Quantum Cryptography Ready For Wide Adoption? 125
An anonymous reader points us to an interview with the founder of quantum cryptography pioneer MagiQ Technologies. From the article: "Q: When do you think we'll see service providers offer quantum cryptography services to their end-customers? A: This will happen within one year and we'll see fairly wide adoption within the next three years. We are working with big carriers such as Verizon and AT&T as well as some companies that own fiber networks. The goal is to embed quantum cryptography into the technology infrastructure so it becomes totally transparent to the end-user..." The cost of a pair of MagiQ boxes to implement point-to-point encryption on a 120-km link is $100,000 plus service.
SNAKE OIL! (Score:4, Insightful)
Oh lookie, the amazing thing is - a normal fucking fibre circuit will notice as well.
There is no quantum tech yet.
This is just going to increase our month subscriptions without giving any benefits, we will still use encryption on every required connection and will still have open holes alopng the way (last mile), so who exactly does it benefit?
I suggest any carrier should pay them with money stored in a quantum envelope. You are certain it contained $100,000 before you sealed it up, if its not there now it must have been intefered with.
Re: (Score:3, Insightful)
What happens if you splice the line and put a repeater in that also reads the data passing through it?
Fiber optics are tappable you know.
You may notice a short downtime...
Re: (Score:1)
If(allDark) showMessage("PANIC: 1337 haxx0rs have broken in.");
Re: (Score:3, Insightful)
Re: (Score:2)
Re: (Score:2, Insightful)
Re: (Score:3, Interesting)
Re: (Score:2)
No, what matters here is the observer effect, to which the GP referred. As for the uncertainty principle, it's about the precision to which you can know a particle's position and its momentum, and the corellation between those two; and the cause of phenomenon it describes is not disturbance of particle during observation [wikipedia.org].
Re: (Score:2, Funny)
I don't know, let's ask the NSA: bomb kill president dirty bomb panties assassination murder terrorist nukular boom boom anthrax
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
Re: (Score:1)
You cannot reconstruct the quantum state of an individual photon so a repeater isn't possible. In fact, that is the point.
Re: (Score:1)
Re: (Score:3, Informative)
Nope. Not with quantum crypto. First, you can't read the data because it destroys the data. Second, it will DEFINITELY interrupt the normal service! (because you've destroyed the data)
There are videos of this being done, where they capture a broadcast on a fiber wire and there is no noticeable difference on the original signal.
Re: (Score:3, Insightful)
Re:SNAKE OIL! (Score:4, Interesting)
Specifically, what is being sent is one half of two perfectly entangled qubits. The fact that they are "entangled" means that if the two people involved each measure their qubit using the same basis, they will always get the same answer.
When you intercept one of the two qubits, you can measure it but in the process you destroy it, and you cannot create a new qubit that is entangled with the one kept by the sender. Thus, the final recipient of the qubit will no longer get qubits entangled with the original sender's, and so even when the two of them measure with the same basis they are no longer guaranteed to get the same result. In fact, on average 50% of the time they will disagree -- equivalent to what would happen if they both just generated independent random strings of bits.
Now you might say: why not have the repeater just generate a qubit such that the recipient will get the same measurement result as you did? The answer is that you cannot do this because you cannot know in advance what basis he will use to measure the qubit. In the case of photons, he could measure it in a horizontal/vertical basis, or he could measure it in a diagonal basis. (For each measurement he will pick one or the other on a random basis.) If you polarize your photon horizontally (which might correspond to a classical value of "0"), then the other guy will get a random result when he measures it in the diagonal basis. You can only hope to guess right 50% of the time.
Part of the QC protocol is to share selected strings of bits to make sure that they are in fact in ownership of a common secret. If these strings differ 50% of the time, then they know that someone was reading them in the middle.
Thus, the whole point of QC is that it is impossible to put repeaters in the middle to intercept the data without this resulting in a detectable error rate in the shared secret.
Re: (Score:1)
(if possible please refrain from using the word laser or photodiode)
I read on their site a wonderful description (here [magiqtech.com] if you are interested):
The interaction between ions and single photons is quite weak; therefore it has to be enhanced by placing the trapped ions inside an optical resonator (i.e. between two very good, suitably arranged mirrors). This leads to a strong coupling between the light field in the resona
Nope, it actually works (Score:2)
What happens if you splice the line and put a repeater in that also reads the data passing through it?
Uh, Dude, you need to do a little bit of reading on quantum cryptography.
The whole point is that you can't do that. Well you can do it, but... everything goes "poof".
Troll is almost entirely incorrect (Score:4, Informative)
You won't have gaping security holes in the last mile if you buy this stuff - it's designed to work on end-to-end dark fiber. You'll still need crypto for other reasons, and you'll still have gaping holes inside your wiring closets, but last mile won't be a problem. The range of the system is 120km, so if you're trying to connect buildings together that are farther apart than that, you do have a physical security problem you'll need to manage at your repeater locations.
This won't increase your phone bills unless you buy it. It's not a system designed for carriers to put in their network backbones - it's designed for an end-user customer to buy dark fiber service between a pair of buildings and put these boxes on the ends. The carriers generally charge a pile of money for that kind of service, and the more people buying it, the better their economies of scale, so if you're a consumer who's not buying this, that's slightly positive for you.
The carriers won't need to pay them with quantum money - the end customers will need to pay in real money...
Re: (Score:2)
In quantum terms, a repeater is the same as a measurement. If they can run through repeaters, they're not relying on quantum physics for security. If their claims are correct, they're limited to the length of unrepeated fiber.
Problem is, even without the trivial attack that Shamir proposed a decade ago, it's hard to see what real securi
Short answer (Score:5, Funny)
Re: (Score:1)
Re: (Score:2)
>
>Yes and/or no.
I could tell you, but then I'd have to collapse this wave function that describes your cat.
Re: (Score:1)
Is that what they're calling it these days?
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Huh? (Score:1)
Re: (Score:3, Interesting)
The only perfectly secure algorithm is one where the key is:
Re: (Score:1)
Re: (Score:2)
Wrong. Quantum cryptography isn't mathematical at all. And it does not rely on keys.
Re: (Score:1)
Re: (Score:1)
Re: (Score:1)
Cryptography != Security (Score:4, Insightful)
History shows that the weak links in systems employing cryptography is usually some other part of the system. DVD's are an obvious example.
Outside of gov't agencies and the mega-corps that service them, I don't see this taking off like the ipod. The PHB's in the banking world certainly won't understand why this is better than the systems they have now.
Re:Cryptography != Security (Score:4, Insightful)
Funny that. When I read the price, my first thought was that this would very possibly explode!
It all comes down to benefits vs. cost. When there are billions of dollars on the line, protecting it with a mere $100,000 seems like chump change. And each $100,000 purchase helps prove a marketplace that will then lower costs.
With every new technology, there's an "adoption curve" where the price drops to a point where it makes sense at high economic levels. So the wealthy and the megacorps adopt the technology because it pays to do so. By doing so, the inventor/developer recoups their initial investments into the technology, and it begins to pay to reduce the price in order to encourage a larger marketplace.
Wash, rinse, repeat, and soon the new technology is available at very affordable prices to average people.
This doesn't happen to *all* technologies. For example, general aviation (EG: light, 1-12 person aircraft) is still pretty firmly entrenched in the ranks of the wealthy, for a variety of reasons. All too few people talk about the "family plane". But even in this case, commercial aviation is very reachable by the average Joe, a la SouthWest airlines.
So, to have perfectly unbreakable encryption over a 120 km link for just $100,000? I think that would get the attention of quite a number of large and middle-sized organizations, banks, and perhaps data warehouses.
Re: (Score:2)
\
You can get into ultralights for under $3,000. Granted this is really not "general aviation", but it's definitely affordable to just about anyone with a decent
Re: (Score:2)
I don't know where you are, but the sub-$3,000 ultralights that I've seen look awfully reminiscent of a death-trap. Something that won't leave your spouse a widow starts about $10,000 and goes up fast from there.
Also, ultralights and sport planes have serious limitations - limitations on flight in controlled airspace, over urban are
Fiber costs matter more than hardware here (Score:2)
There are some economies of scale for the telcos if they start
Re: (Score:2)
Unless you plan to transport huge amounts of data you can have perfectly unbreakable encryption far, far cheaper--a number of harddrives full of randomness shipped once in a while between the locations. Another plus is that guarding a car for 120km once in a while is far easier then replacing 120
And how does this fit in with federal law? (Score:2)
Are companies really going to buy "private fiber" or is this really only for DoD use?
Re: (Score:1)
Providers have to provide an aggregation point or means of access. So it boils down to either a port on the provider side in promiscuous mode (outside of the secure channel) or an imperceptible channel in some form of monitoring mode.
In the case of these end-points it raises a very good question as to how providers would code an interception point into this technology. One would think that taking an uber-secure channel and programmatically coding in a "backdoor" for lawful intercept would be humorous b
I'm sure they could do it. (Score:3, Insightful)
Re: (Score:2)
This isn't about network backbones (Score:2)
This is a device that security-paranoid end users like banks or governments can buy, to put on the ends of building-to-building dark fiber service that they'd rent from the telcos. The reason a vendor like this would be working with t
Funny thing is (Score:3, Insightful)
It's strictly point-to-point. (Score:5, Insightful)
Can you say "Physical Security"? I knew you could.
Re: (Score:2)
Re: (Score:3, Insightful)
Re: (Score:2)
Re: (Score:2)
You also lose half of your Q-bits at each repeater. Since it relies on the sender and receiver being in-phase with each other, there is a 50% chance they aren't and what the receiver detects is worthless. (Either + or x configuration.) So if we have 3 "routers" we only end up with 1/16 of the key bits originally sent - 1/(2^4) - since we also have to count the receiver as missing half of the bits.
If we are talking a New York to Los Angeles connection, with only 120km per link, we would need at least
Re: (Score:2)
Thus, you would preserve the quantum encryption because you didn't actually extract any information from the system.
Seems like it would work from an information theory point of view...not sure how you would do it from a practical perspective.
Hrm. (Score:2)
Re: (Score:2)
Worse, they talk about "repeaters" to extend the range past 120km - which is scary, because it implies they are decrypting/recrypting at the repeater.
Not necessarily. It's possible in principle to build a "quantum repeater", which receives, "purifies", stores, and retransmits qubits without measuring them. By purification, I mean using either quantum error correction, or quantum entanglement distillation in conjunction with quantum teleportation. Su
Re: (Score:2)
I don't know, I for one was persuaded by their guarantee that 50% of the time it works, everytime.
Totally useless (Score:4, Insightful)
Re: (Score:2)
Step 2. Get someone to post it on slashdot.
Step 3. ???
Step 4. Profit!
Re:Totally useless (Score:5, Informative)
With quantum key exchange, the very act of diverting a photon to "sniff" it disturbs the signal enough that the far end can detect it.
Once you've exchanged keys (at a low bit-rate) you then use standard encryption techniques to exchange the actual data.
Re: (Score:3, Informative)
Re: (Score:1)
Correct me if I'm wrong, but doesn't this imply that the hardware this company is selling is completely useless with standard protocols? Using TCP/IP and SSH, for example, I assume there's no way to arrange to do the key exchange over one physical connection, and then switch to a different one for the actual exchange of data.
Re: (Score:1)
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
Don't waste resources reinforcing the strongest link in a chain.
Re: (Score:2)
If you're not, then what are you talking about?
Also PP pairs can be beaten by a true man in the middle attack
Re: (Score:1)
That's no longer a mathematical problem but a physical problem then.
Re: (Score:3, Insightful)
Re: (Score:1)
Better safe than sorry.
Re: (Score:2)
Sure, unless it turns out to be impossible.
But right now, breaking quantum cryptography is a physical problem, not a mathematical problem. It's based upon the presumption that a photon cannot be detected without disturbing it.
Re: (Score:1)
SSL is quite breakable (Score:3, Informative)
Re: (Score:2)
SSL is a protocol which can make use of a wide variety of different encryption algorithms in different manners. There's an asymmetric encryption element, mainly for authentication & session key exchange, and a symmetric encrpytion element for the secrecy of ongoing communications. Talk about "breaking SSL" is somewhat misleading -- I think talking about breaking RSA, Diffie-Hellman, D
Re: (Score:2)
In Other News ... (Score:2, Funny)
Inventor of Segway predicts widespread adoption within three years.
Executive of personal hovercraft company predicts widespread adoption within three years.
Early investors in free energy scheme predict widespread adoption within three years.
Re: (Score:2)
Re: (Score:1)
More Than One Way To Do It Again (Score:3, Funny)
Quantum Crypto does not solve anything! (Score:5, Interesting)
I can't stand all the hype around Quantum Crypto. If you have a close look at it, you'll see that it doesn't solve anything...
When you transmit bits with QC the law of physics guarantee that nobody will see them, even if some genius breaks all the math behind classical crypto. This is all very well but the throughput is too low, thus QC is used to transmit a key which is then used to encrypt the data. Thus you still need symmetric crypto to encrypt your data.
Now, something everybody seems to ignore: QC does not authenticate the transmission. I can buy two magiQ boxes and set up a man in the middle attack. QC can not prove whether you are exchanging bits with the original sender or with some monkey in the middle. To solve this problem the QC vendors suggest:
Re: (Score:2)
Re: (Score:1)
The principle of sending a single photon down the tube and ensuring nobody can measure it without effect is well understood, however there is no method currently to send a single photon down the 120km tubes.
These magic black boxes have to rely on other information to know whats happening (Signal strength, signal variation, timing etc).
Security by obscurity is no substitute.
If it really was a magic box, the whole 120km could be out in t
You're argument is incorrect (Score:3, Insightful)
You are correct in pointing out (as most responsible qcrypto people do), that qcrypto needs authentication.
However, your argument doesn't follow
So even if you use QC, you still need to rely on all the classical crypto to make it work. So it is just as good as classical crypto, without routing.
The reason is that:
1) The authentication only needs to be secure for a second or two. I just use it foil a man-in-the-middle-attack or authenticate pa
Re: (Score:2)
Only if you can generate and communicate securely a new public key every time the link goes down. I guess it is possible in theory. Also - this assumes that you can't crack a public key in realtime - unlikely but theoretically possible. If an interceptor can crack asymmetric crypto quickly enough then you won't be able to spot him.
If
Re: (Score:1)
Re: (Score:2)
1) The authentication only needs to be secure for a second or two. I just use it foil a man-in-the-middle-attack or authenticate part of the protocol. So, if I use public key authentication, and the public key is then cracked, no problem, I've already used it to authenticate.
err.. OK. And when you need to generate a new public key (because your original one was cracked) how do you transmit it to the other party? How did the other party get the original public key?
Re:Quantum Crypto does not solve anything! (Score:4, Insightful)
It's true that he could then hijack ALL communication channels between Alice and Bob, decrypt messages using one key and then re-encrypt them using the other, but... it would probably be easier just to bribe the people doing the transmitting and receiving to tell him what the messages were. I don't think that most people who are serious about security are claiming that QC is a miricule cure, just that it makes one part of the system much, much more secure.
It might be the case that the benefit is not worth the cost, given that the weakest link tends to be the human element, but this is much different than it being "just as good as classical crypto", or a form of "snake oil".
Re: (Score:2, Insightful)
Re: (Score:2)
Assuming nobody does something stupid with keying material in classic cryptography, these boxes are as good as any other diffie-hellman boxes you could buy for much less.
These devices provide a means of not getting your keys compromised because someone had the chance to copy them, but is does nothing else. It has
Re: (Score:3, Insightful)
It's true that he could then hijack ALL communication channels between Alice and Bob, decrypt messages using one key and then re-encrypt them using the othe
I thought this is EXACTLY what a man-in-the-middle attack was. If you have another communication channel that doesn't have an attacker between Alice and Bob, Alice and Bob are always going to figure out that they aren't sharing the same key.
but... it would probably be easier just to bribe the people doing the transmitting and receiving to tell him what
I'm Ready! (Score:1)
Dumbest idea ever (Score:2)
We already have good cryptography... (Score:1)
Wretched Flaccidity. (Score:1)
Quantum computing and DNF (Score:2)
Stop the Myth (Score:1)
Long term secrecy (Score:2)
Re: Long term secrecy: there are much cheaper ways (Score:1)
http://athome.harvard.edu/dh/hvs.html [harvard.edu]
You still need more assumptions than with QC, which is why I don't exactly buy this approach, but if you really need long-term security, you might consider this scheme.
As for QC, it is expensive, point-to-point only, and makes sense only if you are worried about somebody brea
Re: (Score:2)
"hyper-encryption can be proved to be information-theoretically secure, providing the storage bound cannot be surpassed."
Assuming a limited amount of storage for your adversary is a much more optimistic assumption than the mathematical assumptions underlying conventional encryption schemes and not comparable to the unconditional security provided by quantum crypto. It basically relies on the fact that the rate of both, the entropy source as well as the comm
US Gov't Secret "Super Quantum" bit (Score:1)
QC of ROT256 (Score:1)