Forgot your password?
typodupeerror
This discussion has been archived. No new comments can be posted.

First Bank Transfer via Quantum Cryptography

Comments Filter:
  • by etLux (751445) on Wednesday April 21, 2004 @03:41PM (#8932548) Homepage
    Yes, but... what will I now need to decode my bank statements?
  • But... (Score:5, Funny)

    by DonServo (727377) on Wednesday April 21, 2004 @03:42PM (#8932551)
    Wouldn't checking if the transfer went through alter your balance? :-P
    • Re:But... (Score:5, Funny)

      by Anonymous Coward on Wednesday April 21, 2004 @03:44PM (#8932575)
      I looked in my account and found out my cat was dead.

      You know the two-slit experiment? Well, its just like that
      -- standard explanation for weird quantum things when you don't know the right answer.
      • Re:But... (Score:5, Interesting)

        by blincoln (592401) on Wednesday April 21, 2004 @04:23PM (#8932988) Homepage Journal
        You know the two-slit experiment? Well, its just like that
        -- standard explanation for weird quantum things when you don't know the right answer.

        I was just reading about that last night in The Elegant Universe.

        For those who haven't heard of it before, here's the experiment:

        - take a wall with light shining on it from a projector.

        - place a board in-between the wall and the projector that interrupts the beam of light. The board should have two vertical slits cut in it, which can be opened and closed independently of each other.

        If you open just the left one, you get a vertical bar of light on the wall.

        If you open just the right one, you also get a vertical bar of light on the wall, offset from the one that was there with the left one open.

        Now, intuitively you would think that if you opened both at once, you would just get two vertical bars of light, but you don't. Wave interference means you get a whole bunch of light and dark vertical bars on the wall.

        Here's the spooky quantum-mechanical part - the same interference effect happens even if the projector is designed to only emit one photon at a time, then wait until it has hit the wall (or the board) before sending another. You will still get the bands of dark and light.

        Pretty weird, eh?
        • Re:But... (Score:3, Interesting)

          by nessus42 (230320)
          Here's the spooky quantum-mechanical part - the same interference effect happens even if the projector is designed to only emit one photon at a time, then wait until it has hit the wall (or the board) before sending another. You will still get the bands of dark and light.
          What's even spookier is that the experiment turns out the same if you replace the photons with sodium molecules!

          |>oug

        • Re:But... (Score:4, Funny)

          by bfg9000 (726447) on Wednesday April 21, 2004 @04:58PM (#8933416) Homepage Journal
          Sounds like a glitch in the Matrix.
        • An interesting theory trying to explain this seemingly inexplicable result, is by taking the hypothetical possibility that the bands are created by photons that exceed the speed of light. Only when they revert to another (visible) quantummechanical state (by hitting the wall, for instance) do they become noticable.

          This is not impossible, because, contrary to what most ppl think, lightspeed is in fact an average; within one beam, there can be photons that are moving slightly slower, and photons that move sl
        • Re:But... (Score:5, Informative)

          by lightray (215185) <tobin@splorg.org> on Wednesday April 21, 2004 @05:44PM (#8933860) Homepage
          Have you actually tried it?

          When I first read about the double slit experiment, I said to myself, "That can't be!"

          I cut two slits into a piece of cardboard and directed a flashlight beam through the slits at a wall.

          And I observed exactly what one would expect, two diffuse bright spots. I said, "Hmph."

          Of course, when I learned a little more, it was obvious why this didn't work. In order to see the interference pattern, your light must be coherent and columnated (as from a laser), and your slits must be very close together, and narrow (with dimensions similar to the wavelength of light). You pretty much need to use a laser as your light source, and rather than a "board" with slits, a sheet of metal with two very thin slits cut into it, very close together.

          Something I found very fascinating is that the diffraction pattern you get is the fourier transform of the pattern of slits the system of interference exactly implements the fourier transform integral!
  • by Anonymous Coward on Wednesday April 21, 2004 @03:42PM (#8932557)
    ...I can't observe my checking account balance without lowering it.
  • by gevmage (213603) on Wednesday April 21, 2004 @03:43PM (#8932563) Homepage
    So the transaction slip presumably says:

    Your transaction number has a 90% probability of being between 8765432 and 8765478.

    Have a 75% nice day.
  • by Anonymous Coward on Wednesday April 21, 2004 @03:45PM (#8932591)
    Due to Insufficient Cat.
  • by gid13 (620803) on Wednesday April 21, 2004 @03:46PM (#8932602)
    ... there has been a bank error in your favour. Collect $200. :)
  • Proof of Concept (Score:4, Insightful)

    by radoni (267396) on Wednesday April 21, 2004 @03:46PM (#8932603)
    ..but why do we need this?

    The biggest hole in security is usually the people operating technology. Ever want something, call up and ask for it.

    What does the ability to have uncrackable encryption do to thwart social engineering tactics?
    • by onion2k (203094) on Wednesday April 21, 2004 @04:00PM (#8932775) Homepage
      Firstly, the security this sort of thing provides is at a different stage in the process to anything a social attack would work on, so the two concepts are unrelated.

      Secondly, even if they were related, you're appear to be suggesting we might as well not bother patching one future security hole because a different one also exists? Thats crazy. We should tackle all security risks, not just one particular one.

      Lastly, socially engineered attacks are most often people giving up a PIN or forging a signature. That affects one account per attack. If a cracker gets past the sort of stage that Quantum Cryptography protects they have the opportunity to automate and reap every transaction the bank carries out.

      Now which is the bigger problem?

      • Well, I think that all that the grand-parent is arguing is that quantum cryptography is increased security where we don't need it. One-way traps are good enough, and no-one forsees them being broken. Why do we need quantum-encrypted transactions? The money and effort is better spend developing procedures and technologies to prevent more pressing weaknesses, such as social engineering and insider fraud.
      • Re:Proof of Concept (Score:3, Informative)

        by David Hume (200499)

        Firstly, the security this sort of thing provides is at a different stage in the process to anything a social attack would work on, so the two concepts are unrelated.

        The two different security issues are related in the way almost, if not all, issues are related. Time, money and resources. If you spend them in an effort to address one problem they can't be spent in an effort to address another.

        Secondly, even if they were related, you're appear to be suggesting we might as well not bother patching

        • by onion2k (203094)
          Note that I did say "one future security hole". While the crypto we have know, with "a sufficiently large key", they *will* become trivial to break in the future. If (when) quantum computing becomes available to anyone with a decent bank roll then we'll need quantum crypto to remain secure. I don't think waiting until that time is a good idea. Getting a head start is.
          • Re:Proof of Concept (Score:3, Interesting)

            by David Hume (200499)

            Note that I did say "one future security hole". While the crypto we have know, with "a sufficiently large key", they *will* become trivial to break in the future. If (when) quantum computing becomes available to anyone with a decent bank roll then we'll need quantum crypto to remain secure. I don't think waiting until that time is a good idea. Getting a head start is.

            Very good point. FWIW, I actually thought of this (really ;)... after I posted. You are right, one cannot afford to wait.

            But I also t

      • by gumbi west (610122)
        No, a social attack can work on a much higher level than this would work (think the master password to the accounts). Social attack is far and away the most serious security holes that anyone has.

        Secondly, even if they were related, you're appear to be suggesting we might as well not bother patching one future security hole because a different one also exists? Thats crazy. We should tackle all security risks, not just one particular one.

        No, the question is one of resource allocation. At present, there

    • by Anonymous Coward
      I can't believe this got a +5.

      It's ridiculous reasoning.

      Should deadbolts not have been developed because most people break in through windows?

      Should we stop working on vaccines to deadly viruses just because most people die of heart disease or cancer?

      It's called progress. People work on improving their own peice of the puzzle and the whole system improves as a whole by the sum of the efforts.

      • Should deadbolts not have been developed because most people break in through windows?

        Should we spend limited resources to improve deadbolts that are currently, and are expected to remain, unbreakable, when there are not sufficient resources to improve and adequately secure windows?

        Should we stop working on vaccines to deadly viruses just because most people die of heart disease or cancer?

        Should we continue to work on vaccines to deadly viruses if: (a) ten times as many people die of heart disea

      • Yes and no - your argument isn't exactly right. You ask:
        Should deadbolts not have been developed because most people break in through windows?

        A better analogy would have been asking 'should I upgrade my deadbolts to tungsten carbide, drill-resistant ones, because no burgler will ever get through them' when your back door is made of 3/8" plywood and non-toughened glass.

        The bank to bank transfers are the strongest link of the chain - making them tougher is fine, but not at the expense of the weakest part.
    • This is a solution to a different problem. Inventing a more effective toothbrush won't get kids to brush their teeth either, but who cares?

      ~Berj
    • Quantum crypto is an entertaining concept for securing data on locations connected by a single dedicated piece of fiber, but from a cryptographical standpoint, it's not really very useful - you can already do uncrackable crypto at much lower costs, and quantum crypto still needs you to run reliable communication protocols. It's kind of like using an armored car service to carry your credit card receipt from the front of the restaurant to the office in the back next to the unlocked door - you get a really
  • Sure but would they still charge a fee for using "out of our network" ATMs?
  • trade ya (Score:5, Funny)

    by theMerovingian (722983) on Wednesday April 21, 2004 @03:48PM (#8932626) Journal

    I'll give you my entangled photons in exchange for chocolate [slashdot.org].

  • by Letter (634816) on Wednesday April 21, 2004 @03:48PM (#8932627)
    Dear Prestigious Journal,

    At the University concluded a study which finds quantum cryptography is a lot better than plain cryptography. Please FAX bank account via quantum cryptography to KWEISE MFUME at +34 79 345 8792 for full article.

    Looking forward to hearing,
    Letter

  • by jacquesm (154384) <j.ww@com> on Wednesday April 21, 2004 @03:49PM (#8932641) Homepage
    are only good for small change...
    • The more money being transferred, the greater the uncertainty of the momentum of the money (for the same velocity), the more certain we'll be who has it.

      This principle is generally true in classical economic transfers as well: Bill Gates keeps having lots of money, but I only sometimes have money; I know I owe lots of money to my bank for student loans, but I only have a suspicion that my friend owes me 50 cents.

  • by MajorDick (735308)
    Man arrested in connection with bank transfer fraud, he reportedly stole 1.2 million dollars using a flashlight
  • Complicated (Score:4, Funny)

    by nycsubway (79012) on Wednesday April 21, 2004 @03:49PM (#8932646) Homepage
    Thats some damn complicated stuff, there! I hope the technicians who fix the ATM machine know about phuton criptography. I may know how to program with code, but damned if i know how futons work!

  • by theLOUDroom (556455) on Wednesday April 21, 2004 @03:51PM (#8932674)
    I'm asking this question again because it came a bit to late to the last discussion I posted it in

    Is quantum crypto provably flawed?

    I've seen tons of blurbs stating the the link is "absolutely" secure, but it seems that isn't really the case. [dhushara.com] (see the bottom of the page.)

    What strikes me about all this is the following section:
    "each pulse should be attenuated to an average of about .1 photon to reduce the probability of generating a two-photon pulse that could be split and eavesdropped undetectably."


    What that says to me is that there is not way to 100% know you're transmitting just one photon.

    It sounds like there's no device that is capable of transmitting one and only one photon with 100% reliability. If this is the case, a lot of the arguments about how secure this is are vastly overstated.

    In the end QC would be vulnerable to a man-in-the-middle attack by watching for multi-photon emissions.

    If this is the case, a lot of the noise surrounding QC could turn out to be hype. (The big plus for quantum crypto is that it's supposedly immune to this.) Is there a quantum physicist in the house?
    • by gunnk (463227) <.ude.cnu.gpf.liam. .ta. .knnug.> on Wednesday April 21, 2004 @04:05PM (#8932820) Homepage
      I think you're worried about something that happens, but isn't a useful eavesdropping technique. Suppose that you have a device for emitting single photons. Further suppose that the emitter accidentally emits two photons for a single bit 1% of the time.

      If an eavesdropper successfully split the extra photons off, they have successfully captured 1% of the data stream. First off, that's not much data if you want to reconstruct something meaningful in the way of information carried by the stream.

      Another problem, however, is the effect of the splitter on the rest of the stream. When a single photon passes the splitter, which path does it choose? If I'm not mistaken, that choice will be at random. If so, then the presence of the splitter becomes immediately detectable because half the single photon pulses never reach their destination. In fact, the number missing is likely to be so close to 50% that the presence of the splitter should be obvious to the bank.
      • IIRC they don't send anywhere near 1 photon. It's more like 100 photons and these can possibly be passed through one of those multiplier thingies. Obviously if you've got that kind of access to the fiber, you can perform a man-in-the-middle attack anyway. Just cut the cable and plug in some equipment like they use at the 2 ends. To each party you pretend to be the other party and just relay the messages. If key exchange is done over the wire, you perform that step for each of them. If a key is exchanged via
        • To each party you pretend to be the other party and just relay the messages.

          the whole point of quantum cryptography is that a man-in-the-middle attack like that is fundamentally impossible.

    • by gevmage (213603) on Wednesday April 21, 2004 @04:06PM (#8932829) Homepage
      I've seen a few presentations/demos on this. Basically the idea is the transmission runs on probability. Each photon has a certain probability of being lost. So the receiving station knows what the general frequency that it can expect, and if its not, the signal is being tampered with.

      The reason that the man-in-the-middle attack doesn't work is that by doing so, you introduce two sets of attenuation rather than one. If the message is intercepted and then re-transmitted, the message has now been sent through the attenuation cycle twice. This means that instead of the signal being modified by the original attenuation function, it's modified by the attenuation function squared, which is easy to distinguish.

      • If the message is intercepted and then re-transmitted, the message has now been sent through the attenuation cycle twice. This means that instead of the signal being modified by the original attenuation function, it's modified by the attenuation function squared, which is easy to distinguish.

        So it sounds like my assessment that you just CAN'T reliably send out single photons is right and quantum crypto is relying very heavily on statistics, whereas tradditional crypto relies on factoring, etc.

        This mea
  • by jabbadabbadoo (599681) on Wednesday April 21, 2004 @03:54PM (#8932700)
    According to Heisenberger, my money is going to be both here and there. And if I'm to check my balance, the result will be inaccurate because I'm checking it up.

    Nah, back to those good ol' electrons.

  • So... (Score:4, Funny)

    by Kenja (541830) on Wednesday April 21, 2004 @03:56PM (#8932728)
    So then the money has been both transfered and not transfered? That sounds like an argument waiting to happen.
  • by Thinkit4 (745166) * on Wednesday April 21, 2004 @03:57PM (#8932734)
    What I don't understand is why can't you cut the line and put in something like a repeater. When you read a bit, you change that photon, but then you just transmit a clean one with the same value (or maybe even change it to confuse).
    • by einstein (10761) on Wednesday April 21, 2004 @04:11PM (#8932864) Homepage Journal
      because you wouldn't know which photons contain the data. as soon as you touch it, the other end knows it's datastream has been tampered with.

      This [dartmouth.edu] is a good overview.
    • by saddino (183491) on Wednesday April 21, 2004 @04:19PM (#8932952)
      In order to "read" the photon, you will need to measure the polarization of that photon. But, due to quantum mechanics, as soon as you measure the polarization (for example, with a filter), you will in effect have changed its polarization, and thus its original, actual polarization will be unknown to you. And that's the trick. In essence, the message is "read once." Even if you happen to use the exact same filter as the sender, and read the original photon (and message) for yourself, you can not retransmit the photon with its original, actual polarization -- and thus your "clean one" will arrive at the destination as garbage (thus notifying the receiver that the message has been compromised).

      For more info read this primer [csa.com].
  • snake oil (Score:5, Insightful)

    by Kallahar (227430) <kallahar@quickwired.com> on Wednesday April 21, 2004 @04:03PM (#8932801) Homepage
    Bruce Schneier covered why quantum cryptography doesn't solve any security/secrecy problems in his December 15, 2003 Crypto-Gram [schneier.com].

    "It's like defending yourself against an approaching attacker by putting a huge stake in the ground. It's useless to argue about whether the stake should be fifty feet tall or a hundred feet tall, because the attacker is going to go around it. Even quantum cryptography doesn't "solve" all of cryptography: the keys are exchanged with photons, but a conventional mathematical algorithm takes over for the actual encryption."
    • Re:snake oil (Score:2, Interesting)

      by cardmagic (224509)
      But the conventional mathematical algorithm that takes over the actual encryption is the only known unbreakable cypher known to man kind... http://en.wikipedia.org/wiki/Vernam_cipher
      • One time pad's are *not* secure. First of all, the transmission of the pad also has to be secure. Typically this would be done by an armored carrier, and hand delivered to the destination. Even then, you'd have to manually decode it to make sure that the key wasn't compromised in the computer. The second problem is that you can make any message turn into any other message by changing either the decryption pad.

        All of the AES finalists are secure, and they don't have a problem with transmitting the pad.
        • This is the entire point of quantum crypto, which should actually be called quantum key exchange. Quantum crypto is used to transfer a perfectly random one time pad with no way for an attacker to see the pad. One time pads are provably 100% secure, it's just a matter of getting the key there. Quantum crypto solves the one time pad key transfer problem.
    • by griffjon (14945) <GriffJon.gmail@com> on Wednesday April 21, 2004 @04:49PM (#8933311) Homepage Journal
      First, Schneier really loves his stake-in-the-ground idea. He used it to describe cryptography in general in his "Secrets and Lies" book (which, IMHO, doesn't hold a candle to the quality of his applied crypto books. In fact, it feels more like a book-long commercial for his managed security business)

      Anyway, sure. QC alone ain't gonna help you. But if it's a stake in a ground that's part of a fence, it damn well matters if it's 100 ft tall vs 1 ft tall, or even 10 ft tall.

      Does it 'solve' security problems? No, of course not, because as many many many people have already said, in this post and in many other places, the way to defeat the best crypto in the world is to look under a keyboard and copy down the relevant password/phrase that the user wrote on a sticky-note there. (or other social engineering tricks)

      It does make security easier, as it prevents MITM attacks, requires (for now) specialized hardware, and provides really-tough-to-decode crypto. So, if you have the rest of your process working, yes, QC can help by being a more secure technology.

      But think of the inverse. OK, so, crypto is like a stake in the ground, it doesn't matter what size or where it is. So, let's all use DES, because it's an established standard!

      You are only as secure as your weakest link, obviously. You'd be stupid if crypto turns out to be your weakest link, as even not counting QC, there's lots of good, secure crypto processes available.
    • Excellent point! Can someone produce some statistics as to the amount of fraud stemming directly from intercepted EFTs? (With particular emphasis on the cracking of crypto, or tapping of allegedly private, secure lines of communication). I'd venture to guess that outright robbery, fake ATMs, "identity theft", and check-washing are the preferred means by far.
  • ... i'm not 'certain' - have you asked mr. heisenberg?
    • No, no, no.... That joke should be:

      "Well, I can tell you precisely what the princepal is, but the interest rate will be indeterminate; or I can tell you the interest rate, but then the princepal will be indeterminate.

      Sorry, I can't tell you how much you owe, or how long you have to pay.... It's a that pesky problem with uncertainty. Just keep paying double the monthly payment, I'm sure eventually that'll be enough. Your loan officer will call you to tell you to stop. I'm just sure of it sir."

      Kirby

  • by Esion Modnar (632431) on Wednesday April 21, 2004 @04:06PM (#8932825)
    Quantum Key Distribution does not invoke the transport of the key, since it is created at the sender and receiver site immediately.

    Is this instantaneous? Wouldn't that violate the whole speed-o-light thing?

    • by mangu (126918) on Wednesday April 21, 2004 @04:18PM (#8932948)
      Is this instantaneous? Wouldn't that violate the whole speed-o-light thing?


      Yes and no. (Well, we *are* talking quantum stuff here, aren't we?) Do a google for "bell inequality" and see if you can get anything from the results. Basically, the answer is , yes, it is instantaneous. And no, it doesn't violate the speed-of-light limitation because you cannot get any useful information transmitted that way. You see, there are two photons which are interlocked. The first photn came at the speed of light and it contains the information you are looking for. The second photon, which serves to validate the quantum key is redundant from the information point of view, it doesn't carry the bank account balance, it only serves to detect tampering in the system.

  • by meshko (413657) on Wednesday April 21, 2004 @04:08PM (#8932842) Homepage
    My knowledge of cryptography is limited to the entry level college course of which I remember quite little, and my knowledge of physics is as limited as it can be.
    To me this story is rather sensational -- I didn't realize that quantum crypto is that close to actually being used; it also seems to me that wide use of quantum crypto is going to revolutionalize the field.
    Can someone who knows a lot about this explain to the rest of us: is this "WOW!!!" or just "neat!"?
  • by TMB (70166) on Wednesday April 21, 2004 @04:15PM (#8932912)
    Yeah, but filling out the slip for "1/sqrt(2) |deposit> - i/sqrt(2) |withdrawal>" is a pain, and thanks to the epoch of inflation my balance is now much smaller than the rest of the universe... luckily, even in an income vacuum my balance randomly jumps up, but only for REEEEAAALLLLYY short lengths of time. I've been hawking radiation for a while but everyone says it's just a two slit operation.

    Okay, I'm done now.

    [TMB]
  • by Vlar (749162) on Wednesday April 21, 2004 @04:29PM (#8933063)
    I remember reading a book all about the history of cryptography. It outlined the evolution of cryptograpy from simple albhabet substitutions to the concept of quantum cryptography. It shows all the pros and cons and weighs them against eachother.

    Excelent read for anyone interested in the field or just currious about it.

    ISBN: 0385495315
  • Entanglement (Score:3, Interesting)

    by ztirffritz (754606) on Wednesday April 21, 2004 @04:37PM (#8933169)
    As I understand it (according to Bill Bryson's "A Short History of Nearly Everything") entangelment does in fact violate Einsteins theory. It says that two entangled photons at any distance apart from each other will react identically instantaneously. **Notice** Instantaneously! That is faster than the speed of light. Einstein did not believe that this was possible, but experiments have shown this to be true, at least as we understand it. The part that impresses me the most is that someone devised a logic experiment that could determine the results with near certainty without altering the results. An excellent source for more information is the book "Mind at Light Speed", I forget the author's name. "A Short History of Nearly Everything" is also a great book which covers so many topics that it made my head spin.
    • Wrong. When you have an EPR pair, you need to transfer CLASSICAL data (the ket that came from the first qbit) in order to make use of the quantum state of the other half of the pair. The classical data you transmit is still limited by th speed of light.

      Sorry, this is something that would be covered in first two weeks of any introductory course on quantum mechanics or quantum information theory.
  • first Bank Transfer via Quantum Cryptography Based on Entangled Photons

    I would expect transfering some data would be pretty ok, but they entangled and transfered a bank? Unbelievable. Did some bank office clerks survive their quantum encryption?
  • by chinton (151403) <chinton001-slash ... m ['mai' in gap]> on Wednesday April 21, 2004 @04:59PM (#8933434) Journal
    Don't look to closely at your account balances, lest they become more uncertain.
  • in cryptography! :-)

    This is really amazing; think of the possibilities that this offers. If this sort of system gets affordable, mass-produced and hits the market, it will invoke a whole new era of communication!

    Gone are the hackers who snif out passwords and creditcardnumbers; the moment they try to intercept it, it is discovered. Brute force attacks become meaningless, since the key is generated completely at random and is of a one-path nature, which is theoretically proven to be unbreakable (in contras
  • Did they impliment this using the BB84 or B92 protocal? The BB84 is very simple but the B92 is much more secure. As with all things, "perfectly secure" in theory does not necesarily mean "perfectly secure" in the real world and BB84 is more seceptible than B92.
  • It look to me like you could use a beam splitter to defeat this--unless it is a single photon, in which case I don't understand how you don't loose lots of data. Also, both the transmission point and the end point need to know what the polarization is going to be before hand...if you know that, why not just use that sequence as your encription key?
  • by FrankDrebin (238464) on Wednesday April 21, 2004 @05:27PM (#8933708) Homepage

    It will be cool one day, imagining that for a brief moment, the photons, being in a superposition of states, *could* be transferring all the known wealth of the universe to my bank account. Sadly, when observed, minus service fees, it's probably only like a buck-fifty.

  • by chongo (113839) * on Wednesday April 21, 2004 @06:18PM (#8934113) Homepage Journal
    I have seen several postings related to the "unbreakable Vernam / One-Time pad cipher". The Vernam Cipher, or one-time pad is not a the ''super-duper unbreakable solves all your problems'' cipher that some people think it is.

    Yes, Quantum Cryptographic Communications (QCC) can help with the requirement that the one-time pad must be transmitted in private. However the one-time pad cannot be reused so your key must be the same size as your text. Thus far, Quantum Cryptographic Communications is not a speedy high bandwidth form of communication. It might be OK to transmit a small key but to date it is not OK for sending, in a reasonable period of time, huge one-time pad keys that are as big as your original message.

    Another thing people sometimes gloss over about Vernam one-time pads is that your cipher is only as good as your random number generator! If you generate your one-time pad using the v7 libc rand(3) function your one-time pad is next to useless.

    Another important aspect of Quantum Cryptography (Quantum Cryptography is not simply limited to communications) is random number generation. Quantum Cryptographic Random Number Generation (QCRNG) is a useful tool in generating keys (one-time pads, block cypher keys, public/private key pairs, etc.).

    The importance of QCRNG goes beyond Vernam one-time pads. You want a cryptographically strong RNG such as a QCRNG when you generate your session keys. Sending predictable keys over a QCC protected link is next to useless!

    Now IF you have:

    • near perfect communication privacy (such as with QCC)
    • near perfect one-time pad generation (such as with QCRNG)
    • near perfect key management (one-time use, no leakage, destruction after use, etc.)
    • near perfect ... etc.

    then you will begin to approach the ''unbreakable cypher level'' that some people think you get with Vernam One-Time Pad Ciphers.

    • You're missing the point here... Quantum cryptography _creates_ a set of 1 time pads that both the sender and receiver have. So, a fairly small one-time pad is generated, and then the data is encoded & transmitted over a fast line. This is why it's often referred to as QKD (quantum key distribution). For absolute security, you only send data encrypted directly with your key, which is slow, but can't be decoded by a 3rd party.
  • by Orthogonal Jones (633685) on Wednesday April 21, 2004 @06:27PM (#8934179)

    OK, I am not a believer in quantum cryptography for one big reason -- fiber loss. Someone please enlighten me if I'm wrong.

    The loss of standard single-mode fiber is about 0.1-0.2 dB/km. Therefore, unless the distance is short (as in this demonstration), the transmitter must send multiple photons to ensure a decent probability of providing the receiver with one photon.

    For example, if the span is 100 km long (20 dB loss), then on average only 1 out of every 100 transmitted photons will reach the receiver.

    The situation is worse for autocompensating quantum-crypto systems (e.g., polarization-based encoding), because the photons must survive a round trip through the fiber.

    Therefore, the relatively high power at the transmitter implies that an attacker can tap into the fiber near the transmitter, subtract (on average) only 1 photon, and remain undetected by the receiver.

    Furthermore, typical optical amplifiers add noise (3 dB noise figure for your standard erbium-doped amplifier). The added noise photons would screw up the link, so amplifiers are out.

    In the end, it seems to me that quantum crypto is good for table-top demos, and maybe for short jaunts across a metro area. But it is NOT absolutely perfect, at which point computationally difficult encryption is more attractive.

  • by Shoten (260439) on Wednesday April 21, 2004 @06:29PM (#8934195)
    Now someone can be both Miriam Abacha AND Sese-Seko in their 419 scams at the same time!

It is surely a great calamity for a human being to have no obsessions. - Robert Bly

Working...