Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Encryption Security

Making Quantum Crypto Actually Work 111

There's a piece on the newest breakthrough in quantum crypto on Feed. It goes over some of the background that we've all read before, but the implication of actually making it somethig useful beyond the current short distance is pretty darn cool.
This discussion has been archived. No new comments can be posted.

Making Quantum Crypto Actually Work

Comments Filter:
  • wouldn't this make really fast broadcast of data over arbitrary distances? Assuming you could stabilize the entanglement, or create a continuous supply of entangled quanta cheaply, and transport them reliably, (many assumptions... but who knows what the future holds?) you could make a quantum backbone... forget laying transatlantic fiber. Now if we could only entangle arbitrary quanta without having to have them in proximity... Can you say quantum switching? Good... I knew you could.
  • The essence of public/private key crypto (which is what we use today for key exchange) is the putative difficulty of prime-factoring a very large number. Our confidence in this sort of algorithm stems from centuries of direct investigation of this problem and corresponding centuries of failure to accomplish a solution in a reasonable time order. The problems involved in solving this problem is so well understood that mathematicians have even been able to generalize this problem to a class of seemingly unrelated problems in the NP set. I won't pretend I understand NP at all, but any discipline that can draw a parallel between prime factorization and problems like the traveling salesman is obviously deeply researched and well developed.

    RSA depends on factorization being hard. There exists other public key systems depending on other problems being hard.

    Oh and computer science has not proved a link between factorisation and the traveling salesman. Factorization is not known to be NP-complete, although it is known to be in NP.

  • Prior to the advent of public key crypto, the problem of key distribution meant that useful cryptography would be limited to the powerful who could afford the expense of secure transportation of symmetric keys, such as the military. PK crypto largely eliminated the problem of key distribution, leaving only the much easier problem of creating a public key infrastructure (PKI).

    The danger is that quantum computers will make public key crypto useless, setting us back to a time when useful crypto is reserved for those that can afford symmetric key distribution systems, or quantum crypto, which - if possible - is likely to be incredibly expensive.

    Now I would never suggest that we stop research in these areas, but I do think that it gives us a limited window to obtain free communication for all while we still have the tools to achieve it.

    --

  • What is to safeguard this from a "man in the middle" attack? Someone could intercept the quantum communication, and convince the sender that they are the receiver, and the receiver that they are the sender. They can then read, and even manipulate, all communication over the supposedly secure link. More conventional mechanisms such as "Diffie-Hellman"(sp?) key-exchanges combined with symmetric crypto are also vulnerable to this attack.

    --

  • I've always understood the spin to be somehow changeable, like you could change the spin from up to down (top to bottom? I don't really know these terms) and the person on the other side would see the new spin. Communication would be just s/top/0/g and s/bottom/1/g.

    The big question I have is how long is 'after a while'? Does this quantum entanglement last however far you can run in the next five minutes, or is this something that lasts a few months? The timeperiod would definitely impact its usefulness as a communications medium.

    Zipwow
  • Finally something worthwhile in this discussion. What they don't teach in physics class is that the part beyond the equations is nothing but interpretation.

    Sheldon Goldstein has published some worthwhile papers on QM. He's basically debunked a lot of the "superposition of states" crap, and proved that QM can be deterministic with the usual limits on observation. The gist of the argument is GIGO: no accurate position/momentum to start means no accurate position/momentum at the finish. We don't know the definite trajectories of any particles in the universe, so we can't measure any, since we can't put together an reliable measuring tool without this knowledge. So in fact QM does not mean that the universe is non-deterministic; it just means that we're ignorant of a range of phenomena at the quantum level. Enough said.
  • The sender is equipped with a dog locked in a box. A radioactive atom, contained in a special measuring apparatus, has a finite probability of decaying and triggering a fatal dose of poison for the dog. Neither the sender nor, more crucially, the SPCA knows whether the dog is dead or alive when the message is sent.

    The superposed live and dead dog is then passed through two slits, resulting in an interference pattern, where dead and live dogs reinforce or cancel each other out. This pattern is transmitted via fiber optics to the receiver, who is equipped with a physics book identical to the one possessed by the sender.

    The receiver then passes the beam through an apparatus which contains three doors. Behind one of the doors is a goat. Behind another is a brand new car. After the receiver chooses one door, the host opens the door containing the goat.

    Now the receiver guesses whether the dog is dead or alive, and if he is correct, he receives a shiny new car and a year's supply of dog food, signifying that the message has been successfully transmitted!

    While this method is correct in theory, no one has yet built an apparatus using this method over long distances. However, scientists are confident that these minor details will be filled in shortly.
  • If you've been in contact with someone, just give them a set of decryption keys for one-time pads. Then, for the last one, send another batch.

    If I understand you right, you want to distribute OTPs via the OTP encrypted channel. That doesn't work (or rather doesn't make any sense) since OTP encryption uses up exactly as many key bits as data is encrypted. If you send someone 500k of fresh OTP bits encrypted you use up 500k of the existing bits and will gain nothing. In effect you just replace a set of OTP bits with another set of the same length, which is useless.

  • So you propose to distribute one time pads over another channel that is using a stream or block cipher with fixed key length, arguing that that channel can't be attacked since only random data is transmitted (if I got you right).

    Sorry, this doesn't work. You might get only random data on decryption attempts, but it's only a limited set which you can test by decrypting OTP encrypted messages in order to crack the key of the distribution channel (you just added one additional step). That makes the combination of both methods no more secure than the distribution channel alone, so you might as well use that to send messages directly.

  • Someone will correct me if I'm wrong, but I think you're confusing quantum encryption with quantum computing. Both adopt non-"normal" properties of physics at a quantum level (and hard to get a grasp on concepts like entanglement, superposition, infinate # of universes etc.) but they are different.

    As I understand it, quantum cryptography involves the fact that a third party observer of information in transit *by definition* alters the content of the message by simply "sniffing" it. A recipient can therefore detect whether or not a message has been intercepted.

    Quantum computing, on the other hand, involves setting a number of atoms (each being one quantum bit, or "qbit") in a "superposition" (a state where they're simulateously positive and negative, I think) in accordance with a particular formula (or "program") that corresponds to what you waht the computer to calculate. To determine the output of the "computer," readings are taken from the atoms to determine the probability of the correct solution in our universe.

    Somehow or another, quantum computers allow you to do in parallel (because your kind of narrowing down the possible solutions for an infinate number of universes down to OUR universe) what traditionally has to be done sequentially through normal computing. The most obvious application for this is for trying lots of encryption keys simultaneously (or near simultaneously) to find the right one.

    Sorry for the vagueness, I'm just trying to get a handle on it myself and I haven't read about it for a couple months so my memory is wearing down. There are lots of good resources and papers on this topic on the web though.
    -------------------
  • One just use your standard 'Man in the Middle' sort of attack? If you can intercept a quantum messages, odds are you can send it as well. Of course I might just be totally off base here.

    ---
  • Because entanglement degrades over time, it's necessary for long-distance communication that a pair be as perfectly entangled as possible to begin with.
    Can someone point me to a reasonably nontechnical explanation of this? (E.g., one that doesn't require the reader to be able to roll his/her own Hamiltonians.) What does "degrades over time" mean? Is this an intrinsic property of the entanglement (which I thought I was just beginning to understand before reading this, but apparently not), or do they just mean that the chance of something perturbing the system (and making the entangled pair useless -- in the same way as an eavesdropper would) increases over time? Or do they mean something else altogether?
  • Quantum computers employ the same method of the uncertainty principle to compute--prerequisite was a badly chosen word, tho.

    Their advancement will almost certainly be parallel.
  • Um, are you trying to initiate a flame?

    Not to say that your points aren't generally valid, but, I hate to tell you, but Big Brother is already sending private messages back and forth that we can't read. Remember, the gov't (well, the military) has the patience and need to use OTPs. OTPs always win.

    The more serious problem is that a prerequisite for quantum crypto is stronger quantum computers. Stronger quantum computers can breeze through current crypto mechanisms with startling ease, dramatically raising the bar of what is a 'secure' keylength. Start thinking 4096bit, buddy. Gov't needs privacy, they have it and will keep it. Citizens also need privacy, we can have it sometimes, but might be about to loose all possibility of it.

    All that being said, c'mon. We know we're not gonna stop technology, so we need to start thinking seriously about how to address the implications. We're not the RIAA here, we know the light is a train, and we're smart enough to find a side-tunnel to not get killed.
  • The article focuses on one piddly part of quantum crypto. It's more powerful than it reveals, as this /. thread [slashdot.org] and it's related article [physicstoday.org] discuss.
  • Actually, it is. Is this a real surprise? It's word magick, sort of like "organic carrots". Well, I suspect that carbon molecules are in there somewhere.

    We tend to say "security by obscurity" when we are talking about weakly obscure matters. And we tend to say "real security" when we are talking about more obscure matters. The importance of quantum transmissions is that they provide the potential for "almost complete obscurity". But...

    Here's an interesting question, suppose you could show that every message that you could send with a code had a sensible translation involving all the same information as the intended translation that could be determined in less time than the intended translation. I tend to suspect that we are approaching this point. How could this be proven correct, or incorrect?

    If such a code were created, could anyone ever know what was meant by a message sent in it?

    Now I posit that, given certain assumptions, English is such a code. (It's mostly not intentionally designed to be obscure, but the development was a rather random process, and complete accuracy of interpretation of message transmissions was not at the top of the agenda.)

    If you think that English is precise, and that you know what an English sentence means, then I invite you to express it in C, Lisp, Python, or one of the other truly unambiguous languages. (OK, there do exist sentences that can be so translated. But the majority of them cannot.)

    How will this help? It may be one step toward systems which can understand natural languages. (It's rather of a sideways step, but the existence of encryption techniques tends to inspire the existence of decryption techniques, which may be what is needed.)

    Caution: Now approaching the (technological) singularity.
  • Because yer only 50% sure when you read a 1 if it was really a one. Therefore, when you retransmit the key, you're forced to guess and 25% of the key bits you retransmit will be bogus.
  • The cryptography part is interesting, but what about the prospect of communication across unlimited distances?

    I have read about quantum entanglement many times before, but I assumed there were some form of problem with it that prevent it to be used for actually communicating data directly.

    However this article seems to imply that quantum entanglement *can* indeed be used to directly communicate. Well, that's a *big* deal in my opinion - and on a larger scale than cryptography. If we ever *do* figure out a way to achieve FTL travel, we're still going to have to have some form of near-instant way of *communicating* across such great distances.

    Ok, so space travel might not be what everyone was thinking; but I'm surprised I haven't seen quantum entanglement hailed as a communication method in general, if indeed it's currently in a state such that it is possible. /p.
    / Peter Schuller
    ----------------
    E-Mail: peter.schuller@infidyne.com
    URL: http://www.scode.org

  • That's what I thought.
    / Peter Schuller
    ----------------
    E-Mail: peter.schuller@infidyne.com
    URL: http://www.scode.org
  • Sci-Fi author don't have it wrong. You have it wrong. In all Sci-Fi movies/series I've seen, FTL travel is achieved thorugh "non-conventional" means. Warp travel (i.e. moving the warp bubble a FTL speeds, not the ship), hyperspace, worm holes - whatever.

    One might debate the realism of those various techniques, but relativity is *NOT* an issue. No sci-fi series/movies that I know of claims that you can achieve FTL travel in any practical sense by just accelerating long enough.
    / Peter Schuller
    ----------------
    E-Mail: peter.schuller@infidyne.com
    URL: http://www.scode.org
  • As a "real" physicist can you tell me if the whole being able to transmit information from entanglement is really possible, because a few years ago I had a respectable physicist tell me that it was simply a slight of hand trick and nothing practical could really be done with it, sorta like that experiment mentioned a while back about info in light leaving a tube before the original light should have. Or has more proof of its reality come out in the last few years?
  • This is a very weak interpretation of the EPR experiment: there is no reason to believe that "physics is fundamentally nonlocal" in the sense that you're talking about - especially when it comes to the interpretation that it will produce "instant" anything.

    The hardest part of quantum entanglement to understand is the fact that Nature is both fundamentally local and nonlocal at the same time. Yes. You heard me. That's exactly what I meant.

    Interactions are local: a particle at point B ten light years away from a particle at point A can only interact with an on-mass-shell particle intermediating the two. That is, for an electron which emits a photon which is reabsorbed by a particle ten light years away, the photon is on-shell - or VERY nearly on-shell: q^2 = 0. They can't exchange an off-mass-shell particle, because it would need to live too long. What does this mean? It means that space essentially determines the momentum scale of an interaction - i.e., interactions are fundamentally *local*.

    Particles, however, are fundamentally *nonlocal*. As D. Griffiths might have put it in his wonderful QM text, "Even God doesn't know the exact location of an electron" - because the concept of an "exact location of an electron" doesn't exist. Yes. That's right. It's not an inherent limitation in humans, or the Universe, or God in this case. It's the way electrons are. If you asked God what the exact location of an electron was, he'd look at you as if you were stupid, because you'd be asking a complete nonsense question. Asking "where is an electron?" is nonsense. The concept of "where" doesn't exist quite as firmly for an electron as we think it does for us.

    So, how do you reconcile the concept of the EPR experiment? It's because the concept of the "location of the photon" is not real. The photon is located along the entire spread of its worldline, as is its pair photon with opposite polarization - or at least, the photon's polarization is (talking about the "location of a photon" is, as I said, meaningless). Same for an electron/positron pair in the classic EPR experiment. When you measure the polarization (or spin) of the photon (electron), you're measuring the polarization of one part of the *combined pair*.

    Of course, once you do that, you localize each portion of the state: interactions are fundamentally local, after all.

    You said it yourself. All that exists are particles and their interactions. Particles don't provide the structure of spacetime - their interactions do. You can't have instantaneous changes in position because that would suddenly cause all the interactions that those particles were undergoing to become nonlocal.

    The only way you can have "instantaneous changes in position" is if you physically make the space close - i.e., a wormhole - then all the interactions stay local. They're then in a multiply connected topology, but there's nothing wrong with that. However, good luck actually predicting the dynamics of creating a wormhole. We don't have math for 'breaking' a continous object and then 'reforming' it again (see also waves crashing). Might be possible, might not.

    But in any case, "instant" communication is insane without invoking the concept of a multiply connected universe.
  • Wow. That link is by far the worst example of idiot math I've ever seen in my life. Has the author ever *read* a relativity textbook?

    What is claimed in the link:
    Motion is impossible because a component of the "4-velocity" created by "dx/dt" is a "unitless" number.

    OK, so why is this stupid?

    The position of a particle, x, is defined as
    x = (ct, x, y, z) in some reference frame - it is NOT (t,x,y,z): that's *stupid*: space is space, time is time. But when you consider that there is a common velocity throughout all space and reference frames - the speed of light in vacuum - then 'time' has to be linked to 'space' somehow - and it's linked through the speed of light in vacuum, c. You can work this out on a sheet of paper using the Pythagorean theorem.

    OK. So even the 'simple' 4-velocity dx/dt now looks like dx/dt = (c, dx/dt, dy/dt, dz/dt). Nothing's unitless - everything has dimensions of distance/time. Thus, we have already disproven the statement in the above link. So, we can stop here.

    Motion in spacetime is simple - it works exactly as it does in Euclidean space/time. Want to create motion? Just shift to a reference frame that is moving at a different 3-velocity using Lorentz transformations. Boom. You've got motion in spacetime - you can then follow the object's position as it moves through spacetime.
  • I don't know about the time paradox (relativity only says physical objects can't move faster than light, AFAIK). But suppose it was possible, you would have a "subspace (TM)" communications system. So shouldn't SETI be listening for this, instead of some alien civilization's TV reruns?
  • by Hard_Code ( 49548 ) on Thursday April 26, 2001 @05:00AM (#265292)
    "Because entanglement degrades over time, it's necessary for long-distance communication that a pair be as perfectly entangled as possible to begin with. Zeilinger's proposed mechanism, a polarized beam splitter (PBS), is a little cube of gas that generates highly entangled states in photons that are only weakly entangled, making them robust for long-distance communication."

    Whah??? So if you "cook up" an entangled pair of photons, don't you have to then send one to the recipient? How does the recipient get their photon? Or does, through the magic of QM, the entangled photon just "appear" at the other side?

    Forget encryption: if we can transmit information simultaneously (in the very physical definition of the term), that itself is an AMAZING feat. You could basically have all the information in the world replicated *instantaneously* everywhere. What's stopping me from generating billions and billions of "bits" of entangled photons, and just using them for massive storage and "free" simultaneous communication?
  • Not quite. Q-Crypto is used as key exchange. But as others have noticed, garbage and noice look the same.
    <P>
    Alice sends to Bob and Eve is trying to spy. Alice entangles 128 pairs of photons, sends half of them down the network. ...(1)... Bob looks at the photons and says "ha! I can talk to Alice."
    <P>
    What says that Eve can't look at the photons at (1)? It would seem to Alice that Bob looked at them. And when Bob looks at them after Eve, they don't change.
    <P>
    How do entangled photons know when their mate was touched? A photon (a virtual partical aka boson) is transmitted from Bob's to Alice's. <B>We're sending photons to get photons.</B>
    <P>
    Remember kids, you can all you want with crypto, but you can't break the lays of themodynamics. The artical says, "<I>...the key will be protected by the laws of physics</I>". And what are the laws of thermo, chop liver? :)
    <P>
    Well guess what, "<I>The laws of physics givith, and they takith away. In the end, the only protection we have is how little we understand hard problems like discrete logarithms and quantum machanics</I>" - JLC
  • ...humm...there are those who think once matter goes into a blackhole all information on it is lost. Since the black hole will only "give" out energy though Hawking radiation which slowly anialates the matter beyond the E.H. though matter anti-matter reactions spured on by a side effect of the uncertanty principle which says matter will appear out of no where and destroy itself quickly because it realized it shouldn't happend (paraphrased).

    But these are the same people who who think thermodynamics is flawed which would cause the universe to immediatly die and start up again with new laws for us to learn...Penrose, you silly braniac you! dd if=/dev/zero of=/dev/universe

  • I could well imagine big businesses that invest in quantum technology and then provide encryption services to anyone for a fee.

    The notion that this technology should be ceased because it will cause harm seems absurd to me.

  • i wonder....how long will it take for someone to write a 100 line long "quantum decription" perl script...?
  • As I thought I understood it, Quantum entanglement caused two photons to have the same spin. The spin of either photon before being measured is equally likely to be either up or down. If either photon is measured, it turns out the other photon has exactly the same spin. How is this useful in transporting a message? Could someone either explain what I'm missing, or what I've got wrong about entanglement? I mean, the entanglement only pertains to the observation of the particle, so observing one of them "causes" the other to have the same spin. It makes photon teleportation possible, sure, but one has to transport the spin of the first proton via normal communications means. So how does it work for communication?
  • Argh, this is probably dead by now.. but I'll try anyway.

    Are you saying that one can either measure whether a photon is \ or / OR whether it is - |, but not both? So, if you measure the \ / state, and get /, then the entangled photon will also be /, yes? But if you measure the - | state, you have no way of knowing what the \/ state was, yes? Am I getting this at all right?
  • Quantum scrambling of communication is cool, and indeed may provide an unbreakable code protocol, but the kind of unreserved exuberance in the article might be unwise.

    The essence of public/private key crypto (which is what we use today for key exchange) is the putative difficulty of prime-factoring a very large number. Our confidence in this sort of algorithm stems from centuries of direct investigation of this problem and corresponding centuries of failure to accomplish a solution in a reasonable time order. The problems involved in solving this problem is so well understood that mathematicians have even been able to generalize this problem to a class of seemingly unrelated problems in the NP set. I won't pretend I understand NP at all, but any discipline that can draw a parallel between prime factorization and problems like the traveling salesman is obviously deeply researched and well developed.

    "Quantum crypto" as the article calls it, is not based upon this sort of deep understanding. Far from it; instead, it is based upon our somewhat naiive observation that particles flip in unison "like magic" when they are quantum-associated. While certainly QM is also a complex field of study with just over a hundred years of development, I don't think anybody out there can make any kind of definitive statement or even guess about why quantum binding happens or how it works.

    Given this, how can we be confident in an algorithm founded upon what is basically our collective ignorance? Surely there is some kind of fundamental law or reason behind quantum binding, and when we come to understand it (string theory?), perhaps the "magic" of QM will suddenly seem kind of prosaic and even influenceable. There really is no way of knowing because even the most skilled practictioners of the science bicker about the exact cause and mechanism.

    Not to be a damper - I would love to see this system working - but we need to be honest about our ignorance and how it could hurt us in the long run.

    -konstant
    Yes! We are all individuals! I'm not!
  • It isn't an intrinsic property per. se., but it always exists (in the lingo, it is called decoherence). Entanglement is a state of two (or more) particles that have some correlation between them. However, since they are seperated, random environmental/thermal fluctuation affect each particle differenly, randomizing the relative phase between the particles and causing the pair to become useless.

    Photons only interact weakly with matter, so they tend to be pretty stable, but if you have entangled atoms, for instance, a slight difference in the local electric field can quickly destroy your carefully prepared state. This is the fundamental roadblock on the way to medium scale quantum computing -- QC involves entangled states of many many particles (~5000 to factor 1024 bit RSA, IIRC) over a relatively long period of time (a second or so). The larger a system, the harder to prevent decoherence, which is why every bit is a challenge.
  • Yeah, that is more or less how things work. generally, you use the key as a one time pad -- XOR it with your message. As long as you never reuse key bytes, you are fine. The evesdropper is checked for by using checksumming over the key data, rather than encoding a test message.
  • You can't really transfer information with entanglement (that I know of). In general, doing so would violate causality by transfering information faster than light. What you can do (and QC does) is exploit entanglement to agree on a set of (random) data that it is physically impossible for an eavesdropper to measure w/o disrupting it.

    This random data can be used as a OTP to send real information.
  • You can tell only whether there was an eavesdropper after you compare notes with the person on the other end -- using classical light-speed limited communication.

    Physically, the effect of the eavesdropper is to destroy the polarization correlation between the two photons. The way you determine this is if Alice and Bob compare checksums of their bits in some fashion. If they have the same results, nobody tampered with the data stream.
  • [in PDF format]

    http://babbage.sissa.it/pdf/quant-ph/0012026
  • The first time I read about this was in Ray Kurzweil's The Age of Spiritual Machines, which was published in 1999. Not a "new" idea.


    Kspett

  • Quantum communications has been around for a long time and the fact that you can detect whether you're being eavesdropped on over this medium has been known for a long time.

    The concept of sending a common secret over such a channel is not really all that bright though. Public key cryptography has been around long enough for even the most basic dabblings in the realm of secure communications over public channels should show you that no matter what you should never exchange a common secret in public -- it's moronic!

    Furthermore, with the known and predictable fact that quantum communications are altered when eavesdropped on, we can have a whole generation of people working not only to eavesdrop on something, but also purposefully altering the data, compromising the confidentiality of the data while also confusing the message.

  • It can be proved that quantum entanglement does not allow any communication. The closest classical analogue to entanglement is a shared random string, which we know is a key for the Vernam cipher. In fact, if two particles are perfectly entangled, and say the same (not exactly correct!) measurement is done on each of them then the results are correlated.
  • Quantum cryptography mainly involves distributing a key (random string) over a channel. What quantum mechanics guarantees is that if someone listens on this key exchange you know about it. Then you just discard that key and start again. So someone can jam your communication, but cannot get your secret key without your knowledge.

    After this key (random string) is with both parties, they can use XOR coding with this random string to send data over a plain classical channel as done in the Vernam Cipher that is provably secure.

    So quantum key distribution helps you ship the key across without having to be at the same place as the receiver. Then you use XOR coding.

    In addition to an uncertainity principle relating information gained versus disturbance imparted to a quantum state, these results rely on the no-cloning theorem of quantum mechanics which says that a quantum bit of information cannot be cloned or copied, otherwise man-in the middle attacks would not be ruled out.

  • Doing a man-in the middle attack would require
    some form of copying of the information. If you don't then you either get to keep it or send it but not both.

    Quantum bits cannot be cloned or copied without making the copies imperfect. So, if you
    try the man-in the middle attack, you either have
    to pass on the information intact with no copying
    (or sniffing) or you make an imperfect copy and disturb the original and that can be detected.
  • by crab ( 93441 )
    Bennett et. al. and Ekert et. al. proposed
    the idea of using entanglement for key distribution more than five years ago. It has many advantages over the other quantum scheme proposed by Bennett and Brassard in 1984/86 and its refinements, theoretically speaking, but implementing it experimentally is much harder since entanglement is involved. I think
    the point here is that Anton Zeilinger has an idea
    about how to generate entangled particles in real life more efficiently. This is not easy. Theorists can assume they have a perfectly entangled state and do all kinds of operations on them in their minds and notebooks but even the most simple of these are extremely hard to implement in practice!
  • On time pads are very secure and if used correctly, are very difficult to break.

    No, they are, literally, mathematically IMPOSSIBLE to break. If you use them correctly, like you said. :-)

    -----
    "Goose... Geese... Moose... MOOSE!?!?!"
  • If you've been in contact with someone, just give them a set of decryption keys for one-time pads. Then, for the last one, send another batch. For the encryption/decryption for each one, you could use a true random number generator (at least one company makes them (I don't have a link, but maybe someone could post one . . . ?), but they're expensive (in the $15,000+ range, IIRC)) and feed the output into a key generator. Then you've got something that would probably be as useful as quantum crypto, as long as it's only used once. Of course, I'm not a crypto expert, but maybe someone could give me some insight on this?
  • Hmmm. Rereading my post, I guess I forgot something. I was thinking more along the lines of file compression before encrypting the message with a one-time pad. Have each element have a possible range of 00-FF, and loop back when it reaches the end (for instance, after adding 5 to, say, FC, it would loop to 01 and vice versa). That way you could be able to gain bits in each transfer. Typing this gave me another idea, though. If there's room left at the end of the pads after the message is sent, one could include part of another pad, and then continue it through the next messages. If each of the pads is the same length, it wouldn't need a terminating sequence after the end of the pad. Just at the end of the compressed message.
  • Yes your right, well sort of.

    This could fall to the man-in-middle attack[1], but this can be avoid by using the conventional solutions to this attack, an interlock protocol[2] is one, signed public keys in a key public repository are another.

    [1]This attack, works by intercepting the key exchange between Alice to Bob and replacing them with new keys. The message is also intercepted decrypted using the private partner of the public key we sent to Alice or Bob , and re-encrypted using the public key sent by Alice or Bob. We have the text, and Alice and Bob have also successfully exchanged the message without noticing.

    [2]The interlock protocol (now this is complicated so read carefully) The key exchange occurs normally, assume 'the man' intercepts them. Alice and Bob now exchange alternate bits of the cipher text, in two parts. This is when 'the man' has a problem, he attempts to decrypt the first half, he fails, because he cannot decrypt half the message without the other half, he cannot receive the other half before he returns something. Therefore re-encrypt the true message is impossible, he has to simulate and forwards it. The second half is then exchanged, in order to ensure that his duplicity is not revealed, and his compromise is compromised. He would now need to generate the second half of the cipher text such that the total cipher text results in the same plain text. This is a computational problem of the same order of complexity as brute forcing the original key, it certainly cannot be performed during the normal latency of such a system.

  • Correct me if I'm wrong. I'm neither a physicist nor a computer scientist, but I have read about the stuff. First of all, the key is generated on both sides by reading a random string of photons. Quantum entanglement causes this to happen simultaneously at both ends. Because this stream of photons is truly random, the key is truly random, and there is no "Moore's law crack" possible. You can trivially generate a megabyte-long key if you want to. Good luck trying every combination. Then a test message is encrypted with that key and sent over ordinary communication channels. If the recipient is able to decrypt the test message with the key he received, then it follows that he has the correct key. Therefore, the key was not snooped, because Heisenberg says if the key was observed in transmission, it would have come out garbage at the other end. On the other hand, he might try his key and get garbage. Then he knows the key was snooped in transmission; he simply tells the sender there's a problem. Nothing has been compromised, the spy has only seen a test message. If his key is working, then the real data is encrypted with the key and sent, also over ordinary communication channels. It no longer matters if the link is being snooped, because the key has already been sent securely.
    --
  • Need random? LDA $D20A.

    (A little something for all the Atari 8-bit fans out there...)

  • Actually, XOR is very easy to implement, and when used correctly, extrememly secure. The security of XOR depends entirely on the key. The security of the key depends on two primary factors - the entropy, or "randomness" and the length of the key. Ideally, the key will be at least as long as, if not longer than, the plaintext to be encrypted. If you use a truly random key with a length greater than or equal to the plaintext, it is known as a one time pad.

    Any attempt to perform cryptoanalysis upon the encoded message is (assuming a proper implementation of XOR) an attack on the key. If the key is random, and as long as the plaintext, the attacker will eventually be able to decrypt the encrypted text. The attacker will, however, also end up with every possible alphanumeric string of the same length as your plaintext. The attacker has no idea if the plaintext contained a discussion of an exchange of nuclear weapons material or your mother's cheesecake recipe.
  • I was under the impression that once Quantum cryptography and computing became a reality, that conventional means would just fall to pieces....but all this looks like is a way to transmit binary data via photons...and then you're sure it wasn't observed cause it's not tampered with...that isn't really the best way that I can imagine to ensure eternal security and vigilance against the forces of evil..

    Sounds like security thru obsecurity to me, ("my password is asdfasdf, but we're secure because no one observed it being transmitted and no one observed our message...woo hoo!!!!" - oh, what's that? TEMPEST attacks?...never mind)

  • So ...
    Anybody know of any comercial uses of one time pads? Their use for military purposes is pretty well known.
  • Yes you are right.

    The very act of observing the photostream forces you to make a decsion on how the protons will be polarized -- as the Man in the Middle you don't know which protons you are interperting are correct until you get the entire message.

    For an excellnet description on this process I would recommend Simon Sings' book The Code Book. You can find it here [simonsingh.com].

  • One of the benifits of quantum crypto is the ability for easdroping to be detected.

    On time pads are very secure and if used correctly, are very difficult to break. The issue with one time pads is the distribution and mangement -- with quantum crypto you don't need this and it cuts down on overhead.

    In my opnion this overhead is the real reason why we do not see cypto adopted for business use on a wide scale -- can you imagine the same folks that need to get toner in the copier being responsible for the distribution of one time pads!

  • perhaps what was being referred to was the incentive that quantum computers would bring to bear by making trad. crypto obsolete, thereby requiring more resources to be put into R&D for quantum crypto?

    That's not how I read it, but even if that was what the original poster meant, I disagree. Current cryptography seems to work; no one is able to easily break it now, that we know of. But it isn't proven that there isn't a much easier way to factor numbers, even without a quantum computer. I think the motivation is already to pursue a perfectly* secure transmission method.

    * - as much as anything is perfect...there's still the matter of the people on both ends, etc.

  • I've never heard that before. Do you have a link to more info?

  • The more serious problem is that a prerequisite for quantum crypto is stronger quantum computers.

    Umm...no. The quantum cryptography this article talks about involves tricky arrangement of photons that makes it essentially impossible for transmissions to be intercepted. This does not require quantum computers at all.

    Please read the article next time.

  • which begs the question: is security a zero-sum game?

    Peace,
    Amit
    ICQ 77863057
    1. Find 128 radioactiveatoms and line them up.
    2. Wait for the half life of this element.
    3. Take a photo. (Roughly half should have decayed.)
    4. If an atom has decayes, write a 0 on the photo. If it has not decayed, write a 1.
    5. You should now have a 128 bit number, try and decrypt the cypher-text.

    Somewhere in the fifth dimension, a copy of you will have just won.

    Bill, wondering how long it would take to phone all these copies.

  • Ok, to paraphrase: two particles initially have some correlation (e.g. polarization.) Reading the polarization of one tells me something about the polarization of the other. Over time, random environmently interactions cause the correlation of the polarizations of the particles to be reduced. All this seems reasonable.

    I still have one question: how can I tell if an evesdropper has been looking at my particles? It seems to me that if I can tell, I can construct a Faster Than Light communications device as follows:

    1) I generate a stream of entangled particles.
    2) For each pair, I send one particle towards Alpha Centuri, and preserve the other particle in my local ring buffer.
    3) To transmit an FTL bit, I evesdrop on (observe ) a set of 7 year old particles in my local buffer.
    4) The receiver on Alpha Centuri instantly detects that evesdropping has taken place, and thus gets the FTL bit of info.

    Where did I go wrong?

  • I bet its still intelligible after a million rot13s...

  • What is to safeguard this from a "man in the middle" attack?

    The fact that there is no "middle" to be in, which is the whole benifit of the Quantum entanglement! The atom changes at the senders location, and the entangles atom at the receiver changes, but none in between do!

    Of course there is still the question of how to distribute the entangled atoms .....

  • you're right that this is a way to transmit binary data but it's binary data that will let you know if it has been viewed. When i send data over the internet there is no way for me to know that it arrived without being viewed (i can't detect a sniffer on some router). So it would be a bad idea for me to send you a key to decrypt the encrypted file i'm about to send.

    here's how quantum crypto is different. First, I transmit a key to you using polarized photons. we agree on a key of 1024 bytes but instead of just sending 1024 bytes i send you more than that -- perhaps 2048 bytes. Now you have 2048 bytes of info. to make sure that no one looked at them you send me 1024 of the bytes, insecurely, randomly selected and with info pertaining to each byte's placement in the 2048 key, for me to confirm. if i see that they are the same as what i sent the key was probably not intercepted. so i encrypt and transmit the message, insecurely, with the 1024 bytes that you did not transmit. And the transaction is complete.

    here's what makes quantum crypto secure: If the key you return to me contains bytes other than what i sent you then the photons have been observed by 3rd parties and we try again later. The reason this works is that if a 3rd party tries to observe the photons i sent, the polarity will change and therefore the value of the photon. that's what the heisenberg uncertainty principle will tell you -- that a photon's polarity will change after it has been observed.

    I've never seen it in print, but i assume that the 3rd party can not re-broadcast the correct value fast enough to avoid detection.

    back to work
  • well, you have to remember that ALL the 'laws' of physics work in special cases. If I'm moving at 20m/s and I throw a baseball at 20m/s, it's going to be going so darn near to 40 m/s that the error is negligible. (newtonian mechanics)

    now, if I'm going .9c and I throm a baseball at a speed of .9c(in the same direction I'm traveling, relative to me in my reference frame) it only ends up going .98c relative to somone in the frame that I'm traveling at .9c in. (relativistic mechanics)

    now, you're trying to apply a division of physics(thermodynamics) to an area where it doesn't entirerly apply. If you run back through all of your thermodynamic derivations, you make assumptions such as the number of mols of molecules is large enough to make the size of them negligible and the fact that you can ignore interactions between items in your set.

    In QM(quantum mechanics), you can't make those assumptions. Quantum mechanics is based around a set of assumptions that flaw thermodynamics.

    (IAAP - I am a physicist)
  • I'm not good enough with QM to tell you either way. I have only just started to deal with the idea of entangled anythings, I was helping the guy out with the understanding of how it can ignore thermodynamics.

  • By your definition, all of cryptography is "security by obscurity."
  • This technology is simply amazing. With the advent of quantum cryptography, highly sensitive messages can be sent across the air with almost no risk to the security of the content. This huge advancement in encryption, while a scientific marvel, could possibly pose a risk to national security, and restrictions need to be considered for it's use.

    Due to the highly sophisticated nature of this technology, the hardware required to transmit and receive messages using quantum encryption will be out of the price range for all but the largest governments and businesses. While the potential for increased privacy among all citizens exists, it's prohibitive cost will keep it out of most of our hands.

    For this reason, quantum encryption will do nothing to benefit the average privacy-conscious citizen, and at worst, will in fact decrease our level of security. If governments and corporations have the ability to send secret messages behind the backs of the populace, greed and corruption will become even more rampant than it already is, and the rights of the average citizen will be trampled for the sake of Big Brother. This is precisely why we need to take measures to prevent this technology from being fully developed, and to keep these encryption devices out of the hands of the world's superpowers. We've got nothing to gain and a lot to lose from this, and must take any necessary steps to prevent it from becoming a reality.

  • 'we should control Napster because it benefits only private users and not business'

    That's exactly the line i expect (& hear) from businesses. Corporations (& powerful organizations in general) are a different kind of entity from us humans. i'll advocate all kinds of restrictions and scrutiny for them because i bear little sympathy for their poor hearts & souls. i notice that they behave the same way towards us.
  • Actually, quantum entanglement is a very popular method that people suggest for communicating instantly. However, it doesn't work quite how you might think. Quantum measurements are random and two separated observers can't get any useful information from each other without correlating their results. This correlation has to be via non-quantum communication which is currently restricted, AFAWK, to lightspeed.
  • You can't get to the information in the entangled photons until you get the results of the measurements of your pal on the other end. You get those at lightspeed or slower. So, no FTL comm. Sorry.
  • perhaps what was being referred to was the incentive that quantum computers would bring to bear by making trad. crypto obsolete, thereby requiring more resources to be put into R&D for quantum crypto?
  • For quantum cryptography to work properly I suggest everyone close their eyes and/or avoid looking at any related apparatus.

    --
  • Well, FTL isn't really needed, even with this "global speedlimit" you can thereoriticaly fly from every point to every other point in this universe in every time you want. It is "no" problem to travel 20 million lightyears in a second. If you accelerate to some point slightly under the speed of the light, the distances will shorten in a way that you can reach that point that was 20 million lightyears away before you accelerated, without getting faster than the light.
    Well, the problem is that for your friends on the earth over 20 million years have passed when you reach your destination. FTL travel will get you nowhere, or to some complex space coordinates. All these stupid scifi authors that are writing that FTL travel will let you travel back in time.
  • Yeah, I think I've seen that episode of "Dr. Who?!" It's the one with the glowing cube that scrambles everyone's speech! Now we can all watch "Dr. Who?" without the nosy neighbors eavesdropping! hmmm... Maybe I missed the point...
  • Well, as an engineer and computer scientist I have to say... It looks great on paper, but it requires fiber-optics. That means it will probably never make it to the internet where, AFIK (or am concerned), strong cryptography matters the most...

    Also wouldn't this method be really susceptible to jamming? (No, I mean intentional interference, not reggae music!)

    Still, communication between humans will never be 100% secure until we can eliminate the social engineering factor as well as simple human spywork (think the Misssion:Impossible movie a few years ago... I believe it could happen.)

    OK. That's my $.03 What do you all think?
  • I simply don't agree that increasing someone else's security implicitly decreases ours. Perhaps I'm missing something, but don't governments and corporations already communicate in private, behind the backs of the populace? I'm no great judge of human nature, but I wonder if greed and corruption truly increases, or does our view of it simply become clearer as time goes by?

    One other thing: Here in the US we are probably the only country that has even the slimmest chance at stopping something like this... not that I think the people could, but think about something: If we do not develop it here, it WILL be developed elsewhere, and couldn't those other nations use it against US??

    ***Advocating the devil since 1979!***
  • You are not communicating at FTL. Ok, you create an entangled pair of particles, or very many pairs in this case. You ship one pair off to alpha centuri. Now when you read one of the particles, you know the value of the other particle. BUT since you can't force the value you get when you read you have not transmitted anything. You simply know the value of the particle that you sent 7 years ago to apha cenrui. To do anything useful with that you would have to send a signal to alpha centauri, which again would take 7 years. SO you have not communicated anything faster that the speed of light.

    Get it?
  • And programming them will be a breeze. Considering that quantum bits can't understand "IF.. THEN" and other basic program functions, the best one could expect is all possible permutations all at once.

    Sounds "real" useful to me too until it hits the packet router. Ah heck, who ever said all science has to have a payoff.
  • And the only problem will be if they have a quantum bit reader hanging off the transmittion line (because quantum events can affect nearby quantum events) similar to a radio wave receiver.

    Seriously, this is one of the problems of quantum-cryptography and was only mentioned about 2 years ago.
  • Quantum Encryptor [coder.com]

    (horizontally polarized)

    Edmund sells PBS's.
  • If two particles are entangled, they will instantly change state even if they are billions of miles apart. There is absolutely no way to intercept this form of communication because no signal is broadcast from source to receiver. What quantum nonlocality is really telling us is that space is an illusion. There exist only particles, their properties and their interactions. Everything else is either abstract or voodoo.

    Nasty Little Truth About Spacetime Physics [gte.net]

  • But for two particles to become entangled, they must be created or interact at the same point. They can then be moved great distances apart and they remain entangled. So no information can really be transmitted from A to B by means of making measurements on the particles. To do so would violate causality (i.e. you'd be transmitting information faster than light.

    Actually this is not correct. Nothing is being tranmitted. This is the hardest part of quantum entanglement to understand. As I said, what the whole thing means is that there is no space. The universe, as its name implies is ONE. Distance or space is an illusion that emerges from the intrinsic properties properties of particles.

    As Gottfried Leibniz once put it, "space is nothing but the nature of the order of things". Nature is nonlocal at its fundamental level. I envision that instant secure communication is just the least of the things we will accomplish with future technologies. We might even achive instant transportation and I don't mean "beaming" people around as in Star-Trek. I mean instant changes of position over great distances.

    Nasty Little Truth About Spacetime Physics [gte.net]

  • Actually, I believe that's exactly what I said. Information is NOT being transmitted faster than light.

    I agree but thought you meant that quantum entanglement is impossible because it would violate the c speed limit. My position is that it would not because there is no motion involved.

    Not true at all. Special relativity (and even more so, general relativity) suggest that spacetime is very real in that the relative positions of two events in spacetime alone can determine whether or not one can possibly affect the other. Gravity itself is a manifestation of the curvature of spacetime. So spacetime is as real as gravity.

    I disagree. Spacetime can be shown to be non-existent for a very simple reason: nothing can move in spacetime by definition. If we existed in a spacetime, we would not know it because nothing could move in it.

    In fact, as weird as quantum entanglement and the EPR paradoxes are, they do not allow for us to transmit any information faster than light. It appears to be a non-local phenomenon at first glance, but no matter how hard you try, you just can't figure out a way to transmit information faster than light. To do so would prove basic quantum mechanics to be incompatible with relativity, and they've already shown to be compatible.

    Nonlocality precludes the existence of space of spacetime. There is no magic in this thing. The spacetime of relativity is not real. It is an abstract math construct. Relativity is a macroscopic theory, a mere math trick or tool created for the prediction of the motion of bodies. It does not reveal any physical mechanism. As such it does not contradict nonlocality. It is only when one assumes the existence of spacetime as a physical entity that one runs into crackpot theory.

    Nasty Little Truth About Spacetime Physics [gte.net]

  • OK. So even the 'simple' 4-velocity dx/dt now looks like dx/dt = (c, dx/dt, dy/dt, dz/dt). Nothing's unitless - everything has dimensions of distance/time. Thus, we have already disproven the statement in the above link. So, we can stop here.

    You sir, are a babbling moron. c is measured in meters per second and does not represent speed in time but speed in a spatial dimension. Speed in a time diemsnion is silly because it would have to be given in second per second. Any high school kidd can grasp this. Just because one can mathematically convert the time axis from seconds to meters with the use of ct does not mean that one can move in time. Get a clue.

    Any physicist who does not understand that a time dimension forbids motion should have his degree taken away from him and his alma mater picketed for fraud.

    Nasty Little Truth About Spacetime Physics [gte.net]
  • This is a very weak interpretation of the EPR experiment: there is no reason to believe that "physics is fundamentally nonlocal" in the sense that you're talking about - especially when it comes to the interpretation that it will produce "instant" anything.

    The hardest part of quantum entanglement to understand is the fact that Nature is both fundamentally local and nonlocal at the same time. Yes. You heard me. That's exactly what I meant.


    Locality in my mind has to do with an extrinsic (to particles) space, i.e., extrinsic positions. Locality implies that, in order for an object to move from point a to point b, it must move through each and every position that comprises the distance between points a and b.

    This would always be true if one assumes there is a space. I have excellent reason to believe there isn't. If one assumes that the position of a particle is intimated related to the particle, like the position variable of a sprite is part of the sprite structure, then it becomes theoretically is possible to change it in one fell swoop without going the incremental route. IMO, this is what Bell's inequality is telling us.

    Interactions are local

    Certainly interactions are local but we must be define what we mean by that. To me, it only means that particles with equal positions may (or may not) interact. Size and distance are extremely problematical beasts because, once one makes size or space necessary, one is immediately faced with an insurmountable infinite regress problem. I abhor infinite regress.

    a particle at point B ten light years away from a particle at point A can only interact with an on-mass-shell particle intermediating the two. That is, for an electron which emits a photon which is reabsorbed by a particle ten light years away, the photon is on-shell - or VERY nearly on-shell: q^2 = 0. They can't exchange an off-mass-shell particle, because it would need to live too long. What does this mean? It means that space essentially determines the momentum scale of an interaction - i.e., interactions are fundamentally *local*.

    Well, you see, to me, the two electrons never interacted. That would be action at a distance and we all know that's nonsense. The emitted photons, OTOH, travel at c and interact locally with the electrons to produce the proper changes in momentum.

    Asking "where is an electron?" is nonsense. The concept of "where" doesn't exist quite as firmly for an electron as we think it does for us.

    This is a nonsensical interpretation. Just because one cannot measure the exact position of an electron does not reflect on the nature of positional properties but on the nature of measurement.

    You said it yourself. All that exists are particles and their interactions.

    ...and their properties. I doubt that you truly believe it though, because if you seriously work out the consequences of that statement, you'll find that it destroys many of your sacred cows.

    Particles don't provide the structure of spacetime - their interactions do. You can't have instantaneous changes in position because that would suddenly cause all the interactions that those particles were undergoing to become nonlocal.

    I disagree. It is true that a change in position is not instantaneous; it must be at least a minimum interval, the time it takes a particle traveling at c to cover Planck distance (as you see, I subscribe to a discrete universe). However, if position is truly an intrinsic property of particles (which it must be if only particles exist), it should be possible to devise an interaction such that this position is changed by a factor greater than Planck length.

    However, good luck actually predicting the dynamics of creating a wormhole.

    A wormhole is pure unmitigated crackpottery. Physicists should be ashamed to be talking about this crap. A wormhole is impossible because it requires the physical existence of spacetime. And, as we should all have figured out by now, spacetime cannot exist because nothing can move in it. It is motionless from the infinite past to the infinite future.

    Nasty Little Truth About Spacetime Physics [gte.net]

  • A few things jump to mind when considering the phenomena of entangled photons. For one, if you could find a way to get them apart (say, one in NYC and one in LA), and you touched the one in NYC, the one in LA would "instantly" reflect this change by assuming a known state, right?

    Wouldn't this be a faster-than-light means of communication? And as such, wouldn't it be impossible since it could conceivably create a time paradox, which (sorry Star Trek fans) can't happen?

    Something has to give. Either we can't seperate, move and store entangled photons without affecting their states (no matter what technology, now or in the future), or the effect isn't "instant". If the effect works at the speed of light, then it wouldn't create the paradox, though it wouldn't be as remarkable, either.

  • There isn't a working model.

    Trucking photons to their destination is something no one's figured out yet.

    A cube of gas is not something that is easily kept localized.

    Damian Conway is a freaking genius. If only he could attack the problem of the quantum computer.

    Dancin Santa
  • The article pointed to by the /. item contains a number of misunderstandings, the most misleading of which is the reference to FTL communication: In this way, it is possible to communicate at this instant without transmitting a thing.

    Believe me, she's wrong on this one. It's an easy mistake to make, but a mistake nonetheless. It's most easily explained if one says 'hidden variables' (the answers were there all along, and deciding what to measure doesn't change anything). Unfortunately this is statistically distinguishable from a genuinely non-local interpretation, and experiments clearly favour the nonlocal theories. Lots of very careful experiments show that we're stuck with a nonlocal theory in which it is still impossible to send information faster than the speed of light.

    Several Slashdotters have pounced on her statement. Sorry, guys. She got it wrong. I spent two years listening to seminars on Quantum Crypto, while studying third and fourth year Quantum Mechanics, and I did a project during my honours year on the Einstein Podolsky Rosen Paradox (and Bell's Inequality), which cover precisely this.

    I bet Zeilinger (the researcher) shuddered when he read the FEED article. My impression is that the article author failed to understand Quantum Cryptography, never mind understanding what the new theoretical advancement was. I know I couldn't tell from the article what the advance was; probably the device generating entangled photons, but that was only identified by a TLA.

    Quantum Cryptography is all about generating a One-Time-Pad key. It uses two channels; the Quantum one, where the eavesdropper can be detected, and the public one, where we don't care about eavesdroppers. (say an ssh connection? There's no sense advertising that you have something to hide. It can be broken, but nothing useful can be stolen.)

    Quantum cryptography uses four polarisation states of a photon. Electrons have spin. Photons have polarisation. (This can be circular polarisation, leading to some confusion. Other confusion can arise from the fact that Quantum discussions might use either. Quantum Crypto is invariably photons, however; electrons, being charged, interact with everything and so can't travel through matter (excepting superconductors) without losing their coherence.)

    Four polarisation states; usually described as - | \ / (horizontal, vertical, left, right), although left and right circular could be used. The crucial thing is that we have two orthogonal pairs, and if we make a measurement in one pair, we have no idea what the result of a measurement in the other pair is. Whatever it might have been - it isn't anymore. (The photon entanglement is gone for all subsequent measurements.)

    The two people on each end of the link choose randomly which signal to measure from their entangled photons, and compare notes over the insecure link. Alice might measure her photon in \/, and Bob might measure his photon in -|, and when (over the insecure channel) they compare measurement types, they'll ditch that information. When they use the same measurement type, they'll keep that information.

    They'll compare some of those measurements over the insecure channel to see if anyone's eavesdropping. They'll get a higher error rate if anyone is, and then they'll panic. Otherwise, they'll exploit some fancy error correction algorithms to eliminate the errors that do get through, without compromising their data. (This involves discarding at least half of it. They can agree on which half over the insecure channel without compromising things.)

    In the end, they have a one-time-pad. They use it once to transmit a secure message over an insecure channel. Then they start over.

    Sociological implications? I don't know. Except that the method is easy to misunderstand. And this doesn't solve every privacy problem there is; its strength is solely in the detection of eavesdroppers and the generation of One-Time-Pad keys.

    Rachel
    Nuclear Physics PhD Student

  • Slashdot is notorious for the 'freedom of technology' mindset. Yet what people REALLY mean is 'free technology for my benefit.' Technology comes at a price. You made the assertion that it will do nothing (at first) to benefit the average privacy-conscious citizen.

    By the same token it DOES benefit corporations and government, and for this reason it should be heavily controlled. If I was a large business leader making the assertion that 'we should control Napster because it benefits only private users and not business,' I would face the biggest flame fest of my life. How is your argument any different?

    I believe in the freedom of technology. I recognize that sometimes technology will not benefit me, but actually work against me. I also recognize that sometimes technology will benefit me, at the expense of someone else. This is the nature of things, and until you are ready to accept that I can not see how we can at once argue for freedom, while condeming freedom for someone else.

  • You can't leverage a small set of secret bits into a large number of secret bits over an insecure line (well... there was that recently suggested method of overwhelming any eavesdropper's storage capacity by sending mostly garbage data, but for most purposes that is even less practical than traditional secure key distribution). There is a class of encryption algorithms that work like this, using a fixed-size key and a carefully designed psuedorandom generator to generate pad data, but they can be broken with sufficient computation; they don't have theoretically perfect secrecy. At best, they are impractical to break, like any fixed-size key encryption.

    There is no way to skimp on OTP without breaking it.
    --
  • People are comparing this to traditional encryption methods, when it really has nothing to do with them.

    What we're really talking about here is not encryption, but a means of establishing a physically secure connection.

    By its nature, it will never be a way of communicating over the internet or any other network, though it may very well be used between nodes of a network. If any datum is merely physically read by any node, to be cached, routed or whatever, that is the end of the line for the security afforded by the quantum method.

    Incidentally, you need a shared secret to know that you're talking to the right person. Otherwise, it's subject to a man-in-the-middle attack. Furthermore, data from the shared secret is compromised every time a man-in-the-middle attack is foiled, leaving you with a fairly intact key-distribution problem. Also, natural noise is indistinguishable from eavesdropping.
    --
  • Namely, that there is only one hidden variable for spin and it is an actual direction. A more complex hidden variable scheme, in which there is no relationship between measures of spin at 0 degrees, spin at 90 degrees, and spin at 45 degrees is unaffected.

    Reading the spin at 0 degrees, and that at 45 degrees, they deduce the spin at 90 degrees, but is this deduction accurate? Only if spin is a simple matter of direction and magnitude. This is something untestable without quantum-entangled triplets at the least.
    --
  • The experiments have been done. For electrons the left polarizer is set at 45 degrees and the right one at zero degrees. A beam of, say, a billion electrons is measured to determine Number(right spin-up zero degrees, left spin-up 45 degrees). The polarizers are then set at 90 degrees/45 degrees, another billion electrons are measured, then the polarizers are set at 90 degrees/zero degrees for another billion electrons.

    It's even dumber than I thought. They're not inferring C from A and B. They're taking a sample of A1~B1, then a seperate sample of B2~C2, and yet another sample A3~C3, and combining these entirely seperate numbers to find that A1~B1 + B2~C2 >= A3~C3 doesn't match up. This isn't remotely the same thing as A1~B1 + B1~C1 >= A1~C1 not matching up.

    Ugh. Either this is just a terribly inaccurate explanation of the experiment, or someone needs to give these physicists a smack upside the head.

    Anyone else remember how for years biologists consistently miscounted the number of chromosomes?
    --
  • You forgot to mention the quantum-entanglement of a pair of dogs.

    They must be created as structured pure energy, which spontaneously splits into a dog and anti-dog in a box and anti-box with a radioactive sample and radioactive anti-sample; all with identical traits down to a quantum level, guaranteeing identical behavior.

    To keep them identical, they must be flash-frozen into "dogsicles" before delivery. However, the recipient must send back only whether he has checked that the dog is dead, or if it has thawed.

    This is one of the many pair of dogsicle traits of quantum mechanics.
    --
  • by Flying Headless Goku ( 411378 ) on Wednesday April 25, 2001 @02:22PM (#265370) Homepage
    Einstein hated the way people talk about this stuff, because he believed in the hidden variable explanation. This makes perfect sense without action at a distance if you imagine that the information exposed by reading was set at the time the particles became quantum entangled and carried by both particles all along.

    The common explanation (the one taught in universities) is that the data of quantum state is created (purely randomly) at the moment it is read. Hence spooky action at a distance when you read one entangled particle, because it creates the same data in its partner, no matter how far away. The Einstein/hidden variable explanation is that the data is read from hidden variables (which are changed by the reading, in chaotic ways we don't have a model of, and so can't predict, thus creating apparently random new settings for the variables); there's no spooky action at a distance because "quantum entanglement" simply means that they somehow have the same hidden variable settings.

    The justification for going with the spooky explanation is that it is "simpler" and thus preferable by Occam's Razor. To me, this is just bad philosophy, and a misunderstanding of the uses of Occam's Razor. For one thing, it throws out determinism, saying that not only are the reasons for things we can't predict hidden, but there are no reasons for them at all! For another, it tells people to stop looking for the hidden variables and the rules that create the apparently random values, because there are no hidden variables and quantum state is truly random.

    It's not a difference in actual predicted results, it's a difference in philosophy. Einstein preferred the theory which admitted its gaps over the one that pretends things don't exists whenever you can't see them.

    It's a common theme in his work: his theories suggest things beyond those fully predictable by his theories (such as black holes), thus spurring new research. If relativity was dominated by the same bad philosophy as quantum mechanics, it would claim that the interior (beyond the event horizon) of a black hole does not exist because we apparently can't observe it, just as it claims that the internal state of a quantum particle doesn't exist.

    Favoring a "complete theory" is pure hubris, and has contributed to the stagnation of quantum theory.

    Respect Einstein, give hidden variables a chance!
    --
  • IANAQP, but you've glossed over an important point: the hidden-variables theory and the spooky-action-at-a-distance theory are statistically distinguishable, and not just a point of philosophy. Here's a link to an introduction to Bell's Inequality [utoronto.ca], which is widely accepted as proof of spooky-action-at-a-distance theory.

  • by sllort ( 442574 ) on Wednesday April 25, 2001 @01:56PM (#265374) Homepage Journal
    "How is this useful in transporting a message? Could someone either explain what I'm missing"

    You're not missing anything, that was my first thought as well. The current analysis of "spooky action at a distance" implies that while there is a statistical correlation, it is insufficient for transmitting data. That fact is something sorely lacking from this Science, and I would like to have it addressed. Spooky interaction of electron spin is not sufficient for communicating a message, though it may be useful for verifying a message. What gives?

    Check out the heading "Putting Entangled Photons to Work" here [tripod.com] for more info. There's a lot missing in this quantum encryption proposal mentioned in the article...
  • by sllort ( 442574 ) on Wednesday April 25, 2001 @01:38PM (#265375) Homepage Journal
    Did you guys catch the really cool part about this proposal? Entangled photon pairs react in such a way that when the state of one photon is changed, the other is changed instantly. Therefore this is not just quantum encrypted communication, but quantum encrypted communication faster than the speed of light.

    If you want to read a to read a far less pseudo-science description of this phenomenon, may I suggest the unisci article [unisci.com]. There's a good article on the whole entanglement phenomenon at Daily Insight here [academicpress.com].

    p.s. "spooky action at a distance" was Einstein's phrase for it...
  • by iamklerck ( 445579 ) on Wednesday April 25, 2001 @01:21PM (#265377)
    First, I'd like to point out that quantum computation and quantum encryption are two almost completely separate concepts. Quantum encryption is based on the fact that quantum states cannot be measured without altering. The most common example is the polarization of a photon, but it will work for any quantum state, so long as there exist, effectively, two unique states that can transmit the data.

    Quantum computation, however, is much more complex and much more interesting. Quantum computers are based on the concept of quantum entanglement, the ability of a quantum state to exist in a superposition of all of its mutually exclusive states: It's a 1 and a 0. However, this is not as easy to use as one might think. While it's true that if you have n quantum logic gates you have the ability to input 2^n data values simultaneously (as opposed to only 1 piece of data if you have n digital logic gates), this is not going to be the end of classical computing for a few reasons. First, quantum computers have to be perfectly reversible. That means for every output there's an input and vice versa. And there has to be no way of knowing the initial states of the data. You don't process data, you process probabilities in a quantum computer; if you know exactly what any one value is throughout the computation, you can find out all of the values: the superposition ends and you're stuck with a useless chunk of machinery. This means YOU CAN ONLY GET ONE RESULT FROM ANY QUANTUM COMPUTATION, THE END RESULT. You can't see what the data in the middle is or the computer becomes useless. (Landauer's principle makes heat loss data loss. When your processor gets hot, it's losing data. If the same thing happened to a quantum computer, it wouldn't be quantum anymore.) Decoherence is what happens when you randomly lose data to the environment by design, not by choice, and the superposition ends. This is bad for Q.C. Oh, and quantum computers can only do *some* things faster, like prime factorization and discrete logarithms. Not multiplication or addition. Plus, the circuits that would do basic arithmetic would be bigger and slower than what you've currently got.

    So what does this all mean? It means that quantum computers are going to provide some advantages (real quick big number factorization), and some disadvantages (that whole RSA standard). The most realistic initial use of quantum computers will be as add-ons to existing super-computers to resolve certain types of NP-Complete headaches that regular math can't simplify yet. At best they will someday be an add-on to your PC; but they will never replace the digital computer.~

    If you want more info, check out http://www.qubit.org [qubit.org], it's got some decent tutorials.
  • Apart from the fact that this work is actually good work from a principal point of view, it appears to be actually useful. In order to explain why it is is useful, there are more than just a few words needed:

    Quantum Cryptogrpaphy, or maybe better Quantum Key Distribution (QKD), is already much more advanced than many people think: there are already groups working on devices that might become really small and cheap in a few years from now.

    These devices allow their users to establish a secure key, which might be used as a one-time pad. Secure means in this context, that any eavesdropping strategy allowed by the laws of physics can be detected, and, to some extend, corrected. The latter means that even tough an eavesdropper might have gained partial information on the key, Alice and Bob can amplify the security of that key by (essentially) discarding some of the key bits. This method also helps against the "noise-introduced-by-the-channel-cannot-be-disting uished-from-an-eavesdropper" - issue.

    However, all those devices for practical QKD have two problems: Absorbtion and decoherence. Both scale exponentially with the length of the quantum channel used. This is the reason why with current technology it is difficult to go to distances between Alice and Bob which are larger than, say, 100 km.

    In order to help against these difficulties (which prevent you from going to large distances in QKD), there are two solutions known (at least, to me): the first is of rather theoretical use: Quantum communication can be thought of as a (rather trivial) special case or quantum computation, and for quantum computation there are codes known (so-called concatenated codes) which allow you to to continue your quantum calculation with polynomial cost. This solution, while elegant from a theoretical point of view, has the disadvantage, that quantum communication becomes techically as difficult as fault-tolerant quantum computation.

    The second is the so-called quantum repeater (see http://xxx.uni-augsburg.de/abs/quant-ph/9808065 [uni-augsburg.de] and the references there in). The quantum repeater is based on entanglement purification and entanglement swapping. Now, the entanglement purification part has been thought to be the more difficult one, as it requires the so-called CNOT gate, which is really difficult to implement for qubits carried by photons. And exactly this part has (at least in theory) been solved by the Zeilinger-group.

    What does this mean? Well, it means that quantum communication scaleable to large distances (with ploynomial overhead) might become available in the not-so-far future. At least one of the obstacles on the way to this goal semms to have vanished.

According to the latest official figures, 43% of all statistics are totally worthless.

Working...