Researchers Simplify Quantum Cryptography 106
Stony Stevenson writes "Quantum cryptography, the most secure method of transmitting data, has taken a step closer to mainstream viability with a technique that simplifies the distribution of keys. Researchers at NIST claim that the new 'quantum key distribution' method minimizes the required number of detectors, the most costly components in quantum crypto. Four single-photon detectors are usually required (these cost $20K to $50K each) to send and decode cryptography keys. In the new method, the researchers designed an optical component that reduces the required number of detectors to two. (The article mentions that in later refinements to the published work, they have reduced the requirement to one detector.) The researchers concede that their minimum-detector arrangement cuts transmission rates but point out that the system still works at broadband speeds."
Broadband? (Score:2, Insightful)
Not the most secure (Score:3, Insightful)
In practice none of this is relevant since the hassles associated with correctly implementing either QC or a OTP are sufficiently large that for most applications they are both inferior to public key cryptography and symmetric ciphers. There are some exceptions, but the only way you could possibly justify describing quantum cryptography as "the most secure way to transmit data" would be by ignoring so many aspects of information security that it will have no relevance to practical applications.
Why is this practical? (Score:4, Insightful)
Is there really anyone out there paranoid enough to need/want this besides various three-letter agencies? Maybe this is proveably secure, we think, but what is more likely - Someone finds a loophole in the very weird world of quantum mechanics that makes quantum cryptography as we know it obsolite, or someone figures out a way to find prime factors of obsenely large numbers in a reasonable time.
This article is about how it may be possible have a quantum crypto setup with a bandwidth of maybe 1024kbps by spending only $20k-$50k on one component to the system. I bet there is a lot of other components.
Compare this with a basic commodity PC, which can could encrypt 1024kbps using AES with ridiculous ease.
Re:Why is this practical? (Score:3, Insightful)
Re:what's the big deal (Score:3, Insightful)
I was with you up until about there. It occurs to me that there are any number of mathematical terms that could be combined at random to induce the same effect in me, and I wonder if this is true of all the people who modded you up.
I think i'm just gonna take your word for it.
Re:Apples and oranges (Score:1, Insightful)
The same way you are going to tell the receiver of the QC message to use Quantum cryptography in the first place.
Lots of people seem to have this confused. Quantum cryptography does NOT give you a way to do secure key exchange without meeting the person you are going to communicate with. If you think about it for a second you will realize that this CANNOT be done no matter what encryption scheme, and no matter what "spooky action at a distance" you come up with. No matter what encryption scheme I use to communicate with you, I first need to agree with you to use that scheme, or for that matter, I have to get to know you for the concept of "you" to even make sense. If we have agree to an encryption scheme, we could just as well have exchanged one time pads, or RSA public keys, while doing it.
To put it this way, I made this post, but there is NO way for you to EVER determine who I was. Quantum cryptography won't do it because you don't know who you should tell to be at the receiving end. Asking Slashdot what is in their server log doesn't do it, because somebody could be doing a man in the middle between me and Slashdot right now. If 3 people came up to you tomorrow, each claiming to have made this post, there is fuck all you can do to determine who is telling the truth.
As a consequence, since you cannot even know who I am, you cannot possibly communicate securely with me in the future. After exchanging keys you can communicate securely with some person who may or may not be me, but you will never be able to know for sure it was that person who made this post.
Finally it is also worth mentioning here that QC, like the OTP, is limited in the amount of data you can send before meeting again to exchange entangled particles to be used for future communications. If it was not it would have an advantage over the OTP in that the OTP only lets you send so much data before you have exhausted your pad. As it happens, however, each entangled particle pair can be used only once, since any measurement destroys the entanglement.
Re:what's the big deal (Score:1, Insightful)