Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Encryption Security

Practical Quantum Cryptography 164

Posted by timothy from the next-year-it'll-be-in-wristwatches dept.
Alien54 writes: "Saw this on Eureka Alert: A commercially available system for quantum key distribution and cryptography has been released by a spin-off company from the University of Geneva. The system has been tested over distances up to 70km (from Geneva to Lausanne) through standard optical fiber cables and connects to PCs via USB ports. Transmission rates of about 60 bits per seconds were achieved, sufficient for key distribution. You can see the original abstract here, which also has a link for download of the paper in PDF, Postscript, and other formats."
This discussion has been archived. No new comments can be posted.

Practical Quantum Cryptography More

Practical Quantum Cryptography

Comments Filter:
  • Neato. When we get a "Quantum Crypto IP Backbone" that will be cool.

    Of course QC is really only secure when they are direct connections. So if we want to use routers and switches to make connectivity practical we will lose the security.

    This type of thing would be cool for businesses and such that want a secure connection with other branches or offices. They could do a token ring style idea where they relay from their own branches to reach a wide area.

    Tom
    • I'm obviously missing a great deal of information. I thought quantum cryptography relied on quantum computing, which as of now, doesn't exist. Anyone care to fill in this (egregious) gap of knowledge?
      • Quantum computing DOES exists. You can read up on the current state of things here [qubit.org]. Quantum computing has been demonstrated with only a few qubits, which is all you need for quantum cryptography.
      • Some ideas called quantum cryptography, such as using polarized photons (quanta of light) rely on the quantum mechanical properties of the photons, but not necessarily quantum computing. A good overview of how this works is included in The Code Book, by Simon Singh, I suggest you give it a look. Without going into the detail here, I can tell you that if the quantum cryptography he describes ever works it would not only be absolutely secure (this can be mathematically proven) but by its nature you could tell if someone was eavesdropping on the line.
      • Quantum Crypto is based on the transmission of photons or somesuch.

        The jist is if I send from

        A =====> B

        and someone traps the bits in the middle

        A ===/C/===> B

        e.g. an eavesdropper than they will change the spin of the photons and B will know [and in turn A].

        So with quantum crypto you can send from A to B without any real crypto and you will be assured that an eavesdropper cannot get the message.

        The big problem is this all requires direct connections.

        Tom
        • So with quantum crypto you can send from A to B without any real crypto and you will be assured that an eavesdropper cannot get the message.

          I think an evesdropper could intercept the messagse just fine, its just that the reciever would know its been intercepted.. I might be wrong about this, but from what you say here

          .g. an eavesdropper than they will change the spin of the photons and B will know [and in turn A].

          Sounds like to me that they will still be able to look at the data, but they would know.

          • The trick is you send random data instead of the
            real message, so you don't care if someone
            has listened to it. If you find out that no
            one has, then you use the random data as a
            one-time pad.

            Quantum cryptography as practiced is more correctly
            called Quantum Key Distribution for this reason.
        • Some posts seemed to be indicating that with quantum cryptography no encryption was necessary because the sender and receiver would always know if someone was intercepting the message.

          I thought that quantum cryptography was a means towards creating a reliable and truly random one time pad (quite unlike the previous claim posted on Slashdot). So A would send a stream of photons to B... B would measure the photons with one of two different measuring templates.... The eavesdropper could also try to measure the photons.... but she only gets one chance.... Now A and B talk on a public line. A asks B, how did you measure the first photon? If it is different than how A intented it to be measured... it is thrown out.... The ones that are left after this process create a random number that both A and B have.

          This random number can then be used for the OTP...
    • They're also working on a laser based system (Wired article, Sep [wired.com]) at Los Alamos [lanl.gov]. For other fiber-based systems, MagiQ [magiqtech.com] is working on a similar system in New York City, while BBN [bbn.com] is working on a link in the Boston area.

      The laser-based system hopes to eventually bounce the signals off mirrors on satelites, sending keys anywhere in the world. (For a price... good for diplomats and military I suppose.)

      The fiber systems are still in need of a repeater-like device before they can get more significant distances.

      • The laser-based system hopes to eventually bounce the signals off mirrors on satelites, sending keys anywhere in the world. (For a price... good for diplomats and military I suppose.)

        If it's going to be bouncing light off of mirrors on satellites without actually modifying the light itself, I don't see how they can charge. Anyone that points the dish right can bounce it off the mirror. Of course it also seems you'd have no control of where it eventually ends up (since the mirror will be bouncing it to wherever the satellite is targetting it).

        • You kind of answered your own question didn't you? Sure you can bounce a LASER off of the mirror at random for free. If you want them to target the the mirror so the bounce goes when you want, you have to pay.

  • Spin-off company (Score:5, Funny)

    by Anonymous Coward on Thursday March 28, 2002 @03:22PM (#3242960)
    Was it a spin-off company, or perhaps just a spin-up or spin-down company?
    • It's a very strange, charming company, actually.
      • Wasn't that the same place that managed to transfer information faster than the speed of light using a quantum pair a while back?
        • >Wasn't that the same place that managed to transfer information faster than the speed of light using a quantum pair a while back? Yes and No : they never managed to transfer information faster than light, because it's impossible, but they made experimental tests of EPR correlations, which ivolves "faster than light" correlations in quantum pairs.

  • I'm not so sure about practical... (Score:4, Insightful)

    by Mithrandur ( 69023 ) on Thursday March 28, 2002 @03:25PM (#3242986)


    As nice as this scheme might be compared to previous quantum cryptography schemes, there are still fundamental problemns with implementing quantum cryptography. First off, you need a single, otherwise unused optical fiber to connect the two boxes. This means running your own cable. There's really no way around that. You're not going to find unrepeated, unused fiber just lying around.

    • This means running your own cable. There's really no way around that. You're not going to find unrepeated, unused fiber just lying around.

      Actualy between 1998 and 2001 comapnies spent 500 billion dollars for fiber optic lines, analists aproximate the surplus of fiber optic bandwith at 95%. Unfortunately I have no english sources for the figures.
      Anyway the system is not supposed to be used by every internet user, I think at first the embassies in capital cities will be connected with it.
      • Yeah but QC mandates that this is point-to-point connections. You cannot use repeaters, routers or switches.

        So the type of networking fiber that telco's do and the type that QC requires are not compatible.

        [well the cables are the same, I meant the way they are laid out and used]

        Tom
    • There is a lot of dark fiber out there (definitely in US, but also elsewhere), the problem is that it is not where there is likely to be demand for this type of crypto. The large urban metros (read: where gov'ts sit) are congestion points in general.

  • Commercially Available Product Link (Score:4, Informative)

    by slugfro ( 533652 ) on Thursday March 28, 2002 @03:25PM (#3242992) Homepage
    The conclusion of the article states that the system is currently commercially available. Here is a link to the QKD System [idquantique.com].
  • I wonder if it's legal to import these things to the united states?
  • I found a site that explains why classic cryptography suffers when compared to the benefits of quantum cryptographic methods.

    The site is located at http://www.qubit.org/intros/crypt.html [qubit.org], and is part of the Center for Quantum Computation (Oxford University).

    Here's a nice basic overview of QC from the site mentioned above: "While classical cryptography employs various mathematical techniques to restrict eavesdroppers from learning the contents of encrypted messages, in quantum mechanics the information is protected by the laws of physics. In classical cryptography an absolute security of information cannot be guaranteed. The Heisenberg uncertainty principle and quantum entanglement can be exploited in a system of secure communication, often referred to as "quantum cryptography". Quantum cryptography provides means for two parties to exchange a enciphering key over a private channel with complete security of communication."

    Linux > Help > About [monolinux.com]

  • A little background on QC (Score:5, Informative)

    by guest ( 3772 ) on Thursday March 28, 2002 @03:28PM (#3243032)
    Quantum Cryptography can be a bit hard to get your head around, if you're interested at all in the topic you can take a look at this page [tripod.com] for the some of the basic ideas and history behind QC.

    • Sounds like an interesting cryptography technique, and I'd be really curious to see how Quantum Cryptography compares to Biomorphic Sequence Generators such as the Bodacion.

      If the reader just blinked at that question, there's an article that explains it somewhat.

      http://www.suntimes.com/output/zinescene/cst-fin-e col16.html

      The Libra
      "I am Homer of Borg. Prepare to be...Oooo! Donuts!"
    • or this [qubit.org]


    • Seems this page is a Slashdot victim due to Tripod's bandwidth limits...

      Google's cache of the page is here [google.com].

  • I like my free MP3s, so don't spread this too widely: I've figured out a fool-proof method that the RIAA can use to "digitally manage" their intellectual property by using quantum computers.

    You probably recall how quantum computation works: essentially you shove all the extra computation off into parallel universes and then get the answer back when it comes. Why not expand on that idea and use quantum file storage? The RIAA can create CDs where only part of the audio track exists in our universe and the rest is retrieved from parallel universes by your quantum audio system. This makes file copying mathematically impossible.

    Now someone is probably going to pop up and say "well, I can pirate the signal after it has been revirtualized from the quantum foam". I'm glad you brought that up because it leads right into phase two of my idea. In order to listen to music, all consumers would be have sound-decoding chips implanted in their brains. The music would be beamed directly into your head from your audio system.

    Thus we see that file copying can be made impossible by those that are willing to pay the price of our freedom. The only solution is to keep quantum computers from becoming a reality

    • again, if you can hear it, you can record it...you won't get a perfect signla, but you'll be able to get a fairly good signal...then once it's out there, people can use quantum cryptography to keep the RIAA from seeing what they are doing....that which giveth taketh away

      • Pay attention, you dolt (Score:1, Funny)

        by Anonymous Coward
        From the original and highly innovative post:

        Now someone is probably going to pop up and say "well, I can pirate the signal after it has been revirtualized from the quantum foam". I'm glad you brought that up because it leads right into phase two of my idea. In order to listen to music, all consumers would be have sound-decoding chips implanted in their brains. The music would be beamed directly into your head from your audio system.

    • So Funny! (Score:5, Funny)

      by sweatyboatman ( 457800 ) <sweatyboatman&hotmail,com> on Thursday March 28, 2002 @05:02PM (#3243809) Homepage Journal
      Man, you made my day. This may lead some to wonder how boring my day is. It's pretty boring.

      "RIAA can create CDs where only part of the audio track exists in our universe..."

      I would bet this appeals a lot to RIAA. But why stop there? From what I understand they're looking for a way to sell you the CD so that there's actually no music on it.

      Perhaps just a recording of one of the executives in charge saying "Thank you for purchasing this digital music container device. We assume that you have a computer and have downloaded countless megabytes of our copyrighted material. Therefore, we have pre-removed the equivalent amount of data from this CD. Enjoy." Followed by 71 and 3/4 minutes of silence.

      Sweat
      • Because I found your comment amusing. The only problem with the 71 and 3/4 minutes of silence is that before long people will clamouring for those CDS. What is preferable, N'sync or 72 mins of silence?
    • I know this is satire and I find it quite funny, but i like to play Devil's Advocate...

      What if someone manages to get ahold of one of the chips that goes in your brain... after all, it's only electronic impulses.
    • Well, there are an infinite number of parallel universes, and so presumably there would be one where the 3viL haX0Rz have already written a client that will spawn multiple connections to universes with different quantum levels until it gathers all the song data back together (and boy, that conversion from anti-matter to matter before the recombining was a pain!).

      So, given that it isn't written in the United States (where export of encryption is illegal overseas, and punishable by death across universe boundries), we should be able to just download it from an IRC server in one of the parallel Finlands.

      Of course, having to wear a metal bowl on your head to pick up the signals as they're rebroadcast might make you looke kindof silly...
  • Not nearly secure. Physics protects this communication from straight interception. However, it does not protect it from interception and then retransmission. But cool buzzwords. They'll make a little bit of cash before the con is up.

    • Re:Not secure (Score:5, Informative)

      by sfeinstein ( 442310 ) on Thursday March 28, 2002 @03:43PM (#3243182) Homepage
      Actually, quantum physics protects key distribution from retransmission. One of the fundamental benefits of quantum cryptography is the reliance on the principle that measurement affcts that which is being measured. In short: it is possible for the sender / receiver to determine if their key was intercepted by using unsecure communication of other information that doesn't benefit anyone else that may happen to see it. For a great explanation of how to protect your key distribution in this way, see this article [newscientist.com] in the New Scientist.
      • Wrong. Read the article. In order to use this method, they each need to know each other's polarizer settings. Which means they have to share some key. (01110 might mean 45 90 90 90 45 degrees or somesuch). Which means you need a key to transmit your secure key. Anyone with access to the first key can retransmit the key that you are trying to send.
        • Post Script To clarify. The polarizer settings can be shared afterwards, but not in a manner secure from interception and then alteration to make it look like like the photons were not intercepted.
        • What makes the transfer secure is that the two parties involved don't reveal their polarizer settings until AFTER the bits have been transferred. By which time, it's too late for the "man in the middle" to go back and change his answers.

          It's really quite clever...

          -Mark
        • Wrong. The beauty of it, is that the settings don't have to be known. You call up over the phone, and check against each other... and the info you exchange in the phone call isn't the settings, just what you observed. If both observations match, then it wasn't intercepted. In this way, it's impossible to know the settings... without those, retransmission will fail.

          Still doesn't prevent truly paranoid stuff, like someone installing BO on your computer, and eavesdropping on the unencrypted stream.

          • Wrong. The beauty of it, is that the settings don't have to be known. You call up over the phone, and check against each other... and the info you exchange in the phone call isn't the settings, just what you observed. If both observations match, then it wasn't intercepted.

            Unless the man in the middle intercepts your phone call. Sound implausible? He intercepted your data traffic somehow, didn't he? Or you can put an ad in the paper. But what if the man in the middle calls up the paper as well to correct a 'mistake' in the ad you posted. Or you can post to a newsgroup, but so can he. You can't beat the man in the middle without a shared key of some kind.

            -a
            • This doesn't work either. The man in the middle might try this, but he will be revealed when the two participants check their observations against each other. Remember, this isn't encryption itself, so much as a way to securely distribute keys.

              • This doesn't work either. The man in the middle might try this, but he will be revealed when the two participants check their observations against each other. Remember, this isn't encryption itself, so much as a way to securely distribute keys.
                Non-sequitor. How do the two participants check their results against each other? That's the problem. I write encryption software for a living, so I'm not just babbling here. The quantum key distribution is analagous to a Diffie-Hellman exchange. The principle advantage is that the DH is subject to cryptanalysis and brute-force cracking, whereas the quantum key exchange is not. However quantum KE, like DH, is not secure without proper authentication.

                To do authentication, you need some kind of key. The "key" does not have to be a literal string of bits. If you phone the other guy and you recognize his voice and you believe that the man in the middle could not possibly intercept the call and fake your friend's voice, then you could consider your friend's voiceprint to be a form of key.

                -a
                • If you're talking about some Col Waresque plot that involves a Russian KGB agent who has trained 20 years just impersonating your friends voice, and he is perfect, and also has the tech to intercept and then retransmit, well then I suppose you're screwed.

                  But if you're that paranoid, what's to stop some psychic or savant from somehow guessing the key? Miss Cleo might not be able to testify against you in court, but if she could decode your trade secret for the competitors...

                  • If you're talking about some Col Waresque plot that involves a Russian KGB agent who has trained 20 years just impersonating your friends voice, and he is perfect, and also has the tech to intercept and then retransmit, well then I suppose you're screwed.
                    FYI, we already have multiple cryptographic techniques for key exchange. For example, there's the Diffie-Hellman protocol that I alluded to earlier. With DH, you can still do all the same paranoid stuff you can do with quantum key exchange, such as publishing your vectors in a newspaper or on a newsgroup or phoning the guy and analyzing his voiceprint. But in practice, no one does that, because people use RSA for authentication, and you only have to exchange the RSA keys once. Of course, the weak link in the chain is now the authenticity of the RSA key, which you now have to publish on a newsgroup or webpage, or distribute through PGP web of trust.

                    So what is the advantage of quantum key exchange over DH? Well, if someone listens in on the DH exchange, they can store the keys and then crack them 10 years from now with their $100 billion brute force cracking machine or their quantum computer. Before they do this, they have to intercept your keys, which means that they are probably either the government or AT&T. In either case, what's so improbable about them intercepting your phone call?

                    Also, note that you currently have to have a dedicated fibre line connecting you to the person you want to talk to, but for some reason, you didn't want to just meet with them ahead of time to decide on an authentication key. Now who's talking KGB plot?

                    -a
        • They don't need any key to share their polarizer settings. They can put the settings in the newspaper if they want. By the time an eavesdropper would get the settings it would be too late to use them.


          No key exists until the sender tells the receiver which of the receiver's settings were correct. Both sides then use some agreed-upon approach to turn the readings from the correct settings into a key. The only step at that point is to have both sides compare a subset of the resulting key to check that the data stream wasn't corrupted by an eavesdropper.

  • NSA (Score:1)

    by gumby42 ( 243681 )
    put that one in the NSA's pipe and smoke it.
    • They probably already have a full blown QC communication system deployed. Also probably already have a working quantum computer or two in thier basement decoding everybody's cyphered transactions in real time. Probably have a profile on you and knew you were gonna say that before you did.

  • Just in time... (Score:3, Funny)

    by NOT-2-QUICK ( 114909 ) on Thursday March 28, 2002 @03:33PM (#3243082) Homepage
    Great...all my encryption problems are solved!!! And not a moment too soon, either...

    After all, I was getting a bit nervous with respect to my encryption needs in light of the retirement of further development of PGP [slashdot.org] and the possible inadequacies of GnuPG [slashdot.org]... :-)

  • What's quantum cryptography/key distrobution? (Score:3, Informative)

    by moniker_21 ( 414164 ) on Thursday March 28, 2002 @03:36PM (#3243114)
    Well, I wasn't too sure, so I dug up some links to try and help myself and others understand this:
    http://research.microsoft.com/~gottesma/QKD.html [microsoft.com]
    http://www.qubit.org/intros/crypt.html [qubit.org]
    http://www.ecst.csuchico.edu/~atman/Crypto/quantum /quantum-index.html [csuchico.edu]

    The last link is particularly +1 insightful about the basics of quantum cryptography.

    • more reading here... (Score:3, Informative)

      by bje2 ( 533276 )
      if anyone wants to read more look for this book [amazon.com] which covers the history of cryptography from ancient egypt to quantum cryptography...i read it, and it was extremely interesting from a mathematical and computer point of view...it includes a whole section of the theories behind quantum computing and quantum cryptography...

  • The company is: (Score:4, Informative)

    by Alien54 ( 180860 ) on Thursday March 28, 2002 @03:38PM (#3243141) Journal
    The Company is: ID Quantique.

    Home Page here:

    www.idquantique.com/index.html [idquantique.com]

  • Are those spelling mistakes OCR typos or a secret embedded message? Oh well, noticed it now, I guess the gig is up.
  • It only comes in three colors.
  • And I just bought a newtonian key distribution system! The vendor told me quantum mechanics was nonsense.

  • QC solves confidentiality, but not authentication (Score:3, Interesting)

    by The Pim ( 140414 ) on Thursday March 28, 2002 @04:18PM (#3243452)
    I've heard it said that, if QC proves practical, the code-makers will have a final victory over the code-breakers. This seems true at first: there is absolutely no way, in theory, for anyone but the recipient to receive the message.

    But how do you know who the recipient is? QC offers no authentication. If you have to use public key for authentication, what advantage is gained by using superior methods for confidentiality?

    The only one I can think of is that, with conventional cryptography, you can capture the data stream and crack it "off-line". I suppose that this is significant: with QC you only have to worry about whether they've cracked your private key (that you will use for authentication) already, not whether they can in 100 years (because you've used it for encryption).

    Another argument might be that it is easier to eavesdrop on a channel than to redirect it. But that seems like a dubious assumption, if the enemy is determined.

    Thoughts?

    • Redirection isn't a problem either; to redirect the stream you'd have to observe it, and by observing it you will change it, and make it impossible to view the messages.

      I guess you could always kill the recipient and read his messages, but any form of cryptography short of biometric (and others have pointed out the flaws in that) will be vulnerable to that attack.

      • Redirection isn't a problem either; to redirect the stream you'd have to observe it, and by observing it you will change it, and make it impossible to view the messages.

        I mean interception, not man-in-the-middle. I cut your fiber and read your photons, without trying to pass them on to the intended recipient. Then, when you try to contact the recipient over some "conventional" channel for phase two (comparing the polarities on the two ends), I intercept that, and we discuss the polarities I intercepted. You require that my messages be signed by the intended recipient, of course, but I've broken RSA, so no problem. Then, you send the message xor'ed with the random bits, and I intercept that. I've stolen the message, and you're none the wiser.

  • A while back there was all these studies and experiments about duplicating light beams. I recall mentions of quantum entanglment and such (stuff that's used in these secure quantum transmision schemes).

    Could one of these duplication beams be used w/out being detected? I know normal reception and retransmission IS detectable.
  • However, like many of their announcements, they couldn't place a time or date when it would be released...

  • We must thank the cat (Score:5, Funny)

    by r_j_prahad ( 309298 ) <r_j_prahad&hotmail,com> on Thursday March 28, 2002 @04:57PM (#3243772)
    Schroedinger's cat may have sacrificed its life to make this product a reality. Or maybe not. Only Heisenberg knows for sure.
  • F4RVVMI0-4MV4K3-GNJWRLNVUWILSNVH47 TP9MTJ894PW3MJSK4L;M49TIMAJK TMVAKL;TMAW4K950[MAWVK9T[MK9PUD56MO/8NK 4SW-90A-94 8I3E-90 9Y5-4]Y59S,BOKSY;'5GB L; YL;SE,L YR;E'KAO P34[I693 A[90[ ZGFKGL;/ ,GL;D'F KGLSDF;'G DSFG,DFLG;D L; C3D1JKCN00892N5VFKLMD31NOV VTN5UIONT

    And that completes our tour of Hilbert Space. Any questions?

    Oh for crying out loud! Who let that cat in here? Now I don't even know what i said. That's one dead cat if I ever get my hands on it.
    • Hmmm, your encrypted data does not look statistically random to me :-) Try this instead ...

      qANQR1DBwE4DmBod8oWMnB5+t0opVD15zJPHNvLYF1MxaUOy 3K KqtXZb3ljA/oM98PLKjfAhfRqbo1JqO4UUYUu25djiS7Ove45l pmoaSycP8T+usdqcJFtNwUrTelCNEUe9dJPbXGuGgR7JjzA9Xx 6dzu76z3XH/rf51Tx1iM8bI7EcT1ijfWt8s59J/JZpHbxJ1Vxa PHYchy
  • Only those knowing the Swiss' reputation will get it, but here it's :
    Transmission rates of about 60 bits per seconds
    Well that's pretty fast for the swiss...
  • Here is an article in Information Security magazine explaining how quantum cryptography works and why it is significant:

    http://www.infosecuritymag.com/articles/august01 /f eatures_crypto.shtml

    "Don't touch anything."

Slashdot Top Deals

"An ounce of prevention is worth a ton of code." -- an anonymous programmer

Close