Researchers Simplify Quantum Cryptography

Stony Stevenson writes "Quantum cryptography, the most secure method of transmitting data, has taken a step closer to mainstream viability with a technique that simplifies the distribution of keys. Researchers at NIST claim that the new 'quantum key distribution' method minimizes the required number of detectors, the most costly components in quantum crypto. Four single-photon detectors are usually required (these cost $20K to $50K each) to send and decode cryptography keys. In the new method, the researchers designed an optical component that reduces the required number of detectors to two. (The article mentions that in later refinements to the published work, they have reduced the requirement to one detector.) The researchers concede that their minimum-detector arrangement cuts transmission rates but point out that the system still works at broadband speeds."

Impossible to eavesdrop, otherwise, a big yawn

[Mathinker]

The sexy part is that if there is a third party who tries to eavesdrop, the attempt will both fail and can be detected by the two communicating parties, and that the security of quantum cryptography has nothing to do with the lack of ability to factor large numbers, but is instead based on physical principles (quantum mechanics). Of course, the sensitivity to eavesdropping means that the system is probably vulnerable to a denial of service attack, depending on how the two communicating parties relate to eavesdropping.

Otherwise, you are perfectly correct. Many cryptographers, including Bruce Schneier, believe that quantum cryptography is a solution to the wrong problem. Nowadays, most probably, the least secure part of your communication system isn't in your key distribution scheme, but is somewhere else --- like in social engineering, or the computer systems which deal with the decrypted cleartext.

Broadband Speeds

[enoz]

Describing the rate as "Broadband Speeds" is about as useful as describing the performance of a supercar as "roadworthy" (there's your car analogy).

For reference, in Australia not only does the incumbent Telco consider 256/64kbps to be broadband, but they also describe it as "Fast [bigpond.com]".

Re:what's the big deal

[Anonymous Coward]

You also failed to mention that it is impossible to eavesdrop on the communication of the keys. This is probably the most important part because it can make one time pad encryption useful on computer networks. Without quantum cryptography, your one time pad is only as safe as how you send it (RSA encryption, chaos encryption, snail mail). Additionally, quantum cryptography can't be reverse engineered to find the algorithm for your one time pad.

This is all nice, but it is going to be tricky to implement it in the future. How do you send a photon from one computer to another a long distance away without using repeaters or branches? It will be a little tricky. Would this require a fiber optic connection between every computer that wants to communicate with quantum encryption? Or can you adjust the medium so that photons are transmitted and branched undisturbed?

Apples and oranges

[Chuck Chunder]

There is only one cryptography scheme with proven secrecy, and that is the one time pad. Even if you assume no errors occur in its implementation, no physicist can guarantee there will never be discovered a way to eavesdrop on transmissions that use Quantum Cryptography. In contrast with the one time pad a Mathematician can more or less prove, at least to the extent you can prove anything at all, that eavesdropping is only possible if the implementation is flawed.

You are comparing apples with oranges. The bit your mathematician can "prove" is only part of the problem quantum encryption aims to solve. Ie quantum encryption also includes key exchange (and in fact typically uses a one time pad for the data transfer).

You can't simply ignore the key exchange problems on the mathematicians side.

Perhaps the laws of physics that are supposed to protect quantum encryption will turn out to be false but based on our current understanding there is no better way to do it.

How is your mathemetician going to distribute his one time pad?

Re:Apples and oranges

[Creepy Crawler]

---How is your mathemetician going to distribute his one time pad?

A one time pad guarantees perfect secrecy. A QC channel allows secrecy as any "listening" devices become in part with the system, thereby allowing detection.

I do think this is a bit excessive by stating.. Data is always time-dependent. Therefore, we only need protect data for X amount of years.

What combination of encryption technologies can we use to make the data physically hard to crack? We need a multi-tiered encryption setup that uses multiple algorithms and multiple layers. Assuming mathematical proof of said encryption and no holes in implementation, we can calculate CPU years in brute-forcing each layer. Also, assuming that MIPS/s is increasing exponentially, we can calculate a "cracked by" date, and wrap said data in the date we need.

Having "perfect" data integrity and "perfect" communication seems... not right. It's just a gut feeling.

Re:Not the most secure

[Creepy Crawler]

Ok. What is an observer?

Or better yet, what would happen if some new device could record without observing?

---Quantum cryptography isn't a cipher. It's a method of transmitting data, which does one specific thing, which is guarantee that you'll be able to tell if people have attempted to eavesdrop. It's not a complete cryptosystem; it's not meant to be. It's meant to be just one component of cryptosystems, and in doing what it does, it's provably secure in the sense that secure is being used here.

Of course not. quantum crypto solves the problem with OTP's: secure transmission of the OTP lookup sheet itself. I forget the bit rate of the machine, but it's something damned slow (100 bits/s?). The ultimate problem with any crypto system is still the people though. Too bad it doesnt fix that ^_^

---(Incidentally, mathematical proofs aren't like scientific proofs; it *is* possible to prove with absolute certainty in mathematics.)

Also, unfortunately, QC math isnt a math proof. It's a proof on physics that attempts to estimate the real math of our universe. Until we know the "real" math, there will be holes in our knowledge, and therefore unprovable. It's probably pretty accurate though, but is it accurate to trust?

Re:what's the big deal

[locofungus]

Here's something I've never understood. Alice prepares a one-time pad and sends it along using this quantum dealie. Eve intercepts it. Now supposedly this thing changes every time someone observes it, but could Eve just generate a new one based on the data she acquired? Alice created one 'from scratch', why can't Eve?

Lookup quantum cloning and the "no cloning theorem".

But basically (and this is a naive implementation that won't actually work), Alice transmits to Bob using linearly polarized photons. Now, if you remember from your school days, if you shine a light though a polarization filter and then through another filter at the same angle, all the light that gets through the first filter gets through the second filter as well.

So, let Alice transmit a horizontally polarized photon |H> if she wants to send a 1 and |V> if she wants to send a 0.

Bob uses a horizontally polarized filter = 1 (the photon gets through and he detects it, = 0. The photon gets stopped and he doesn't detect it.

So far, so good but... Eve does exactly what you suggested and measures the photon and then regenerates it - so Bob doesn't see any difference.

Now it starts getting clever ... Again, hopefully you remember from your school days that, if you send that polarized light though a second filter at an angle to the first, a proportion of the light gets through (cos^2 theta). But, QM says that you cannot predict which photons will make it through the second filter, it's entirely probabilistic.

So as well as using |H>,|V> to transmit 1 and 0, Alice also uses |+>,|-> where these are 45 degree polarizations. Alice uses one or the other completely at random.

Bob, when he measures at his end also choses whether to measure the horizontal polarization = Alice and Bob use the same polarization angle so Bob detects the photon
  = Alice and Bob use crossed polarization filters so Bob doesn't detect the photon
  = Alice and Bob's filters are at 45 degrees so Bob may or may not detect a photon
  = ditto
  = ditto
  = ditto
  = Alice and Bob use the same polarization angle so Bob detects the photon
  = Alice and Bob use crossed polarization filters so Bob doesn't detect the photon

Once Alice and Bob have done this, Bob tells Alice which measurement he's done (over a classical channel, they don't care who might eavesdrop.) If Alice and Bob have used the same basis - i.e. Alice used |H>,|V> to transmit her bit and Bob used ,|-> to transmit her bit and Bob used or |V>. She can retransmit that value but, if Alice sent |+> or |-> instead then she'll have corrupted the bit. If she measures or |-> but if Alice sent |H> or |V> then she'll corrupt that bit instead. Infact, on average, regardless of which measurement she makes, she'll end up corrupting 1/2 of the values that Alice and Bob have "successfully" exchanged.

Now Eve can get really clever. Instead of measuring the photon, she can clone it and then measure her clone. Now it turns out that there is a limit to how good her cloning machine can be so, although it won't corrupt half of the bits that Alice and Bob transmit, it will corrupt at least 1/6.

(Actually, in the naive scheme outlined above I think Eve can do:
a|H> + b|V> => a|HH> + b|VV>, store her photon, wait for Bob to measure, eavesdrop the message from Bob to Alice and then make the same measurement on her stored photon. But this only works because the only possible values for a,b in the naive scheme are (0,1), (1,0), (1/sqrt2,1/sqrt2), (1/sqrt2, -1/sqrt2) but I'm right on the limits of my understanding of QM and entangled photons now so I could be completely wrong)

Tim.

Re:Actually...

[Impy the Impiuos Imp]

Not immediately, I suppose. It's interesting to note that a proper database system would discrete-ize the posting numbers to arrive at a definite first post, even though relativity makes a mockery of first posts.

Hey wait, that shouldn't be possible.

> Quantum cryptography, the most secure method of transmitting data,

Technically it would only be tied at best with a one-time pad, and, at worst, slightly less secure. I wonder if it has codes that could be cracked by social engineering, as one time pad's could, or if you must physically have the proper connection device.

But I hear it's also possible to do a quantum simulation of the entire universe using a quantum device. Hence it may be trivial to crac...hey, waitaminnit!

Maybe this whole universe is someone's attempt to quantum crack some encoded pr0n. DAMMIT!

DAMMIT! My life is just being a cog in someone's un-encoding of some pr0n! >:(

Actually, I feel my life is more valuable doing that then it turning out this universe was Yahweh's twice-patched fuckup (Noah, and Jesus) wise and perfect plan all along.