Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Encryption Security

Quantum Cryptography: 100km Barrier Broken 194

jdfox writes "Toshiba Research Europe have just demonstrated quantum crypto over 100km fibre links. Sounds like there's still a fair bit of work to be done before it leaves the lab, but it's amazing that they've got as far as they have. There's another article about it, though still not much technical detail, here on the BBC and here on The Register."
This discussion has been archived. No new comments can be posted.

Quantum Cryptography: 100km Barrier Broken

Comments Filter:
  • by Anonymous Coward on Saturday June 07, 2003 @02:37PM (#6139552)
    >100km fibre links...there's still a fair bit of work to be done before it leaves the lab

    That must be a big lab! Or maybe they had 100km of fibre and they just looped it round and round and round. ;)
    • Re:That's a big lab! (Score:3, Informative)

      by FPCat ( 646737 )
      That's how it's done in the labs of Fiber Optic equipment vendors!
    • Re:That's a big lab! (Score:5, Informative)

      by mrand ( 147739 ) * on Saturday June 07, 2003 @03:23PM (#6139735)
      > That must be a big lab! Or maybe they had 100km of fibre
      > and they just looped it round and round and round. ;)

      Fiber without the colored "protective insulation" takes up surprisingly little space, and weighs next to nothing. 100km of fiber could be picked up by with one hand if mounted on single spool.

      In our lab, we have four fiber spools (two 20km and two 40km) that can be connected together to create various distances. Each is mounted in a plastic case that is about a foot in diameter and 4 inches wide.
    • That must be a big lab! Or maybe they had 100km of fibre and they just looped it round and round and round. ;)

      Needless to say I got a little dizzy.
  • by Gortbusters.org ( 637314 ) on Saturday June 07, 2003 @02:37PM (#6139555) Homepage Journal
    Communication with quantum cryptography is inherently secure because it takes advantage of the physical properties of single photons. In the technique, each transmitted bit of a cryptographic key is encoded upon a single photon.

    The sender and recipient each have a key to decode the photon stream, but any attempt to hack into the link and capture the key is doomed to failure as it alters the quantum state of the intercepted photons. These changes are easily detectable, revealing the presence of the hacker.
    • article (Score:2, Informative)

      by CowBovNeal ( 672450 )
      At the CLEO in Baltimore, researchers describe a record-breaking âunhackableâ(TM) link.

      UK researchers have broken the distance record for quantum cryptography, the optical technique that enables âunhackableâ(TM) communication along an optical fiber.

      Andrew Shields and colleagues from Toshiba Research Europe, UK, revealed their record-breaking link, which reaches over 100 km, at the Conference on Lasers and Electro-Optics (CLEO) in Baltimore, US.

      âoeAs far as we are aware, this is t
    • Any attempt to hack into the link must not be passive as it alters the quantum state of the intercepted photons.

      If the sender is capable of generating photons with an arbitrary quantum state, so is the hacker. Obviously this will block attempt to merely split the signal, but why not just observe and then retransmit new photons with the original state?

      I'm sure it's just an oversimplification by people who don't know what the researchers where talking about...why does this help anything?
      • by jfern ( 115937 ) on Saturday June 07, 2003 @03:47PM (#6139814)
        A quantum state on a single qubit looks like this:

        a|0> + b|1>,

        where |0> and |1> are vectors, and a and b are complex numbers, and the total vector has a magnitude of 1. When we measure the state, it collapses into the |0> vector with probability |a|^2 and into the |1> vector with probability |b|^2. And of course |a|^2 + |b|^2 = 1.

        So the hacker won't know what the arbitrary quantum state was. Observing the photon destroys the original state.
        • This is strange. How can the intended recipient know what state is if the hacker can't?
          • by Peaker ( 72084 ) <gnupeaker.yahoo@com> on Saturday June 07, 2003 @06:07PM (#6140251) Homepage
            (This may be inaccurate as I'm recalling it from what I read in Simon Singh's "The Code Book", but I hope it explains the point.)

            The idea is that you can measure the photons with only partial accuracy, and according to the setting of the measuring instrument. For example, if sending a photon in state Y, the measurement does not yield: "The photon was in state Y", but instead "The photon was probably in state X but maybe in state Y or Z, and not in state W.". Another measurement configuration could yield: "The photon was probably in state Y but maybe in state X or W, and not in state Z."
            The "hacker" does not know the measurement configuration at the receiver and may try some arbitrary configuration of his own.

            The problem is, when receiving the measurement result, for example that the photon was probably in state X, trying to retransmit it as X may be picked up as inconsistent at the real receiver's.

            The measurement configuration itself for each bit can be agreed upon by a negotiation stage where a bitstream is sent accross random configurations of both the sender and receiver and then publically agreeing which bits of the sequence to use (knowing they have matching configurations, not letting a "hacker" enough information to know what configurations those are - leaving him with impossible guesswork).
          • Not that easy to make it brief, but I'll give it a shot.

            The sent bit is polarized as either vertical(1)/horizontal(0) or the two diagonals as 1/0 in a same way. If you try to measure weather it's vertical/horizontal, but the sent bit was one of the diagonal polarities you get randomly 1 or 0. And naturally if you try to measure the correct polarities you get the intended bit 1 or 0.

            The receiver can measure the polarity in of those two different ways. Upon receiving he picks the polarity measurement of cho
      • by Ryan Amos ( 16972 ) on Saturday June 07, 2003 @04:26PM (#6139938)
        Barring what the other poster said, you can also predict transmission times over fiber VERY accurately. Any time spent processing the photon information to create a new photon to retransmit would be longer than the total transmission time. This would be easily detected.

        I have another interesting question though.. Would it be possible to combine this with the "laser teleportation" technology demonstrated earlier this year to have a REALLY secure wireless link? If so, 30 years from now, all communications might be so secure that we wouldn't have to worry about eavesdroppers.
        • If so, 30 years from now, all communications might be so secure that we wouldn't have to worry about eavesdroppers

          Nope. I mean, it wouldn't be so expensive today to encrypt point-to-point links with a stream cipher. But the problem is, it has to go through a router at some point. And you just have to put a bug in the router, have it copying traffic... this stuff is multi-stage, there's no way you could tell if the router were hacked/bugged from the timing.

          I think if you're going to fantasize about a f
    • If I'm sending secret information down the link, how does it help me if I know somebody is watching it as it goes past? Haven't they already got the information at that point?

      Sure, perhaps I could send some sort of ping down the line to determine if anybody is watching before I start transmitting. But how do I know if they join at an arbitrary point in my transmission?

      • check every photon for tampering? If they get one or two, big deal, plus aside from tampering, they still have to actually decrypt the data at this point, and they aren't likely to have gotten much data... you also know exactly what data they could theorectically have gotten (assuming their tampering yielded results).
        • You check certain random qubits for tampering. There may be random errors in tramsmisson, so you're ok if the number of qubits that had changed is low. The hacker (generally called "Eve") needs to read a fairly high amout of the qubits to be able to decrypt the message. If enough qubits are different, you assume that someone is evesdropping, and try sending the key again later.
      • > Haven't they already got the information at that point?

        What you can do to prevent this is the following:

        1. select a random key
        2. transmit the random key to your partner
        3. check if the transmission has been tapped by an attacker. if yes, go back to 1.

        4. encrypt all following data with the key (which is not known to the attacker)

        The transmission is as secure as the weakest of the following items:

        - encryption algorithm
        - random key selection process
        - "check if tapped" procedure (
    • But surely you'd only go to this effort for something really secure?

      Which means a DOS attack of trying to listen in, distrupting the schemes is a good thing to do?

      And of course if your cable is 100KM long you've got literally hundreds of locations to hack/check for breaches?

  • assumptions (Score:5, Insightful)

    by Photon01 ( 662761 ) on Saturday June 07, 2003 @02:38PM (#6139560)

    From the Register article:

    Ultimately, quantum cryptography seeks to deliver a method of communication whose secrecy does not depend upon any assumptions.

    Dosent quantum cryptography depend on the assumption that it is impossible to copy this stream of encoded photons without leaving a trace?

    • That's not an assumption... it's, um, a fact. :)
      • Re:assumptions (Score:4, Insightful)

        by djpig ( 642803 ) on Saturday June 07, 2003 @02:50PM (#6139616) Homepage

        Hmm, physical laws are actually not facts...

        They are more best explanations for which no counterevidence exists yet or explanations that describe the problem as good as needed

        • Hmm, physical laws are actually not facts...

          They are more best explanations for which no counterevidence exists yet or explanations that describe the problem as good as needed


          That can be called a), but you really shouldn't forget :
          b) they give predictions that can be measured

          For any scientific theory it's equally essential that it both explains and predicts. Otherwise we wind up into the domain of undisputable explanations, e.g. "it was God's will".

          Perhaps you refered to that as best explanation, but
    • Re:assumptions (Score:5, Interesting)

      by BlueWonder ( 130989 ) on Saturday June 07, 2003 @02:53PM (#6139628)
      Dosent quantum cryptography depend on the assumption that it is impossible to copy this stream of encoded photons without leaving a trace?

      Yes. However, quantum mechanics is an extremely well-established theory.

      As a physicist, I'm reluctant to call anything a fact. However, just because I cannot prove that (say) gravity won't cease to exist tomorrow morning, doesn't mean I live under the constant fear that this might in fact happen. Much in the same way, I'm confident that nothing is wrong with quantum mechanics.

      • well (Score:3, Interesting)

        by Trepidity ( 597 )
        You should probably be confident that something is wrong with quantum mechanics. Being confident that it's 100% correct would be like being confident 300 years ago that Newtonian mechanics was 100% correct. There's always something that turns out to be wrong.
        • Re:well (Score:4, Informative)

          by BlueWonder ( 130989 ) on Saturday June 07, 2003 @06:27PM (#6140333)

          Newtonian mechanics is still correct - in the limit of small velocities (compared to the speed of light). Relativity hasn't invalidated Newtonian mechanics, but shown that it (Newtonian mechanics) is a special case in a more general theory.

          I don't assume that quantum mechanics is the ultimate theory; in fact, it isn't today (think quantum field theories). But I do assume that any (existing or future) theory cannot contradict quantum mechanics, but must contain it as a special case.

          • At any velocity Newtonian mechanics is incorrect; the reason it's not a problem at small velocities is that the error term is very small. But if you were to make measurements to arbitrary precision, Newtonian mechanics would give you wrong results at any speed.
      • Yes. However, quantum mechanics is an extremely well-established theory.

        "Ah! Quilebrium physics. An atom state is indeterminate until measured by an outside observer."

        "We call it quantum physics. You know the theory?"

        "Yeah, I've studied it... it among other misconceptions of elementary science."

        (bonus points to the first person to name the reference)
    • Re:assumptions (Score:2, Interesting)

      by dunkstr ( 513276 )
      Well it only relies on the assumption that Quantum Mechanics as we know it is a valid theory. The "no-cloning theorem" proves mathematically (from first principles in QM) that you can't duplicate a quantum-bit without destroying the original.

      So called "noisy-cloning" techniques exist, but they would be detectable in any decent quantum-crypto technique. I imagine the only way you could intercept the signal is to find a heretofore unknown theory that supersedes QM somehow (which the brightest minds have be
    • Dosent quantum cryptography depend on the assumption that it is impossible to copy this stream of encoded photons without leaving a trace?

      Yes; but this is a provable consequence of the laws of quantum mechanics. It's known as the no cloning theorem [wikipedia.org].

      Terry

    • No more than not tying yourself down before going to sleep at night depends on the assumption that gravity won't turn itself off sometime during the night.
    • It depends on the assumption that you're actually getting all the protection that the physics promises.

      Bluewonder did a good job of explaining how reliable the physics is, but any security geek will look for ways to change the problem to one where the theory doesn't apply any more.

      I once had the privilege of attending a talk by Shamir in which he mentioned in passing a detectable but terribly simple attack on quantum key exchange. Mallory simply shines a bright light pulse backwards onto the transmitter.
  • I mean, I don't know many labs that are 100km long. I've heard of mile long labs at NASA or the NSA or somewhere, but not 100km.

    Bleh, sorry for the lame joke, I'm drunk.
  • put in a repeater (Score:2, Interesting)

    by Thinkit3 ( 671998 ) *
    Sample the photons and generate new ones of the same type. Well I know I'm just another /.er commenting on math and physics matters knowing barely anything about it, but couldn't it work?
    • Re:put in a repeater (Score:4, Interesting)

      by Qzukk ( 229616 ) on Saturday June 07, 2003 @02:51PM (#6139620) Journal
      I'm not sure whether this would work or not (since you reading the photon is what changes its spec... you'd be reading the new version of the photon, I'd think and would need the original key to put it back the way it was...)

      But without pretty spiffy splicing techniques, how long do you think it would take to get that repeater inserted into a fibre link? When I was in college, a friend of mine got a job fusing splices in fibre optic lines with a special machine, and it still took him several minutes per splice once he got good with it. The other end is going to know something's up when the fibre goes dark for more than a few ms...
    • Re:put in a repeater (Score:5, Informative)

      by aliens ( 90441 ) on Saturday June 07, 2003 @02:52PM (#6139623) Homepage Journal
      If I remember my research correctly, you can't sample the photons without changing their state. Thus it's not possible to generate new ones. If it were possible the entire idea would goto shit as a man in the middle could just intercept everything and regenerate new ones without being caught.
      • If you can't sample protons without changing their state, how do you know the original state? If the answer is that you know what the state was before it was altered, then obviously you know the original state and can replicate it. The idea just doesn't seem to make sense in that the whole theory rests on the fact that no one knows what the state is. If the eavesdropper can't read the state there is no way that the recipient can either.
        • If the eavesdropper can't read the state there is no way that the recipient can either.

          I'm not sure you read the article, but the eavesdropper CAN read the message. The thing is that while he 'checks' the photons, he change their state.

          Let's compare it with logical circuits:
          In a logic circuit, the area somewhere between 0.0 V and 0,9 V (depends on what circuit, actually) is defined as a logical zero... The area above 1.5 V is positive (assuming 5 V circuits, voltage above 5 V might burn it out)... So,
        • The part of the quantum crypto key-exchange that is often overlooked is that everything happens potentially in a public way. Once photons are sent over the quantum channel, the sender and receipient have a PUBLIC conversation about what happened. More specifically, the recipient tells the sender which basis was used to measure a cubit. The sender tells the receiver which photons were measured with the correct basis. Note that neither side has said wether the value ultimately was a one or a zero.

          Further
    • Re:put in a repeater (Score:5, Informative)

      by Hanji ( 626246 ) on Saturday June 07, 2003 @02:54PM (#6139633)
      As I understand it (and I may be completely wrong), you can't, because it's impossible to actually measure the photons exactly - you can only gain knowledge about certain characteristics of them, in a process which irreversibly alters their states. This is (part of) what makes it impossible to listen in on a quantum transmission undetectably.

      Think about it - if this were possible, an unwanted listener on the line could sample the stream, and then generate two streams - one back along the line, and one into his own recorder. Since quantum communication apparently makes this impossible, the answer should be no, whether or not my understanding of the situation is exactly correct.
    • Re:put in a repeater (Score:4, Informative)

      by Yarn ( 75 ) on Saturday June 07, 2003 @02:58PM (#6139645) Homepage
      You can't measure the exact polarisation of a photon. The photon always either passes or doesn't pass. As you can't measure it, you can't duplicate it.

      When A & B communicate A first sends the stream of photons using two types of polarisation (typically horizontal/vertical-linear and left/right-circular), and B measures randomly in the two different schemes. When the polarisation is measured in the wrong scheme the outcome is random.

      The trick is that A & B now communicate over an insecure circuit and agree to throw away data where B was using the wrong scheme. They now have a clean stream of bits to use as a one time key over their insecure circuit.
      • Re:put in a repeater (Score:3, Interesting)

        by Yarn ( 75 )
        I forgot the mention the eavesdropper, E. S/he doesn't know which schemes are in use, and she can't validate her scheme with the sender, so her data's useless. It also interferes with the stream such that the interference can be detected statistically.

        Slashdot doesn't allow me to post the maths, but I'm sure you can google for it.
        • Re:put in a repeater (Score:3, Informative)

          by jetmarc ( 592741 )
          > I forgot the mention the eavesdropper, E. S/he doesn't know which schemes are
          > in use, and she can't validate her scheme with the sender, so her data's useless.

          The point is that, after the data has been transmitted to B, B will announce
          "I have read bit 0 with method #2, bit 1 with method #2, bit 2 with method #1" etc.
          A then knows what information B has. The attacker E doesn't. She knows only
          those bits where she (luckily) read the bits with the same method as B.

          Statistically, she knows only 50% o
          • This may be wrong, but I'll mention it anyway.

            Consider this scenario:
            A --> B is intercepted by E, who responds to A (and thus gets 100% of the information). There is now essentially an A E connection, but A things he's talking to B. E then sets up a connection to B, pretending to be A, and retransmits the data.

            It seems to avoid this requires some sort of host-identity verification mechanism.
            • Yes, if you are able to cut everycommunication between both sides and put yourself in the middle, acting as being the other to both sides, then there's no communication protocol possible which could prevent that.

              Now, this is of course an authentication problem, and can only be solved by having either secret shared knowledge, public key authentification, or (nearly) unreproducable characteristics (like, knowing how somebody looks, if you meet him in person).

              One way would be to have a classical one-time pad
    • it's the kind of thing that keeps morons up at night thinking they can invent perpetual motion.

      +1 cent.
    • Re:put in a repeater (Score:5, Informative)

      by jetmarc ( 592741 ) on Saturday June 07, 2003 @04:34PM (#6139956)
      > Sample the photons and generate new ones of the same type.

      You can't.

      The sender assigns two bits of information to each photon. However, you can only
      measure one. This is similar to the Heisenbarg relation of uncertainity, where
      you can EITHER measure the position OR the impulse of an electron.

      The sender generates a long stream of random information. The receiver reads
      in either way, according to (other) random. An attacker would not know in which
      way the receiver has read the information. However, if the attacker has read
      the photons himself, he has destroyed every other bit. Thus, about 50% of the
      bits that the receiver gets, are wrong. This is easy to detect.

      As a result, you can't passively tap such a communication line. The only thing
      you can do, is to impersonate the receiver, so that the sender communicates
      (untapped) with the attacker. The attacker could then establish a second (also
      untapped) channel to the original receiver, and relay all data back and forth
      on the logical level.

      This is called a man-in-the-middle attack, and works for many crypto systems,
      not just quantum.

      There are crypto protocols that try to prohibit this attack. PGP for example
      relies on the "web of trust" with signed public keys. HTTPS/SSL uses CA's
      who sign certificates.

      The quantum communication channel does not solve this problem. It solves another
      problem: it enforces that the channel can not be tapped without being noticed.

      Marc
  • by Schlemphfer ( 556732 ) on Saturday June 07, 2003 @02:40PM (#6139576) Homepage
    From the summary:


    Toshiba Research Europe have just demonstrated quantum crypto over 100km fibre links. Sounds like there's still a fair bit of work to be done before it leaves the lab...


    How could it not have left the lab? Is Toshiba's lab 100KM long? That's a pretty huge lab!

  • Awesome! (Score:4, Funny)

    by HornyBastard77 ( 667965 ) on Saturday June 07, 2003 @02:43PM (#6139587)
    Imagine, all you will need for you own photon ray gun/torpedo is a network cable with signal. Looks like the geek shall inherit the earth after all.
  • a bit unprecise ... (Score:5, Informative)

    by Anonymous Coward on Saturday June 07, 2003 @02:43PM (#6139590)
    In the technique, each transmitted bit of a cryptographic key is encoded upon a single photon.

    Actually it is not completely true, you cannot guarantee that you send out a single photon. Indeed, you don't. You try to approximate a single photon source by using weak laser pulses, but this does not mean you always send out a single photon (sometimes you send out more, sometimes you do not send out any at all). But every security proof consider the fact that you are able to send single photons (which is highly not trivial)

    Actually this fact makes most implementations of quantum crypto protocols insecure to a class of attacks (PNS), even though they would take place in a very unrealistic framework (but you have to consider them).
    • An important note (Score:3, Interesting)

      by jfern ( 115937 )
      If there are several photons in the same arbitrary state, you can by measuring the qubits in different basis each time, come up with an approximation to the actual quantum state. If there are a 1000 of these photons, then basically we aren't gaining anything by having our information in Quantum form. So you want to avoid sending many duplicate photons for many of the states that you are sending.
  • I attended a talk by the head of the RLE lab at MIT a few weeks back. They are working on quantum entanglement and quantum teleportation as means of delivering quantum information over classical "internet" networks. The hitch is that they need an entanglement source to distribute entangled electrons to both ends of a connection...
  • If the US(TM) Government(R) goes ape shit over the fact that its citizens can use 128bit encryption, what are they going to do about unhackable photons!

    This is great news for privacy. Sure, if Scully and Mulder want your box, they put a camera in your house, sniff the keyboard for the pw, or just take it via a warrent issued from a Judge who stamps his approval on anything that involves encryption and terrorism.

    Overall, great for privacy. I sure as hell want Citibank using this on all their ATMs, Visa on

    • We just have to pray this gets widespread into consumer hands before uncle sam catches on and outlaws it.
      • Lucky for us, Toshiba isn't a US company. And we'll see more of this (extra-US technological innovation) as time goes by. How many years until Bush finishes converting all science classes to bible study lessons?
    • by jez9999 ( 618189 ) on Saturday June 07, 2003 @03:22PM (#6139731) Homepage Journal
      Actually, I think this means fuck all for the individual citizen's privacy. As it requires an unbroken fibre all the way from party A to party B, it would indeed only be appropriate for things like banks to use. Big deal. Think the government wants to spy on the minutia of your bank account? Think that, if they did, they'd have to hack the bank's network to do so, rather than just requiring it in law?

      Where it may have helped is over something like the internet... if an 'unhackable' transport method could be developed, privacy would greatly be benefitted. But as the internet inherently requires data streams to be intercepted and forwarded, usually many times over, this method will do nothing to help regular privacy.
    • I sure as hell want Citibank using this on all their ATMs, Visa on the card readers, etc.

      I don't think this will help banks very much.

      It just gives Slammer/Bugbear/etc. a faster and cooler (but not at the same time) means of propagation.

  • IANAQP, but it seems that if the intended receiver can decode the photons, any person in the middle could also decode the same photons and retrieve the message.

    The key point here is that by observing them, the person in the middle changes their quantum state, thus making it immediately obvious to the intended receiver that the channel is insecure. So depending on the delay between the receiver determining this, and indicating to the sender to halt transmission, someone could still capture at least some da
  • fabric of reality (Score:5, Interesting)

    by jest3r ( 458429 ) on Saturday June 07, 2003 @03:06PM (#6139674)
    I was re-reading the Fabric of Reality (David Deutsch) ... which essentially covers Quantum interference / computing (with the arguement that Quantum computing is a result of multiple universes coming together and interfereing with one another) ... In any case this may be a little bit off topic ... but the book echos 'The Matrix Reloaded' in many ways ... Deutsch describes an 'Oracle' who knows everything ... A Virtual Reality machine that interfaces with the brain (even a picture that looks like something out of the Matrix) ... a multiverse (worlds within worlds etc..) ... and a Universal Virtual Reality Generator that can essentially recreate the environment we live in ... in real time. This book pre-dates the original Matrix by a year.
  • by Anonymous Coward
    These guys in Switzerland [idquantique.com] even sell devices to do quantum crypto.
  • While I will make no claim to understand a good bit of this technology, what sort of applications currently need such a link (and can justify the need to spend the undoubtably huge wad of cash)?

    What would need more than conventional encryption with huge keys at the moment?

    Note that I stress "currently". Its pretty clear that a good ways down the road either computers will brute force 2048 bit keys in a few seconds or a way to factor huge primes will come along.
  • by Anonymous Coward
    Why does the observation of the recipient change the quantum state of the photons, thereby making it unreadable to the recipient too?
    • Simple... (Score:3, Informative)

      by rmdyer ( 267137 )
      You can't observe a photon without absorbing it. Once you've observed it, you've destroyed it. Atoms exchange energy by absorption and re-emission. The photon is either absorbed, or not, there's no in between. It's like binary.
  • Key Distribution (Score:5, Informative)

    by Luk Fugl ( 586096 ) on Saturday June 07, 2003 @03:36PM (#6139768) Homepage
    A description of quantum cryptography resides at Dartmouth [dartmouth.edu] (http://www.cs.dartmouth.edu/~jford/crypto.html). The real advantage of quantum cryptography is in the generation of a secret key for use in secret-key encryption (128- or 256-bit or whatever). From the above mentioned site:

    "In secret-key encryption, a k-bit ``secret key'' is shared by two users, who use it to transform plaintext inputs to an encoded cipher. . . A key of 128 bits used for encoding results in a key space of two to the 128th (or about ten to the 38th power). Assuming that brute force, along with some parallelism, is employed, the encrypted message should be safe: a billion computers doing a billion operations per second would require a trillion years to decrypt it. . .

    "The main practical problem with secret-key encryption is determining a secret key. . . A possible solution is to agree on a key at the time of communication, but this is problematic: if a secure key hasn't been established, it is difficult to come up with one in a way that foils eavesdroppers. In the cryptography literature this is referred to as the key distribution problem. . .

    "Quantum encryption provides a way of agreeing on a secret key . . ."

    Through the use of random quantum polarizations of the photons and public (unencrypted) discussion of these measurements and their accuracy, the two communicants can determine a shared secret key without an eavesdropper knowing the same info. They then use this key to do standard encryption. A demo of this process can be found here [dartmouth.edu] (http://www.cs.dartmouth.edu/~jford/crypto.html).
  • It has been proven that Quantum Cryptology is secure provided that someone doesn't steal your qubits and the axioms of Quantum Mechanics hold.
    • by Anonymous Coward
      No, someone can steal your qubits, it is not a problem!

      The problem is, the name Quantum Cryptography is misleading. Actually, this is a key agreement.

      Suppose Alice and Bob wants to share a common secret key. To do this, they have to agree on some common shared bits. If qubits are stolen, then Bob does not receive a them, so this does not bring any problems (because they both see the qubits have been stolen, they simply do not use them to generate the key). As long as they have more correct bits than the e
  • If i'm eavesdropping on a quantumencrypted connection to gain some highly sensitive information then i could not care *less* if they can only see that i was listening in... Sometimes all that matters is that you actually get the information, whether anybody knows i found out or not is not important.

    On a different note: do the photons change state just before you intercept/read them, while you're reading them or after you've finished reading them? I would assume the latter, otherwise the recipient also won't

    • You might not care if they see you are listening in. but what if they are exchanging secret keys for normal encryption over the quantum channel? Then you care.. because if they know their key exchange was compromised, they won't use those keys.. that's the kind of thing this is for.

      As for when they change state, they change state when you are observing them (say, when they hit a detector). An observer in this case is no different than the desired recipient.... it's just that once you receive it, you canno
  • I know quantum encryption is supposed to be the next big thing in cryptography, and make up for all the damage that quantum computers are supposed to do, but I just don't see it. Who has fibre all the way from them to their friend?

    And encrypting each hop from me to my friend seems to hardly help at all. Now instead of the evesdropper being able to put a probe on any of the wires, they have to break into one of the routers. But really, who ever heard of someone stealing credit card numbers by digging up cab
    • At least, it makes for realy cool movie dialogue:

      "Sir, I can't hold up this hack for long! I'm starting to loose quantum state! The photon stream is disrupting! ... too late... they have detected us."

      More seriously... At least it removes the snooping factor that plagues some authentication schemes.
      --
      jpa
  • guess I have no idea how this works then. What is the big difference between sending generic what~have~you "data" over vast distances with fiber optics and sending "quantum encrypted" data, that makes this distance limit? I read about the turbo charged photons in the article, still makes no sense to me, aren't all the data streams with fiber based on photons anyway? Is it of an acceptable loss limit thing (zero acceptable?), or what?

    thanks in advance to anyone who can explain this for us pea brains

    slashdo
    • It's because fiber optic lines usually just spew photons, because they don't need quantum effects. QC lines ideally go one photon per bit, which makes them more vulnerable to increasing error rates as they get longer. I say ideally because as has been pointed out, that's not exactly possible, but it's what they try for.
  • by jjeffries ( 17675 ) on Saturday June 07, 2003 @04:31PM (#6139951)
    "now we are sure -- the cat is dead"
  • I thought that quantum cryptography was the following:

    Location A has a proton that is spinning in one direction while Location B has another proton from the same atom which is also spinning in the same exact direction at the same speed as the result of some sort of natural phenomenon.
    When one location shoots the proton with a beam of some sort to make it spin in the other direction at a different speed the proton at the second location starts to do exactly what the proton at the first location was doing th
    • What you're talking about is not quantum cryptography, it's another facet of the spin of some of these sub atomic particles.

      Quantum cryptography uses the idea that each proton is a bit of data. If someone was to read that proton, they would be removing the proton, and cause a problem in the transmission. If someone read that proton and tried to copy it, there would be a relatively large latency in the transmission. Etc.

      If I remember correctly the type of quantum behavior that you are describing wasn't a
  • I've googled (google'd?) around a bit but can't find a clear answer to this question, provided it exists: Can a quantum computer do what a classical computer can't? Now, from what I've gathered, a machine based on qbits can make intractable problems tractable. What would take billions of years to compute can be done in seconds. But what I want to know is if quantum computing can reach beyond the limits of a Turing Machine. However simple they may seem to a child, there are problems my Athlon could never sol
  • by mindstrm ( 20013 ) on Saturday June 07, 2003 @06:08PM (#6140259)
    Why was 100km a barrier in the first place?
    Or is this just the first time someone bothered to try this over the distance in question.
  • So the concept here is that if I try and passively read the photons during transport I will destroy them making it obvious too the other end that I have been listening.

    However would it not be possible to simply insert a system between the two hosts (A & B) that are trying to transmit and then have your device pretend to be system B to system A and pretend to be system A to system B. This should ensure that it is possible to get all of the data transmitted. A tad more complicated than doing it passively
  • The detail the "quantum-crypto-oil" salesmen usually omit is that processing of the entangled photon data requires a post-processing step where the two sides get all their data in one place and perform coincidence filtering, which makes the whole "secrecy" hopla of the 100km fiber slightly redundant.

    Check for example the quantum cryptography setup description on a resarch page [univie.ac.at]:
    • Post-Experiment Key Generation

      Only after a measurement run is completed, Alice and Bob compare their lists of detections to e
    • Well, the point is they only compare what they measured, not the outcome of the measurement. I.e. Alice says: "I measured vertical, then diagonal, then twice vertical, then ..." and Bob says "I measured twice diagonal, then vertical, then diagonal, then ...", and then they throw away those where they measured in different directions. However, the key is generated from the result of the remaining measurements (in each case "passed" or "did not pass"), which they do not transmit.

      Example:
      Alice measures: v1 d1
      • Without the full data (results, directions & time windows) you cannot establish that the state you are measuring is the proper entangled state. The rejections of invalid pairs in these types of measurements is based not only on the selected directions (this doesn't even come up in lab experiments since the directions are predefined) but also on the outcomes. The "wrong" outcomes within the same window (and the same direction) indicate "accidental concidences," and these get thrown away as well.

        Without
  • PGP-type encryption:
    1. P(x) is a function representing a public key, where x is a message and P(x) is the encrypted form of that message using key P().
    2. Analogously, S(x)is a function representing a secret key.
    3. P and S are chosen so that P(S(x)) == S(P(x)) == x.
    4. The general case of S(x) cannot easily be determined by inspection of P(x).
    5. Each person's secret key S is known only to themself, but their public key P is disseminated.
    6. Alice encrypts a message to Bob by sending Pbob(x). Bob evaluates Sbob(Pbob(x))
    • You have a few parts of it wrong. One nice thing about quantum cryptography is that it lets you detect eavesdropping. If someone is eavesdropping you simply start over. Also, in step 5 the conversation can be overheard with no ill effects, since what they are communicating doesn't contain enough information to derive their key. Alice can simply say which polarization she used and not what she sent. Bob knows what he received, so he doesn't need an more than that to know what she sent. This is, of cour

"Of course power tools and alcohol don't mix. Everyone knows power tools aren't soluble in alcohol..." -- Crazy Nigel

Working...