back to article Quantum crypto targeted in attack of the clones

Japanese researchers have put another dent in Quantum cryptograpy's reputation as the final word in secure communications. Transmissions sent using the technique are protected from eavesdroppers by the fundamental rules of quantum physics, at least in theory. In practice, implementation weaknesses can leave a narrow door for …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

You lost me at ...

the Quantum crypto part

0
0
Coat

Well I'm no optical boffin but...

If you intercept the lightbeam then why not just retransmit it with the same polarisation as you received it and then you've got an exact duplicate of the transmitted data and the parties at either end know nothing about it?

I'll get me coat.....

0
0
Anonymous Coward

Denial of service

And I reiterate my comment on a previous article about quantum crypto.

It seems to me that all a malicious person needs to do is "continually observe" the data stream thereby alerting the subscribing parties of an intercept attempt. Since they couldn't be sure the keys weren't compromised, they would never be able to established secure communications.

0
0
Silver badge
Boffin

@AC, duplicating lightbeams

The thing is that according to Quantum physics, to know the polarisation you have to measure it. It can be either | and - (the "+" orientations), or \ and / (the X orientations). To measure the photons, you place either a + orientation detector, or X orientation detector. Thing is, if you choose the wrong one, there is a 50% chance that you will "twist" the photon into a wrong orientation, or completely filter out the photon itself. So either way, you are already altering the thing by the mere act of reading it.

However, this is nice in theory, but for key distribution, you'd have to know beforehand the +/X orientations used for transmission, which kind of defeats the purpose. So QC protocols rely on doing transmission totally at random, so security really turns into a matter of probability. So basically, your "secure" key transmission basically counts on *luck* for successful, untampered transmissions. Then again, probability for interception of a QC-transmitted key of say, 1024 bits would be around 1 / (1024 * 2 * 2) or something like that.

0
0
IT Angle

Phew...

For one moment there I thought you were referring to the tape silo guys. I'm sure they will just love your title given they encrypt and clone....

0
0
Anonymous Coward

This article is incorrect

The referenced paper (Okubo, Buscemi, Tomita) does not break quantum cryptography (QC). All they do is to implement an (imperfect) quantum cloner, against which QC (in this case, the BB84 protocol) is resistant, and they do not pretend anything further.

Quantum states cannot be perfectly cloned (or simply intercepted then re-transmitted). That's the very principle on which QC is based.

From Wikipedia (http://en.wikipedia.org/wiki/No_cloning_theorem), "the no cloning theorem is a vital ingredient in quantum cryptography, as it forbids eavesdroppers from creating copies of a transmitted quantum cryptographic key."

0
0

@AC

Not sure if you are being entirely flippant but the whole point of quantum cryptography is that you cannot analyse the polarisation and just retransmit. There's bound to be an explanation at Wikipedia . . . .

0
0
Boffin

Fibre Optics

It's possible to tap in & eves drop on a Fibre Optical transmission without having to physically break & reconnect the connection. The Allies did it in the last Gulf war & was reported at the time. Quantum crypto will not help in this situation.

0
0
Anonymous Coward

it's in the quantum...

Because the polarization you measure is not the same as the polarization that

was sent - by measuring it, you lost a lot of the data.

Go and do a basic quantum mechanics course, looking particularly

at the stuff on superposition of states. Or read any of the countless popular explanations

of how quantum crypto works.

0
0
Stop

Re: Well I'm no optical boffin but...

Read the comments from the last quantum cryptography article to gain enlightenment.

http://www.theregister.co.uk/2008/05/30/quantum_crypto_advance/comments/

0
0
Boffin

@no optical boffin but..

There is a hidden variable effect when it comes to entagled particles such as photons. If you take two photons & split them into two different directions you will then be able to recreate what Einstien called "spooky action at a distance". This is where whatever you do to one particle the other will immediately take on the opposite property

0
0
Anonymous Coward

entanglement

@Well I'm no optical boffin but.

Presumably when you intercept an entangled photon you will be detected by the other half of the pair becoming disentangled.

But. Is this article suggesting that banks have actually already bought and paid for quantum crypto systems?. As in, these systems actually exist now? I thought it was just theory for the time being...

I guess ive been away from the internet for too long.

I'll get my coat.. It's the one with the punched cards in the pocket.

0
0
Anonymous Coward

I'm no optical boffin either.....

But reading this:

http://en.wikipedia.org/wiki/Quantum_cryptography

If you can intercept both channels I don't see what stops you doing a straight man in the middle attack. Bob can talk to Alice, but he can't verify who Alice is....

I see how it would stop snooping, but then so would a whopping great big private key exchanged previously in a secure way, which you need anyway to verify Alice is Alice and not Alicesky.

Plus, then again, well.... it's all sh*t. The whole principle relies on discrete photons, and if there are no discrete photons then it falls apart. Any lay person can see what the boffins are kidding themselves about (that the photons are only measured by discrete because that's the only way you have of measuring them):

http://quantumweird.wordpress.com/2007/06/20/quantum-weirdness-a-matter-of-relativity-part-2/

So when they give up on the whole entanglement, time travelling photons that exist as relativistic zones that 'recombine' with themselves..... this encryption method disappears with it.

0
0

Some thoughts

@AC - the trick with quantum communication is that there are two sorts of polarisation possible - but you can only measure any one of them - the act of measuring the one you choose destroys the information encoded in the other. So Alice randomly chooses which of the two kinds to use for each photon. Bob randomly chooses one or the other to measure. After the photons are sent Alice sends (in clear) to Bob the choices she made. On average Bob will have measured about half of the photon's polarisation the right way - and these can be assembled to make a key - which is used as a one time pad for the actual communication.

If Eve tries to intercept the photons she must also destroy the information in the polarisation - and can also only recover one of the two sorts. So even if she resends a new photon with the measured polarisation, she only has a 50/50 chance of encoding the other form of polarisation correctly. So Bob will get a sudden jump in errors in the link - which is evidence of an eavesdropper.

The paper seems to show a method for cloning the photons with enough fidelity (because it is intrinsically impossible to perfectly clone this is a probability) and assuming that you are able to keep the clones about without measuring them (a none to trivial task) until Alice sends her choice information, and then measure each photon knowing ahead of time which form of polarisation to measure (something Bob cannot do.) You may get enough leverage to get some useful information out of the link without triggering the eavesdropper error threshold.

Not being an optic boffin either I suspect the leverage is in the ability to keep the clones until Alice sends her choices - this doubles the number good measurements Eve gets. The act of cloning must increase the error rate Bob sees (indeed there should be a conservation law in here somewhere), but it looks as if the additional leverage Eve has with this trick means she gets twice as much information out as Bob sees degraded (since Bob sees half of his measurements listed as useless.) Thus it may be that there is enough wiggle room that Eve can get a partial idea of the key without Bob deciding that the error rate is too great, and there is an intruder. A partial key can be enough.

Like I say, I'm not an expert in this - but it seems to be the general idea.

0
0

Entanglement

entangle the data stream, by attacker, using a known source.

Then - either

A you can get a result as the data stream is resolved (whatever that may entail) as the entangled data you kept is resolved as well.

B if the original source data is not resolved - ie they end user thinks that there was a compromise - then you can safely attempt to resolve the data yourself, as the original will have been thrown away. This may not give the exact key, but will/can provide information of the key system

0
0
Unhappy

Ouch

I've read this and now my brain is dribbling out of my ears.

But you can't measure what comes out of one ear, because it changes what comes out of the other.

0
0

Larger .jpg

might be that information is informative when it is shared as an open epistemological system within the universe of discourse. So-called 'secret' or 'encrypted' or 'secure' information is inherently corrupt for the same rationale that those who use it think it is secure. While the actual symbols of the information-set -might- be recoverable at a specific destination, the meaning of those symbols will have changed by virtue of their selective value to the sender and receiver, and by the necessary transition into a meta-message during transit. Such meaning, like the blink of an eye interrupting a photon-stream, is never fully recoverable, and neither active-encrypted nor passive-restricted secrets cannot thus be fully trusted. Oversimplified, if 'X' is an information-set, and it is predicated with 's' as a secret-set, then the message-packet becomes 'Xs'. Either retention from public access or filtering within secure media will decay the meaning of the message X. Put another way, one cannot literally walk in the same stream (of information) more than once because it is under constant forces of change. More accuracy is retained by numerous 'witnesses' to the data when the message-packet is under constant review and surveillance. This is not logically possible at the quantum/discrete-photon level without entanglement "entrapment" of bits.

In application, banks which buy into security at this level cannot know whether the data is uncorrupted because aside from the stated problem, there is the time-based uncertainty of the symbolic value of money. This is another discussion, and I have a sub-prime mortgage byte investment to sell you.

0
0
Silver badge

Quantum cloning

The New Scientist magazine had an article a while back (can't remember exactly when) which challenged the whole idea of it being impossible to measure a quantum state without effecting that state.

There was something about the measurement induced state changing actually taking a finite period of time as opposed to the commonly held belief that such a state change is instantaneous. There was also something about keeping the measurement period shorter than that and ending up with a partial result plus a partial state change. Another part was taking that partial result and using it to undo the partial damage to the state. Because of the way they were doing it two (I think) partial results could reveal the actual state with a high degree of certainty.

The researchers were measuring the quantum state of electrons and varying voltages to create moving barriers against tunneling electrons. Pulses of microwaves were used to adjust the state. It all seemed quite plausible though subject to final experimental assessment. NS were saying that if extended to the optical world then all QC bets were off and that if they made their experiment work there would be a Nobel prize in it!

0
0
Anonymous Coward

@Alice Bob and Eve

"Bob randomly chooses one or the other to measure. After the photons are sent Alice sends (in clear) to Bob the choices she made. On average Bob will have measured about half of the photon's polarisation the right way - and these can be assembled to make a key - which is used as a one time pad for the actual communication."

Why clone the photons? Alice doesn't know she talking to Bob, Bob could be Bobsky that is simultaneously talking to Alice using one set of photons and Bob using another.

The whole point of this mechanism requires they be able to have at least one of the links where they can reliably pass information from Alice to Bob (without interception by a middleman and knowing that Bob is Bob and Alice is Alice), but then if they could set that up, they could exchange private keys ahead of time instead.... then you'd only need one path not two.

Seems kind of a pointless exercise. Plus it fails IMHO because photons aren't any more discrete than my Kg weights are discrete. Your photos hit a detector that measures photon by detecting the promotion of electrons, so if it can't promote an electron it can't be detected.

It's foolish to assume you can't detect half a photon, because you'd simply have to find a way to add (I'll call it entangle if you like) it to another half photon. But the biggest hurdle to doing that the religion 'QM' has a Q in its name and they can't lose the Q without looking foolish.

http://www.theregister.co.uk/2007/08/17/photons_ftl_not/comments/

0
0
Silver badge
Happy

I'll say it again...

The best you can ever do is make a system good enough that the baddies have to be at least as clever as you in order to break it. Trouble is, if they're not now, they will be.

0
0
IT Angle

What're quantum mechanics?

I don't know. People who repair quantums, I suppose

0
0
Coat

Oh my god...

They killed Schroidinger's cat!

You bastards!!!

0
0
Silver badge

KISS

"As previously reported, the weakness identified by the Swedish team involved shortcomings in how systems verify that the content of a message has not been altered in transit." ... Question/Confirm with Source would solve that Problem .... Immediately.

0
0

@Jon Brindley

The advice I was given was "If you think you understand quantum mechanics, you weren't paying attention in the lectures."

Actually, I think my local garage employs quantum mechanics. You can either know what they're going to do, or how much it'll cost, but not both.

0
0
This topic is closed for new posts.

Forums