Quantum Encryption Implementation Broken 133
I Don't Believe in Imaginary Property writes "Professor Johannes Skaar's Quantum Hacking group at NTNU have found a new way to break quantum encryption. Even though quantum encryption is theoretically perfect, real hardware isn't, and they exploit these flaws. Their technique relies on a particular way of blinding the single photon detectors so that they're able to perform an intercept-resend attack and get a copy of the secret key without giving away the fact that someone is listening. This attack is not merely theoretical, either. They have built an eavesdropping device and successfully attacked their own quantum encryption hardware. More details can be found in their conference presentation."
Nothing to see here. Move along. (Score:4, Insightful)
How is it news that a flawed implementation of a perfectly secure algorithm can be taken advantage of? Cryptographers have been doing side channel attacks for a long time.
Comment removed (Score:3, Insightful)
Re:I've heard this before (Score:4, Insightful)
No it doesn't. The theory of Communism proposes that humans will work for the betterment of their fellow tribe members. This works in small tribes where everyone knows each other (families and 'communes'), but was known in advance to fail for larger groups. The theory is bunk because it utterly fails to understand the fact that personal economic incentives are the primary driver of human behavior.
As was Marx's derivation of the value of the worker. He completely missed the fact that the value-add comes from the synergistic arrangement (arranged by the entrepreneur) of worker, raw materials, and the means of production.
Re:Nothing to see here. Move along. (Score:2, Insightful)
Because the algorithm is almost never the weakness in any security system? This was snake oil, sold as "provably perfect encryption" which is a total load of rubbish. Anyhow, quantum crypto wasn't about a algorithm, but about a silly claim that one can use technology to make communication intercepts "provably impossibly". Bullshit - making one link of a chain really really strong doesn't make the chain meaningfully stronger.
Re:I've heard this before (Score:4, Insightful)
Actually, Marx's main flaw was in how he valued technology. The man wasn't a starry-eyed idiot, but he just failed to see the value of automation - something not so obvious in his time. Marx directly claimed that machines cannot lower the cost of goods, because machines would naturally be sold for the value of the labor they replaced. Most of the benefit of capitalism is that technology reduces the cost of goods, so that our standard of living improves continuously over time despite the common man never getting a larger share of the wealth.
At any given point in time, the only reason capitalism does any better job of creating a "synergistic arrangement of worker, raw materials, and the means of production" is that capitalism self-corrects for corruption faster (companies fail faster than governments). In practice this is a minor factor as successful companies quickly infiltrate government to create regulations that raise barriers to competition (markets are never free for long).
Over generations, however, the advance of technology is huge - far more important that the distribution of wealth to one's standard of living. And free markets (to the exten they exist) are far and away the best stimulus for new technology. This is why established firms so often seek government regulation: to prevent (or at least slow) disruptive technology.
Re:Nothing to see here. Move along. (Score:3, Insightful)
You do realize that "quantum crypto" is not any kind of cryptography, right? (Beyond the most general sense of "secret writing", I guess). It's a "provably secure" means of detecting eavesdroppers. Except, as with most "provably secure" systems, it turned out to be flawed.
Re:Nothing to see here. Move along. (Score:3, Insightful)
I don't understand your point. A company is selling a system marketed as "quantum cryptography" and "provably secure". This commercial product was broken by a fairly normal approach to breaking comm security. "Quantum cryptography" is a marketing buzzword term (buzzphrase?) largely created by this company.
I suppose pedantically one could say "a commercial appliance marketed as provably secure quantum cryptography was broken", but most people understood the intended meaning: this much hyped "quantum crypto" doodad is no real improvement in practical comm security.
You didn't RTFA, did you? (Score:2, Insightful)
> How is it news that a flawed implementation of a perfectly secure algorithm can be taken advantage of?
Because it's a very technically impressive hack that breaks the guarantees we love quantum encryption for (the idea that we can detect eavesdropping) and it does it in a fairly general way, using a weakness in an important piece of hardware (the single photon detectors) that's used in many quantum cryptography setups.
It may not be surprising to you, but the technology used isn't so trivial as you make it sound. Read their conference presentation if you want to see. The only reason I didn't write more of it into the summary is because I didn't want to butcher all the explanations when I could let you read the original.
- IDBIIP
Re:Nothing to see here. Move along. (Score:3, Insightful)
If the device was using traditional public key encryption they could have done the exact same attack.
That was pretty much my point too. I have no insight into the motivation of the researchers, but this product is snake oil becuase it can be broken by the exact same attacks that work against a system not "protected by the Magic of Quantum(TM) - now with extra magic!" The thing that differentiates this product from competing comm security products adds no security in practice.
Re:Nothing to see here. Move along. (Score:3, Insightful)
further hardening the strongest element in a security system does not provide additional security
Of course it does. You're taking a rule of thumb and holding it up as gospel while completely misunderstanding the purpose of it.
Re:I've heard this before (Score:3, Insightful)
That changes the claim, but doesn't justify either the original or the revised version.
Russia was -- when the USSR was founded -- something like a half-century or more behind Western Europe and the US technology, and probably two centuries socially. And was devastated by war (like most of Europe, but unlike the US.) It then went through several years of civil war that further wrecked the econom, made a brief attempt under the NEP to build a sustainable economy without an immediate threat of major war, then returned to war mobilization for the short term in the 1930s, was again -- like much of Europe and again unlike the US -- devastated by war again, and then got into a global economic and military competition with an opposing block that was far ahead in starting position.
So, even if Leninist/Stalinist Russia was a good study in Communist theory (which, given how radically Leninism rewrote Marxism with no real theoretical basis, only the recognition that Russia wasn't in the condition which Marxist theory saw as a precondition for the socialism that was the first step to Communism, is a pretty hard case to make), and the US was a good study in Capitalist theory (which, given that like most advanced economies, the US from the mid-20th century was a mixed economy, is also a hard case to make), the comparison between the two in direct competition -- given the difference in starting conditions -- wouldn't be a particularly good way to compare the theoretical systems in any broad way.