Scientists Make Quantum Encryption Breakthrough

Madas writes "Scientists working in Cambridge have managed to make quantum encryption completely secure (registration required) by putting decoy pulses in the key transmission stream. According to the story this paves the way for safe, encrypted high-speed data links. Could this allow completely private transmission of data away from snooping eyes and ears? Or will it mean film studios can stop movies from being copied when traveling on the internet?"

Decoy Pulses are Nothing New...

[Quaoar]

My girlfriend makes them all the time.

Dude!

[Anonymous Coward]

You don't really have a girlfriend. But top marks for thinking anybody would ever believe you!

Re:

[Brunellus]

It's kinda like Schrodinger's cat: she's dead *and* not dead...until we open the box.

Re:

[zokrath]

Who is rating this 'Informative'?

It's kind of creepy...

Re:

[Anonymous Coward]

Who is rating this 'Informative'?

His girlfriend's other boyfriends?

Tag suggestion...

[FishWithAHammer]

proofyourfuckingheadlines

Re:Tag suggestion...

[LordSnooty]

Yeah, cos that's a great use of the tag system. Can't wait for the moment a few months hence where I need to find all articles where the headline wasn't proof-read. Just like I want to look up all the stories where someone made a mistake (search 'doh'), find all the Steve Balmer articles (search 'chairthrowing') or all the stories about problems for trad Slashdot villains (search: 'haha')

The tag system is broken, but there's nothing wrong with the implementation. People can't tag correctly. Look below, all real tags.

Re:

[binary paladin]

I gotta admit, they might be broken, but they amuse the hell out of me.

Re:

[tijmentiming]

I think they inform me too. It gives a quick impression what people think about the article. I'm never reading articles tagged FUD. the articles tagged 'haha' are all about microsoft and make me smile :-). If it's slownewsday, I probably like it, etc.

Re:Tag suggestion...

[arevos]

It seems to me that the search system can already find articles via keywords. Tags are most useful when they add meta-information that cannot be inferred by a keyword search. Whilst it's unlikely "proofyourfuckingheadlines" is going to be useful for many people, tags like "haha" and "doh" might be conceivably useful, as they give information beyond a search for words in the article summary could provide.

Re:

[arevos]

"yes" and "no" are the most useless, though; they seem to pop up whenever there is a question in the summary.

What if you wanted to search for an article that asks a question in the summary? :)

Re:

[jfengel]

Honestly, it's one of the big questions on the Web lately. Can a bunch of people work together and make something useful, even knowing that some of them are going to be assholes deliberately spitting in the pot?

Slashdot's moderation was an early pioneer. Wikipedia kicked it to a whole new level. Given the number of trolls Slashdot gets I was sure that Wiki would fail, but the number of people willing to revert graffiti is apparently enough that nearly all of the pages are useful nearly all of the time.

Tag

Re:

[StarvingSE]

I am able to tag articles, and I don't subscribe... perhaps they take a random subset of users and allow them to tag as well?

it is an intrusion detection breakthorough

[harkabeeparolyn]

... not encryption. Quantum encryption or even computing is as pie in the sky as ever.

I really wish they'd rename this technology...

[mbessey]

Calling it "Quantum Encryption" just confuses what it is and how it works. Calling it "Quantum Key Exchange", would be a lot more accurate.

They're different things

[Moraelin]

Actually, quantum encryption and computing are different things.

Quantum encryption is, well, basically nothing about using quantum mechanics to _encrypt_, but to send the key (and maybe the data too). The idea is that you send single photons. So basically if someone tapped into the line, you can't split the photon and get only a bit of the signal. Either you get it or the endpoint gets it, but not both. It makes man-in-the-middle attacks a bit harder. In fact, it claims to make it outright impossible.

Since the whole idea here is to elliminate the possibility for a man in the middle, intrusion detection is something valuable. Mind you, if the sending single photons was as un-interceptable as originally claimed, intrusion should be simply not possible, so I'm a bit stumped as to why would they want to detect something impossible. Maybe they know something we don't about how impossible it really is? (E.g., come to think of it, a laser kind of device inserted on the line could multiply that original photon thousands of times, all the clones having the exact same phase, polarisation, whatever.)

It may be pie-in-the-sky, I don't know, but at least it's one of those sane ideas that aren't too impossible to understand even for the layman. The only "quantum" thing about it is that you send individual quanta of light, i.e., photons. Since it's only one and it's indivisible, only one endpoint can get it. All simple and sane, IMHO.

Quantum computing, on the other hand, I don't know... there must be some sane researchers out there who know what they're doing, no doubt. But the media and marketting hype has drowned it all in so much bullshit it could fertilize a few acres, so from the layman (even with a decent grasp of physics and computing) point of view, it's hard to even tell what it would _really_ do, how it would work at all, and how would it be useful at all.

I've even seen such bullshit claims like that it basically holds all possible states at the same time, so it can calculate anything instantly, since the solution state is already one it simultaneously holds. Which is blatantly bull. If it simply holds all possible states at the same time, that's as good as saying that it has no state at all, or you can't measure it. To get an answer out of the computer, you need to get out of it a particular state which represents the result of the calculation. By that logic I could give you a CD with all possible 4 million DWORD (4 byte, 32 bit) values, from -2 million to 2 million, one of which is the result to your problem. There you go, any problem that has a DWORD result already has the result on that CD, so it was "calculated" instantly. Isn't it an impressive feat? I don't even know your problem, but that CD already has the result to it. It's also completely freakin' useless, if you don't know which one of them. That CD as such holds no more actual usable information that that it's a 32 bit number, which you knew in the first place.

Not saying that that's what the actual researchers study, but that's the kind of bogus info that you see from the outside. It's damn hard to tell if it's actually something that might work, or just snake oil to get a clueless VC's money. On par with extracting free energy out of water, the Infinium console, and other such fine con schemes that some people actually dumped millions into.

The only sorta working quantum implementations so far, are basically not even as much quantum computers as hyped, as glorified analog computers. The thing about quantum mechanics is that 99% of it are probabilities.

As some trivial examples, you can't tell for example exactly where an electron is in a potential well (e.g., in a CMOS transistor), or in some cases even if it is still in the potential well or it's out of it already, but you can calculate a probability cloud of, basically, what are the chances of it being in this particular point. Or if you do interference with electrons (think the school physics experiment with shining a light through two thin slots, o

Re:

[Anonymous Coward]

QC is not bullshit from a mathematical perspective; there are well know algorithms(such as the Shor factoring algorithm)..and IBM tested it back in 2001.

The problem w/ QC is having enough entangled qubits to get up to useful capacity..and its an insanely difficult engineering challenge.
http://en.wikipedia.org/wiki/Quantum_computing [wikipedia.org] is a good intro to QC.

While I agree that VC's will hype anything, your post is FUD crossed witha bit of 'get off my lawn, young whippersnappers'; its also clear that you didn't s

Re:

[Moraelin]

QC is not bullshit from a mathematical perspective; there are well know algorithms(such as the Shor factoring algorithm)..and IBM tested it back in 2001.

IBM is a big entity. They have a lot of pure science research going on, but they also have more PR bullshitters than Saruman had orcs. Are you sure which department you got your info from? So far a lot of other research PR announcements coming from IBM have been, well, certainly not outright lies, but ommited enough context that a layman would be highly lik

Re:

[TuringTest]

I've even seen such bullshit claims like that it basically holds all possible states at the same time, so it can calculate anything instantly, since the solution state is already one it simultaneously holds. Which is blatantly bull. If it simply holds all possible states at the same time, that's as good as saying that it has no state at all, or you can't measure it. To get an answer out of the computer, you need to get out of it a particular state which represents the result of the calculation. By that logi

If only anyone invented something like that :)

[Moraelin]

Well, if anyone ever invented something like what you describe, it would be a very useful thing indeed. However, to the best of my knowledge even that is one thing that quantum computing hasn't (yet) been hyped as capable of doing. Not in the form you describe, anyway. Yes, we'd all love such an insanely parallel machine, but it's not going to happen like that, and not as a quantum computer.

For starters, a set of qubits can hold a lot of information, basically some analog numbers, but it doesn't automatical

Re:

[qcomp]

Since the whole idea here is to elliminate the possibility for a man in the middle, intrusion detection is something valuable. Mind you, if the sending single photons was as un-interceptable as originally claimed, intrusion should be simply not possible, so I'm a bit stumped as to why would they want to detect something impossible. Maybe they know something we don't about how impossible it really is? (E.g., come to think of it, a laser kind of device inserted on the line could multiply that original photon

Re:

[exp(pi*sqrt(163))]

> No, it's not 'bull'. It's a pretty good description of what's actually going on.

No, it's a perfectly decent objection. A quantum superposition of states is much less than 'hold[ing] all possible states" and to suggest that it is is misleading. For example, given an n-qubit system, you can store no more than n classical bits in it, rather than the 2^n or so that the "all posible states" picture suggests. Similarly we know that we can perform a quantum database search on N items in time sqrt(N) using G

Re:

[Moraelin]

No, it's not 'bull'. It's a pretty good description of what's actually going on. Think Schroedinger's cat. There is a single cat, and it's in some pure state, but that state is equal to a mixture of the "alive" state and the "dead" state.

It so happens that that's perfectly useless in practice. Schroedinger's cat is a very useful mental image for an introduction to quantum mechanics, but for any kind of computing theory the deal is that at some point you have to open the lid and see if the cat is dead or not

Re:

[geeber]

If by "Quantum encryption" you mean "Quantum key distribution" then you are incorrect. It is available commercially [magiqtech.com] now.

Stop piracy?

[Jordan Catalano]

Or will it mean film studios can stop movies from being copied when traveling on the internet?

No. Not at all.

Quantum "encryption" foils interception of a data stream. That has nothing to do with copying a file and resending it once it reaches its destination.

Mod parent up - it's easy to steal from servers...

[xxxJonBoyxxx]

If you're only protecting the transport from spying eyes (with quantum encryption or whatever), that's only a part of what you need to protect your data.

This is the same reason why many, if not most, "SSL-protected" or "SSH-protected" servers are really sitting ducks: interesting data is still sitting in the clear on the endpoint servers' hard drives. (And don't get me started about "AUTH TLS" email forwarding...)

Re:Mod parent up - it's easy to steal from servers

[bucketoftruth]

(And don't get me started about "AUTH TLS" email forwarding...)

Ok, what's the weak link here? Is it as bad as plain text or are you just griping about worst case scenarios where space aliens can decrypt our email with their hyper-advanced technology?

Re:Mod parent up - it's easy to steal from servers

[TheRaven64]

Assuming the receiving mail server has a correctly signed certificate, it is practically impossible to intercept the mail in transit from one server to another. The catch it, the encrypted path is not guaranteed from end-to-end. If I send you an email, I will send it over a TLS connection to my mail server. It will then send it to your mail server (identified by MX), which may then forward it for several hops before it actually reaches you. I have no way of guaranteeing that the connection is secure beyond the first hop (my laptop to my mail server). Anything else might be no better than plain text because it might be plain text. If you want secure email, you need to use some kind of end-to-end encryption such as PGP and make sure you exchange keys over a secure out-of-band channel. Or, you can just accept that email isn't secure.

"AUTH TLS" email forwarding

[xxxJonBoyxxx]

It's a little better than plain text, but if you can get an agent on a mail server that sends or receives mail (or just break in and take the current contents), your transport encryption buys you nothing. In other words, the messages sent over AUTH TLS are still stored in the clear "at rest" on the hard drive (shudder).

If you want to get serious about encryption in email,you should probably be checking out SMIME (or at least PGP)...

Re:Stop piracy?

[Xenographic]

You'd think that people here would know better than to ask such silly things by now, wouldn't you? Does it really take that much thinking to realize that you can't give someone access to data and not give them access at the same time?

Even if you had some special quantum device to allow people to watch something once, only to have its quantum state collapse (or whatever), you could still record the output. With a camcorder, if it came to that.

"Trying to make bits uncopyable is like trying to make water not wet." - Bruce Schneier, cryptography expert

Re:

[M. Baranczak]

Does it really take that much thinking to realize that you can't give someone access to data and not give them access at the same time?

Yeah, you would think that, wouldn't you. But apparently, the best minds of the entertainment industry still can't grasp that one.

Re:

[RzUpAnmsCwrds]

Even if you had some special quantum device to allow people to watch something once, only to have its quantum state collapse (or whatever), you could still record the output. With a camcorder, if it came to that.

That's why you use one-time-pad. Send the key first, then, after you know it has been recieived, send the data. If someone snoops, then you know about it, and you don't use the key.

Re:

[welsh git]

I've always said the same thing with audio. Even if the best encryption in the world comes about, simply feed the analogue line-out into the analogue line-in.

This 'one time' analogue loop (without tapes and so on in the mix) will still sound FAR better than most of the retarded low-bitrate lossy-compresssion algorithms we are expected to accept.

Re:

[Prune]

There are a number of things wrong with your post. First of all, no one has in blind testing been able to distinguish 256 kb/s mp3 from the original CD version, even with very high end equipment. For most people 192 is also indistinguishable. So the answer is simple, just don't use lower than 192 bitrate. Second, playback and re-recording, besides the distortion of the analog stages, results in increased distortion from jitter effects in the A/D and D/A conversions (jitter in the digital stream going in

Re:

[welsh git]

There are a number of things wrong with YOUR post - all based on the false assumption that I was attacking all forms of lossy-compression, which I wasn't.

I'm talking about the MANY sources that are 128Kbs mp3, or even 96Kbps mp3 (stereo music radio too), and also often encoded using an encoder that isn't very good.

Are you really trying to say that download music services (for this is what we're talking about due to the conext of piracy and encryption) provide good quality 192kb/s or 256kb/s downloads ?

You t

Re:

[hyfe]

"Trying to make bits uncopyable is like trying to make water not wet." - Bruce Schneier, cryptography expert

I'm not too sure. I often find fairly unidentifiable bits in my food. I'm quite certain it's impossible to reliably copy these.

Re:

[eklitzke]

With quantum encryption you cannot conduct a meaningful MITM attack. This is called the observer effect, and is a very well known and studied phenomenon of quantum mechanics.

Re:

[gkhan1]

So you could either a) create super-high tech stupidly expensive hardware and use fiber optic cables (or whatever you use to transfer quantum stuff) or b) simply sign your transmissions. I wonder which one is easier?

Re:

[Arancaytar]

From what I've read, quantum encryption only really becomes necessary if common prime-number algorithms are rendered ineffective by unforeseen advances in computing power (say, quantum computing or other stuff now considered science fiction). It's basically a one-time-pad - it is proven to be completely secure if used correctly, but in most cases, other theoretically breakable technologies are enough.

And the only thing you need to transfer the signal is apparently an uninterrupted fibre-optic line.

But this

Re:

[gkhan1]

No this is basically true (there is a quantum computing algorithm called Shor's algorithm [wikipedia.org] which could crack prime numbers in O((log N)^3) time, a vast improvement over current algorithms) that would make prime-number algorithms obsolete. In that case, quantum cryptography could be something worth looking into (although by that time something else might have come along, quantum computing is at least 100 years from being practically able to do what is needed). I was just making fun of the idea that you would

Pessimism

[benhocking]

quantum computing is at least 100 years from being practically able to do what is needed

That really depends on who you ask. 100 years is definitely a pessimistic claim. That said, I'm fairly pessimistic, too.

Quantum cryptography and man-in-the-middle

[Anonymous Coward]

See e.g. Wikipedia [wikipedia.org]:

Quantum cryptography is still vulnerable to a type of MITM where the interceptor (Eve) establishes herself as "Alice" to Bob, and as "Bob" to Alice. Then, Eve simply has to perform QC negotiations on both sides simultaneously, obtaining two different keys. Alice-side key is used to decrypt the incoming message, which is reencrypted using the Bob-side key. This attack fails if both sides can verify each other's identity.

Re:

[Bwian_of_Nazareth]

Can you please elaborate?

Re:

[SirTalon42]

Stream has to go from point A to point B, via router C. You become router C by any means you need (hacking the router, spoofing certain data, etc), then as you're routing the data, you simply store it (you have to read it to retransmit). The only thing Quantum "Encryption" prevents is someone splicing into a pre-existing line and putting some device to eavesdrop. Who often do you really think that happens compared to everything else?

Full Text

[Anonymous Coward]

Researchers have managed to close a loophole in quantum cryptography that could allow a hacker to determine a secret key transmitted using the technology.

Working at Toshiba Research Europe in Cambridge, scientists found that laser diodes used to transmit keys used to encrypt data, known as Quantum Key Distribution (QKD), sometimes transmitted more than one photon at a time. Quantum encryption works by transmitting key data as a stream of single photons.

Should an eavesdropper try to intercept the transmission, monitoring a single photon would change the state of that photon, and this would make both ends of the transmission aware that the data had been eavesdropped. However, the laser diodes can sometimes transmit more than one photon and so a hacker could monitor the second photon, leaving the first photon unchanged and this would not alert anyone that the key transmission had been compromised.

But scientists have now added decoy photons to the key data. When an eavesdropper now tries to monitor extra photons, they will also monitor the decoy photons. Scientists said these decoy photons or "decoy pulses" are weaker on average and so very rarely contain two or more photons.

If an eavesdropper attempts a pulse-splitting attack, they will transmit a lower fraction of these decoy pulses than signal pulses. By monitoring the transmission of the decoy and signal pulses separately this type of intervention can be detected, according to scientists.

By introducing decoy pulses, the researcher found that stronger laser pulses could be used securely, increasing the rate at which keys may be sent. By using this method keys could be transmitted securely over a 25km fibre to an average bit rate of 5.5kbits/sec, a hundred-fold increase on previous efforts.

"Using these new methods for QKD we can distribute many more secret keys per second, while at the same time guaranteeing the unconditional security of each," said Dr Andrew Shields, Quantum Information group leader at Toshiba Research Europe. "This enables QKD to be used for a number of important applications such as encryption of high bandwidth data links."

The researchers also discovered a second method to push bit-rates even higher for QKD. The scientists have created the first semiconductor diode that can be controlled with electrical signal input to emit only single photons at a wavelength compatible with optical fibres. This 'single photon source' method eliminates the problem of multi-photon pulses altogether, claimed the research.

The single photon diode has a structure similar to an ordinary semiconductor light emitting diode (LED), but measures just 45 nm in diameter and 10 nm in height. The dot can hold only a few electrons and so can only ever emit one photon at a time at the selected wavelength. The source operates with only electrical signals, which is essential for practical applications such as QKD. Initial trials with the new device, reported recently in the scientific journal Applied Physics Letters, showed the multi-photon rate from the device to be fives times lower than that of a laser diode of the same intensity.

Slashdot comment #18105678, Concerto No. 2, Op.83

[Joyce Hatto]

Ræsæarchærs havæ managæd to closæ a loopholæ in quantum cryptography that could allow a hackær to dætærminæ a sæcræt kæy transmittæd using thæ tæchnology. Working at Toshiba Ræsæarch Æuropæ in Cambridgæ, sciæntists found that lasær diodæs usæd to transmit kæys usæd to æncrypt data, known as Quantum Kæy Distribution (QKD), somætimæs transmittæd

Editor, editor...

[tgv]

What is the last sentence doing there: "Or will it mean film studios can stop ..."? It's clear from the preceding text that that (i.e., copy while travelling, not copy afterwards) is one of the potential uses. So it's completely redundant. At the same time, the implicature of this particular phrase suggests Something Bad: Big Companies are trying to stop You from your Right To Download, or something akin, implying that these "researchers" have hidden agendas and are enemies of open source, Linux, Ruby, Apache and probably of world peace. That's of course complete and utter nonsense, so the last sentence should have been cut out by the editor. Why didn't that happen? And what's the link to www.absolutegadget.com doing there? Who gains by putting this link on the /. front page?

Re:

[pherthyl]

Who gains by putting this link on the /. front page?

Several people actually. If you submit an article that gets accepted, you get a link to your page. So you gain by having that link there because it drives some traffic to your site. Slashdot gains because there is now an incentive for people to submit good stories that will get accepted, and I gain amusement by watching people like you freak about nothing.

Too much irony?

[tgv]

So was there too much irony in my post? In your terms: bad editting means the readers lose, which could (eventually) drive them away from Slashdot, by which nobody would gain anything.

What the hell?

[fabs64]

I've seen summaries with better understanding of technical topics in my local, small town, tabloid newspaper.
Really what nerd approves a summary like that?

ahem

[GlitchyBits]

Quantum encryption is quite a misleading expression since the quantum mechanics is only used to securely transmit a cryptographic key ... not encrypting the message.

Re:ahem

[dido]

Public key encryption is, in practice, used pretty much the same way as well. Public key algorithms are generally used as part of a secure key exchange protocol rather than encrypting a message as directly.

Re:

[GlitchyBits]

The problem with popular public key algorithms is that they are based on the assumption that the opponent doesn't have enough computationnal power in order to break it in a reasonnable amount of time, or he doesn't know a polynomial determinist algorithm to do so.

The big advantage of using quantum key distribution is that it will (ideally) ensure that the cryptographic key you get has not been sniffed, and that you can securely exchange a key which is long enough in order to use a one time pad (which is a

Re:

[swillden]

"Unconditionally secure" assumes you have a perfectly random generator for your one-time pad. If I can find a way to predict the next number your RNG gave you, I may be able to defeat your one-time pad.

Good random numbers are easy to obtain. There are any number of physical phenomena whose randomness is quantum in origin and therefore unpredictable. Just use one of them in a heavily-shielded room to ensure that none of your data leaks and you're golden.

The hard part of using OTPs isn't generating the pads, it's transmitting and storing them securely. QC addresses secure transmission (though you still have to take care to avoid MITM attacks).

Re:

[HuguesT]

Just use one of them in a heavily-shielded room to ensure that none of your data leaks and you're golden.

In your own words, a good random number generator is therefore *NOT* easy to obtain.

Re:

[swillden]

Just use one of them in a heavily-shielded room to ensure that none of your data leaks and you're golden.

In your own words, a good random number generator is therefore *NOT* easy to obtain.

Why not? Secure rooms aren't that difficult to build. Organizations who have reason to care about high security have lots of them.

Reply to whine...

[robbak]

If your karma is listed as excellent, your posts start on 2. If you choose them to. Too. Choo choo.

(Maybe I should have AC'd this one!)

Quantum, not encryption.

[robbak]

'Quantum Encryption is about transmitting keys for use in later encryption. Possibly even to the extent of a 'one time pad' for smaller messages. And it is not about hiding or scrambling the key either: it is sent in the clear, or maybe encrypted with something as a token measure. And can be intercepted, too.

It is about _knowing_ that the key was intercepted. If someone eavesdrops it, the receiving end knows it, and can tell the sender "Nope, that one was snaffled, beam me another."

Re:

[ysachlandil]

Not to mention the problems with "Man in the Middle" attacks. Since quantum encryption doesn't validate the endpoints, you could just cut the fiber and attach two new transceivers and nobody will know. And no, the technique in the article doesn't protect against this. There are only a few ways to get around this problem:

-Monitor the fiber for cuts by keeping it lit at all times. Backhoe accidents will still happen, and then you need to guard the cut and use trusted technicians.
-Have huge fiber ducts and pat

Re:

[Anonymous Coward]

No, they would know. That's the whole point of quantum key exchange. Each photon sent has both linear and circular polarisation. The Heisenberg uncertainty principle states that measuring one of these states destroys all information about the other. This is the basis for QKE.

Alice sends a stream of photons to Bob with random linear and circular polarisation. Call the string of bits represented by the linear polarisation 'a' - up is 1 and down is 0. The string represented by the circular polarisation we'll c

Re:ahem

[Wildclaw]

I think you missed the parents point. What you just described is a method that prevents eavesdropping.

What the parent suggests is the man-in-the-middle Dave intercepts both all and any communication between Alice and Bob. Alice sends a stream of photons over the quantum line, and Dave intercepts. Afterwards Alice does the public announce to check that bits havn't been intercepted, but Dave intercepts this message also, and this time acts as Bob to verify the photons recieved. Alica and Dave agrees that there isn't an eavesdropper on their line and starts communicating.

So know Alice is communicating with Dave instead of Bob. Dave repeats the same with Bob, but now as the sender. Bob believes that Dave is Alice and they get a link established. Now Dave has one line open to Alice and one line open to Bob and can retransmit what he wants. Nothing of this violates Quantum Theory, because instead of eavesdropping, Dave has created two communication channels.

The only problem Dave has to implement this is that he has to be able to intercept both the quantum channel and the public channel.

Re:

[fenderized]

Your link states:

Quantum cryptography is still vulnerable to a type of MITM where the interceptor (Eve) establishes herself as "Alice" to Bob, and as "Bob" to Alice. Then, Eve simply has to perform QC negotiations on both sides simultaneously, obtaining two different keys. Alice-side key is used to decrypt the incoming message, which is reencrypted using the Bob-side key. This attack fails if both sides can verify each other's identity.

which is pretty much what was stated.

What one man makes

[theshowmecanuck]

Another can break. So it might be the best... for now.

Point to point

[nickovs]

The biggest drawback of this technology is not that it is in fact a key distribution method rather than an encryption scheme. It is that, as with pretty much all QKD systems, this only works if you have a continuous fibre-optic cable from one end to the other. That might be fine for linking two embassies or two military facilities but it makes it a bit useless for the Internet.

Re:

[Anonymous Coward]

Not only that but the quantum channel has no way of verifying who the remote end really is. IE it can detect easedropping but not wholesale replacement of the intended target of communication.

I dare anyone to cite a single practical benefit over existing zero knowledge key agreement systems.

Re:

[swillden]

I dare anyone to cite a single practical benefit over existing zero knowledge key agreement systems.

It makes your execs feel warm 'n fuzzy.

Re:

[maop]

Not only is the summary bullocks but the technology is bullocks. What is a slashdotter to do?

finaly!

[Patrik_AKA_RedX]

Now I can make posts on slashdot without anyone being able to read them. Privacy at last!

Re:

[account_deleted]

Comment removed based on user account deletion

Copying movies

[Bob54321]

Or will it mean film studios can stop movies from being copied when traveling on the internet?

Why is that sentence there? OK, there is a new type of encryption - but how exactly does that relate to capturing movies while the roam free on the internet?

Is there something I'm missing - perhaps a tubes joke...

they are watching

[zoftie]

...' Or will it mean film studios can stop movies from being copied when traveling on the internet?" '....

Don't give them any ideas.

I can see the headlines now...

[Roger W Moore]

'DVD' Jon breaks quantum encryption, APS sues claiming its against the laws of physics.

Re:

[db32]

So...by this train does that mean the CERN supercollider is considered cracking? I am SOOO going to sue them for cracking a particle that represented a copy of 1 bit of my intellectual property! DMCA here I come!

The drawbacks others haven't mentioned

[Beryllium Sphere(tm)]

Elsewhere in the comments people have correctly pointed out that it isn't encryption at all and that it is fundamentally incompatible with any router, switch, bridge or even repeater.

There's also the limit of 5.5 kbps, though that might be improved.

The issue that should have killed this idea ten years ago when Shamir pointed it out is that an attacker who has spliced the fiber can read the polarizer without ever looking at a single one of the transmitted photons.

Send the $#$@! key material by bonded courier in a tamper-evident package if it's that important. If for some reason that's not enough then split (e.g. Blakely-Shamir) the key material into shares, send each separately, and recombine when needed.

Re:

[FishWithAHammer]

I was wondering about that...compromise the endpoint and the whole encryption part falls off.

As an OT aside, Beryllium: I love that journal entry about Republicans and refer people to it near-daily. Great work. :)

Re:

[swillden]

The issue that should have killed this idea ten years ago when Shamir pointed it out is that an attacker who has spliced the fiber can read the polarizer without ever looking at a single one of the transmitted photons.

Shamir's attack doesn't affect entanglement QKD. The article appears to be referring to polarization-based QKD, however.

Re:The drawbacks others haven't mentioned

[jd]

Don't know if they still do, but in the 50's, the British used synchronized tapes with one-time pads. As best as I understand it, both sides of the link started their tapes at the same time and from the same offset (synchronized over secure phone) but had no control over when the machines at each end would actually sync up. (The exact sync mechanism is something I'm also a little unclear over - nothing from the tape was ever transmitted.) The practical upshot was that anyone who had a copy of the tape AND a copy of the transmission would still face a daunting computational challenge to break the encryption.

If you combine this with the split key concept, so that the difficulty of obtaining a full pad is considerably greater, and perhaps even run each fragment through a public key encryption algorithm to make getting that fragment a near-impossible task, you get damn close to the theoretical level of security offered by an OTP.

A correctly-implemented OTP, in which the pad cannot be derived algorithmically from known quantities, where the pad is not cyclic, and where the pad is used exactly once, cannot be broken at all without physically obtaining the specific part of the pad that is actually used and some computationally-viable method of eliminating any excess. If the pad is rendered unreadable, or the specific information required to make the pad usable simply doesn't exist except at the moment of transmission and then only on the machines involved, then OTP is essentially unbreakable.

The premise of encryption is that nothing can ever be made 100% tamper-proof or uninterceptable, merely very tamper-resistant and very hard to intercept, and so you're far better off making what is obtained unusable. Having something that is supposedly not interceptable is so much snake oil. For a long time, nobody was sure you could undetectably tap optic fiber. What are the vulnerabilities of the endpoints? Is the connection between the "secure" endpoint and the computers at either end exploitable? Are any of the computers involved open to being monitored by TEMPEST or other remote techniques? If the machines are on partially or fully exposed networks, are the machines susceptible to having the transmission intercepted either prior to being secured or after being restored? (Partially exposed can include computers that share USB memory sticks or floppies with unsecure machines. All you need is a carrier for a virus.)

5.5 kbps limit

[Jordan Catalano]

I don't see how this bandwidth is a problem for secure key exchange.

Isn't the point of this to make it practical to utilize high bandwidth yet unsecured connections to send heavily encrypted data? Even when changing the key very frequently, the secure quantum channel should be more than fast enough.

It's just like satellite TV encryption. The data stream can be received with zero chance of detection anywhere within the satellite's footprint: even less secure than sending data over the internet. By hav

Re:

[kisielk]

I don't know the fine details of this technology, but doesn't its quantum nature also make it highly susceptible to denial of service by a man in the middle attack? All they would have to do is intercept part of the key exchange and keep the parties from every successfully exchanging keys without even having to take down the whole link. Maybe not as bad as being able to intercept the transmission but a potential problem I think...

Nope!

[VincenzoRomano]

Could this allow completely private transmission of data away from snooping eyes and ears?

Definitely no. No democratic government would allow it. Democracy badly needs eavesdropping.

What about....

[edwardpickman]

The process obviously won't stop copying material but my question is could the same or a similar technology be used to create a dedicated display screen? Let's say with quantum entangled particles as an example you directly drove a screen from a linked source. For every screen manufactured a dedicated chip was loaded into the system linked to your display device. No lines would be needs to transmit the data but like a traditional TV reciever there would be no signal to tap it simply drives the screen. You order your content on demand and there's nothing to record so no piracy but if it was a one time purchase situation you wouldn't have to worry about lost, damaged or degraded media. It would solve most of the complaints except for those wanting free material. It would eliminate a lot of the distribution issues and end the dependence on satelites. No more screwed up signals when there's a lot of solar activity. Granted we're talking decades away but there is a potential for secured storage and distribution of media.

Re:

[Anonymous Coward]

How would this protect against someone putting a video recorder in front of the monitor?

There is no such thing as unbreakable DRM. Spend your effort comping up with a business model that allows you to benefit from all those millions of people craving to consume your media instead.

Well...

[Poromenos1]

unless someone invents some sort of video-recording device, something with a light sensor, perhaps.

DOS

[pfortuny]

Problem with what is today called qc is that it is not cryptography, it is a safe signing algorithm.

So what if the eavesdropper makes the communication impossible just tainting each and every bit? As they are not safe, they are deemed worthless and the message needs to be re-sent...

This seems to me the problem. You have not built a safe channel, you have built an eavesdropper-aware channel, which is not the same.

Re:

[fabs64]

The point being that you can use the eavesdropper-aware channel to exchange a key-pair that you KNOW hasn't been intercepted. After that you can use any medium as your safe channel.

"Scientists Make Quantum Encryption Breakthrough'

[Greg.Rodden]

WAIT!!! don't click on the link, it will change the outcome!!!

Very silly article! Not quantum anything

[Ancient_Hacker]

This is a very silly concept. What they've done is rename "Steganography", the art of hiding messages.

They're intentionally sending MANY photons, to get a stronger signal, to improve the data rate. So they're not using "quantum" anything. They're also adding a bunch of decoy photons, to confuse the evesdroppers.

Nothing at all new here, move on...

Re:

[Ancient_Hacker]

You're partially right- it's more like adding nulls to a message.

But I still think it's not "quantum" at all if they're upping the photon count.

Grammar Nazi Alert

[Chemicalscum]

Title is ungrammatical should read:

Scientist Makes ......, in the case of one scientist singular or Scientists Make in the case of several or many scientists plural.

It's impossible to stop piracy

[Paulrothrock]

You know why? Because the people you want to protect the content from are the same people you want to sell the content to.

Make it easily available through normal means and piracy will go down.

Military downside?

[failedlogic]

Isn't another downside of Quantum encryption the fact that it might render military intelligence unable to decrypt enemy messages? Quite a few wars/battles have been won by decrypting key enemy communications to find out troop, supply, and critical target locations. As well, giving false information to trap the enemy has been used many times.

Breakthrough

[pontifier]

In reality, attackers will follow the path of least resistance. In my opinion there is really no reason to have perfect encryption if other aspects of security are so laughable. Even running linux I don't feel truly secure. I have never read the source code for the programs I run. At this point in time, to me, computers are black boxes filled with 'programs' doing 'something', and until it is completely transparent exactly what my computer is doing, I won't feel secure. these things I require include: Alwa

im amused

[um... Lucas]

I'm always amused by slashdot's fascination by quantum encryption. Unless I'm mistaken, it's only of any use if you have line of site with the machine at the other end of your communication channel, via satellite or fiber optic cable. And unless I'm mistaken, I don't think that applies to any of us... Yes, it's interesting, but in reality, the only beneficiary is secure government or inhouse corporate communications.

It doesn't stand to benefit ecommerce unless every link in the communication is trusted, and

sounds like obscurity to me

[Secret Rabbit]

Hm, decoy pulses. Sounds like security through obscurity to me.

I'll just wait till this actually gets peer reviewed (I'm assuming this as pretty much every "break through" has be broadcasted /before/ peer review and I'm not willing to even look at it until then - not exactly the science mentality to publish /before/ review IMO).

Basically, let me know when the article shows up in something like PhysRef. NOT when it's on some newspaper's website.

"Security" is the wrong word

[abb3w]

As any geek worth its salt should know, "Security" has three essential and intertwined aspects: Integrity: will the data remain the same and be only changed when and how it should be; Accessibility: will the data stay accessible by those who should have access; and Privacy: will the data stay inaccessible to those who should not have access.

This technique is intended to preserve Privacy, and possibly may help with Integrity; however, quantum cryptography gives no benefits to Accessibility aspects of sec

Registration required

[mgiuca]

Scientists working in Cambridge have managed to make quantum encryption completely secure (registration required)

Do you reckon I can break in without registering?

Anyway the first thing you should never do in security is say "this is completely secure".

And how did the summary make the link from "completely private transmission of data" to DRM? It just highlights the fatal problem with DRM - even if we had quantum security, there'd be no way to make bits not copyable.

Re:

[nasch]

Usually the first thing you are told in a cryptography course is "Anyone that claims their encryption is unbreakable is either a liar or doesn't know what he is talking about."

Anybody who says that doesn't know what they're talking about. One-time pads, if implemented correctly, are unbreakable encryption. Anybody who claims their security is unbreakable is wrong, because security involves more than just encryption, but it is possible to have the encryption part of it be unbreakable. Still susceptible to

Re:

[nasch]

If we break it you would simply claim it wasn't implemented correctly.

Since that's the only way to break them, I'd have to agree. :-)

The whole point to encryption is to use a key that is shorter than the message.

I'd be interested to read any references you can supply indicating that that is the "whole point" of encryption. I have never heard this before. My understanding is the whole point of encryption is to restrict information to those it's intended for.

Point in fact, when one time pads have been used

Re:

[nasch]

In practice it is very difficult to get a truly random generator.

Why is that? There are companies that sell random number generation hardware. Are you saying they're flawed or something?

Sure I am. It has been done before. I can't give away the store here for obvious reasons (i.e. mention even a single case), that is why I mentioned the National Cryptographic Museum.

You'd have to kill me if you told me. Feel free to trot that out, but I hope you don't expect me to take your word for it.

Guesses are often v

Re:

[nasch]

There are companies that sell random number generation hardware. Are you saying they're flawed or something?

Short answer - yes.

I've never heard this before - do you have any references, or will a google search turn them up?

There are things called laws against such conduct with very severe penalties. I'd have to be a total idiot to do such a thing.

Doesn't really matter, I'm not going to believe "I know of a counterexample, but I'm not going to tell you" regardless of how good your reason for not telling m