Position-Based Quantum Cryptography Proved Secure 45
KentuckyFC writes "Physicists have developed a new kind of quantum cryptography that uses position measurements to guarantee the security of a message. The technique is based on triangulation. Alice uses several transmitters to send messages to Bob who returns them immediately at the speed of light. If the return arrives within a certain time period, Alice can be certain that Bob is where he says he is. Physicists proved a few years ago that when the messages are purely classical this method is not secure because Eve can use any number of receivers to work out where Bob is and then use this information to trick Alice. However, the same physicists have now proved that the quantum version of the same position-based scheme is perfectly secure, essentially because Eve cannot easily measure the value of any qubits in the message. Alice and Bob go on to use the qubits to exchange a cryptographic key, a one-time pad, that they use to encrypt a message. The beauty of the technique is that a message encrypted in this way can be read only by somebody at a specific location, something that governments, banks, and the military, not to mention everybody else, may find useful."
nonlocal results and human weak links (Score:5, Insightful)
The position based exchange, of individual qubits, as describing in TFA is for key exchange, leading to a one-time pad [wikipedia.org]. The interesting thing is that once the one time pad is securely created and delivered, the locality is then longer restricted, the " can then be used to send a perfectly secure message" from TFA can then be anywhere.
But from a security point of view, this is nice, but a major part of security holes don't come from technology, they come from personnel and the ability to trick people. Unless you completely restrict the physical location of the people, information encrypted this "perfect" technology still falls prey to human foibles. As stated in TFA " theoretical security is not the same as practical security"
Re: (Score:2)
I think we are getting to the point of over-emphasizing that fact, as if cryptography were unimportant. OK, this might not show up in Outlook Express. But there really ARE important applications for secure wireless transmissions, and there really ARE extremely professional and well-funded researchers on the "other side" who will use ever
Re:nonlocal results and human weak links (Score:4, Interesting)
If you look at WWII and the Cold War, cryptography was tremendously important.
It was even more important in WWI. The Germans had submarine warfare, and there was no sonar, making subs pretty much invincible. Germany also had a strong surface fleet. They succeeded in driving the Allied fleet out of the North Sea. They could have owned the entire ocean, cut off all trade and resupply of the Allies, taken Europe and then Britain, and then by degrees the rest of the world.*
But the British had captured a German codebook and were using it to track subs and ships, made easier by the German practice of daily radio communications (admiralties being groups of control freaks with politically motivated bosses, they tended to be clingy that way.) They still considered the North Sea dangerous, but were able to maintain a blockade by patrolling the Channel and the North Atlantic.
* - It's likely they wouldn't have had to "take" the U.S.; we at the time were isolationist and neutral, and in fact had welcomed a German submarine as heroes when she ran under the British blockade to get supplies from us. They used their biggest sub and gutted it for the trip, but the effectiveness was minimal so they never tried it again. The point is, if the British hadn't had control of the ocean, the Germans could have been trading with the world's prime source of natural resources all along while they were knocking down one nation after another, and America would have fed Germany right up until the moment Germany turned on America. Instead, the Germans got desperate, started attacking civilian vessels, sunk the Lusitania, disgusted us all, and put America on the side of the Allies, though it would be some time before we did more than supply them.
Re: (Score:2)
WWI was not about Hitler Germany or anything. It was basically a war between countries to see who could grab the most riches and colonies - at least as far as I can tell from the little history I got about it. If you look at the history between the US and the UK at that time, I would not think it strange that German subs were considered heroes.
My history is not that good, but I know you have to look at facts like these from the perspective at that time. Not the current perspective, let alone the perspective
Re: (Score:3, Insightful)
I think we are getting to the point of over-emphasizing that fact, as if cryptography were unimportant. OK, this might not show up in Outlook Express. But there really ARE important applications for secure wireless transmissions, and there really ARE extremely professional and well-funded researchers on the "other side" who will use every algorithmic trick in the book to crack them. If you look at WWII and the Cold War, cryptography was tremendously important. Even the cryptographic attacks on "everyday" technologies like WiFi and ATMs available to the average script kiddie are quite impressive. So I wouldn't be too blase about cryptography not being the weak link.
The best part is that both weaknesses were used to break the Enigma cipher. They first exploited weaknesses in the cipher itself (letters couldn't be encrypted to themselves) and then weaknesses in the operators (the lazy Nazi would frequently choose Der Fuhrer's birthday for his cipher).
Re: (Score:2)
Also, it has to be said that the main reason cryptography is getting less emphasis as the weak link is the dramatic advance made in cryptography over the last few decades. It's not becoming less important, it's just become better. Since we get to the point where nobody could feasibly use an algorithmic brute-force attack against properly used household cryptography (OpenGPG), non-cryptographic attack vectors like social engineering or vir
Re: (Score:2)
" theoretical security is not the same as practical security"
Not to mention Applied security. This kind of encryption is nice in theory but how long until its deployable?
But I get your point, technology only goes so far when you get people who don't know what a phishing attempt is, and/or leave their password on a post it on their monitor.
Hmm... (Score:5, Funny)
On the plus side, this will finally provide a way for Bob to prove to Alice's satisfaction that he isn't with Eve, and Alice will be able to demonstrate the same about Mallory. Bliss through superior quantum physics!
Re: (Score:2)
Re: (Score:2)
There are lots of ways to induce delta T. iTunes, as an example.
Or in actuality, playing with the MPLS tables.
Heaven help you if you're on WiFi and move out of the zone. You are so screwed.
Re: (Score:2)
On the plus side, this will finally provide a way for Bob to prove to Alice's satisfaction that he isn't with Eve, and Alice will be able to demonstrate the same about Mallory. Bliss through superior quantum physics!
Yes as they let out a simultaneously blissful sigh of relief that Bob doesn't suspect that Eve is with Alice, and Alice doesn't suspect that Mal is with Bob.
general relativity destroys the security (Score:5, Interesting)
this only works in a perfectly flat space-time, if unknown or changing (known or caused by hostile party) curvatures are present the whole thing falls apart
Re: (Score:2)
this only works in a perfectly flat space-time, if unknown or changing (known or caused by hostile party) curvatures are present the whole thing falls apart
You beat me to it. Yes, it's hard to see how this particular method would be useful on Earth. Of course, the research results are academically interesting even if there is no (immediate) practical application.
Re: (Score:2)
"Yes, it's hard to see how this particular method would be useful on Earth."
If I was a drug dealer, I would like to know that the cell tower I'm talking through is inside the FBI car behind me.
Re: (Score:1)
Do not be like Aiken, who used the subjunctive mood improperly. "If I was invisible".
In the subjunctive mood, where we are talking about things which are not true, we use "were" instead of "was".
Re: (Score:2)
"Yes, it's hard to see how this particular method would be useful on Earth."
If I was a drug dealer, I would like to know that the cell tower I'm talking through is inside the FBI car behind me.
The surface of the Earth is a rotating, accelerating reference frame located in several gravity wells (Earth's, the Moon's and the Sun's). Hence the proposed mechanism would not work with any transmitter/receiver combination located on Earth.
Re: (Score:2)
It's impractical where distance is involved, but could eliminate man-in-the-middle attacks at very short distances, say within a single interface between two separately secured networks.
You'd have to have a chunk of neutronium to warp space enough to make that go out of skew on't treadle.
Re: (Score:2)
Unexpected curvature would make the travel path longer, which would make it slower, which would be detected by the system as an insecure connection.
Re: (Score:2)
no. it's still the fastest possible travel path, a space-time geodesic.
Elderly scientist say something is impossible? (Score:1)
Requires zero latency (Score:2)
It would never work that perfectly in practice – at least not on the internet, definitely – because the latency on the internet is much too large. The time taken for a packet to travel from point A to point B is nowhere remotely close to the time it would take at the speed of light with no latency.
Eve's always been a trouble maker. (Score:3, Funny)
I'm concerned that this Eve [wikipedia.org] character keeps causing trouble. First for Adam, now Alice and Bob.
Re: (Score:2)
But the fucks like a goddess! And everyone knows it. Unfortunately she never uses contraceptives. Which nobody knows. ;))
This explains why she’s the mother of every human ever.
iTunes, now with qubits. (Score:2)
Re: (Score:2)
Are you even the same Kilgore Trout who I remember from ages past? He was delightfully trollish and clever. You seem to merely crack dumb one-liners.
Quibble (Score:2)
The technique is based on triangulation. Alice uses several transmitters to send messages to Bob who returns them immediately at the speed of light. If the return arrives within a certain time period, Alice can be certain that Bob is where he says he is
Alice can be certain that the repeaters are where they say they are.
But Bob could be elsewhere - and his personal responses to these messages won't be - can't be - instantaneous.
What about lasers? (Score:2)
Re: (Score:2)
Stimulated emission is not perfect cloning. The monkey wrench which prevents lasers from violating the no-cloning rule is the non-zero probability of spontaneous emission. See this paper:
Experimental Quantum Cloning of Single Photons [ucsb.edu]
Although perfect copying of unknown quantum systems is forbidden by the laws of quantum mechanics, approximate cloning is possible. A natural way of realizing quantum cloning of photons is by stimulated emission. In this context, the fundamental quantum limit to the quality o
Re: (Score:2)
non-zero probability of spontaneous emission
Ok, that makes sense. Thanks.
Easy solution: (Score:2)
Intentionally read ALL quantum encrypted transmissions, thereby making it impossible to use it, and forcing people to traditional channels. Then crack them. The traditional ways.
Or: After Bob received the message, just call him, tell him you are the new admin, and they did not give you the password yet, but you were told to install $somethingBobReallyWants on his computer. So if he could kindly give him the password... ;)
One small problem... (Score:2)
the location is specific to 500 miles around. ;)
Re: (Score:2)
Re: (Score:2)
It is certainly possible to prove something secure from a mathematical point of view. Since mathematics is more or less self contained, that's all right. Unfortunately, the real world isn't. So then you have all sorts of things to factor in:
- errors in the assumptions
- setups to avoid detection errors
- side channel attacks on the detectors and transmitters
- insecurities of the complete protocol
- insecurities of the overal system
- human errors
etc. etc.
The problem with quantum crypto always has been that the
No, *not* proved secure. (Score:4, Interesting)
From TFA:
So how did the summary conclude "proved secure" from that?
Who the hell comes up with those algorithms? (Score:2)
At least they didn't prove its security. It works if, and only if conventional quantum cryptography works, what means, it doesn't work at all.
Let me prove it is not secure:
Sphere (Score:1)
Technically speaking, isn't there a sphere of locations that would all be the same light-distance from the message sender? (I'm picturing an equilateral triangle here.) I don't know how you'd read the qubits to know the distance, but if you could, maybe you could position yourself at one of those equal points and thus be the right distance (and time) away.
Exciting news (Score:3, Informative)
There are two things about this publication that make it remarkable.
1. This is a new useful information processing primitive that is only possible to do quantum, not in any classical information processing (the paper [arxiv.org] cites impossibility proof in classical domain). There's just a handful such quantum primitives known today (e.g., QKD, Shor's algorithm), so discovering one more is a great deal.
2. It is practically implementable with today's quantum crypto hardware. In fact, I expect any lab that has a working free-space QKD system can be working on an experimental demonstration of location-restricted QKD right now. It may just take some software rewriting and a couple extra wi-fi links to assemble a full 2D-location QKD scheme.
To be fair I must mention that the location primitive has been published two months ago [arxiv.org] by R. Malaney from Australia. However, his version was more difficult to implement (although also doable with today's experimental techniques), and notably it lacked QKD functionality. Now with this publication the scheme is complete and is even supplied with a security proof. My applauds to the authors.