Quantum Cryptography Leaving the Lab

Theodore Logan writes "More than a year ago, MagiQ announced the world's first commercial quantum cryptography system (pdf), with ID Quantique following closely in their footsteps. Currently, the technology is limited to offering point-to-point connections up to a maximum distance of around 50 km, but this is likely to be greatly improved on in coming years. The systems available today are prohibitely expensive for the average Joe (MagiQ's are priced at more than $50,000 per unit), but one could envision a future in which they are built into the infrastructure by non-end user actors. Does this spell the end of the field of cryptography? Will systems like this ever become commonplace, or will they be reserved for sensitive financial transactions and military applications? What impact will quantum cryptography have on society? Good articles available from International Herald Tribune, EE Times and CNET."

It's worse than that, it's physics Jim

[Space cowboy (13680)]

Since they make a point that they "Rely on the laws of physics", they're bound by them too (maths is far more forgiving :-). Both systems rely on the quantum state of photons being undisturbed, so they can only be used between point-to-point optically-networked devices assuming the act of optically switching the packets has the same effect as reading them (the quantum state will be lost). If this is true, no secure networks could be mass-produced using this, unless you trust all the intervening nodes...

OTOH, it's the first generation of these devices, and perhaps IPv8 will somehow encode an encryption hierarchy (packets get encrypted sequentially in one direction, and decrypted on the way back, assuming the same route is taken, each node only needs to know the encryption to the next one worked ok to guarantee the encryption was ok. You'd still want to be in control of all the nodes along the way though...)

As for price - if they can solve the networking issue, that'll come down dramatically - it'll be onboard in the equivalent of the BIOS that we have in ten years time (when we all have fibre to the home. Possible optimistic :-)

Simon

Re:It's worse than that, it's physics Jim

[TedCheshireAcad (311748)]

It's nice for creating secure point-to-point links, but that's only roughly half of data security. Transmission security is great, but what happens when someone steals the hard drive out of the server?

With all due respect to the quantum guys, the traditional byte-crunching cryptography kind of has the market by the balls here.

Re: Applications of quantum cryptography

[some guy I know (229718)]

Transmission security is great, but what happens when someone steals the hard drive out of the server?

Agreed.
To the question asked by the artcle submitter:

Does this spell the end of the field of cryptography?

the answer is no (at least, not yet), because quantum cryptography (in its present form) may be useful for encrypting communications, but it is ineffective for encrypting stored data.

Re:It's worse than that, it's physics Jim

[T-Ranger (10520)]

Quantum computing and Quantum cryptography are NOT the same thing.

Realy Fast computers, including quantum computers, will brute force traditional (math based) crypto quicker then is possible now. Quantum cryptography is uncrackable unless you can figgure out a way to get around Heisenberg.

Re:It's worse than that, it's physics Jim

[jbf (30261)]

Being a networking geek as well as a security geek, I'll point out that the way Internet routing currently works, based on the commercial nature of the Internet, means that almost no routes are symmetric. This is because policies like hot potato routing, where one provider tries to get rid of a packet as quickly as possible. For example, if Sprint and UUNET have exchanges in San Francisco and DC, and a packet goes from a Sprint customer in Sacramento to a UUNET customer in Baltimore, the packet from Sac to Baltimore will go Sprint to San Fran and UUNET the rest of the way, but the return packet will go UUNET to DC and Sprint the rest of the way.

Also, hop-by-hop security is not end-to-end security, so even if you do have all the routers in IPv8 using hop-by-hop encryption over petabit links, you'll still need end-to-end security.

So to answer the question in the post, unless you can afford a leased line with a single fiber, and that fiber is lossless enough to not need repeaters, this is only for things like financial institutions and spy networks.

Re:It's worse than that, it's physics Jim

[by Anonymous Coward]

Remember its only secure in the sense that you can tell that someone is sniffing the wire (fibre) because a packet (quanta) is altered. It does not stop someone reading this data if they really want / dont care about being known.

You now need to build software on top that shuts down/reroutes the link if its not happy that the route is secure.

For point to point applications (aggregated backbones etc) its great. For general networking
(espicially multiplexed / contention based paradigms we have now) its not s

Re:It's worse than that, it's physics Jim

[Annoying (245064)]

You are missing the ideal application of this. Transmitting one time pads and ensuring they have not been compromised in transit. Properly generated one time pads are the only uncrackable cryptography but suffer from the problem of transmitting the key. So the data can't be accessed even if sent over a normal network so long as you know that the pad wasn't compromised. Quantum cryptography allows you to *know* that the pad wasn't compromised.

What application?

[Kjella (173770)]

One-time pads can only transfer as much data as the pad length, that is the nature of them. Rehashing them and whatever leave you open to attacks. So you need to transfer N bytes of pad to get N bytes of data securely. Well, if you already have a secure quantum line, why not send N bytes of data?

Now, if you could transfer a small symmetric key (well, at least on the order of bytes or kilobytes, not gigabytes), on the other hand...

Oh and one more thing - don't forget to have some kind of checksum on the OTP - if someone replaced the OTP with another OTP (standard man-in-the-middle attack) you wouldn't know... after all, it's only random data. The pads may no longer match, but who'd notice?

Kjella

How easy is it to implement ?

[SloWave (52801)]

I've seen that regular geeks can build things such as quantum force microscopes in their own homes, how hard would it be for someone to build a quantum crypto system?

MagiQ server at bargain based prices

[stecoop (759508)]

So we had a slashdot article [slashdot.org] today about CEOs should be held responsible for security at their organization. Then the law should be written to hold companies responsible for security should be fined 3 x $50,000 = +-$150,000. That would make MagiQ' server a bargain at only $50,000.

Quantum Cryptography

[by Anonymous Coward]

I never understood how quantum cryptography is not vulnerable to normal man in the middle attacks. Anyone care to explain?

Re:Quantum Cryptography

[AndrewHowe (60826)]

The man in the middle can't reliably retransmit, so can always be detected. Unfortunately, as I see it, this means that he can DOS the connection.

Re:Quantum Cryptography

[by Anonymous Coward]

Unfortunately, as I see it, this means that he can DOS the connection.

Er well to do anything at all with a quantum line you need access to the fiber, at which point Denial of Service is most easily performed with a large axe. :->

Re:Quantum Cryptography

[fullpunk (518331)]

Reading datas alter them. So the man in the middle will be detected. I'm not a professional, but I understood that you have to destroy the photon to read its information.

Wrong

[antientropic (447787)]

Reading datas alter them. So the man in the middle will be detected.

This is true for a passive attack, i.e., one were the attacker can only eavesdrop on a connection. However, in a man-in-the-middle attack, the attacker can also arbitrarily modify data. In particular you can have the following situation:

Alice <----> Eve <----> Bob

Here Alice thinks she is talking to Bob, but in fact she's talking to Eve, who decodes her packets, re-encodes them, and sends them to Bob. Unless Alice and Bob have some authentication mechanism (say, a shared secret key, or the other's public key), they have absolutely no way to tell that this is going on. The ability to detect eavesdropping on the quantum channel doesn't help at all, since Eve isn't eavesdropping - she's tunneling between two physically separate channels. Quantum cryptography does not differ in this respect from conventional cryptography: it's a basic fact of communication - how do you establish that the bits you are receiving come from the person/system from who you think they come?

Re:Quantum Cryptography

[by Anonymous Coward]

The key is sent with a single photon for a bit. A simple way of looking at it is that by measuring (spying) the photon, you unavoidably change it (randomly flip the bit), causing checksums in the protocol to fail and alarm bells to go off. Heisenberg's Uncertainty Principal or something.

Re:Quantum Cryptography

[Xeo 024 (755161)]

Here is a nice article I found about it:

The purpose of cryptography is to transmit information in such a way that access to it is restricted entirely to the intended recipient. Originally the security of a cryptotext depended on the secrecy of the entire encrypting and decrypting procedures; however, today we use ciphers for which the algorithm for encrypting and decrypting could be revealed to anybody without compromising the security of a particular cryptogram. In such ciphers a set of specific parameters, called a key, is supplied together with the plaintext as an input to the encrypting algorithm, and together with the cryptogram as an input to the decrypting algorithm.The encrypting and decrypting algorithms are publicly announced; the security of the cryptogram depends entirely on the secrecy of the key, and this key must consist of any randomly chosen, sufficiently long string of bits.

Read more here [qubit.org]

Re:Quantum Cryptography

[VCAGuy (660954)]

Essentially, Quantum Cryptography works because of Heisenberg's Uncertainty Principle and a thought experiment known as Schrodinger's cat. Basically, when one of these devices transmits a bit, it does so as a single photon with a known "spin." By observing that photon, you modify the very physical properties of that photon and corrupt the data. The man in the middle has no way to reconstruct the data because he has no way of knowing the given properties of a photon in the seqence. Further, that serves to DOS the connection (becuase the man in the middle cannot retransmit the same quantum sequence), thus causing the units to switch off and declare an alarm.

It's similar to Schrodinger's cat: Schrodinger comprised a thought experiement where a cat was put into a sealed box with a poison and a radioactive atom. In the course of 1 hour, the atom has a 50/50 chance of decaying, thus killing the cat. At the end of the hour, the cat is neither dead or alive, but in a state of flux. It's not until you observe the system that you fix the state of the cat as being dead or alive.

magiq whitepaper

[dave_t_brown (447547)]

Here is a whitepaper [magiqtech.com] from MagiQ on their technology.

Solution looking for a problem

[heironymouscoward (683461)]

For a niche market, it may be useful. But the mass market is hardly suffering because of weak cryptography.

New technologies gives us a nice warm feeling, but the banal truth is that what most people need is better use of existing technology.

Still, I assume spooks and crooks will be investing heavily in quantum cryptography, and we'll see the first quantum walkie-talkies within 10-15 years.

Agreed

[Sanity (1431)]

This type of thing will become necessary once sufficiently powerful quantum computers become available, but until then - it is pretty hard to think of any applications for this that more conventional symmetric cryptography such as AES can't address.

Does this spell the end of the field...

[by Anonymous Coward]

Does this spell the end of the field of cryptography?

Uh, no. Quantum key distribution is completely useless unless you have a cryptographic algorithm and protocol using that key for encryption. I suppose you could just send the message over quantum channels, but a quantum channel for key distribution is probably many orders of magnitude too slow for the acutal data.

Re:Does this spell the end of the field...

[gpinzone (531794)]

There's no guessing about the encryption method. It's a One Time Pad. Only the key is sent through the quantum link. After it's received, you can send the encrypted data any way you like. Send it over the Internet though the most insecure channels. It makes no difference as long as the key is secure and non-deterministic.

Re:Does this spell the end of the field...

[Theodore Logan (139352)]

Who the hell moderated this informative? QC uses one time pads, and since one time pads are provably secure, that's that. No need for fancy cryptographic algorithms. The "quantum" bit of it merely ascertains that the pad was not read by a man in the middle by making use of the EPR paradox [wikipedia.org], but other than that, this is the same algorithm as Gilbert Vernam developed more than 80 years ago (which is why one time pads are sometimes called Vernam ciphers).

In the PDF

[Rosco P. Coltrane (209368)]

"No matter what advances occur in digital computing, quantum encryption can never be deciphered, read or copied"

Linux already has an interface that you can move your critical documents to and they'll never be deciphered, read or copied: /dev/null

Insensitive Applications

[handy_vandal (606174)]

Will systems like this ever become commonplace, or will they be reserved for sensitive financial transactions and military applications?

Quantum crypto will be very useful for insensitive financial/military applications. Example:

"All right, you worthless son-of-a-bitch -- pay your goddamned taxes, or we blow you away!"

-kgj

First thing that comes to mind...

[DarkHand (608301)]

Freenet: Quantum Encryption Edition

Link Security

[silas_moeckel (234313)]

All this is in link security it wills top people from tapping into fiber between endpoints (currently 50km not exactly usefull distance) this might be usefull for a paranoid campus setting or for military short distance communications. It would be nice for point to point open air laser links (I think it can be applied to that dont see any reason it cant but not 100% sure) But overall this dosent realy do much of anything usefull beyond that. I would hope they are working on longer distances though it would seem that since the quantum stuff is allways in sync and has little do to with speed of light while the laser light does have those issues so it would seem like a timing issue, again though in quantum physics I'm just an interested observer.

Uh Oh

[nate1138 (325593)]

said Bob Gelfond, founder and CEO of MagiQ Technologies. "No
matter what advances occur in digital computing, quantum encryption can never
be deciphered, read or copied.

These kinds of statements always amuse me. It may be the toughest thing yet, but there's no saying that our understanding of some of the properties of quantum physics aren't flawed. Science may yet prove him wrong.

Re:Uh Oh

[Beryllium Sphere(tm) (193358)]

Shamir has already described how to attack quantum key exchange. His attack, which I've talked about before here, is like Alexander the Great's attack on the Gordian Knot. You don't try to solve a problem designed to be unsolvable: instead you step back and figure out what the *real* problem is and solve that.

Besides the Shamir attack, there's always the wait-for-your-opponent-to-screw-up attack. One time pads are theoretically unbreakable, with mathematically provable security. This didn't stop the US from reading the Venona intercepts. The Soviets had used one time pads two times, and that mistake destroyed the security.

Theorys and more

[thogard (43403)]

Quantom theorys are already out of the lab and in the real world. Old computer hardware is based on NAND and XOR gates but Toffoli and Fredkin gates are useful in the modern world and because you can revser them, once you start building DES/AES/RSA engines out of them, you can start to short circut some of the brute force attaces in very interesting ways. Combined with the real world ability to pre-compute and store data sets in the order of 3e12 bytes at a time, there are many crypt attacks now open to anyone with a good collection of hard drives.

Bruce Schneier doesn't care for it

[by Anonymous Coward]

See Bruce Schneier's comments about Magiq and quantum cryptography at Schneier.com [schneier.com]:

To quote:

This isn't new. The basic science was developed in the early 1980s, and there have been steady advances in engineering since then. I describe how it all works--basically--in Applied Cryptography, 2nd Edition (pages 554-557).

I don't have any hope for this sort of product. I don't have any hope for the commercialization of quantum cryptography in general; I don't believe it solves any security problem that needs solving. I don't believe that it's worth paying for, and I can't imagine anyone but a few technophiles buying and deploying it.

It's not that quantum cryptography might be insecure; it's that we don't need cryptography to be any more secure.

Not a question of if, but when

[dmccarty (152630)]

Every cipher scheme, from the Greeks' steganography [magic-city-news.com] to the Romans' alphabet substitution [thinkquest.org] to today's 3DES [wikipedia.org] and other schemes, has eventually been broken. It's unreasonable to believe that quantum cryptography will be invulnerable to attacks forever. It's not a question of if it can be broken, but rather when it will be broken.

Perhaps someone will discover a work-around to Heisenberg's uncertainty principle, or perhaps researchers will find flaws in the implementation of the algorithm. But if history is any indication of the future, quantum cryptography will eventually be cracked.

Solving the wrong problem

[Paul Johnson (33553)]

Quantum crypto is only useful over point to point for short distances because it relies on properties of photons that cannot be amplified (if they could be amplified then you could clone the signal and the security would be lost). Its also very very slow (kilobits per second at best). The way it is used is as a key distribution system. The heavy lifting of actually transmitting the data is done by ordinary crypto. So its no stronger than the ordinary crypto. The only thing in favour of quantum key distribution is that you can change the key very frequently.

But these days if you want to intercept data then cracking the crypto is one of the last avenues you would try anyway. Far easier to crack the end points, suborn a trusted employee or any of the other common attacks. Security is only as strong as the weakest link. Quantum crypto merely reinforces one of the strongest links.

won't the Government just make this illegal?

[RiotXIX (230569)]

I wouldn't be surprised if the Government prevented this from becoming common place: I remember them doing something like this before, where they wouldn't allow 40-bit encryption system for the public (or something like that), because it meant the NSA couldn't crack it in a reasonable time. Privacy is illegal. If the government can't tap your phone calls and read your e-mails, then they won't allow the public to use that technology. Or at least until the war on terrorism ends (should be sometime around the extinction of human nature and mankind).

What the hell?..

[Chitlenz (184283)]

Is a non-end user actor?

For some reason I have this vision of Gary Bussey making a drug deal...

heh - chitlenz

How quantum crypto works

[ColonelPanic (138077)]

(Based on memory of Bruce Schneier's description in Applied Cryptography)

Alice sends Bob a series of polarized photons.
There are four possibilities: -, |, /, and \.

Bob sets up his polarization detector randomly so that each "qbit" is measured either for horizontal/vertical polarization or diagonal polarization. If a - or | photon hits the detector and it was set up for horizontal/vertical, he gets a good bit, otherwise a bad bit. And if a / or \ photon hits the detector and it was set up for diagonal polarization, same story. The key point is this: if the detector was set one way and the photon is polarized the other, it is in principle impossible to know its true polarization.

So Bob has a sequence of photons, some of which he knows, and some he doesn't, and he knows which are which. He sends Alice a clear-text message saying which ones he knows. Alice then encrypts the true plaintext by XOR'ing it with the values of the photons that Bob knows, using some convention like "- and / are 0, | and \ are 1".

Example:
Alice sends...: - \ - | / - | (random)
Bob's detector: + + X + X X + (random)
Bob's result..: - ? ? | / ? |
Bob's response: 1 0 0 1 1 0 1
Key...........: 0 1 1 1

If Eve tries to listen in on the photons Alice sends to Bob, she perturbs them irrevocably.

A bad description -- go buy Bruce's book for a better one.

Quantum crypto is no better than regular crypto

[SiliconEntity (448450)]

Your description is almost right, but after receiving the photons, Bob can't tell which ones were "good" or "bad". Instead, the two parties have to exchange cleartext information about which bases they used. Then the ones where they matched are the good photons which can encrypt the message.

The problem is with this cleartext message about the bases. How do you stop an intermediary from altering this message, which could hide her attempts to snoop on the photons? This is the problem of sending an authenticated message, and quantum crypto won't help you with this.

To send the authenticated cleartext message, you either need a tamper-proof channel between the parties, which is usually physically impossible, or you have to fall back on regular crypto, either public key or pre-shared key. So ultimately the supposedly unbreakable security of quantum crypto is in fact dependent on conventional cryptography. And if you're relying on conventional crypto anyway, why go to the expense of using quantum crypto?

In short, there is a great deal of hype here. When closely examined, the physical and computational requirements of quantum crypto don't make sense for the real world. You either need an unrealistic tamper-proof channel, or you rely on regular crypto and get no more security than conventional crypto gives you.

A way to break it?

[Enigma_Man (756516)]

I was looking at this, and reading about it, and read how you cannot determine the state of the photons without changing their state, so someone cannot "watch" the photons fly past without affecting them. I'm assuming the black box on the other end is somehow able to read the original photons correctly?

However... What if someone were to have their own "black box", break the fiberoptic line, put one end into the receiver of their black box, and the other end out. That way you wouldn't be watching the photons go by, and affecting them. You could read them with your own black box, then re-transmit the correct photon.

Admittedly, this would be expensive, but if you are in dire need of reading something that had to be secured with quantum encryption, then money probably isn't of much concern.

Is this an incorrect assumption, or analysis on my part? I'm not a quantum physicist by any means, but I couldn't glean enough info from the articles to tell otherwise.

-Jesse

What is the use of this QC key exchange?

[gay358 (770596)]

As far as I know, this quantum "cryptography" prevents just passive evesdropping (where the parties are able to notice evesdropping because of this quantum "cryptography"), but as it doesn't include any kind of authentication, active attact (where all the messages are captured and the attacker is able to send his own messages) should be successfull. It is possible for Eve to just hijack all the messages and pretend to be Bob when communicating with Alice and to pretend to be Alice when communicating with Bob. It is of course possible to make this "cryptography" more secure by using some classical cryptographical methods, like authentication. But if we have rely to public key algorithms (which might become obsolete by advances in quantum computing), then it is not clear to me what is the advantage of using quantum cryptography in the first place. If somebody has answer to this question, I would be glad to hear it.

A Useful but Long Quote.

[fermion (181285)]

I quote from the preface of Bruce Schneier Secrets and Lies, without permission

I have written this book partly to correct a mistake.

Seven years ago I wrote another book: Applied Cryptography. In it I described a mathematical utopia: algorithms that would keep your deepest secrets safe for millennia, protocols that could perform the most fantastical electronic interactions-unregulated gambling, undetectable authentication, anonymous cash-safely and securely. In my vision cryptography was the great technological equalizer; anyone with a cheap (and getting cheaper every year) computer could have the same security as the largest government. ...I went so far as to write: "It is insufficient to protect ourselves with laws; we need to protect ourselves with mathematics."

It's just not true. Cryptography can't do any of that.

It's not that cryptography has gotten weaker since 1994, or that the things I described in that book are no longer true; it's that cryptography doesn't exist in a vacuum.

Cryptography is a branch of mathematics. And like all mathematics, it involves numbers, equations, and logic. Security, palpable security that you or I might find useful in our lives, involves people: things people know, relationships between people, people and how they relate to machines. Digital security involves computers: complex, unstable, buggy computers.

Mathematics is perfect; reality is subjective. Mathematics is defined; computers are ornery. Mathematics is logical; people are erratic, capricious, and barely comprehensible.

The error of Applied Cryptography is that I didn't talk at all about the context. I talked about cryptography as if it were The Answer(TM). I was pretty naïve.

The result wasn't pretty. Readers believed that cryptography was a kind of magic security dust that they could sprinkle over their software and make it secure. ... A colleague once told me that the world was full of bad security systems designed by people who read Applied Cryptography.

Since writing the book, I have made a living as a cryptography consultant: designing and analyzing security systems. To my initial surprise, I found that the weak points had nothing to do with the mathematics. They were in the hardware, the software, the networks, and the people. Beautiful pieces of mathematics were made irrelevant through bad programming, a lousy operating system, or someone's bad password choice. ...

Any real-world system is a complicated series of interconnections. ... No system is perfect; no technology is The Answer(TM).

This is obvious to anyone involved in real-world security. In the real world, security involves processes. It involves preventative technologies, but also detection and reaction processes, and an entire forensics system to hunt down and prosecute the guilty. Security is not a product; it itself is a process. And if we're ever going to make our digital systems secure, we're going to have to start building processes.

A few years ago I heard a quotation, and I am going to modify it here: If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology.

This book is about those security problems, the limitations of technology, and the solutions.

Anecdote

[mark-t (151149)]

In the CS department at my school last year, all the students were encouraged to attend a particular lecture on quantum computing that was being given one day, and after the lecture one of my classmates was rather disturbed about some of the possibilities that quantum computing would enable, specifically quantum cryptography.

What I found rather peculiar about his view was that the reason he didn't like quantum cryptography was because it enabled organizations, such as a corrupt government perhaps, to be able to use this effectively unbreakable communication technique in order to avoid accountability to anyone else, while as long as encryption technologies remain crackable, there would always be some risk of being accountable to others for what they are communicating about.

It didn't even seem to matter to him that his own communications would be secure with this technology... he just didn't like the idea of technology introducing a break in a chain of accountability.

Re:Of course..

[by Anonymous Coward]

Dude, "quantum stuff" != "other quantum stuff".

Nice attempt to score an easy +5 insightful...

Re:Of course..

[tomstdenis (446163)]

"OK.. sorry for summarising.. but quantum computers can crack conventional encryption in a single cycle. They make it trivial to factor things down to prime numbers, no matter how large. And since this is the basis of most current cryptography, they will obsolete our current cryptography."

This is bullshit. First off, you have to assume that

a) non-trivial Quantum computers can be constructed at all [who says there are not limits?]

b) The time per solution is not greater than a brute force attack.

I mean sure a single cycle AES cracker would be cool. But if the machine took 2^100 years to build who gives a shit?

This type of hype always pisses me off.

To boot as I understand it, QC only "attacks" in sqrt time by meet-in-the-middle approaches. So AES-256 would provide all the security ya need.

Tom

Re:Of course..

[Amiga Lover (708890)]

I fear the Quantum DRM that'll follow.

Quantum Crypto != Quantum Computing

[ponds (728911)]

Too bad quantum crypto and quantum computing have absolutely nothing in common.

Quantum crypto is a misnomer, it isnt even crypto at all. It's an intrusion detection system. Quantum crypto works by sending sensitive photons through a tight channel as bits which will get disturbed by an eavesdropper. Where as electrical signal on a wire expects static, and a wiretap isnt noticed.

Quantum computing however, works on electron entanglement, and is pretty far off.

Re:I was watching some TV the other day

[Rosco P. Coltrane (209368)]

Crypto is one of those feel-good technologies that costs people a lot of money but doesn't really do much for anyone in the end.

Okay then, why don't you send me your credit card number in plain text then? no need to encrypt it, it's just feel-good technology, and I'm really an honest guy...

You, sir, are grossly misinformed

[sczimme (603413)]

and I can't believe anyone actually modded you up. So crypto is just a "feel-good technolog[y]" and "doesn't really do much for anyone in the end"? Have you ever used a VPN? Or SSL? Or anything in the PGP/GPG genre? Why?

Crypto is not perfect but it is extremely useful in certain situations. You apparently believe that since crypto doesn't solve all of our problems that we shouldn't use it at all.

PS If you think that "a very determined person" stealing the machine will render all crypto ineffective, you need some remedial reading on the topic. (Not a flame - just an observation.) Here is a hint: multi-level security.

Re:point to point

[Rick.C (626083)]

how do I encrypt all my pr0n with it?

I've heard you can use steganography to hide your data in .JPGs ;)

Because linear key improvement isn't an advantage.

[expro (597113)]

The reason most encryption works is because when you linearly increase key size, you exponentially increase the amount of time required to crack the key if you have no special knowledge, meaning it is much more difficult (impossible for practical purposes) to decrypt without a key than encrypt or decrypt with the necessary keys.

Doubling the key size may only double the work of the one encrypting and decrypting using a key but exponentially increases the work of the one trying to break it without a key. Almost no matter how easy it is to crack a short key, you can increase key size until the advantage of linear versus exponential is overwhelming.

But quantum computing -- encoding the problem into the quantum matrix, not to be confused with the quantum encryption described in this article -- threatens to be able to solve such problems in linear time instead of exponential time.

This means that when the user doubles the size of his key instead of exponentially (enormously) increasing the amount of work to solve the problem, it only doubles the amount of work required to crack it, which would make decryption a simple footrace even if you do not have the key, if the amount of work required to crack the key is proportional to the amount of work required to encrypt / decrypt instead of an exponential relationship.

Primes would not seem to be adequate at all, if quantum computing allows them to be solved linearly. At best, if you could find something that had the difficulty of non-quantum primes under quantum computing, then perhaps you could use that.