Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Encryption Security

Quantum Encryption Via Satellite 113

Jeff Scarpace writes: "The Economist is reporting that last week, at the International Conference on Quantum Information in Rochester, New York, physicists from the Los Alamos National Laboratories in New Mexico explained how to build a system that will broadcast uncrackable messages via satellite."
This discussion has been archived. No new comments can be posted.

Quantum Encryption Via Satellite

Comments Filter:
  • by Anonymous Coward
    The article correclty described how this sort of key exchange (it isn't really encryption, just a way to exchange keys "securely") is safe from exposure by an observer (the observer would alter the key stream by observing and thus would destroy those bits she ("Eve" in the article) intercepts).

    However, the method is still vulnerable to a complete Man-in-the-Middle attack where attacker (call him Malcolm) COMPLETELY intercepts the key stream from Alice to Bob, blocking transmission to Bob entirely. Malcolm negotiates with Alice until they both agree on a key using the same method described, Malcolm pretending all the time that he is really Bob. Malcolm then initiates a new photon key transmission to Bob, as if he were Alice, and negotiates a separate, completely different key, with Bob. Once the real encrypted data begins to flow, he intercepts it, decrypts it with the Alice-to-Malcolm key, then reencrypts it with the Malcolm-to-Bob key.

    There are ways to work around this, but they are all the domain of existing cryptography technology. So in reality, this "encryption" scheme, while using quantum physics to perform a key exchange/agreement, doesn't buy a lot that's new. Sure, it's a good idea, IF it can be made practical, and IF a complete protocol for use can be developed that avoids MITM attacks (and anything else this sort of key agreement/exchange system may turn out to be vulnerable to).

    Unfortunately, he article described the key exchange as uncrackable encryption. That was a naive mistake. The method of key agreement/exchange was just that, a way to agree upon a key securely (barring a MITM attack). Once the key has been exchanged using the described method, even if it is secure, the data to be sent/encrypted is still most likely encrypted using a standard, existing algorithm, as vulnerable or as strong as that existing algorithm is today.
  • The reason behind this is that distributing one time pads to everyone you may want to communicate with is not really feasable. If you can get a large amount of random bits to your compatriot securely, why not simply give him the message over that channel?

    One-time-pads must be just that, one time, because reuse of the keys makes them eaiser to crack. (Aparrently, this is how the NSA's VENONA intercepts worked.)

    Pgp is nice because it doesn't presume that a secure channel exists, and it allows a large amount of data to be exchanged without a high probabilty of decryption. (Unless the NSA knows something we don't.)

    BTW, if you're ever in the Washington DC area, visit the National Cryptologic Museum, just outside the NSA compound in Ft. Meade, MD. They have some really neat stuff there, including Enigma machines that people can just use.

  • Umn, no, no books. A couple of magazine articles, but nothing substantive.

    I came up into systems administration by way of helpdesk, so I learned a good knack for breaking down complicated issues into little two-sentence paragraphs, when documenting things for end-users.


    --
  • One-time pads are unbreakable if used correctly, yes.

    The problem is that since you use each one exactly once, each side has to have either the same list of pads or arrange a new pad for each message.

    If you have a list of pads, that's subject to theft/social engineering/other compromises ahead of time.

    If you arrange a pad for each message, you need to transmit the pad over a secure channel to avoid man-in-the-middle attacks. And if you have such a secure channel, you don't need one-time pads, you can just send the message itself securely. Note that this problem also applies to distributing lists of pads.

    [Note that the idea of creating a public-key secure channel to send a symmetric one-time-pad-style session key is how almost all 'public-key' systems actually work, for performance reasons.]

    Basically one time pads are perfect in very limited circumstances, but completely unusable for basic day-to-day end-to-end encryption.

    That's what public-key crypto is all about -- the ability to publish a key far and wide whose encryption can ONLY be read by a different key.

    --
  • Sure, you _could_ do that. Spread CD's out to your friends with a big monster one-time pad file on it, keep tabs on how much of the 700MB of randomness you've used, never reuse any of it, and then hand out a new CD when you get near the end.

    You can quickly run into a scalability nightmare, though. You can't use the same CD for multiple friends, and here's why. If you give the CD to two friends, and you send a message to person A using up bytes 100-200 of the OTP, somehow person B has to get the message not ever to use bytes 100-200, or else it's no longer a OTP, it's a repeat key subject to cryptanalysis.

    So, somehow friend B has to get the message not to use those bytes. You could cc B on the mail, or send out a separate notice that those bytes are used, but then you have a lagtime factor -- both you and A could be sending to B at the same time using the same byte range.

    The only solution to this, if you actually want to use your OTP's in a one-time fashion, is to have a separate OTP CD for _each_ relationship you have. With you, A, and B, that's two CD's per person, three total unique pairs. Add in C, and that's three CD's per person, six pairs. Add in D, that's 4 CD's per person, ten pairs. E, 5 per person, fifteen pairs. And on and on.

    That's the basic scaling nightmare of ANY symmetric key solution, whether it's OTP or simply static keys.

    The thing that makes public-key more secure is that you can encrypt your private key such that even if it WERE stolen. it has to be brute-forced open just like your mail would. With a symmetric key scheme, you can encrypt your key, but then you have to pass that key AND the decryption method around, meaning your local key is only as safe as the weakest link of your web of trust. With public-key, your local key is as safe as you, yourself are.

    Sense? Your idea COULD work, but you're basically reinventing the wheel and inheriting a lot of the problems that were ameliorated (not solved, mind you...) with the rise of cheap and easy public-key schemes.


    --
  • I was about to agree with you, but I think I figured out what's really going on with this that the article doesn't explain. It suggests using a public key encryption technology to exchange the message containing the start point, which seems to make it insecure (since the article had previously stated no public key system to date is provably secure).

    But it's also relying on a random bitstream with VAST bandwidth (10 million million "numbers" per second is 100 Terabits/sec if a "number" is a byte, right?), the idea being that whatever stream you use has to be signifigantly beyond anyone's ability to record it. Since no one can record it, the public key exchange only has to be secure for as long as it takes to get to the start point, which should be somewhere between right away and far enough down the line that no one can save that much data. If you can increase the bandwidth of the bitstream, you can shorten that time, otherwise you just wait longer.

    But if the bandwidth is too low, then your public key exchange may be cracked before the start of the bitstream is hit, so it really does need to be huge.

    So, the requirements are actually that you have a communications channel that can't be cracked in the amount of time it takes to transmit the bits for the key, and that you're transmitting enough bits in that time that no one can save them.

    It's a neat idea... but wake me up when I can get 100 Terabits/sec into my house.
  • It's a neat idea... but wake me up when I can get 100 Terabits/sec into my house.

    Actually, strike that. It doesn't really require 100 Terabits/sec of network capacity, it just needs a hardware device that can take random data (which both parties receive) at that rate and pluck a key out at a specified time. Quite possibly from a satellite, but any kind of broadcast will do. That's probably feasible in some form, but still not easy.

  • by Gray ( 5042 )
    Get a big box into orbit and host the evilest copyright violatingest server ever.. Yum.
  • Actually, I was being sort of facetious when I posted that, but to take your points on...

    ...you're right that it would necessitate replacing all the decoder equipment on the receiving end. As well, all the head-end transmission stuff would have to be modified. But I don't think the sats themselves would need much modification. After all, they're basically just orbiting transceivers - they grab the digital signal that comes to them from below, and just broadcast it right back - any digital stream will do, as long as it fits the transmission protocol, and I'd be surprised if they really couldn't tweak that from the ground.

    Of course there's always the usual hardware hacks...

    Granted, and of course, you're right that that's how it's done nowadays - to my knowledge, nobody's cracked the regular old public-key crypto they use now. So attacks uniformly consist of avoiding the triple-locked front door and looking for less-secure back doors. And that'd be how you'd attack it in the future, regardless of whatever super-duper encryption is used.
  • by general_re ( 8883 ) on Friday June 29, 2001 @12:17PM (#118899) Homepage
    But what is the practical usefulness of this outside of the military?

    It'll be the end of the DirecTV pirates, anyway.
  • So, how do you broadcast a single photon everywhere? That's the key. If you send the message everywhere, you are obviously not sending single photons. If you can send a single photon reliably from point a to point b, you have figured out how to make sure it doesn't get lost in between.

    No, I'm not a reading major (which I don't think exists). But my english comprehension is pretty good, which is why I don't think this story makes sense.
  • You are forgetting, the quantum key exchange is based on sending single photons! If alice sends a photon to bob, eve can't see it in her telescope. Why? Because the photon went to bob's telescope, not eve's!

    If you send lots of photons for each bit, so that multiple copies of each photon are available to both bob and eve, then eve can crack the key! Eve can just receive multiple copies of the photon, and perform all three polarization tests which bob might perform, and the whole thing falls apart.

    Remember, quantum crypto is based on sending single photons. That's why it works. Alice measures a photon and then sends that exact same photon to bob. Not a copy. Not a hundred copies. Certainly not enough that anybody with a telescope for five miles can see it! One photon.
  • by BeBoxer ( 14448 ) on Friday June 29, 2001 @01:21PM (#118902)
    In the fiber-optic version of quantum crypto, each key bit is obtained from alice creating a single photon, measuring it, and sending it to bob to measure. Although I'm sure it's quite tricky, it's not hard to imagine putting a single photon into a fiber, and being able to detect that single photon at the other end.

    But how the hell are you supposed to do this via a satellite? I find it simply incomprehensible that a single photon could be successfully bounced off of a satellite and detected when it hit the Earth. Or even successfully shot between two points on the Earth. And if you can manage to send single photons between two points, why not just send plaintext? Sure, someone might tap a fiber without your knowledge. But "tapping" open space without anyone noticing?

    Hmmm, boss, there seems to be a van with dark windows parked between alice and bob. Maybe we should stop transmitting? Dont' get me wrong, quantum crypt is neat stuff. And I definitely think it has applications. But not for sending messages thru open space. By the time you have solved the engineering problem of sending single photons reliably over long distances outside, the crypto is meaningless. If you want to see if any one is listening, just look. If your enemies figure out how to make their eavesdropping equipment invisible, you have bigger problems to deal with!
  • There are of course a variety of uses for this technology, and not a single one of them has anything to do with desktops or standard servers.

    Many of those applications do not involve networked hardware. Perhaps, systems for transmitting nuclear launch codes. Or discussing troop movements.
    --
  • The whole premise of quantum encryption is that each photon is vital to the message. Saying a satellite system 'broadcasts' quantum crypto is nonsensical, as you could have multiple receivers, one of which assesses the 'polarity bit' and another that gets the 'info bit' which would render the encryption useless.

    Quantum Crypto, such as it is in current theory, is purely a single point to single point system. Not to say that you can't use a satellite, but the language used to describe it needs to be chosen more carefully.

    Kevin Fox
    --
  • does optic fibre use repeaters on long hauls? if so, no, you couldn't use this to check if someone had spliced that cable.
  • Just a nitpick: DES doesn't rely on any assumptions about primes at all. It assumes that no information about a key can be gathered from the ciphertext, or plaintext-ciphertexts pairs etc. (and this assumption is not always valid, BTW), and that the key is necessary to decode the message.

    You probably mean RSA et al. (ie. public key encryption), which also doesn't rely on the assumption that primes are hard to find (because, in fact, they aren't), but rather that composites of two large primes are difficult to factor, or that discrete logorithms in a modular field are hard to invert.

    And yes, I assume that now someone will nitpick this message.
  • Wrong idea. Assuming that they have successfully put a black box on the bottom of the ocean to intercept trans-Atlantic fiber signals, they are most definately not actually 'splicing' into the fiber, nor are they re-transmitting anything. The interception is an entirely passive system.

    All you have to do is bend a piece of fiber slightly - just enough to slightly alter the reflection properties of the cladding. A small percentage of the light will be refracted out of the glass, allowing whomever to intercept it and read the signals.

    The only thing that the receiving end will notice is a slight increase in the dB loss. They may notice if they've already established a baseline, but in a trans-oceanic fiber, there are too many things that can degrade the capability of a fiber. A few extra dB loss wouldn't be a worry.

    JJ
  • http://www.4thestate.co.uk/cipherchallenge/ [4thestate.co.uk]

    The book has a good summary of Quantum Encryption, among other goodies.

  • Why? if the satellite intercepts the message it will inadvertently change it. It could block the message but that just means Alice and Bob need to use a new satellite. The only way that the satellite could compromise them is if it decodes the "ok" bits the same way that both Alice and Bob do. To do that, from what I understand, you need to roll three 3-sided dice and all get the same answer. that is a 1/3 chance per correct bit (for Eve) raised to the number of correct bits. so for 10 correct measurements Eve has a 1 / 59049 chance.

    As long as everything is truly random.

  • This isn't new. The idea has been around awhile. It would have been nice if the author had talked about recent developments.
  • 2) We already have "pretty good privacy". It's not the best, but it is sufficient and now we need to work on the next big step: securing both ends.
    Sufficient for what? And for how long? Yes, I'd trust my credit card number or my love letters to PGP/GPG. But espionage data? Military orders? Nuclear missle lauch codes? No way.

    Tom Swiss | the infamous tms | http://www.infamous.net/

  • You use a satellite with a mirror on it. The only problem is the atmosphere degrades the signal which means that you have to sacrifice some security for error correction. This isn't a problem unless your opponent owns the satellite and has extremely sophisticated technology.
  • Well, ok, the Subject has nothing to do with what I'm about to say... but I must say... I do feel for the rabbit.

    As CmdrTaco always says, if they put it in our hands, someone will find a way to open it up. The same technology used to create the cryptography will be used to tear it down.

    Luckily, human error is in our favor, and not of those wishing to keep the data hidden. It takes but one oversight to bring an entire empire down.

    So the numbers get larger, the data gets crazy and all the slide rules in the world can't help you now. Its like those damn kids won't let us have the cereal. Who are they? What is just one bowl for one rabbit...

    Of course, before ou know it, many rabbits are getting many bowls and the cereal factory closes down. So they would want us to believe! The truth is, many rabbits simply choose to purchase their own box of cereal... it is much simpler then fighting 3 or 4 of those brats on a dailey basis.

    So in the end... those who want cereal will get it one way or another... eventually the majority will move onto something better like carrots and coffee.
  • Oh yeah,

    I didn't want to say Trix(tm), I might infringe on someone's intellectual property rights and before I know it, three lawyers show up on my door with a baseball bat and a court summons.
  • Quantum encryption and quantum computing will definitely not arrive at the same time.

    It's (relatively) easy to send photons in a certain quantum state, which will then be decoded.

    It's really freaking hard to get those quantum states to do computations for you. Note that the biggest quantum calculation they've done to date, last I knew, was 4 bits.

    Just because they're both "quantum" doesn't mean that the technologies are related.
    --

  • by joq ( 63625 ) on Friday June 29, 2001 @02:01PM (#118916) Homepage Journal

    The coding starts with a continuously generated string of random numbers, say from a satellite put up to broadcast them or from some other source. The numbers can be coming by at an enormous speed - 10 million million per second, for example.

    The sender of a message and its recipient agree to start plucking a sequence of numbers from that string. They may agree, for example, to send a message, encoded with any of today's publicly available encryption systems saying "start" and giving instructions on capturing certain of the random numbers. As they capture the numbers, the sender uses them to encode a message, and the recipient uses the numbers to decode it.

    An eavesdropper can know the mathematical formula used to encode and decode, but without knowing the exact sequence of random numbers that were used in the formula to send a particular message, the eavesdropper cannot decode the message. And the only way to have that sequence is to just happen to be storing numbers from the unending stream at exactly the right moment.
    [http://cryptome.org/key-poof.htm [cryptome.org]]

    It's 100% unbreakable and available without any high tech satellites.
  • by Doctor K ( 79640 ) on Saturday June 30, 2001 @10:16AM (#118917) Homepage
    So, how do you broadcast a single photon everywhere? That's the key. If you send the message everywhere, you are obviously not sending single photons. If you can send a single photon reliably from point a to point b, you have figured out how to make sure it doesn't get lost in between.

    Though it is too late for this response to make any difference, I'll waste my breath.

    Quantum mechanically, a photon is an eigenmode of Maxwell's equations for the system under consideration. A photon is commonly thought of as a localized particle of light. It is not. It is most analogous to a wave (a plane wave is an eigenmode of free space; in a complicated system, the eigenmodes are less straightforeward).

    A photon is not localized. A superposition of photons may be localized. Such a superposition is best called a wave packet; it is not strictly a photon though.

    Confusion over this is why very few people can actually make sense of quantum mechanics, especially if explained without mathematics (all that non-sensical jibber-jabber about wave-particle duality with bad philosophy thrown in for good measure).

    At no point in any quantum mechanical formalism I've seen (Hamiltonian-based, Lagrangian-based, Heisenberg matrix mechanics, Schrodinger wave mechanics, Feynman path integrals, relativistic field theory, ... ) are particles fundamental.(Bohmian quantum mechanics is a quasi-exception.)

    Quantum mechanics is about waves (or more precisely eigenmodes of the Hamiltonian). Superpositions of waves makes particle-like excitations.

    So, you can send a single photon everywhere. For a quick example, think of the two slit experiment. It still works when the photons pass through the system one at a time (this has been experiementally demonstrated). Thus, one photon passes through both slits and interferes with itself on the other side.

    If photons were localized, as you seem to think, the two slit experiement would fail.

    However, producing a single photon is not simple. Devices like lasers will produce a spectrum of photons with a certain narrow energy spread and a certain narrow angular spread. Such superposition of photons will be localized in space and are what people often call photons or particles of light. The probability of detecting such a wave packet in two widely separated places is negligible.

    However, other devices (like say an antenna) produce wave packets which are not localized.

    And in response to another post:

    The reason that quantam[sic] encryption isn't used everywehere, is that it's so darn hard to detect the spin of single photons.

    Detecting the spin a stream of photons is much easier than you think. Photon spin and photon polarization are closely related (photon spin is a different set of basis vectors to express photon polarization). Detecting photon polarization is trivial (sunglasses anyone?). Detecting a single photon's polarization with a bit error rate low enough to be usable over long distances is more challenging but not impossible (especially if you are just doing key exchange).

    Yes, I have a Ph.D. and quantum electronics is my day job.

    Kevin
  • I stand corrected, and thanks for fixing the link.
  • by fuzzyjk ( 84369 ) on Friday June 29, 2001 @12:31PM (#118919)
    Take a look at <A href="http://www.counterpane.com/crypto-gram-0103. html#6">the March Crypto-Gram</A>, where Bruce Schneier comments on the practicality of this.
  • if Eve not only controls all the communication of Alice to Bob, but from Bob back to Alice. So you still have the problem of authenticating Alice & Bob to each other.

    If you've got an authenticated channel between Bob & Alice though (not necessarily encrypted, just authenticated), then this sounds pretty cool.
  • It'll be the end of the DirecTV pirates, anyway.

    Highly doubtful. First, you would have to replace every cable box and dish to handle getting the qbits (I'm assuming that normal cable dishs cannot handle doing this, which seems highly likely). Not to mention launching new sattelites, which would be even more expensive (especially because then you esentially throw away your investment in the previous generation of sats).

    Secondly, you would need some 'normal' hardware to actually encrypt the video stream once you've exchanged a key. People have had great sucess breaking this stuff in (IIRC) Europe. Good tamper-resistant hardware is hard to do, and expensive to boot. Also, even if the key exchange itself is unspoofable and untappable, you can always try to get the key out of the normal silocon that it's stored in afterwards.

    Of course there's always the usual hardware hacks, like pulling the video/audio after it's decoded directly from the chips into some specialized hardware which then dumps it into a PC. Messy and hard to do, but possible.

    Quantum Cryptography is nice, and certainly very interesting, but rarely are social problems solved by technological means alone. The DirecTV guys, and others, might have to works a little harder, but it seems highly unlikey that DirecTV, or whatever, would become un-copyable. I say this because nobody has ever managed to make anything uncopyable (and semi-usable at the same time), despite any number of grand claims to the contrary.

  • The communication pretty much has to travel between the same 2 parties as the key generation. If not, the system requires that the agreed-upon key be sent elsewhere to be used by other parties, and this transmission must be completely secure otherwise the whole point of quantum key generation is lost.

  • The system you point out, and everything you say is totally correct. The problem with your system is: How is Joe Blow, a home computer user who wants to buy a electronic cat from amazon.com, supposed to get a perfectly secret "keydisk" for communication with amazon.com. Both sides have to know the key, and nobody else can. He can ask for one in the mail, but how does he know that the CD he receives was sent by amazon and not by the credit card theif next door?

    With PGP, however, the public key can be known by everybody, and it's all that Joe Blow needs to know to communicate securely with amazon.com. Furthermore, public keys can be endoresed by trused corporations - "CA's" - in such a way that Joe Blow knows definitively that the amazon.com public key he has it truly genuine.

  • The Economist may not be a technical journal, but it generally has much better technical articles than the "hand-waving" of Time, CNN, etc, and is just as good as quick fast-food crap "techie" news like wired and slashdot.
  • Mod that back down again. That link (after you repair it) is to something completely different that has nothing to do with quantum encryption (though it does involved encryption and satellites). Follow the link, read it for yourself.
    --
  • Why do you need a 0% error rate? Read some basic information theory eg. do a web search on Shannon, Information. Any channel, no matter how noisy (assuming independence of the noise - valid in this case), can be converted to a channel with error rate approaching any rate you so desire by suitable use of error correcting codes.
    --
  • You're clever knowing the names of all those famous scientists. It's also very astute of you to observe that the universe is still here. Do you, mayhap, have a contribution to the subject of quantum encryption?
    --
  • by SIGFPE ( 97527 ) on Friday June 29, 2001 @01:11PM (#118928) Homepage
    There is a basic result in quantum mechanics called the "No Clone Theorem". It says that there is no device that can be guaranteed duplicate the quantum state of a physical system - even a simple one like the spin of a single electron. (Naively you can think of the problem as being that attempting to clone the state involves interfering with it and hence you risk modifying it - but it goes deeper than that.) The "No Clone Theorem" follows almost trivially from the basic axioms of Quantum Mechanics so that if this is violated then we have a major physics paradigm shift on our hands. Quantum encryption merely exploits the No Clone Theorem.
    --
  • by SIGFPE ( 97527 ) on Friday June 29, 2001 @01:16PM (#118929) Homepage
    Doing it with a laser over 10km of desert is new. If you can do that then doing it with a satellite seems within reach. So this is fairly significant work.
    --
  • Not to state the obvious, but doesn't the article state that the key is discarded. Why keep the key when you can create a new one just as easily? Or does your point have more to do with keeping the key secure while being used?
  • Meow. As the article states, and as I recall, interception of the stream alters the photons... that nasty Uncertainty Principle again. Any bucket brigade attack is detectable per the laws of physics. It's devious. The stream is irreproducible.

    The cat may be alive or it may be dead, but god does that box stink.

  • This means in order to be secure the message need to be beamed directly from the source to the receiver.

    Ok. So it's fine to authenticate the source of the transmission, assuming that you only care about the last machine to touch the transmission, but when the transmission passes through multiple machines you can't prove the original source from the data received at the destination. All you can do is hope all the previous connections are trustworthy.

    Now how many people here work with a technology that has NO store and forward capability?

  • Is this not still vulnerable to a man in the middle attack? Eve could intercept the steam from Alice and send a new string to Bob. Then Eve could have access to the information from Alice and re-encrypt it to Bob.
  • If Eve can't intercept the stream and recreate it verbatim back to Bob, then what kind of technology will this satelite have that can violate the laws of physics?
  • I think you might have missed my point. If Alice is sending to Bob and this "send" is via satelite, then the same hold's true. The satelite needs to know which measurements to make as well, to be able to send them to Bob. It seems this would only work where Alice and Bob can send directly to each other. Now if Alice is a satelite already and Bob is, lets say, a DSS reciever, then i could see how this could be useful, otherwise its really two seperate channels, one from Alice to the satelite and one from Bob to the satelite. This requires Alice and Bob to trust the satelite, which to me, makes this damn near worthless. Still, it is cool none the less.
  • I believe the main problem is that, if anything can be assumed about the type of message transmitted, you've greatly increased your chances of decrypting the message.

    In your example, You've used all printable ascii in the message and even started the sentence with a capital letter. Again, it gives me something to work with. In a nutshell, you're demonstrating the weakness in SSH and how others have shown that it can be cracked, given enough effort -- and who's to say that a computer won't be capable of performing that decryption 10 years from now?

    So, in a nutshell, you've definitely demonstrated a solution -- it's just not a perfect solution.

  • It was previously posted as a reply to another article about why this can or can not work. In a nutshell, it's extremely difficult to splice into a fiber optic cable, and even if you do manage to do it you'll likely create a very small "echo" in the cable that either of the original endpoints would be capable of detecting.
  • The 'tiny echo' refered to is as strong of an echo as any other fiber-optic splice would cause. In other words, it would possibly be traceable, but it qualifies as essentially untraceable for our purposes. You would need to have a deticated piece of equipment monitoring all line anonymolies, and you would need to investigate each of the anonymolies. A person would be better off simply tracing the path of the fiber optic cable once a month to ensure no extra lines have been added on. On the other hand, there is no reason to worry about being tapped, just send your data through an encrypted tunnel and it doesn't matter if they can listen in or not.

    ---=-=-=-=-=-=---

  • That one was based on one time pads, and has a flaw in that it assumes that no one can store all the information, and that no one can intercept the timing information.

    This one is based on quantum cryptography, although there's no information in the article as to specifics on how they intend to transmit discrete quanta over satellites.

  • If you use this system to exchange one-time pads, then no brute-force attack can be successful on the ciphertext.
  • by fetta ( 141344 ) on Friday June 29, 2001 @12:13PM (#118941)
    Sounds pretty slick, but wouldn't it still be vulnerable if "bob" or "alice" (from the example in the story) left their computer (or other communication device) where other people had access to it?
  • If Eve can't intercept the stream and recreate it verbatim back to Bob, then what kind of technology will this satelite have that can violate the laws of physics?

    The satellite doesn't break the laws of physics; it doesn't make any measurements, so it doesn't have to recreate the stream of photons.

  • The reason that quantam encryption isn't used everywehere, is that it's so darn hard to detect the spin of single photons. I think it's extremley unlikley that they have figured out how to discern the spin of a stream of photons, over 10 kilomiters, with a 0% error rate (otherwise you've got a bad encryption key) when it can barely be done over inches.

    Did you read the article? The Los Alamos people are doing an experiment to attempt to do this. They don't know how to do it yet. That's why it's called an experiment.

  • So, the trouble is,
    Although a pgp key is unbreakable byt brute force means, anyone can sniff the key to decrypt the messages after the key exchange
    Although you can sniff a key during the exchange, it's not that easy for everybody, so not anyone can break a pgp encrypted message
    But, thanks to Quantum encryption, we can be assured the key exchanged was not sniffed, and then safely use a simple channel to echanged encrypted messages
    But, thanks to Quantum computers, this very same key will be cracked in no time, without need to ever sniff it, thus making the cracking technology easier to anyone (with access to a Quantum computer)
    It's amazing how quantum technology adresses all needs in crypto...
  • besides,
    the idea of this cryptothing is not so much to encrypt things in a way that only a few person will be able to decrypt it, but to detect when somebody else is listening...
    it is not a copy protection or an encryption scheme that is offered here (despite the misleading introduction), but a garantee of privacy. you have a conversation with a remote host, and you are garanteed noone else heard what was said. now if someone could hear it, well too bad.. maybe he will be able to decrypt what you said. the facct is, you will be aware of it. So, then about the encryption stuff.. it's about the same problem it was before.. the new thing is just that when you send your dynamic key to the host, you can be sure only it have the key you sent, if you are warned "somebody was listening". you can change the key and again and again until the key is exchanged without anybody else listening.
    so you could very easily dos it :)
    (just by listening all the time)
    Anyway, you don't have a better brute force cracking protection than before, you are just making sure that brute force cracking is the only way they can get the key...
    Also, to get (just) sure of that is so hard and painful I don't think it will be aplicable yet to point->many points (Direct TV) Anyway... it's possible I just didn't understand the whole process (very possible)
  • I was talking about burning an otp file to a cd, and then having the ability (in the message) not to reuse the portions of the CD, not to send the file over the net.
    Then win2k shit, and I started over.. must of left that out.
    I think that the OTP file would be just as vunerable as your private key, because, after all, it is stored on your computer, that's subject to theft/social engineering.

    But for people who you can trust (friends) - and are competent, do you think this method would work?
    I'm writing a program that does, and just wondering about how good something like this would be.

    The slashdot 2 minute between postings limit:
    Pissing off coffee drinking /.'ers since Spring 2001.

  • by loraksus ( 171574 ) on Friday June 29, 2001 @01:35PM (#118947) Homepage
    I'm kind of new to encryption, so if somebody could give me some more info, and answer me this question, that would be cool. Sorry, this is kind of off topic, but why is PGP used everywhere, and not just XOR'ed messages.
    I'm not talking about simple XOR, where every character is changed by a single amount (which can be solved by running a loop 256 times), but one where each character is modified by a different value, based on a "one time pad" file.

    i.e.
    Bob, lets kill Joe tonight (message)
    a4g6uk98hgdwegfh6532d7ih44 (key, also includes high ascii values which are not here because of the lameness filter)
    gregjlghrtg095gjr234fsasdf (result, also high ascii)

    I'm assuming, that without the key (or a way to duplicate it), that the message would be "unbreakable", because without knowing the key, there is no real way to decrypt the message - Sure, you can try every possible combination, and even filter out results that don't make sense (or aren't in a dictionary), but there are still thousands of
    a four letter word could be
    "four"
    "kill"
    "hell"
    "fuck"
    "HTML"
    "idea"
    "hack"
    "shit"
    "book"
    "unix"
    "1337"
    "them"
    "blow"
    " bob"
    "b ob"
    "bob "
    etc...

    It would seem that the same restrictions apply
    PGP users have to keep their private key safe, just as users of this method would have to keep their "key disk" safe.

    I belive PGP can be broken with enough time / effort, as could this method, but I belive that there would be a shitload more garbage for people to sort through using this method. Besides, I'm sure that the NSA has some way of reading PGP / whatever encrypted messages already. Seriously, the stealth bomber was designed in 1970, and although it's not the "best of the best", it is still considered an acheivement today, they have some pretty nifty shit somewhere.

    The advantages I see to encryption like this are:

    - Keydisks can be physically destroyed quickly. Stuff on HDD's tend to stay there, you smash a CD, it breaks into several hundred pieces, tends not to be put back together.

    - A message could be one of thousands of the possibilities, and without the key, it would be unknown which one was actually correct. I'm sure you'll get some great works of literature (i.e. monkeys writing shakespeare) popping out.

    - With some additional ambiguity, such as codenames, possible translations of the message, padding the message with garbage values, a constant message size, bad spelling, personally giving the disk to the receipient (business card CD's would be perfect for this, although the 8cm ones look a lot cooler for this), etc.... it would seem that this system would be VERY secure.

    Of course, there would be no way to prove that you didn't write "bob, lets kill the president tomorow" without handing over the key.

    If anyone can help me out / unconfuse me, it would be great... Suggesting some good sources would be great too.
    Thanks.

    The slashdot 2 minute between postings limit:
    Pissing off coffee drinking /.'ers since Spring 2001.

  • The article does not discusss quantum encryption via satellite. The quantum encryption is via laser at surface level in the desert.

    The encryption via satellite that they mention is just the Zong-Rabin hyperencryption system [harvard.edu] and has nothing to do with quantum encryption. It's just the streaming one-time-pad with the assumption that no one can store the bit stream for long enough to retrospectively break an arbitrary message.

  • of that obviously didn't know a thing about what he was writing about, in fact, why he pinned this to Los Alamos scientists is beyond me, a discussion of this occurs in most undergraduate QM classes.
  • by TrumpetPower! ( 190615 ) <ben@trumpetpower.com> on Friday June 29, 2001 @12:19PM (#118950) Homepage

    The communication doesn't have to travel via satellite. The satellite is just used to exchange keys.

    Or, in other words, this solves the same problem as RSA and D-H key exchange techniques. Once both sides have agreed on keys, you could use carrier pigeons for the actual excrypted data transmission.

    b&

  • That's all nice and good, but Quantum encryption will not be needed until someone finds a way to factor quickly (thus rendering public key encryption useless). In case no one has noticed, that ain't gonna happen too soon. Quantum encryption will arrive with quantum computers, quantum computers will also make every form of encryption useless (besides quantum encryption).
    SO
    as soon as quantum computing shows up:
    1. RSA, Lucifer, Raindoll are all rendered useless.
    2. A better(and THEORETICALLY unbreakable) way to encrypt also is possible due to quantum computing.

  • I can think of at least three major paradigm shifts in physics, none of which cause the least bit of stir for us today. I'll just name their chief instigators: Newton, Maxwell, Einstein. Funny how the world is still here...
  • If you can't obtain the key, it is impossible to know for sure that you have obtained the correct message. For the correct message, you have to be able to verify the key as well, or a near infinite (read "very large") number of other possible messages will also exist for the encrypted stream. Thus if you cannot intercept the key in the transmission process, then even such tools as distributed.net will not work. We assume no knowledge of the subject matter contained within the message, and thus any message of any length can be encrypted within it. Quantum cryptography is only necessary for the transmission of a key, and any of the other proven cryptographic algorithms can then be used with the key to provide secure communications. So provided that the laws of physics are not violated, the data will no longer be vulnerable even to brute force attempts.
  • "And the only way to have that sequence is to just happen to be storing numbers from the unending stream at exactly the right moment."

    But how did Bob know the sequence? From the standard-encyrpted message. If that standard encryption can be cracked, anyone can then use that info to grab the same sequence of random numbers from the satellite (or wherever). Yes? No?

  • A cracked image for an H card was then posted on alt.hack.dtv and listed on eBay!

    Mmmmmm. Quantum Spice channel.


    Viv
    -----------

  • DW: I never cared much for the term "uncrackable", it seems a bit too much like "unsinkable".

    Brigadier: What's wrong with "unsinkable"?

    DW: "Nothing," said the iceberg to the Titanic [glug glug glug]

    Well, your fingers weave quick minarets; Speak in secret alphabets;
  • by Sheepdot ( 211478 ) on Friday June 29, 2001 @12:26PM (#118957) Journal
    There are two big problems I have with this "new" technology.

    1) It isn't anywhere near feasible for common use, nor cheap enough.

    2) We already have "pretty good privacy". It's not the best, but it is sufficient and now we need to work on the next big step: securing both ends.

    I think we've pretty much covered the encryption news to death and left out some of the big stuff, the compromising of a machine on either end of the communication.

    What good does a secure method of communication do when the website you are dealing with stores your credit card info in clear text databases on machines 4 different crackers have access too?

    What good is securing a transmission with a customer when their Windows box is already compromised by a Subseven server?

    I guess what my biggest beef with secure communication overkill like this is that we've already determined it is possible to secure a transmission. We haven't determined how to properly secure both the client and the server.
  • Yeesh, that's aluminium, damn yank!
    ...
    ...
    :-)
  • Haardly a technical journal...

    Anyone have anything from a better source?
  • Shoeringer's cat, Meow, plus 128 more cats, Now we meow secure.
    ~
  • Dude you're such a karma whore. The next time there's any story about encryption, I'm going to write "Sounds pretty slick, but how secure is it if you don't make sure no one's looking over your shoulder while you compose the message before it's encrypted?" or "Sounds pretty slick, but how secure is it if you accidentally publish you private key?"

    jeez.
    ~
  • And I especially like the way I need 650 megabytes of one-time giberish if I want to transmit 650 megabytes of data. Do you think <xyzcompany> has encrypted its source tree? You bet. You think it keeps the encryption key on as many disks as the source? NBL.



    And another thing: you don't need to disclose the length of the message. Just set a size for every message, say, 1000 characters, and always send 1000. If you only have 40 characters, then just XOR 0 with 9960 bits from the one-time pad. It's equally giberish. If you want more than 1000 characters, then write near the end "Continued next message.". Through a one-time-pad method, you are guaranteed to be secure, but you need to have met securely with anyone you want to communicate with, and exchanged as much random data as you ever want to send. Random data is hard to find and keep secure, when there's lots and lots and lots of it. (As much as you ever need to transmit before you meet securely again). Through PGP, if I want only you to see a message, I get your private key from a server I trust. It doesn't matter if anyone else sees the key, they can't unencrypt what I encrypt just because they have it too. That's why it's ASYMMETRIC. Only the private key can unencrypt. So now here I am at an unsecure computer, with my every step watched and recorded, I download my own public key, I encrypt a file on the harddrive, and I erase the original. They've seen my key, but they still can't unencrypt anything.
    ~
  • Shrodinger's cat, Meow
    plus 128 more cats
    now we meow secure.
    ~
  • I love your reasoning. Have you written any books?
    ~
  • Well keep up the good work. If only every slashdot post were as well-thought-out and, more important, /clear/. Even when you rant, you rant with form :)
    ~
  • by 3-State Bit ( 225583 ) on Friday June 29, 2001 @12:16PM (#118966)
    methinks I remember an unbreakable cryptosystem [slashdot.org], also via satellite. This piece does not mention Professor Rabin.
    ~
  • No, not the message, just the key. You transmit the key via a direct beam of light, test the individual photons, and compare the results of your tests with the sender ( this can even be done in the clear if you're careful about what data you send ).

    Once you've compared the test results, you can positively identify what photons have and have not been tampered with along the way - you pull out only those which have not been tampered with and use their values to build a key.

    This gives you a secure key exchange protocol that guarantees the key has not been intercepted or compromised. Then you can engage in encrypted communications on ANY other medium.

  • But what is the practical usefulness of this outside of the military?

    The trouble that occurs to me is that if you're using the tech onboard a satellite to handle key exchange you have to trust the people who admin the satellites. That's fine if you're the pentagon or some big corp. which can buy its own satellite, but its true that doesn't help the little guy.

    I'm not an expert on optics tech. but I think if photons can be sent down a glass fiber reliably they should also be able to be bounced off a satellite reliably. I mean bouced off its reflective surface, not transmitted to any gear on board.

    Anyone ever seen or heard some amature astronomy geeks finding lunar lander remains and bouncing lasers off the reflective foil for fun? Well imagine that with a few hundred dollars in amateur astronomy gear you could set up a completely secure key exchange by bouncy a laser off floating space junk to your buddy half-way round the world ( of course curvature of the earth comes into play for lines of site to whatever satellite you choose ).

  • But how the hell are you supposed to do this via a satellite? I find it simply incomprehensible that a single photon could be successfully bounced off of a satellite and detected when it hit the Earth. Or even successfully shot between two points on the Earth. And if you can manage to send single photons between two points, why not just send plaintext? Sure, someone might tap a fiber without your knowledge. But "tapping" open space without anyone noticing?

    "Tapping open space" as you call it is the easiest thing to do. All you need is a telescope. You can't watch everyone who has a telescope - that's absurd. Think of how much opportunity there is for refraction off the atmosphere and reflection off the satellite - if you sent plaintext anyone with a telescope could read what you're saying.

    And besides - this isn't about message transmission, its about key exchange. You only need a short burst of a fraction of a second to send enough photons to make up an encryption key longer than any cryptosystem in existance could need.

  • That's not the point I'm trying to make. According to the "sources" who were talking about the NSA's fiber optic snooping they had developped a technique to circumvent this. I'm no expert on optics tech, so I really can't comment on how viable that is.

    But, given that they have got some technique that can read information being sent and not leave this "echo", the quantum testing method should still be able to positively identify that someone is siphoning out photons, or intercepting and replacing them.

  • by corvi42 ( 235814 ) on Friday June 29, 2001 @01:24PM (#118971) Homepage Journal
    No, you're mistaken. The article on counterpane ( here [counterpane.com] for those of you who see a broken link ) is not about quantum cryptography, but merely about choosing a random place within a random stream of data to begin a key.

    Basically you transmit a very long sequence of bits, and agree at a point beforehand to select out a given subset of this as a key. It all hinges upon an agreement of exactly what subset of the bits to use, and that an intermediate party does not know that subset.

    The issue on a key exchange server onboard a satellite using quantum crypto is quite different. It involves setting and then measuring properties of individual photons of light, much more complexe than the system in the counterpane article.

  • by corvi42 ( 235814 ) on Friday June 29, 2001 @12:49PM (#118972) Homepage Journal
    So this technique would allow you to know whether anyone was intercepting photons as they passed through a given medium. Has anyone thought of using this technique to positively identify whether anyone is really tapping underwater fiber optics like this old article [slashdot.org] suggested.

    It would be funny if the latest thing in crypto was able to catch the NSA with their pants down.

  • by cube farmer ( 240151 ) on Friday June 29, 2001 @01:01PM (#118973) Homepage

    when aliens finally do intercept our transmissions they will think we all speak giberish.

    Yet one more reason to procure an aluminum foil deflector beanie [zapatopi.net]; when the aliens, thinking they're helping, begin transmitting quantum-encrypted mind control beams to counteract those of the military-industrial complex, if we don't have adequate protection we'll all go into convulsions, frothing at the mouth as our brains are overwhelmed by gibberish instructions. Society will end as we know it and the forces behind black helicopters and Jimmy Hoffa's unexplained disappearance will emerge from their hiding places to take over the world!

    Protect yourself now [zapatopi.net]!

  • ...unless the a member of the implementation team is a "Family-psychology" password setter. [slashdot.org]

    "I am a man, and men are
    animals who tell stories."
  • This reminds of an incident that happened recently. One of my colleague's linux server box was hacked into, and had some data snffed from. We also found a couple of root kits and a few other things. After so much pain, he'd cleaned the system, but we still couldn't find the exploit the cracker had used.

    Anyway, we had given up hope and he took me to the server (we were exploring it remotely) room. Only to find that one of the developers had looged on as root and left the system as such.

    What I mean to say is that when you have developers, the so-called programmers and 'elite' computer literates being so reckless, the security system ceases to matter altogether. Because the fault would ultimately happen at the human end.

    All this technology is great, but then the ppl using it should be careful enough. No use having a quantum encryptor and then sticking a printout of your private key on your table.

    "...Fear the people who fear your computer"
  • Eve, an eavesdropper listening to their conversation, requires Alice's original string of photons in order to make head or tail of this exchange.

    But what about if Eve also intercepts the "agreement" photon string and compares it to the ones she has sampled? She would be able to reconstruct the key, although she never really sampled it and thus violated QM principles.

    Should Eve adopt the so-called "bucket-brigade" strategy--to intercept and resend photons as quickly as she can--she will still give her presence away. The uncertainty principle dictates that Eve cannot copy Alice's photons exactly.

    She can't copy them *exactly*, but to a very good degree limited by the specifications of her equipment. She will never be able to copy them 100%, but 99.99999999999% is very possible and very legal under QM rules. So, for example, if Eve was using a very sophisticated method of reading and sending photons, and Alice and Bob's method was only slightly less sophisticated, Eve would be able to succesfully crack the communication by fooling the two into thinking the photons were authentic, when in reality they differed only slightly by an unmeasurable amount, and thus for all intents and purposes were logically the same, but not physically identical. In order to really tell one photon from another, you have to have a measurable wide margin. When they get so close together that each seems as if they are the same, for our purposes they are the same. You'd have to have infinite (uncertainty principle impossibility) resolution in order to tell two very similiar photons apart. So the same very secure "law" is actually a two-edged sword.

    Just because it's impossible to "directly" crack a communication doesn't mean its not uncrackable and quantum laws of the universe can't save it either. It doesn't take into considerations things like equipment sensitivity, and other real world things like that which go beyond how it would ideally work, or how it would work on paper. Heck, if someone really wanted the information, they could kidnap and force the people to admit it. That's crackable as far as I'm concerned, which leads me to my next point: if it's written down, known by someone, or even happened, there are always was of "cracking" the secrecy.
  • But what is the practical usefulness of this outside of the military?

    Dancin Santa
  • by anon757 ( 265661 ) on Friday June 29, 2001 @12:55PM (#118978)
    The reason that quantam encryption isn't used everywehere, is that it's so darn hard to detect the spin of single photons. I think it's extremley unlikley that they have figured out how to discern the spin of a stream of photons, over 10 kilomiters, with a 0% error rate (otherwise you've got a bad encryption key) when it can barely be done over inches. That being said, it's still only a secure (YES, 100% Unbreakable, unless you feel like violating the laws of phyisics) method of exchanging encryption keys, but once exchanged, the data is still vulnerable to brute force cracking, like distributed.net.
  • By the time you have solved the engineering problem of sending single photons reliably over long distances outside, the crypto is meaningless

    I'm no quantum physics major, but you are definitely not a reading major. It says right in the article their work has led them to believe they can send a single photon reliably, day or not, good weather or bad.

    If your enemies figure out how to make their eavesdropping equipment invisible, you have bigger problems to deal with!

    By using satellites, you can broadcast your message EVERYWHERE. So technically anyone and everyone can intercept the message, they just won't be able to do anything with it.

  • by JohnnyKnoxville ( 311956 ) on Friday June 29, 2001 @12:18PM (#118980)
    when aliens finally do intercept our transmissions they will think we all speak giberish.
  • Simon Singh's "The Code Book" is very accessable to non-mathemeticians, and has an excellent chapter on quantum crypto.
  • The short answer: Eve can't intercept the stream and re-create it verbatim because Eve doesn't know what measurements to make, and the results of the measurements depends on how they are performed. Eve can measure and reproduce the results for one set of measurements, but if those aren't the same ones made by Alice then the photons Eve reproduces for Bob will look bogus. This all keys on the fact that the measurement of the polarization of a photon between the 0/90 axis and the -45/+45 axis is not correlated.
    --
  • 1) It isn't anywhere near feasible for common use, nor cheap enough.

    2) We already have "pretty good privacy". It's not the best, but it is sufficient and now we need to work on the next big step: securing both ends.

    Quantum computers may make the factoring of large composite numbers a great deal easier. If that happens, the security of PGP vanishes. However, it's possible that quantum technology can replace one kind of security with another. (If your other means are no longer secure and quantum cryptography is the only thing left, it's "cheap enough" for your secure traffic by definition.)

    The bottom line is that this technology hinges on the ownership of secure nodes at either end of the optical path. Unless the public network goes all-optical and can route single photons from one end to the other, I don't see how this can be of use to the public.
    --

  • and by that EXACT POINT it is not any more secure either! If it still relies on the IDLC (Integer Discreet Logarithmic Cryptosystem) at it's roots, it is negligably more secure than RSA or DH. The only place where it gets more secure is that the "session key" cannot be intercepted (well: read right-now-we-can't-do-it), but right-now-we-can't-break-a-IDLC-either-so-what's-t he-point?
  • The reason you'd need a satellite for this type of encryption is that there is no network that can handle the transmission bandwidth necessary to transmit that string of numbers. Sure there are OC-192 backbones that could, but you'd get hit hard with the "last mile" problem. With a satellite, however, you can directly broadcast the stream of numbers everywhere, bypassing the bottlenecks that limit ground-based networks.
  • No, only the one-time key must be transmitted directly.

    The message itself you may as well publish on the web.

  • why he pinned this to Los Alamos scientists is beyond me

    How is it possible for you to read the article and miss this:

    Last week, at the International Conference on Quantum Information, in Rochester, New York, they explained how to build a system that will broadcast uncrackable messages via satellite.

  • I'm curious as to why it was LANL that developed this technique. NSA is supposed to be the group that works with cryptology.
  • by qxjit ( 461981 ) on Friday June 29, 2001 @12:25PM (#118996)
    While this kind of quantum cryptograhy has been around for awhile, the article is correct in stating that such expiraments have only been done across wires until this point. The really neat thing about this is that it really is safe. These technologies do not rely on security through obscurity in any way. The key is sent quantumly, and cannot be intercepted without breaking the quantum entanglement of the particles. Once a secure key has been transmitted, it does need to be protected within the software, but that is much easier than protecting is as it flies through the air. The security of the key as it is transmitted is protected by the laws of physics, which is what makes this so secure. While there is no silver bullet to the problem at hand, this solves fundamental problem of keys being sniffed during transit without anyone knowing. From here there are a lot of other problems to solve, but its a big step toward secure transmissions in the open.

How many QA engineers does it take to screw in a lightbulb? 3: 1 to screw it in and 2 to say "I told you so" when it doesn't work.

Working...