Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Encryption Security Technology

Schneier Calls Quantum Cryptography Impressive But Pointless 233

Posted by timothy from the science-fair-project dept.
KindMind writes "Bruce Schneier writes in Wired that quantum cryptography, while an awesome technology, is actually pointless (that is, of no commercial value). His point is that the science of cryptography is not the weak point, but the other links in the chain (like people, etc.) are where it breaks down."
This discussion has been archived. No new comments can be posted.

Schneier Calls Quantum Cryptography Impressive But Pointless More

Schneier Calls Quantum Cryptography Impressive But Pointless

Comments Filter:

  • Re:While I appreciate the spirit of the article... (Score:4, Informative)

    by tyler.lee ( 1319843 ) on Thursday October 16, 2008 @04:53PM (#25405235)
    Social Engineering is definitely the weakest link! I can't remember where I found the article, but it was about a team of guys (tiger team) who STRICTLY used social engineering to obtain confidential information from companies. Including employee records with SSN's, with a 100% success rate. They have never walked out of a building without getting what they came in for...and this is all done from walking around inside the building.

  • Re:Quantum Key Exchange not Quantum Computing (Score:5, Informative)

    by SpicyLemon ( 803639 ) on Thursday October 16, 2008 @05:29PM (#25405687)

    That's what I was thinking as I read a bunch of these posts. The only thing quantum computing and quantum encryption have in common is the word "quantum."

    Quantum computers use the superposition of states to form qubits used to do computations using multiple numbers at the same time.

    Quantum encrypting uses polarization of light and different alignments of filters to communicate a shared key used to encrypt data. If someone's listening in, they will disturb the polarization causing red flags to go up during the communication of the key. That tells you it's not safe to transmit the message. Furthermore, even if you did, it would just be garbled anyway.

    The downside to quantum encryption is that you have to have an uninterrupted fiber optic line from one point to the other. If, at any point, that line has to go through a switch of some sort, you now have a weak point in the encryption where someone can be listening in without you knowing.

    It's probably important, too, to point out that we have both quantum computers and quantum encryption. However, the current quantum computers don't have nearly enough qubits to be a threat to public key encryption and the single fiber optic line constraint of quantum encryption is holding it back.

    Until quantum computers have thousands of qubits and are easily obtainable, we don't have much to worry about anyway.

  • Re:While I appreciate the spirit of the article... (Score:3, Informative)

    by bugnuts ( 94678 ) on Thursday October 16, 2008 @05:43PM (#25405853) Journal

    From what I understand, quantum cryptography only prevents eavesdropping by taking a part of the signal. Nothing seems to forbid a man in the middle attack (take all the signal and reproduce it), or eavesdropping at a router location. Am I mis-leaded ?

    You're mis-leaded. Or misled, rather.

    This is quantum key distribution, which uses entangled photons to send keys. It is not vulnerable to m-i-m attacks because a m-i-m cannot reproduce an entangled photon. Even observing it breaks it... so you can't even monitor communications.

  • Re:Hard to argue with the general point. (Score:1, Informative)

    by Anonymous Coward on Thursday October 16, 2008 @06:05PM (#25406055)

    If you read the article I think you missed the point. He specifically is only talking about quantum cryptography, not quantum computers. Even more specifically, quantum cryptography makes no change to the encryption, only the key exchange. So quantum computers will have the same impact on breaking the encryption whether or not the keys are exchanged with quantum cryptography. I think he's right: it is solving the wrong problem. Secure key exchange may improve some things, but it doesn't fundamentally improve the security. If quantum cryptography did something for the encryption -- now that would be something altogether different.

    thoromyr

  • Re:While I appreciate the spirit of the article... (Score:2, Informative)

    by devman ( 1163205 ) on Thursday October 16, 2008 @06:54PM (#25406561)
    You're missing the point. There are no keys to write down. If Alice wants to talk to Bob, then Alice will generate a random key and send it to Bob encoded as the quantum state of photons (There are several exchanges that go on here but for the sake of simplicity I'm not listing them). Due to quantum mechanics this exchange cannot be eavesdropped on. Once the key exchange is concluded Alice uses the key to encode her message as a One-time pad, and transmits the message via conventional means. The message cannot be compromised because one-time pads are mathematically unbreakable.

    As you can see there is nothing to write down, the keys are generated on the fly for each message.

  • Re:sure... (Score:2, Informative)

    by BarronVonGoerig ( 907146 ) on Thursday October 16, 2008 @06:56PM (#25406575)
    i think you mean e^n [or 10^n] computers, depending on one's definition of log(n) [it's an engineering thing]

  • Re:Nope (Score:3, Informative)

    by John Hasler ( 414242 ) on Thursday October 16, 2008 @06:59PM (#25406631) Homepage

    If you were the CIA you'd be using AES as that is the US Government standard.

  • Re:While I appreciate the spirit of the article... (Score:4, Informative)

    by db32 ( 862117 ) on Thursday October 16, 2008 @07:44PM (#25407017) Journal
    no you missed the point. I am well aware that no real crypto system even in use today uses "written down" keys. But there are emissions at both ends of unencryoted data. One time pad all you want, your encryption means squat if it is still easy for me to get at your data in unencrypted form. It is way easier to trojanize Bobs computer with promises of naked Alice pictures than to pull a man in the middle attack or code breaking. If I can compromise your data with so many other cheap methods why would I ever care how strong your crypto is? I'm not going to invest in expensive, difficult, and time consuming efforts. He'll I could probably buy off both Alice and Bob for less than the price of anything that could break modern crypto in a reasonable time.

  • About the quantum network demo (Score:5, Informative)

    by Vadim Makarov ( 529622 ) <makarov@vad1.com> on Thursday October 16, 2008 @08:16PM (#25407239) Homepage
    Schneier's article appears to be a reaction to the recent quantum network demo set up in the city of Vienna and surroundings. For those who missed it, here is some information.

    I have been there, and can give my impresson. I think, this is a big milestone for quantum cryptography. This has been the most massive and convincing demonstration of the technology up to the date, nothing like any before. Yet, it seems to have received relatively little press attention.

    The demonstration was a conclusion of an European project [secoqc.net] in which several tens of research groups collaborated. The main thing it produced are network protocols for a quantum cryptography network. Several months ago, the plan for this demo was four quantum cryptographic links. However, it was easy to plug any quantum crypto link into the network, so six research groups and one commercial company ended up bringing their systems to Vienna (the latter, idQuantique [idquantique.com], actually contributed three links to the network).

    Out of these nine systems, seven performed flawlessly for several days, one worked for half an hour and then died (the secure key produced in the first half an hour was still used by the network; the failure was blamed on a software problem in that system), and one prototype did not quite survive the flight to Vienna (hard disk was trashed by baggage handlers). Given that most of the systems were research prototypes, the statistics actually looks good to me.

    Since the network topology [secoqc.net] allowed for redundant paths between most of the nodes, the actual failure of one link and simulated failure of another did not prevent the network from operating. (The network topology on the picture as not quite complete: at the last moment, eighth link and one more node were added off the topmost node.) During the demo, there were shown securely encrypted video links between the nodes, and telephone calls. The video links were encrypted with AES with session keys provided by the network. The telephone calls were encrypted with one-time-pad provided by the network. Resiliency to failures was demonstrated: one link was broken on purpose (eavesdropping was simulated by inserting a polarizer, I think), and a key store in another was exhausted during one of the one-time-pad encrypted telephone calls. In both cases, the key distribution was automatically re-routed through other paths and nodes.

    The network software implemented so far requires all nodes be trusted and secure. However, I know that algorithms are under development that would allow secure key distribution in a bigger network where up to a certain percentage of nodes might have been compromised.

    The demo was on the first day of the meeting. The other two days were just a very good research conference, with no press attending. (I apologize if I got some details above not fully correct.)

    Regarding Schenier's position, I respect it but it might be too short-sighted and grounded. And pessimistic. Remember the famous sayings how many computers the world has maybe a market for (five), 640 kB should be enough for everybody, and so on. Classical cryptography has a nasty property to be retroactively crackable. One can record the encrypted classical communication now, wait until it is broken, decipher. Puff, your old secret is suddenly public. For some types of secrets, this is just not an option. Also, Schenier conveniently misses the fact that one can use one-time-pad with quantum key, the combination IS unbreakable, and quantum key distribution speeds steadily improve.

    A final remark, there appear to be three commercial companies actually selling quantum key distribution equipment:

  • Re:sure... (Score:2, Informative)

    by tixxit ( 1107127 ) on Thursday October 16, 2008 @08:56PM (#25407547)
    In computational complexity, log can refer to any constant base (greater than 1).

  • Re:Quantum Key Exchange not Quantum Computing (Score:2, Informative)

    by iris-n ( 1276146 ) on Friday October 17, 2008 @12:21AM (#25408633)

    And what references do you have on this information? Your ass, I suppose.

    I work with quantum computing. You forgot to say that qubits aren't some magical beings that appear out of the thin air, they have to be physically implemented somehow. And, IMHO, using polarization of light is the most promising technique. And you can transmit quantumly encrypted information via any system that can be used to make qubits.

    Quantum computing and quantum crypto have everything in common. In fact, quantum crypto is one tiny consequence of quantum computation and information.

    The point is, quantum crypto was never intended to be used as the standard encryption, just a perfectly (yes, perfect. Not even quantum computers can break it.) secure means of transmitting a small amount of critical information. To be used, let's see, to transmit private keys of classical crypto, or attack orders in times of war, that kind of stuff.

    And to break RSA isn't that big a deal. It appears that quantum computers can't accelerate considerably the solution of NP-complete problems. So, we could move from the factorization of a large number to finding a hamiltonian cycle of a graph.

Slashdot Top Deals

HELP!!!! I'm being held prisoner in /usr/games/lib!

Close