Code for Unbreakable Quantum Encryption

An anonymous reader writes "ITO is running a story on NIST's latest quantum encryption key generation. From the article: 'Raw code for "unbreakable" quantum encryption has been generated at record speed over optical fiber at NIST. The work is a step toward using conventional high-speed networks such as broadband Internet and local-area networks to transmit ultra-secure video for applications such as surveillance.'"

Buzzwords and Challenges.

[lordsid]

People really need to quit referring to anything as "unbreakable" or 100% secure. It's never going to happen. Just as making anything idiot proof, they will always build a better idiot. Saying it's unbreakable is just going to challenge someone to do it.

Re:Buzzwords and Challenges.

[duranaki]

Well yeah.. that's why they used those "air quotes".

Re:Hold on just a sec...

[MichaeLuke]

Seriously, parent poster is right. I'm not a programmer, but I have doubts about "unbreakable" encryption. If quantum computing is so great at encrypting data, wouldn't it also be great at cracking it?

Change to "near" Unbreakable.

[Kenja]

If it can be decrypted its not unbreakable. Unbreakable encryption is easy, just not that usefull if you ever want access to what you encrytped.

Physics 101

[Billosaur]

The NIST quantum key distribution (QKD) system uses single photons, the smallest particles of light...

Ok, maybe I missed something back when I took QM in college, but photons are the only particle of light, aren't they? They are not the only electromagentic particle, but are the only constituents of the light we see. Or has the universe become even stranger and no one told me?

"unbreakable"?

[polv0]

That's like giving a DEA agent in Columbia a "bulletproof" vest.

from the article

[mapkinase]

The rules of quantum mechanics ensure that anyone intercepting the key is detected, thus providing highly secure key exchange.

What about the noise of some of the photons being lost (absorption)? The system has to be stable against it. Ergo, one can hide herself under the noise threshold.

PS. It has been 20 years since my quantum mechanics exams.

Re:Change to "near" Unbreakable.

[frankie]

QC is unbreakable in the mathematical sense. It's a souped-up OTP, which cannot be broken by an outside party, period. Note the word "outside". You can't install a sniffer on the wire, copy the message and decrypt it later. Aside from effectively infinite key length, with QC your intrusion will be detected in real time.

Insider attacks (mole, rootkit, spy camera, etc) which occur AFTER reception and decryption do not count, because the encryption method has nothing to do with that.

Re:One time pads are...

[FhnuZoag]

Well, the point is that your pad can be sent at a time when you have secure communication - such as on an USB drive in face to face contact. Then, you can send the message later at any time without secure communication. It's a method of shifting the moment that messages have to be sent to be a time when you can guarantee security.

Re:Actual transmission?

[JesseMcDonald]

The reason you transmit the pad instead of the actual data is that the properties of the system don't prevent evesdropping, they only make it detectable. If you transmitted the actual data over the "secure" stream, someone could still intercept it. You'd know that they intercepted it, but by then it would be too late to do anything about it. However, if you transmit the pad over the secure stream you can know which bits were intercepted prior to encrypting the data and can remove those bits from the pad. NOTE: I see someone already posted something similar after I started posting, but I think this version is a bit easier to understand for someone who isn't used to quantum cryptography.

Re:Change to "near" Unbreakable.

[eddeye]

Insider attacks (mole, rootkit, spy camera, etc) which occur AFTER reception and decryption do not count, because the encryption method has nothing to do with that.

Which is exactly why this is a solution looking for a problem. No one ever breaks modern crypto when it's used correctly. Attacking the periphery of the system is orders of magnitude easier. Your resources are much better spent guarding against insider attacks than buying the next useless whiz-bang crypto device.

Re:Unbreakable != Useful

[Rumagent]

It could be argued that "susceptible to DOS attacks" is present in all crypto systems, that uses public (or not so public, for that matter) transmission systems - it is trivial to distort a message regardless of whether it is encrypted or not. What you view as a vice, I would characterize as a virtue. Now, at least, you know when Eve is trying to eavesdrop.

Re:Change to "near" Unbreakable.

[MaceyHW]

QC is unbreakable in the mathematical sense. It's a souped-up OTP, which cannot be broken by an outside party, period.

It's not "souped-up OTP" it's just regular old OTP with a wrapper that prevents a man-in-the-middle attack. As stated in TFA:

The NIST quantum key distribution (QKD) system uses single photons, the smallest particles of light, in different orientations to produce a continuous binary code, or "key," for encrypting information.

This is just a system for transmitting an arbitrary-length string of bits with absolute integrity. This is both non-revolutionary and non-trivial.

How messed up our heads are...

[Catbeller]

Quantum crypto, a technology that can finally enable private communications for the masses, without being snooped on by the bosses and the government, and what killer app do we see?

Surveillance, on us. Unbreakable, uncrackable without detection, so our paranoia-clamped citizenry can rest easy that our boss and our government can surveil anyone they like without fear of having some third party, such as a lawyer, see what they are watching.

Mind-boggling. A pro-authoritarian mindset slipped in so easily.

It's unbreakable, so you break something else.

[Anonymous Coward]

They really are "unbreakable" according to a specific mathematical meaning of that. If (when?) such schemes are broken, they will be broken by exploiting something else.

This application of QM allows you to exchange data where the laws of physics themselves guarantee that no one but God could eavesdrop on the data in transit without you knowing about it. So they *can* eavesdrop, you'll just know if they do. They can also steal the data before or after it is transmitted (e.g. NSA has the hardware secretly cache all keys sent over it for later recovery, or whatever). The endpoint computers probably aren't unbreakable, although they may be very close if they're made by the NSA or someone. And if you're getting hardware like this, you *ought* to have a good admin, but I digress.

Okay, so you have this super-ultra good link where you can send data and *know* that no one intercepted it. What now? Well, you have a few options:

A) Send one-time pad data. This encryption method is perfect--EVERY plaintext of the proper length is a possible decryption of any given ciphertext. And you would be padding the length, anyhow. So long as you use a good random source for the pad's data, you'll be fine. Of course, if you use a random source that's somehow deficient, well... Note that it would be good practice to compress (i.e. zip, 7z, rar, whatever) the data before sending it to increase its entropy. Doing this is good for many reasons and is pretty much always helpful when encrypting things.

B) Send keys. You can send secret keys and use your favorite normal cipher. Because you know if someone was eavesdropping (and can discard any keys they eavesdropped upon), you will know that the key is secret (unless, of course, an endpoint is compromised). Now, so long as you're using a good cipher here, you'll be fine. Of course, if your cipher is deficient here, you're hosed. One good thing about this is that you can keep making new secret keys, to limit how much damage it does if an adversary breaks your cipher. This is a very helpful thing to do because some attacks require a lot of ciphertext, and you're not putting out all that much ciphertext for them to use to recover your key if the key changes for each message. Suddenly they have a lot of crumbs, when they need a large block, all encrypted with the same key(s).

C) A little of each. There may be reasons to do both. Maybe you want to send short text messages or small files and these can all be done via a true one time pad, but the large files are more efficient to do via some stream cipher. After all, with a stream cipher you only have to transmit file + a relatively small key, whereas a true OTP requires you to send 2 * file worth of data, the first being the OTP, and the second being file [xor] OTP. And that's neglecting overhead, of course. Normally, you want to do a number of things I'm neglecting here to avoid misc. side channel attacks that could reveal things like how large a message you're sending, *that* you're currently sending a message, etc., which can all leak information.

After all, if you know that A is asking B whether or not A should do something (which you know via other means) and you saw A transfer the ciphertext ^s@ or possibly ÿÿ it wouldn't take a genius to figure out that one was yes and the other was no with or without an OTP ...

Re:Hold on just a sec...

[somersault]

but it's quantum, so you can't really be sure it's secure until it's already been sent.. or something

But seriously, what would stop someone intercepting the key, then resending it? If the original transmitter can send the key, and the receiver can receive it, why can't a repeater-station type device in the middle read the key, then send out a new duplicate?