Forgot your password?
typodupeerror
Encryption Security IT

Quantum Encryption Implementation Broken 133

Posted by timothy
from the but-this-was-a-quantum-drawing-board dept.
I Don't Believe in Imaginary Property writes "Professor Johannes Skaar's Quantum Hacking group at NTNU have found a new way to break quantum encryption. Even though quantum encryption is theoretically perfect, real hardware isn't, and they exploit these flaws. Their technique relies on a particular way of blinding the single photon detectors so that they're able to perform an intercept-resend attack and get a copy of the secret key without giving away the fact that someone is listening. This attack is not merely theoretical, either. They have built an eavesdropping device and successfully attacked their own quantum encryption hardware. More details can be found in their conference presentation."
This discussion has been archived. No new comments can be posted.

Quantum Encryption Implementation Broken

Comments Filter:
  • by FooAtWFU (699187) on Wednesday December 30, 2009 @05:39PM (#30599912) Homepage
    Now that's efficiency for you, folks!
  • by PixieDust (971386) on Wednesday December 30, 2009 @05:39PM (#30599914)
    Can we please get to play with some of these emerging technologies before someone goes breaking them? This is why we can't have nice things! You intellectuals and your tinkering....
    • by Sique (173459)

      And there was me thinking that attempting to break something deliberately is part of the playing :)

    • The whole point is to make sure the implementation can't be broken BEFORE they distribute it and have to recall/replace/handle frivolous lawsuits/etc.

    • But encryption technologies are special toys; they're made to be broken, see. Consider them as pinatas.

  • by fuzzyfuzzyfungus (1223518) on Wednesday December 30, 2009 @05:43PM (#30599928) Journal
    Schrödinger's Hack!
  • Broken (Score:5, Funny)

    by Wowsers (1151731) on Wednesday December 30, 2009 @05:44PM (#30599944) Journal

    There's only one way to look at this story, the quantum encryption may or may not be broken, or maybe partially so, so both cases could be true at the same time.

  • Fond memories (Score:4, Informative)

    by temcat (873475) on Wednesday December 30, 2009 @05:51PM (#30600010)

    Hehe, that master student [vad1.com] you will see at the second linked page is me ten years ago :-)

  • by nacturation (646836) * <nacturation@gma[ ]com ['il.' in gap]> on Wednesday December 30, 2009 @05:52PM (#30600022) Journal

    How is it news that a flawed implementation of a perfectly secure algorithm can be taken advantage of? Cryptographers have been doing side channel attacks for a long time.

    • Re: (Score:2, Insightful)

      by lgw (121541)

      Because the algorithm is almost never the weakness in any security system? This was snake oil, sold as "provably perfect encryption" which is a total load of rubbish. Anyhow, quantum crypto wasn't about a algorithm, but about a silly claim that one can use technology to make communication intercepts "provably impossibly". Bullshit - making one link of a chain really really strong doesn't make the chain meaningfully stronger.

      • by QuantumG (50515) *

        Kind of an important first step to improving the entire chain is to improve individual steps in the chain.

        In any case, both you and the article miss the point, the attack site protected by any form of cryptography is the middle, not the ends.

        • by lgw (121541)

          Yes, but improving the already-strongest link of a chain get you nowhere. And cryptography is only ever the weakness of any security system if you do it yourself. A security system that touts "better cryptography" is almost certainly a scam.

          Of course, "quantum cryptography" is not cryptography, it's a means of detecting eavesdropping - and the product did not deliver on its promises.

          • by QuantumG (50515) *

            Sigh. If I use ssh to connect from my linux machine to yours and you say "ha! I've broken your ssh connection because I can sniff your pty." I'll just say congratulations, kick you off my linux machine and go back to using ssh.

            Stop being a dick.

            • Re: (Score:3, Insightful)

              by lgw (121541)

              I don't understand your point. A company is selling a system marketed as "quantum cryptography" and "provably secure". This commercial product was broken by a fairly normal approach to breaking comm security. "Quantum cryptography" is a marketing buzzword term (buzzphrase?) largely created by this company.

              I suppose pedantically one could say "a commercial appliance marketed as provably secure quantum cryptography was broken", but most people understood the intended meaning: this much hyped "quantum crypto

              • "Quantum cryptography" is a marketing buzzword term (buzzphrase?) largely created by this company.

                What company? QC is still in the "kinda theoretical" phase right now (i.e. the five to ten years to market [xkcd.com] point)

            • by Verdatum (1257828)
              ...but he's right. "the algorithm is almost never the weakness in any security system" it's social engineering, and buffer overflows, and small keysizes and lots of other exploitable vectors. I fail to see the need for this sort of staw man argument.
          • Cryptography with current technology is a strong link in the chain, but with advances in quantum computing factorization will be easy enough that current ciphers will no longer provide strong security. This is when quantum encryption will have a big advantage over current methods.

      • by Trails (629752)

        Well, I think this is more of a typical disconnect between academic types and more practical types.

        Quantum crypto is an enhancement over current non-crypto methods, it is (for the moment) provably unbreakable. For most applications, the difference is trivial since (barring the NSA), breaking current encryption isn't impossible, so much as impractical in the extreme.

        That's an interesting, if academic, point. As you mention, most compromises these days are not defeating the encryption algo, so much as socia

        • Re: (Score:3, Insightful)

          by lgw (121541)

          You do realize that "quantum crypto" is not any kind of cryptography, right? (Beyond the most general sense of "secret writing", I guess). It's a "provably secure" means of detecting eavesdroppers. Except, as with most "provably secure" systems, it turned out to be flawed.

      • by owlstead (636356)

        "Because the algorithm is almost never the weakness in any security system? "

        Come again? MD5, MiFare, single DES, WEP, GSM - just a bunch of algorithms and systems that are broken because of the algorithm.

        "This was snake oil, sold as "provably perfect encryption" which is a total load of rubbish."

        No, provably perfect encryption does exist (one time pads for instance). You are probably trying to say that "provably perfect security systems" are a load of rubbish. Many algorithms are provably secure, but they

        • by lgw (121541)

          Crypto systems based on one-time pads have been broken repeatedly in the cold war - yes I guess I meant that "provably perfect security systems" are rubish, but really "provably perfect real-world anything" is rubbish.

          Quantum "crytography" (really, quantum key distribution) is a solution looking for a problem. The problem of a corrupt insider attacking a physical listening device to a cable in a secure area is real (if rare), but the problem there is the corrupt insider, not the optical cable, and hardenin

    • Quite so. A good topic to research (in addition to side-channel attacks) for more information on is TEMPEST (protecting against "spurious emmisions" that may leak information). From there you can find information on many, many methods of side-channel attacks. Examples include measuring the emag field from keyboard presses, monitoring CPU times & power consumptions, reading screens in reflections, and many more.

      Again, this article highlights that all the software in the world can't protect against some h

    • by Anonymous Coward

      > How is it news that a flawed implementation of a perfectly secure algorithm can be taken advantage of?

      Because it's a very technically impressive hack that breaks the guarantees we love quantum encryption for (the idea that we can detect eavesdropping) and it does it in a fairly general way, using a weakness in an important piece of hardware (the single photon detectors) that's used in many quantum cryptography setups.

      It may not be surprising to you, but the technology used isn't so trivial as you make

  • Truly nothing to see here.
  • "Even though quantum encryption is theoretically perfect"

    And Communism works, IN THEORY.

    • by inviolet (797804) <slashdot@ideasma ... g minus caffeine> on Wednesday December 30, 2009 @06:09PM (#30600166) Journal

      And Communism works, IN THEORY.

      No it doesn't. The theory of Communism proposes that humans will work for the betterment of their fellow tribe members. This works in small tribes where everyone knows each other (families and 'communes'), but was known in advance to fail for larger groups. The theory is bunk because it utterly fails to understand the fact that personal economic incentives are the primary driver of human behavior.

      As was Marx's derivation of the value of the worker. He completely missed the fact that the value-add comes from the synergistic arrangement (arranged by the entrepreneur) of worker, raw materials, and the means of production.

      • by lgw (121541) on Wednesday December 30, 2009 @06:24PM (#30600294) Journal

        Actually, Marx's main flaw was in how he valued technology. The man wasn't a starry-eyed idiot, but he just failed to see the value of automation - something not so obvious in his time. Marx directly claimed that machines cannot lower the cost of goods, because machines would naturally be sold for the value of the labor they replaced. Most of the benefit of capitalism is that technology reduces the cost of goods, so that our standard of living improves continuously over time despite the common man never getting a larger share of the wealth.

        At any given point in time, the only reason capitalism does any better job of creating a "synergistic arrangement of worker, raw materials, and the means of production" is that capitalism self-corrects for corruption faster (companies fail faster than governments). In practice this is a minor factor as successful companies quickly infiltrate government to create regulations that raise barriers to competition (markets are never free for long).

        Over generations, however, the advance of technology is huge - far more important that the distribution of wealth to one's standard of living. And free markets (to the exten they exist) are far and away the best stimulus for new technology. This is why established firms so often seek government regulation: to prevent (or at least slow) disruptive technology.

        • Free markets by themselves are not enough for new technology. In fact, historically, a good deal of new technology was motivated by military requirements. Additionally, revolutionary technology (e.g. the transistor) depends on a background knowledge of science which is generally *not* obtained by companies seeking a profit, but by government funded research.

          Free markets are good for developing products though, and improving existing technologies.

          • by lgw (121541)

            We may be saying the same thing, but history is full of amazing inventions that sat idle for centuries because in that culture in that time there was insufficient incentive to turn the invention into a product. It's not that a free market somehow magically sparks research, but that it provides both a huge incentive to transform research from the abstract to the practical, and a mechanism for raising the capital to do so.

            The actual amount of money spent on fundamental research is nearly trivial in the schem

          • by Bigjeff5 (1143585)

            Additionally, revolutionary technology (e.g. the transistor) depends on a background knowledge of science which is generally *not* obtained by companies seeking a profit, but by government funded research.

            Ummm... the transistor was invented at Bell Labs, which was a subsidiary of Bell Communications, which was a private company. Bell Labs is still a private institution, and their discoveries are intended to produce items for a profit. They are simply smart enough to realize you can't necessarily tell someone what to invent, and put up with thousands of unmarketable inventions to get the few hugely profitable ones.

            • Yes, but it was dependent on the understanding of the laws of nature, such as quantum mechanics, thermodynamics, electronic structure of semiconductors etc. While Bell Labs undoubtedly did a lot of valuable science, it built on what had been done previously. Without that background, it would not have been possible.

              In any case, Bell Labs did not operate in a free market - it was part of a very large regulated monopoly. Generally, competing private companies do not have the resources to do basic research - th

              • by Bigjeff5 (1143585)

                In any case, Bell Labs did not operate in a free market...

                But they did, AT&T did not, but Bell Labs entire purpose was to expand it's reach beyond its limited monopoly over phone systems. They had no monopoly anywhere else, but they had the resources to attempt expansion and create new competing products.

                It was the free market that drove that, not government funding. The truth is, the amount government funded research is pitiful compared to private research, and large companies - like AT&T back in the day - would pick up a large portion of the slack if

                • Bell Labs got funding thanks to AT&T's regulated return on investment - AT&T couldn't lose by funding it. Its principal role was to support the telephone business, and as they could recoup the investment from their telephone operations, shielded from competition, even tangentially related research could be justified. That was the driver for the research, and wouldn't happen in a free market - a phone company without research spending could out-compete them, so only research with a reasonably short t

        • Marx directly claimed that machines cannot lower the cost of goods, because machines would naturally be sold for the value of the labor they replaced.

          Are you sure that criticism wasn't made specifically as a critique of how automation worked, from the point of view of labor-hours of income that had to be exchanged for a given quantity of goods, specifically in a capitalist society (and, remember, Marx was critiquing 19th Century capitalism, not modern "capitalism" in which every "capitalist" state has -- la

          • by Bigjeff5 (1143585)

            Insofar as that is true, how is that a benefit of capitalism?

            I believe he simply meant free markets, but the free market is the cornerstone of capitalism.

            For a good comparison, look at the Cold War and Communist Russia vs Capitalist America. The Russian standard of living was dropping because Communism does not provide an incentive to increase worker efficiency (other than what you can get by tyranical means), whereas in the US the economy was growing more efficient and the standard of living was skyrocketing. Both the US and Russia were tired and worn after the wa

            • Re: (Score:3, Insightful)

              by DragonWriter (970822)

              I believe he simply meant free markets, but the free market is the cornerstone of capitalism.

              That changes the claim, but doesn't justify either the original or the revised version.

              For a good comparison, look at the Cold War and Communist Russia vs Capitalist America.

              Russia was -- when the USSR was founded -- something like a half-century or more behind Western Europe and the US technology, and probably two centuries socially. And was devastated by war (like most of Europe, but unlike the US.) It then went t

          • by lgw (121541)

            Capitalism stimulates technological advance better than any system that has ever been tried, largely because it combines a huge incentive for turning new ideas into products with the means of raising the capital to do so.

            At it's root, capitalism is simply a system for determining who controls the means of production: assigning that control to those who have done well at that task in the past (because wealth is the primary means for gaining control of the means of production, and making good decisions about

            • Capitalism stimulates technological advance better than any system that has ever been tried

              I don't think there is any evidence that capitalism does so better than "any system that has ever been tried", and particularly not better than the mixed economies employed by every major advanced nation on Earth today.

              • by lgw (121541)

                Well, every economy is a mix of course - even totalitarian communist states have been a mix of the government-run economy and the black market. But the "degree of capitalism" and the long term rate of economic growth (with technological innovation being the primary cause of that) are directly correlated.

                I think people have very strange idea about what capitalism is: if control of the means of production can be purchased for money, and you can make money by controlling the means of production, you have capi

                • I think people have very strange idea about what capitalism is: if control of the means of production can be purchased for money, and you can make money by controlling the means of production, you have capitalism (to some extent: "control" is a matter of degree, of course).

                  Except for land in the narrow sense (which is often distinguished from capital), the Communist Manifesto did not include in its program for changes to the system of property (the elimination of capitalist property) the elimination of priv

        • by St.Creed (853824)

          Actually, Marx's main flaw was in how he valued technology. The man wasn't a starry-eyed idiot, but he just failed to see the value of automation - something not so obvious in his time. Marx directly claimed that machines cannot lower the cost of goods, because machines would naturally be sold for the value of the labor they replaced. Most of the benefit of capitalism is that technology reduces the cost of goods, so that our standard of living improves continuously over time despite the common man never getting a larger share of the wealth.

          Actually, a lot of Marx's writings are about automation being crucial to both capitalism and communism as it drives down the cost of production. Also, since any activity in capitalism is itself subject to the same laws, prices will go down as more capitalists produce the same machinery, using other machines: the skill and cost of labor to create new machines go down, hence their value and in the end their price also go down. See 'wages, price and profit' for details.

      • Re: (Score:2, Interesting)

        by DragonWriter (970822)

        The theory of Communism proposes that humans will work for the betterment of their fellow tribe members.

        No, actually, it doesn't. Like democracy (which it is, in a sense, an analog of, addressing economic rights instead of political rights) it relies on the idea that humans will work for the betterment of themselves, individually, so that widely and equally distributing power among the population will result in the broadest possible benefit. As with democracy, one of the places that communism breaks down i

        • Re: (Score:3, Interesting)

          by Bigjeff5 (1143585)

          You defend the idea of Communism, yet hint at exactly why it doesn't work. Pure Communism cannot and will not ever work for the same reasons that pure Democracy cannot and will not work - natural cooperation breaks down when the group size becomes so large that individuals do not know every other member of the group on a personal level. Our congress would not function if it got much larger than it is. If it grew to over 1,000 members our government would almost certainly collapse, as there would be no wa

          • You defend the idea of Communism

            Actually, no, I didn't. I pointed out flaws in the particular mischaracterization of Communism.

            Pure Communism cannot and will not ever work for the same reasons that pure Democracy cannot and will not work - natural cooperation breaks down when the group size becomes so large that individuals do not know every other member of the group on a personal level.

            As I pointed out, Communism doesn't really on cooperation, like democracy -- in the modern, liberal, limited form -- it re

      • That's the dumbest explanation of communism I've ever heard. You must be an academic.

      • by St.Creed (853824)

        And Communism works, IN THEORY.

        No it doesn't. The theory of Communism proposes that humans will work for the betterment of their fellow tribe members. This works in small tribes where everyone knows each other (families and 'communes'), but was known in advance to fail for larger groups. The theory is bunk because it utterly fails to understand the fact that personal economic incentives are the primary driver of human behavior.

        As was Marx's derivation of the value of the worker. He completely missed the fact that the value-add comes from the synergistic arrangement (arranged by the entrepreneur) of worker, raw materials, and the means of production.

        You're wrong on both counts. As for the first, Marx merely said that it would be easier to work for the common good, as well as more efficient, in the long run. He wasn't proposing that humans worked for others for the hell of it, but because it would be the obvious smartest choice for themselves. Smarter than working for a capitalist who'd underpay you. And any self-employed entrepreneur knows it.

        As for the second, let's do a little experiment: remove the worker from the equation and see how much value the

  • We all know that theory can be notoriously variable when put into practice. In theory, quantum in particular, your wave function places your probability of spontaneously appearing in a parallel universe as magnificantly insignificant, yet its a "theorhetically possible". Knowing such, it should not be a surprise when such a powerful and not fully-understood "proof-of-concept" implementation is shown to be flawed, there are things we cannot master, and possibilities that cannot be ruled out. No security mea
  • I got norton.

    [in before people who don't get the reference]

  • I'm not sure I have heard this term before. How does an "intercept-resend attack" differ from a man-in-the-middle attack?
    • Re: (Score:3, Funny)

      by gnieboer (1272482)

      Because Intellectual Property Hoggers International got a patent on a man-in-the-middle (TM) attack and the accountants at the university wouldn't pay the licensing fees, so they had to come up with a COMPLETELY NEW and different attack to avoid patent litigation, thus the incredibly novel "intercept-resend attack" (patent pending).

    • Man in the middle is merely attempting to read the information as it passes by. With Quantum encryption, reading the key could potentially change its value. (Hard to explain, but yes thats how it works).

      An intercept and Resend is rather taking the information as it comes in, not reading it, but duplicating it (this would be the tricky part, duplicating something without reading it) and then resending the information out.

  • We don't have a quantum computer to provide the quantum encryption yet, but the encryption is already broken.

    I think it's time for my beauty rest.

  • Even though quantum encryption is theoretically perfect...

    Most things that are perfect *are* theoretical.

    ...real hardware isn't, and they exploit these flaws.

    Most modern encryption isn't cracked by breaking the technology used to encrypt it. Security is only as secure as the pain tolerance of the person who knows the PIN, or the size of the visor that is suppose to hide the numbers you press from the person in line behind you.

  • Saying that this exploit "defeated" quantum encryption is like saying that a bank is not secure because someone got stuck up walking home after making a withdrawal.

    The summary admits as much by saying "Even though quantum encryption is theoretically perfect, real hardware isn't".

    Does anyone think that a laboratory quantum encryption setup is exactly the hardware that quantum encryption implementations are going to have when they are commercially available?

    I've seen this before, where someone claims that pro

    • by drinkypoo (153816)

      I've seen this before, where someone claims that product X or Y is "not secure" because they were able to obtain a passphrase via social engineering.

      It's not an entirely invalid argument, consider the difference between passphrase authentication vs. passphrase+smartcard (or securid tag, or...) If a single social engineering attack can compromise your network, it's not very secure.

  • It uses bright light to blind the single-photon detectors. Determining that your detectors are saturated isn't that hard; if they get saturated, someone's probably performing this attack and you might not want to use the key. In fact, any reasonable QKD scheme should really try to ensure that the detectors are operating properly throughout the key distribution otherwise it's a giant security hole.

  • by nedlohs (1335013) on Wednesday December 30, 2009 @09:38PM (#30601898)

    1. Build quantum encryption system with a security flaw in the implementation.
    2. Publish!
    3. Exploit the flaw.
    4. Publish!
    5. Fix the flaw.
    6. Publish!

  • Could we stop it calling him quantum encryption and call it by what it is : Secure quantum transmission ? Encryption / decryption involve changing a message with a key as to make it non-decipherable. Quantum "encryption" do no such a things, it only allow sending a emssage from point A to point B , while warning you if somebody eavesdrop (at least in theory...). You could push a message in plain text through such a channel, or a KEY, both can be perfectly read by the eavesdropped, but the sender/receiver pa

"The only way for a reporter to look at a politician is down." -- H.L. Mencken

Working...