Quantum Cryptography Conquers Noise Problem

ananyo writes "Quantum-encryption systems that encode signals into a series of single photons have so far been unable to piggyback on existing telecommunications lines because they don't stand out from the millions of others in an optical fiber. But now, physicists using a technique for detecting dim light signals have transmitted a quantum key along 90 kilometers of noisy optical fiber. The feat could see quantum cryptography finally enter the mainstream. The researchers developed a detector that picks out photons only if they strike it at a precise instant, calculated on the basis of when the encoded photons were sent. The team's 'self-differentiating' detector activates for 100 picoseconds, every nanosecond. The weak charge triggered by a photon strike in this short interval would not normally stand out, but the detector measures the difference between the signal recorded during one operational cycle and the signal from the preceding cycle — when no matching photon was likely to be detected. This cancels out the background hum. Using this device, the team has transmitted a quantum key along a 90-kilometer fiber, which also carried noisy data at 1 billion bits per second in both directions — a rate typical of a telecommunications fiber."

Great news!

[gagol]

Where can I get buy my personal quantum crypto kit?

Re:

[Bryansix]

Seriously, I have no idea of the actual application of this technology.

Re:

[angelbar]

ooh My (possible) God. I home that you isn't one of the involved physicists. :)

Re:

[noobermin]

From The Fucking Article:

You cannot measure a quantum system without noticeably disrupting it. That means that two people can encode an encryption key — for bank transfers, for instance — into a series of photons and share it, safe in the knowledge that any eavesdropper will trip the system’s alarms.

Please help this simpleton ...

[Taco Cowboy]

I gotta admit that I'm not familiar with photonic quantum cryptography.

As far as I know, photonics means light, and light does reflect - and could even possibly be diverted (from one beam and splits it into two)

Can the MIM (man in the middle) spit a beam into two, letting the "original" beam to travel to whoever the recipient while working on the "branch"?

Would that approach cause a "noticeable disruption"?

Re:

[sFurbo]

Light consists of photons. In the limit of a one-photon signal, you cannot split it. Even with a handful of photons, splitting it is hard. I don't know how few photons they use in commercial quantum cryptography, but it is quite few.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Trax3001BBS]

Seriously, I have no idea of the actual application of this technology.

Unbreakable copy protection, DRM.

Re:

[kaws]

Not sure if being sarcastic but... this technology wouldn't be able to be applied to DRM at all. This is just for communication between two machines.

Re:

[gweihir]

There are none. Unless you want something far, far worse than existing technology in terms of capabilities, cost and reliability. I do not think this stuff will ever become mature, but if it does, expect it to take > 100 years from now. This is just scientists lying in order to get funding, there are no in any way relevant breakthroughs and there have been none since this started. And the physics used is also shaky, unlike moder cryptography which relies on mathematics that is solid.

Re:

[Anonymous Coward]

moder cryptography which relies on mathematics that is solid.

And except for the use of one time pads, modern cryptography methods can not be proven to be secure in the sense that there are not proofs of the nonexistence of fast cracking algorithms. They are all pretty much based on the idea that it should be hard to determine keys, etc. based on spending several years trying to come up with a way to break it, but don't exclude the possibility of someone developing a new attack down the line in any way.

If implemented correctly, quantum encryption would only be brok

Re:

[gweihir]

Ok, admitted, even the DLP has not proven to be hard except under unrealistic assumptions.

Block ciphers are also a risk, but then when you do quantum-key-exchange, the next thing you do is communicated protected by a block-cipher with the exchanged key, so that is irrelevant. Because quantum-key-exchange is very, very slow, there is really no way around that. So you have to use classical crypto anyways and quantum key-exchange is just one more component that can fail.

There is also the problem, that classica

Re:

[ark1]

Clavis [idquantique.com]

Re:20/20 transmission

[avandesande]

Send a handshake message used to calculate transit time, and then another to specify when the next packet will be sent, or at what intervals. If it fails redo the handshake.

Re:

[K. S. Kyosuke]

So you have to first...securely communicate, before you can securely communicate? How does that work? :-)

Re:

[Time_Ngler]

Why would the handshake need to be encrypted?

Re:

[Anonymous Coward]

Why would the handshake need to be encrypted?

You need to securely communicate the handshake, because otherwise the eavesdropper can intercept that message, and increase the transit time to a point long enough that they then will be able to perform a man in the middle attack on the following quantum key distribution packets.

Re:

[JonySuede]

no, the safe way would be to synchronized something like a good atomic clock in person, transmit periodically the the drift and sometime a key or a ping using the low energy hidden in plain sight technique

Re:

[somersault]

If you're going to have to be together in person anyway, why not just generate/swap keys then..?

Re:

[JonySuede]

Because you want the key to be destroyed in case of eavesdrop. Suppose you swap a 64Gb one time pad with me, what assurance do you have that I did not copy the file to Alice ?

Hacking fun

[MakersDirector]

Next thing you know, they'll invent something that will bend light. Oh wait. They already have! It's called a Prism! And next thing you know... hackers will be 'hacking' light by bending it use natural magenetic forces. And cracking that unsafe light transmission, because we all know, light is NOT faster than electrcity....

Re:

[kubernet3s]

Are you being sarcastic, trolling, or on drugs? I can't tell, you see, because of my internet Asperger's

Re:

[kubernet3s]

As a researcher in quantum mechanics, I can attest to the fact that everything you have said so far is either patently false, or has no basis in physical reality. You are confusing the photoelectric effect (a statement about the wave/particle duality of light due to the deBroglie relation) with an equation due to general relativity (a statement of the equivalence of mass and energy), which you state incorrectly (reducing your equation written as Et=mc^2*t^2 yields E=mct, which is false). The considerations

Re:

[kubernet3s]

Also, if this is a troll it's a really good one, and you win, and you can stop now.

Re:

[Anonymous Coward]

. hackers will be 'hacking' light by bending it use natural magenetic forces

Natural or unnatural in origin, magnetic fields don't bend light by themselves (some materials will affect light in ways that can be changed by a magnetic field... but in that case you could just use regular optics if you just want to bend). There is an exception due to QED... but requires magnetic fields orders of magnitudes higher than anything on Earth, only works on gamma rays because it gets weaker for longer wavelengths, and scatters instead of bends.

Re:

[kaws]

The idea behind this is that the information is stored in a quantum state and any attempt to read (observe) the data breaks the quantum state. If someone were trying to do any intercepting then they would end up garbling the data on the other end thus tripping an alarm that something is wrong. In other words, this is really exciting because right now, there's no way to secretly intercept a quantum communication.

Re:

[MakersDirector]

Not unless the matter is converted to energy and back again.

Re:

[kaws]

ANy attempts to read it would disrupt the quantum entanglement. This has nothing to do with matter in fact, it's mostly light. Now if you were trying for sarcasm, sorry I missed it.

Not Typical Telecom

[Anonymous Coward]

"transmitted a quantum key along a 90-kilometer fiber, which also carried noisy data at 1 billion bits per second in both directions — a rate typical of a telecommunications fiber."

Telecommunications fiber with a 90km (~50mi.) length would be considered backbone. Typically two fibers are used to send signal in both directions. Single fiber applications require different frequencies of light to both TX & RX. This single fiber application is only used in metro FTTX/GPON situations - never in back

Re:

[noobermin]

This is still a leap over the previous possibility, on the "expensive 'dark fibers'"...I think that was tfa's point. And the emphasis might have been the rate, not the specific setup. I don't think they are claiming the prototype is market ready...

Not news for political science majors.

[noobermin]

Why is this shit on my slashdot?

Also notice, 13 comments while the other political junk averages >100.

How to use quantum key exchange?

[timeOday]

My understanding is this would allow you to send bits ensured that nobody else had seen them. But every router / repeater must do exactly that, to send them on the next hop. So really, this is just for when you believe you have one continuous fiber strand and want to make sure... correct? If so it does not allow individuals to communicate securely over the Internet, since there is no un-interrupted strand connecting the endpoints. For a truly private network, like connecting missile launch sites to a

Re:

[gweihir]

Not quite. But basically, you can only do optical switched circuits (no packed networks), and you cannot do amplification. Switched circuits are a failed technology, just look at ATM. And you still need a second network for the actual data transfer.

That makes this thing completely useless in practice, except for dedicated, short links. But for them you can use pre-shared key to get the same level of security, or even higher, as this quantum stuff has already been broken numerous times. And 1:1 link can be p

Re:

[TheRealHocusLocus]

The problem with so-called quantum crypto -- and I applaud slashdot calling it out, there is no crypto involved -- is it's not even a new deal for telecommunications, because we already have a demonstrably secure method: crypto.

So it's all about laziness, the unwillingness to engage in the practice of secret key management. If your target market is comprised of folks who are unable or unwilling to manage their own security and want some black box to do it for them... well are we not approaching Dilbert-esqu

Re:

[DMUTPeregrine]

Quantum Cryptography is an outdated term, it should be called Quantum Key Distribution. It's essentially Diffie-Hellman without the possibility of a Man In The Middle attack going unnoticed.

Sometimes you'll want to generate a new secret key, and not have the opportunity to physically travel to the same location as the other party. If you've already got an uninterrupted optical fiber and the QKD equipment you can generate new secret keys on demand. It's not likely to be practical for general use anytime soon

Why is it called quantum "cryptography"?

[Myria]

Shouldn't it be more like, quantum tamper detection? It's just using one-time pad in such a way that the pad's transmission getting intercepted will trigger the tamper detection mechanism.

Re:

[gweihir]

Pure marketing BS. It is "quantum modulation", no cryptography involved at all. At it is completely irrelevant anyways. The people doing this have to outright lie to get continued funding.

Variation on time division multiplexing

[Mostly a lurker]

While the hardware challenges are undoubtedly substantial, the basic idea is just a variation on time division multiplexing, which has been extensively used since the days of the telegraph, well before 1900. If this receives a patent, I hope it is for some hardware advance and not just because of the sharing of the fibre.

Still completely irrelevant

[gweihir]

There are numerous problems:
1. You need _optical_ switches, i.e. switched circuits. That approach failed a long time ago. Anybody remember ATM?
2. 90km is nothing. Amplification is impossible, so unless they reach 10'000km, this is completely irrelevant.
3. Nobody needs it. Cryptography does fine. (No, this is at best "quantum modulation", no crypto involved.) If you are paranoid, use OTPs. They are far, far cheaper, far, far more reliable and completely compatible with existing networks.
4. Remember, this is only key exchange, not actual data transmission. As such it is pretty useless, as you still need to rely on cryptography for the message transfer.
5. The security guarantees are far, far weaker than people are made to believe. Just look at the history of successful compromises.
6. Not even the physics may work out. Quantum theory is a _theory_, not established fact.

Another worthless stunt.

Re:

[gweihir]

3. Just make the keys longer or use ElGamal. Crypto _is_ fine. And you are mixing apples and oranges. For block-ciphers, quantum computing (if it ever works for any meaningful input sizes, which is doubtful), gives you a square root. That means AES-256 goes down to AES-128 which is still secure. Not a problem at all.

6. Wrong. It is not established fact for the precision and completeness needed for crypto use. Some tiny errors and variations are all it takes to completely break the key-exchange use, but leav

Re:

[sFurbo]

You might be right on the first 5, but your number 6 is misleading. If quantum mechanics was not a correct description of the world, the computer you used to write your message on would not work. Quantum mechanics is one of the most successful theories ever. Oh, and theory does not mean what you think it means (at least when scientists use the word).

Re:

[gweihir]

It is not that simple. Some tiny variations could leave quantum theory intact, but completely break "quantum modulation". This is crypto. Some information leakage can easily invalidate it, even if it only happens under exotic conditions. In that case, everything works for most of the world, but an attacker can create said exotic conditions.

I do indeed know what "theory" means here, namely well established model (not an exact description of reality) which still has flaws and inaccuracies. For the use in key-

Re:

[gweihir]

1) You cannot have hops. For this to be secure it has to be done end-to-end, there is no other way. The exact same photon sent by the sender _must_ reach the reciever for any of the security properties to hold.
2) 90km is worthless. You _cannot_ regenerate quantum signals. If you could, they would be completely insecure.
3) It is not even somewhat secure at this time and several implementation have already been broken.
4) If you need to rely in conventional crypto anyways, do the key exchange with that, and ha

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[gweihir]

I am a scientist. I know that. The problem is that even a well-established physical "theory" is only a model and can have tiny errors and inaccuracies. For use in key-exchange, these can easily be disastrous, while leaving most/all other uses intact. Also, for the case of quantum theory, the model is not complete. Simply following the press is already enough to see that. Maybe we will have a GUT one day and it will be accurate. That we do not indicates that even quantum theory is flawed, possibly only in su

Re:

[gweihir]

Not well enough for cryptographic use. For most uses, if it holds up in 1000 (or 1'000'000) experiments and fails in one ("measurement error"?) it is fine. For crypto, you need far better accuracy.

Re:

[gweihir]

Indeed. And this type of tiny inaccuracies can (and has in the past) completely break any cryptographic use.

basic question

[__aaltlg1547]

Supposing I didn't get the message I was expecting to receive, how do I know it wasn't intercepted?

But what attack does QC prevent?

[BlueRaja]

I still don't understand the benefit of Quantum Cryptography - it only prevents eavesdropping on the wire, right? It doesn't prevent a man-in-the-middle (where someone would receive the signal, read it, and retransmit it along the wire)?

Assuming your machine is clean from infection, the big eavesdropping concerns today come from man-in-the-middle attacks: rerouted lan traffic (such as compromised clients running an ARP spoof), and intermediary nodes between endpoints (eg. your ISP, and the Internet backbo

Re:

[DMUTPeregrine]

It does prevent MITM.

Specifically, it is a key-distribution scheme that can't be attacked by a MITM attack, assuming the equipment behaves in an ideal manner. Most of the breaks of QKD systems have come from the fact that equipment does not behave in an ideal manner.