How To Build a Quantum Eavesdropper

KentuckyFC writes "Quantum encryption is perfectly secure, in theory. In practice, however, there are loopholes. Now Japanese scientists have designed a quantum eavesdropper that exploits one of these loopholes to listen in to quantum conversations. QC's security arises from the impossibility of making a perfect copy of a quantum object without destroying it — so the sender and receiver can always tell if they've been overheard. But it turns out that an eavesdropper can make imperfect copies and use them to extract information from a quantum message without alerting sender or receiver (abstract). The Japanese design does just this. That should worry banks and government agencies that have begun to use some of the commercial quantum encryption systems now available."

Oh no.

But Al, why haven't I leaped?

Ziggy says there's a 98.5% chance that your security is flawed.

Re:

Also, when your account info went into the test chamber, it....sorta got swiss cheesed.

You fool!

By listening in with the Quantum eavesdropper, you've changed what they were actually saying!

Not so hard

You don't need anything so fancy. The quanta are, like packets, not guaranteed to get tot he destination every time. All you have to do is sidetrack every random(N)'th photon to your receptor.

Re:Not so hard

If N is too high, you don't get enough information.

If N is too low, you drive the error rate high enough that the communication is no longer regarded by the parties as secure.

N is always either too high, too low, or both.

Re:

I thought quantum encryption first established a one-time pad for secure communications. It uses a protocol to ensure that any quanta not arriving or changed in any way are discarded. Only the quanta verified between Alice and Bob get used for the pad. So, a)diverting quanta during the pad-establishing time gains you nothing, and b)diverting quanta during communication gets you quanta randomly encrypted according to a pad about which you have now knowledge.

It seems copying quanta such that no change is dete

Ob. LOTR

I've been droppin' no eaves sir.

Re:Ob. LOTR

A little late for doing quantum physics experiments don't you think Sam?

Logical disconnect

How can one say that it is "theoretically impossible", when somebody has made a practical counterexample? It just means that the theory wasn't good enough - or more likely, that the wrong conclusions were made from the theory.

Re:

Saying "theoretically impossible" is perfectly fine, it just leaves out the fact that in order to obtain the desired results, you have to have a system where you expect to always be able to get complete, undamaged messages/packets.

What bothers you, is not that they say "theoretically impossible", its that such a term morphs into "completely impossible in all implementations" in the minds of the general public and gives them overblown expectations. That's not really the fault of the people who use the term,

Re:

That's not actually the problem.

They aren't exploiting an implementation weakness. They're exploiting the fact that you don't have to do what's "theoretically impossible" to extract information from the message. Look at it this way: Somebody said:

1) You can't copy the quantum communication without visibly disturbing the original
2) ???
3) QC can't be broken!

But there was hand-waving at step 2, and it apparently isn't valid (if this technique turns out to be a practical exploit, which is yet to be seen).

Re:

That's because people routinely misunderstand theory.

For example: "it is impossible to write a program that can determine if another program will halt or not" is often reworded as "it is impossible to determine if a specific, given program will halt or not", which is patently untrue.

The theory in this case appears to be, if I understand correctly: "it is impossible to make a complete copy of a message without it being detected." So they just figured they can make a partial copy, thereby side-stepping detect

Re:

The counterexample has only been theorized, not actually built and tested.

But if we assume they will build it, and if we assume it will work... Well, it doesn't do anything that's "theoretically impossible". What it violates isn't the theory -- what it violates is the glib assumptions of those who interpreted the theory to mean they could end what is probably an endless arms race.

Theory

IANAP, but can someone please tell me how the theoretically impossible became theoretically possible? Did the theory change, or was the math wrong, or did His Great and Wonderful Noodliness screw with the results?

Re:

It's easier to argue the corollary -

It's theoretically possible to produce a machine that implements perfect quantum security. The exploit above does not disprove the theory, only the implementation.

Oh, you want to know why the implementation was flawed?

Re:

In theory, FTL communication is impossible.
In theory, wormholes allow FTL communication.

Different theories.

Banks using modern crypto? Hah!

The banking sector is probably one of the slowest in terms of uptake of new crypto technologies. A huge number are still using 3DES or RC4 for symmetric to protect customers transactions. If you don't believe me, check out Citibank's Online Banking [citibank.com] with "highly modern" RC4. I've seen 40-bit encryption on current express-pay keytags at a certain coffee chain which is almost trivial to crack with little cost by today's computers. In too many cases, it's the same old HSMs accelerating crypto transactions in servers as were in the last decade.

Granted, 3DES is actually not truly that bad in terms of its 112-bit effective security compared to AES-128 (though it's not the weak point when you use 80-bit effective RSA1024). However, just because ANSI X9 has started including modern technologies like ECC and AES or other technologies like quantum crypto are promising, you can bet that the banking industry will be one of the last groups to take up more modern crypto technology. Heck, even the NSA is mandating Suite B with ECC and AES by 2010 for government security! It's one of the few government agencies to actually act faster than the private sector.

Finally, I wonder if the original poster could show the relevant ANSI X9 aka banking security standard which calls out quantum crypto. I don't think I've seen one, and the banking industry typically lives and dies by X9.

not all banks.

there are countries which do have decent banks.
like switzerland.

even government agencies have started testing quantum cryptography, to help secure the transmission of vote results.

The obvious question is...

How imperfect is the snooped data?

Just because you COULD get data out doesn't mean it is actually usefull to do so.

Re:

As Quantum Modulation (the term ''encryption'' has absolutely no place here) is used for key exchange, any data gained will make attacks on the keys used for the later conventional exchange easier. How bad that is depends on the actual parameters used, it can be anything from ''not a problem'' to ''cpmplete practical system compromise''.

tough abstract

It's a lucky thing the summary was good, because the only thing I could learn from the linked abstract is that "Francesco" is a Japanese name.

No need to worry about this

But it turns out that an eavesdropper can make imperfect copies and use them to extract information from a quantum message without alerting sender or receiver (abstract). The Japanese design does just this.

This is wrong. The eavesdropper gets imperfect copies and so does the receiver. If the quality of the receiver's copies are as bad as the eavesdropper's, any working quantum crypto setup will abort and not try to make a secret key out of it.

That should worry banks and government agencies that have begun to use some of the commercial quantum encryption systems now available.

Nobody needs to worry about these kinds of attacks, as the software in all commercial quantum crypto systems automatically checks and takes care of these kinds of attacks. What the paper shows is how to implement in practice a class of attacks that has been known for years how to do in theory.

There are other attacks on quantum crypto systems that actually attack loopholes in the implementation, and some of these have previously been discussed on slashdot here [slashdot.org]

Re:

Not really. The whole point of the South Park defense was to get out of trouble by being humble and flattering the enemy. In the Chinese hacking incident, the big penis joke was more analogous to having Americans being told that they have hardened systems that couldn't be cracked (pun sorta intended). In the case of this article, the Japanese scientists are being perfectly transparent in showing that there is a hole with quantum cryptography. Just having Japanese people in the subject is not sufficient for

Re:

I think you mean "what is Slashdot either coming to, or not coming to, these days?"

Re:

I observed your first post attempt therefore it became !first post.