Forgot your password?
typodupeerror
Security

Australian Company Claims Laser-Based Quantum Crypto is "Unbreakable" (Video) 84

Posted by Roblimo
from the when-you-positively-absolutely-need-to-keep-your-crypto-key-to-yourself dept.
The QuintessenceLabs website doesn't mince words when it comes to self-promotion. It boasts that they are "The world’s first company to harness the quantum properties of lasers to herald a new generation of data security." InvestCanberra says, "the defense and security policy and procurement centre of Australia is the natural location for large conglomerate defense and security corporations and specialist cyber security, advanced communications and radar, ICT and surveillance businesses alike," and goes on to list QuintessenceLabs as one of several "locally headquartered companies that have grown into internationally successful organizations."

Here's another statement taken from the company's website: "QuintessenceLabs is the first in the world to exploit a new generation of quantum cryptographic technology which enables unbreakable, secure storage and communication of sensitive information through the generation of an ultra-secure cryptographic key." Unbreakable? That's a strong boast. Is it true? And even if it's only partly true, your upper management may call on you to explain (and possibly implement) laser-based quantum security, so you need to know what it is and how it works -- and whether it's something your company (or your client companies) need.

John Leiseboer:QuintessenceLabs is a cybersecurity defense company. We basically build products that help you generate keys, manage keys and do that effectively with a security policy so that the users of those keys know how to use the keys to meet the requirements of your workenvironment. Quantum Random Number Generator is actually something we are very proud of. We started like back in 2008, as a spinoff out of a research group at a university where work was being done in the experimental field of quantum physics, related to quantum key distribution.

As part of that technology development, we had to develop a whole bunch of components, including what we call the quantum random number generator. One of the interesting things about quantum key distribution, is that you need to have a very very high speed source of true random numbers. And in developing that particular technology, the QRNG spun out of that, and we found that there are applications for that in the commercial world as well as in various military and defense applications as well. So let’s take a walk around the booth.

What we are looking at right here is the concept or the demonstration of a concept of the extraction of entity from a quantum vacuum state. So the system here is displaying a laser that is called a coherent laser. In fact, it is a very finely tuned laser. As it is finely tuned, it also acts as a carrier of quantum information. The quantum information that is in fact encoded in this laser is a vacuum state. Random numbers in other words.That’s because in the quantum world a vacuum actually does have energy—the spontaneous creation and destructive energy. The way we can actually measure that you require an apparatus like this. So we a laser, a beam splitter, which is splitting the laser beam into two equal components and then we subtract those. In the classical world, what that would end up being is a vacuum—nothing. But in the quantum world, because it is a quantum state that we are actually carrying on the laser and splitting, we end up with the quantum vacuum energy.

We measure that by subtracting the laser from itself and then amplifying and filtering that signal, converting it to a digital signal, and converting that again into the actual random numbers that ultimately end up as key material. Obviously this is just a concept. It is really meant to just show and explain what the basic source of entropy is. That’s the splitting of that laser to bring the quantum back in. What we’ve actually implemented is obviously a little bit more sophisticated and a bit more practical. Over here, we have a rackmount chassis and towards the rear of the chassis you will notice that there is a card which has on it an aluminum box with the label which says QuintessenceLabs. That box has within it the optic components, so in there, we do have a laser, we have all the beam splitting components, the photo detectors which convert the light signal into an electrical current. And we have the subtraction circuitry that subtracts those two beams that I was talking about earlier.From the particular box, that very high frequency RF signal is then taken to some analog processing where we amplify it, we filter it, we frequency shift it. So it basically allows to get it into the digital domain. So once we’ve done all that preprocessing, we then pass the signal to an analog to digital converter and from there, we then go to a very high speed field programmable gate array which has internal circuitry just used to condition that random signal to produce the random numbers with a uniformdistribution.

There are all sorts of applications for random numbers. I mean, the most well-known use for random numbers is to seed a key generator. And keys are obviously required in cryptography.Whether that be symmetric keys or asymmetric keys you have to start with some truly random source somewhere. So that’s one application—a very common application. Other applications most communications protocols, secure communications protocols also require some element of randomness within them. You think of that SSL/TLS the transport layer security protocol. Every time you need to have a session with that, you have to generate a symmetric key, you would also probably often use a block cipher that requires an initialization vector.Usually that’s done with a random number. But if you are using an algorithm like DSA digital signature algorithm, part of that algorithm is the requirement to have a nonce, a random number that got itself repeated is actually a very good source of a nonce.So there are many different areas in the security field where you find a good need for random.

In addition to that, there are non-security related areas, simulation is a classic example. So the best most realistic simulations you need to as closely as possible simulate real world events. Most real world events have some element of random to them. Think about a tree. Think about a tree in a forest. Think about the leaves on that tree. Each individual leaf has some element of random movement. A high speed good quality random allows you to build simulators of for example, leaves on trees, which will be used in larger simulations yet again to give very realistic applications.And I guess the final there is, all sorts of modeling applications, scientific modeling, mathematical modeling, modeling of weather, and all those sort of applications large quantities of good quality random numbers are essential.

One thing I didn’t mention is the gaming industry.Of course they like to bias their random in certain ways. One of the best ways to bias your random is have a very good filtering function that’s treated with true random, then apply whatever manipulations you require, to make sure the output matches what you wanted it. But you start with a biased source, a bias of even more, you are not going to necessarily get the bias you want. But true random in, bias it the way you wish, and the gaming industry can make as much as they like out of it. We actually started our R&D up around in 2008, and this is 2014, so I guess the rough guess there is approximately six years. On that way, we’ve developed many different products that have been spinoffs of the basic technology. The actual effort gone of this particular development is probably closer to that two to two and a half years’ duration involving a team of peak load of about seven to eight individual engineers.

This discussion has been archived. No new comments can be posted.

Australian Company Claims Laser-Based Quantum Crypto is "Unbreakable" (Video)

Comments Filter:
  • Old news (Score:4, Informative)

    by Hentes (2461350) on Tuesday March 04, 2014 @06:03PM (#46401823)

    This is not a new technology [wikipedia.org], and have been under lab testing for a while now. The problem is that what's theoretically unbreakable isn't that secure in practice. Turns out it's quite hard to distinguish between eavesdropping and noise.

  • by LordLimecat (1103839) on Tuesday March 04, 2014 @07:08PM (#46402615)

    You cannot break the key in a properly implemented OTP. You have no way knowing which of the 8 zillion possible valid plaintexts was actually sent.

    The weaknesses are only:
      * If the OTP repeats-- that is, the key is not the same length as the message. For an unbreakable 2KB OTP message, you need a 16000bit key (2KB).
      * If the OTP is generated deterministically-- it is not random.
      * Key distribution is vulnerable. No matter what method you use, unless it is face to face, the OTP can be "broken" by intercepting the key.
      * Key storage. If anyone captures your OTP booklet or file, you have no security whatsoever.

    If you figure those out, its "perfectly" secure-- but as mentioned it basically requires face-to-face before hand OTP distribution and storing the OTP keys in a physical, airgapped vault.

"Our reruns are better than theirs." -- Nick at Nite

Working...