Quantum Encryption Implementation Broken 133
I Don't Believe in Imaginary Property writes "Professor Johannes Skaar's Quantum Hacking group at NTNU have found a new way to break quantum encryption. Even though quantum encryption is theoretically perfect, real hardware isn't, and they exploit these flaws. Their technique relies on a particular way of blinding the single photon detectors so that they're able to perform an intercept-resend attack and get a copy of the secret key without giving away the fact that someone is listening. This attack is not merely theoretical, either. They have built an eavesdropping device and successfully attacked their own quantum encryption hardware. More details can be found in their conference presentation."
Successfully broken before anybody was using it! (Score:5, Funny)
Re: (Score:2)
Exactly. More proof that Firewalls and Antiviruses can never keep up with hackers.
Re: (Score:1)
Re: (Score:3, Informative)
Re: (Score:2)
Wasn't Switzerland using this form of quantum crypto for some election or something?
http://it.slashdot.org/article.pl?sid=07/10/11/2211205 [slashdot.org]
Re: (Score:3, Interesting)
I raise you a Vigenere - used by the Confederates after it was successfully broken by Babbage.
(Also, apparently they changed the password twice during the course of the war.)
This is why we can't have nice things (Score:5, Funny)
Re: (Score:2)
And there was me thinking that attempting to break something deliberately is part of the playing :)
Re: (Score:1)
The whole point is to make sure the implementation can't be broken BEFORE they distribute it and have to recall/replace/handle frivolous lawsuits/etc.
Re: (Score:2)
But encryption technologies are special toys; they're made to be broken, see. Consider them as pinatas.
And they call it... (Score:5, Funny)
Re:And they call it... (Score:5, Funny)
Re: (Score:1)
Cat in the Hack (Score:2)
Of course not (Score:2)
If the third party reads it before you do, they are really the second party. Then you read it as the third party. Or wait long enough and be the fourth party.
Broken (Score:5, Funny)
There's only one way to look at this story, the quantum encryption may or may not be broken, or maybe partially so, so both cases could be true at the same time.
Re: (Score:1, Funny)
Like that darn fat cat!
Re: (Score:2)
Huh? The villain from Rescue Rangers?
(upon reading it, I apologize for this comment).
Comment removed (Score:4, Informative)
Re:Fond memories (Score:4, Funny)
You went back in time and took a picture of yourself?
Re: (Score:2)
Re: (Score:3, Funny)
Re: (Score:1)
Even so, blue jean jackets have been out of style since the 80s, dude.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Holy shit, if you tell me you weren't listening to Bon Jovi's Slippery When Wet while wearing that outfit...then we all know you are full of it.
Nothing to see here. Move along. (Score:4, Insightful)
How is it news that a flawed implementation of a perfectly secure algorithm can be taken advantage of? Cryptographers have been doing side channel attacks for a long time.
Re: (Score:2, Insightful)
Because the algorithm is almost never the weakness in any security system? This was snake oil, sold as "provably perfect encryption" which is a total load of rubbish. Anyhow, quantum crypto wasn't about a algorithm, but about a silly claim that one can use technology to make communication intercepts "provably impossibly". Bullshit - making one link of a chain really really strong doesn't make the chain meaningfully stronger.
Re: (Score:2)
Kind of an important first step to improving the entire chain is to improve individual steps in the chain.
In any case, both you and the article miss the point, the attack site protected by any form of cryptography is the middle, not the ends.
Re: (Score:2)
Yes, but improving the already-strongest link of a chain get you nowhere. And cryptography is only ever the weakness of any security system if you do it yourself. A security system that touts "better cryptography" is almost certainly a scam.
Of course, "quantum cryptography" is not cryptography, it's a means of detecting eavesdropping - and the product did not deliver on its promises.
Re: (Score:2)
Sigh. If I use ssh to connect from my linux machine to yours and you say "ha! I've broken your ssh connection because I can sniff your pty." I'll just say congratulations, kick you off my linux machine and go back to using ssh.
Stop being a dick.
Re: (Score:3, Insightful)
I don't understand your point. A company is selling a system marketed as "quantum cryptography" and "provably secure". This commercial product was broken by a fairly normal approach to breaking comm security. "Quantum cryptography" is a marketing buzzword term (buzzphrase?) largely created by this company.
I suppose pedantically one could say "a commercial appliance marketed as provably secure quantum cryptography was broken", but most people understood the intended meaning: this much hyped "quantum crypto
Re: (Score:2)
"Quantum cryptography" is a marketing buzzword term (buzzphrase?) largely created by this company.
What company? QC is still in the "kinda theoretical" phase right now (i.e. the five to ten years to market [xkcd.com] point)
Re: (Score:3, Insightful)
If the device was using traditional public key encryption they could have done the exact same attack.
That was pretty much my point too. I have no insight into the motivation of the researchers, but this product is snake oil becuase it can be broken by the exact same attacks that work against a system not "protected by the Magic of Quantum(TM) - now with extra magic!" The thing that differentiates this product from competing comm security products adds no security in practice.
Re: (Score:2)
So you're saying that you failed logic.
The claim is that quantum cryptographic systems are not susceptible to some of the attack vectors that public key cryptography systems are susceptible to... primarily, key factoring... the fact that all cryptographic systems share some attack vectors doesn't invalidate that claim.
Re: (Score:2)
So you're saying that you failed logic.
In reply to your many ad-hominum attacks: you're ugly and your mother dresses you funny.
The claim is that quantum cryptographic systems are not susceptible to some of the attack vectors that public key cryptography systems are susceptible to... primarily, key factoring... the fact that all cryptographic systems share some attack vectors doesn't invalidate that claim.
The claim that quantum cryptographic systems provide more security is bogus: further hardening the strongest element in a security system does not provide additional security. Demonstrating vulnerability to other attack vectors does invalidate nonsense claims like "provable security".
Re: (Score:2)
I think the original claim of QC went something like this:
zomg Quantum Computing will be done eventually and then they'll be able to trivially break most/all modern ciphers, even if implemented in a perfect way! There will not even be theoretical security! I know, lets take this old, unbreakable cipher [wikipedia.org] and invent a method of key distribution that is perfectly secure in theory! That way, by the time QComputing is invented, QCrypto will have rendered it moot.
Executive summary: "provable security using real
Re: (Score:3, Insightful)
further hardening the strongest element in a security system does not provide additional security
Of course it does. You're taking a rule of thumb and holding it up as gospel while completely misunderstanding the purpose of it.
Re: (Score:2)
Re: (Score:2)
Cryptography with current technology is a strong link in the chain, but with advances in quantum computing factorization will be easy enough that current ciphers will no longer provide strong security. This is when quantum encryption will have a big advantage over current methods.
Re: (Score:2)
Well, I think this is more of a typical disconnect between academic types and more practical types.
Quantum crypto is an enhancement over current non-crypto methods, it is (for the moment) provably unbreakable. For most applications, the difference is trivial since (barring the NSA), breaking current encryption isn't impossible, so much as impractical in the extreme.
That's an interesting, if academic, point. As you mention, most compromises these days are not defeating the encryption algo, so much as socia
Re: (Score:3, Insightful)
You do realize that "quantum crypto" is not any kind of cryptography, right? (Beyond the most general sense of "secret writing", I guess). It's a "provably secure" means of detecting eavesdroppers. Except, as with most "provably secure" systems, it turned out to be flawed.
Re: (Score:2)
The "proof" turned out to be flawed.
Re: (Score:2)
"Because the algorithm is almost never the weakness in any security system? "
Come again? MD5, MiFare, single DES, WEP, GSM - just a bunch of algorithms and systems that are broken because of the algorithm.
"This was snake oil, sold as "provably perfect encryption" which is a total load of rubbish."
No, provably perfect encryption does exist (one time pads for instance). You are probably trying to say that "provably perfect security systems" are a load of rubbish. Many algorithms are provably secure, but they
Re: (Score:2)
Crypto systems based on one-time pads have been broken repeatedly in the cold war - yes I guess I meant that "provably perfect security systems" are rubish, but really "provably perfect real-world anything" is rubbish.
Quantum "crytography" (really, quantum key distribution) is a solution looking for a problem. The problem of a corrupt insider attacking a physical listening device to a cable in a secure area is real (if rare), but the problem there is the corrupt insider, not the optical cable, and hardenin
Re: (Score:1)
Quite so. A good topic to research (in addition to side-channel attacks) for more information on is TEMPEST (protecting against "spurious emmisions" that may leak information). From there you can find information on many, many methods of side-channel attacks. Examples include measuring the emag field from keyboard presses, monitoring CPU times & power consumptions, reading screens in reflections, and many more.
Again, this article highlights that all the software in the world can't protect against some h
You didn't RTFA, did you? (Score:2, Insightful)
> How is it news that a flawed implementation of a perfectly secure algorithm can be taken advantage of?
Because it's a very technically impressive hack that breaks the guarantees we love quantum encryption for (the idea that we can detect eavesdropping) and it does it in a fairly general way, using a weakness in an important piece of hardware (the single photon detectors) that's used in many quantum cryptography setups.
It may not be surprising to you, but the technology used isn't so trivial as you make
Prototype fallible, news at 11. (Score:1)
Re: (Score:3, Insightful)
quantum encryption broken by blinding detectors... (Score:2)
I'm sure there is a joke in there somewhere.
I've heard this before (Score:2)
"Even though quantum encryption is theoretically perfect"
And Communism works, IN THEORY.
Re:I've heard this before (Score:4, Insightful)
No it doesn't. The theory of Communism proposes that humans will work for the betterment of their fellow tribe members. This works in small tribes where everyone knows each other (families and 'communes'), but was known in advance to fail for larger groups. The theory is bunk because it utterly fails to understand the fact that personal economic incentives are the primary driver of human behavior.
As was Marx's derivation of the value of the worker. He completely missed the fact that the value-add comes from the synergistic arrangement (arranged by the entrepreneur) of worker, raw materials, and the means of production.
Re:I've heard this before (Score:4, Insightful)
Actually, Marx's main flaw was in how he valued technology. The man wasn't a starry-eyed idiot, but he just failed to see the value of automation - something not so obvious in his time. Marx directly claimed that machines cannot lower the cost of goods, because machines would naturally be sold for the value of the labor they replaced. Most of the benefit of capitalism is that technology reduces the cost of goods, so that our standard of living improves continuously over time despite the common man never getting a larger share of the wealth.
At any given point in time, the only reason capitalism does any better job of creating a "synergistic arrangement of worker, raw materials, and the means of production" is that capitalism self-corrects for corruption faster (companies fail faster than governments). In practice this is a minor factor as successful companies quickly infiltrate government to create regulations that raise barriers to competition (markets are never free for long).
Over generations, however, the advance of technology is huge - far more important that the distribution of wealth to one's standard of living. And free markets (to the exten they exist) are far and away the best stimulus for new technology. This is why established firms so often seek government regulation: to prevent (or at least slow) disruptive technology.
Re: (Score:2)
Free markets by themselves are not enough for new technology. In fact, historically, a good deal of new technology was motivated by military requirements. Additionally, revolutionary technology (e.g. the transistor) depends on a background knowledge of science which is generally *not* obtained by companies seeking a profit, but by government funded research.
Free markets are good for developing products though, and improving existing technologies.
Re: (Score:2)
We may be saying the same thing, but history is full of amazing inventions that sat idle for centuries because in that culture in that time there was insufficient incentive to turn the invention into a product. It's not that a free market somehow magically sparks research, but that it provides both a huge incentive to transform research from the abstract to the practical, and a mechanism for raising the capital to do so.
The actual amount of money spent on fundamental research is nearly trivial in the schem
Re: (Score:2)
Additionally, revolutionary technology (e.g. the transistor) depends on a background knowledge of science which is generally *not* obtained by companies seeking a profit, but by government funded research.
Ummm... the transistor was invented at Bell Labs, which was a subsidiary of Bell Communications, which was a private company. Bell Labs is still a private institution, and their discoveries are intended to produce items for a profit. They are simply smart enough to realize you can't necessarily tell someone what to invent, and put up with thousands of unmarketable inventions to get the few hugely profitable ones.
Re: (Score:2)
Yes, but it was dependent on the understanding of the laws of nature, such as quantum mechanics, thermodynamics, electronic structure of semiconductors etc. While Bell Labs undoubtedly did a lot of valuable science, it built on what had been done previously. Without that background, it would not have been possible.
In any case, Bell Labs did not operate in a free market - it was part of a very large regulated monopoly. Generally, competing private companies do not have the resources to do basic research - th
Re: (Score:2)
In any case, Bell Labs did not operate in a free market...
But they did, AT&T did not, but Bell Labs entire purpose was to expand it's reach beyond its limited monopoly over phone systems. They had no monopoly anywhere else, but they had the resources to attempt expansion and create new competing products.
It was the free market that drove that, not government funding. The truth is, the amount government funded research is pitiful compared to private research, and large companies - like AT&T back in the day - would pick up a large portion of the slack if
Re: (Score:2)
Bell Labs got funding thanks to AT&T's regulated return on investment - AT&T couldn't lose by funding it. Its principal role was to support the telephone business, and as they could recoup the investment from their telephone operations, shielded from competition, even tangentially related research could be justified. That was the driver for the research, and wouldn't happen in a free market - a phone company without research spending could out-compete them, so only research with a reasonably short t
Re: (Score:2)
Are you sure that criticism wasn't made specifically as a critique of how automation worked, from the point of view of labor-hours of income that had to be exchanged for a given quantity of goods, specifically in a capitalist society (and, remember, Marx was critiquing 19th Century capitalism, not modern "capitalism" in which every "capitalist" state has -- la
Re: (Score:2)
Insofar as that is true, how is that a benefit of capitalism?
I believe he simply meant free markets, but the free market is the cornerstone of capitalism.
For a good comparison, look at the Cold War and Communist Russia vs Capitalist America. The Russian standard of living was dropping because Communism does not provide an incentive to increase worker efficiency (other than what you can get by tyranical means), whereas in the US the economy was growing more efficient and the standard of living was skyrocketing. Both the US and Russia were tired and worn after the wa
Re: (Score:3, Insightful)
That changes the claim, but doesn't justify either the original or the revised version.
Russia was -- when the USSR was founded -- something like a half-century or more behind Western Europe and the US technology, and probably two centuries socially. And was devastated by war (like most of Europe, but unlike the US.) It then went t
Re: (Score:2)
This conversation, as entertaining it is, is a little bit futile. First I've understood that there was a lot of arguing about if these theories can be tested at all or should they be announce as pseudo-science or something. I think even Marx finally acknowledged that you can't test communism (or capitalism) on paper.
Which brings me to my second point, which is pretty much derived from the first point. Now if you can't test communism anywhere but in practice, and all the tests (USSR, Cuba, what else is there
Re: (Score:2)
The thing called "Communism" that was "tested in practice" in the USSR, Cuba, etc., is at least as distant from pre-Lenin Communist theory as are the mixed economies to which the advanced nations of the West transitioned from 19th Century capitalism. (Leninism abandoned the startin
Re: (Score:2)
I think the point is that "pre-Lenin Communist theory" fails in practice because of Lenin. It's unworkable because it fails to adequately protect against corruption.
You see this sort of thinking all the time with junior engineers: "we should do X, it's so much better than the way we do things today". Well, sure, every junior engineer for the past N years has pointed that out - but X fails because the real world is not a toy problem, and X provides no defense against non-obvious-but-common failure modes A,
Re: (Score:2)
That point is ridiculous. Leninism is a distinctly different theory.
Insofar as one accepts that it is fair to charge than a political/economic theory "fails to adequately protect against corruption" because one can create an distinctly different theory that incorporates some parts of the theory, and implement it, and have bad results, the charge
Re: (Score:2)
I'm aware of that but you missed the point and that's partly my fault since I wasn't clear about it. You can't test communism in theory and all empirical evidence shows it's simply not working, then one could come to conclusion that it doesn't matter a bit if it ever works in theory because it sure does not work in practice.
Re: (Score:2)
Capitalism stimulates technological advance better than any system that has ever been tried, largely because it combines a huge incentive for turning new ideas into products with the means of raising the capital to do so.
At it's root, capitalism is simply a system for determining who controls the means of production: assigning that control to those who have done well at that task in the past (because wealth is the primary means for gaining control of the means of production, and making good decisions about
Re: (Score:2)
I don't think there is any evidence that capitalism does so better than "any system that has ever been tried", and particularly not better than the mixed economies employed by every major advanced nation on Earth today.
Re: (Score:2)
Well, every economy is a mix of course - even totalitarian communist states have been a mix of the government-run economy and the black market. But the "degree of capitalism" and the long term rate of economic growth (with technological innovation being the primary cause of that) are directly correlated.
I think people have very strange idea about what capitalism is: if control of the means of production can be purchased for money, and you can make money by controlling the means of production, you have capi
Re: (Score:2)
Except for land in the narrow sense (which is often distinguished from capital), the Communist Manifesto did not include in its program for changes to the system of property (the elimination of capitalist property) the elimination of priv
Re: (Score:2)
Actually, Marx's main flaw was in how he valued technology. The man wasn't a starry-eyed idiot, but he just failed to see the value of automation - something not so obvious in his time. Marx directly claimed that machines cannot lower the cost of goods, because machines would naturally be sold for the value of the labor they replaced. Most of the benefit of capitalism is that technology reduces the cost of goods, so that our standard of living improves continuously over time despite the common man never getting a larger share of the wealth.
Actually, a lot of Marx's writings are about automation being crucial to both capitalism and communism as it drives down the cost of production. Also, since any activity in capitalism is itself subject to the same laws, prices will go down as more capitalists produce the same machinery, using other machines: the skill and cost of labor to create new machines go down, hence their value and in the end their price also go down. See 'wages, price and profit' for details.
Re: (Score:2)
If you look at the particular property-oriented policy recommendations Marx made for changes that should occur in the developed capitalist economies to implement the Communist program, they don't generally lay out a system in which an individual does not own the fruits of their own labor.
T
Re: (Score:2, Interesting)
No, actually, it doesn't. Like democracy (which it is, in a sense, an analog of, addressing economic rights instead of political rights) it relies on the idea that humans will work for the betterment of themselves, individually, so that widely and equally distributing power among the population will result in the broadest possible benefit. As with democracy, one of the places that communism breaks down i
Re: (Score:3, Interesting)
You defend the idea of Communism, yet hint at exactly why it doesn't work. Pure Communism cannot and will not ever work for the same reasons that pure Democracy cannot and will not work - natural cooperation breaks down when the group size becomes so large that individuals do not know every other member of the group on a personal level. Our congress would not function if it got much larger than it is. If it grew to over 1,000 members our government would almost certainly collapse, as there would be no wa
Re: (Score:2)
Actually, no, I didn't. I pointed out flaws in the particular mischaracterization of Communism.
As I pointed out, Communism doesn't really on cooperation, like democracy -- in the modern, liberal, limited form -- it re
Re: (Score:2)
That's the dumbest explanation of communism I've ever heard. You must be an academic.
Re: (Score:2)
No it doesn't. The theory of Communism proposes that humans will work for the betterment of their fellow tribe members. This works in small tribes where everyone knows each other (families and 'communes'), but was known in advance to fail for larger groups. The theory is bunk because it utterly fails to understand the fact that personal economic incentives are the primary driver of human behavior.
As was Marx's derivation of the value of the worker. He completely missed the fact that the value-add comes from the synergistic arrangement (arranged by the entrepreneur) of worker, raw materials, and the means of production.
You're wrong on both counts. As for the first, Marx merely said that it would be easier to work for the common good, as well as more efficient, in the long run. He wasn't proposing that humans worked for others for the hell of it, but because it would be the obvious smartest choice for themselves. Smarter than working for a capitalist who'd underpay you. And any self-employed entrepreneur knows it.
As for the second, let's do a little experiment: remove the worker from the equation and see how much value the
Re: (Score:2)
Which, incidentally, Communism is premised on the observation that they aren't and don't...
What, exactly, does that have anything to do with the theory of Communism?
Re: (Score:2)
Well someone has to decide what is needed, and without price indicators there's no unconscious mechanism doing so
Re: (Score:2)
The steps to revise the nature of property laid out in the Communist Manifesto doesn't eliminate price indicators -- it argues for essentially eliminating fee simple (perpetual) property in favor of a maximum of life estates in most forms of property (elimination of inheritance) and further eliminating private ownership of land in favor of private parties leasing land from the State -- so even if
Re: (Score:2)
Capitalism by definition doesn't work perfectly. Instead it is theorized to cause the least amount of damage. The issue is once the .gov starts picking favorites, it stops being actual capitalism.
Re: (Score:2)
It is theorized to do the least amount of damage? To what? To the earth? Or to the people living on it?
It sure helps in getting a relatively wealthy society quickly, but I would not call anything the current world does "the least amount of damage". Quite the opposite actually.
The Theory Complex (Score:1)
Re: (Score:2)
Louisville Sluggers provide a great brute-force technique.
Could we consider that a "hardware failure"?
Re: (Score:2)
OR better yet... a "hardware override"?
Re: (Score:2)
Not if applied to the head. That's why they call it rubber hose cryptograhy.
Stupid ass can't hack or nothin (Score:1)
I got norton.
[in before people who don't get the reference]
Re: (Score:2)
I got norton.
[in before people who don't get the reference]
Other things you were "in before":
Humor
Intercept-Resend Attack (Score:2)
Re: (Score:3, Funny)
Because Intellectual Property Hoggers International got a patent on a man-in-the-middle (TM) attack and the accountants at the university wouldn't pay the licensing fees, so they had to come up with a COMPLETELY NEW and different attack to avoid patent litigation, thus the incredibly novel "intercept-resend attack" (patent pending).
Re: (Score:2)
Man in the middle is merely attempting to read the information as it passes by. With Quantum encryption, reading the key could potentially change its value. (Hard to explain, but yes thats how it works).
An intercept and Resend is rather taking the information as it comes in, not reading it, but duplicating it (this would be the tricky part, duplicating something without reading it) and then resending the information out.
speaking of "being ahead of the curve" (Score:2)
We don't have a quantum computer to provide the quantum encryption yet, but the encryption is already broken.
I think it's time for my beauty rest.
In other words. (Score:2)
Even though quantum encryption is theoretically perfect...
Most things that are perfect *are* theoretical.
...real hardware isn't, and they exploit these flaws.
Most modern encryption isn't cracked by breaking the technology used to encrypt it. Security is only as secure as the pain tolerance of the person who knows the PIN, or the size of the visor that is suppose to hide the numbers you press from the person in line behind you.
Not really... (Score:2)
Saying that this exploit "defeated" quantum encryption is like saying that a bank is not secure because someone got stuck up walking home after making a withdrawal.
The summary admits as much by saying "Even though quantum encryption is theoretically perfect, real hardware isn't".
Does anyone think that a laboratory quantum encryption setup is exactly the hardware that quantum encryption implementations are going to have when they are commercially available?
I've seen this before, where someone claims that pro
Re: (Score:2)
I've seen this before, where someone claims that product X or Y is "not secure" because they were able to obtain a passphrase via social engineering.
It's not an entirely invalid argument, consider the difference between passphrase authentication vs. passphrase+smartcard (or securid tag, or...) If a single social engineering attack can compromise your network, it's not very secure.
The attack can be defended against easily. (Score:2)
It uses bright light to blind the single-photon detectors. Determining that your detectors are saturated isn't that hard; if they get saturated, someone's probably performing this attack and you might not want to use the key. In fact, any reasonable QKD scheme should really try to ensure that the detectors are operating properly throughout the key distribution otherwise it's a giant security hole.
Taking the least publishable unit to the extreme (Score:5, Funny)
1. Build quantum encryption system with a security flaw in the implementation.
2. Publish!
3. Exploit the flaw.
4. Publish!
5. Fix the flaw.
6. Publish!
Quantum encryption ? (Score:2)
Re: (Score:2)
Especially when you consider that a lensman can read any communication no matter how encoded, encrypted or obfuscated. Even a one-time pad won't do any good once a lensman sees it.