Quantum Cryptography Gets Nanotube Boost 209
c1ay writes "In an article at the ScienceDaily News it is reported that two researchers at the University of Rochester have discovered a new property of carbon nanotubes, ideal photon emission. "The emission bandwidth is as narrow as you can get at room temperature," says Lukas Novotny, professor of optics at Rochester and co-author of the study. Such a narrow and steady emission can make such fields as quantum cryptography and single-molecule sensors a practical reality. RSA and Elliptic Curve wouldn't stand a chance against this unbreakable encryption."
distributed.net (Score:5, Funny)
No cryptography is unbreakable... (Score:1)
Re:No cryptography is unbreakable... (Score:2, Insightful)
Re:No cryptography is unbreakable... (Score:2, Interesting)
Re:No cryptography is unbreakable... (Score:3, Insightful)
The irrational number defense (Score:2)
This means that it can't be repeating (0.454545... = 45/99) and it can't terminate (0.3453 = 3453/10000). This was proved [maths.org] back in pythagorean times (second yellow box as you scroll down the page).
Note that most square roots, cube roots, 4th roots, etc are g
Re:The irrational number defense (Score:2)
What I meant was that repetition of any particular string of digits, eg 228634254 or whatever, is inevitable in any truly random sequence if you keep churning out the numbers long enough. In fact, if your evesdropper knew that you were filtering out such repetitions, then he could use this redundancy in the keystream to have a go at brute-forcing the pad.
I read somewhere that this is one of the reasons it's har
Re:No cryptography is unbreakable... (Score:2, Troll)
You can still brute-force a one-time pad.
Re:No cryptography is unbreakable... (Score:2, Insightful)
Of course you can't brute force a one-time pad, not usefully. Each key is equally likely, and you never know if your "decrypted" message is the correct one.
This assumes, of course, that the key is truly random.
Re:No cryptography is unbreakable... (Score:1)
Nevermind, that was just stupid, I'm going back to bed now.
Re:No cryptography is unbreakable... (Score:2, Insightful)
Yeah, it cracks me up that a larger portion of sd will reply with statistical assumptions based on textual logic, when finding useful information in collected in encrypted streams (disected by best guesses with 'fun in bruting') is more like looking for a rainbow in an Irish field, rather than looking for genetic sequences in a massive punnett square. It seems even smart people have a problem
Re:No cryptography is unbreakable... (Score:4, Interesting)
Brute forcing is a method you use to decrypt a known ciphertext using a known algorithm. It involves trying every possible key in the algorithm, and examining what plaintext would result. Given, say, 1024 bits of ciphertext, and a simple symmetric algorithm with a little 56 bit key, you could run the decryption with each of the 2^56 possible keys, giving you 2^56 possible different plaintext renderings of that 1024 bit message. Out of all the possible messages that 1024 bits could communicate (2^1024 of them), we've narrowed down the field to just 2^56 - in other words, we've reduced the field by a factor of 2^968 (that's about a googol cubed). Assuming the message was originally written in in a natural human language, like English, there is a lot of redundancy built in to the message. On average, one character of English communicates 1.4 bits of information - encoded in ASCII, that means you've only got 1.4 bits of actual data encoded in every byte of the original message. So, of the 2^1024 possible messages the ciphertext could encode, only 2^(1024/8*1.4) of them - about 2^179 - contain the right proportions of characters to make any kind of sense in English. But remember, we eliminated 1-(1/googol^3) of the possible messages by examining which messages could possibly be generated by a valid key. So, the odds of more than one of those 2^179 messages making any kind of sense are somewhat less than one in a googol squared.
But with a one-time-pad as your algorithm, the key is exactly the same length as the message. So, to bruteforce it, your 2^1024 bits of ciphertext has to be decrypted using 2^1024 different one time pads. Again, only 2^179 of the possible decrypts will actually make any kind of sense. But because we've tried 2^1024 different keys, we obtained 2^1024 different candidate plaintexts - which means that 2^179 of them look like they might make sense. In other words, we've got almost a googol different English language plaintexts - all of which could have been encrypted to make the same ciphertext, depending on the one time pad used. It's a little like saying 'A CD is just a stream of numbers. If we burned every possible CD, starting from 0000000..(50 odd million bits)...000001 up to 11111....11111, one of them will contain the next album Hendrix would have made if he'd lived'. It's true, but somewhat useless.
So, one time pads are, indeed, completely non-brute-forceable.
They can be cracked if they aren't used correctly or if they aren't generated correctly. Take two messages accidentally encrypted with the same one time pad, and the game's up - both messages will be revealed. If the pad isn't truly random, then the keyfield gets reduced. You only need to reduce the keyfield by a factor of, oo, about 2^179 (well, it'll vary depending on the length of the ciphertext), to start getting to the point where the number of plausible plaintexts generatable from any valid key is small enough to be interesting. If you generate your random numbers with a pseudorandom generator, the key size is effectively reduced to the size of the key used to seed the generator.
Re:No cryptography is unbreakable... (Score:2)
Re:No cryptography is unbreakable... (Score:2)
Only when you are logged in.
FYI: Brute forcing is fun.
Re:No cryptography is unbreakable... (Score:2, Interesting)
Have fun, you'll never get it.
And no, uudecoding it isn't the "solution". Uudecode then try and brute force the result.
Re:No cryptography is unbreakable... (Score:2)
Re:No cryptography is unbreakable... (Score:1)
Re:No cryptography is unbreakable... (Score:4, Informative)
Maybe you were being sarcastic, but to those who don't know you can't brute force a one-time pad. When you look at all possible results for brute forcing a one-time pad; it's all possible plain text combinations for that length of message. So there could be 1000s of message that "make sense" but you'll never be able to tell which is the right one unless you already know a lot about the message being sent.
Re:No cryptography is unbreakable... (Score:4, Funny)
You can indirectly "brute force" break a one-time pad, however. It works like this:
1) Intercept the message.
2) Go to the person who sent the message.
3) Beat him repeatedly in pain-sensitive areas until he agrees to give you the one-time pad.
4) Profit?
Voila! One-time pad.... broken!
Re:No cryptography is unbreakable... (Score:2)
No. You can't actually crack a one-time pad that way! Why? Because it is possible to create a key which will cause the ciphertext to decrypt to any plaintext you wish! So if you are being tortured you simply hand over
Re:No cryptography is unbreakable... (Score:2, Informative)
Re:No cryptography is unbreakable... (Score:4, Funny)
Maybe so, but he still won't talk. All our one-time pads are equiped with a special cyanide-filled tooth to bite down on, just in case they are captured.
Re:No cryptography is unbreakable... (Score:5, Informative)
Here's a string encrypted with a one-time pad:
FJERZFTHWRTUWZNE
Depending on my OTP, it can decrypt to either "SlashdotForever!", or "OneTimePads=Good". Actually, it's neither. It's my credit-card number. If you can decrypt it, it's yours.
Re:No cryptography is unbreakable... (Score:3, Insightful)
Re:No cryptography is unbreakable... (Score:2)
Rich
Re:No cryptography is unbreakable... (Score:2)
Toss a coin a hundred times, once in a while it's going to come up all heads.
Rich
Re:No cryptography is unbreakable... (Score:2, Insightful)
Re:No cryptography is unbreakable... (Score:3, Insightful)
Everything you have been able to deduce has been based on the statement that the string is an encypted credit card number. Applying these rules to the string would bring you no closer to determining what the number was other than it was a credit card number which is what was stated in the first place
Heck, you can't even tell if he was lying about it being a credit card number.
That's the thing about one-time pads.
Rich
Re:No cryptography is unbreakable... (Score:2)
I guess next time I should add a smiley or something?
I wonder why... (Score:5, Interesting)
Think about it. Create a random one time Pad of a few hundred MB. Burn it on 2 cd-r. Put one in your safe and hand the other to BOB in person.
Now just use the pad piece by piece for your secure transmissions. It should last for years if you dont sent porn or warez....
As long as you use every part of the pad only once, even if the attacker gets the plaintext of one message the others wont be compromised.
Re:I wonder why... (Score:2)
I think of this as a protection against ECHELON.
If THEY want YOU, they can always break in your home, install keyloggers or wiretaps, ect. But if they are just scanning the email traffic in the backbone for keywords, it would be of real help.
Im VERY certain every PGP or similar encrypted email will be archvied because it is potentially interesting. And perhaps in 5 year with their new Quantum Cracker, the NSA will decide to scan the
Re:No cryptography is unbreakable... (Score:3, Interesting)
Re:No cryptography is unbreakable... (Score:3, Informative)
"Quantum cryptographic techniques provide no protection against the classic bucket brigade attack (also known as the ``man-in-the-middle attack''). In this scheme, an eavesdropper, E (``Eve'') is assumed to have the capacity to monitor the communications channel and insert and remove messages without inaccuracy or delay." http://www.cs.dartmouth.edu/~jford/crypto.html [dartmouth.edu]
Not exactly "unbreakable". Thanks to whoever posted th
Re:No cryptography is unbreakable... (Score:1)
Re:No cryptography is unbreakable... (Score:5, Informative)
The link you provide assumes that Eve can monitor the communications channel and insert/remove messages. Yes, those are the prerequisites for a MITM attack. But those are also precisely the things that quantum crypto protects you against.
The link assumes that photons will be sent in bursts, rather than one at a time. This is not the case. They are actually sent fairly infrequently, in order to avoid the possibility that two could be sent simultaneously. Also, even if more than one were sent, it is unlikely to be helpful to an attacker, since multiple photons would not necessarily have the same characteristics.
The link furthermore makes the assertion that Eve could somehow duplicate a photon. This makes it clear that the author is a CS grad student and not a physics grad student. The Heisenberg uncertainty principle prevents this duplication.
In short, don't believe everything you read... especially if it's on the web.
Re:No cryptography is unbreakable... (Score:1, Informative)
Basically you don't want to duplicate photons, you just steal a photon. If there are losses on the quantum channel (which
Re:No cryptography is unbreakable... (Score:2)
The (theoretical) problem is that real equipment today is built around attenuated lasers and really does tend to send bursts of multiple photons through the same polarizer. The theory depends on sending single photons at a time, which is why the promise of contro
Re:No cryptography is unbreakable... (Score:2, Informative)
Rumor has it... (Score:2, Funny)
Before no one can read it: (Score:5, Informative)
Sept 5, 2003 -- Carbon nanotubes, recently created cylinders of tightly bonded carbon atoms, have dazzled scientists and engineers with their seemingly endless list of special abilities--from incredible tensile strength to revolutionizing computer chips. In today's issue of Science, two University of Rochester researchers add another feat to the nanotubes' list: ideal photon emission.
"The emission bandwidth is as narrow as you can get at room temperature," says Lukas Novotny, professor of optics at Rochester and co-author of the study. Such a narrow and steady emission can make such fields as quantum cryptography and single-molecule sensors a practical reality.
The emission profile came as a surprise to Todd Krauss, assistant professor of chemistry at the University, and Novotny. They had set out to simply define the emission, or fluorescence, of a single carbon nanotube. By using a technique called confocal microscopy, the team illuminated a single nanotube with a strongly focused laser beam. The tube absorbed the light from the laser and then re-emitted light at new frequencies that carried information about the tube's physical characteristics and its surroundings.
The light emitted from the nanotube was in precise, discrete wavelengths, unlike most objects like molecules that radiate into a broader (i.e. more "fuzzy") range of wavelengths at room temperature.
But a greater surprise was in store for the team.
"The emission wasn't just perfectly narrow, it was steady as far as we could measure," says Krauss. In a strange quirk of quantum physics, molecules usually emit their photons for a certain time and then cease, only to resume again later, like a telegraph signal. The tubes that Krauss and Novotny measured, however, remained steady beacons to the limits of their instruments' sensitivity. "This is very exciting because for any application in quantum optics, you want a steady and precise photon emitter," says Novotny.
Narrow emissions and a complete absence of blinking have tempting implications for single photon emitters--devices needed to dependably release a single photon on command. The U.S. Department of Defense is very interested in developing quantum cryptography, a theoretically unbreakable method of coding information, which necessitates a reliable way to deliver single photons on demand.
Other applications come in the form of sensors so sensitive they can detect a single molecule of a substance. For example, when a biological molecule such as a protein binds to a nanotube, the nanotube's perfect emission changes, revealing the presence and characteristics of the molecule. Detecting the change would be impossible if it weren't for the remarkably steady nature of the nanotube emission, because a researcher wouldn't know for certain if a sudden change in the emission was just a blink, or was meant to indicate the presence of the target molecule.
Until just a few months ago, determining the emission characteristics of a nanotube was impossible. Carbon nanotubes cannot be made individually-rather they come as a jumble like a pile of spaghetti. Trying to measure the photon emission of a tube in the jumble is impossible because the tube will pass the photons it absorbs to other tubes instead of re-emitting them in its telltale fashion. What scientists end up with is a sort of average of what the collection of tubes will emit--not the emission characteristics of a single tube. Only within the past few months have researchers figured out how to remove a single nanotube from the pile of spaghetti in order to study its properties as an individual.
Krauss and Novotny are now devising experiments to test the steadiness of the nanotube fluorescence beyond the range of the initial experiments, and are pursuing studies aimed at determining the ultimate minimum possible emission bandwidth at ultracold temperatures.
This work was funded by the National Science Foundation, the U.S. Department of Energy, the Research Corporation, and the New York State Office of Science and Academic Research.
Editor's Note: The original news release can be found here.
This story has been adapted from a news release issued by University Of Rochester.
Re:Before no one can read it: (Score:1)
Dont get me wrong im not implying that if its not helping me they shouldnt be working on it, id just like to know what and when its going to be usefull.
Re:Before no one can read it: (Score:5, Informative)
For instance, when your body has certain ailments, it will generate chemicals that are not normally present in the metabolism. These chemicals are often released in VERY small amounts when you exhale. There are prototypes of tests now that can detect the presence of these chemicals at a certain level, but really it is only useful when the ailment is near the chest cavity. (lung / breast cancer) Something that can detect molecules on a "parts per trillion" or even lower range could easily find even smaller trace amounts from illnesses in other parts of the body.
How does this help you? Imagine knowing that you were ABOUT to get cancer rather than finding out 6 months after it had spread to every major organ in your body. Much easier to treat it that way, and your chances of survival are increased a hundred-fold because of a quick, easy, cheap breath test your doctor could administer.
Environmental laboratories could detect pollutants on a smaller level, and measure small changes in concentrations, thereby preventing a problem before it occurs. Mercury, for instance, can't be detected by analytical equipment until it reaches concentrations in the "parts per billion" or 1 mercury atom per billion water atoms. (about the size of a mist particle or dew drop) Imagine being able to detect a single drop of mercury in the equivalent of a swimming pool. Doesn't sound like much, but now think of being able to tell that the concentration doubled each month for the last 12 months. It's still way below current detection standards, but you've found now found a trend and have some time to locate the source of contamination.
Is that a good enough start for ya?
Re:Before no one can read it: (Score:4, Interesting)
Imagine being able to administer a drug test to an employee by simply swabbing the mouse or keyboard after hours. Suddenly, being in the same room as someone who had smoked some pot recently. (A recent famous drug case found cocaine traces on the paper currency in the pockets of many people in the court room - even the judge.)
Imagine being able to screen people for EVERYTHING as they pass through a "metal" detector at the airport. If you even touch a firearm within a few days of take-off, you'll have residue on your fingers.
If this can be tuned for genetic testing, then films like GATTACA will be more science and less fiction.
OK, now I've got to go scrub my hands for an hour.
Re:Before no one can read it: (Score:2)
This is really, really stange that they would test this, because it is commonly known [halfbakery.com] that most currency contains traces of cocaine. It is thought that it is usually distributed through a few contaminated bill in contact will other bills in an ATM machine.
Re:Before no one can read it: (Score:2)
Actually, the point is that "commonly known" doesn't come into play often enough in courts. It actually had to be hammered home in study after study before courts stopped using the "dog smelled cocaine in his wallet" test for arrest, RICO seizures, etc. Prior to the "commonly known" point, it was pretty common to use it as evidence in court.
This Urban Legends [urbanlegends.com] article has
Re:Before no one can read it: (Score:2, Interesting)
Allowing patients to get cancer, and subjecting them to millions of dollars worth of surgery, chemicals, and radiation therapy ARE profitable.
Which solution do you think the big pharmaceutical companies are going to fund research for?
Re:Before no one can read it: (Score:2)
Quantum Cryptography Tutorial (Score:5, Informative)
From Quantum Cheating to Quantum Security (Score:5, Informative)
Mostly a theoretical breakdown of the advantages of quantum encryption, in fairly easy to understand language.
Re:From Quantum Cheating to Quantum Security (Score:1)
Also, a talk on the same topic by the same guy [toronto.edu].
Quantum is still not fast enough (Score:1)
Re:Quantum is still not fast enough (Score:2)
Unbreakable, bah (Score:4, Insightful)
Worse, it is hardly practical for real networks anyway - with routers, repeaters, EBFAs or Raman amps everywhere. If it ever makes it out of the lab, it may be useful for military systems (where money is no object), but it won't help you pirate music anonymously.
Re:Unbreakable, bah (Score:3, Informative)
Re:Unbreakable, bah (Score:4, Informative)
Pity anyone can install a sniffer on the router where's it's decoding the packets from one quantum cable and adding them to the next..
Re:Unbreakable, bah (Score:2)
Re:Unbreakable, bah (Score:2)
Unbreakable, bah (Score:1)
"The scheme devised by MagiQ, called Navajo, does not use quantum effects to transmit the secret data. Instead, it is the keys used to encrypt the data that rely on quantum theory. If these keys are changed frequently (up to 1000 times a second in Navajo's case), the risk that an eavesdropper without the ke
Re:Unbreakable, bah (Score:2)
We didn't figure it out; we had to get the Poles to steal one and give it to us. And we relied on pinching code books from captured U boats to crack the naval version of Enigma. As usual, it was human failure (to destroy the code books, to not re-use wheel settings day to day, etc.) that compromised Enigma.
Jon
Re:Unbreakable, bah (Score:2)
And how are these 1000 keys a second exchanged? Most key-exchange systems are vulnerable to quantum computing - so if you just save the ciphertext and key-exchange transmissions for a decade
Re:Unbreakable, bah (Score:2)
If the key is shorter than the plaintext, you can brute force the key at the very least, and only some of the resulting keys will yield a sensible message.
Quantum Crypto vs. Quantum Computing (Score:5, Informative)
Quantum cryptography is a method for using quantum physics to make sure nobody reads your bits. Technically cool, but seldom practical. If you happen to have direct fibers connecting you with the people you want to talk to, it might be useful, though it's probably more useful and certainly cheaper to just run Gigabit Ethernet and use conventional encryption, such as AES.
Quantum computing is a totally different animal. It uses Quantum Black Magic to create a computer which can collapse a waveform and have it land at the solution of some classes of NP or similarly problems with at least some significant probability of success, thereby cheating on the fact that it normally takes an exponential or at least superpolynomial number of guesses to find a correct answer. One problem that can theoretically be solved if you have a quantum computer of sufficient resolution is factoring - which means that if such a device were developed, it would break RSA and several other public-key algorithms, whose strength depends on them being exponentially hard if you don't have the key and low-order polynomially hard if you have it. For some other classes of algorithms, it doesn't totally break them, but reduces their strength to half the number of bits, i.e. square-root as hard as before, so you'd need to use twice as many key bits. For algorithms like Elliptic Curve, it's not clear whether they'd be broken, but they'd be a lot more dodgy.
The implications of breaking them are that right now, public key lets you build a lot of very useful communication models. It's hard to replicate signatures without PK, but the privacy applications could be replaced by going back to the old Key Distribution Center models, e.g. Kerberos, which are much less socially powerful.
Building a useful quantum computer requires building something that can detect states with sufficient precision. We currently have the technology to make simple quantum computers (one famous one was able to factor the number 15 into 3x5) but nobody knows how to get high precision yet. One question I don't know is whether a QC would be limited by the Heisenberg Uncertainty Principle (i.e. you've got one variable with a resolution that's never better than Planck's Constant, about 10**-47, which is slightly annoying cryptographically but not fatal because you can use longer keys), or whether it can be built by coupling together a number of units, each of which only needs enough precision to get N bits of the output and you get longer numbers of bits by using more units (that would be much more annoying.) We're nowhere near this yet, but it's the one technology that doesn't run into the typical exponential cryptography "brain the size size of the planet of a planet waiting for the Restaurant at the End of the Universe and still don't have an answer, I'm so depressed" kind of limits that we can easily create otherwise.
Re:Unbreakable, bah (Score:4, Informative)
The one-time pad is one of the simplest encryption algorithms there are: you generate a random key as the same length as your message, then add the two together. You end up with something statistically indistinguishable from a random string of bits, which can only be decoded by someone who has the same key. The big drawback of the one-time pad is that somehow you have to get the recipient a copy of the key, which via non-quanum methods (eg a courier) are always open to interception.
Quantum key exchange uses entanglement to ensure that the sender and recipient can exchange keys, and be sure with arbitrary accuracy that no-one has intercepted the key -- because any attempt to intercept the key leaves a tell-tale sign. So it doesn't exactly prevent someone from stealing the key -- it just prevents them from doing so without you knowing.
It's true that at present this key exchange can only be done over a fibre-optic network, but there's no fundamental reason why it couldn't be done by other means. For example, when quantum computing becomes practical, it might be possible to use entangled qubits -- you and I could each have a "memory stick" of billions of entangled electron pairs, and when we wanted to exchange a message we'd just use up entangled pairs as needed.
Moreover because it's a key exchange, it could be possible to set up "key distribution centers", linked by fibre-optic networks. Then when we want to exchange a message, we first head down to our local centre and generate a key. Of course that's slightly less physically secure since maybe you'll be mugged on the way home, but it's stills secure against electronic eavesdropping. Even without such centres, it's obvious that many commercial establishments -- eg banks and stock exchanges -- could set up private fibre networks to guarantee secure data exchange.
However one shortcoming of current quantum crypto algorithms is that they're only useful for one-to-one communication -- you can't securely ditribute a key to many people. That's probably enough to make it useless for "common" online applications like filesharing -- but how important is truly unbreakable cryptography for that (as opposed to mere unbreakable-within-the-lifetime-of-the-universe) ?
Re:Unbreakable, bah (Score:2)
If you had a 100% secure means of getting your pads to each other and making sure no-one copied them in transit or while they were in your posession, that would be true. The point about quantum methods is that they are tamper proof. It's impossible to copy my one-time pad without me knowing. Of course someone could steal it, but having discovered the theft of course I'd te
New media copy protection is on its way... (Score:1)
newer isn't better (Score:3, Insightful)
The only security quantum encyption has is that the message can only be read by one viewer - this prevents covert surveillance of the message, but not a man in the middle attack, nor a total interception.
Pragmatically you bundle quantum encryption with other authentication techniques, but RSA on it's own is far more useful and secure than quantum encryption on its own.
It's not time to throw RSA and Elliptic curve out just yet.
Doesn't address the real problem (Score:5, Insightful)
And crackers don't really stand a chance against the algorithms we have now. Although I'm happy to see them inventing cool stuff and cryptography os definitely neat, will this makes us more secure? Sure computers keep getting better and you need to stay ahead of the curve if you are someone like the NSA, but are people the loosing the security game because their 128 bit RSA keys keep getting cracked ? No. They are insecure because they have nanotube-size brains and use their birthday for their password or they leave a laptop with the vice president's agenda at a convenience store.
Re:Doesn't address the real problem (Score:2)
128bit is secure for most symmetric ciphers, but not public key ciphers.
Damn, I've gotta change my bank account password again. And some of my other passwords are still blank. It's a matter of work vs risk I guess.
Re:Doesn't address the real problem (Score:3, Insightful)
Re:Doesn't address the real problem (Score:2)
Re:Doesn't address the real problem (Score:2)
Re:Doesn't address the real problem (Score:2)
Quantum encryption isn't encryption (Score:5, Insightful)
What we normally mean by "encryption" is "the transformation of readable stuff into stuff that can be seen by evil people without them able to understand anything". Encrypted data are a stream of bits just like anything else. Thus you can store your encrypted message on a disk, or write it down, or transmit it over a wire, or broadcast it.
In this sense "quantum encryption" isn't encryption at all. Quantum encryption is something that can only happen as part of the act of transmission. There is no such thing as "quantum-encrypted data" that can be recorded or written down or transmitted over conventional media. The act of doing any of those things collapses the wave packet and destroys communication just as effectively as interception would.
I'm not going to argue that we should start calling quantum encryption something else, the name is too snappy and too useful for getting research grants, but let's not get confused into comparing it with public-key or even private-key encryption: they're completely different animals.
Re:Quantum encryption isn't encryption (Score:2, Informative)
A cryptanalysis method (Score:2)
Huh? Are RSA and Elliptic Curve some method for breaking encryption? Yeah I know what he meant, just worded funny.
I thought... (Score:1)
RSA and eliptic would crush it! (Score:5, Interesting)
But where RSA is used (and, barring an as of yet undiscovered in the open world weakness, elliptic curve cryptography) quantum cryptography has no application.
Quantum cryptography is built on the quantum entanglement of photon pairs, who's wave function must remain un-collapsed by measurement or perturbation until decode. This feature is both quantum cryptography's strength and weakness:
It's a strength because any Eve eavesdropping is irrefutably revealed.
It's a weakness because it limits the applications to such Alices and Bobs where between actual original photons may be reliably transmitted.
RSA and various other "Newtonian" cryptographic schemes make use of mathematical transforms rather than physical properties of individual particles and survive re-transmission with their essential properties intact; for example, over a packet switched network.
What RSA may not ultimately stand a chance against are quantum computers, which according to a variation of Moore's law I might have been the first to state (at DEFCON 9 [dis.org]), will within a decade surpass then available classical computers and will (in theory) be exceptionally good at cracking encrypted documents.
Assuming the NSA doesn't already have a good working quantum computer...
And assuming it's possible to continue adding entangled qubits...
Anyway, Moores law says the power of classical computers increases as 2^(Y/1.5), where Y is years. So far, roughly, quantum computers are increasing in power as 2^2^(Y/2), which should make em about 10^225 times as powerful as today's classical computers in 2 decades, and if that turns out to be so, then RSA really won't stand a chance. It might be a bummer for some: 4096 bit PGP keys are assumed to be safe against, for example, the combined efforts of all computers to be built according to Moores law between now and any normal lifetime, or at least well past the statute of limitations. But if quantum computer development continues apace, that assumption may be problematically flawed.
But it's not quantum encryption that's the threat, it's quantum computers. Quantum encryption isn't any more unbreakable than whatever data method underlays it, though it's a fine way to transmit a stream of random numbers. The "key" is that it is, apparently, physics-ally impossible to intercept the stream of photons without causing a measurable effect. So Alice and Bob can be absolutely sure their one time pad is known only to them...
as long as no one is looking over their shoulders...
Re:RSA and eliptic would crush it! (Score:1)
Assuming the NSA doesn't already have a good working quantum computer...
And assuming it's possible to continue adding entangled qubits...
Anyway, Moores law says the power of classical computers increases as 2^(Y/1.5), where Y is years. So far, roughly, quantum computers are increasing in power as 2^2^(Y/2), which should make em about 10^225 times as powerful as today's classical computers in 2 decades.
[...]
Given that one decade is 10 years, then for 2 decades:
Y=20
2^(2^(Y/2)) = 1.8*10^308
(2^2)^(Y/2)
Re:RSA and eliptic would crush it! (Score:2)
OK - lame - I just read it off my own graph. Going to 20 years, excel barfs. At 19 years it's 10^224, 225 seems rounder, two decades is less specific than 19 years. I used increments of decades rather than years as an admission of wide tolerance.
And yes, it's a massive IF. Of course. But I think a rather interesting if, as such things go. Thus far QC is on t
Not entirely monkies flying (Score:2)
First, classical computers may, to a crude degree, be considered "powerful" as a function of their clock speed and complexity. Roughly this power has been increasing at an exponential rate according to "Moore's Law."
Quantum computers are entirely different in a way that matters for certain classes of problems, particularly sorting and testing. These classes of problems are well suited, for e
what's a quantum computer? (Score:1)
Thanks!
Sivaram Velauthapillai
Re:what's a quantum computer? (Score:2)
A quantum computer is completely different than a classical computer with more than 2 states. When people say a quantum computer can have multiple states, they are also implying freaky properties called "superposition" and "entanglement".
The example I usually use, which is not a particularly useful calculation on a quantum comp
Individual Photons (Score:2)
There is some reason to suspect that quantum states are transmissible from one photon to the next ad infinitum. (Don't forget that all forms of data transmission involve direct physical linkage, even in the form of waves.) I would not rule out the ability of future quantum computers to be able to suss out such subtle states by the use of markers in data. Given the
Quantum nonsense (Score:2)
That's a really big ASSumption.
Don't forget the other ASSumption, that you can maintain the quantum states long enough to do useful computations with them. OK, perhaps some day, but not in 10 years.
Re:RSA and eliptic would crush it! (Score:2)
There isn't yet (after three decades of futile attempts) a loophole free two photon Bell experiment to prove that the entangled pair distant state collapse exists at all. With the "loophole" (euphemism used by believers, meaning in plain langu
Re:RSA and eliptic would crush it! (Score:2)
DoSing an encrypted transmission is useful on the battlefield and in situations where short-term denial of communication is useful - otherwise it does little good. The communicating parties will just send a line tech out to inspect the lines.
Think of ivy bells - where the US tapped the russian underwater telephone
Great... (Score:2, Insightful)
How about a new monitor design? (Score:4, Interesting)
Be afraid, be very afraid (Score:3, Funny)
With the advent of unbreakable quantum encryption, we are clearly in for more of the same. If you think the line at the arirport is long now, just wait until security starts searching people for nanotubes. Me, I'm seriously considering driving everywhere.
Oh yeah..... (Score:4, Interesting)
RSA and Elliptic Curve wouldn't stand a chance against this unbreakable encryption
Oh yeah, that cheap and easy cryptography technology that can be performed on a CPU in a wristwatch or smartcard and be can used for encryption, signing, PKI infrastructure, n of m schemes etc will be instantly replaced by a system that's only good to transmit bits with a guarantee that the recipient will be able to detect if someone else is reading the traffic. Yawn.
Re:Oh yeah..... (Score:2)
It's more than that. If the person snooping on the flow of photons "views" the stream, they will completely destroy any information that may be passing through the system. Not only that, but there is no chance of the malicious user guessing the correct viewing angles for the photons, and therefore is completely secure. When quantum computing comes, and it eventua
single photons? (Score:2, Interesting)
Can anybody comment on whether this new result applies to generating single photons?
Wouldn't quantum computers break it ? (Score:3, Interesting)
Re:Wouldn't quantum computers break it ? (Score:3, Informative)
That doesn't mean you don't need a traditional cryptosystem on top of it. An attacker could compromise the receiving end of the line and read the message without detection. You still need crypto to protect against this.
Can a quantum computer defeat quantum "cryptogr
huh? (Score:3, Funny)
i don't know if you know this, but that's not how encryption works... :)
"Buzzword Bingo!!" (Score:2)
All I need now is "String Theory" and I win!
And people will still (Score:3, Funny)
Re:Science (05 Sept 2003) Text (Score:1, Informative)
Re:it slices, it dices (Score:4, Funny)
They kinda suck as straws. Well, they don't really suck, but thats the problem.
Re:it slices, it dices (Score:2)