Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Encryption Security Science

Single-Photon LED: Key To Uncrackable Encryption? 228

nut writes: "The BBC are carrying this story of new type of LED so precise that it can emit just one photon of light each time it is switched on. It has been developed by scientists from Toshiba Research Limited and the University of Cambridge. It is described in the journal Science, although I can find no mention of it on their website. One of the applications of this is supposedly uncrackable encryption, due to the law of indeterminacy. This application is described fully in 'The Code Book', by Simon Singh, although the method was only theoretical at the time the book was first published."
This discussion has been archived. No new comments can be posted.

Single-Photon LED: Key To Uncrackable Encryption?

Comments Filter:
  • Glowing (Score:1, Offtopic)

    by Renraku ( 518261 )
    If you had an entire array of these single-photon lights, couldn't it add an eerie glow to an object? Hopefully we can nanoscale these LED's and make things glow eerily.
    • There is absolutely no way, even if you had a MASSIVE array of them, that you could observe the light emitted by these LEDs with the naked eye. A standard LED emits many millions upon millions of photons every second, whilst these only emit a single one.
      • Re:Glowing (Score:2, Informative)

        by QuMa ( 19440 )
        Actually, under the right circumstances the human eye can detect a single photon. However, due to the preprocessing done by the brain this signal doesn't actually reach any conscious part of your brain (for lack of better terms). But you don't need that many photon's, 10 or 20 should be perfectly detectable [iastate.edu] under the right circumstances.
  • So I guess these things aren't for flash lights :)
  • by anotherone ( 132088 ) on Thursday December 13, 2001 @07:18PM (#2701690)
    All that I want to know is how exactly they know that it's only emitting one photon.

    And as far as I can tell, this is only a silly little theory. So far they've figured out how to emit one photon, but they don't know how to read it. I'm sure that this is gonna be HUGE...

    • You could {turning logic}, but it would be nearly as slow as Windows XP {MSCE bait}
    • Dammit I blinked. Hey Bill reset the machine, let's try again, I'm sure I'll see it this time. Dammit, I keep blinking and missing the photon.
    • Well, it's not *that* difficult.

      You input energy X, enough to account for a single photon and circuit inefficiencies.

      Where X isn't enough energy for more than one photon.

      The problem with the detector is that it's possible to build detectors that register single photons, it just requires that someone builds one, and that shouldn't be impossible either. It's a function of creating an optic trap akin to a waveguide and lens such that the single photon has to fall into a set of paths which is appropriately matched with a CCD able to register single photons.
    • So far they've figured out how to emit one photon, but they don't know how to read it.

      Andrew Shields and others released a paper [cam.ac.uk] last year on possible use of normal FET technology in conjunction with a layer of "nanometer-sized quantum dots" for the detection of a single photon. I'm not sure that the method he demonstrates there could be adapted to commercial scale crypto, but it certainly seems to be a possibility.

      I'm no expert, and Shields' comments on problems of attenuation in fiber transmitters may render the unique selling point of quantum crypto (that snooping can be detected) moot, but it still looks very promising for such a young idea.

  • by Anonymous Coward
    The article is unfortunately a little light on details. The application of these devices seems to be for sharing key material for an OTP. Seems that it could be considerably more practical than the quantum entanglement of particles methods previously discussed.
  • . First they build the Super-kamakamode[sic] that can detect a single photon, and now they have ablity to emit them one at a time to! [theonion.com]

    And that doesn't even get into their cool anime and hot women [autopr0n.com].

    But seriously, this is going to require a bit of work before it's totally practical for mass usage, right now they would have to use a huge photomultiplier tube in order to actually sense a single photon. I think it'll be a while before CCD or CMOS light detection is that good...

    Or hey, maybe we'll all go back to vacuum tube computers :P
  • Isn't that what they say about every encryption method when it comes out?
    • But quantum crypto is proven to be uncrackable. Just like one-time-pad.
      • More accurately (Score:2, Informative)

        by parc ( 25467 )
        More accurately, Quantum encryption IS OTP. The quantum part comes in when you generated the pad.
      • What's your definition of proven?

        Considering quantum cryptography is still theory, and there have been no repeatable experiments that prove that cracking it is not possible, a more accurate statement would be "quantum cryptology, by today's understanding of quantum physics, would be uncrackable."

        It's very hard to prove that something is not possible. Especially something that has only existed in theory.

    • No, they say it is very hard to crack. Quantum encryption is backed by physics, not a complex algorithm.
    • no (Score:2, Informative)

      by Anonymous Coward
      No one ever said DES is uncrackable. No one (intelligente) has said, nor will ever say, that the new AES is uncrackable. No one (intelligent) has said, nor will ever say, that public-key cryptography is uncrackable. They will say the computations to crack them are "intractable", but not impossible.

      The one-time pad (Vernam cipher), however, is uncrackable. It has been used very heavily since it was first introduced (1917) and, beyond being arguably the simplest automated cipher ever devised, is still being proven to be completely 100% uncrackable. Unfortunately, since the key lengths are at least as long as the message, and the keys can only be used once, exchanging keys can be a bit burdensome. Quantum cryptography is basically concerned with ways of exchanging pads securely. If our current understanding of the Heisenburg principle is correct, then current quantum cryptography (in combination with OTP's) is 100% uncrackable.

      The failures of previous ciphers, especially public-key ones, is due to underestimating the difficulty (or "intractability") of certain computational tasks, but no one would have ever claimed that they were COMPLETELY secure, just secure ENOUGH. The Vernam cipher does not rely on computation (beyond addition mod 2), and is completely uncrackable.

  • by Dirtside ( 91468 ) on Thursday December 13, 2001 @07:21PM (#2701710) Journal
    Man, I wish we could just set our nation's resource distribution slider to 100% for technology for, like, a week. Then we'd have all this great new tech to mess around with!

    Of course, we'd have to switch the slider back to 100% social for a couple weeks to quell the riots that resulted in a week of no police, social services, or law. But... nifty new toys!
    • Well, considering our current situation in Afganistan and the number of cities in the United States, I would switch the government of the US to Communism first (accepting the 5 or so years of anarchy since we're not a very religious people). This would allow us to better handle corruption and place us in a very strong military position. You won't need to to put the social slider to 100 if you can obtain through trade or conquest more luxury items. I hear Afghanistan is chock full of dies and gems. We'll be set.

      Wanna trade world maps?
  • Are they referring to the Heisenberg Uncertainty Principle [uoregon.edu]? What is the law of indeterminacy??
    • I was gunna publish a law - but I couldnt determine what it should be about.
    • by karlm ( 158591 ) on Friday December 14, 2001 @07:19AM (#2703486) Homepage
      What is the sound of one photon clapping? (Read below about the double slit experiment if you don't get it.) I also put a little bit about the crypto applications at the bottom of this post.

      Look up "Schrodinger's Cat" at everything2 or google. Prepare to have your head explode. It sounds like the physacists have been reading too much zen.

      There are a few ways I like to explain it:
      Q: does a tree falling in the forest make any sound if nobody's there to hear it?
      A: The tree doesn't fall in the forest, but also doesn't not-fall in the forest if nobody's there to hear it.
      It's almost as if God is lazy and doesn't figure out what's going on all over the universe until someone checks to see what happened. Most of the time, there's enough watching going on that things happen normally. However, if you set up experiments to be isoled and unobservable enough, strange things happen and you can catch God being lazy.

      In the world of quantum, thing can be in a state of quantum superposition. Schrodinger made up a little story to explain the idea. Suppose you are about to keep things from disturbing a cat in a sealed box. And suppose you were able to isolate the Cat from observation. And suppose that you were to place a radioactive source in the box and a time and some poison, such that if the radioactive source underwent decay within a certain ammount of time, the poison would be released, killing the cat. Forget for the moment that we can only achieve this kind of isolation on very small scales.

      Now, according to quatum mechanics, the cat's state of being alive or dead is entangled with the state of decay of the radioactive source. The really wierd thing is that the way things work in the quantum world, the radioactive source has both decayed and not decayed. It's a quantum supoerposition. Due to the entanglement, this means that the cat is both dead and not dead at the same time. Only when you observe the contents of the box does the superposition collapse into a definate state. So, as soon as you open the box and look at the cat it has either been hungry for the past hour or dead for the past hour. One second earlier, it has actually been both hungry and dead. It's really goofy. Supposedly Schrodinger later wished he had picked a better story, but now we're stuck with Schrodinger's demented story of a quantum entangled cat.

      This is really how things work in the world of quantum... kinda.

      The way Feignman (sp?) describes this phenomenon in his book "QED" is through a variation on the classic double slit experiment. In the double slit experiment, you have a monochromatic light source (all of the photons have the same wavelength), and a barrier with two slits in it. Due to the wave properties of all particles*, including photons, the "light waves" go through the split, and come out the other side as two sets of waves that create an interference pattern. In come places the waves line up and create double-bright spots, and other places the waves are 180 degrees out of phase and absolutely no light arrives. Suppose you were to try this experiment with single photon emitter instead of the continous light source, and throw in a way to make sure the photon goes through one of the two slits and is directed toward your photodetector. Obviously the photon goes through one slit or the other, not both. Unfortunately, in this case the obvious is wrong. If you put a photodetector at a point where the photons comming from the two slits cancel eachother out, you find that the single photon somehow goes through both slits simultaneously and cancels itself out! This is strange to say the least. Suppose then you decide to investigate further by taking a detector that will detect if a single particle has passed through it, but not block the single particle. Such detectors supposedly exist. You find that half the time the photon goes through the slit you're watching and half the time it goes through the other slit, bit it always arrives at the far detector. So, ths photon never arrives if you don't check which slit it went though, but if you check which slit it went though, it always arrives. The photon acts diferently when you watch it! I think the example makes more sense if it's described with an electron, since electrons can be attracted to the detector. Feignman may have actually used an electron is his example. It's been a few years since I read QED.

      The standard way to interperet this whole thing is that the particle is in a superposition of going left and going right unless you force it to be in one state or the other by measuring it.

      The whole crypto aspect comes in when you devise schemes where there are two ways of measuring something. If you measure in one way, you get the right answer, if you measure in the other way, you get complete garbage. The most practical way to do this is with the polarization of a single photon. If you send a photon in a calcite crystal, it takes one path if it's polarized along the crystal grain, and another path is it's polarised perpendicular ot the crystal grain. If the photon comes in polarized 45 degrees to the crystal grain, it has a 50% chance of comming out in either spot. You put a detector at each spot and see which way the photon came out in order to detect polarity. You use this to do secure key exchange in the following way: the sender randomly picks to send each photon polarized in one of four orientations (vertically, hozontally, and two ways diagonally.) For each photon, the reciever randomly decides to orient his detector rectilinearly or diagonally. After measuring each photon, the reciever tells the sender which of the two detector orientations he used. The sender then tells the reciever which of the two detector orientations should have been used. The correct orientation reads the polarization correctly, the wrong orientation is 45 degrees to the photon's polarization and spits out complete garbage. Since you can's split a photon, you need to measure it one way or the other, not both. After the sender and reciever have talked about the detector orientations, they know which bits were received correctly and use those bits as an encryption key (probably in something like a one-time pad). Note that an attacher can bug the line and observe the photons, but in doing so his calcite crystal ends up aligning the polrization of the photon to be consistant with the measurement. An attacker needs to keep transmitting bits to the reciever, but half the time he's reading garbage bits and re-transmitting garbage bits. The sender and reciever will notice when 25% of their key bits are incorrect and know that they're being snooped on.

      * I had to calculate the wavelength of a flying golfball once (thank you MIT freshman physics). The wavelength of any particle is a constant times one over the momentum of the particle. A golf ball has a hell of a lot smaller wavelength than any observed photon, due to the extremely small ammount of momentum carried by any routinely occuring photon seen on Earth.

      • You've made a couple of mistakes in your post. Although it's really cool to learn about Schrodinger's cat in freshman physics, once you get into the math of it, it's not quite as it seems. When physicists started examining quantum behaviour, they started with a certain frame of reference. Two very basic concepts in this frame of reference are the particle, and the wave. Light had been "proven" to be a wave phenomenon many years earlier by refraction experiments. However, all attempts to detect the medium through which it moved were in vain (see esp. Michelson & Morley). Einstein's work on the photoelectric effect (which earned him his Nobel Prize) "proved" that light was a particle phenomenon - light was composed of photons. The sometimes-particle-sometimes-wave nature of light is referred to as particle wave duality. Duality was also observed in other seemingly self-contradictory experiments (e.g. the oft-quoted double slit experiment).

        In introductory physics, this is where they tell you that light is a particle and a wave, then about Schrodingers Cat, and about Heisenberg uncertainty (the more exactly you know the position of a particle, the less exactly you know its momentum, and analogous relationships with wavelength, etc).

        Wow!, say all the young physics students. The world is inherently unknowable! Take /that/, determinists!

        Sadly, the young physics students do not understand. The paradoxes "explained" by the above arise from the fact that a photon is /not/ a particle. It is also /not/ a wave. It's something else. But it's really useful to describe as a particle - sometimes. Other times, it's useful to describe it as a wave. We have reams and reams of equations and theorems to deal with particles and waves, so when we can model a photon as one of them, life is easy. However, since both the wave model and the particle model are inherently wrong, if you set up an experiment properly, you can produce what seems to be a paradox. Heisenberg uncertainty merely describes the breakdown of the two models mathematically. Schrodinger's Cat is an /analogy/ only - it describes a phenomenon that only applies to things like photons and electrons.

        Interestingly, once you measure a particle/wave, you change it - since it is impossible to measure something without interacting with it. The first explanation most people hear is that when you measure a photon as a particle, there's something about a waveform collapsing, and it "becomes" a particle. This is easy to understand, but is, unfortunately, pure rubbish. If you measure it as a particle, you will get some results that are consistent with it being a particle, and you will change something about it. That's all.

        So to get to the encryption (although I'm sure this is already (-oo, offtopic)) here's how it works: find a particle that will change in some way measurable if snooped on. Have the sender and receiver each come up with a random sequence (polarizations). Using your photons, find the common choices in the random number streams. Now - if the photon is snooped on, (measured too early) you can tell. Even if you don't notice the snooping, unless the snooper picked the same sequence of common choices, (s)he's left with nothing. And that's the end of my post.

    • by epepke ( 462220 )

      Many people confuse the Heisenberg Uncertainty Principle with quantum entanglement. They're both part of QM, but they aren't the same view of the universe. You could be picky and say that the Uncertainty Principle is an obvious result of basic quantum principles, but it's also the result of some numbers that describe the way our universe is scaled. Anyway, it doesn't say the same thing in the same way.

  • Hmm... I wonder what color that photon is? How can they send a single photon through a fibre optic cable and not loose it and still be able to detect it?
  • Yeah, so we have the law of indeterminacy preventing encryption cracking, blah, blah blah.

    But if we are going to consider laws of quantum mechanics, we only have a finite (less than 100%) chance of detecting the photon. So the LED will have to emmit multiple photon so there is a 100% chance of detection.

    But then the indeterminacy law breaks down, doesn't it?
  • This is certainly an astounding development in the field of photonics. Maybe now we can all get rid of programs like PGP that leave us vulnerable to government backdoors and move to some real encryption. Quantum encryption, by its very nature, is unbreakable. I thought that I would barely live to see its advent, but now with this it looks like it could be just around the corner.

    However, one has to wonder what kind of restrictions that will be placed on this. What would you be able to do with unbreakable encryption? Share information on human rights abuses with your friends? How about plan the destruction of a high-profile government building?

    The point is, it's time to show a little responsibility in the academic community. Just like the scientists who go ahead with playing God with stem cells before the ethical ramifications have been fully explored, these researchers have unleashed an unholy nightmare on the world that won't be fully realized until it's too late. It's bad enough that al-Qaida used GPG to communicate and coordinate their plans to commit atrocities agianst the US, but how much safer would you feel knowing that now not even the NSA can decypher their communications? Or even intercept them? It sets a dangerous precedent, and I think they ought to fully understand what they are bringing about before they actually release a prototype.

    • I was not aware that PGP had a backdoor. Who discovered this? There may be many even be loopholes with open source encryptian packages that are only known to some mathmaticians in the U.S. government. I don't think you can ever have 100% security with encryption.
    • I agree that sioe scientists should think a little more about the social ramificactions of a technology before it is fully developed, but in this case, they are not doing much more harm than the cipher writers of centuries ago did when those codes were "un-breakable".

      The problem is that breakable codes can work against us as much as they work for us. If a top general was sending plans about where they were going to look for members of the al-Qaida network next, I would want them to send it using a truly un-breakable. We have face the fact that people can transfer information in a fashion that does not allow any one else to find out what was transfered. There are many covert channels (stenography) that the al-Qaida network uses that are already very difficult to de-crypt.

    • by RoninM ( 105723 ) on Thursday December 13, 2001 @08:10PM (#2701952) Journal
      Well said! I've been lobbying Congress for years to ban all forms of person-to-person interpersonal communication, including encrypted forms. Most Congressmen, are blissfully unaware of the inherent danger in whispering and face-to-face communication in secluded areas, and refuse to place the proper restrictions upon its use until we can more thoroughly investigate the ethical (read: political) ramifications! I hope, anyway, that it's just naïveté. One Senator, who shall remain nameless, seemed to agree with my viewpoint, but wanted to meet in private to discuss it! If that's not proof of the anti-American corruption that plagues our government, nothing is! Needless to say, I turned down his offer, but I won't judge him for his evil actions. Everyone knows the government rules by divine right, and God works in mysterious ways.

      Now just imagine the ramifications of allowing secure encryption! What if Osama bin Laden had one of these terminals hooked up in his cave? Instead of using letters and his international installation of terrorists to securely transmit instructions face-to-face, he could have IM'd them! We MUST stop this trend towards privacy and technological innovation if we are going to continue to lead the world in human rights and technological innovations into the future!

    • I'm sorry, I must say that for once scientists have charged ahead and decided that stem cell research is for the benefit of all humanity, and should be applauded! After the fucked up things scientists have given us (the nuke, et al) it's good that something which acts at the fundamental, medical level - not just a new toy - is being taken seriously enough that those with the knowledge are willing to risk going to jail to bring it to us.

      "Ethical" ramifications are never hashed out. People just argue ad infinitum. How long, exactly, would you say they should wait? Until either everyone on earth shares the same religion or there is no religion anywhere? Until everyone is in exactly the same sociopolitical caste and there's no racism, so everyone agrees? Dream on. Stem cell research will do more to improve the lives of humans than anything prior. Just give it time to become available to everyone. Not developing it won't make anyone's life better. So why wait?

  • I tried "law +of indeterminacy" encryption [google.com] and other combinations on google, but it all came up blank. Does anyone have a link describing how to use this for encryption?
    • The single photon led would not be used for encryption per se.
      It would make the link between 2 points secure because the stream couldn't be read without the receiver knowing that the stream had been tampered with.
  • ...next we'll have single-neuron Slashdot posters.

    Look, the future is now!
  • I remember seeing a documentary on someone who managed to teleport a photon using entanglement. While I'm sure the equipment/setup/everything is much more expensive, it could theoretically provide an even better method of secure communication. While you might not be able to listen in without diverting the photon from its destination, it is possible to stop the photon period (also as one poster already mentioned, you can't allow for a perfect world, so its always possible for photons to be dropped [or appear to be dropped] requiring another photon to be sent out, and thus making the system again insecure).
  • Physics kooks annoy me. They do. The Alexander Abians, the Time Cube guys, all of em have always bugged me. They've always had the feel of someone who feels themselves too smart to actually do the research to understand something.

    So the fact that I hold tremendous doubt in something the physics gurus all take for granted *really* bugs me.

    But, I'm telling you. Sooner or later the guys pushing quantum entanglement(*nervous twitch* spatial PRNG *nervous twitch*) will meet up with the guys working on quantum encryption, have some kind of matter/anti-matter postulate collision, and I'll have this big goofy smile on my face.

    I'm telling ya, neither work particularly well by themselves, but in the context of the other, both Quantum Crypto(states can't be copied) and Quantum Entanglement(states can be copied, at FTL no less) are completely borked. It's the only kook conviction I haven't been able to shake, and you'll have to email me personally if you want to suffer through my full kook reasoning on it(you can probably guess what it is). But I'm telling ya: Next few years, possibilities are getting shuffled.

    Yours Truly,

    Dan Kaminsky
    DoxPara Research
    • Regrettably, quantum intrusion detection (as this isn't really encryption) and quantum entanglement correspond to "states can't be undetectably read (and subsequently re-created and sent onward)" and "states can change at a distance, but not meaningfully at FTL speeds".

      When stated more properly, it can be seen that there are no conflicts, and one isn't going to "save" us from the other. Quantum intrusion detection depends on the uncopyability of certain states (else the intruder could recreate the photon and send it along undetectably). Quantum entanglement has other significant limitations, which ban any form of communication whatsoever at FTL speeds, and make it impracticably difficult to use it in any significant way otherwise.

      Keep on kookin'. Reading the Slashdot headline takes on particle physics will definately assist in that endeavor.
      • Re:Still Waiting (Score:5, Insightful)

        by Effugas ( 2378 ) on Friday December 14, 2001 @12:29AM (#2702908) Homepage
        I have no desire to keep on kooking. :-) That I am utterly convinced of something I cannot adequately argue is driving me *hard* to learn the necessary physics to address the topic reasonably.

        But I'll do a braindump, if only to see your reaction. Warning: Unbridled speculation based off a single plausible postulate follows.

        It's an interesting corrolary from crypto research that you can never be entirely sure a data source is truly entropic, as opposed to the output of even an adequately designed pseudo-random number generator. (Take a look at RC4 -- something that takes that little code to implement could certainly exist as a style of equation for atomic and subatomic scale apparently entropic output.)

        Knowing that one of the least understood but most significant errors in cryptography would be utterly unknown in any other field of research lends some credence to my thinking that at least some supposedly entropic processes are really pseudoentropic. It's not that I think physics people are "morons", like one person mailed me. By the contrary, they're some of the brightest people around. I just think they're underestimating the degree to which psuedoentropy, defined as a stream of "provably random" data derived from a single seed value, can mask actual entropy. GIGO, and all that.

        That being said, that I'm only slightly familiar with the apparently disproved "hidden numbers" theory that believes it directly addresses this line of thought has given me a great deal of humility. My hope is that the argument against hidden numbers tends to focus on easily detectable randomizers and is overapplied to higher level processes.

        Both Quantum Intrusion Detection and Quantum Entanglement, of course, make quite a bit of sense with a PRNG in place. Of course two particles can get entangled; if both can be forged with the same seed, they'll vary with exactly matched entropy. (We use this exact property when we use RC4 as an encryption system: By XORing against matched entropy, a sender can transmit to a receiver using what is indistinguishable from pure noise to anyone without the seed value.) But what would the "seed" be? Surely not position and velocity, even if it is tempting to discretize by Planck Length. I nominate direction, defined as degree of relative dimensional translation, but then I don't have much of a place to nominate anything :-)

        Whatever the seed value might be, once two particles match in any way, any subsequent measurements of both relative to eachother would tend to be uncomfortably related, even if analyzing each bitstream directly would evidence perfect entropy. And that's what we find from what little I know about the entanglement experiments. (Why yes, I'm throwing doubt on my own words to prevent other people from kooking out on my own gnawing musings.)

        As for Quantum Intrusion Detection, a correction that makes perfect sense, the presumption is that it's impossible to duplicate the seed values that give rise to the sender/receiver relationships. But entanglement is all about duplication of seed values, as for that matter is photon transmission through a non-vacuum. You can't hide the fact that states are related by simply saying that entanglement implies "states may change". Spins aren't just changing; they're changing in a manner predictable to one another. If that's possible, it's difficult to out-of-hand conclude that a supposedly intrusion-proof photon couldn't itself be split, and have its entangled partner measured upon the original having its state set. You could claim the newly split pair couldn't possibly have the same seed value -- but that's more of a technological challenge than anything else. Especially if direction is a seed value, four ninety-degree bounces would equalize direction.

        There's other stuff on my mind(most notably, some annoyance with the anthropomorphized concept of "observation" and "measurement" that could be abused to presume that the "observation" of dinosaur bones sent a signal sixty-five million years previous to establish the birth and death of dinosaurs in general and that specimen in particular), but I think I'll stop playing public kook for now. :-)

        Yours Truly,

        Dan Kaminsky
        DoxPara Research
        • Your clarification was helpful. (High praise from me, esp. while wearing my Slashdot hat.)

          I poked around a bit on the net and HVT is still up for debate in some physicist circles. It's not well respected, but I don't know that we could call the case closed.

          I'd still stick with my gut, that even if hidden variables exist that explain this stuff, we're not going to be able to access them, but when it comes to physics, I'm not into dogma.

          Your post was stimulating. (And of course the "Intrusion Detection" bit I think is general, not aimed specifically at you... yes, technically thats in the cryptography domain but most people read too much into the word "cryptography".)
          • Jerf:

            Your respect is much appreciated. I'm maintaining a healthy amount of doubt in my own ideas, so I do appreciate a bit of respect in them from those who know quite a bit more of the nuts and bolts than I.

            I see the hidden variables(or spatial PRNG seeds, or whatever) as being useful in the sort of way chemistry operates: Useless for individual predictions, but critical for larger scale operations and cleaning up some unparsimonious nastiness(like asymptotic data transmission rates; see my other reply to this thread).

            Quantum Intrusion Detection actually bugs me more than entanglement. I actually believe two particles can be made related over some distance(my quibble is that their entropy itself was made related, thus obviating the need for a message to be sent between them). Proving a negative -- that it's conceptually impossible to duplicate some data stream -- is alot tougher, and I sense dangerous levels of overconfidence on the matter.

            Physics is not a field that's particularly compatible with realities of security research. Schneier's analogy of planting a ten foot steel pole in the ground and expecting the enemy to drive right into it isn't something that lends itself well to a realm where entire classes of theory aren't developed because the math is too obscure to work with. "As long as you're concerned about the notes, you can't create music." And as long as you're struggling to get there in the first place, it's impossible to really understand what might go wrong. Airliners were a mature technology long before they were an obsessively safe one.

            I really think we don't know enough about the nature of quantum reality to be making absolute statements of uncrackability. But then, it's easy for me to claim ignorance; I just know the security side, not the physics.

            That's going to change, someday. Hopefully I won't go kooky because of it. (Now *there's* a statement that could seem tremendously ironic in a few years!)

            Cryptography can be a much wider field of inquiry if you let it be. It's actually equal parts psychology and mathematics, for instance.

            Yours Truly,

            Dan Kaminsky
            DoxPara Research
  • by pryan ( 169593 ) on Thursday December 13, 2001 @07:28PM (#2701747) Homepage
    I've been following this technology with great interest. There seems to be a fundamental problem: it is point to point. Its applications will be fairly limited.

    It seems to me, at least in terms of networks, that this would really be used to secure lines between networks, clusters, or individual computers. But on today's public Internet, this isn't really an issue. Of course, I would rather use this technology than to not have lines protected with quantum indeterminism.

    Most security people are more concerned about platform security than link security. If this technology can be used to reinforce something used for platform security, then boo yeah! Otherwise, this is cool, but I'm not going to get a heart condition over it.

    The only platform benefit I see is reducing the need to perform expensive computations to encrypt and decrypt data. Let the link take care of that and thus increase performance. Of course, how many nodes on the Internet only want to talk to their nearest neighbor? And how many routers and such are between them and their nearest neighbor? It might not even be possible to secure the link between a node and its nearest neighbor in most cases.

    I doubt this technology will impact current Internet infrastructure all that much. We'll see.
  • Abstract (Score:3, Informative)

    by Aetrix ( 258562 ) on Thursday December 13, 2001 @07:32PM (#2701777) Homepage

    Here's the Science Magazine Abstract


    Electrically Driven Single Photon Source
    Zhiliang Yuan 1, Beata E. Kardynal 1, R. Mark Stevenson 1, Andrew J. Shields 1,Charlene J. Lobo 2, Ken Cooper 2, Neil S. Beattie 3, David A. Ritchie 2, Michael Pepper 3
    1 Toshiba Research Europe Limited, Cambridge Research Laboratory, 260 Cambridge Science Park, Milton Road, Cambridge, CB4 0WE, UK.
    2 Cavendish Laboratory, University of Cambridge, Madingley Road, Cambridge, CB3 0HE, UK.
    3 Toshiba Research Europe Limited, Cambridge Research Laboratory, 260 Cambridge Science Park, Milton Road, Cambridge, CB4 0WE, UK; Cavendish Laboratory, University of Cambridge, Madingley Road, Cambridge, CB3 0HE, UK.

    Electroluminescence from a single quantum dot within the intrinsic region of a p-i-n junction is demonstrated to act as an electrically driven single photon source. At low injection currents the dot electroluminescence spectrum reveals a single sharp line due to exciton recombination, while another line due to the biexciton emerges at higher current. The second order correlation function of the diode displays anti-bunching under a DC drive current. Single photon emission is stimulated using sub-nanosecond voltage pulses. These results suggest that semiconductor technology can be used to mass-produce a single photon source for applications in quantum information technology.

    -----End Abstract-----

    If anyone has access to Science Online (http://www.sciencemag.org) you can download the PDF reprint at this link: here [sciencemag.org].

  • NOT Uncrackable (Score:5, Informative)

    by MikeyNg ( 88437 ) <mikeyng AT gmail DOT com> on Thursday December 13, 2001 @07:37PM (#2701794) Homepage

    The application refers to its use in quantum cryptography. It doesn't render the encryption process uncrackable, but makes it able to detect that someone is eavesdropping and/or has broken the encryption. With current methods, you can't tell if someone has broken your key and read your message. Using quantum cryptography, you can tell when someone has read your message.

    (It all goes along the lines of you can't observe something without changing it. If someone along the way intercepts the message and observes it, they will change the message and you can detect THAT on the other end.)

    • I have between little and no understanding of quantum anything, so forgive me if I'm off base. Would the encryption method you're describing require the use of quantum computers, or would it be possible on normal binary computers? It would seem to me that in order for this to work, your computer would have to support a bit whose value was undetermined (a qu-bit).
      • Re:NOT Uncrackable (Score:2, Informative)

        by MWright ( 88261 )
        Quantum computing and quantum encryption are two different things. Quantum encryption technically would not even need a computer at all... as long as you have some way of transmitting and receiving photons, and some way to detect them, etc., pen and paper would be enough (though very impractical!)
    • You are mistaken. It is uncrackable. Perhaps not very practical. Read the book.

    • Re:NOT Uncrackable (Score:5, Informative)

      by MWright ( 88261 ) on Thursday December 13, 2001 @08:03PM (#2701920)
      It is uncrackable.

      It does detect if someone is eavesdropping, but it detects it as the key is generated, not when you send the message. Your post implies that you send the message, and can detect if anyone eavesdrops... this is not the case. Two parties use these quantum effects to generate random numbers... they can detect if someone is eavesdropping on this; if someone is, they don't have to use that key (even if someone does try to eavesdrop, it won't work, by the way). Once they have this key, they can use it in One-Time-Pad encryption, which is also uncrackable (see a text on information theory for an explanation about why OTPs are uncrackable).
      • Re:NOT Uncrackable (Score:3, Informative)

        by MikeyNg ( 88437 )

        OK, that makes sense. Take my karma down a couple of notches for being incorrect. At least I *sound* like I know what I'm talking about. :)

        I was just incorrect on the implementation of how you'd use something like this. I can see how using this to generate and "send" OTPs makes it uncrackable. My bad.

    • It's totally crackable, you just have to figure out how to get that half-dead cat in a box spliced into the line correctly first...
  • If this thing gets somewhat more advanced you will eventually become able to use the classic "man in the middle" attack. And since there are no keys involved in the crypto, it will work if you have only a connection to the cable. Sure it will cause some extra errors, as you cannot exactly copy the state of the photons, but that will only lead to the session being restarted, wich will make the mitm attack even simpler.

    I see only 1 advantage of using this over traditional electrical wires, you have to actually break the cable to get to the data, but that is also the case now with fibre-optics, so it really doesn't matter.

    just my thoughts, are they good ones ? ;-)
    • by Anonymous Coward
      When M intercepts the photon burst, he naturally modifies it (Heisenburg) before it reaches B. During the verification stage (which takes place over an unsecured line), A & B have a 0.25 probability per bit of detecting that M was eavesdropping. Thus, for an n-bit message, the probability of detecting M's presence is 1 - (3/4)^n.

      If we replace M with E, things become even more dire. Like B, E will choose the wrong detector half the time, but it will choose the "wrong" half ("wrong" according to the verification stage). For a message of length n, there is thus a 1 - (1/2)^n probability that E will not be able to recover the message.

      Note that quantum cryptography is not meant to be used to send normal plaintext messages. It is meant to be used to transmit one-time-pads. Generally you'd want these one-time-pads millions of bits in length.

      Let's suppose you create a protocol to set up an uncrackable, 100% secure channel between yourself (A) and your friend (B). I (M) am a real bastard and want to annoy you by intercepting your key and having lots of fun. You send your friend a one-time pad with your LED, let's say 1kB (8 kbit) in length. Note that this key is thousands of times smaller than your average key would be, but my calcalutor chokes if I don't use an obscenely small number :).

      There is a 3e-1000 chance of me sitting in the middle without being detected (of course this probability is exponential, so a sanely-sized keywould give me very little hope indeed!). So, you send your friend 1kB and darn! someone was eavesdropping. You'd think your application would alert you at this time ("hey! I can say with literally 100% certainty that someone is eavesdropping!"), but lets say your application is terribly stupid. So, you restart and send another key. Same thing! Another few keys, then a few thousand more, then a few googol keys here and there. Damn! You've been trying to get this channel started for literally billions and billions of eons, and still you can't quite connect because someone's eavesdropping! Determined, you keep on plugging away. Millions of universes have expanded and collapsed by this time, but you still it says someone is eavesdropping!

      Of course the prudent thing to do would be to write your application so that it gives up once there has been found an eavesdropper with *100%* certainty. :)

      Anyway, once you finally get a key sent without a man-in-the-middle, you use that key as a OTP for more conventional uncrackable (no probability involved here!) cipher. Presumably with each message, you'd attach and encipher a new OTP along with it (or just use your LED to exchange a new OTP).

  • It seems as though for this to work we would need fibreoptics that act as "Superconductors" to keep photons from being "Lost" on the way to their destination.
  • If a human constructed it, a human can deconstruct it. That goes for everything, always.
    • by Anonymous Coward
      There seems to be some confusion about how a cipher can be "uncrackable". Let me explain to you the One-Time Pad, an uncrackable cipher.

      Me and my friend have previous shared a secret key, which is a random string of bits, of length 10. Now I wish to send my friend a message, a bitstring which is also of length 10. I take each bit from the key, and add it to the corresponding bit of the plaintext, modulo 2 (think XOR), to generate my ciphertext. e.g. if our key is 1010010101111010 and my plaintext is 1011110110101010, then my ciphertext is 0001100011010000. The key is then destroyed (for high security, it's stored on magnetic tape, then physically burned once used), never to be used again.

      Now, let's say you have intercepted a message from me to my friend. The message is 1100101010000100. The only things you know about the secret key used before are: (1) it has never been used before; (2) it as a random (and uniformly distributed) smattering of 1's and 0's. Now tell me: what was the original message?

      Unless public-key cryptography, it is not prone to "key attacks" (since you have no public key to work with). Unlike other symmetric-key (aka secret-key) cryptosystems, you have no frequency analysis or algorithmic analysis to work with. So long as you don't know any of the bits of the key, it is literally uncrackable, and has been for the past 80 years.

      So, then the question is, how do you and your friend decide on a key? It's not easy. The best way, so far, is to physically go to your friend's house, make sure no one else is around, generate a random bistring, copy it onto two tapes (your friend keeps one; you take the other home), and keep it safe until it's time to use it.

      What quantum cryptography does is lets you send a key to your friend over a long distance. But, do to quantum mechanics, you and your friend will be alerted if someone has intercepted it.

      Nothing's really changed substantially here. It's the same uncrackable cipher that's been uncrackable for the past 80 years. The only difference is that now you can generate keys with your friend over a long distance, without having to drive to his house.

    • While I have no real knowledge to back this up, I'm going to wager that you're wrong about this. I know enough about the quantuum world in very (I repeat: very) layman's terms to know that it's a really freaking messed up world down there.

      The article seems to be indicating that they're relying on the fact that once you start observing systems you inherently change them (Heisenberg (sp?) basically), which gets extraordinarily important on the quantuum level (though not as much on the Newtonian level we're typically mired in). Read about it. I can totally believe they can create an uncrackable crypto system using quantuum principles . . .

  • Hey! Now instead of using my photon light from thinkgeek.com to light my path i can shine it on computer systems and log in or use the different colors on an ATM machine in order to get someone else's money! Not to shabby for only $30!
    My $0.02.
  • I guess David Allen (inventor of the photon light [photonlight.com] ) is kicking himself now because he's been one-upped when it comes to lighting technology!
  • "We need the detection technology for single photons," said Dr Shields. "But most of the other elements are there. It uses standard telecoms cables.

    This sounds like a promising breakthough, although I can't help but wonder how far off in the future the detection technology is. I can claim that I have the key to teleporter technology, object decelerator technology (big, fluffy pillows), but I still need object accelerator technology (a large enough catapult).

    Then again *yawn* this object decelerator technology is so comfy... maybe I'll just take a nap...

  • Man in the middle (Score:2, Interesting)

    by mickonline ( 158719 )
    Surely this doesn't make it properly uncrackable.

    It prevents people from reading the message then passing it on, but not from reading then generating an identical one. Admittedly this is a problem with all mediums, but quantum mechanics aren't the final solution yet.

    • Re:Man in the middle (Score:2, Informative)

      by zuvembi ( 30889 )
      Actually that is incorrect.

      You'll have to look for a description of it, but it is in fact in impossible to eavesdrop and then resend the information. There is a very good description in "The Code Book" by Simon Singh. I'm not sure where else you would look.
  • quantum cryptography + one time cipher = uncrackable

    one time cipher + shared secrets = uncrackable

    AFAIK, these are the only two that are uncrackable. the latter is impractical because of the necessity of a large quantity of pre-shared random ciphers, and the former due to implementation (but not for long it seems).
    • One time pad + anything = uncrackable

      Uncrackable encryption is nothing new; the problem is produicng the large sequences of random data (one time pads) and distributing them securely.

      As the old saying goes, "if you have a secure way to distribute the key (pad), why not use it to distribute the message..?"


      • The old saying is stupid ;-)

        The method to distribute the key may be highly bound to specific points in space-time; that is, one may be able to get a large number of long code books to one's agents by giving them to those agents before they leave for foreign countries but it becomes very difficult to get them coded messages the same way (in person) unless they come back for them. Delivering new such codebooks in person may be possible for future agents as well.
  • by Yodalf ( 83088 ) on Thursday December 13, 2001 @08:12PM (#2701962) Homepage
    What kind of applications will absolutely require this extremely strong crypto?

    With the RIAA, the MPAA, MS's DRM OS and this, I can imagine: the whole collection of Britney Spears works protected by quantum crypto.

    What a waste.

    * shivers *
  • PED, not LED (Score:4, Insightful)

    by SpinyNorman ( 33776 ) on Thursday December 13, 2001 @09:18PM (#2702255)
    IMO a single photon doesn't qualify as "Light".

    Calling that a LED would be like taking something that emitted single H2O molecules and calling it a tap!

    Bah humbug.
  • by pc486 ( 86611 )
    "The Code Book", at least the british version, does describe that this unbreakable quantum encryption actually had several sucessful attempts befor this special LED appeared. I believe it was sucessfully done though the air at up to one mile. I would quote but since I'm moving the book is packed up. If you don't own the book, go buy it. It's a very good read.
  • by Mr_Icon ( 124425 ) on Thursday December 13, 2001 @10:48PM (#2702599) Homepage

    This application is described fully in 'The Code Book', by Simon Singh, although the method was only theoretical at the time the book was first published."

    Uhm... I believe this is wrong. The book was issued in 1999, and it contains this sentence in chapter 8:

    In 1995, researchers at the University of Geneva succeeded in implementing quantum cryptography in an optic fiber that stretched 23 km from Geneva to the town of Nyon.

    Moreover, one paragraph further we see:

    More recently, a group of scientists at Los Alamos National Laboratory in New Mexico has once again begun to experiment with quantum cryptography in the air. Their ultimate aim is to create a quantum cryptographic system that can operate via satellites. If this could be achieved, it would enable absolutely secure global communication. So far the Los Alamos group has succeeded in transmitting a quantum key through air over a distance of 1 km.

    One of us is wrong -- either I'm reading this from an edited version of "the Code Book", although nowhere does it say "second edition", or the original poster needs to re-check his facts.

    • The experiments you cite were proofs of concept. In particular, they could not guarantee that their light source would only emit one photon at a time and hence they had very bad security (if the light source emits two photons, you can capture one and let the other go; the two photons are correlated and you can essentially use the stolen photon to break the protocol.)

  • missed the point? (Score:2, Insightful)

    by kresmoi ( 542683 )
    I have read "The Code Book" but don't have my copy with me, so please correct me if I am wrong. The impression I got from the section on Quantum Cryptography was that single photons would be used to securely transmit a full length random encryption key, where an eavesdropper could be detected and/or avoided. This key could then be used in a type of encryption known as a Vigenere Square, which (according to The Code Book) has been mathematically proven to be unbreakable when used with a full length random key. In this way, the LED in the article could be one component of a truly uncrackable encryption system. You still need a viable means of long range transmission and detection to make it practical though...
  • This SPED (single photon emmiting diode - we may expect this name to become nearly as commonplace as LED one day) also provides a cool way to implement a true random number generator.

    The basic idea is that, as far as we know, the only TRUE source of randomness in nature is the collapse of a quantum wavefunction. Basically, the state of a quantum system is really the superpostion of several "pure" states. When the system is measured (I won't go into what constitutes a "measurement", that's a never-ending debate), this superposition collapses into one of these pure states. Which state this will be is, as far as we can tell, entirely random. Only the probability of each outcome is known in advance. Besides this, all other physical processes seem to be deterministic. So any true randomness in nature must have its origin in the collapse of some wavefunction.

    How do we exploit this? Fire a single photon at a beamsplitter, then measure whether the photon has been transmitted or reflected. The outcome will be random in a true sense, the probability of each outcome will depend on the beamsplitter. But, importantly, there will be no correlation between successive outcomes if the transmission : reflection ratio of the beamsplitter is 1:1. If our two detectors (one for transmission, one for refection) aren't perfect and lose a photon, we can always fire another photon, so this should even work with imperfect detectors, like a CCD.

    This can now be implemented, all we need is a SPED, a beamsplitter and two CCDs. These can all be made pretty small, so might even fit on a chip, and hey presto! You got yourself a little hardware random bit generator. The only problem left is that the thing must be cooled to some pretty low temperaure.

    I've always been of the opinion that a random number generator should be hardware, not software.
  • I have the same reaction to this as I do to the articles about quantum entanglement.

    How the heck are you going to get a single photon to go large distances without getting absorbed? Even in space, if the photon hits a single atom, it will get absorbed, causing an electron to be excited. When the electron "leaps" back to a ground state, emitting a photon, isn't this a new photon?

    I would think that this would lose any previously known polarization. If I'm wrong, please explain how a photon retains its "identity" even after being absorbed.

    Imagine that this isn't in space, but in the atmosphere. Plenty of matter to interfere with long-range transmission of individual photons. Fiber-optic cables? I dunno.

God made the integers; all else is the work of Man. -- Kronecker