Feeds

Quantum Crypto – It's in the fiber

  • alert
  • submit to reddit

Combat fraud and increase customer satisfaction

Letters : Holy Grail of crypto to arrive in three years, say UK boffins

You mention already the fundamental existence of noise.

Precisely noise makes it impossible to differentiate between errors in the communication because of noise or because the perfect hacker started listening in.

Please use your Holy Publicaton Powers to make an end to this stupid hoax!

+++chefren




While this is a break through it is important to remember that it will not provide absolute security.

As a first note it is important to realize that quantum communication systems are subject to DOS type attacks. While these are less of a security risk they are noteworthy. Also we must constantly remind ourselves that any system is only as secure as its weakest component. Like most systems, quantum systems are based on the assumption of random numbers. Unfortunately there is currently no reliable way to rapidly generate random numbers, particularly in a corporate (bank) environment. These considerations do not include the small number of theoretical attacks including listening to photon gun switching noise (reference unknown).

This is not to belittle the technological advance though. Quantum cryptography will add a key part to modern cryptography. It is an option, while dependant on other technologies will allow society to reach a new level of security. It is just important to keep in mind that if someone wants your data they will get it, its just a matter of making it too difficult to make it worth while.

-Dan Thiffault




Your article seems to suffer the same problems that so many others have fallen for, the assumption that quantum cryptography is anything but a laboratory toy.

Yes there are narrow cases where quantum cryptography will be of use in the real world, but the simple fact is that it will never be of much use. The reason is fundamental and was actually missed in your article.

It is important to note that a quantum cryptography signal CANNOT be routed, and the reason lies in the nature of quantum cryptography. This will completely cripple the ability of quantum cryptography to be at all useful.

The reason it cannot be routed is fairly simple; quantum cryptography relies on the fact that once the particle has been examined the state changes randomly, the result is that the bits cannot be discovered by two entities.

A second necessity is that the particle state cannot be created, so no particle stream can ever be cloned. Based on this look at the process of routing. Receive the data, read the routing information (which will obviously be in the clear), hold the data in memory while the next step is discovered, read the data from memory (voids the state), write the data to
the next link (no state can be duplicated so this cannot be done). The two critical steps cannot be done.

There is actually an alternative, there is a reflector that can be built that will "route" the signal without reading it, but in order to use such a reflector you would have to read the routing data, then shunt the real data off into a big loop (with absolutely critical timing) so that the routing could be computed.

This though has it's own problems, each in process packet would require its own loop (to avoid contamination which would void all the states), and each of these loops would have to be several miles in length (light is very fast). Consider just my home router, it has 3 computers connected, and at peak usage probably is routing a dozen packets, my personal home network would require potentially hundreds of miles of fiber optic cable. Considering that cheap fiber optic cable appear to be about $1/foot, and there are 5000+ feet per mile, I'd be looking at a half million dollar investment just for the fiber optic cable to quantum crypto my home network of 3 computers (and I haven't even begun to talk about how to store these miles of cable). I don't even want to think about what it would take for a large city, but it would certainly be larger than the city.

This is not to say that there aren't cases where quantum crypto is useful, there are, but as a "holy grail" of cryptography it's really rather useless.

Joseph Ashwood
Trust Laboratories




Right now we have SSL, good stuff, hard to break, but so poorly implemented (management of keys/etc/etc) and the ultimate storage of data on servers is so insecure that SSL is largely meaningless. The same will be true of quantum crypto. We're using armed bank trucks to transport bags of money from one city park bench to another (i.e. the money is left out in the open).

Besides, anyone with the capabilities to tap into fiber optic links typically has enough resources to get at your data other ways.

Kurt Seifried

3 Big data security analytics techniques

More from The Register

next story
Forget the beach 'n' boardwalk, check out the Santa Cruz STEVE JOBS FOUNTAIN
Reg reader snaps shot of touching tribute to Apple icon
Oz bank in comedy Heartbleed blog FAIL
Bank: 'We are now safely patched.' Customers: 'You were using OpenSSL?'
Happy 40th Playmobil: Reg looks back at small, rude world of our favourite tiny toys
Little men straddle LOHAN, attend tiny G20 Summit... ah, sweet memories...
Lego is the TOOL OF SATAN, thunders Polish priest
New minifigs like Monster Fighters are turning kids to the dark side
Dark SITH LORD 'Darth Vader' joins battle to rule, er, Ukraine
Only I can 'make an empire out of a republic' intones presidential candidate
Chinese company counters pollution by importing fresh air
Citizens line up for bags of that sweet, sweet mountain air
Google asks April Fools: Want a job? Be our 'Pokemon Master'
Mountain View is prankin' like it's 1999...
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.