First Exploit On Quantum Cryptography Confirmed - Slashdot

Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

×

First Exploit On Quantum Cryptography Confirmed 86

Posted by Soulskill on Saturday June 18, 2011 @12:05PM from the never-trust-the-photons dept.

Vadim Makarov writes "Physics World reports on researchers demonstrating a full eavesdropper on a quantum key distribution link. Unlike conventional exploits for security vulnerabilities that are often just a piece of software, spying on quantum cryptography required a box full of optics and mixed-signal electronics. Details are published in Nature Communications, and as a free preprint. The vulnerability was known before, but this is the first actual working exploit with secret-key recording confirmed. Patching this loophole is in progress. Disclosure: I am one of the researchers who worked on this."

This discussion has been archived. No new comments can be posted.

First Exploit On Quantum Cryptography Confirmed

Search 86 Comments Log In/Create an Account

Comments Filter:

Worth noting (Score:2, Insightful)

by Anonymous Coward writes: on Saturday June 18, 2011 @12:42PM (#36485776)

This is not an exploit of quantum cryptography.
It is an exploit in the implementation of the detectors.
They can't tell the difference between the quantum signal they are supposed to be detecting and a faked signal using classical light pulses. Man-in-the-middle attacks are fairly straightforward for classic light signals since they aren't changed when someone else intercepts them.

Share
twitter facebook
Re:Worth noting (Score:5, Insightful)

by lgw ( 121541 ) writes: on Saturday June 18, 2011 @12:56PM (#36485864) Journal

This is not an exploit of quantum cryptography
It is an exploit in the implementation of the detectors
LDO. People seem in t rush to point this out on every /. crypto story. "This wasn't a problem with the math, but a problem with the implementation". Yes, that's how almost all attacks work. Attackers don't generally go after the strongest link in your cryptosystem, you know.
My silly RSA tokens (2 on them cluttering my keyring now!) are worthless not because the math was bad, but because the attackers found a better avenue of attack. That's not in any way comforting.

Parent Share
twitter facebook
Re:Oh well. (Score:2, Insightful)

by Anonymous Coward writes: on Saturday June 18, 2011 @01:52PM (#36486114)

The problem is there are always implementation details.
The basic design of QC says:
1) Assume that we can build these perfect emitters and detectors
2) Now we've got something that's perfectly secure
It's like saying:
1) Assume I can create an invincible dragon
2) Lets use it to distribute crypto keys
This is not to say s that QC is useless, but rather that it's capabilities are severely overhyped.
To put it another way, these "implementation details" are all part of the "underlying physics". Every piece of physics that gets from a human usable bit on one end to a human usable bit on the other end is "underlying physics".
You may as well claim to have designed the starship enterprise and the call the warp drive "implementation details".
What color to paint the walls... that's an implementation detail. The basic technology to make something work... that's an integral part of the problem.

Parent Share
twitter facebook
Re:Math (Score:5, Insightful)

by gweihir ( 88907 ) writes: on Saturday June 18, 2011 @02:46PM (#36486388)

They are not. Even though this type of BS can be read in the press quite often. Unless you assume we get quantum computers than can hold arbitrarily long entangled state. If we do not have that, just make the RSA key length one single bit longer than the longest entangled state that computations can be done on and the quantum computer is useless. (Dirty secret of quantum computing: You cannot combine calculations on large elements from computations on smaller elements.)
Ad for symmetrical ciphers, brute-forcing with quantum computers requires 2^(n/2) tries instead of 2^n tries. You still have to do each try and you have to model the whole cipher, which requires, e.g. for AES-256 in a known-plaintext-attack (which is the easiest one) to hold 2x128 bits for known plaintext and ciphertext, 256 bit for the key. That is already 512 qbits you need. Then you need to represent AES internal state and do computation. This easily adds another 512 qbits of state. Then you need to do something like 8000 x 2^128 quantum computations, retaining entanglement. As far as I can tell, each of this computation steps will be vastly slower than a conventional step as you need to manipulate the entangled set of qbits from the outside. And you cannot parallelize! Throwing two quantum computers at the same problem takes exactly the same time as when using only one.
We are currently where? 5 entangled bits when actual computations are done on them? After 2 decades of research. This leads me to believe that if they will ever work at all, quantum computers will not be able to crack current crypto for a very, very long time.

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

390 comments32-Hour Workweek for America Proposed by Senator Bernie Sanders
358 commentsWhat Should Happen to Empty Downtown Office Spaces?
340 commentsHacktivism Erupts In Response To Hamas-Israel War
324 comments'Feedback' Is Now Too Harsh. The New Word is 'Feedforward'
248 commentsWorkers are Resisting Calls to Return to Offices

"A car is just a big purse on wheels." -- Johanna Reynolds