Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Scientists Make Quantum Encryption Breakthrough

samzenpus posted more than 7 years ago | from the completely-secure-for-at-least-a-few-days dept.

Security 156

Madas writes "Scientists working in Cambridge have managed to make quantum encryption completely secure (registration required) by putting decoy pulses in the key transmission stream. According to the story this paves the way for safe, encrypted high-speed data links. Could this allow completely private transmission of data away from snooping eyes and ears? Or will it mean film studios can stop movies from being copied when traveling on the internet?"

cancel ×

156 comments

Sorry! There are no comments related to the filter you selected.

Decoy Pulses are Nothing New... (4, Funny)

Quaoar (614366) | more than 7 years ago | (#18105652)

My girlfriend makes them all the time.

Dude! (4, Funny)

Anonymous Coward | more than 7 years ago | (#18105672)

You don't really have a girlfriend. But top marks for thinking anybody would ever believe you!

Re:Dude! (0, Funny)

Anonymous Coward | more than 7 years ago | (#18105750)

Maybe we can find out for sure by checking the flow of photons from his mouth to slashdot. If there is a girlfriend involved, you'll notice the pulse-splitting attack (eavesdropping) by a reduced amount of photons arriving at slashdot.

Re:Decoy Pulses are Nothing New... (1, Insightful)

zokrath (593920) | more than 7 years ago | (#18105806)

Who is rating this 'Informative'?

It's kind of creepy...

Re:Decoy Pulses are Nothing New... (2, Funny)

Anonymous Coward | more than 7 years ago | (#18105830)

Who is rating this 'Informative'?

His girlfriend's other boyfriends?

Re:Decoy Pulses are Nothing New... (0, Troll)

Rudisaurus (675580) | more than 7 years ago | (#18105872)

... at least until the batteries run out, right?

Tag suggestion... (1, Insightful)

FishWithAHammer (957772) | more than 7 years ago | (#18105658)

proofyourfuckingheadlines

Re:Tag suggestion... (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#18106004)

proofyourfuckingheadlines

The sad part is... he did.

Re:Tag suggestion... (-1, Offtopic)

Hal_Porter (817932) | more than 7 years ago | (#18106048)

proofreadyourfuckingheadlines

Re:Tag suggestion... (5, Insightful)

LordSnooty (853791) | more than 7 years ago | (#18106678)

Yeah, cos that's a great use of the tag system. Can't wait for the moment a few months hence where I need to find all articles where the headline wasn't proof-read. Just like I want to look up all the stories where someone made a mistake (search 'doh'), find all the Steve Balmer articles (search 'chairthrowing') or all the stories about problems for trad Slashdot villains (search: 'haha')

The tag system is broken, but there's nothing wrong with the implementation. People can't tag correctly. Look below, all real tags.

Re:Tag suggestion... (1, Funny)

binary paladin (684759) | more than 7 years ago | (#18106894)

I gotta admit, they might be broken, but they amuse the hell out of me.

Re:Tag suggestion... (1)

tijmentiming (813664) | more than 7 years ago | (#18106948)

I think they inform me too. It gives a quick impression what people think about the article. I'm never reading articles tagged FUD. the articles tagged 'haha' are all about microsoft and make me smile :-). If it's slownewsday, I probably like it, etc.

Re:Tag suggestion... (4, Insightful)

arevos (659374) | more than 7 years ago | (#18107156)

It seems to me that the search system can already find articles via keywords. Tags are most useful when they add meta-information that cannot be inferred by a keyword search. Whilst it's unlikely "proofyourfuckingheadlines" is going to be useful for many people, tags like "haha" and "doh" might be conceivably useful, as they give information beyond a search for words in the article summary could provide.

Re:Tag suggestion... (0, Flamebait)

Fyz (581804) | more than 7 years ago | (#18107442)

The way tags are used around here, they're just one-word comments you can make if you're a subscriber.

Re:Tag suggestion... (1)

StarvingSE (875139) | more than 7 years ago | (#18107680)

I am able to tag articles, and I don't subscribe... perhaps they take a random subset of users and allow them to tag as well?

Re:Tag suggestion... (0)

Anonymous Coward | more than 7 years ago | (#18107452)

I want to know who tags every story "tagging beta" - I mean, C'mon!

it is an intrusion detection breakthorough (2, Informative)

harkabeeparolyn (711320) | more than 7 years ago | (#18105660)

... not encryption. Quantum encryption or even computing is as pie in the sky as ever.

Re:it is an intrusion detection breakthorough (0)

Anonymous Coward | more than 7 years ago | (#18105748)

quantum encryption and computing have nothing to do with each other.

I really wish they'd rename this technology... (1)

mbessey (304651) | more than 7 years ago | (#18106286)

Calling it "Quantum Encryption" just confuses what it is and how it works. Calling it "Quantum Key Exchange", would be a lot more accurate.

They're different things (4, Interesting)

Moraelin (679338) | more than 7 years ago | (#18106362)

Actually, quantum encryption and computing are different things.

Quantum encryption is, well, basically nothing about using quantum mechanics to _encrypt_, but to send the key (and maybe the data too). The idea is that you send single photons. So basically if someone tapped into the line, you can't split the photon and get only a bit of the signal. Either you get it or the endpoint gets it, but not both. It makes man-in-the-middle attacks a bit harder. In fact, it claims to make it outright impossible.

Since the whole idea here is to elliminate the possibility for a man in the middle, intrusion detection is something valuable. Mind you, if the sending single photons was as un-interceptable as originally claimed, intrusion should be simply not possible, so I'm a bit stumped as to why would they want to detect something impossible. Maybe they know something we don't about how impossible it really is? (E.g., come to think of it, a laser kind of device inserted on the line could multiply that original photon thousands of times, all the clones having the exact same phase, polarisation, whatever.)

It may be pie-in-the-sky, I don't know, but at least it's one of those sane ideas that aren't too impossible to understand even for the layman. The only "quantum" thing about it is that you send individual quanta of light, i.e., photons. Since it's only one and it's indivisible, only one endpoint can get it. All simple and sane, IMHO.

Quantum computing, on the other hand, I don't know... there must be some sane researchers out there who know what they're doing, no doubt. But the media and marketting hype has drowned it all in so much bullshit it could fertilize a few acres, so from the layman (even with a decent grasp of physics and computing) point of view, it's hard to even tell what it would _really_ do, how it would work at all, and how would it be useful at all.

I've even seen such bullshit claims like that it basically holds all possible states at the same time, so it can calculate anything instantly, since the solution state is already one it simultaneously holds. Which is blatantly bull. If it simply holds all possible states at the same time, that's as good as saying that it has no state at all, or you can't measure it. To get an answer out of the computer, you need to get out of it a particular state which represents the result of the calculation. By that logic I could give you a CD with all possible 4 million DWORD (4 byte, 32 bit) values, from -2 million to 2 million, one of which is the result to your problem. There you go, any problem that has a DWORD result already has the result on that CD, so it was "calculated" instantly. Isn't it an impressive feat? I don't even know your problem, but that CD already has the result to it. It's also completely freakin' useless, if you don't know which one of them. That CD as such holds no more actual usable information that that it's a 32 bit number, which you knew in the first place.

Not saying that that's what the actual researchers study, but that's the kind of bogus info that you see from the outside. It's damn hard to tell if it's actually something that might work, or just snake oil to get a clueless VC's money. On par with extracting free energy out of water, the Infinium console, and other such fine con schemes that some people actually dumped millions into.

The only sorta working quantum implementations so far, are basically not even as much quantum computers as hyped, as glorified analog computers. The thing about quantum mechanics is that 99% of it are probabilities.

As some trivial examples, you can't tell for example exactly where an electron is in a potential well (e.g., in a CMOS transistor), or in some cases even if it is still in the potential well or it's out of it already, but you can calculate a probability cloud of, basically, what are the chances of it being in this particular point. Or if you do interference with electrons (think the school physics experiment with shining a light through two thin slots, only with electrons), you can't tell which band a particular electron will fall in, but you can tell the probability for it to fall in any particular one. And so on. Basically in quantum mechanics you don't calculate where something is or what is it doing as such, but pretty much what are the probabilities of it all.

The thing is, from a less media-hyped point of view, the same applies to quantum bit states. The obvious usable way to have a 1 and a 0 at the same time, is to basically have a probability for each. You have, for example, a bit which is basically 10% in a 0 state and 90% in a 1 state. Congrats, you just discovered a funky way to represent the number 0.9. Of course, you can do all sorts of maths with it and whatnot, but in the end it's just an analog machine all over again, with a funky hype-able name and lots of VC capital potential.

(Just like suddenly anything involving a powder or droplets is "nano-technology." Mayonnaise is suddenly cool and high-tech if it's nanotech droplets, as opposed to just an emulsion.)

Re:They're different things (3, Informative)

Anonymous Coward | more than 7 years ago | (#18106748)

QC is not bullshit from a mathematical perspective; there are well know algorithms(such as the Shor factoring algorithm)..and IBM tested it back in 2001.

The problem w/ QC is having enough entangled qubits to get up to useful capacity..and its an insanely difficult engineering challenge.
http://en.wikipedia.org/wiki/Quantum_computing [wikipedia.org] is a good intro to QC.

While I agree that VC's will hype anything, your post is FUD crossed witha bit of 'get off my lawn, young whippersnappers'; its also clear that you didn't spend 5 minutes researching QC before you held forth on it. Yes, it will be specialized and won't replace normal digital computers.

Don't take this personally, but the fact that I can find complete nonsense at 5 insightful is one of the reasons that I don't read slashdot comments much; there is rarely a more misleading source of information available.

Re:They're different things (0)

Anonymous Coward | more than 7 years ago | (#18107546)

I've even seen such bullshit claims like that it basically holds all possible states at the same time, so it can calculate anything instantly, since the solution state is already one it simultaneously holds. Which is blatantly bull. If it simply holds all possible states at the same time, that's as good as saying that it has no state at all, or you can't measure it.

No, it's not 'bull'. It's a pretty good description of what's actually going on. Think Schroedinger's cat. There is a single cat, and it's in some pure state, but that state is equal to a mixture of the "alive" state and the "dead" state.

As some trivial examples, you can't tell for example exactly where an electron is in a potential well (e.g., in a CMOS transistor), or in some cases even if it is still in the potential well or it's out of it already, but you can calculate a probability cloud of, basically, what are the chances of it being in this particular point.

Perhaps you have not taken a class in quantum mechanics, or perhaps it has been a while. Well, here's the deal.

It's not that the electron is located at some particular position, and you can't tell exactly where it is. In actual fact, the electron is not located at a single point. Its position is completely described by a complex-valued function over space. (viz., a 'wavefunction') This function completely describes the electron's momentum as well, which is a neat trick. So what you are calculating is not a 'probability cloud'. The wavefunction is the electron's position.

This is not just some theoretical construction. It is very important to the way that atoms and molecules act. They would behave very differently if electrons and nuclei acted in a familiar classical way, like baseballs or planets. Instead, they behave according to the rules of quantum mechanics, which actually work pretty well. The quantum computing guys want to take this interesting behavior and use it to our benefit in making computations.

Re:it is an intrusion detection breakthorough (2, Interesting)

geeber (520231) | more than 7 years ago | (#18107430)

If by "Quantum encryption" you mean "Quantum key distribution" then you are incorrect. It is available commercially [magiqtech.com] now.

Stop piracy? (4, Insightful)

Jordan Catalano (915885) | more than 7 years ago | (#18105664)

Or will it mean film studios can stop movies from being copied when traveling on the internet?

No. Not at all.

Quantum "encryption" foils interception of a data stream. That has nothing to do with copying a file and resending it once it reaches its destination.

Re:Stop piracy? (0)

Anonymous Coward | more than 7 years ago | (#18105694)

Actually it only prevents one type of interception: eavesdropping. It does not prevent a man-in-the-middle attack.

Re:Stop piracy? (2, Informative)

eklitzke (873155) | more than 7 years ago | (#18105730)

With quantum encryption you cannot conduct a meaningful MITM attack. This is called the observer effect, and is a very well known and studied phenomenon of quantum mechanics.

Re:Stop piracy? (0)

Anonymous Coward | more than 7 years ago | (#18105832)

You can study the observer effect all you want, quantum cryptography is still vulnerable to a type of MITM.

Re:Stop piracy? (1)

Bwian_of_Nazareth (827437) | more than 7 years ago | (#18106150)

Can you please elaborate?

Re:Stop piracy? (1)

gkhan1 (886823) | more than 7 years ago | (#18106098)

So you could either a) create super-high tech stupidly expensive hardware and use fiber optic cables (or whatever you use to transfer quantum stuff) or b) simply sign your transmissions. I wonder which one is easier?

Re:Stop piracy? (3, Informative)

Arancaytar (966377) | more than 7 years ago | (#18106246)

From what I've read, quantum encryption only really becomes necessary if common prime-number algorithms are rendered ineffective by unforeseen advances in computing power (say, quantum computing or other stuff now considered science fiction). It's basically a one-time-pad - it is proven to be completely secure if used correctly, but in most cases, other theoretically breakable technologies are enough.

And the only thing you need to transfer the signal is apparently an uninterrupted fibre-optic line.

But this is basically Google and Wikipedia speaking, so I'm waiting for a real expert to correct me on this.

Re:Stop piracy? (2, Informative)

gkhan1 (886823) | more than 7 years ago | (#18106564)

No this is basically true (there is a quantum computing algorithm called Shor's algorithm [wikipedia.org] which could crack prime numbers in O((log N)^3) time, a vast improvement over current algorithms) that would make prime-number algorithms obsolete. In that case, quantum cryptography could be something worth looking into (although by that time something else might have come along, quantum computing is at least 100 years from being practically able to do what is needed). I was just making fun of the idea that you would use quantum cryptography to achieve authentication. There are so many easier ways :)

Re:Stop piracy? (1)

mstahl (701501) | more than 7 years ago | (#18107826)

(there is a quantum computing algorithm called Shor's algorithm which could crack prime numbers in O((log N)^3) time, a vast improvement over current algorithms) that would make prime-number algorithms obsolete

Not entirely true. Shor's algorithm provides a quadratic speedup, which is definitely a vast improvement, but that only really means you'd need to double the keyspace to make it just as hard with Shor's algorithm. Add one extra bit to your 128-bit key and you're there. We'll be able to keep up that little arms race until keys become large enough to seriously tax our conventional computers we use to encrypt our data.

Pessimism (1)

benhocking (724439) | more than 7 years ago | (#18107840)

quantum computing is at least 100 years from being practically able to do what is needed

That really depends on who you ask. 100 years is definitely a pessimistic claim. That said, I'm fairly pessimistic, too.

Quantum cryptography and man-in-the-middle (1, Informative)

Anonymous Coward | more than 7 years ago | (#18106306)

See e.g. Wikipedia [wikipedia.org] :

Quantum cryptography is still vulnerable to a type of MITM where the interceptor (Eve) establishes herself as "Alice" to Bob, and as "Bob" to Alice. Then, Eve simply has to perform QC negotiations on both sides simultaneously, obtaining two different keys. Alice-side key is used to decrypt the incoming message, which is reencrypted using the Bob-side key. This attack fails if both sides can verify each other's identity.

Mod parent up - it's easy to steal from servers... (2, Informative)

xxxJonBoyxxx (565205) | more than 7 years ago | (#18105724)

If you're only protecting the transport from spying eyes (with quantum encryption or whatever), that's only a part of what you need to protect your data.

This is the same reason why many, if not most, "SSL-protected" or "SSH-protected" servers are really sitting ducks: interesting data is still sitting in the clear on the endpoint servers' hard drives. (And don't get me started about "AUTH TLS" email forwarding...)

Re:Mod parent up - it's easy to steal from servers (1)

bucketoftruth (583696) | more than 7 years ago | (#18105766)

(And don't get me started about "AUTH TLS" email forwarding...)

Ok, what's the weak link here? Is it as bad as plain text or are you just griping about worst case scenarios where space aliens can decrypt our email with their hyper-advanced technology?

Re:Mod parent up - it's easy to steal from servers (3, Interesting)

TheRaven64 (641858) | more than 7 years ago | (#18106550)

Assuming the receiving mail server has a correctly signed certificate, it is practically impossible to intercept the mail in transit from one server to another. The catch it, the encrypted path is not guaranteed from end-to-end. If I send you an email, I will send it over a TLS connection to my mail server. It will then send it to your mail server (identified by MX), which may then forward it for several hops before it actually reaches you. I have no way of guaranteeing that the connection is secure beyond the first hop (my laptop to my mail server). Anything else might be no better than plain text because it might be plain text. If you want secure email, you need to use some kind of end-to-end encryption such as PGP and make sure you exchange keys over a secure out-of-band channel. Or, you can just accept that email isn't secure.

Re:Stop piracy? (5, Insightful)

Xenographic (557057) | more than 7 years ago | (#18105740)

You'd think that people here would know better than to ask such silly things by now, wouldn't you? Does it really take that much thinking to realize that you can't give someone access to data and not give them access at the same time?

Even if you had some special quantum device to allow people to watch something once, only to have its quantum state collapse (or whatever), you could still record the output. With a camcorder, if it came to that.

"Trying to make bits uncopyable is like trying to make water not wet." - Bruce Schneier, cryptography expert

Re:Stop piracy? (1)

M. Baranczak (726671) | more than 7 years ago | (#18105894)

Does it really take that much thinking to realize that you can't give someone access to data and not give them access at the same time?

Yeah, you would think that, wouldn't you. But apparently, the best minds of the entertainment industry still can't grasp that one.

Re:Stop piracy? (1)

RzUpAnmsCwrds (262647) | more than 7 years ago | (#18106026)

Even if you had some special quantum device to allow people to watch something once, only to have its quantum state collapse (or whatever), you could still record the output. With a camcorder, if it came to that.


That's why you use one-time-pad. Send the key first, then, after you know it has been recieived, send the data. If someone snoops, then you know about it, and you don't use the key.

Re:Stop piracy? (1)

Arancaytar (966377) | more than 7 years ago | (#18107084)

Stopping eavesdropping, but having no effect on what the intended recipient is able to do. And until the intended recipient of the movie has access to their own machine sufficiently castrated (as the media industry is already attempting), this won't stop any piracy.

Until I see statistics, I'm convinced that the majority of illegal distribution is done by the people who either legitimately download or have already received an illegal distribution - not by people who eavesdrop on the video stream of someone else.

Re:Stop piracy? (1)

welsh git (705097) | more than 7 years ago | (#18106828)

I've always said the same thing with audio. Even if the best encryption in the world comes about, simply feed the analogue line-out into the analogue line-in.

This 'one time' analogue loop (without tapes and so on in the mix) will still sound FAR better than most of the retarded low-bitrate lossy-compresssion algorithms we are expected to accept.

Re:Stop piracy? (2, Informative)

Prune (557140) | more than 7 years ago | (#18107240)

There are a number of things wrong with your post. First of all, no one has in blind testing been able to distinguish 256 kb/s mp3 from the original CD version, even with very high end equipment. For most people 192 is also indistinguishable. So the answer is simple, just don't use lower than 192 bitrate. Second, playback and re-recording, besides the distortion of the analog stages, results in increased distortion from jitter effects in the A/D and D/A conversions (jitter in the digital stream going into the converter results in amplitude errors in the analog signal, and humans can hear less than 5 picoseconds of signal-correlated jitter).

Re:Stop piracy? (1)

albyrne5 (893494) | more than 7 years ago | (#18107370)

First of all, no one has in blind testing been able to distinguish 256 kb/s mp3 from the original CD version, even with very high end equipment. For most people 192 is also indistinguishable.


Can you cite a source for this please?

Re:Stop piracy? (1)

Prune (557140) | more than 7 years ago | (#18107466)

Google it. It was a test done some years ago with Sennheiser's $12,000 Orpheus headphones, and only a few in the subject group managed to make out the 192 from the CD; no one managed the 256. I would recommend you do something even better: download the free abchr utility and it will let you easily do your own blind test, so you know for your equipment and ears what the lowest bitrate is necessary for transparency.

Re:Stop piracy? (1)

Prune (557140) | more than 7 years ago | (#18107472)

Forgot to add that modern mp3 encoders are even better, so even more reason 192 would be sufficient. On the other hand, there are better DACs and headphones (Stax Omega 2, cheaper too at $2000), so who knows that might make smaller differences more clear, though I doubt it.

Full Text (5, Informative)

Anonymous Coward | more than 7 years ago | (#18105678)

Researchers have managed to close a loophole in quantum cryptography that could allow a hacker to determine a secret key transmitted using the technology.

Working at Toshiba Research Europe in Cambridge, scientists found that laser diodes used to transmit keys used to encrypt data, known as Quantum Key Distribution (QKD), sometimes transmitted more than one photon at a time. Quantum encryption works by transmitting key data as a stream of single photons.

Should an eavesdropper try to intercept the transmission, monitoring a single photon would change the state of that photon, and this would make both ends of the transmission aware that the data had been eavesdropped. However, the laser diodes can sometimes transmit more than one photon and so a hacker could monitor the second photon, leaving the first photon unchanged and this would not alert anyone that the key transmission had been compromised.

But scientists have now added decoy photons to the key data. When an eavesdropper now tries to monitor extra photons, they will also monitor the decoy photons. Scientists said these decoy photons or "decoy pulses" are weaker on average and so very rarely contain two or more photons.

If an eavesdropper attempts a pulse-splitting attack, they will transmit a lower fraction of these decoy pulses than signal pulses. By monitoring the transmission of the decoy and signal pulses separately this type of intervention can be detected, according to scientists.

By introducing decoy pulses, the researcher found that stronger laser pulses could be used securely, increasing the rate at which keys may be sent. By using this method keys could be transmitted securely over a 25km fibre to an average bit rate of 5.5kbits/sec, a hundred-fold increase on previous efforts.

"Using these new methods for QKD we can distribute many more secret keys per second, while at the same time guaranteeing the unconditional security of each," said Dr Andrew Shields, Quantum Information group leader at Toshiba Research Europe. "This enables QKD to be used for a number of important applications such as encryption of high bandwidth data links."

The researchers also discovered a second method to push bit-rates even higher for QKD. The scientists have created the first semiconductor diode that can be controlled with electrical signal input to emit only single photons at a wavelength compatible with optical fibres. This 'single photon source' method eliminates the problem of multi-photon pulses altogether, claimed the research.

The single photon diode has a structure similar to an ordinary semiconductor light emitting diode (LED), but measures just 45 nm in diameter and 10 nm in height. The dot can hold only a few electrons and so can only ever emit one photon at a time at the selected wavelength. The source operates with only electrical signals, which is essential for practical applications such as QKD. Initial trials with the new device, reported recently in the scientific journal Applied Physics Letters, showed the multi-photon rate from the device to be fives times lower than that of a laser diode of the same intensity.

Slashdot comment #18105678, Concerto No. 2, Op.83 (1, Funny)

Joyce Hatto (1067104) | more than 7 years ago | (#18106034)

Ræsæarchærs havæ managæd to closæ a loopholæ in quantum cryptography that could allow a hackær to dætærminæ a sæcræt kæy transmittæd using thæ tæchnology. Working at Toshiba Ræsæarch Æuropæ in Cambridgæ, sciæntists found that lasær diodæs usæd to transmit kæys usæd to æncrypt data, known as Quantum Kæy Distribution (QKD), somætimæs transmittæd moræ than onæ photon at a timæ. Quantum æncryption works by transmitting kæy data as a stræam of singlæ photons. Should an æavæsdroppær try to intærcæpt thæ transmission, monitoring a singlæ photon would changæ thæ statæ of that photon, and this would makæ both ænds of thæ transmission awaræ that thæ data had bææn æavæsdroppæd. Howævær, thæ lasær diodæs can somætimæs transmit moræ than onæ photon and so a hackær could monitor thæ sæcond photon, læaving thæ first photon unchangæd and this would not alært anyonæ that thæ kæy transmission had bææn compromisæd. But sciæntists havæ now addæd dæcoy photons to thæ kæy data. Whæn an æavæsdroppær now triæs to monitor æxtra photons, thæy will also monitor thæ dæcoy photons. Sciæntists said thæsæ dæcoy photons or "dæcoy pulsæs" aræ wæakær on aværagæ and so væry raræly contain two or moræ photons. If an æavæsdroppær attæmpts a pulsæ-splitting attack, thæy will transmit a lowær fraction of thæsæ dæcoy pulsæs than signal pulsæs. By monitoring thæ transmission of thæ dæcoy and signal pulsæs sæparatæly this typæ of intærvæntion can bæ dætæctæd, according to sciæntists. By introducing dæcoy pulsæs, thæ ræsæarchær found that strongær lasær pulsæs could bæ usæd sæcuræly, incræasing thæ ratæ at which kæys may bæ sænt. By using this mæthod kæys could bæ transmittæd sæcuræly ovær a 25km fibræ to an aværagæ bit ratæ of 5.5kbits/sæc, a hundræd-fold incræasæ on prævious æfforts. "Using thæsæ næw mæthods for QKD wæ can distributæ many moræ sæcræt kæys pær sæcond, whilæ at thæ samæ timæ guarantææing thæ unconditional sæcurity of æach," said Dr Andræw Shiælds, Quantum Information group læadær at Toshiba Ræsæarch Æuropæ. "This ænablæs QKD to bæ usæd for a numbær of important applications such as æncryption of high bandwidth data links." Thæ ræsæarchærs also discoværæd a sæcond mæthod to push bit-ratæs ævæn highær for QKD. Thæ sciæntists havæ cræatæd thæ first sæmiconductor diodæ that can bæ controllæd with ælæctrical signal input to æmit only singlæ photons at a wavælængth compatiblæ with optical fibræs. This 'singlæ photon sourcæ' mæthod æliminatæs thæ problæm of multi-photon pulsæs altogæthær, claimæd thæ ræsæarch. Thæ singlæ photon diodæ has a structuræ similar to an ordinary sæmiconductor light æmitting diodæ (LÆD), but mæasuræs just 45 nm in diamætær and 10 nm in hæight. Thæ dot can hold only a fæw ælæctrons and so can only ævær æmit onæ photon at a timæ at thæ sælæctæd wavælængth. Thæ sourcæ opæratæs with only ælæctrical signals, which is æssæntial for practical applications such as QKD. Initial trials with thæ næw dævicæ, ræportæd ræcæntly in thæ sciæntific journal Appliæd Physics Lættærs, showæd thæ multi-photon ratæ from thæ dævicæ to bæ fivæs timæs lowær than that of a lasær diodæ of thæ samæ intænsity.

Editor, editor... (5, Insightful)

tgv (254536) | more than 7 years ago | (#18105714)

What is the last sentence doing there: "Or will it mean film studios can stop ..."? It's clear from the preceding text that that (i.e., copy while travelling, not copy afterwards) is one of the potential uses. So it's completely redundant. At the same time, the implicature of this particular phrase suggests Something Bad: Big Companies are trying to stop You from your Right To Download, or something akin, implying that these "researchers" have hidden agendas and are enemies of open source, Linux, Ruby, Apache and probably of world peace. That's of course complete and utter nonsense, so the last sentence should have been cut out by the editor. Why didn't that happen? And what's the link to www.absolutegadget.com doing there? Who gains by putting this link on the /. front page?

Re:Editor, editor... (2)

pherthyl (445706) | more than 7 years ago | (#18106204)

Who gains by putting this link on the /. front page?

Several people actually. If you submit an article that gets accepted, you get a link to your page. So you gain by having that link there because it drives some traffic to your site. Slashdot gains because there is now an incentive for people to submit good stories that will get accepted, and I gain amusement by watching people like you freak about nothing.

Too much irony? (1)

tgv (254536) | more than 7 years ago | (#18106708)

So was there too much irony in my post? In your terms: bad editting means the readers lose, which could (eventually) drive them away from Slashdot, by which nobody would gain anything.

What the hell? (2, Insightful)

fabs64 (657132) | more than 7 years ago | (#18105732)

I've seen summaries with better understanding of technical topics in my local, small town, tabloid newspaper.
Really what nerd approves a summary like that?

Re:What the hell? (0)

Anonymous Coward | more than 7 years ago | (#18105836)

Having no hands-on knowledge of this budding technology myself, I am excited at the (endless) possibilities for the future. I may not ever understand the science of what is happening, but I'm going to make damn sure my kids are on the case from day one out of the chute.

Aside from the good news, BOO SLASHDOT for letting samzenpus have front page posting privileges. As a reparation for having to read the terrible spin, I want this person's job.

I don't need no stinking spellchekcyer like (s)he does.

salty (DOT) pete (AT) slackcrew (DOT) com
phishing the phishers since 1996.

A nerd employed to boost ad revenue. (0)

Anonymous Coward | more than 7 years ago | (#18105874)

Or perhaps they aren't a nerd at all. I guess any ignorant hack could hastily slap together some crappy "story" or other just to make a few quick bucks. Welcome to Slashdot!

ahem (3, Informative)

GlitchyBits (1066840) | more than 7 years ago | (#18105752)

Quantum encryption is quite a misleading expression since the quantum mechanics is only used to securely transmit a cryptographic key ... not encrypting the message.

Re:ahem (4, Informative)

dido (9125) | more than 7 years ago | (#18105792)

Public key encryption is, in practice, used pretty much the same way as well. Public key algorithms are generally used as part of a secure key exchange protocol rather than encrypting a message as directly.

Re:ahem (3, Informative)

GlitchyBits (1066840) | more than 7 years ago | (#18105954)

The problem with popular public key algorithms is that they are based on the assumption that the opponent doesn't have enough computationnal power in order to break it in a reasonnable amount of time, or he doesn't know a polynomial determinist algorithm to do so.

The big advantage of using quantum key distribution is that it will (ideally) ensure that the cryptographic key you get has not been sniffed, and that you can securely exchange a key which is long enough in order to use a one time pad (which is an unconditionnaly secure way of encrypting a message).

Re:ahem (1)

knowlton (512767) | more than 7 years ago | (#18106008)

"Unconditionally secure" assumes you have a perfectly random generator for your one-time pad. If I can find a way to predict the next number your RNG gave you, I may be able to defeat your one-time pad.

Re:ahem (2, Informative)

swillden (191260) | more than 7 years ago | (#18106040)

"Unconditionally secure" assumes you have a perfectly random generator for your one-time pad. If I can find a way to predict the next number your RNG gave you, I may be able to defeat your one-time pad.

Good random numbers are easy to obtain. There are any number of physical phenomena whose randomness is quantum in origin and therefore unpredictable. Just use one of them in a heavily-shielded room to ensure that none of your data leaks and you're golden.

The hard part of using OTPs isn't generating the pads, it's transmitting and storing them securely. QC addresses secure transmission (though you still have to take care to avoid MITM attacks).

Re:ahem (1)

knowlton (512767) | more than 7 years ago | (#18106126)

"Unconditionally secure" assumes you have a perfectly random generator for your one-time pad. If I can find a way to predict the next number your RNG gave you, I may be able to defeat your one-time pad.
Good random numbers are easy to obtain. There are any number of physical phenomena whose randomness is quantum in origin and therefore unpredictable. Just use one of them in a heavily-shielded room to ensure that none of your data leaks and you're golden.

The hard part of using OTPs isn't generating the pads, it's transmitting and storing them securely. QC addresses secure transmission (though you still have to take care to avoid MITM attacks).
Ok, sure, but the point was more to do with the overly-strong claim: GP claims OTPs are unconditionally secure but that claim is not justified. OTPs are secure given good entropy sources and good protection for the keys themselves.

Would I have done better to moderate the overly-strong claim by identifying the key management difficulties?

<whine>
And why is it that your post is on /. for like, all of 15 sec. and has a score of 2?
(What is it that you are doing that I'm somehow failing?)
Is bad karma self-perpetuating?
</whine>

Reply to whine... (1)

robbak (775424) | more than 7 years ago | (#18106174)

If your karma is listed as excellent, your posts start on 2. If you choose them to. Too. Choo choo.

(Maybe I should have AC'd this one!)

Re:ahem (1)

HuguesT (84078) | more than 7 years ago | (#18106304)

Just use one of them in a heavily-shielded room to ensure that none of your data leaks and you're golden.


In your own words, a good random number generator is therefore *NOT* easy to obtain.

Quantum, not encryption. (1)

robbak (775424) | more than 7 years ago | (#18105898)

'Quantum Encryption is about transmitting keys for use in later encryption. Possibly even to the extent of a 'one time pad' for smaller messages. And it is not about hiding or scrambling the key either: it is sent in the clear, or maybe encrypted with something as a token measure. And can be intercepted, too.

It is about _knowing_ that the key was intercepted. If someone eavesdrops it, the receiving end knows it, and can tell the sender "Nope, that one was snaffled, beam me another."

Re:ahem (3, Interesting)

ysachlandil (220615) | more than 7 years ago | (#18106852)

Not to mention the problems with "Man in the Middle" attacks. Since quantum encryption doesn't validate the endpoints, you could just cut the fiber and attach two new transceivers and nobody will know. And no, the technique in the article doesn't protect against this. There are only a few ways to get around this problem:

-Monitor the fiber for cuts by keeping it lit at all times. Backhoe accidents will still happen, and then you need to guard the cut and use trusted technicians.
-Have huge fiber ducts and patrol them with guards.
-Use certificates to validate the endpoints. But then you need to trust public key crypto and then quantum doesn't add anything.

So quantum crypto is still useless.

--Blerik

Re:ahem (2, Informative)

Anonymous Coward | more than 7 years ago | (#18107104)

No, they would know. That's the whole point of quantum key exchange. Each photon sent has both linear and circular polarisation. The Heisenberg uncertainty principle states that measuring one of these states destroys all information about the other. This is the basis for QKE.

Alice sends a stream of photons to Bob with random linear and circular polarisation. Call the string of bits represented by the linear polarisation 'a' - up is 1 and down is 0. The string represented by the circular polarisation we'll call 'b' - clockwise is 1 and anticlockwise is 0.

Once Bob has received all the photons he tells Alice and she publicly announces all the bits of b. Bob discards the bits for 'a' which were transmitted in a photon for which his value for 'b' differs from what Alice announced. For example if Alice says b(i) = 1 but Bob has received b(i) = 0 he discards a(i). Bob also notifies Alice of which bits he has discarded.

The line will have noise so a number of b(i) are expected not to match. However if a large number do not match it can be assumed that an attacker is listening in. If an attacker had been listening they would have only been able to measure a(i) or b(i) but not both. They would have to retransmit the photon and guess the value of whichever of a(i) or b(i) they did not measure. Due to the randomness of a and b they would have only a 0.5 probability of being sucessful for each photon. This becomes exponentially small as the number of photons is increased. When they are unsuccessful at reconstructing the photon Bob notices and discards that bit.

If Alice and Bob agree on enough bits of b then it can be safely assumed there is no attacker and the remaining bits of 'a' are a key known only to them. This is a rather simplified description of what actually happens, but it should be enough to demonstrate that naive man-in-the-middle attackers like cutting the wire won't work.

What one man makes (1)

theshowmecanuck (703852) | more than 7 years ago | (#18105764)

Another can break. So it might be the best... for now.

Point to point (4, Informative)

nickovs (115935) | more than 7 years ago | (#18105780)

The biggest drawback of this technology is not that it is in fact a key distribution method rather than an encryption scheme. It is that, as with pretty much all QKD systems, this only works if you have a continuous fibre-optic cable from one end to the other. That might be fine for linking two embassies or two military facilities but it makes it a bit useless for the Internet.

Re:Point to point (3, Insightful)

Anonymous Coward | more than 7 years ago | (#18105820)

Not only that but the quantum channel has no way of verifying who the remote end really is. IE it can detect easedropping but not wholesale replacement of the intended target of communication.

I dare anyone to cite a single practical benefit over existing zero knowledge key agreement systems.

Re:Point to point (1)

swillden (191260) | more than 7 years ago | (#18106080)

I dare anyone to cite a single practical benefit over existing zero knowledge key agreement systems.

It makes your execs feel warm 'n fuzzy.

Re:Point to point (1)

maop (309499) | more than 7 years ago | (#18106214)

Not only is the summary bullocks but the technology is bullocks. What is a slashdotter to do?

finaly! (3, Funny)

Patrik_AKA_RedX (624423) | more than 7 years ago | (#18105802)

Now I can make posts on slashdot without anyone being able to read them. Privacy at last!

So what? (0)

Anonymous Coward | more than 7 years ago | (#18105934)

I do that all the time, and I don't need stinking encryption.

Copied during travel? (1)

QJimbo (779370) | more than 7 years ago | (#18105824)

Or will it mean film studios can stop movies from being copied when traveling on the internet?
They don't get copied during transmission, they get copied/drm-cracked after the other person has recieved it ;)

lmaf @ proofyourfuckingheadlines (2, Funny)

agent (7471) | more than 7 years ago | (#18105828)

I am a Cracker!

Copying movies (1)

Bob54321 (911744) | more than 7 years ago | (#18105840)

Or will it mean film studios can stop movies from being copied when traveling on the internet?

Why is that sentence there? OK, there is a new type of encryption - but how exactly does that relate to capturing movies while the roam free on the internet?

Is there something I'm missing - perhaps a tubes joke...

they are watching (1)

zoftie (195518) | more than 7 years ago | (#18105878)

...' Or will it mean film studios can stop movies from being copied when traveling on the internet?" '....

Don't give them any ideas.

Be nice... (0)

Anonymous Coward | more than 7 years ago | (#18105886)

submitter is new to teh intarwebs.

I can see the headlines now... (4, Funny)

Roger W Moore (538166) | more than 7 years ago | (#18105888)

'DVD' Jon breaks quantum encryption, APS sues claiming its against the laws of physics.

Re:I can see the headlines now... (1)

db32 (862117) | more than 7 years ago | (#18107434)

So...by this train does that mean the CERN supercollider is considered cracking? I am SOOO going to sue them for cracking a particle that represented a copy of 1 bit of my intellectual property! DMCA here I come!

The drawbacks others haven't mentioned (5, Informative)

Beryllium Sphere(tm) (193358) | more than 7 years ago | (#18105904)

Elsewhere in the comments people have correctly pointed out that it isn't encryption at all and that it is fundamentally incompatible with any router, switch, bridge or even repeater.

There's also the limit of 5.5 kbps, though that might be improved.

The issue that should have killed this idea ten years ago when Shamir pointed it out is that an attacker who has spliced the fiber can read the polarizer without ever looking at a single one of the transmitted photons.

Send the $#$@! key material by bonded courier in a tamper-evident package if it's that important. If for some reason that's not enough then split (e.g. Blakely-Shamir) the key material into shares, send each separately, and recombine when needed.

Re:The drawbacks others haven't mentioned (1)

FishWithAHammer (957772) | more than 7 years ago | (#18106032)

I was wondering about that...compromise the endpoint and the whole encryption part falls off.

As an OT aside, Beryllium: I love that journal entry about Republicans and refer people to it near-daily. Great work. :)

Re:The drawbacks others haven't mentioned (1)

swillden (191260) | more than 7 years ago | (#18106078)

The issue that should have killed this idea ten years ago when Shamir pointed it out is that an attacker who has spliced the fiber can read the polarizer without ever looking at a single one of the transmitted photons.

Shamir's attack doesn't affect entanglement QKD. The article appears to be referring to polarization-based QKD, however.

Re:The drawbacks others haven't mentioned (4, Interesting)

jd (1658) | more than 7 years ago | (#18106142)

Don't know if they still do, but in the 50's, the British used synchronized tapes with one-time pads. As best as I understand it, both sides of the link started their tapes at the same time and from the same offset (synchronized over secure phone) but had no control over when the machines at each end would actually sync up. (The exact sync mechanism is something I'm also a little unclear over - nothing from the tape was ever transmitted.) The practical upshot was that anyone who had a copy of the tape AND a copy of the transmission would still face a daunting computational challenge to break the encryption.

If you combine this with the split key concept, so that the difficulty of obtaining a full pad is considerably greater, and perhaps even run each fragment through a public key encryption algorithm to make getting that fragment a near-impossible task, you get damn close to the theoretical level of security offered by an OTP.

A correctly-implemented OTP, in which the pad cannot be derived algorithmically from known quantities, where the pad is not cyclic, and where the pad is used exactly once, cannot be broken at all without physically obtaining the specific part of the pad that is actually used and some computationally-viable method of eliminating any excess. If the pad is rendered unreadable, or the specific information required to make the pad usable simply doesn't exist except at the moment of transmission and then only on the machines involved, then OTP is essentially unbreakable.

The premise of encryption is that nothing can ever be made 100% tamper-proof or uninterceptable, merely very tamper-resistant and very hard to intercept, and so you're far better off making what is obtained unusable. Having something that is supposedly not interceptable is so much snake oil. For a long time, nobody was sure you could undetectably tap optic fiber. What are the vulnerabilities of the endpoints? Is the connection between the "secure" endpoint and the computers at either end exploitable? Are any of the computers involved open to being monitored by TEMPEST or other remote techniques? If the machines are on partially or fully exposed networks, are the machines susceptible to having the transmission intercepted either prior to being secured or after being restored? (Partially exposed can include computers that share USB memory sticks or floppies with unsecure machines. All you need is a carrier for a virus.)

5.5 kbps limit (1)

Jordan Catalano (915885) | more than 7 years ago | (#18106372)

I don't see how this bandwidth is a problem for secure key exchange.

Isn't the point of this to make it practical to utilize high bandwidth yet unsecured connections to send heavily encrypted data? Even when changing the key very frequently, the secure quantum channel should be more than fast enough.

It's just like satellite TV encryption. The data stream can be received with zero chance of detection anywhere within the satellite's footprint: even less secure than sending data over the internet. By having a seperate secure* key distribution stream, they can get away with this without massive piracy. In this case, this "stream" is the physical transfer of smart cards with keys stored on them.

* The problem is, it's not secure. Since the physical distribution of keys via smart card is so slow, the video decryption keys are sent encrypted over the high bandwidth yet unsecured satellite connection along with the video stream. The card uses its key to decrypt the video key, which is then sent back to the satellite receiver to decrypt the video stream. Since the receiver is ultimately less tamper-resistant than the smart card, and it could be possible to extract a video key from its RAM while running, this allows the video key to be changed every few seconds, making distribution of current keys to others useless. While this sounds good, the cards are not as tamper-proof as they'd like to be, and the expense of constantly swapping all customers' cards to new ones with fixes creates a legacy loophole. Combine this with an intrinsic inability to keep hackers from physically accessing all needed decryption hardware and no means to detect their hacks remotely, and it makes this method of key distribution very insecure against determined individuals. With good quantum connections, all these problems are avoided.

These drawbacks are not insurmountable (0)

Anonymous Coward | more than 7 years ago | (#18107146)

Elsewhere in the comments people have correctly pointed out that it isn't encryption at all and that it is fundamentally incompatible with any router, switch, bridge or even repeater.
A high-grade link that includes only all-optical routers, switches, etc. is compatible with this technique. What it needs is so-called lambda service [photonics.com] with sufficiently high signal-to-noise; the enabling technologies for this are out there and will only become more widespread.

The issue that should have killed this idea ten years ago when Shamir pointed it out is that an attacker who has spliced the fiber can read the polarizer without ever looking at a single one of the transmitted photons.
While this is a clever attack, it does not work if the transmitter uses no active switching elements for state preparation. For example, you can build a separate transmitter for each state and combine their outputs.

Send the $#$@! key material by bonded courier in a tamper-evident package if it's that important. If for some reason that's not enough then split (e.g. Blakely-Shamir) the key material into shares, send each separately, and recombine when needed.
That approach is sometimes inconvenient and/or regarded as insufficiently secure.

Nope! (0, Flamebait)

VincenzoRomano (881055) | more than 7 years ago | (#18106054)

Could this allow completely private transmission of data away from snooping eyes and ears?
Definitely no. No democratic government would allow it. Democracy badly needs eavesdropping.

What about.... (2, Interesting)

edwardpickman (965122) | more than 7 years ago | (#18106148)

The process obviously won't stop copying material but my question is could the same or a similar technology be used to create a dedicated display screen? Let's say with quantum entangled particles as an example you directly drove a screen from a linked source. For every screen manufactured a dedicated chip was loaded into the system linked to your display device. No lines would be needs to transmit the data but like a traditional TV reciever there would be no signal to tap it simply drives the screen. You order your content on demand and there's nothing to record so no piracy but if it was a one time purchase situation you wouldn't have to worry about lost, damaged or degraded media. It would solve most of the complaints except for those wanting free material. It would eliminate a lot of the distribution issues and end the dependence on satelites. No more screwed up signals when there's a lot of solar activity. Granted we're talking decades away but there is a potential for secured storage and distribution of media.

Re:What about.... (1, Insightful)

Anonymous Coward | more than 7 years ago | (#18106354)

How would this protect against someone putting a video recorder in front of the monitor?

There is no such thing as unbreakable DRM. Spend your effort comping up with a business model that allows you to benefit from all those millions of people craving to consume your media instead.

DOS (2, Interesting)

pfortuny (857713) | more than 7 years ago | (#18106278)

Problem with what is today called qc is that it is not cryptography, it is a safe signing algorithm.

So what if the eavesdropper makes the communication impossible just tainting each and every bit? As they are not safe, they are deemed worthless and the message needs to be re-sent...

This seems to me the problem. You have not built a safe channel, you have built an eavesdropper-aware channel, which is not the same.

Re:DOS (2, Insightful)

fabs64 (657132) | more than 7 years ago | (#18106800)

The point being that you can use the eavesdropper-aware channel to exchange a key-pair that you KNOW hasn't been intercepted. After that you can use any medium as your safe channel.

plus 5, 2Troll) (-1, Troll)

Anonymous Coward | more than 7 years ago | (#18106302)

guys are usually and arm5 and dick about half of the racist? How is (7000+1400+700)*4 Achieve any of the

"Scientists Make Quantum Encryption Breakthrough' (1)

Greg.Rodden (853800) | more than 7 years ago | (#18106636)

WAIT!!! don't click on the link, it will change the outcome!!!

That would be... (0)

Anonymous Coward | more than 7 years ago | (#18106698)

" quantum encryption completely secure (registration required) " - that would be quantum registration then ? :-)

fast (-1, Troll)

Anonymous Coward | more than 7 years ago | (#18106758)

5.5kbit/s, i gotta find my dialup modem!

FUCK A GNAA (-1, Troll)

Anonymous Coward | more than 7 years ago | (#18106878)

there are some At my freelance dim. If *sBSD is And the Bazaar big picture. WHat bottoms butt. Wipe

Very silly article! Not quantum anything (1)

Ancient_Hacker (751168) | more than 7 years ago | (#18107328)

This is a very silly concept. What they've done is rename "Steganography", the art of hiding messages.

They're intentionally sending MANY photons, to get a stronger signal, to improve the data rate. So they're not using "quantum" anything. They're also adding a bunch of decoy photons, to confuse the evesdroppers.

Nothing at all new here, move on...

This is not steganography (1)

querist (97166) | more than 7 years ago | (#18107834)

I hate to split hairs, but this is _not_ steganography. There is a subtle difference.

This is not hiding the existance of the message. It is simply obfuscating it with the decoy photons. It is still obvious that a message is being sent.

Steganography is hiding the very existance of the message, such as the ancient example of shaving a slave's head, tatooing the message on his bald scalp, waiting for the hair to regrow, and then sending the slave to the recipient of the message. To any outsider the slave was just (most likely) one of several slaves moving with some other people from one place to another.

At the destination the slave's head would be shaved again and the message revealed. Unfortunately, this usually would also result in the slave being killed to prevent the secret method from ever being revealed.

Thus, this "quantum encryption" is not steganography, but two things: a method to prevent reading of a message by way of quantum mechanics and a method of obfuscating (e.g. chaffing) a message.

(background - I have a Ph.D. in infosec and AI)

Grammar Nazi Alert (1)

Chemicalscum (525689) | more than 7 years ago | (#18107406)

Title is ungrammatical should read:

Scientist Makes ......, in the case of one scientist singular or Scientists Make in the case of several or many scientists plural.

First Crypt course (1)

ebvwfbw (864834) | more than 7 years ago | (#18107842)

Usually the first thing you are told in a cryptography course is "Anyone that claims their encryption is unbreakable is either a liar or doesn't know what he is talking about." I used that quote years ago when IBM claimed it had an unbreakable crypt system and I was shown to be right. I claimed it for this quantum crap years ago but never bothered to submit a proof on it. Seemed obvious to me. Besides, someone else already had a handle on it and could write better than I can. So here is yet another attempt. I'm not buying it. Probably more secure but not unbreakable.

Besides, the technology isn't the real issue anyhow. It is the people at both ends that have access to the data. They are the real problem with keeping stuff secret.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>