Original URL: https://www.theregister.com/2003/06/19/quantum_crypto_its/

Quantum Crypto – It's in the fiber

By Andrew Orlowski

Posted in Bootnotes, 19th June 2003 19:31 GMT

Letters : Holy Grail of crypto to arrive in three years, say UK boffins

You mention already the fundamental existence of noise.

Precisely noise makes it impossible to differentiate between errors in the communication because of noise or because the perfect hacker started listening in.

Please use your Holy Publicaton Powers to make an end to this stupid hoax!

+++chefren




While this is a break through it is important to remember that it will not provide absolute security.

As a first note it is important to realize that quantum communication systems are subject to DOS type attacks. While these are less of a security risk they are noteworthy. Also we must constantly remind ourselves that any system is only as secure as its weakest component. Like most systems, quantum systems are based on the assumption of random numbers. Unfortunately there is currently no reliable way to rapidly generate random numbers, particularly in a corporate (bank) environment. These considerations do not include the small number of theoretical attacks including listening to photon gun switching noise (reference unknown).

This is not to belittle the technological advance though. Quantum cryptography will add a key part to modern cryptography. It is an option, while dependant on other technologies will allow society to reach a new level of security. It is just important to keep in mind that if someone wants your data they will get it, its just a matter of making it too difficult to make it worth while.

-Dan Thiffault




Your article seems to suffer the same problems that so many others have fallen for, the assumption that quantum cryptography is anything but a laboratory toy.

Yes there are narrow cases where quantum cryptography will be of use in the real world, but the simple fact is that it will never be of much use. The reason is fundamental and was actually missed in your article.

It is important to note that a quantum cryptography signal CANNOT be routed, and the reason lies in the nature of quantum cryptography. This will completely cripple the ability of quantum cryptography to be at all useful.

The reason it cannot be routed is fairly simple; quantum cryptography relies on the fact that once the particle has been examined the state changes randomly, the result is that the bits cannot be discovered by two entities.

A second necessity is that the particle state cannot be created, so no particle stream can ever be cloned. Based on this look at the process of routing. Receive the data, read the routing information (which will obviously be in the clear), hold the data in memory while the next step is discovered, read the data from memory (voids the state), write the data to
the next link (no state can be duplicated so this cannot be done). The two critical steps cannot be done.

There is actually an alternative, there is a reflector that can be built that will "route" the signal without reading it, but in order to use such a reflector you would have to read the routing data, then shunt the real data off into a big loop (with absolutely critical timing) so that the routing could be computed.

This though has it's own problems, each in process packet would require its own loop (to avoid contamination which would void all the states), and each of these loops would have to be several miles in length (light is very fast). Consider just my home router, it has 3 computers connected, and at peak usage probably is routing a dozen packets, my personal home network would require potentially hundreds of miles of fiber optic cable. Considering that cheap fiber optic cable appear to be about $1/foot, and there are 5000+ feet per mile, I'd be looking at a half million dollar investment just for the fiber optic cable to quantum crypto my home network of 3 computers (and I haven't even begun to talk about how to store these miles of cable). I don't even want to think about what it would take for a large city, but it would certainly be larger than the city.

This is not to say that there aren't cases where quantum crypto is useful, there are, but as a "holy grail" of cryptography it's really rather useless.

Joseph Ashwood
Trust Laboratories




Right now we have SSL, good stuff, hard to break, but so poorly implemented (management of keys/etc/etc) and the ultimate storage of data on servers is so insecure that SSL is largely meaningless. The same will be true of quantum crypto. We're using armed bank trucks to transport bags of money from one city park bench to another (i.e. the money is left out in the open).

Besides, anyone with the capabilities to tap into fiber optic links typically has enough resources to get at your data other ways.

Kurt Seifried