Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:Submitter has no clue what QC is. (Score 1) 101

Semantics. QKD is a way of obtaining a secure key which we then use to perform one-time pad encryption. In other words, we use it for encrypting information.

I don't understand this. Sending a one-time pad key is equivalent to sending the plaintext, as far as information transfer goes. (Otherwise, it isn't a real one-time pad.) The only advantage of the 1TP is that we can send the pad when we can get a secure communications channel, and then send messages at arbitrary times over insecure channels. If you have a reliable and persistent secure channel, why bother with the 1TP key?

Excellent question! QKD is just what it means, key distribution. There is actually no transmission between sender and receiver, instead it randomly establishes a secret, shared key at Alice's and Bob's place. Therefore, to do transmission, you use OTP to perform encryption.

Comment Re:Move along, nothing new here (Score 1) 101

Makarov's group attacked the E91 protocol, our paper attacks the Franson system. A significant difference is that we show the Franson system to be insecure even if the device is implemented with perfect devices. Makarovs papers are very well-written and interesting to read. I recommend starting to watch one of his YouTube lectures: , it is entertaining, highly interesting and is on a reasonable level for the average ./ reader.

Comment Re:Submitter has no clue what QC is. (Score 1) 101

It's hard to argue about QKD without understanding how it works. Your starting point about QKD transmitting keys in the clear is wrong, as the information does not even exist in the quantum channel. Alice's and Bob's measurement operations are what create the secret key. That key is then used in a one-time pad. Also, OTP is exactly what we use after finishing a QKD session. The key requirements you talk about is exactly what makes OTP 100% secure.

Comment Re: Submitter has no clue what QC is. (Score 1) 101

The Franson interferometer is a QKD system that many (including senior researchers in the field!) believe is perfectly secure. Our paper shows it isn't and never will be. Also, there is no "general" QKD system, only a number of protocols, each with a corresponding security proof. The headline is correct.

Comment Re:quantum crypto is not "unbreakable" (Score 1) 101

In the QKD picture, the security proofs place no restriction on the computational power of the attacker, so Diffie-Hellman, IPSec, VPN Tunnels, SSH, SSL/TLS all become broken. The one crypto method that remains safe is the one-time pad. (We call this information-theoretic security). What QKD does is allow Alice and Bob to randomly and secretly generate a key. Therefore, the system is completely safe. In fact, we can prove this mathematically, so the QKD layer is absolute...well, except for the system we just showed to have a flawed security proof ;)

Comment Re:quantum crypto is not "unbreakable" (Score 1) 101

From our paper: "An intuitive countermeasure to our attack is to add a power monitor to the analysis station that detects if the incoming light is too bright. [or, counts photons] If such an anomaly is detected, Alice and/or Bob are alerted and discard the relevant measurement outcomes. This modified Franson interferometer would not be vulnerable to the specific attack as described so far; however, it does not solve the postselection loophole, which is the actual issue at hand. " (emphasis added)

Comment Re: quantum crypto is not "unbreakable" (Score 1) 101

We're talking security here, so it is beneficial to look at it from Alice's and Bob's point of view. They can only relax when they use a QKD system with a complete security proof which guarantees security. If they use a system with a flawed security proof (what we show in the paper) they can never be secure. No matter how many blinding-detectors they apply and Guidos they hire, they can not be really sure that the system is attacked. In essence, we are back to the good old classical security picture which is a giant cat-and-mouse game.

Then, why would they use QKD in the first place? Either switch back to classical security measures, or choose a QKD system with a complete security proof. Our paper does list a system that has all the good properties of the Franson interferometer, but with a valid security proof. Read more here:

Comment Re: quantum crypto is not "unbreakable" (Score 1) 101

There is no such thing as "QC" in general, only a number of protocols. Each one of these protocols has their own security proof, and we've utterly broken the security of one of those protocols. You try to make a distinction between "QC" in general (which does not exist) and a certain implementation. But even if you build a machine out of ideal components, the protocol we attacked will not be secure since it's security proof is flawed.

Comment Re:Give us a decent descritption please. (Score 1) 101

So which part of that story have you attacked? And leave out the bits about the Frigembroten Sniggens defrobulation principals.

In QKD, you don't need any "extras" to be secure, it is information-theoretically secure all on its own. No need for signatures. We have found class of QKD devices that have a flaw in the security proof which allows an attacker to evade detection. We exploit this flaw by sending pulses of light to Alice and Bob which 1) allows the attacker to dictate the key and 2) evades detection. We never intercept the qubits, we replaced the source device with a trojan device of their own. Ordinarily, the security test should detect that the source device is misbehaving, but due to the flaw we found, it doesn't.

Comment Re: quantum crypto is not "unbreakable" (Score 2) 101

Read the paper. QKD is secure. In fact, it's so secure that we can prove it will never be cracked. However, we found a flaw in the proof for a class of QKD devices, and the paper shows how to exploit that. Big difference to IT security where we can't prove security, just aim for the best.

Slashdot Top Deals

1 1 was a race-horse, 2 2 was 1 2. When 1 1 1 1 race, 2 2 1 1 2.