A group of English and Canadian researchers has cast doubt on the nascent push to develop device-independent quantum cryptography standards, asserting that such schemes could be undermined by malicious vendors. Their paper, Prisoners of their own device: Trojan attacks on device-independent quantum cryptography, is published on …
The thinly veiled hint...
Dear CIA, FBI, goverments, don't buy your secure quantum cryptography kit from the Chinese vendor with a great price.
Mum's the Word on that which delivers MkUltraSensitive Absolute Power to CHAOS Control*
" .... and El Reg would expect a veritable feast of future papers for quantum crypto enthusiasts."
One thing you can be certain of, El Reg, given the very clear undetected and undetectable advantage that cracking quantum cryptography delivers to control communications systems, is that those who know how and why it works so effortlessly and efficiently, to reveal every past and future secret previously thought to be secured and an exclusive intellectual property, will be conspicuous by their absence in the veritable future papers feast ....... grand phishing competition.
* Or as close to it with/in IT and Media Manipulation Machines as makes no difference to lemmings and alien subjects being objected to human programming/prime thought control.**
Something which may be novel and news to you, but for the likes of all those GCHQ clones out there, just as another easy day at the office. Mess with and/or challenge the lead position of intelligence with the artificial beads and gaudy baubles provided by easily arranged paper and instantly transferred electronic wealth, and the puppets into supply of the latter will lose their hold on the reins of future power and absolutely fabulous fabless control.
** If you prefer, please also realise the probability and inevitability of that being equally well versed as makes no difference to lemmings and human subjects being objected to alien programming/prime thought control.
it's not as though backdoors have ever been included in Crypto Kit?
Oh perhaps those with older memories will recall Crypto AG who were an independent supplier of crypto to governments. Their devices were discovered, after many years, to have been correctly encrypting plaintext with "secret key 1", transmitting the coded text but in the "hilfsinformationen" field of the conversation sending the actual "secret key 1" encrypted with "backdoor secret key".
never mind the Quantum computing
Would have been nice if they had spell checked their paper. The lesser known TOJAN makes an apperance on page 2
From a business standpoint, any company found building this type of back door into their Quantum Computing kit is committing corporate suicide.
The company would have spent MILLIONS perhaps even BILLIONS of dollars designing and building a Quantum computer, then when they start selling, and a customer finds the back door, they will destroy any Goodwill they have earned, they will find themselves on the receiving end of lawsuits from their customers, and an investigation from every major government that has one.
In the end, sure it's a possible attack vector, but to be honest I think the biggest threat to Quantum Computing gear would be some kind of side-channel attack on the support electronics that interface with the Quantum package and NOT through a vendor embedded back door.
Real-world channels contain noise
"This is supposed to be impossible, since any tampering with the quantum communication channel should be revealed – for example, as (entanglement-destroying) noise on the quantum channel. However, as the authors point out, all real-world channels contain noise; to overcome this, quantum crypto schemes exchange multiple pairs over a noisy channel, and use a statistical analysis to detect interference in the channel."
Umm, doesn't this rather drive a coach and horses through the whole business. The message appears to be that to make this thing work from an engineering stand-point you have to fall back on classical methods for noise handling, at which point you've lost the advantage you were claiming for quantum undetectability.
'dodgy vendors' compromise security through ignorance already
When I read the sub-headline, "Can dodgy vendors compromise ‘uncrackable’ security," I first thought that Richard referred to the idiots that keep selling me software that (still!) requires admin access on Windows 7 just to run.
I don't worry about vendors beling malicious about it. They make us compromise security without really trying.
- Apple stuns world with rare SEVEN-way split: What does that mean?
- Special report Reg probe bombshell: How we HACKED mobile voicemail without a PIN
- RIP net neutrality? FCC boss mulls 'two-speed internet'
- Sony Xperia Z2: 4K vid, great audio, waterproof ... Oh, and you can make a phone call
- Pic Tooled-up Ryobi girl takes nine-inch grinder to Asus beach babe