Security researchers using hardware hacking techniques have unearthed generic flaws in supposedly ultra-secure quantum cryptography systems. The security of quantum cryptography hinges on using the fundamental properties of quantum physics for quantum key exchange. Any attempts to monitor this exchange would inevitably be …
... you can expect the price of this gear will go down as the price of quantum crypto gear will go down. Recall that DES was declared definately insecure, do not use regardless of purpose, when it took a million dollars or so to brute force crack it in minutes. So fifty thousand dollars is certainly considered "feasible" if not quite "everyday" yet.
Looks like this is an attack to specific implementation flaws, not the quantum crypto principles. But then again, as long as Alice and Bob use machinery vulnerable to these attacks, Eve won't care.
So we have a possible vulnerability of a brand new, still lab-only technology, that requires a rather heavy financial outlay for materials, a degree in physics to exploit, and physical access to the receiver's end link. Once again the age-old rule of security comes to mind : if the enemy gets physical access, there is no security.
Given that this quantum crypto thingy is not going to be of any use outside high-level government, military and intelligence circles, I doubt that the impact of this "find" will be any greater than a change in procedure for the implementation technicians.
If you are running a multi-million pound business empire and don't want the government, military or intelligence circles eavesdropping you would want some high-end crypto to try and hide arrangements of when a container with several kilos of raw, uncut Colombian marching powder is to be expected.
Rival firms such as the Feds may well also want to find out.
erm, if you reat the article, you would find out that it isn't lab-only crypto. It is in use by banking institutions amongst others.
I'll give you the initial outlay and local access points as prohibitive though...
uh... lab only?
What do you mean lab only? Had you head of quantum encryption in banking before today? Several of the world's major banks employ quantum crypto for sensitive transactions *right now*. There's good money in being able to supply entangled pairs for the crypto required, and showing that the security offered through them is only worth $50,000 means these institutions now have a problem they need to deal with immediately.
Don't know about you, but the more government agencies rely on high-tech surveillance systems, the easier it is to stick to good old fashioned face to face meetings behind closed doors. A windowless room with a foot or so of cork built into the walls, and the door being sorted the same way, defeats any and all surveillance methods, barring actual physical presence (planting a bug for example)...
Alternatively, using a random shack in the middle of a shanty town is also good. Take your time, get to know the locals, splash some cash around and any unknown faces will stick out like a sore thumb and you will have, for all intents and purposes, your own army ready to defend you to the death.
Splashing cash works best if you build schools and hospitals, and police the area properly with locally hired and trained people, as they will love you for it. Also, if you're selling narcotics, don't shit on your own doorstep. That's where the Medellin Cartel went wrong - they did some of the above, but mostly relied on fear and murder to protect themselves. Too much stick, not enough carrot...
If I were a bank
I'd be more interested in better lockdown of widely-deployed existing PSK approaches, than playing with quantum goodies. Any bank that has invested in quantum crypto for key exchange is doing little more than demonstrating how gullible their CTO is to fancy marketing. (And is probably a good target for simpler physical attacks).
No such thing as secure
Just stuff that hasn't been cracked yet.
Re: No such thing as secure
"Just stuff that hasn't been cracked yet."
That's easy to say, but much harder to prove.
Lets only focus on the fundamental security across the wire and not implementation faults, since implementation faults can implicitly be fixed (and therefor contradicts your statement that there is "no such thing as secure").
With regards to PKI, there are two possible cracks.
1. We discover a mathematical way to boil NP complete problems down to polynomial time without the need for brute force.
2. We discover a way to solve NP complete problems quickly, say using a theoretical scalable quantum computer.
In order to back your assertion for PKI, you would have to prove either of the above is feasible.
With regards to quantum encryption, there is theoretically nothing one can do on the line to uncover the data. Quantum entanglement creates a continuous stream of bits which can be used as a one time pad of infinite length.
To prove your assertion for Q-E, you'd need to invalidate the currently accepted principles of quantum mechanics to reproduce the random bit stream.
You may be right, but until you can prove it, the statement is at best an educated guess.
Congratulations, no boffins.
"relies on remotely manipulating"
The article said that the receiving end is being remotely manipulated.
Is the future already?
"Quantum key distribution systems became commercially available around five or six years ago and are used for the secure exchange of highly sensitive material by banks and governments..."
I have to admit this came as a bit of a surprise to me. I see at least one other commenter was unaware as well.
I that just goes too show you... something or other. I don't really have a point I guess. Now where's my flying car.
- YARR! Pirates walk the plank: DMCA magnets sink in Google results
- Pics Whisper tracks its users. So we tracked down its LA office. This is what happened next
- Review Xperia Z3: Crikey, Sony – ANOTHER flagship phondleslab?
- OnePlus One cut-price Android phone on sale to all... for 1 HOUR
- UNIX greybeards threaten Debian fork over systemd plan