Australian Gov't May Employ a Homegrown Quantum Key System 141
mask.of.sanity writes "The Australian government is trialling a new Quantum Key Distribution (QKD) system built by Aussie scientists.
QKD is considered the world's toughest security because the slightest attempt to intercept the one time keys, coded into lasers at the quantum level, will disrupt the beam. The technology differs from current cryptography tech primarily because it's cheap. Well, less than the $US100k price tag of rival systems. It uses off-the-shelf networking gear instead of proprietary technology, and is built on open standards, so it's easier to install. The random key is encoded at the quantum level in the sidebeam in the phase and amplitude, or brightness and colour, of a highly tuned laser beam. The creators, who built the system in part for their Ph.Ds, said it can be used to transport the most sensitive data like critical infrastructure and secret commercial IP. The days of hand-delivered security keys are numbered."
Quantum Leap (Score:2, Funny)
So... you could say the Aussie scientists have taken a Quantum Leap in cryptography for the AU?
*rimshot*
Thank you, I'll be here all night! Remember to tip your waitress!
Re:Quantum Leap (Score:5, Funny)
I hear that the technology is called "Key Order Assignment by Laser Application".
Re:Quantum Leap (Score:5, Funny)
CriKey (Score:2)
I think a more suitable name would be the CriKey.
Re: (Score:1, Funny)
Instead of using the Qantas the airline they could use Quantas to teleport stuff.
Also remember to try the veal.
Re:Quantum Leap (Score:5, Funny)
No, from what I understand the system involves strapping a key to a shark who'll swim it to the recipient. The friggin' laser shoots anyone trying to intercept it, thereby guaranteeing security.
Sharks with friggin laser beams have become more adundant as of late, which is why they can do this so cheaply.
Re: (Score:1)
Instead of using the Qantas the airline they could use Quantas to teleport stuff.
Definitely...definitely Quantas.
Re: (Score:2)
Re: (Score:1, Funny)
We don't tip in australia. We pay our waitresses enough in base wages.
Re:Quantum Leap (Score:5, Interesting)
Quantum leap: (adj.) literally, to move by the smallest amount theoretically possible. In advertising, to move by the largest leap imaginable (in the mind of the advertiser). There is no contradiction.
- Tonkin's First Computer Dictionary
Re:Quantum Leap (Score:5, Funny)
Quantum leap: (adj.) literally, to move by the smallest amount theoretically possible. In advertising, to move by the largest leap imaginable (in the mind of the advertiser). There is no contradiction.
- Tonkin's First Computer Dictionary
"Quantum Leap": (1989) Scientist Sam Beckett finds himself trapped in time--"leaping" into the body of a different person in a different time period each week.
- The Internet Movie Database
Quoth Schrodinger (Score:2, Funny)
...but we can't tell you exactly how long you'll have to wait.
Re: (Score:1)
...but we can't tell you exactly how long you'll have to wait.
We don't know if we can or cannot tell you, or even whether you or someone else will have to wait
Is quantum cryptography desirable in this scenario (Score:3, Insightful)
In general I think that although standard key exchange methods are theoretically less secure than quantum key exchanges, at least the standard key exchange methods are a) well understood, b) tested and c) commercially supported.
Putting highly secret documents in the hands of a technology made by college students working on PHD thesis seems to be a premature use of this technology.
It's not the technology itself, but the implementation of the technology that I'd worry about. And cost doesn't seem to be a good reason to take a gamble.
Re:Is quantum cryptography desirable in this scena (Score:5, Insightful)
Re: (Score:3, Insightful)
Exactly. Is public key crypto broken enough to need to spend any money to switch over to QKD?
For that matter is public key crypto over the internet broken?
From the QKD guy in the article:
"Conventional cryptography is exposed to threats from advances in computing power that provide for brute force attacks,"
As long as you stay up to speed (ie. keeping your key sizes up to standards), I don't see how this is an issue...
Re:Is quantum cryptography desirable in this scena (Score:4, Insightful)
Exactly. Is public key crypto broken enough to need to spend any money to switch over to QKD? For that matter is public key crypto over the internet broken?
Yes. Think secret plans that can't get out, even in 20 years time.
Can you guarantee quantum computers won't be around in 20 years time?
Re: (Score:1)
All it does is safely transports a key used in ordinary crypto algorithm. So you may use the same futuristic quantum computers to break those keys.
If you really fear of quantum computers you should up your key length.
Re: (Score:2)
I could record your encrypted traffic right now. In 20 years time when it may be feasible to decrypt that data i could take that recorded encrypted data and decrypt it.
So you need something right now that stops the data being recorded in the first place if you don't want that data possibly decoded in 20 years time.
Re: (Score:1)
It could be a good compromise on the limitations of both. This could be used to transmit one-time pads in bursts and the pads could then be used over unsecured channels. As it stands, such pads have to be delivered or picked up by hand.
Who listens to the listeners (Score:1)
Re: (Score:2)
One can use quantum teleportation to build quantum repeaters [stanford.edu]. Add an out of band signal for addressing, and it shouldn't be that hard to make a quantum encrypted network - direct connection not required. If men in the middle rearrange the addressing data, the only thing that happens is that the signal doesn't arrive at the correct destination; the adversaries still can't clone the particle, so they still can
Re:Is quantum cryptography desirable in this scena (Score:1)
Quantum Key + Internet Filter? (Score:5, Funny)
obligatory movie quote (Score:5, Insightful)
Re: (Score:1)
Re: (Score:1, Funny)
There is no spoon.
Re: (Score:2)
That's no spoon. It's a french press.
Re: (Score:2)
I see you've played Knifey Spooney before.
GrpA
insightful/informative? (Score:2)
I don't think I have ever had a joke go over mod's heads and it result in being modded UP...
Great for them! (Score:3, Funny)
Now the Australian government can finally protect their communications from the myriad foreign governments trying to spy on their communications!
Oh, wait...
Re: (Score:1)
Re: (Score:1)
You're being facetious but any government is a subject of interest for foreign intelligence services. The Russians for one spy on Canada not because they're necessarily super interested in Canada but because they can glean information about the US or anybody else the Canadians deal with. It must also be said tech like this would afford more protection against the US intelligence services than the Russians. All intelligence serices employ both electronic eavesdropping and myriad forms of "humint" (human i
Re: (Score:3, Funny)
Re: (Score:3, Interesting)
Guess where a great deal of the US's intelligence data is collected from. Hint: it's a large, dry country within long-range radio distance from China.
Guess where that data gets transmitted back to the US from? Hint: several top-secret joint US-Australian bases located in various places in Central Australia (i.e. the middle of nowhere)
And guess which country has more access to intelligence sharing with the US than any other allied nation (except for the UK)?
Australia's geographic position means a LOT of US i
Wait a minute... (Score:3, Insightful)
It travels over fiber, and "the slightest attempt to intercept the one time keys, coded into lasers at the quantum level, will disrupt the beam".
How do you route it to its destination? Do you need a dedicated fiber line between the source and destination for this service to work?
Otherwise, why can't someone just, y'know, intercept it completely and then generate the same key again?
Re: (Score:3, Informative)
Re: (Score:3, Interesting)
I know that you use a simplified example based on the polarity of the measurements, but if a nefarious evil party had the same equipment configured the same way as the true
Re:Wait a minute... (Score:5, Informative)
The key is not encoded -- it is random. Both the "sender" and receiver have no idea what the photon's characteristics are. They both flip coins to see which type of measurement to make. Then they keep the bits where they made the same type of measurement and throw away the others.
Any intermediate party will either receive the photon (so the receiver won't) or not receive the photon (and can't measure it). Further, no intermediate party knows what measurements the sender and receiver will make so they can't make the same measurements. If the intermediary can't make the same measurements then it can't generate the same key, and can't generate a passable photon for the receiver. Assuming the sender and receiver have another channel which is secure against man in the middle attacks (though not necessarily secure against eavesdroppers), they can tell each other which type of measurements they made and know what to keep.
Re: (Score:2)
I understand now. +5 informative for you!
Obligatory Futurama... (Score:4, Funny)
http://futurama.wikia.com/wiki/The_Luck_of_the_Fryrish [wikia.com]
Re: (Score:2)
The key point of QKD is it makes perfect secrecy (using one-time pads) practical. One-time pads are the most secure form of cipher. The only way anyone can decrypt something encrypted with a one-time pad is if they have the one-time pad--no amount of computing power will EVER be able to break it.
As for using RSA to secure QKD, it actually has significant benefits. Once the QKD is started, any tampering with the optical fiber will be detected at both ends, so a MITM will have to interrupt while the fiber is
Re: (Score:2)
What you say is mostly true, but slightly misleading. Google "quantum repeater". Basically, it is possible to intercept and regenerate the signal precisely, but in doing so you cannot know what that signal actually was.
Re: (Score:1)
Actually I could say the same about what you say. Sure it's possible to intercept the quantum signal, but it is no
Re:Wait a minute... (Score:4, Informative)
I suspect we differ on the definition of "intercept". If you strictly mean "capture and extract information from", then I agree. Any measurement (the "extract information" part) will collapse the wavefunction, destroying the quantum coherences and ultimately (with approaching-unity probability) being detected by the QKD scheme. However, I was using the term in the more general sense of "have some device between", in which case what I said is entirely correct. Here's why:
I'm well versed in the no-cloning theorem. As such, I know why it doesn't apply here. The no-cloning theorem is in relation to making an identical and independent copy of any (a general) quantum system whilst retaining the original system. In this context it would amount to producing a duplicate signal, independent but equal to the original signal. This is not possible under the no-cloning theorem. (I'll preempt a point here, too: Entanglement is not cloning, although it can sometimes look similar.)
But, intercepting and regenerating the signal does not necessarily involve ever having both the original and regenerated signals existing at the same time. Take an example of a kind of quantum repeater, a device that converts a photon signal into some other quantum state, say electron spin, and then converts that spin into a new photon signal. It's roughly the same idea as classical repeaters in long-distance fibre-optic communications. Now, I consider this operation to be an interception of the signal and generation of a new signal with the same information. It's a coherent process; all the quantum information in the original signal remains intact. But you can't get back the photons from the original signal, so the no-cloning theorem is not relevant. (A more detailed explanation of the workings of a quantum repeater could include entanglement, which also means no-cloning theorem is not relevent.)
A restriction on the device is that, to function, it cannot collapse the wavefunction. That means that (at a minimum) it cannot make a projective measurement of the quantum state. Thus, it cannot make any recorded measurement on the state, because that would require making a projective measurement, which would require defining a projection basis (randomly(!), because there's no better way), which would collapse the wavefunction, which would rightly end up being detected by the QKD scheme as eavesdropping.
So, you can have a device which intercepts and regenerates the signal, you just can't ask it any questions.
Re: (Score:2)
Re: (Score:2)
How do you route it to its destination? Do you need a dedicated fiber line between the source and destination for this service to work?
Whatever you do, just don't cross the streams.
For once the .gov is one step ahead of you.. (Score:2)
In what must be a first the Aussie government is a step ahead of what is needed. Basically Canberra (the Nations capital & home of more government than you can poke a stick at) has a wonderful fiber network called ICON [finance.gov.au] which happens to consist of dark fiber that is physically patched between agencies. Now that doesn't mean the QKD is a famously good idea since we already have really well thought through key distribution techniques, but it's not the lack of the network that will stop it.
Not quantum? (Score:2)
So is it just me, or is this not really a quantum system at all?
Re: (Score:2)
Re: (Score:1)
Quantum mechanics applies to a *lot* more than just spin of photons. To name just one example, the classic double-slit experiment demonstrates quantum (or at least non-classical) behavior of the amplitude of light.
IMO, even if it's true that every "quantum system" developed up till now has been based on photon spin (which I don't believe), any system which depends on a quantum effect would qualify as a "quantum system." Note also that entanglement is not the only quantum effect which might be relevant her
Re: (Score:2)
Actually, I've never seen someone encoding information in the spin of photons. As a spin-1 particle, they are a 3-state system, not very cosy to use as a qubit.
Usually people encode information in the polarization of photons. In theoretical physics at least. But I guess for commercial uses its more practical to use frequency, as networking equipment are used to transmit it with high fidelity. But that's just a guess.
Pfft.... (Score:2)
Re: (Score:1)
Well it does. And it doesn't. Until you look anyways.
Is this a machine translation... (Score:2)
From the original Strine?
> The random key is encoded at the quantum level in the sidebeam in the phase and
> amplitude, or brightness and colour, of a highly tuned laser beam.
Or is it just the gobbledegook it looks like?
Stupid. It won't work. (Score:2)
"The days of hand-delivered security keys are numbered"
Yeah, sure. Quantum key distribution DOES NOT protect against man-in-the-middle attack. So you'll still need to know that the channel is physically secure before transmitting quantum key.
You can't read my thesis! (Score:4, Funny)
They will encrypt their thesis with it. If ever decrypted, their doctorates will be revoked!
Okay but why? (Score:4, Insightful)
But quantum won't help you in any of those cases. Oh well. I doubt I will hear if it is ever actually used.
Re: (Score:3, Insightful)
Re: (Score:1)
Re: (Score:2, Informative)
Well in Canberra (capital city of Australia), most government departments in the Parliamentary Triangle (where all the major/important Government departments area) are connected by a such a dedicated fibre network, that is completely physically separated from the Internet and other public networks This is particularly the case in the defence/intelligence precinct (which is a cluster of buildings in one particular suburb).
Interestingly I tried Googling it and couldn't find much at all. But it exists ... I'v
Re: (Score:2)
You are looking for ICON [finance.gov.au] Perhaps it was the *awful* acronym that beat you :)
Re: (Score:2)
Anything less secure is monitored casually by Chinese, American, and etc interests.
Really, I can't make it more simple than that.
Re: (Score:2)
"SingTel's Optus bid part of 20-year spy operation?" http://www.zdnetasia.com/news/communications/0,39044192,38000285,00.htm [zdnetasia.com]
Re: (Score:1)
> I am at a loss to understand why the Australian Government would want this standard of security.
Derr...it's the Australian Government. Do have any idea what the Chinese, Russians or Americans could do with that kind of technology?
Re: (Score:2)
The Americans practically run the Australian security services anyway. They just have to ask and they get what they want. As for the Chinese and Russians you may have a point there but I doubt using a few links with quantum crypto will add any useful security. Like plugging a sieve.
Re: (Score:2)
As for the Chinese and Russians you may have a point there
If history teaches us anything, intelligence services just love to have agents within the organization that they want to monitor. This way they have automatic decryption of materials, and on top of that they get information that was never sent through the wire - such as opinions, rumors, personal observations, copies of physical materials, etc. You can't replace Max Otto von Stirlitz [wikipedia.org] with a tap on Schellenberg's phone.
attn: /. (Score:1, Funny)
for the love of god stop calling us aussies
do you call yourselves yanks? no?
fucking cut it out.
Re: (Score:1)
Re: (Score:1)
I have no problem with Americans calling us Aussies, since we often use the term to refer to ourselves as well.
But it would be nice if they pronounced it right. It's said 'Ozzie' (like Ozzy Osbourne), not 'ahh-sie'. The 's' is more like 'z'.
NB. Some Americans do say it right. But 90% don't.
Re: (Score:2)
Agreed. Please everyone call them "residents of West Island".
Re: (Score:2)
Will do, aussie!
Thanks for the tip, aussie!
PS: You can call me "cheese eating surrender monkey", BTW
Social Engineering. (Score:1)
Phase != color (Score:1, Funny)
yeah. the human eye doesn't perceive phase: the wavelength or frequency is color, but good luck finding a macro-world equivalent to phase.
Bigger fish to fry... (Score:3, Insightful)
Sorry but you have $100k and you want to increase your security by wasting it on one highly secure pipe?
That is pretty sad. That money could be better allocated to toughen up systems or to employ spot checks on supposedly tough targets.
The truth is that almost no security breaches are conducted by cutting lines and intercepting the traffic (with the exception of satellite communications *cough* NSA *cough*).
Ultimately humans are the weakest part of the system, followed by the destination's security, and then last I'd say the transit between A->B.
Re: (Score:1)
Sorry but you have $100k and you want to increase your security by wasting it on one highly secure pipe?
That is pretty sad. That money could be better allocated to toughen up systems or to employ spot checks on supposedly tough targets.
The truth is that almost no security breaches are conducted by cutting lines and intercepting the traffic (with the exception of satellite communications *cough* NSA *cough*).
Ultimately humans are the weakest part of the system, followed by the destination's security, and then last I'd say the transit between A->B.
You discount transmission interception too quickly I feel. Echelon comes to mind and I believe alot of information is gathered this way. http://en.wikipedia.org/wiki/ECHELON [wikipedia.org]
Im not sure but I wonder if this could be used to defeat Echelon ?
What is really cool about a one time pad system is that its secure from end to end as long as the key is kept secret. http://en.wikipedia.org/wiki/One-time_pad [wikipedia.org]
this technology allows the secure exchange of keys. so all you have worry about now is the human factor
Cryptography... (Score:3, Insightful)
Will always be vulnerable to a gun to your head and the question "What does it say?"
Try not to forget the human side of the equation when you're quoting statistics and mathematics.
Re: (Score:2)
Re: (Score:3, Funny)
Spoken like someone who has neither held a gun, nor a human head, let alone at the same time, while interrogating a cryptographer, in Australia.
How does one answer that question with respect to a 10 gig fiber connection? How fast can you say ones and zeros?
I'm pretty sure firearms are an OSI layer 1 problem.
one time pad (Score:3, Interesting)
I do not get the advantages of this system over the one-time pad.
Is there anything this quantum key system could do that a courier carrying a terrabyte drive with a one-time pad once in a while could not?
The quantum key may not be interceptable in theory, but you still have to trust the sending and receiving equipment not to leak anything.
Auditing equipment advanced enough for quantum encryption sounds quite a bit harder than auditing a sealed box with a harddrive and a chip doing XORs for a one-time-pad.
And people with the neccessary trust and clearance AND the skills in quantum physics should be harder to come by.
Plus the bandwith of the quantum channel is low, so they are only sending the keys, and send the encrypted data by normal channels. So you also have to trust the encryption algorithm, while an OTP is provably unbreakable.
Re: (Score:2)
Yes -- it can transmit large volumes of data without trusting (and suffering the latency and costs of) hand-couriered secure encryption keys delivered on drives.
Re: (Score:3, Informative)
This *is* a one time pad. This is Quantum Key Distribution. The quantum part ensures your key has not been intercepted. Once the key is recieved by the other party the actual message is encrypted by using one time pad.
So the advantages of this over a courier is it's a hell of a lot faster and you guarantee the courier hasn't been mugged and had the pad copied.
Re: (Score:2)
Yes, but you first have to build the infrastructure in a safe way. You cannot just start to communicate. The problem with Quantum cryptography [for key distribution using light] is that it only solves the part where you transfer the key. It's definitely cheaper and arguably more secure to transfer a bunch of disks (for redundancy, you don't want one hdd that can crash) than to build yourself system for Quantum Key Distribution. And it is infinitely more secure to put that money into other security propertie
All this to protect a blacklist (Score:1, Funny)
Now no-one will figure out which IP's are blocked HAHAHAHAHA! *evil*
-zifr
Sharks (Score:1)
Quantum cryptography (Score:2)
Transit Sidney Timetable (Score:2)
They should use it to encrypt the Transit Sidney Timetable. That way, they can be certain it won't be pirated.
Cryptodiagrams (Score:1)
Cheap (Score:2)
The technology differs from current cryptography tech primarily because it's cheap. Well, less than the $US100k price tag of rival systems.
Ah yes, that's so much cheaper than current cryptography. Take TrueCrypt for example, which is, er, completely free.
Did the summary perhaps mean to state that this system is cheaper than other current quantum cryptography tech?
Just Have to Extract the Data at the End (Score:2)
That's way easier than trying to intercept their keys.
Trialling isn't a word (Score:2)
Trial is a noun, you can't catting or trailing. They are testing or experimenting. Why invent a non-word when simple words of the CORRECT part of speech exist?
Re: (Score:3, Funny)
You're forgetting how government bureaucracy works. It would be something more like:
An interception event may have been detected. Do you wish to give permission to avoid preventing continuance?
Acknowledge - Defer
Re: (Score:2)
QKD is considered the world's toughest security because the slightest attempt to intercept the one time keys, coded into lasers at the quantum level, will disrupt the beam.
What if you cross the beams?
Don't!
Re: (Score:2)
Re: (Score:2)
I'm a little fuzzy on the whole good/bad thing.
What do you mean by "bad"?
Re: (Score:1)
Re: (Score:2)
He must think Australia is a US government department.
It pretty much is, but that's not the point.
Re: (Score:2)
Because if you're not buying expensive and unnecessary products from the US, then you are a terrorist.
Re: (Score:2, Insightful)
...can I encrypt messages with freakin' laser beams attached to the freakin' heads of the freakin' sharks? >
"Life would be so much easier if we could just look at the source code." -- Dave Olson
Re:All I want to know is... (Score:5, Funny)