Quantum Encryption Explained

angelos writes "New Scientist Magazine has an article discussing the theories of Quantum Encryption. Short and not too complicated an article, but makes for some interesting reading. " Very cool overview of the subject - takes a look at the potential future of encryption and why the curent system of encryption will not last.

Electronics CAN generate random numbers

It is probably true that random numbers cannot be generated by purely digital means as we have to use less than perfect methods to generate seeds. ANALOG electronics are another matter altogether. A truely random number can be built very inexpensively. A forward biased zener diode will produce white noise. White noise so produced is the result of electrons being forced the "wrong" way over a rather strangely doped p/n junction. I can think of no mathematical way to make this a deterministic system. This white noise should be immediately amplified so we can filter it and apply it to an A/D converter. We then use a spectrum analyzer to find out over what range(s) the noise produced is "flat". This is important because the noise produced may have higher or lower average amplitudes in spots. We then use a steep midpass filter to pass an appropriately large and flat part of the diodes output spectrum. This selectively filtered portion of the noise is then passed to a high quality A/D converter. Lo and behold, we now have a truely random number generator.

Re:Pessimism about modern crypto totally unfounded

The point is there is already an algorithm for a quantum computer that can factor numbers in O(n^3). The problem is it requires 3n quantum bits to use. So, to factor a 512 bit key you would need ~1500 quantum bits. This is a long ways off (largest computation has been done with 5 bits I believe), but there is no way to tell how far off it is. Most researchers in the field believe it is possible.

On the other hand, quantum key distribution, is provably information secure. No amount of computation renders it insecure.

By the way, this is mostly pure research, but there is a group at los alamos that have done quantum key distribution through 50 km of fiber, and 1/2 km of air, both with very small error rates (important for the security proof).

Pessimism about modern crypto totally unfounded.

The breezy assertions at the start of the article that modern cryptosystems are going to be cracked any moment now are totally unwarranted. Progress in solving problems like factorisation, ECDL etc has not been much different from what might have been predicted fifteen years ago, and we have no particular reasons to think that this will change. It's about as worthwhile as speculating that some as-yet-unknown discovery in physics might render quantum cryptography useless.

Quantum crypto requires bizarre quantum properties of your message to be preserved from end to end - there's no possibility of an ordinary routing network. Furthermore, as the Dodger points out, it just pushes the problem into the authentication domain, and that's resting on precisely the same "untrusted" mathematics and a few social problems too. It's an interesting toy, but the public key crypto we already have - that we can do with straightforward hardware and the networks that already exist - will continue to be the workhorse for 99.99% of encrypted world communications, and don't let anyone try and tell you otherwise.

I do wish people wouldn't mutter dark warnings about perfectly good systems in order to sound interesting: the field of security has enough FUD as it is.
--

Legal warning!

ADVISORY: There is an Extremely Small but NonZero Chance that, through a Process Known as "Tunneling," this Post May Spontaneously Disappear from its Present Location and Reappear at any Random Place in the Universe, Including your Neighbor's Domicile. The Poster will Not Be Responsible for any Damages or Inconvenience that May Result.

--

*All* encryption is vulnerable to Man-ITM

If our understanding of the physics is correct (pretty much certain) then this system is provably secure: no mathematical breakthrough will let you in.

If you can intercept *all* communications between the two parties, direct and indirect, and substitute *all* messages for ones you've written yourself, then nothing at all will stop a MitM attack. You have to have some sort of authentication lever.

However, you're right to say it's a particular weakness of this system, because the system depends on Bob sending Alice an authenticated message of what measurements he took. If Mallet can subvert this channel he can read the secret message. And QC doesn't provide provably secure authentication, since that's impossible - it's a social problem as much as anything else. Perhaps you could prove that the sender of a message knows a particular secret, but how will that help if you can't be sure who holds the secret?

And you're also right that it's totally impractical for real use.
--

No.

The problem of how to break something like RSA is a mathematical one: either some operation is easy to do in one direction and hard to do in another, or it's in fact easy in both directions. Factoring is one example of such an operation.

The proposed quantum scheme relieson the fact that whether a photon will pass through a filter polarized at 45 degrees to the photon's own aligment is random at a quantum level, eg. can't be determined. Eve is screwed at a fundamental physics level. The only thing that could crack this would be major changes in our understanding of particle physics.

It's open to debate whether this is more or less likely than finding a quick factoring method (or in the case of RSA, a quick way to find Phi(n) from n). . .

You're doing the NSA's job for them!

The conclusions of those "people out there" are not based on anything resembling a fact. If this sort of mindless, groundless pessimism puts even one person off encrypting just one email message with the best tools we have (PGP, GPG etc) then the NSA have done part of their job without spending a single compute cycle.

Learn a little about how modern crypto works (The Cryptogram [counterpane.com] is a good place to start). Read the descriptions of some of the AES candidates: Serpent, RC6 or Rijndael might be good ones to start with. Even in the supremely unlikely case that the NSA can crack everything we use, it would still cost them something in compute cycles, and encrypting all the world's email would still put a significant barrier in the path of their intelligence-gathering activities.
--