http://story.news.yahoo.com/news?tmpl=story&u=/ap/20031116/ap_on_hi_te/unbreakable_codes_1
Is this code using the uncertainty principle? Is there any possible way to break a code like this?
Also isn’t a one-sheet code unbreakable, as long as a sheet is never used more than once and copies of the sheet are not compromised? Would this system be susceptible to a similar thing, the same encryption being used more than once?
As I understand it, the idea of quantum encryption is (in my opinion) misleading. Basically, the idea is that using “the mind-blowing laws of quantum physics” you can make a message that can be read exactly once, and you know if it’s been read. It’s just a way of making sure that the key isn’t compromised. At that point, whether the code is breakable or not is as good as your encryption algorithm.
A one-time-pad is provably unbreakable, assuming:
- The key is used only once.
- The key is truly random (for a sufficiently good value of “truly.”)
- The key does not repeat (or the period of repetition is longer than the message (see 2)).
I don’t know much about quantum cryptography, but I do know it’s been around for quite some time.
I think the thing to note in that press release is that it is using the quantum encryption to exchange cryptographic keys, not the messages themselves. The messages will, very likely, continue to be encrypted with existing symmetric-cipher technology.
The difference in this case is the key exchange protocol. Public Key Cryptography (such as SSL and PGP) use an asymmetric algorithm to exchange conventional cryptographic keys. This just replaces that key exchange method with a quantum based one.
As for the security of the quantum link itself then, yes, as I understand the technique it is secure. It’s not, as far as I know, “unbreakable” insofar as being impossible for a third party to decode, but rather sensitive to eavesdropping. If a third party attempts to intercept the key exchange it will cause the entangled state of the exchange particles to collapse, exposing the interception.
If key interception is detected you just release the hounds and wait until you can establish a clean link. The security of the actual message content itself is, as with PGP etc, dependant upon the strength of the symmetric algorithm used to encrypt it.
Personally I am skeptical that the MagiQ system can exchange cryptographically secure (i.e. quite large) keys in a reasonable time over a reasonable distance (only recently a record was set for entangled photon transmission - they were beamed a matter of a few hundred metres across a river; I forget where right now). Their website is very light on implementation details, but seems to imply they’re attempting to gain security by using the quantum system to exchange small keys on a frequent basis and break up messages into chunks, each encrypted with a separate key. I remain to be convinced that this is secure since I don’t believe the predicted quantum system bandwidth is sufficient to exchange secure keys fast enough to prevent an attacker brute-force cracking the keys in reasonable amounts of time.
Looks like an interesting system, anyway. I’ll do some more reading around it.
This is old news which has been discussed several times on this board. It is just some junior reporter who, again, thinks he has the scoop of all scoops and does a piece he does not understand and therefore is so badly explained it raises more questions than it answers. BTW, “Mind-blowing” is not an accepted scientific description and just shows the liece is a “gee-whiz” sort of article. ( I admit I am not sure if “gee-whiz” is a standard, accepted, denomination for classifying news reports.)
The article is full of “mind-blowing”, “gee-whiz”, “magic” and other such vague superlatives and very devoid of actual information. Similar reports about the same topic have been seen already for some years now and the only copnclusion one can draw from them is that the reporter did not understand a single word of the matter.
In the past, with articles more specific than this one, I said it did not sound like encryption but as the capacity to have a secure communications channel but, again, I have not yet found any articles explaining it well.
I saw a press release explaining it reasonably well back in…1997, maybe. But it’s been too long for me to really remember any of the details.
The article’s lead paragraph implies this will impede hackers. Hackers will still get through.
While only tangential to the question, I feel I should point out that most encryption algorithms employed today (the old fashioned ones based on two large prime numbers multiplied together) are ‘good enough.’
Hackers don’t figure out passwords, nor reverse-engineer encryption codes. They get around them. A hacker breaks through firewalls/gates by sending them stuff they don’t expect (like sending a packet with too many bytes, or sneaking damaging code into the off-bytes of wide-character data) to break down the whole process.
If they could get the hackers to show up at the gate and try to enter a key, things would already be a lot more secure.
The term ‘quantum cryptography’ always annoys me, because it has so very little to do with cryptography (lit. ‘secret writing’) as we normally understand it.
Cryptography gives us the ability to transmit sensitive information over an insecure channel: the Internet, a radio broadcast, a phone line or whatever. Thanks to advanced techniques such as public-key algorithms, I can communicate securely with someone I have never met in the flesh.
Quantum ‘cryptography’ however, does nothing of the sort. It requires a very special, high-tech line between the two parties who wish to communicate, and the value it adds is that it guarantees the impossibility of undetected eavesdropping attempts.
That is definitely cool and probably useful, but it has nothing to do with ‘encrypting’ a message in the traditional sense. You can’t use quantum crypto to store data on your harddrive in encrypted form, or to have a secure wireless telephone conversation, or to protect your credit-card number for e-commerce. It’s an advanced form of physically securing a communication line, not a form of encryption.
Anyway, I don’t see this having a big impact on the world as we know it. As bup notes, currently available crypto is already good enough against any conceivable opponent with the possible exception of the U.S. government. Computer systems are being broken daily, but virtually never through actually cracking a crypto algorithm.
Right now, therefore, I don’t see a lot of value in this technology. Things will become interesting again, however, when quantum cryptanalysis becomes practical – when the power of quantum computers can be used to crack codes that are considered bulletproof today. When that happens, we can no longer use encryption to exchange secrets over an open channel, and we will need to go back to physical security, using quantum ‘crypto’ to guard against eavesdroppers. We are living in interesting times…
To the best of my knowledge, quantum cryptanalysis is unlikely to affect today’s secret-key systems, only systems like RSA (using Shor’s algorithm for factoring).
Quantum computers are not currently known to be equivalent to nondeterministic turing machines (in terms of operation) so they will only affect the key-exchange problem (in terms of cryptography).
Even a system like Navajo would be vulnerable to cracking by a nondeterministic computer or a brute-force attack, but in the present and likely future, quantum cryptanalysis is unlikely to have any effect on the system described in the article.
“The Code Book” by Simon Singh gives a very clear explanation of quantum encryption, along with the history of cryptography.
It’s not known exactly what a quantum computer can do, but it is at least known that a quantum computer can quickly factor large numbers. Which has a lot more impact than just key exchange.
If by “secret key systems” you mean a one-use pad, then no, absolutely nothing can break it, short of getting ahold of a copy of the pad and/or of the plaintext.