Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Encryption Security Technology

New Quantum Cryptography Speed Record 221

Roland Piquepaille writes "Physicists from the National Institute of Standards and Technology (NIST) have established a world's speed record for 'unbreakable' encryption with their cryptographic system based on the transmission of single photons. With this kind of method, messages cannot be intercepted without detection, meaning transmission is always safe. The NIST 'quantum key distribution' (QKD) system was used between two buildings located 730 meters apart for transmitting a stream of photons at a rate of 1 million bits per second. While it might not look very fast, its 100 times faster than with previous quantum distribution systems. This overview contains more details and references about information theory."
This discussion has been archived. No new comments can be posted.

New Quantum Cryptography Speed Record

Comments Filter:
  • Always? (Score:4, Insightful)

    by mrgrey ( 319015 ) on Monday May 03, 2004 @07:58AM (#9039370) Homepage Journal
    meaning transmission is always safe

    Always is a powerful word. Nothing is totally secure.
    • Re:Always? (Score:5, Insightful)

      by Anonymous Coward on Monday May 03, 2004 @08:02AM (#9039392)
      Indeed, but if it were possible to eavesdrop without detection, implications for physics would be just as great as for cryptology.

      Ya cannae change the laws of physics
      - Scotty, Chief Engineer

      • QC and evesdropping (Score:4, Interesting)

        by some guy I know ( 229718 ) on Monday May 03, 2004 @08:41AM (#9039669) Homepage
        eavesdrop without detection
        Even if you can detect the evesdropping, by that time, it's too late; the evesdropper already has part of the message.
        Granted, it's only a single bit, but it might be the most important bit of the message.

        More seriously, depending on the protocol, the evesdropper may be able to intercept many bits before the intrusion is detected.
        For example, if TCP/IP is implemented over the QC stream, the intruder may be able to get an entire packet before the receiver sends a "Stop; we're being evesdropped!" message back to the transmitter.
        (Maybe more, with TCP/IP's sliding window.)
        If the entire message fits in one packet ("Attack at dawn."), then the message has been compromised.
        One way to avoid this would be to use a comm layer lower than TCP/IP that ACKs each bit, but this could be slow.
        Another way would be to use the QC channel to exchange very large keys, then use them in another encryption layer if eavesdropping has not occured during key exchange.
        • by OblongPlatypus ( 233746 ) on Monday May 03, 2004 @08:51AM (#9039771)
          But if you sent "attack at dawn", then realized an enemy had been eavesdropping, wouldn't you just attack at dusk instead?

          Then again, the enemy would know that you knew he was eavesdropping, so he might anticipate that...

          Somehow, this reminds me of Vizzini.
        • by Anonymous Coward on Monday May 03, 2004 @08:52AM (#9039782)
          Your last paragraph is the way that QC is actually used (or so I have read in some random QC article):

          (1) Sender generates long random key
          (2) Sender transmits key
          (3) Receiver receives key
          (4) Received acks that the key has been received securely
          (4A) Design of a secure "ack" channel is an interesting question, don't know the answer for that off the top of my head!
          (5) Sender computes (message XOR key)
          (6) Sender transmits (message XOR key)
          (7) Receiver receives (message XOR key)
          (8) Receives computes ((message XOR key) XOR key) == message
          • by Karhgath ( 312043 ) on Monday May 03, 2004 @07:19PM (#9046796)
            The actual way it works is the following. (simplified to bits instead of qubits for the sake of simplicity, and I probably forgot some details here and there)

            1) Alice generates a random number of bits.

            2) Bob generates a random number of bits.

            3) Alice sends bits sequence to Bob, and Bob reads them, noting the place where both are equal.

            4) Bob tells Alice every place the bits are equal, over a CLASSICAL channel.

            NOTE:
            This is the part that needs understanding. The proof that you cannot evesdrop is as follow:

            4a)If the bit that Alice sent is the same as Bob, but was intercepted at 3), Bob will see it as different, so the bit will be discarded.
            4b)If the bit that Alice sent isn't the same as Bob, but was intercepted at 3), Bob will register it as the same and will try to use it. See 5).

            5) Alice and Bob test a couple of bits to check the integrity, over a CLASSICAL channel. This is the critical part, you need a big enough sample to prove that it is equal, but not too big so that the attacker knows too much about the key. The sample needed isn't actually that big. If you have one bit wrong, it was eavesdropped or corrupted along the way. If you do not detect any wrong bit, it means that the attacker doesn't have much information about the key, if at all. If 4b) happened, this part will detect those 'bad bits' with accuracy.

            6) Alice encrypt the message with the key and sends it to Bob as if it wasa one-time pad.

            If you want more info about quantum computing, see a introduction by one of the forefathers of quantum computing, Gilles Brassard, who I had the joy to have a class with.

            http://www.iro.umontreal.ca/~brassard/SSGRR.html
        • by gpinzone ( 531794 ) on Monday May 03, 2004 @09:51AM (#9040332) Homepage Journal
          Even if you can detect the evesdropping, by that time, it's too late; the evesdropper already has part of the message. Granted, it's only a single bit, but it might be the most important bit of the message.

          No, no, no, no. All you're sending is the key. If the key is compromised, all you have to do is throw that key away and send another key. No actual data from the message is sent. Once the key is received, and you know it hasn't been comprimised, you can send the encrypted data through any unsecure channel you like at any speed. You could cache the keys in advance so the transmission can be unaffected by a DOS attack on the quantum transmission.
        • by iabervon ( 1971 )
          Actually, this doesn't work for anything other than key distribution anyway, because half of your bits will be lost due to guessing the mode wrong (let alone noise, interference, etc). If you were actually trying to send a message, you would have to contend with a whole lot of errors. However, it's possible to determine after the fact exactly which bits were lost due to quantum, so the ends can determine the secret that they share, even though it's impossible to say when you're picking the bits which ones w
        • Actually, the data interchanged with QC is normally a one-time pad, not the actual message. If an observer interferes with the transmission, it is detectable on both ends. Sender and receiver both know not to use that bit, with no further synchronization necessary. The actual message is sent over normal comm channels (Internet) after being XORed with the one-time pad, but if it's intercepted now, it's impossible to break.
        • Even if you can detect the evesdropping, by that time, it's too late; the evesdropper already has part of the message.

          Actually you use quantum crypto to exchange key material. It's just meaningless random data at that point. You run the evesdropping detection protocol before you send any real data. The attacker may get a few bits of the key undetectably, but with a strong cipher that won't help him much.

          Quantum crypto is a solution looking for a problem. It's only advantage over conventional methods

      • by turnstyle ( 588788 ) on Monday May 03, 2004 @09:09AM (#9039951) Homepage
        "Indeed, but if it were possible to eavesdrop without detection, implications for physics would be just as great as for cryptology."

        Perhaps when somebody eavesdrops, a cat is killed?

        Or does the universe split in two, one in which the eavesdrop has occured, and one in which it has not?

    • Re:Always? (Score:3, Insightful)

      by Anonymous Coward
      Blah, blah, blah. Haven't we gotten tired of these trolls? In the context of the transmission itself, it is, actually, totally secure. It's obvious to anyone without an icepick in their frontal lobe that there are other potential weaknesses. However, in this important respect, QC is provably secure in a way that classical crypto cannot be.

      Feel free to look into the past 2-3 weeks of /. for a more eloquent response (and reresponse and rereresponse and...).
      • Re:Always? (Score:3, Interesting)

        by theLOUDroom ( 556455 )
        Blah, blah, blah. Haven't we gotten tired of these trolls? In the context of the transmission itself, it is, actually, totally secure. It's obvious to anyone without an icepick in their frontal lobe that there are other potential weaknesses. However, in this important respect, QC is provably secure in a way that classical crypto cannot be.

        Actually, quantum crypto is not "provably secure" anymore than standard cryptography.

        QC relies on the ability to emit photons, and to known probability distribution
        • Re:Always? (Score:4, Insightful)

          by MS_is_the_best ( 126922 ) on Monday May 03, 2004 @08:40AM (#9039655)
          QC relies on the ability to emit photons, and to known probability distribution of those photon emissions. The problem is, there is no hardware out there than can emit one and only one photon 100% of the time. I wouldn't be suprised if it turns out to be totally impossible to build hardware that does. (Like building hardware to perfectly measure a particle's position and speed is impossible.)

          This is total nonsense. Are you a cryptographer afraid to loose your job, with no physical background? Then please read the article before you respond.

          I agree that the text and title posted to Slashdot is kind of misleading. All this QC does is making a channel on which eavesdropping impossible, without detection. Point. And it is.

          This has actually nothing to do with crypto (you can breathe again, your salary is safe), it can be used as a nice method for key exchange in a crypto -solution. The solution in total can be hacked (do something nasty on the sending or receiving end, but the transmission cannot be listened to undetected.
          • This is total nonsense. Are you a cryptographer afraid to loose your job, with no physical background? Then please read the article before you respond.

            Please read my post and understand the topic before responding. It wouldn't seem like nonsense to you if you did.

            I agree that the text and title posted to Slashdot is kind of misleading. All this QC does is making a channel on which eavesdropping impossible, without detection. Point. And it is.

            No it's not. That's what I was explaining.
            In order to b
        • The problem is, there is no hardware out there than can emit one and only one photon 100% of the time. I wouldn't be suprised if it turns out to be totally impossible to build hardware that does. Such hardware exist for decades ago and called laser. Laser emits photons in the same quantum state, that in some sence "single" photon.
    • Re:Always? (Score:3, Insightful)

      by Anonymous Coward
      The use of 'always' in this context is similar to "An apple always falls downwards when you let it go."
      • just like we once thought that the sun revolved around the earth? or that the earth was flat?

        always is a very strong word if your basic assumptions are wrong from the beginning. i have not seen the proof that qc is so safe as they say it is...though i would like to.
        • By your logic there are no rules which "always" applies. Noone can claim correctness on anything.

          You fail to see that the assumption that something was correct (as in correct enough) is what has driven science further, by alloving new and more correct truths to be established, and bringing humans away from myths and into a more scientific mindset.

          But you are right. We are now such am evovled species that's lets ban the word "always" out of any known languages imidiatly. After all there is no legitema

        • It's been proven mathmatically that a random string of bits XORed with a "meaningful" stream of bits produces an uncrackable string of encrypted bits that can only be decrypted with the original random string of bits. This has been know for years. What makes it unfeasible is the act of exchanging keys. That's why PGP is so great. Not because it's encryption is strong(er), but because of the key exchange issue. Quantum transmission methods allow for a totally secure key exchange. That, coupled with an
    • Re:Always? (Score:2, Insightful)

      by BalloonMan ( 64687 )
      "With this kind of method, messages cannot be intercepted without detection, meaning transmission is always safe."

      How about if I said, "With this kind of armored vehicle, passengers cannot be intercepted without detection, meaning transport is always safe." Now, the fallacy should be a bit easier to spot.

      The passengers are not really safe at all, in fact they might be D.O.A., or maybe they just got interrogated along the way, or perhaps they were replaced by pod replicants. Whatever, if they were carry
      • Your analogy is all wrong. I don't know if I can come up with a physical analogy to describe what's going on, but here goes.

        You're not sending the passengers, you're sending a bunch of suicide messengers with the magic password to open the impenitrable armor of the vehicle around their neck. If anyone comes into contact with the suicide messenger, they explode, destroying the information. You know someone tampered with your messengers because they show up dead. If that happens, you just change the pass
    • Re:Always? (Score:2, Insightful)

      by Anonymous Coward
      Well, yes, you can raise that philosophical objection to the concept of "always", and I would actually agree with you.

      A better statement would be: "undetected eavesdropping on this quantum channel would require finding a physical situation that does not conform to the Schroedinger Equation". Instead of saying "X cannot be broken", one can say "X is at least as strong as Y", where Y is well-known to be very strong.
    • Always is a powerful word. Nothing is totally secure.

      Then you need to read up on quantum cryptography.

      An attacker may be able to intercept a bit or two out of the message but because these are single photons if you intercept one it will be obvious that someone has intercepted the photon.

      Because you can never be 100% sure of the position of the photon it would take a fair bit of trial and error just to intercept one and all of those other photons that you blocked in your attempt to catch one will be miss
  • It's just like morse code, just waaaaaaaaaaaay faster!

    (it's a joke)
  • by Nuclear Elephant ( 700938 ) on Monday May 03, 2004 @08:00AM (#9039381) Homepage
    [Kirk] Fire photon torpedoes
    [Scotty] I can't sir, the bloody computer's still encrypting a message to my girlfriend - I got no power!
    [Romulans] b4w h4w h4w w3 0wnz j00!
    [Kirk] W3 b3 0wn3d!
  • by odano ( 735445 ) *
    I always thought this process was over some sort of fiber, I had no idea it was through the air.
  • in KB/s (Score:5, Informative)

    by moberry ( 756963 ) on Monday May 03, 2004 @08:01AM (#9039384)
    1,000,000 / 8 = 125,000
    125,000 /1024 = 122.1

    Not to bad for not using wireless undetectable (so far) encryption.
  • Man in the Middle? (Score:4, Insightful)

    by Allen Zadr ( 767458 ) * <Allen@Zadr.gmail@com> on Monday May 03, 2004 @08:02AM (#9039397) Journal

    While Quantum physics certainly allows for scientific detection of observation (which would help you detect if someone is merely viewing your stream)

    However, with all technology, this could be a common pocket-sized device some-day. So, would this not also fall under the problem of Man-in-the middle attacks? Read the quantum stream (eliminating the existance of said stream), and recreate the stream to the other point. This would create a delay, but without other forms of detection, it would not necessarily be as safe as wires... (as wires, at least, can be physically secuired. Hard to secure open air).

    • by Cyclopedian ( 163375 ) on Monday May 03, 2004 @08:09AM (#9039456) Journal
      I think your premise fails because you are using an established methods that worked for certain electrical and computer principles. Quantum Cryptography (QC) is something entirely different than what's been done in the past. Current methods cannot merely just be used on QC just because it worked in the past for other levels of physics.

      -Cyc
    • by Anonymous Coward
      RTFA:

      "Compared to previously described QKD systems, the major difference in the NIST system is the way it identifies a photon from the sender among a large number of photons from other sources, such as the sun. To make this distinction, scientists time-stamp the QKD photons, then look for them only when one is expected to arrive."

      Replaying the stream later (even _if_ it was possible) would make it arrive at the WRONG TIME. Hence, the stream was messed with.
    • from the article:

      Compared to previously described QKD systems, the major difference in the NIST system is the way it identifies a photon from the sender among a large number of photons from other sources, such as the sun. To make this distinction, scientists time-stamp the QKD photons, then look for them only when one is expected to arrive. "To be effective, this observation time has to be very short," says NIST physicist Joshua Bienfang. "But the more often you can make these very brief observations, t

    • by Kainaw ( 676073 )
      So, would this not also fall under the problem of Man-in-the middle attacks?

      The way to avoid the man-in-the-middle has to do with the filters for the photons. It is confusing in the code, but easier to understand from a completely fabricated example.

      First, you need to understand that photons are becoming 1 and 0 based on spin. That spin is aligned so that 1 is 90 degrees off of 0. The filters have to be aligned as well (sure makes portable devices hard, but I'm sure we'll figure that out later). A
    • > So, would this not also fall under the problem
      > of Man-in-the middle attacks?

      No, not unless there is something fundamentally wrong with the implementation. If the stream is eavesdropped, that OTP/key is discarded. Read the article for how QM helps to ensure this assumption.

      That said, it should be obvious that this scheme is potentially vulnerable to DoS attacks. Just keep eavesdropping, and the sneaky bastards using QKD can't exchange keys.
    • Under the usual setup for single-photon data transmission, only half the bits sent do any useful communicating. Both the sender and the receiver have to choose between one of two measurements to make on the bits; if they make the same measurement, they get the same answer, and so have usefully communicated a bit. If they make opposite measurements, they don't have comparable data, and so have communicated nothing. So Alice measures some photons and sends them to Bob, who also measures them. Afterwards,
  • **YAWN** (Score:4, Funny)

    by l0ungeb0y ( 442022 ) on Monday May 03, 2004 @08:03AM (#9039400) Homepage Journal
    Wake me up when they get it going faster than the speed of light. Now, that would be a speed record worthy of a slashdotting.
    • Wake me up when they get it going faster than the speed of light. Now, that would be a speed record worthy of a slashdotting.

      If it went faster than the speed of light, it would also be going faster than the speed of time. That would cause quite a bit of technical difficulties on the receiving end.
      • Speed of time? Excuse me, but can I get some of what you're smoking? How would you define a concept like that?

        Speed is defined in physics as "Distance traveled divided by the time of travel" [reference.com], so that would make time a derivative of it's self?
        • Please read the relativity theory perhaps you'd know what he talks about..
        • Re:**YAWN** (Score:3, Informative)

          by HD Webdev ( 247266 )
          Speed is defined in physics as "Distance traveled divided by the time of travel", so that would make time a derivative of it's self?

          You stopped pasting the definition at a crucial point. Here is where you left off from your own reference link::
          The limit of this quotient as the time of travel becomes vanishingly small; the first derivative of distance with respect to time.
          • You're still defining speed in terms relative to time it's self... I'm not sure where you're going here.
            • You're still defining speed in terms relative to time it's self... I'm not sure where you're going here.

              Ok, let's not define speed in terms relative to time. We'll take time out of the equation.

              But wait, we can't do that. Speed doesn't exist without time. On top of that, time isn't a constant.

              Here is more information:

              http://en.wikipedia.org/wiki/General_relativity [wikipedia.org]
              • Speed doesn't exist without time.

                Quite right, and my point exactly. You therefore cannot measure the "speed of time" That would be absurd.

                • Quite right, and my point exactly. You therefore cannot measure the "speed of time" That would be absurd.

                  That would be absurd if I mentioned measuring the speed of time. But of course, I said nothing about that.
                  • f it went faster than the speed of light, it would also be going faster than the speed of time.

                    Your words, not mine.
                    • Your words, not mine

                      Yes, those were my words. 'Faster' is not a measurement.

                      It's possible that my use of 'faster' in that context accidentally implied measurement, but I assure you that was not my intention.
        • This is the theory of relativety in practice boy.

          A quick, but probably inacurate description:

          • Time is an actual dimension (let's say #4) which we move trough. We move consistantly trough this dimension at the speed of light (more or less, no relativety-zealots please), if I remeber correctly.
          • Transmitting faster than the speed of light would be moving something faster than we move trough time, thus "faster than the speed of time"

          If this doesn't help, maybe relativety-physics wasn't intended for

          • Most of what you state is quite valid for relativity, but that is not the subject at hand. Rather, we are talking about quantum physics, and in that realm the speed of light and the nature of time are very separate principals.

            If you are interested in the mechanics of quantum physics and the separation of locality and time, I suggest you read up on the Einstein-Podolsky-Rosen Paradox [wikipedia.org]
        • > > If it went faster than the speed of light, it would also be going faster than the speed of time. That would cause quite a bit of technical difficulties on the receiving end.

          > Speed of time? Excuse me, but can I get some of what you're smoking? How would you define a concept like that?

          You're right; "speed of time" is nonsense.

          Maybe he's trying to say is that object's world line would become space-like rather than time-like. (Which is true.) Mathematical definition here [wolfram.com]. Some information ab

    • This does go faster than the speed of light to a certain extent - once the photons arrive at each side the key is created instantaneously at the secondary site when it is first observed at the primary site.

      One small cravat though - the key is random so there is little use for faster than light meaningful communication.
    • That would be something.. A website that can transmit data at the speed of light, and it gets slashdotted.
  • by foidulus ( 743482 ) on Monday May 03, 2004 @08:03AM (#9039402)
    This is the thing I don't understand about quantum cryptography(maybe someone can explain it to me). If someone were to try to listen in, would you still be able to read the information being sent? If not, wouldn't this make DOS attacks relatively easy? The information isn't any good if you cannot transport it.
    • by Tmack ( 593755 ) on Monday May 03, 2004 @08:28AM (#9039579) Homepage Journal
      The deal with quantum transmission is you are sending the data as single photons (smallest divisible unit of light, like a molecule of a compound, or a single cell of a living thing). Meaning, if you read it, you absorb the message (recievers transform the optical signal, ie: photons of light, into electrical ones), or at least change it in some way. The only way to possibly intercept the transmission is to completely intercept it, keeping any form of it from reaching the true reciepient, knowing the protocol enough to keep the sender thinking it is sending to the original target (sending encrypted keys or something), or acting as a repeater while recording the values as they pass through. Since they are being broadcast, you would have to put your device directly in line-of-site between sender and target, something probably notacable. Keeping the sender and reciever unaware of a repeater would be difficult, as adding such a device would add a time delay to the transmission, something the encryption might be dependant on. As for transmission, you would have to have a repeater device along a long or complex span, something knowing the encryption method and is known to both sides of the span. It is easier to secure single points of transmission than entire cable or enven fiber cables, since you dont have to worry about people splicing into it without knowing about it. The only worry would be a DOS, somehow blocking the path of the transmission, something easily remidied with a large enough cannon.

      tm

      • No no no, the point about quantum cryptography is that if you try to act as a repeater, you will always distort the signal. Merely using single photons is not enough.
        • Which was my point about destroying the original signal (ie: intercepting it completely without letting any of the original pass your interception point), and creating a completely new signal (repeating the data only while building a new encryption around it). By acting as the origin, if you intercept the signal in its entirety, and have the ability to perfectly masquerade as both ends (as far as identity and encryption methods are concerned) so the sender thinks it is still talking to the recipient, and re
          • No - this won't work because you don't conduct the entirety of the communications via this one communication channel. Essentially the "quantum" channel is used only for creating a key that one can use to communicate securely over another channel. Furthermore, as part of the verification step in the quantum protocol, the sender and receiver check the results of the quantum exchange over an open channel, and any repeater wouldn't know how to spoof this verification step successfully to fool both sides. See
      • by corvi42 ( 235814 ) on Monday May 03, 2004 @10:33AM (#9040839) Homepage Journal
        The whole point of quantum crypto is that if someone did try to act as a repeater, then they would be detected. This is not because you would "see" them standing there intercepting your data ( although that would be a possibility ), but because the protocol used to transmit the information securely would reveal the fact that the data had been intercepted and then retrasmitted.

        The basics are like this. Small particles ( like photons of light ) have a property called spin. You can set the spin of a particle when you transmit it by using the right kind of gear. You can test the spin of the particle in several different ways, but not all spins can be detected correctly by all tests. So if you have no idea what the spins are, you can't know which test to use. So if you use a random sequence of tests, you will sometimes have the right test, and sometimes not. So to transmit information, our protocol works like this ( taken from "The Code Book" by Simon Singh, p.346-7 ):

        1) Alice sends Bob a series of photons, and Bob measures them.

        2) Alice tells Bob on which occasions he measured them in the correct way. Although Alice is telling Bob when he made the correct measurement, she is not telling him what the correct result should have been, so this conversation can be tapped without any risk to security ).

        3) Alice and Bob discard the measurements that Bob made incorrectly, and concentrate on those that he made correctly in order to create an identical pair of onetime pads.

        4) Alice and Bob test the integrity of their onetime pads by testing a few of the digits.

        5) If the verification procedure is satisfactory, they can use the onetime pad to encrypt a message; if the verification reveals errors, they know that the photons were being tapped by Eve, and they need to start all over again.

        It is true that Eve could listen in on the line, intercepting photons sent by Alice and try to recreate the same stream of photons to Bob with the same spins. However, she can only use a test once, she can't copy a photon and test it using several different tests. So she will inevitably use the wrong test on a number of photons, and so not know what the true spin ought to be, and so can't reproduce them. She also can't know what series of tests Bob will use to test the photons he is receiving. So inevitably what would happen is this: Eve uses the wrong test on some photons, doesn't know what their spins ought to be, sends out some with different spins; Bob however uses the correct tests on some of those photons that Eve "made up", but gets different results from Alice ( because some of the spins are different from what Alice originall sent ), so when they compare results it becomes obvious that they don't have the same sequence of results. Furthermore, Eve can't know where the errors are going to come up and how she should fix them, so she couldn't intervene successfully in this verification step to make it seem correct when its not.

        Long story short - you can't make a successful repeater ( down side to this is you can't use any network for transmitting the photons, as a network necessarily involves repeaters - aka routers/gateways - you must have a direct line from sender to receiver so the photons don't get altered ).
        • Mod parent up, that's exactly what I was going to write. Good job corvi.

          The long story short is that, quantum encryption is used to create a key. It is proven, due to the quantum properties and the algo that corvi posted above, that the key CANNOT be intercepted. At worst, it will fail, until you're able to suceed in creating a key.

          So, a spy can ONLY prevent you from exchanging a key with someone, he can never intercept the actual key. So he's not really as much a spy as a roadblock.
    • Not to pile on to the other posters, but:

      As has been elucidated elsewhere here, the physical nature of QC prevents eavesdropping because of the nature of quantum mechanics. Traditional cryptography is based on bits, as you are no doubt aware; bits exist in purely binary format.

      Quantum bits, or qubits, on the other hand, are physical photons, not binary data, and as such, they exist in several states at once; you might have a single qubit that is right circularly polarized, or left vertically polarized.
  • by Phidoux ( 705500 ) on Monday May 03, 2004 @08:03AM (#9039405) Homepage
    Error -3647194 - An error occurred during the encryption of your file - Pigeon
  • by Daath ( 225404 ) <lp.coder@dk> on Monday May 03, 2004 @08:04AM (#9039412) Homepage Journal
    Farnsworth: "No fair! You changed the outcome by measuring it!"

    heheh :)
  • by Anonymous Coward
    And the message?

    fckil eht ghtlis fi uyo gte thsi !
  • by Halo- ( 175936 ) on Monday May 03, 2004 @08:18AM (#9039512)
    The whole "unbreakable" thing is a little bit of a misnomer. Yes, you can detect if someone observes the transimission of the key, but that doesn't mean the encryption is unbreakable. In fact, it's not really encryption at all. It's simply a fancy type of secure, out-of-band key exchange. Once the key is exchanged, the parties will generally use it to key a symmetric algorithm like 3DES or AES. (At which point the encryption is only as strong as those algorithms...)

    I realize I'm being painfully pendantic here, but when the self-proclaimed nerds start abusing a term, the general public is going to be hopelessly confused. (Think the whole hacker/cracker thing...)

    Quantum key exchange is unbeleivably cool, but doesn't guanentee secure crypto. It just takes one of the weakest links in the chain, and makes it the strongest.

    • That's a decent speed to do the whole data transfer this way. No mathematical encryption at all.
      • Yeah, I agree that the speed is getting to where it would be possible. But, the question is still one of terminology. If I'm relying solely on the integrity of the transmission channel, I'm not doing "cryptography" any more.

        One of the hallmarks of cryptography is that it is medium independant. If I encrypt something, I can print the output on paper, copy it to a floppy, etc and the security isn't weakened. With a simple secure channel, I lose all my protection as soon as the message stops being photons
    • Unless you are talking one-time pads....

      Of course they're talking one-time pads... ;-)

    • You use random data as your key (which is basically all you'll get with a QC photon stream), then one-time pad for encryption. Not just practically, but theoretically unbreakable. Both parties use the key to encrypt their messages, which are then sent over non-secure channels (i.e., the Internet).

      Crypto thinking in the past has been that if your cryptosystem is strong enough, you can tolerate key exchange over insecure channels. What many people don't realize is that with perfectly secure key exchange, you

    • They are talking one-time pads. The quantum key distribution protocol simply allows you to keep generating an endless one time pad, and lets you know whether someone else has eavesdropped on it.
    • Wrong. We are talking one-time pad here. The key is going to be as long as the data needed to be sent.

      Quantum Encryption allows you to exchange a key in TOTAL security. Not just theorically, total security(this is the strongest possible). No one can eavesdrop the key. If they do, they will, at most(if they eavesdrop every 'packet'), prevent you from exchanging a key, in which case you can try again until you succed. If you succeed in exchanging a key, the eavesdropper CANNOT know, due to the algorithm and
  • Hang on... (Score:5, Funny)

    by m00nun1t ( 588082 ) on Monday May 03, 2004 @08:24AM (#9039545) Homepage
    I don't understand all this stuff about quantam cryptography. Let's get to the core of the issue:

    Can it help me download pr0n faster or not?
  • by caitsith01 ( 606117 ) on Monday May 03, 2004 @08:32AM (#9039604) Journal
    This area really interests me, because it seems to fundamentally change the playing field regarding the use of encryption for simple privacy. Up until now, it has been a pretty safe bet that anything the Government (or Governments) wants to read, it can. Eventually most (all?) standard encryption can be broken with brute force,* and if there's one thing that governments have and like to use it's brute force.

    *(yeah, yeah, your favourite open source encryption is unbreakable, I know, but come on, the government isn't going to enter any 'break this encryption' contests to show what a kewl ha>or it is and thereby advertise the fact that communications using said encryption are not actually secure, is it?)

    However, with unbreakable encryption they can no longer just spend money until they are able to break it - it's actually impossible, they can't even intercept it. So it changes the situation in a quite fundamental way. Whether it's someone violating copyright between quantum encrypted locations, just talking without being eavesdropped on (you know, exercising their rights), or Osama and his friends planning the next September 11, it will be impossible to work out the contents of a communication.

    I feel that over the middle-term this will lead to some or all of the following government responses:
    - stronger laws allowing seizure of computers (i.e. the start and end points of an encrypted communication)
    - even stronger laws about exporting or possibly even publishing information about this type of encryption 'in the national interest'
    - laws requiring the divulging of passwords to law enforcement/intelligence officers with harsh penalties for a refusal to cooperate (this is already the case in some places I believe)
    - possibly a lower standard of proof required before police/spies can act to exercise the above powers, in light of the difficulties they will have getting any evidence at all about encrypted communications
    - an increase in 'why are you using encryption, are you a terrorist/communist/thought criminal or something' type rhetoric

    What do others think? Does this really change the privacy landscape over the next 10-20 years? Will governments react regressively in the ways I suggest? How should pro-privacy people respond and fight such changes?
    • by m.koch ( 703208 ) on Monday May 03, 2004 @09:20AM (#9040033)
      *(yeah, yeah, your favourite open source encryption is unbreakable, I know, but come on, the government isn't going to enter any 'break this encryption' contests to show what a kewl ha>or it is and thereby advertise the fact that communications using said encryption are not actually secure, is it?)

      Pardon? The known encryption algorithms are insecure because the government doesn't say it can't break them? Reminds me of a little story where a man claps his hands to get rid of elephants in his house. The proof that it works? There are no elephants in his house.

      Also it seems strange to imply that Schneier et al are just a bunch of idiots.

    • I agree with the general drift of your predictions. Some thoughts:

      AFAIK, all the QC machines are point-to-point devices, and I don't see any obvious way to make relays and gateways out of them. So it's not like you can do QC-over-IP tunnels. And with point-to-point devices, the government can do traffic analysis (if you're talking Mohammad Atta's ex-roommate regularly, who cares what you're saying, you get heightened surveillance and maybe disappear without trial for interrogation).

      There are already pl
  • by joda ( 124489 ) <magnus AT ordkunskap DOT se> on Monday May 03, 2004 @08:49AM (#9039744) Homepage
    Even thought that in theory, the encrypted messages (or whatever is sent) can't be read, you still have the problems before and after encryption.
    Especially these days with worms and trojans affecting even the most _secure_ environments (*bad memories about some american nuclear power plant*). You can expect someone somewhere to get some spyware or keylogging-thingie onto a sender or reviever's system. (or sometimes even enough with just getting it onto the network on each end in question.)
    I recall visiting a webshop somewhere who sold a small (read less than half an inch) plug, which you put in between the keyboard and the comp, which could log several megs of typed in text. Later it's just to harvest ...

    Maybe I'm just paranoid, but if you can't trust your coworkers 130% in these cases, you're still toast unless you put the machine (and yourself) in a vault and throw away the key. /joda
    • The beauty is that you cannot intercept the key in this way(keylogger, spywares, etc.) That's because key exchange in quantum encryption is proven TOTALLY secure. First because the keylogger won't log anything(the key isn't typed), and a spyware or eavesdropper will interfer with the key exchange and either prevent the key exchange, or will end up having useless information that isn't used in the creation of the key.

      However, yes, you could read the actual message before it is encrypted(check over your cowo
  • by WormholeFiend ( 674934 ) on Monday May 03, 2004 @08:53AM (#9039791)
    is human.

    while it's true that cryptography like this improves security, those encrypted messages are still transmitted between people, and people are not corruption-proof.
  • Original article (Score:4, Informative)

    by Vadim Makarov ( 529622 ) <makarov@vad1.com> on Monday May 03, 2004 @08:54AM (#9039801) Homepage
    Here is the original article [opticsexpress.org] (PDF, should be downloadable) in Optics Express.

    Aaahhh! and it runs Linux. Mod me up.

    ("We are currently using a Linux operating system with custom drivers for the boards.")

    • Also, not to diminish the achievements which I applaud, but to point out: the demonstration they did (B92 protocol with no reference pulse) in fact is not secure at all. These states can be detected unambiguously probabilistically and those where detection was successful can be re-sent with increased energy, which makes eavesdropping possibly given the low detection probability at Bob. They better do it with BB84 next time :)
  • by dmomo ( 256005 ) on Monday May 03, 2004 @09:12AM (#9039971)
    To crack the Curse [mit.edu] of the Bambino for the Boston Red Sox.
  • Researchers have just discovered the quantum cryptography can be "broken" by viewing the stream of photons in a mirror. Scientists are naturally rather embarassed by this.

    -psy
  • Sure, it can transfer at 1 megabit. But that means they need to be able to generate crytographically strong random numbers at the 2MHz level, while changing polarizations to match. It's not a trivial statement. So... this might not be quite as safe as they're claiming. But those are just details which everyone hopes can be trivially solved in the near future.
  • by Long-EZ ( 755920 ) on Monday May 03, 2004 @04:28PM (#9045119)


    Hacker Rule #1: Everything can be hacked.

    The Quantum Man In The Middle
    To prevent the man-in-the-middle attack where a photon is intercepted and an identical photon is transmitted in its place, the sender and receiver rely on a very tight window in time. Any photons received outside that window are rejected. If you want to grab the quantum secured key, why not put a receiver in the middle that emits a quantum entangled photon? You intercept the sender's photon, and once you know its state you can change the state of the captured photon so its entangled twin has the same quantum state as the intercepted photon, and arrives at the correct time. You essentially use quantum entanglement to change the state of the imposter photon while it's in transit.

    Quantum Brute Force
    Quantum computing is emerging almost as fast as "quantum cryptography" (actually "quantum tamper resistant key transmission"). In the near future a good quantum computer will be fast enough to quickly break today's strong encryption. This is the same old game of making sure encryption is just strong enough that commercial users can't crack it but governments can. It's a moving target. Make your own VERY secure encryption algorithm that jumps fifty years down the path of Moore's Law. Add 32 bits to your key and you're secure. That'll piss off your government. So will tying up several hours on their massive supercomputers to learn that you used your favorite commercial encryption algorithm to send your grandmother's cream candy recipe to an internet cafe in South Africa. I'd never do that, but I'd be very tempted to send The Constitution and The Bill of Rights.

If all the world's economists were laid end to end, we wouldn't reach a conclusion. -- William Baumol

Working...