Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Encryption Security

Quantum Cryptography In Action 238

Whitney Wyatt writes: "Discover magazine outlines the first successful laser photon communication utilizing Quantum Cryptography. Called 'Perfect Encryption,' quantum encryption sends the key with the message, however it is impossible for an eavesdropper to intercept the message without changing it. One can only wonder what the FBI will do."
This discussion has been archived. No new comments can be posted.

Quantum Cryptography In Action

Comments Filter:
  • Duhh... (Score:5, Funny)

    by The Iconoclast ( 24795 ) on Sunday April 28, 2002 @04:56PM (#3425824)
    One can only wonder what the FBI will do.
    Why, outlaw quantum mechanics, of course!
    • You beat me to it. But actually, the FBI can't outlaw anything, they can only push the legislature to outlaw it, and then they could enforce that law.

      Nevertheless, I wonder what implications this will have for privacy, assuming this is feasable enough to become widespread.
    • No they'll just insist the fundamental laws of physics are changed to make it insecure enough for the FBI to decode everything - but nobody else. Remember the whole key escrow debate - there'll probably be a similar sort of one about quantum crypto too.
    • nope, no need! (Score:1, Informative)

      by Anonymous Coward
      What this means is that the message can only be read once, not that the message is impossible to decrypt. The government still has the same job it's always had.

      Plus the distances involved are microscopic. For this to matter much to the government the single quanta of data has to last long enough to travel a significant distance.
      • key, not message (Score:3, Interesting)

        by Skavookie ( 3659 )
        Quantum crypto allows Allice to send a one time pad to Bob and determine if it was intercepted or not. If it is intercepted then Allice discards the pad and tries again. Otherwise Allice uses the pad to encrypt the message and uses conventional means to transmit it. If someone intercepts the pad, then the message is never sent so there's nothing to cryptanalyze. Otherwise they have a message but no pad. Cryptanalysis of a message encrypted with a one time pad is mathematically impossible.

        The distance issue is the main problem with this technology but progress is being made on that front and I'm sure it will only be a matter of time before it is solved.
        • by PoshSpod ( 549405 )
          The 'discard and try again tack' is a slight mis-conception. Even if Eve does aquire some of the message - by either attempting to split the beams or by intercepting the signal, guessing the polorisation and resending the result - Alice and Bob will be prefectly aware that she has done this and will even be able to estimate how much of the message she knows. They can then apply something called Privacy Amplification to the keys they share to ensure she know none of it. Basically this is a hash function X -> Y where if knowledge of X is less than perfect, knowledge of Y will be nil.

          Check out Generalized Privacy Amplification (1992) by Charles Bennet et. al if you're really interested.

    • One can only wonder what the FBI will do.

      probably the same thing they've always done... intercept the transmission after it's been recieved (or in some cases before its been sent).

      there is no such thing as fbi-proof. the message has to be decrypted at some point, otherwise, it isn't a very useful communication, is it?
    • I strongly feel that The Codebreakers should be required reading for cryptography advocates. Over and over again the weakest link in any cryptographic system, including the one-time pad has been user error. According to Kahn the NSA successfully decrypted Soviet messages encrypted with "one-time" pads that had been reused due to supply difficulties or clerical errors. They were able to accomplish this by collecting thousands of encrypted dispatches, using traffic analysis, and looking for identical cipher text that might indicate common words, names, or phrases.

      Kahn credits cryptographic incompetence to a wide variety of historical disasters from the defeat of the Imperial Russian army during World War I because key officers refused to use codes, to the World War II defeat of enigma because the German Navy had their U-boats transmitting trivial messages to headquarters on a daily basis. (In fact, traffic analysis and radio direction finding efforts were probably more critical than the actual capture of an enigma machine.)

      The bottom line is that creating cryptographic systems that mathematically cannot be broken using current technology and probably with any future technology is relatively trivial. Creating socio-technical systems that are resistant to cryptographic incompetence is almost impossible. Most of the focus on algorithms is missing the point when there exist a dozen algorithms that are unbreakable, but no algorithms that are not vulnerable to social engineering attacks, traffic analysis, and dictionary attacks.

      I feel that this is really the primary focus of government attacks on cryptographic products, the goal is not to attack the algorithms, but to hinder the development of socio-technical systems that use cryptography effectively. Why worry about if Microsoft Office includes strong, probably unbreakable encryption algorithms, if the software uses password XOR by default for compatibility with earlier versions, the strong cryptography is incompatible with export versions, and a dictionary attack will get 50 percent of the information you want? I am less interested in whether they can create yet another unbreakable encryption system, than creating a security system that allows me to send private e-mail to co-workers who don't understand why they should get a pgp plug-in or how to use it.

  • hmmm.. (Score:2, Insightful)

    by skymester ( 323871 )
    Could states outlaw this?
    Or is this so complicated that only states and not criminal indivduals can use it?

    • You can't outlaw physics. Additionally, the government has made attempts in the past to prevent private citizens from acquiring powerful crypto, but have been unable to do so. Privacy is a right.
  • What will they do? (Score:4, Interesting)

    by leshert ( 40509 ) on Sunday April 28, 2002 @04:57PM (#3425830) Homepage
    They'll simply declare that, like plutonium and surface-to-air-missiles, it's something that they can't abide the public owning, and will outlaw it. What else could they do?
    • Wrong. Quantum cryptography is not a destructive weapon. It will be treated no differently than it is now. Anyone with enough money to impliment it will be able to do so without any restrictions. The goverernment (in the USA) won't restrict it. The population is becoming more tech savvy and major magazines/institutions have picked up on it. You could say that the genie is out of the bottle now. If they ever wanted to restrict it, it's a little too late now.

      On a side note, I have no clue how posts like the parent get modded up. Comparing cryptography to plutonium just doesn't make sense to me. But then again, maybe I'm an idiot.
      • by 56ker ( 566853 )
        Why then were high-level cryptographic programs prohibited from export from the U.S and still are to certain countries they don't like? It was banned from export because it was classed as a weapon. The USA don't want to go to war with someone they can't eavesdrop on the communications of - that's what this is to prevent. Although it's not a weapon in the conventional sense - it's a defence. Look how effective the Enigma machine was for the Germans until it was broken. If the operators hadn't used easily guessible strings like HIT LER and BER LIN to encode the messages it would've taken far longer to crack it (they were told to randomise them).
        • The original poster was referring to use of quantum cryptography inside the United States. Your post makes aboslutely no sense at all in context. Of course the government wanted to restrict the availability of strong cryptographic mechanisms to the rest of the world! However; they never (to my knowledge) restricted its use inside the United States.
          • However; they never (to my knowledge) restricted its use inside the United States.

            Not successfully, true. However, you do remember the move to require backdoors (government keyescrow, actually) in the early 1990s, right?

            Read the arguments put forth against the recent liberalization of export controls. At least half of the objections made didn't have anything to do with other countries--they were regarding law enforcement's 'need' to be able to successfully tap encrypted communications. Do you really think that they want to draw the line at the U.S. border?
  • We should all realize by now that words such as "never" and "impossible" do not exist in technology's dictionary.

    So, right now we can't eavesdrop without modifying .. means nothing. Research, research, research. We will get there, especially with government dollars backing it.

    • Not necessarily. The basis of quantum physics is that once a particle has been measured its state is set, and until it is measured it is impossible to know its state (its a roll of the dice). Quantum encryption uses interference to set states and if an outsider does make a measurement of its state (up or down) the state of the particle will get set, and the interference used to make quantum encryption work, will not work correctly. It will not only yield a result that is incorrect to them unless they are at the end of the line with the key, but it will also let someone at the end know that someone is eavesdropping.
      • But the rules of physics changed often during the centuries. Couldnt it happen again. Someone could come up with something much more sophisticated then quantum mechanics, a new model wich would allow to crack quantum mechanics. The end of physics isnt here yet.

        • That is true, but we can always tell how the universe doesn't work. I believe violation of Bell's inequality is sufficient to forbid any law of physics that would allow tapping quantum key exchanges.

          Violation of Bell's inequality has been expermentally demonstrated, subject to a few caveats, which mostly boil down to having to assume that God is not maliciously manipulating our results. Of course, all of physics has to assume that, so I don't really think it is a big deal.

          What is more, unlike classical cryptography, where the eavesdropper can copy the cyphertext and spend an infinite amount of time decyphering it, quantum key exchange requires that the eavesdropper have the techonology to intercept the signal right now. Quantum key exchange today is immune to future advances in technology (with the possible exception of a working time machine--but then that screws things up no matter what).

          All that said, the posts above are absolutely correct in saying that there are always other weak links. This system is not immune to man-in-the middle attacks, tampering with the "trusted" equipment at either end, or social engineering. In addition, some forms of quantum key exchange are potentially vulnerable to tempest style attacks.
    • by Anonymous Coward
      And I'm sure you'll be there every step of the way explaining that the next step is only a matter of time...

      Here's a pence, buy a clue
  • Impossible? (Score:3, Informative)

    by squared99 ( 466315 ) on Sunday April 28, 2002 @05:01PM (#3425847)
    This stuff is getting pretty heavy, but it seems the technology to break this type of cryptography is already in early stages of research. Check out this New Scientist [] article.
  • It's an interesting article that outlines many of the considerations and hurdles one encounters in this field, but there's no breakthrough here. We haven't had a breakthrough since December, 2000 when researchers at UCSB built their latest prototype [] capable of consistently detecting such photons. We're bound to make some more breakthroughs soon, it's premature to say we already have recently.

    If you're still not clear on the whole quantum cryptography deal, has a good introduction [] (pdf, of course).
  • Guys, this isn't something that will be showing up in our homes - or even large corporate offices - for years. Decades, maybe. Once this moves out of Los Alamos and into what I will call, for want of a better term, the "real world", there may be export restrictions on this, just as with PGP. That's all, I'll bet. And for now, I doubt there will be *any* legistlation.
    • Read the article, it says something different:

      Over short distances on the ground, quantum cryptography will be much simpler and cheaper. Wireless optical communication systems that span up to five miles are already in use as voice and data networks linking businesses, hospitals, and university campuses. It would be easy to add single-photon encryption to these systems, Hughes says.

      Where not there yet, but maybe in 10 years you can get optical ethernet cards with quantum cryptograhy onboard everywhere cheap.

      Who knows

    • Guys, this isn't something that will be showing up in our homes - or even large corporate offices - for years. Decades, maybe. Once this moves out of Los Alamos and into what I will call, for want of a better term, the "real world", there may be export restrictions on this, just as with PGP. That's all, I'll bet. And for now, I doubt there will be *any* legistlation.

      It's not just a matter of the technical problems. A bigger question is why would you want this. We already have a key agreement protocol that works perfectly well. It's called Diffie-Hellman, and its security derives from the hardness of the discrete log problem (which is related to the factoring problem). You can make DH as strong as you want, simply by choosing larger exponentials. The danger is that someone will build a quantum computer which can crack DH in p time.

      However, the whole point of key agreement is that it allows you make ah hoc communications with arbitrary parties without having to meet ahead of time to agree on a key. To do this, we need an authentication protocol such as RSA. RSA is based on similar maths as DH, so if someone can build a quantum computer that cracks DH then RSA will probably fall too. Quantum cryptography doesn't solve the authentication problem so it isn't much use for wide scale use. It doesn't make much sense for personal use either because you still have to meet with your friend in order to agree on an authentication key.

  • Look how far we go to avoid trusting one another...
    It's a fallen world...
  • ...and has so for the past 2000 years.

    It's called a one-time pad.

    So, before everybody and their brother starts talking about how the NSA can already break this, remember that you can, quite easily, build a 'uncrackable' cypher.

    And it'll never be breakable, provided you take some sort of security measures. But if you're paranoid, you already do most of those.

    Sorry, this is just a preemptive strike against 'the government can monitor my thoughts" crowd.

    Back to your normal high S/N ratio.
    • The article linked to discusses the fact that quantum cryptography is only an extension of one-time-pad schemes in use since the early 20th century. It also outlines the problems with those systems (i.e. reuse of the meta-key used to transmit the pad-of-the-day, as in the Germans always using "Heil Hitler" as their meta-key, giving the Brits a big fat backdoor to their nominally one-time-only Enigma codes).

      It seems to me that, if this article is correct, the advancement of this form of cryptography is probably no more "unbreakable" than the Titanic was unsinkable. The point is only to make it so that an eavesdropper gives away their presence by intercepting (and thereby destroying) some of the key.

      IIRC, most quantum schemes contemplate "quantum" transmission (i.e. single photon encoded information) on for the key, while the actual encrypted message is still transmitted through normal means (which would allow for error correction, faster transmission, communications robustness etc.) So, the actual message is still interceptable, and therefore still susceptible to a brute-force attack.

      Sure, you might not be able to get realtime intelligence the way the Allies did in WWII, or we did in the Cold War (thanks to tapping into unencrypted underwater cables), but you can still decypher messages given enough time and computing power.

      Thus, I repeat, the scheme contemplated here, if I understand it correctly, is no more "unbreakable" than the Titanic was "unsinkable."


      no sig is good sig.

      • You can still make the key the same length as the message, and use it as a one-time pad. So first you send the key (which is just random data), and if it's compromised on the way, you know it (that's the only real benefit of quantum "cryptography", that it cannot be intercepted without being noticable) and don't use it. If the key gets transmitted without interception, then you encode your message with it and send it using any means you want. There's no brute force against a one-time pad. The transmission is secure. The only problems are 1) practicality (cost, range, etc) and 2) out of scope attacks (so they can't get the message while it's in the air. Instead they wait till you decrypt it and then make you reveal it at gunpoint, or more likely just wait for you to email it to someone else, or store it on your computer with the password of "secret").
      • by Anonymous Coward
        Vernam ciphers are not prone to brute-force attack. Consider you intercept my ciphertext of "O*0ZZ". Tell me: what was the original message? You know it's 5 characters in length (=40 bits), so you only have 2^40 possibilities to go through, right?

        The problem is: when you try one the possibilities, how do you know if it's my original plaintext or not? Was my original message "BREAD"? Was it "HELLO"? Was it "DEATH"? The answer is all of the above and none of the above. You can calculate all 2^40 possibilities, and all of them could be correct. You could use a little human intuition -- you could say "DEATH" is more probable than "999.." -- but that only goes so far. You have no reason to believe that "HELLO" is a more or less probably message than "DEATH". If you did have any of that intution, then the actual ciphertext was be literally meaningless to you (aside from its length, of course). You have *NO* way of knowing which is the actual message.

        Unless you have the key. This is where quantum cryptography comes into play. Exchanging keys for Vernam ciphers is not hard, but it is impossible (literally) to do electronically and securely. If you send the key over insecured channels, then your key is insecure. If you send your key over encrypted channels, then your key is only as secure as the channel you used, which is to say not secure at all (relatively speaking, seeing as all ciphers are prone to brute-force attack, except for the Vernam cipher). By using quanta, you can tell if your key has been listened to with 1 - (0.5)^n probability, where n is the length of the key.

        It always amazes me that people are still willing to spout of crap like "the Vernam cipher is crackable" or "it's prone to brute-force attacks", I guess because they've grown up with the "anything's possible, even the impossible" Hollywood drivel. The Vernam cipher, if the key is generated with a true random number generator (which does not exist, I should say, but it might some day) is uncrackable. It is mathematically provable. Each bit in the ciphertext (again, if the key is completely random) does not depend on any of the bits before or after it. So, suppose you intercept a bit of ciphertext. It is a 0. Was the original plaintext a 0 or a 1? There is a 50% chance it was a 0 and a 50% it was a 1. Tell me how you would crack this; the entire cryptoanalysis field is awaiting your answer. There is no reason a 0 a better answer than a 1; there is no reason a 1 is a better answer than a 0; there is a 0.5 probability it was a 0; there is a 0.5 probability it was a 1. Tell me: was it a 0 or a 1? Take all the computer time you need.

    • QC is an extension of One Time Pads - it makes OTP practical and fast. Search google for Quantum Cryptography, and you'll see.
    • Yes, the article even talks about one-time pads, although they only report their existance since the beginning of the last century.

      What is really exciting about this is that the key is sent without detection (supposedly... I personally think there will eventually be devices made to counter this by "quantum listening" to that transfer).

      Funny enough, that "crowd" you're referring to will still be paranoid even if they don't bother communicating with anyone at all that the government will still monitor their thoughts.

    • And it'll never be breakable, provided you take some sort of security measures. But if you're paranoid, you already do most of those.

      You say it will *never* be breakable if you take some sort of security measures. Never's a pretty tough thing to prove. OK, which measures should you take? How do you know that 1000 years from now, someone will not have perfected time travel and invisibility... how do you know that someone is not standing over your shoulder while you are locked in a lead-lined vault deep inside Mt. Everest as you key in the pad? If you kill yourself after making the pad, how do you know the inflitrator does not have the technology to reconstruct your memories from your brain tissue? The one time pad being perfect "forever" is a bunch of crap. "For now" I can deal with, but not "forever"... which makes it just like most cryptography.
      • > How do you know that 1000 years from now, someone
        > will not have perfected time travel and
        >invisibility... how do you know that someone is
        > not standing over your shoulder while you are
        > locked in a lead-lined vault deep inside Mt.
        > Everest as you key in the pad?

        (a) If someone has these capabilities, encryption doesn't help you at all, because secrets don't help you at all.

        (b) "How do you know that..." is a degenerate argument; how do you know that 'reality' is real? Any rational discussion has to start with agreed-to premises and it's basically childs-play to deny the discussion by rejecting the premises.
    • Not exactly. One time pads don't:
      • Disguise the length of a message
      • Hide the fact that a message has been sent
      Both are very important.
      • A one-time pad can disguise the length of a message as long as the message is shorter than the pad. If I use a 2K pad I can send a message which is "All your base are belong to us" or the GPS coordinates for all the Fortune 100 headquarters and the size of the encrypted message will be the same, 2K.

        No form of encryption can hide the fact that a message has been sent. That's what stegaography and other forms of obfuscation are for.
      • The algorithm has nothing to do with the transmition medium.

        If you want to make a One Time Pad that's long enough, you are free to disguise the length of a message by padding your text with 0s. This is essentially "wasting" your pad, but if you're really concerned about the length of your message being revealed, you are free to obscure it and make it seem artificially larger. (You can't make it artificially smaller, unless you somehow compress your message before you encrypt it.)

        And you can hide the fact that a message has been sent by using any steganographic method you chose. Just as you can with any other encryption algorithm.

        Don't confuse the algorithm with the transmition medium.
      • If you pad your message to a fixed length, you can eliminate problem of a known message length. (if the message is longer than your fixed length, break it into two messages)

        No form of "encryption" will hide the fact that you are transmitting a message. To do that you need to imploy a steganographic technique such as spread spectrum transmission. Once you have encrypted your message using your one time pad, you transmit the message using Stego technique and you have "perfect" encryption according to your definition.

    • Yes, a one-time pad is unbreakable in an information-theoretic sense. However, there are few ciphers today capable of being broken by brute force. Most attacks are directed at protocols and other security problems.

      For all practical purposes, 128-bit symmetric key ciphers are as unbreakable as an OTP, even to the three-letter organizations, but without the pratical problems associated to the OTP.

      Quantum cryptography comes to extend ``nearly-unbreakable'' crypto even further. From the looks of it, the usage of OTPs will decrease due to quantum crypto, even if it isn't unbreakable.
    • The reason a one-time pad cipher isn't necessarily "perfect" is that it must be transmitted from the sender to the receiver, which brings up a Catch-22. How do I send this key while ensuring it doesn't get intercepted? Encrypt it! Hmm, a one-time pad cipher is the most secure way. Oh wait, now how do I send that key?

      Quantum cryptography addresses this problem by creating a secure communication channel that is detected at the single-photon level. Because detection of a single photon changes it, any eavesdropper can easily be detected when unexpected results are found.

      The property of the system that simultaneously makes it both secure and unfit for sending anything other than a one-time pad is that a random portion of the bits sent by the source are rendered useless. When the receiver picks an incorrect detection scheme, the results are ambiguous. The two parties compare notes on what methods they used, and then eliminate all the ambiguous bits. They can't know beforehand which ones will be thrown away. The way to check for eavesdroppers is to use an insecure channel to compare (and then throw away) a portion of the results to see if there are any discrepancies.

      After the key is sent, the encoded message can be sent on an insecure channel, since both parties can be sure they have the same key. A one-time pad cipher can never be cracked because, for instance, a 1 kbit message can have any 1 kbit key as its cipher. Therefore the number of keys to check would be 2^(1024). Even after this is completed (well after the end of the world?) the decoded message is found along with every other possible 1 kbit combination. Any possible 1 kbit file can would be found among the results. This is no better than writing a program that fills memory with files that contain the numbers from 0 to 2^(1024)-1.

      Some researchers are actually attacking the implementation of quantum cryptography rather than the theory. The devices used in QC actually send light down the fiber optic lines that damages the equipment on both ends resulting in predictable behavior. However, there are already safeguards developed against these type of attacks. Essentially it comes down to this question: "Is there a perfect implementation of Quantum Cryptography?"

    • You have to get the key safely to the other side, and since the key is the same size as the data, if you have a way to securly send the key, why not just send the data itself?
    • the germans used this during world war 1, the black chamber (pre dates the NSA) were quite good at cracking it.

    • Quantum encryption has the very unique feature of snoop-detection. OTP by itself is a method to encrypt. But it does nothing to address detecting whether someone is reading your messages. If your message is "unbreakable", that's a good thing, but knowing that someone is listening is important for some applications. (Just as steganography is useful for some applications.)
  • What this means is that the message can only be read once, not that the message is impossible to decrypt. The government still has the same job it's always had.

    Plus the distances involved are microscopic. For this to matter much to the government the single quanta of data has to last long enough to travel a significant distance.
    • by cheese_wallet ( 88279 ) on Sunday April 28, 2002 @05:27PM (#3425961) Journal
      I'm guessing you didn't read the article. They've been able to do this over a distance of 6 miles in open air. Not bad, considering this is an infancy stage.

      Yeah, it means the message can only be read once. But in this case the message is the key for a one time pad encryption.

      Basically this makes one time pad encryption a whole lot more secure than it was before. One time pads, I think, are the best form of encryption--but the problem has been the security of the key.

      this whole photon quantum encryption deal addresses that issue in a really neat way.
      • "Basically this makes one time pad encryption a whole lot more secure"

        No, it doesn't. The OTPs aren't anymore secure (how do you make unbreakable more secure? That's like saying more dead, or more off).

        This is also vulnerable to man in the middle attacks. Nothing stops people from re-transmitting whatever they want. If they know the message, the can always re-encrypt. You still need a secure back channel.
  • by Anonymous Coward on Sunday April 28, 2002 @05:07PM (#3425875)
    Sorry to bring bad news, but quantum cryptography is unlikely to become available to the likes of us. The reason:

    Alice and Bob have a length of optical fibre running between them, and are using quantum cryptography. Eve attempts to evesdrop, but is unable to do so without changing the information in the signal (polarisation etc). Eve is foiled. Hurrah!

    Now imagine that Alice and Bob are mere mortals and get to use the phone network like the rest of us.

    The system they use is a standard fibre & router system, but the actual fibre is encrypted. What is Eve to do?

    Answer: She installs a tap on the repeater, because quantum crypto only works over single lengths of fibre.

    As if by magic quantum cryptography only becomes useful to people who get to dig holes in the road, such as phone companies, big business and the government. We little people don't even get to play the game.

    • MOD THIS DOWN... (Score:2, Informative)

      by univgeek ( 442857 )
      The experiment was performed in FREE-SPACE...

      That means WITHOUT FIBRE

      Which means you dont need to dig holes and most of the assumptions of the poster are invalidated.

      Read the article first people.

      • The experiment was performed in FREE-SPACE...

        That means WITHOUT FIBRE

        Which means you dont need to dig holes and most of the assumptions of the poster are invalidated.

        WooHoo! Now I can communicate securely with everybody in my unobstructed direct line of sight! Without fiber!

        Wait... I could already do that by walking over to them and whispering in their ear. Oh well.

        • What they said they wanted to use this for is satellite communications. You can send an encrypt message to a satellite and it either does something with it (ie command) or it sends another encrypted message to another land station somewhere else in the world.

          And no.. I don't think this is ever going to be used at any time for civilian use. The technology is too costly and also typically civilians don't need that level of encryption.
    • At the time being, you are right. But you are wrong if you say that "quantum crypto only works over single lengths of fibre"... There exist proposals for quantum repeaters (see here []), and it has been shown that the very techniques used for the repeaters can be used for cryptographic tasks (see here []).
  • [I]t is impossible for an eavesdropper to intercept the message without changing it. One can only wonder what the FBI will do.
    They'll probably intercept a whole message (completely stop it) and send another message just like it on the same line a split second later. Of course, as I'm not an expert on quantum physics there might be some flaw in my plan.
    • No, as far as i understand you can only read the message if you have the key. And you have only one chance to try.
    • The problem would be in intercepting it in the first place. An interceptor has only one shot at properly decoding each photon. Since an interceptor would get possibly 50% of them decoded incorrectly, they wouldn't be able to decode the message nor repeat the original message.
    • I haven't read the article yet (FWIW,) but I am pretty sure that it is impossible to replay the message, because to be able to replay it something has to "look" at it, and if it's "looked" at, you've affected it, so what you're "seeing" is not what you need to replay. It's the basic Hiesenberg principles at work. Ok, going to read the article now to see if it provides any deep insight into how *anyone* is supposed to read these. :)
  • Quantam computers are the only ones which have the processing power to break what is in essance, the one time pad used by light (quantam cryptography). When computers came along at the end of WWII, we could start stabbing at one time pads and Zeta functions, which are almost as difficult to crack. Now, we are back at that pre WWII stage where Pads are near impossible. Now, quantam cryptography on its own is vulnerable to brute force cracking, as all encyption is. What makes it secure is the fact that you can't intercept it. And already some universities have been plying with induction-based pickups for fiber optics.
  • Liquid helium and quantum boosters that are only about a decade away... Why not post a story about personal rocketships whisking us away to the surface of Mars?
  • Osama? (Score:2, Insightful)

    by Devil's BSD ( 562630 )
    We all know deep down that the big concern is he-who-is-not-to-be-named, namely Osama bin Laden. The thing is though, that it's not likely that he will get his hands on this laser-o-doom. Even if he did, he couldn't likely use it, as it probably requires a direct line of sight. Fiber uses the principle of total internal reflection to transmit light, but this reflection causes some of the light to polarize, changing the quantum state and making the data invalid. So as of now, I think this is only for ./'ers edification.
  • I'd be interested in seeing how the initial key exchange works. The receiver randomly chooses orientations and derives a bit pattern from the incoming transmission. Makes sense. It then says the receiver reports which random choices it made to the sender. I'm not sure exactly how the sender is able to decode this transmission from the receiver. It cant choose random orientations else it would lose the data which indicates the shared key. Any ideas?
    • I'm going to respond to my own question with a possible solution.

      After reading one of the more detailed articles linked to the original, I think one solution is to agree as a matter of protocol that the receiver's report will consist of photons all polarized in a specific direction.

      The sender sends some random data to the receiver using photon polarization. The receiver randomly chooses polarizations and reports back to the sender its list of choices without polarizing (or using a consistent polarization). The sender then tells it which choices were correct (once again without polarization). At this point all subsequent data could be sent polarized using the bit pattern from the correctly chosen photons to determine the polarization pattern.
  • Click here - if you've got the same sense of humor as me you'll waste hours on this site! []

    Yes, I know its highly off-topic, but far more interesting than another theoretical quantum story... :)
  • So how does the intended recipient get the message without changing it?
  • by totallygeek ( 263191 ) <> on Sunday April 28, 2002 @05:35PM (#3425997) Homepage
    So, did the FBI poison the cat in the box?

    • Atleast I was told that Schroedinger was extremely worried about the state of the cat. The was some confusion wether it was still alive or not. FBI gave no comments... :)
  • I couldn't find the link, but there was another example of this that a professor at Harvard introduced about a year ago. The scheme was to have a satellite that did nothing but stream numbers to everyone all the time. So when someone would use a purely random number, at a random time, from the satellite to encrypt the message, at the same time the other user would also start recording the incoming numbers, and stop recording at the exact same time as the sender. Now they both have the key, and it was never sent, and due to the billions of numbers that are being sent from the satellite there is no feasble way to know what the key is, or to store all the numbers being sent.
  • Routing (Score:2, Interesting)

    by zaffir ( 546764 )
    The problem with quantum encryption, as i see it, is that nobody can read it without changing it. Routing data without reading it will be a real challenge. Or i'm a complete moron who hasn't read about this stuff enough.
  • > One can only wonder what the FBI will do.

    Keylog as usual

  • if a man in the middle can't read and resend the communications w/out fubaring it (ignore the possiblity of a man in the middle attack where the middle encrypts and decyrpts with both sides) how the heck does a quantum booster work w/out fubaring the signal?

  • by Muerte23 ( 178626 ) on Sunday April 28, 2002 @06:03PM (#3426086) Journal
    The holy grail of encryption these days is the instantaneous Vernam Cypher. Say you have two computers seperated by many km, with two fibers running between them (for each direction).

    First you take your bits and XOR them with your randomly generated One Time Pad. Then you send the encrypted text over one channel.

    NowNext to your computer you have a little box that generates entangled photons from some sort of parametric downconversion (one photons goes into a crystal and comes out two photons). These photons are (made to be) polarization entangled, meaning you don't know that their polarization is, but whatever it is, both photons share it.

    Now you take one of those photons and send it through a polarizer that you have rotated according to the appropriate bit on your One Time Pad. Then you see whether you get a photon or you don't, and send this information to your friend.

    Your friend receives the second of the photon pair, and runs a similar polarization measurement.

    Now, your friend has three pieces of information: (1) your cyphertext (2) the results of your polarizer pass and (3) the other entangled photon. Thanks to quantum mechanics, your friend can now decode the cyphertext based on the results of his entanged photon passing through the polarizer.

    The advantage of this system is that you need all three pieces of information to break the cypher, and the third peice, by the laws of physics, can only be measured once. If an attackers intercepts your communication, he might be able to read part of it, but you will instantly know that ther is someone tapping the line.

    The disadvantage is that you can't use any repeaters, as this will destroy the entanglement of your photons. You just have to have really good fibers.

    Sorry for the long-windedness, but a less technical explanation really leaves out the juice, and a more technical explanation goes into some extreme handwaving and diagrams.


  • hmm... how about this?

    What if a I place a device between the intended sender and receiver in such a way that it blocks the intended sender and receiver completely. I intercept a key exchange attempt from the sender and respond as any recipient would. I then have a quantum encrypted channel between myself and the sender. At the same time, I negotiate my own quantum encrypted channel between myself and the recipient. I can now receive data sent from one channel and send it to the other channel. This seems to negate the benefits of using quantum encrypted channels (unless one can somehow assure that I cannot totally block the actual transmissions between the intended sender and receiver).

    I suppose some kind of authentication needs to be incorporated into this technology to ensure you're establishing a session to the correct receiver.
  • Quantum computers will probably, within the next 20 or 30 years, render public-private key cryptography useless. Once that happens, only those who can afford Quantum cryptography will have the ability to communicate securely.

    It is at this point, ladies and gentlemen, that communication technology stops empowering the masses, and gives the wealthy yet another tool to consolodate and defend their power.

    • Quantum computers will probably, within the next 20 or 30 years, render public-private key cryptography useless. Once that happens, only those who can afford Quantum cryptography will have the ability to communicate securely.
      I don't understand how you are linking Quantum computers to the end of public/private key cryptography? Did you mean Quantum cryptography? Quantum cryptography only specifies a way to transfer a message in code. It does nothing in regards to breaking prior code. It still takes a great deal of resources and time to break message in public/private key code
      • I don't understand how you are linking Quantum computers to the end of public/private key cryptography?
        Nope, quantum computers, when they become available, will be able to crack public/private key crypto like a knife through butter.
  • They will get it banned, if the overreaction to PGP is any indication. One has to wonder as to whether we really live in a free country, when our government insists that we use insecure communications, just so they can tap them when they wish.

    Our government uses communications Joe Citizen can't tap. So should Joe Citizen have the right to use such technology for himself.
  • by zCyl ( 14362 ) on Sunday April 28, 2002 @07:32PM (#3426439)
    Quantum cryptography is a "key-growing" technology. The problem with quantum cryptography is that all scenarios begin with, "Given an authenticated connection." Well, in cryptography, the problem has almost always mandated authentication solutions, not key-growing solutions.

    If I can hand someone a secret key that will let us authenticate with each other, then I can just as easily hand them a dvd full of random data for perfect one-time-pad encryption of our communication. Any solution without authentication is no better than the original problem, because authentication reduces to the original problem of getting some secret information from one person to the other.

    To understand the problem, imagine this scenario. Alice wants to connect to Bob, so Alice establishes a quantum cryptographically secure connection with Bob. Wonderful, but what if Eve is sitting in the middle, and from the very beginning of the connection, Alice ACTUALLY establishes a quantum cryptographically secure connection with Eve, and then Eve establishes a quantum cryptographically secure connection with Bob. How do they know the difference? They can't, because individual photons are by the laws of quantum mechanics indistinguishable. There's no "signature" by which they can know who they're really talking to.

    All quantum cryptography does, is tell you when someone begins evesdropping on a connection that has previously been secure. There will be applications for such a means of secure communication, but without resolving the classic man-in-the-middle attack, quantum cryptography cannot be applied to the bulk of cryptography uses.
  • Quantum cryptography is great for securing one stage of the data transmission, but it's hardly perfect. For one thing people can't interpret quantum-encrypted photon streams, and so the machinery used to decrypt the quantum stream is still vulnerable to attack, as is the rest of the path from that machine to the reader's brain, including whatever wire, RAM, or CRT that involves.

    Of course the same goes on the transmitting end.

    Similarly, the one-time-pad that the QC system uses to encode the photons is vulnerable to attack or reverse engineering. (Note that this isn't highly likely, but likely enough to eliminate QC from being perfect.)

    All Quantum Cryptography does is make one link in the chain more secure. That's it.
  • by lkaos ( 187507 )
    I guess by first, they really mean second. []

    And as for worrying about what the FBI will do, I imagine that the FBI will just let the NSA (National Security Agency) [] do their jobs.

    Sorry, normally I don't complain but sometimes I just can't help it.
  • Unfortunately QC has some pretty fundamental limitations:
    • No amplification. Modern fibre optic networks use Erbium Doped Fibre Amplifiers (EDFAs) to boost the signals, especially on large networks using multiple wavelengths. Unfortunately the quantum entanglement can't withstand amplification.
    • Point to point only. A corollary of the above is that you can only have QC between one point and another which is not too far away (typically 100km of fibre).
    • This is not One Time Pad. For OTP you need key generation and distribution with the same bandwidth as your signal: for each bit of data you need one bit of key. QC is more suitable for key distribution for conventional symmetric cryptography. You might have a 10Gb link, and encrypt it with a 512-bit key that is changed once a second. Of course you can use the key data in OTP mode, but then your bandwidth is limited to your key distribution rate, which is usually several orders of magnitude lower than your potential data rate.
    • No authentication. Ultimately with QC you send photons down a fibre and receive photons from the other end. The only way that Alice knows that Bob is at the other end of the fibre is that she was told so. The only way around this is for Alice and Bob to share a secret authentication key before they start, which rather begs the question of how to distribute secret keys in the first place.


  • []

    The link supplied in the slashdot write-up requires Javascript. Javascript is bad. 'K?

"Everyone's head is a cheap movie show." -- Jeff G. Bone