First Bank Transfer via Quantum Cryptography

An anonymous reader writes with today's announcement that "the Austrian project for Quantum Cryptography made the world's first Bank Transfer via Quantum Cryptography Based on Entangled Photons; see also Einstein-Podolski-Rosen Paradoxon." (For more background, see the recent Slashdot post "Quantum Cryptography Leaving the Lab.")

Re:How does it defeat repeaters?

[einstein]

because you wouldn't know which photons contain the data. as soon as you touch it, the other end knows it's datastream has been tampered with.

This [dartmouth.edu] is a good overview.

Re:How Immediate is Immediate?

[mangu]

Is this instantaneous? Wouldn't that violate the whole speed-o-light thing?

Yes and no. (Well, we *are* talking quantum stuff here, aren't we?) Do a google for "bell inequality" and see if you can get anything from the results. Basically, the answer is , yes, it is instantaneous. And no, it doesn't violate the speed-of-light limitation because you cannot get any useful information transmitted that way. You see, there are two photons which are interlocked. The first photn came at the speed of light and it contains the information you are looking for. The second photon, which serves to validate the quantum key is redundant from the information point of view, it doesn't carry the bank account balance, it only serves to detect tampering in the system.

Re:How does it defeat repeaters?

[saddino]

In order to "read" the photon, you will need to measure the polarization of that photon. But, due to quantum mechanics, as soon as you measure the polarization (for example, with a filter), you will in effect have changed its polarization, and thus its original, actual polarization will be unknown to you. And that's the trick. In essence, the message is "read once." Even if you happen to use the exact same filter as the sender, and read the original photon (and message) for yourself, you can not retransmit the photon with its original, actual polarization -- and thus your "clean one" will arrive at the destination as garbage (thus notifying the receiver that the message has been compromised).

For more info read this primer [csa.com].

Re:Why bother?

[cardmagic]

The Vernam cipher ( http://en.wikipedia.org/wiki/Vernam_cipher ) which is used to encrypt the data is PROVABLY not crackable. The quantum part is a PROVABLY secure key exchange. It has been proven that this system is uncrackable.

The history of cryptography

[Vlar]

I remember reading a book all about the history of cryptography. It outlined the evolution of cryptograpy from simple albhabet substitutions to the concept of quantum cryptography. It shows all the pros and cons and weighs them against eachother.

Excelent read for anyone interested in the field or just currious about it.

ISBN: 0385495315

Re:Proof of Concept

[David Hume]

Firstly, the security this sort of thing provides is at a different stage in the process to anything a social attack would work on, so the two concepts are unrelated.

The two different security issues are related in the way almost, if not all, issues are related. Time, money and resources. If you spend them in an effort to address one problem they can't be spent in an effort to address another.

Secondly, even if they were related, you're appear to be suggesting we might as well not bother patching one future security hole because a different one also exists? Thats crazy. We should tackle all security risks, not just one particular one.

Should we really attack all security risks at the same time when we have limited resources? To borrow an analogy from a post below, does it make sense to spend money to make an even better, super duper dead bolt when: (a) nobody has cracked, or is expected to crack, current dead bolts; and (b) there is not enough money to secure the window? I honestly don't know, what current or reasonably expected vulnerability is quantum cryptography designed to remedy? Are current systems too slow, or expected to become too slow in the future? Does it address a real problem?

Lastly, socially engineered attacks are most often people giving up a PIN or forging a signature. That affects one account per attack. If a cracker gets past the sort of stage that Quantum Cryptography protects they have the opportunity to automate and reap every transaction the bank carries out.

If true, this is a good point, but I'm not sure it is true. First, I'm not sure that there is any reasonable expectation that a cracker will get "past the sort of stage that Quantum Cryptography protects." I thought the consensus was that current systems, given a sufficiently large key, were for all practical purposes unbreakable. Secondly, while social engineering attacks may, in fact, "most often" involve "people giving up a PIN or forging a signature," resulting in a single loss, that is not necessarly true in all cases. One can readily imagine an employee being socially engineered into giving system wide acess to an "execute," "repairman," or "consultant."

It may (or may not) be the case that the money would be better and more efficiently spent on training, education, etc. to prevent socially engineering attacks. But that wouldn't be cool.

Re:Uncrackable to date with current tech

[kristoferkarlsson]

Did you even read the contents of that link? One time pads are mathematically secure - this doesn't mean that one time pads can be implemented - but the theory behind it is completely sound. You can not crack a one time pad simply because every possible sentence of a given length could be produced by the same cryptotext and you have no idea which one it is.

It's not a question of current technology at all. RTFL.

Re:But...

[Anonymous Coward]

It's only weird if you think that photons are individual physical things which move from the projector to the wall.

Since there is no evidence that this is the case and there is plenty of evidence that light is a wave propogated through a medium (reference this very experiment which also works with any other kind of wave) you can see how this would not be weird at all.

Re:Hype

[Anonymous Coward]

No, quantum cryptography is unbreakable as long as the key is secure. A single missorting permanently randomizes all missorted photons/whatever, and as such not only is it impossible to try to break it more than once, it's impossible to try to break it without the receiver knowing that something is up. Quantum computing isn't needed in the least.

Re:But...

[lightray]

Have you actually tried it?

When I first read about the double slit experiment, I said to myself, "That can't be!"

I cut two slits into a piece of cardboard and directed a flashlight beam through the slits at a wall.

And I observed exactly what one would expect, two diffuse bright spots. I said, "Hmph."

Of course, when I learned a little more, it was obvious why this didn't work. In order to see the interference pattern, your light must be coherent and columnated (as from a laser), and your slits must be very close together, and narrow (with dimensions similar to the wavelength of light). You pretty much need to use a laser as your light source, and rather than a "board" with slits, a sheet of metal with two very thin slits cut into it, very close together.

Something I found very fascinating is that the diffraction pattern you get is the fourier transform of the pattern of slits the system of interference exactly implements the fourier transform integral!

Quantum Cryptographic Communications & 1-time

[chongo]

I have seen several postings related to the "unbreakable Vernam / One-Time pad cipher". The Vernam Cipher, or one-time pad is not a the ''super-duper unbreakable solves all your problems'' cipher that some people think it is.

Yes, Quantum Cryptographic Communications (QCC) can help with the requirement that the one-time pad must be transmitted in private. However the one-time pad cannot be reused so your key must be the same size as your text. Thus far, Quantum Cryptographic Communications is not a speedy high bandwidth form of communication. It might be OK to transmit a small key but to date it is not OK for sending, in a reasonable period of time, huge one-time pad keys that are as big as your original message.

Another thing people sometimes gloss over about Vernam one-time pads is that your cipher is only as good as your random number generator! If you generate your one-time pad using the v7 libc rand(3) function your one-time pad is next to useless.

Another important aspect of Quantum Cryptography (Quantum Cryptography is not simply limited to communications) is random number generation. Quantum Cryptographic Random Number Generation (QCRNG) is a useful tool in generating keys (one-time pads, block cypher keys, public/private key pairs, etc.).

The importance of QCRNG goes beyond Vernam one-time pads. You want a cryptographically strong RNG such as a QCRNG when you generate your session keys. Sending predictable keys over a QCC protected link is next to useless!

Now IF you have:

• near perfect communication privacy (such as with QCC)
• near perfect one-time pad generation (such as with QCRNG)
• near perfect key management (one-time use, no leakage, destruction after use, etc.)
• near perfect ... etc.

then you will begin to approach the ''unbreakable cypher level'' that some people think you get with Vernam One-Time Pad Ciphers.

Re:It seems impractical

[Anonymous Coward]

You raise some very good points.

In fact, in quantum cryptography you usually can't provide the receiver with one photon: you transmit (approximately) one photon, and the receiver successfully gets it, say, about 1% of the time. Assuming the system can maintain a low error rate, QKD is robust against losses (even 99% loss). Signal-to-noise is what counts here.

Autocompensating systems have the same range as their non-round-trip counterparts. You can make the source twice as bright, because you're only worried about eavesdropping on the return leg of the journey.

I'm not an expert on EDFAs, but my understanding is that they don't have a flat noise spectrum. So one might hope to find a quiet wavelength, away from the EDFA noise, to do quantum cryptography on.

Re:Quantum Cryptographic Communications & 1-ti

[casehardened]

You're missing the point here... Quantum cryptography _creates_ a set of 1 time pads that both the sender and receiver have. So, a fairly small one-time pad is generated, and then the data is encoded & transmitted over a fast line. This is why it's often referred to as QKD (quantum key distribution). For absolute security, you only send data encrypted directly with your key, which is slow, but can't be decoded by a 3rd party.

Re:Quantum Cryptographic Communications & 1-ti

[Anonymous Coward]

The quantum state of the particles IS the random number generator. You aren't using a software RNG to feed the quantum device, you're relying on the inherently random nature of quantum fluctuations to Create your random data.

This, my friend, is as random as it gets, until someone develops the Theory Of Everything.

Re:Quantum Cryptographic Communications & 1-ti

[cardmagic]

I believe you are approaching this topic all wrong:

The Vernam Cipher, or one-time pad is not a the ''super-duper unbreakable solves all your problems'' cipher that some people think it is.

Yes, the Vernam cipher is unbreakable, because the cipher itself requires all of the things you mention. You talk about random keys as if they might be optional, but they are actually standard necessities. It is a subtle difference, but I hope you can see it. If someone misuses the Vernam cipher, it becomes crackable, but in its nature, it is super-duper unbreakable solve all your problems.

Re:Real-time Mars rover remote control.

[NonSequor]

While quantum entanglement can be used to achieve a sort of faster than light communication, you can't control what you "send" and once you've used one pair of photons you'll need another pair if you want to "send" anything else. Basically all this technique is good for is providing a means for ensuring that two parties have the same random string of bits. This is perfect for generating one time pads which provide an unbreakable form of encryption if they are only used once.

Entangled particles can be used for other interesting forms of communication, but in every case a classical communication channel must also be used.

Re:Hype

[julesh]

Furthermore, this is really just a Quantum Key exchange. So tack on whatever protocol you wish to use once you have the key. Quantum encryption is something that would require quantum computing first.

Also please note, the quantum transmission is not even "secure." Its just that if anyone but you reads it, you are secure in the knowledge that you will know about it.

OK - here's what you missed. Its a two phase process. Yes, the clever part is the key exchange - you can exchange a key and know with certainty if it has been intercepted. You then use that information to determine whether or not to send the message encrypted using a traditional encryption algorithm (note that if your key is large enough, traditional encryption methods become truly unbreakable -- the 'one time pad' that is usually used as proof of this concept uses a key that is the same size as the message). If anybody know the key, you don't send the message. Thus, an eavesdropper cannot gain any useful information. After all, what use is knowing an encryption key that will never be used?