Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Encryption Security

"Spooky" Quantum Data Encryption 124

Hardy writes "Imagine an encrypted communications channel that immediately notifies the parties if they are being bugged. The American Institute of Physics site is running an article about exploiting what Einstein described as the "spooky" action at a distance properties of quantum entangled particles. The entanglement process can generate a completely random sequence of 0s and 1s distributed exclusively to two users at remote locations. Any eavesdropper's attempt to intercept this sequence will alter the message in a detectable way and enabling the users to discard the appropriate parts of the data. This random sequence of digits is then used to scramble the message. This approach solves the problem of distributing a shared key to both parties without it falling into the wrong hands. This diagram might help. "
This discussion has been archived. No new comments can be posted.

"Spooky" Quantum Data Encryption

Comments Filter:
  • by Anonymous Coward
    You know if you stare at the "snow image" long enough and let your eyes shift a bit - you can see the original image - in 3D!!! hmmmm can it be that I just cracked quantum encryption? :) Mars
  • by Anonymous Coward
    Good evening, In case anyone wants a more basic 'step by step' introduction to both the 'Quantum world', this secure key transmission system, and some other 'interesting' applications of Quantum theory - I strong suggest taking a look at: http://www.newscientist.com/nsplus/insight/quantum /genious.html They also have a very nice article in this weeks issue about how the fact there are 4 DNA bases (rather than two, which should, for the same reason we use binary, be more efficient), could be related to quantum computation taking place inside cells. Sorry, I knwo it's a bit off topic, but I'm a physicist at heart ;) Chris.
  • by Anonymous Coward
    This is something that I remember reading about a long time ago in New Scientist. I found that article a little rough to read, so I wrote what I think is a more understandable version for issue 2 of the e-zine I edit:

    napalm.firest0rm.org [firest0rm.org]

    And here's the New Scientist article:

    http://www.newscientist.com /ns/19991002/quantumcon.html [newscientist.com]

    Kynik
    kynik@firest0rm.org
    http://napalm.firest0rm.org/
    http://www.gh0st.net/

  • So how do the two concepts of...

    • integrated error correction
    • one photon per data element
    ...square up?

    Hamish

  • For starters they have the type of submarine wrong.

    For seconds no Americans were involved since the US had not been shocked out of its shell by Pearl Harbour at the time.

    Regards,
    en
  • Actual problem on a physics test.

    Calculate the wavelength of a herd of charging elephants. (Gives figures for speed and size of said elephants.)

    It takes some serious swallowing to take it seriously and go on to the question about applying a diffraction grating to said herd, but that is physics for you...

    Cheers,
    Ben

    PS This is not a made up example!
  • "you can never add one and one and get three."

    Sure you can: if 5+5=15 then 1+1=3 (well ok...
    that still doesn't make 1+1=3 true but the
    statement as a whole is true)
  • Brute force isn't a vulnerability. It's a last resort attack. If someone has to rely on brute force to decode your messages, you're in pretty safe hands.

    The ENTIRE point of public key cryptography (RSA, DH)is so that a person in the middle could observe each and every transmission and still be unable to decode the messages being passed back and forth, so long as the private keys (which are never transmitted) are well protected. That's how people buy stuff over the internet.
  • I really, trully dislike one-time pads being brought up in to these discussions.

    For one, they're extremely unwieldy. They need to be as large as the message is that you're sending. That pretty much rules out any civilian use of them. In the context of the military, I could see the practicality of them, being that subs could doc and while they were getting new supplies, they could have new hard drives loaded onto them containing new random data for future communications. Those hard drives could be disbursed across the Navy.

    That works good in a system as structured as the military, but for regular, civilian communications, it's next to useless. There's no way that one-time pads can ever be incorporated into e-commerce or anything on as large a scale as that.

    It still is possible to break a one time pad with brute force... The problem is that every outcome is equally likely. You might break it and read the message and decide "that can't possibly be what this message should say" and pass by it. But if your keying material isn't as random as you hope it might be, then it becomes easier to identify possible messages.

    I'll reiterate and reiterate... One time pads can't really work on a large scale. They're just not practical.

    And in this context, obviously i wasn't talking about 8 bit keys. Rather, try using 4096 bit RSA keys to pass either triple DES or Twofish keys back and forth. Then, you've got a form of communication that's going to be next to impossible to decipher, unless someone figures out a way to factor that 4096 bit key of yours.
  • so, if information can travel faster than light, i guess it's true that nothing travels faster than bad news. (good news may or may not travel equally fast.)
  • ... and filed away in that warehouse with the burn-for-5-years lightbulbs

    There are burn-for-50-years-or-so lightbulbs, most of them made when lightbulbs were considered high-tech. The reason for not making them is that they have a too low light output for the current they consume.

    Try halving the voltage to your lightbulbs. They will last for over 5 years and be very dim. You can easily compensate dimness by using a lot more bulbs, but then you use a lot of electricity generating lots of waste heat.
  • Rember, Eve can't read the data without collapsing the probability states of the entangled photons, so she has to re-generate the data. She can't do this fast enough to accurately mimic the data she originally received.

    How little time is there? Using optical computers (assumed possible, not yet made), Eve-ine-the-middle might be able to regenerate data in the time light moves a few cm. Good enough?
  • My point is that, if there's an exception, the spooks *will* find it.

    Sure, it's impossible. So is spooky action at a distance. So is FTL. So is heavier-than-air flight.

    "impossible" is very hard to tell from "haven't done it yet" in physics.
  • It basically works by Bob sending Alice WHICH bits he received, but not the bit values themselves. Alice and Bob then share a secret, which can be used to create a key. The verification can be done by a challenge/response protocol, of which there are many.

    It's a clever system, for sure. Now why don't we see more of them?
  • by Kaa ( 21510 )
    And, of course, it does nothing about the man-in-the-middle attack.

    Yes, it does. The man-in-the-middle can't re-generate the signal fast enough. Have a look at this for more detail.


    You don't understand what the man-in-the-middle attack is.

    Alice intitiates a communication with Bob. Unknown to her, Mallory inserts himself into the communication channel and replies to her telling her he is Bob. In the absence of authentication, Alice communicates with Mallory believing him to be Bob. Simultaneously (or later, doesn't really matter) Mallory initiates a communication with Bob, telling him he is Alice. Mallory may or may not pass Alice's messages to Bob -- it's up to him.

    I looked at the reference you supplied. It talks about eavesdropping: using a beam splitter to listen (or, actually, watch) the communication. This has nothing to do with the man-in-the-middle attack.

    Kaa
  • The nice thing about this is that Alice and Bob always knows that someone is interfering with their communications, but they *don't* loose any secrets even if Mallory keep cutting the fiberoptics.
    It's an annoyance, but not a real problem. Letting Eve read your data is usually FAR worse than disrupting communications.

    Besides, if Eve and Mallory are so much more powerful than Alice and Bob they've lost the game even before it started. The secret police can always install a Tempest device, break into your house and put video cameras and sound pickups all over your house. Likewise, if they control all the means of communication between me and Alice, the best i can hope for is that they won't be able to read my messages. It's always up to them if we can communicate or not.

    -henrik
  • The location of the bug cannot be determined.
    This is by no means new, and has been covered on Slashdot before.

    You can find out quite a bit about quantum encryption and cryptography at acm.org or any good library.
  • Actually, Quantum crypto relies on the only encryption algorithm proven to be unbreakable: one-time pad. The quantum channel is used only to create the pad. An unsecure link can be used to transmit the encoded message.
  • Eve is an Eavesdropper
    Mallory is a Malicious third party wanting to disrupt the communication

  • does the image in the diagram not come out exactly as it went in? There seem to be a number of funny blips in there. For an image, this isn't so bad (unless you can't tell which building is the Chinese Embassy), but for a normal datastream, it looks like a lot would be garbled...

    I hope that's just the example picture. The article doesn't mention and 'acceptable data loss'. Since any snooping would be detected, I'd think you'd have the exact replica key, so you wouldn't have any errors.

    Anyone else notice this?
  • From what I gather on this subject, the location of the bug is not easily detected... there may be ways, but it would be extremely difficult (timing and what not). Of course, my quantum is a little bit rusty right now... I'll have to pull out my textbooks 8^)
  • Thanks for the link. 4% could be easily taken care of. I would have put the error correction in my diagram, so people wouldn't ask silly questions like mine ;-)
  • Well, you send one photon per bit, and you could layer an ECC structure on that - say one ECC byte for each 8 bytes transferred. You can then correct single-bit errors(1 of 8 wrong), and detect double-bit errors(2 of 8 wrong), which should be fairly rare. More complex encoding could be used to correct double-bit errors, if you are concerned about that, or you could selectively re-transmit a section in error.
  • I've always wondered whether the "Quantum Modem" thing would be possible... though I always thought of it as a pair of walkie talkies for some reason... You'd still have to come up with a way to make a useful network out of these things. Bandwidth is likely to be extremely low in the visible term. But if you wanted to really screw up the communications companies of the planets and make the supposedly borderless internet look like a walled prison, yeah, start networking those things! Wahh!

    Boss of nothin. Big deal.
    Son, go get daddy's hard plastic eyes.
  • I'm sure that if an implementation ever becomes a reality, then the successors of our friends Ms. Reno and Mr. Freeh will vehemently oppose it.
  • Getting a new 512 bit key for symmetric strong encryption every second should be Good Enough(tm), seing as we can't even crack a 64 bit key with current tech...

  • Maybe I've missed something here, but if the key has to be retransmitted when someone is listening, then why doesn't the third party just continue to listen, which would stop the first and second parties from sending a "safe" key. And why is this any different from now?
  • My personal opinion is the telecommunications monopolies are quashing quantum communciations technology because it would obliterate the need for wires.
    How's that?
  • This cryptography possibility is outlined in some detail in John Gribben's "Shroedinger's Kittens [fatbrain.com]", around page 108.
  • BWAHAHAHAHAHAHA!!!

    ahh yes, that was funny. Especially because I am doing my physics homework right now.

    Maybe he was trying to make a point about the English use of the letters "ph" and maybe he is just dumb, but he did get the stuff right.

    On the other hand, reiterating information that can be found elsewhere with little difficulty is one of the key methods of karma whoring, so I don't think he really deserves credit.

    On another hand somewhere, he got moderated up 3 times for "insightful" when he had no insight. Hey, moderation is stupid, it makes me post things like this that no one wants to read, but I think my sig should make that clear. So kudos to you for brightening my problem set tonight, but I won't tell the moderators to bump you up, because I hate it when people waste space to say that.
  • Sorry, I hit send too soon.

    How this pertains to secure communication is that by the sender sending his conclusions (in the clear!) about the prior state of the particle to the receiver, she can deduce the secret message he sent in.

    Now the trick is that if a man in the middle is trying to spoof this, it will be impossible for him to relay the message forward to the receiver. (he cannot manufacture particles wiht the desired properties to send to the recipient)

    So a simple authentication phase afterwards will identify any eaves dropping.
  • Actually , if you apply sufficient brute force you will be able to read a message encrypted with a one-time pad. However you won't be able to know that you have the original message.
  • You know, they talk about 'eve' not being able to observe the commiunication without disturbing it, but whats one to do about eve getting on bob's 'good side?'

    ----------------------------------------------
  • They are fundamentally not able to.
    This is the whole point of this technique.
  • Well yes it is, but she would be wasting her time. She might as well cut the cable, it will have the same effect. You can't always guarantee that Alice can transmit her one time pad to Bob, but you can guarantee that Eve can't get hold of it without Alice and Bob finding out. Which is quite handy.
  • Sure, all you have to do is position a decaying isotope precisely (and I mean *precisely*) in the middle of the two communicating parties, run lines between them composed of an unknown material that conducts the decay products, set up machines that can read the spin of particles whizzing past at the speed of light, and secure the cables so that replaces them with fakes.

    Easy.

    -konstant
    Yes! We are all individuals! I'm not!
  • It is possible to think up circumstances where particle "entanglement" creates the paradox of FTL communication (between the particles, and anything which resolves their state). Though paradox may not be quite the right term, since in many ways the lightspeed limit has nothing to do with quantum mechanics, and entanglement is AFAIK a purely quantum mechanical notion (I recall an article a few years ago in some lay science rag discussing how the c limit is more like a choice Einstein made to make a relativity model possible, and how he pretty much rejected quantum theory wholesale, albeit for more philosophical reasons).

  • >The spooky part is that the corresponding random bit on the other end changes instantaneously.

    Yup, it was to this which I referred. The FTL-communication part is simply what you state: that particle a "knows" some element of state about particle b instaneously, regardless of the distance seperating them. Constructing a thought experiment where FTL communication appears to occur does depend on the definition of "communication", of course, and that term is pretty overloaded in this thread because the original article is about a encrypted digital human communication system (which obviously works at sublight speed). It seems to me that this system is all about modulating the higher-level communication (ie. the venus idol picture) with the lower one (the correspondent particle states).

    I'll see if I can dig up the original reference somewhere; it was a lot more persuasive than I'm being. :)

  • I don't see how it could. Every logic gate the 1's and 0's pass through would surely upset what would most likely be an incredibly fine hair trigger for a intrusion detection. Even doing it on the simplest of analog comms would be pie in the sky, but how about doing it from my keyboard, through my motherboard (with spread spectrum enabled), pulverized through my MODEM, further mixed 'n' matched via my Telco, warped up to a satelite from my sniffing ISP, listened in to by some lonely HAM waiting for some distant moonbounce CW from the love he's yet to meet (actually a big smelly fat hairy guy who's forgotten about him and is currently reading at /.), bounced off a couple of other satelites, captured as it flies over Washington, cached on the downlink by the NSA because I had the text "kevin.mitnick" in one of the packets, routed, filtered and compressed/decompressed and scanned a guzillion times, before it hits ALL YOUR SCREENS... Somehow I just don't see it working in the digital world. :)
  • It must be remembered that this entanglement effect is a Quantum effect. The entanglement referred to is that of one wavefunction with another. So in essence you could do the same thing with two electrons as two photons you might would be measuring a different quantum number. It is about here however that your ideas seem to turn in to SciFi. You are however getting at why Einstien found this idea so "spooky." In physics, and in experimental science in general, it is generally assumed that you can isolate a variable from all other objects and study it. You don't think about the fact that you were bouncing a ball three years ago when you calculate it's parabolic trajectory today. The fact that these fundemental particles were somehow not isolated from each other even though they were outside of each other's light cones causes us to question the whole style of science. If everything is made of waves and everything interacts with everything else and it is entangled then how can we study anything in isolation ... and yet we do. Anyway this is a very interesting topic with philosophical overtones and the basis of Quantum Computing as well. If you are interested look into Bohmian Mechanics (an alternative to the traditional Copenhagen interpretation offered by Niels Bohr)
  • Any ideas on appyling this to the problem of e-voting (there currently is a lack of super solutions to e-voting that keeps a vote from ever being linked back directly to a voter) by in someway using the scrambling to also add a signature? The best e-vote idea I've seen uses the idea of signing through an envelope onto a piece of paper using carbon paper sealed in the envelope (all done digitaly ofcourse).
  • In any case, this just gives you eavesdropping-proof communication channels.... it does nothing about the man-in-the-middle attack.
    Man-in-the-middle is exactly what it's about.

    The trick works by generating pairs of photons with coupled polarizations. Now here's the important point: if you measure the polarization of a photon at vertical or horizontal, it has no relationship to the measurement of the polarization at 45 degrees vs. 135 degrees. Alice generates pairs of photons and sends one photon to Bob. She generates a random string of 1's and 0's, uses this to select between a 0/90 degree polarizing filter and a 45/135 degree polarizing filter, and measures the polarization of the photons she does not send. Meanwhile, Bob performs a similar, random set of polarization tests at his end. After they are done, Alice tells Bob what sequence of polarizations she used for her tests. Bob throws out the measurements where he did not use the same axes as Alice, and the remaining measurements form a random bit pattern shared by Alice and Bob. Charlie sitting in the middle doesn't know what measurement to make (because Alice hasn't told anyone yet) and can't measure the photon without destroying its state. Charlie could measure the photon with a 0/90 degree filter, but if Alice is doing her measurement on that photon with a 45/135 degree filter then his measurement will have no relationship to her data. He can generate a photon with the corret polarization for the 0/90 degree test, but Bob is going to detect a different result from Alice with 50% probability. If Alice and Bob compare a subset of their bits (which they will not use for a key), they'll detect Charlie's tampering. Ergo, the man-in-the-middle attack doesn't work. Photon loss on fiber makes it impractical for networks, but there are other regimes where this idea just might shine.
    --
    This post made from 100% post-consumer recycled magnetic

  • The thing about this kind of idea that gives me a headache (apart from the sheer bizarreness of having a link between a quantum pair of particles over long distances. And getting one particle to the other end.) is how a line tap distortion can be distinguished from line noise....

    Or maybe I'm geeting the wrong end of the stick (Or quark. Whatever.)

  • You got it right almost untill the end, the bit with claude in the middle didn't go quite right. your writing is almost a perfect copy of an article that came out in Scientific American a while ago. the article explains why claude is actually no problem: bob can simply choose some bits (not the whole transmitted key but only part of it) and send tham back over an unsecure line, alice can then check whether they match the ones she sent. if claude is listening then a substantial part of this "control key" is wrong because he messed it up. also i think the current status of test results is a bit longer than the ones you mention (though no satellite capabilities yet).
  • No doubt there is a flaw in this method. I was
    hoping that someone could point it out to me.

    What is to stop the interceptor from cloning a
    photon A has sent, and then passing one of the
    clones along to the legitimate recipient, B? Then
    after B has made his measurement, the interceptor
    can measure the copy that he has kept for himself.

    It seems as if the interceptor could at least get
    partial information about the bits that A has sent
    this way.

    Alex.
  • Garbage,

    You could could measure the photon at an intermediate point but that resoves the photons quantom state and makes the transmission detectable, since you then must launch a new photon who's state is not defined and is not entagled with the other partys photon the message in transmission will become scramled and your taping will become known.

  • I don't think this would work well for military use (if I'm understanding correctly) because all the enemy would have to do to break-down communications (which at times could be almost as good as monitoring them) would be to tap the line.. so you hide a bug somewhere between the 2 sites and it could take them quite awhile to find it.. and the whole time it's there it'll be corrupting all attempts to pass the keys, effectively eliminating that form of communication.. knowing that someone's listening is not enough, getting your message across is extremely importaint too.. or am I totally off-base here?
  • Actually, that was during the episode where Sam and Al got switched. Since Al still had the controller of Ziggy in his hand when they were switched, Sam couldn't use it to tell them to open up. (One wonders why they wouldn't have just opened it up after a certain amount of time anyways). Yours truely, Sam Beckett
  • Assuming QM you can *prove* that there is no way to eavesdrop whatsoever. What the quantum cryptology people have just done is a bit like Diffie-Helman key distribution. Although we think this is secure we really have no *proof* that cracking Diffie-Helman is hard. In this case we have a proof, following from the fundamental principles of QM, that there is no way (well actually I mean extremely unlikely and you can make the probability as low as you like) an eavesdropper can get any useful information whether they interact with the particles or not. Of course I say "assuming QM...". But I'd place quite a bit of money on the 'spooks' *not* being the first to discover violations in QM.
    --
  • The basic idea is that you pick up eavesdroppers when the "noise pattern" created by the quantum encrypt changes. What happens if the guys is eavesdropping from the start? If your original baseline for transmission was with eavesdropping, then you wouldn't notice anything would you? Or am I missing something from somewhere?

  • it's Eve, short for eavesdropper. I believe claude would just be another part of the exchange...I thought Applied Cryptography was on the required reading list? (i'm almost through the preface...)

    Also, the filters are not at a 45 degree angle, it's 90 degree angle. the problem with 45 degrees is that even if a photon comes through that is at 45 degrees to the filter, it has a 50% chance of 'twisting' and coming out the filter. so you have to have a 90 degree difference, otherwise there is a chance of getting two differing one time pads, which is what Alice and Bob generate. There are no 'bad luck' misses.

    And it's 'photon' (I know this is all nerdy nitpicking, but I couldn't resist)
  • there was a scientific american article on this subject over three years ago.... i can't remember which issue (i'm not at home) but it addressed this same idea.
  • I've read about this in an issue of C'T (german comp mag) couple o' monts ago
  • How spooky - I just finished reaing "Philosphical Consequences of Quantum Theory, Reflections on Bell's Theorem" - ISBN 0-268-01578-3. The book is a collection of papers dealing with the "spookiness" apparently behind this encryption. Strange, though-provoking, and frequently incomprehensible.
  • This has already been done on another scale...
    Anyone ever open up a perfectly good website in a Microsoft editor? Simply opening the page in the editor immediately kills your site. *grin*


    SL33ZE, MCSD
    em: joedipshit@hotmail.com
  • This is contradictory because 'to observe' is 'to interact' in quantum mechanics. It is impossible to observe a single particle without interacting with it in some way.
  • Yup, that's the one! Thanks!
  • by Anonymous Coward
    If your being serious with this comment, the major problem with your scheme is that the particles would be in a superposition of states of spin, and a machine that reads the spin state of a particle will leave the particle in a state that is not a superposition. Therefore a machine reading the states will destroy this superposition, which is detectable. AFAIK the encryption method works by reading the basis of a superposition of states as 1 or 0, depending on its angle.
    Also there would be time delay problems, which would enable a bug to be detected (as can be done on normal lines)
  • ...which is a pretty good book, it explained better what cryptography's effects on society are than the quick "Its NAZI Magic!" gloss given in the movie U-571. :)

    My personal opinion is the telecommunications monopolies are quashing quantum communciations technology because it would obliterate the need for wires.

    Governments probably worry about it as well, maybe even more than the telcoms.
    _______
    computers://use.urls. People use Networds.

  • A recent post by an AC in this thread said it well. The laws of physics are grounded in empirical evidence, and are not incontrovertible. Any physical law, even one as fundamental as Newton's law of gravitation, can and must be changed when new evidence calls for a change.

    The quantum encrypted channel described in this story is bulletproof assuming Quantum mechanics is true. But there really is no reason to expect that quantum mechanics is actually true. Sure, it explains current observations very well, but there is no guarantee that future observations won't force a revision. Even the venerable Newtonian law of gravity turned out to be false, and had to be replaced with Einstein's theory of general relativity.

    The analogy with mathematical laws is not a good one at all, because mathematical theorems are true independent of any underlying empirical justification. A mathematical theorem does need foundations in the form of underlying axioms, but that's quite different from relying on experimental observations. (For instance, 1+1=2 in the integers, but in the integers modulo 2, 1+1=0. Here my axioms have changed. However, no amount of adding will make 1+1 equal 0 in the integers.)

    So, a better way to phrase the NSA paranoia viewpoint is, widespread deployment of quantum encrypted channels will spur the NSA to conduct experiments designed to expose any errors that may be present in our current theory of quantum mechanics. And while the post was rated funny, it's actually exactly what would happen.

  • In case you're not up on your quantum mechanics, read the recent scientific american article about quantum entanglement. It's exactly the principle used here.

    Quantum entanglement provides a method for creating a one-time pad shared between two parties that are (in theory) arbitrarily far apart. All you need is a source of entangled photon pairs that is directed toward both parties. If quantum mechanics works the way we think it does, there is no, even in theory with infinite computational power, for an evesdropper to find out the secret key.

    This quantum entanglement-encryption works by creating a secret key shared between two parties. This is the same as RSA or DH. The difference is in the nature of the key and the possible attacks. Quantum entanglement can generate lots of key bits, enough, in fact, that the key can be used to XOR the data. Moreover, there is _no_ way for an evesdropper to measure photons from either path without being detected. This makes even brute force attacks impossible, even in theory given infinite time. The key length equals the message length, so you would end up generating all possible messages of a given length if you tried brute force.

    (sorry, last two paragraphs are a lot the same :(
    #define X(x,y) x##y

  • Bruce Schneier's Applied Cryptography makes mention of this 'eavesdrop detection' feature of quantum crypto. The article is really cool and educational, but it's not that new.


    The Second Amendment Sisters [sas-aim.org]

  • The spooks will now devote substantial research to finding a way to observe particles *without* interacting with them.

    Damn...and you realize, that if they discover a way to do this somehow or another (maybe by exploiting some insight into waves? Or by approximating spins?), that such a revelation would become a matter of national security?

    I really hate this new proprietary world sometimes.


    The Second Amendment Sisters [sas-aim.org]

  • Try: http://slashdot.org/articles/99/10/01/0956208.shtm l
  • There are plenty of crypto protocols which work fine when a third party is listening

    Just curious. Shouldn't all crypto protocols work fine when a third party listening? If no one else is listening other than who you're talking to, you don't really need crypto!

    :)
  • By "impossible" I mean that within the framework of quantum electrodynamics it can *never* happen. Just like within the framework of arithematic you can never add one and one and get three. That's just how it works.

    Just like the sums of the interior angles of a triangle always add up to 180 degrees? The Greeks would have assured you that the angles would *never* add up to more or less than that value, but we know now that in certain cases that is incorrect. The solution? See the framework as just a subset of a larger framework which doesn't make certain assumptions (in this case, the assumption that there are only two dimensions).

    Saying "That's just how it works" is a cop-out. The entire mass of scientific knowledge is a set of theories with more or less supporting evidence behind each one. Things could change, or (more likely) someone will find a new approach to quantum theory that sidesteps the whole issue (which you sort-of mentioned). I'm just saying don't use assume that your current knowledge of the structure and limitations of reality are all exactly correct. Even assumptions with a fair amount of proof have been extended in strange directions in the light of new experimental approaches, better equipment, or better theories.

  • The last chapter in Simon Singh's The Code Book, recently reviewed here on Slashdot, is a clear and basic description of the theory of quantum crypography.

    -------
  • That's all correct, and was covered by Slashdot a while back. The article here proposes a totally different technique, though. You must admit that "quantum entanglement" sounds a lot sexier than plain old polarized photons...

  • Unfortunately it only works at 850 bit/sec so far. We might have to dig all those 1200 baud modems back out of the trash heaps... ;-)
    #include "disclaim.h"
    "All the best people in life seem to like LINUX." - Steve Wozniak
  • Oh yeah, sorry to reply to my own post, but reading further down: With error correction, "The net bit production rate is arround 530 bit/s" [sic]. Maybe we need a Beowulf cluster of these things ;-)
    #include "disclaim.h"
    "All the best people in life seem to like LINUX." - Steve Wozniak
  • Their protocol uses a one-time pad. Thus the overall communications rate is effectively limited by how fast you can generate and communicate the keys. Of course, if you re-use the keys then all bets are off....
    #include "disclaim.h"
    "All the best people in life seem to like LINUX." - Steve Wozniak
  • And, of course, it does nothing about the man-in-the-middle attack.
    Yes, it does. The man-in-the-middle can't re-generate the signal fast enough.
    Have a look at this [univie.ac.at] for more detail.
  • backslashdot? I wonder if that is registered... /me does a quick check
    Nope, can't find backslashdot.org: Non-existent host/domain.

    Darn.

    What do you hope to gaim with this post anyway? If it is interesting, it doesn't matter if it is bleeding edge news, just sit back, learn and let learn.
  • Well, because I don't feel very socially concious right now, I will choose to justify this with an answer.

    beginning here I assume you are serious
    Please note that when I said you weren't insightful, this wasn't an insult, it simply meant that you didn't have any of those thoughts by yourself, i.e. "insight." You were, however, informative, but you only got one point for that. This is what happens when you give the average slashdotter the choice between two long words that start with 'i' and have the same effect to the score.
    Noting that you are not a native English speaker, I apologize for "maybe he is just dumb". Incidentally, I meant my post to read "Maybe he was trying to make a point about how the English use of the letters "ph" is stupid," hence ridiculing you and the English language equally, but I ommitted some words, oh well.

    From here I assume that you may be joking
    Since my post included a complaint about space being wasted with "moderate this up" and "moderate this down" comments (moderators, morons that they are, can do their own job, goddammit), it's funny that you include just this in your reply.
  • "entanglement" creates the paradox of FTL

    I can't think of any.

    The problem is that you need to know what was done to the "sending" particle in order to decode the "receiving" one. Also, if you look at the reciever too soon, then it becomes the sender.

    Basically, it is like XORing with an unknown bit. The sender knows what he sent in, so looking at the result, he can deduce the original state of the random bit.

    The spooky part is that the corresponding random bit on the other end changes instantaneaously. unfortunately, the receiver knows only the result of the XOR, and this is not enough to send a message. She also needs the information the sender deduced about the unkown state to decode the information. NB She has to perform an XOR as well to read the information, so if she tries to read too soon, she'll have sent rather than received.

    Johan
  • But if you've read Mostly Harmless by Douglas Adams, you'd know that powering a spaceship with bad news isn't a very good idea.
    --
    No more e-mail address game - see my user info. Time for revenge.
  • Phase is just another quantum attribute, so it should be possible to measure phase without disturbing the quantum entaglement- of course other attributes will be affected. Having said that, it's probably much more difficult to preserve phase than other attributes like momentum or position.

    A workaround for the cryptography angle would probably be to measure multiple attributes at the sender and receiver side. This would make it much more difficult for a man in the middle attack to succeed, as it's probably only possible to preserve a symmetric pair of quantum attributes.

  • Take a look at QUANTUM DÈJÁ VU [sciam.com]. It's the first example of a quantum nondemolition experiment conducted at the Ecole Normale in Paris. Basically, by being very careful how they took the measurement of the photon, they could ensure that particular properties, including the ones observed where not interfered with. Some of the quantum state would of course be disturbed, but not all of it. While this couldn't currently be used to eavesdrop on a quantum encryption link, it could form the basis for an attack.
  • A very interesting article. The question then becomes, does this experiment change the phase of the photon? The article didn't say (it said that the atom's phase was changed), but I would expect that it was since the atom and the photon interacted. If the phase of the photon changes in the experiment, then this technique won't work for eavesdropping.
  • reading something like this a while ago (more than a year) about this, except I think back then, it was something to do with the uncertainty principle. The article I read (which I cannot remember) basically said that because you cannot observe the photon without affecting its state (because of the uncertainty principle), your action in observing the photon will change the state and thereby tipping off the receiver and sender that the message has been "tapped". I'm not a big physics expert, so I couldn't tell, is this the premise of this new article?
  • The one photon may be a data element of either the message data or the error-correction data. So, if enough photons of message and error-correction data get through, I can reconstruct the message data.

    Not to flame, but isn't that kind of like asking how do one *bit* per data element and integrated error correction square up?

  • In "The Leap Back" didn't Al send one of these to the future via post to get Ziggy to open the doors to the holographic chamber (or whatever it was called)?
  • AFAIK, no crypto protocol works perfectly when third parties can listen to everything. Most common algorithms are vulnerable to brute force, so if they intercept the message, then, given enough[1] computing horsepower, they can read it.

    To avoid brute force attacks requires something like a one-time pad, where the key is sent in advance over a secure channel. Yes, I know, if you have a secure channel then you don't need crypto. But perhaps the secure channel is slow, or likely to disappear. By using it to send the key in advance, you can then send a later message quickly, reliably, and safely.

    Something like this would be perfect for sending keys. The key is just random noise, so if you find that it's been intercepted, you just don't use that piece of it, and the enemy has gained nothing.

    [1] Of course, "enough" horsepower may not be able to exist in the known universe, but...

  • Brute force isn't a vulnerability.

    Maybe this is just a semantic argument. But:

    • Using brute force, it is POSSIBLE to read a message enciphered with conventional or public-key cryptography.
    • No matter how much brute force you apply, it is IMPOSSIBLE to read a message enciphered with a one-time pad.

    Therefore, I don't think it is unreasonable to state that conventional and public-key algorithms are vulnerable to brute force, compared to one-time pad algorithms.

    If someone has to rely on brute force to decode your messages, you're in pretty safe hands.

    Whether this is true depends on the key size. If your key was 8 bits, no matter how secure the algorithm, brute force would 0wn you quickly. And as a real-life example, 56-bit DES is beginning to be feasible to brute-force.

  • Essentially, this is a key distribution system for a one time pad (OTP) encryption setup. OTP encryption can only be deciphered if you have both keys, or if the keys are not purely random. If the data is random and you only have access to one key, game over. no good.

    Why this system is good:
    100% (reportedly) random data generation
    Spying ruins the data (like beam splitting)
    Neither side has to store a key

    Take a look at:

    http://www.quantum.univie.ac.at/research/crypto/

    for more info.
  • Quantum Cryptography is a little 'spooky', that much I agree to, but this is generally how the system works. You send your encrypted text over public and, otherwise, easy to intercept communication lines. The real secret or 'thing to preserve' is the key, which resides in the 'specially reserved and completely seperate' quantum line. This line does NOT emit different levels of radiation for 1's or 0's, so the TEMPEST attack will not work and if anyone other than Alice and Bob are reading the message, the line automatically 'shuts off'. (Note: This encryption works off the OTP principle) The quantum line doesn't have to be synced with anything so a disruption only means a delay in transmition of the key. Anyway...there is alot more to this story than submitted here...check out below. Some excellent material on the subject can be found at http://people.bu.edu/AlexSerg, he recently gave a lecture about Photon Entangled States here at BU for the IEEE; I'm sure you'll find his research quite helpful! He knows the material much better than I :-) David Gervais dgervais@bu.edu
  • My quantum mechanics isn't up to all that much yet. However, I'm confident that not one reliable source on the matter that I have read allows for anything other than the inherent non-local transmission of random information.

    A good reference is the Usenet Physics Faq which says: 'It has been shown by Eberhard that no information can be passed using this effect so there is no FTL communication' on this page [ucr.edu].

    Its easy to come up with ideas but unfortunately quantum mechanics has a way of screwing things up when you try and cheat :)

  • by mattkime ( 8466 ) on Thursday April 27, 2000 @09:58AM (#1106141)

    Hopefully, someday the science wizards at DuPont [dupont.com] will make a material using this technology. If you're like me, and have bad laundry karma, you could use Quantum Socks.

    "Spooky action at a distance" could be utilized to let you know if a lost sock is worth searching for. The unmatched sock would indicate to you if the other sock has been "intercepted." In theory, someone could take a sock and then make an effort to return it - but lets face it, mankind is not that morally advanced! On the other hand, in the rare case you aquire a sock, it would indicate to you that it was not really your sock.

    Obviously, this technology could be applied to a wide range of apparel.

  • by seebs ( 15766 ) on Thursday April 27, 2000 @08:43AM (#1106142) Homepage
    The spooks will now devote substantial research to finding a way to observe particles *without* interacting with them.
  • by Kaa ( 21510 ) on Thursday April 27, 2000 @08:17AM (#1106143) Homepage
    This was news at least half a year ago. IIRC a couple of Brits already implemented a "quantum-secure" communication channel, if only a mile or so in length. There are some problems with it being used for long distances, though.

    In any case, this just gives you eavesdropping-proof communication channels. There are plenty of crypto protocols which work fine when a third party is listening. And, of course, it does nothing about the man-in-the-middle attack.

    So: old news, tasty geeky titbit, little practical applications.

    Kaa
  • by Azza ( 35304 ) on Thursday April 27, 2000 @12:20PM (#1106144)
    I do understand, and the link is relevant. Let me point it out:

    The probability that two photon pairs are emitted from our down conversion source within the coherence time of the photons is negligibly small. Taken a gross production rate of around 8*10^5 1/s and a coherence time of 1*10^-12 s, the probability for the emission of two pairs within this coherence time is 10^-12*8*10^5 s*1/s = 8*10^-7. This probability is very low and justifies the neglecting of such events.

    This applies just as well for the MITM attack as the beam splitter attack. Mallory (or Eve, as I think the ususal example is named), has to communicate with both parties at the same time in order to correctly mimic Bob to Alice, and Alice to Bob. Eve has to take all incoming data, read it, and re-send it (possibly altered) to the intended recipient.

    Remember, Eve can't read the data without collapsing the probability states of the entangled photons, so she has to re-generate the data. She can't do this fast enough to accurately mimic the data she originally received.
  • by Greyfox ( 87712 ) on Thursday April 27, 2000 @10:52AM (#1106145) Homepage Journal
    Imagine someone works out how to set up a reliable communications channel using Quantum Entanglement. Something that could be set up so that you get 2 cards which interact with each other over any distance. A quantum modem if you will. All of a sudden you have an untappable, wireless, instantaneous (Presumably high bandwidth) connection to anywhere in the universe where you can get the other card.

    Now make a list of who would be hurt by this. The DOJ would scream bloody murder. All the telcos and ISPs would shortly follow. The various TV signal delivery people would lose their respective monopolies -- even if cable companies remained, you could choose any company on the planet. They don't want that. The MPAA and RIAA would file lawsuits because it'd make it much easier to pirate their IP.

    Chances are if you tried to file a patent on your spiffy new technology, it'd get squelched by the government in the name of national security and filed away in that warehouse with the burn-for-5-years lightbulbs and the 100 mile per gallon carbeurator. The NSA would probably kidnap you and relocate you to new digs at the bottom of the ocean after providing stylish new cement shoes.

  • by Digital Mage ( 124845 ) on Thursday April 27, 2000 @08:42AM (#1106146)
    For those too lazy to search for it. Slashdot article on Quantum Encryption [slashdot.org]
  • by JonesBoy ( 146782 ) on Thursday April 27, 2000 @08:20AM (#1106147)
    There is error within the procedure. This is inherent within quantum transmissions like this. Take a look at http://www.quantum.univie.ac.at/research/crypto/ and click on the links for the protocols. There is about a 4 percent error in the transmission. Not too bad. All you would have to do is integrate error correction within the message and you will be set.

  • by caedes ( 157147 ) on Thursday April 27, 2000 @08:41AM (#1106148)
    The whole point of quantum encryption is that you can transmit the *KEY* or signature just as you would transmit an encrypted message. Normally this can't be done because someone could intercept the key and be able to read all your encrypted messages. This way, if a new key is intercepted, just send a different one until you can be sure that it wasn't intercepted. This looks like it could be the encryption scheme of the furture.
  • by markt4 ( 84886 ) on Thursday April 27, 2000 @09:37AM (#1106149)
    This is all very interesting, but it's practical uses are limited by a few factors.

    First, the quantum key must be physically transmitted to the receiver. This means that the medium for transmission (in most demonstrations, fiber optics) must be in place between the communicating parties and both parties must have the equipment to detect the value of the key. This equipment must be capable of detecting the polarization of single photons. Not exactly the type of stuff people have just lying around.

    Second, there can be no amplification of the signal transmitting the key. Amplification of the signal is equivalent to someone eavesdropping on the key. The usefulness of the key would be destroyed. So forget about using this over normal phone lines or the Internet.

    Third, the longer the transmission distance the greater the likeliness of errors in the key. Quantum encryption keys have been successfully transmitted approximately 20 kilometer through fiber optics and 500 meters through the atmosphere, but with about a 2% to 3% error rate. This will probably be acceptable for text messages, but may not be for data streams unless multiple redundent copies of the data or sent, or other error correction techniques are used (adding length to the data transmission). This will work well going from say the White House to the Pentagon, but unless all your secret friends live within 20 kilometers...

    Fourth, if transmission speed is a factor for you, quantum encryption poses several problems. Only about 25% of the transmitted quantum key bits will be successfully detected (due to the 4 possible quantum states the photons can be in). This means to have a successful one-time-pad you must generate a key 4 times longer than the message you want to encrypt. Then the receiver has to confirm a sample of the key with the sender to ensure that the key has not been intercepted. Then you can transmit your message with about a 2% error rate.

    So this is cool technology, but will really only be useful for military purposes or extremely sensitive corporate secrets.

  • by fiziko ( 97143 ) on Thursday April 27, 2000 @08:34AM (#1106150) Homepage
    This is part of the premise. I haven't read the article yet, but I did a term paper on the spooky action (aka EPR paradox) last term. That's half of the picture.

    The other half is that the two "entangled" particles have a state which allows someone who reads one particle's state to know EXACTLY what state the other particle is in.

    You're familiar with the pop contests that put pictures under the cap right? Imagine a contest with two pictures that form a winning pair. Now, assume the you have a large collection of these pairs. You can split the pairs in order, sending one picture to "Alice", and the second to "Bob". When Alice looks under her liner, she knows exactly which picture Bob has.

    This system allows you to generate your encrpytion and decryption keys on-the-fly, while entanglement itself includes conclusive proof that someone "checked under the cap" while the picture was en route.

    This seems like a far more likely (and practical) use of the entanglement property then IBM's teleportation from a few years ago. (That was for only a small number of particles at a given time. It was really more of a replication that destroyed the original.)
  • by General_Corto ( 152906 ) on Thursday April 27, 2000 @08:26AM (#1106151)
    I was at a presentation about this kind of technology several years ago (someone from British Telecom came to give a talk to a bunch of us from University). The basic idea was that you could emit light a photon at a time, and pick this up later on.

    If you had a snoop (Eve), the data would be corrupted due to the fact that only one photon existed per data element - later, you could check this and discard any bad data.

    You still have to do the actual communication using your favourite strong encryption system. However, this system gets around the problems associated with key distribution over a distance.
  • by awhoward ( 108214 ) on Thursday April 27, 2000 @09:37AM (#1106152) Homepage
    By "impossible" I mean that within the framework of quantum electrodynamics it can *never* happen. Just like within the framework of arithematic you can never add one and one and get three. That's just how it works.

    So you might say: "well, the laws of physics are changing so rapidly these days that this will soon be a possibility." But revolutions in physics are rarely, if ever, of the sort where all of the old theory is thrown out and a completely new theory is developed. Instead, discrepencies are discovered in some corner of a theory and new a theory is discovered which is a superset of both the old theory and the new data.

    Also, "spooky action at a distance" in the form of quantum entanglement was never "impossible," it was just philosophically objectionable to some people, including Einstein. If you mean that "information can never travel faster than the speed of light in vacuum" when you say "faster than light (FTL)" travel, then you are incorrect if Maxwell's equations are to hold. All know examples of FTL (which are trivial and miss the point) violate some aspect of my previous statement in quotations. As for heavier-than-air flight, no rational scientist in any age who has observed a bird would tell you that it's impossible.

  • by Drone-X ( 148724 ) on Thursday April 27, 2000 @08:49AM (#1106153)
    It has probably been said a lot before on /. but this is how (I understand that) Quantum Encryption works:

    First of all it doesn't send encrypted data. It's just used to send random bits from Alice to Bob. Alice sends for every bit that's 1 a vertical polorised foton and a foton that's turned clockwise 45 for every bit that's 0.

    Bob chooses one of two filters for every bit he receives. At random he uses a filter that can either receive a 1 (a filter that's turned counter-clockwise 45) or a filter that can receive a 0 (a filter that's horizontally polorised).

    Bob will not receive a foton if he uses the wrong filter, which he will do aproximately half the time. This is because the polarisation direction of the bit and the filter would differ 90.

    The interesting thing is that if Bob uses the correct filter, he has only 50 chance that he'll see the foton (can you say 'Quantum effects').

    So far Bob knows that:
    - he did not receive the bit (because he used the wrong filter or because he had 'bad luck')
    - the bit is 1 (by using the correct filter)
    - the bit is 0 (by using the correct filter)

    Bob should, if knows the value of enough bits (which should be the length of the file to be transimitted), send back the numbers of the bits he received over an unsecure channel.

    Alice will then know what Bob is using as a key and she can encrypt the file using XOR. Alice then sends the file over an unsecure channel and Bob can decrypt it.

    But what if someone is listening? Let's say that Claude is receiving the bits that Alice send. But Bob will know that Claude is listening because he doesn't receive any bits. The solution would seem that Claude resends the bits to Bob. But there is a problem for Claude here, (s)he did only receive 1/4 of the bits correctly. 37.5% (approximately) will thus be incorrect. In stead of receiving 1/4 of the bits correctly, Bob will only receive 36.5% of 1/4 = 16% of the bits correctly.

    But how could Bob and Alice know that not all the bits were received correctly? This is currently solved by sending part of the bits over a quality line (on which Claude could be listening though).

    Another problem, letting Bob know that a polorized foton has been send could be solved by sending a pulse of non-polarized light an instance before the polorized foton.

    Current results are 48km through optic fiber and 50 meter through the air (3km would do for satelites).

If you have to ask how much it is, you can't afford it.

Working...