible eavesdropper might have obtained. If the bound is sufficiently low, further classical "privacy amplification" can then make the shared key as secret as desired, otherwise the protocol must be aborted.
In the first protocols, a random sequence of only four quantum states was sent from A to B and used both for intrusion detection and key generation. It may not be surprising that sending other states as well (and monitoring what becomes of them) may tell A and B more about the eavesdroppers actions.
BTW: the process behind the "kind of laser device" is "stimulated emission", which has indeed be shown to work in some cases as an "optimal cloning device". But even optimal cloning does not break QKD, since it can only clone half of the states faithfully and introduces noise in the other half.