The Super-Secure Quantum Cable Hiding In the Holland Tunnel

Zorro shares a report: Commuters inching through rush-hour traffic in the Holland Tunnel between Lower Manhattan and New Jersey don't know it, but a technology likely to be the future of communication is being tested right outside their car windows. Running through the tunnel is a fiber-optic cable that harnesses the power of quantum mechanics to protect critical banking data from potential spies.

The cable's trick is a technology called quantum key distribution, or QKD. Any half-decent intelligence agency can physically tap normal fiber optics and intercept whatever messages the networks are carrying: They bend the cable with a small clamp, then use a specialized piece of hardware to split the beam of light that carries digital ones and zeros through the line. The people communicating have no way of knowing someone is eavesdropping, because they're still getting their messages without any perceptible delay.

QKD solves this problem by taking advantage of the quantum physics notion that light -- normally thought of as a wave -- can also behave like a particle. At each end of the fiber-optic line, QKD systems, which from the outside look like the generic black-box servers you might find in any data center, use lasers to fire data in weak pulses of light, each just a little bigger than a single photon. If any of the pulses' paths are interrupted and they don't arrive at the endpoint at the expected nanosecond, the sender and receiver know their communication has been compromised.

Re:

[bluefoxlucid]

The mechanism they describe is also classical physics.

Re:

[ShanghaiBill]

The mechanism they describe is also classical physics.

Most likely the journalist is a moron. QKD works via entanglement, not "detecting delays".

It is unlikely the engineers would have called it QKD if it isn't QKD.

It is very likely that the Bloomberg reporter completely misunderstood their explanation of how it works.

Delay detection would not work well because the speed-of-light in a glass fiber depends on the density of the glass, which varies with temperature.

Re:

[arglebargle_xiv]

It's also pointless, QKD does the same thing as Diffie-Hellman key agreement from 1976, but at thousands of times the cost, and without all the other security that's been added to the original unauthenticated key agreement in the forty years since then. And that's its selling point, it's really, really expensive and requires complex equipment and uses physics and quantum and magic and other stuff, so banks love it and it gets media coverage even though it's just a super-expensive step backwards by forty ye

Re:lol this is bullshit

[tlhIngan]

The mechanism they describe is also classical physics.

You can use classical physics to do quantum stuff.

Quantum Key Distribution uses polarized light, and one interesting property is that unless the polarizes are orthogonal to each other, you're going to have a non-zero probability of light going through. So what you do at the sender end is send pulses of polarized light at random polarizations (say, 0 degrees, 0 degrees, 90 degrees, 45 degrees, 135 degrees, etc). Of course, the pulses are coded to represent your bit pattern, so a pulse could mean a 1, no pulse could mean 0.

At the receiver end, the receiver picks a random polarization and measures the output - either light, or no light. It doesn't matter which.

What happens after sending a copious amount of data is the two ends then compare their polarizer settings and discard the bits where the polarizer setting did not match (e.g., sender used 0 degrees, receiver used 45 degrees). Most of the data will be discarded, but you'll have plenty more where by chance both sender and receiver picked the same polarizer.

You can then do a quick hash to compare the final results - the two hashes should be the same.

Now what happens if someone taps the line? Well, they don't know the polarizer settings, so at best they're going to guess. But the act of inserting the eavesdropping polarizer into the bitstream changes the polarization of the light! If the sender uses 0 degrees, and the eavesdropper uses 45 degrees, light will have a 50% chance of going through the polarizer. But even stranger, at the receiver, if they use a 0 degree polarizer or a 90 degree polarizer, light again will have a 50% chance of getting through. So even though the sender and receiver may both use a 0 degree polarizer, the eavesdropper using a 45 degree polarizer has changed the end result. Maybe the eavesdropper gets lucky, maybe not.

Doing it for a large number of bits and you'll detect the line tap too easily because of it.

If you want to see this in action, you can do the standard two polarizer test, set them orthogonally to each other (so the two polarizers let no light through). Now add a third polarizer AFTER than two polarizers and oddly, you'll get light going through! It doesn't have to be in the middle of the polarizer stack - just the act of the third polarizer interacts with the other two such that some light now goes through where it didn't before makes things extra spooky.

Re:

[Anonymous Coward]

Now add a third polarizer AFTER than two polarizers and oddly, you'll get light going through

No, you won't. If you add a 45 degree polarizer between a 0 degree polarizer and a 90 degree polarizer, then you'll get light through, even though without the 45 degree filter, none would get through.

Re:

[bluefoxlucid]

Is there a magic "we exchange the key without it being eaves dropped" in there?

two ends then compare their polarizer settings and discard the bits where the polarizer setting did not match

How do they transfer this information?

Re:

[SuperKendall]

Change in rx power would trivially detect someone tapping the fiber.

Wouldn't fiber rx power naturally change over time, depending on age of cable, and temperature?

Re:

[HotNeedleOfInquiry]

Possibly, but that's not the way a tap would normally be detected. A very short pulse of light would be sent down the cable. Any tap would reflect a tiny bit of the pulse back to the source. With an instrument called a [Optical Time Domain Reflectometer](https://en.wikipedia.org/wiki/Optical_time-domain_reflectometer) the exact location of the tap can be pinpointed.

Re:

[olsmeister]

an OTDR is a disruptive test. This is not something you can log and monitor

Re:lol this is bullshit

[sexconker]

And don't forget how this "quantum" tunnel actually works in practice.

We didn't get an expected signal at a certain point. Maybe they didn't send it? Maybe they didn't send it because they didn't get ours??
Better call them on the PSTN to ask. Does anyone know who we call? I think it was "Jeff" of "Jim".
No, Jim retired. They don't have a replacement yet. Just call the main office and ask.
Okay hold on. Let me divulge too much to a random person over an insecure line to try to explain what we're even asking about.
She said I need to submit a ticket then their service team will get back to us. We can call and ask them to escalate, but only after we create the ticket.

An hour passes while they create an account in the ticket portal, try to choose something that sort of matches the issue from a crappy set of categories, eventually create a ticket, wait for an email with the ticket number to arrive, etc.

Okay, I called the ticketing desk with the ticket number and they said they'd escalate it.

The next day they get an email from Bob.

Hey guys, this is Bob. We're going to need to reset the entire quantum tunnel. Here are the keys and certs and shit you need to get it done. Email me yours, in regular non-quantum email by 9 AM tomorrow and we should be able to schedule the reset for 10 AM. Feel free to call me on my cell (123) 456-7890 around 10 just so we can both make sure it's working.

The team scrambles to figure out WTF they need to do with the shit Bob sent, and WTF they need to send back to Bob. Eventually, they get it done, and they call Bob at 9:59 AM the next day, but he's working remotely from the inside of a helicopter above an Indian night market. ...ight g..z ... got the stuff th..s ...r se..g that over ...ckly. Let me ...ad and do ...et now. ... ould ha... lights right n....
Uh, yes Bob, we currently have no lights. (That's what he said right? We should have no lights?) They just turned off.
Okay, goo... t me ... ... ...d you should see... ng now. Let me ..ow when ... ...s ...ng.
??? ??? ???
Still ...ng, guys?
??? Uh, yeah Bob after the lights went out they came back blinking for a bit and they're still blinking. One of them just turned solid green. ...t sou... ...ood. I've got s...d green on ... ...d. You should st... ... ...e traffic now.
??? Yes, we're at solid green too here. (Do we have traffic? How do we know if we have traffic??) Uh, I think we're good now if you see traffic, Bob. Thanks. ...ks guys. Le... ...ow if there's any issues.

The team is now totally quantum secure, for sure! The outage obviously wasn't from someone installing a tap and repeater, and the reset process totally didn't result in the hardware redetecting the link length and recalibrating all timing-related controls. And the team has now printed out a copy of the certs and keys, both Bob's and theirs, and filed them in Joe's desk side cabinet so they could document the procedure in case it happens again. Don't worry, only Joe and two other staff have the key. And the furniture people and custodians. And the keys say "do not duplicate" on them.

Re:

[es330td]

This is an amazing post. It should get modded to level 6: "Classic."

Re:

[Anonymous Coward]

Yeah, this seems like overkill. Crypto may have its issues (e.g. not leaking the keys, quantum-computing vulnerabilities), but getting that right is easier than laying down entirely new infrastructure.

Re:

[Anonymous Coward]

The article is wrong, QKD is not about timing but quantum indeterminacy and photon polarization.
Eavesdropping is just physicaly unfeasible because the photon cannot be 'read' and 'resent'

Re:

[WaffleMonster]

Eavesdropping is just physicaly unfeasible because the photon cannot be 'read' and 'resent'

You may not be able to passively eavesdrop but you sure as heck can pretend to be one of the endpoints. Either way end result of successful impersonation is the same quantum or not.

Quantization

[burningcpu]

[QUOTE]"use lasers to fire data in weak pulses of light, each just a little bigger than a single photon."[/QUOTE]

Light comes in units of photons. Saying, "just a little bigger than a single photon," doesn't make sense. Was it two photons? Is this an artifact of averaging and poor journalism, where the target was really 1 photon, and sometimes more are released?

Re:

[burningcpu]

Er, light comes in discrete units of photons.

Re:Quantization

[93 Escort Wagon]

These are jumbo photons - your quantum switch needs to have that setting turned on for them to work.

Re:

[ShanghaiBill]

Er, light comes in discrete units of photons.

Sure, but they aren't all the same size. A red photon is half again the size of a blue photon (700 nm vs 450 nm).

So "just a little bigger than one photon" could mean a slightly bigger photon, or maybe a normal photon plus a tiny little photon like a gamma ray.

I think they mean quantity...

[SuperKendall]

Is this an artifact of averaging and poor journalism, where the target was really 1 photon, and sometimes more are released?

I thought the phrasing was odd as well but took it to mean as you say here, a very few number of photons, close to one.

Re:

[zlives]

what they meant was that when light is in wave form you can cut 1.05 waveform ummm as a pulse umm yeah. every one noes that its only discrete in once it evolves into particle form.
see makes perfect sense.

Re:

[XxtraLarGe]

Light comes in units of photons. Saying, "just a little bigger than a single photon," doesn't make sense. Was it two photons? Is this an artifact of averaging and poor journalism, where the target was really 1 photon, and sometimes more are released?

It's a photon with just a smattering of gluon the side.

Re: Quantization

[niftydude]

Good catch. It isn't really bad reporting, it's proponents trying to hide a major flaw in the system.

The thing about quantum key distribution is that it only works when you send one photon at a time, because if you send more, it becomes fairly trivial for Eve to pick up one of the extra photons and eavesdrop.

However due to losses and reflections along the fibre (even very small changes in refractive index in the core along the length of a typical fibre cause some reflection back), you need to send more

Re:

[epine]

And I guess it works on the bankers cause they don't understand optics or quantum physics.

No greedy financial institution ever hired a graduate student with a physics degree to wrangle all that complex math?

I don't know what world you're living in, but it isn't this one.

Re:

[Anonymous Coward]

Look up Decoy State QKD some time. What you describe was solved a decade ago.

Re:

[burningcpu]

Thank you for the concise explanation!

Re:

[QuantumV]

So for km long links they send what they call "weak" pulses of photons, and still call it QKD.

Yes, but the weak pulses still have an average number of photons well below 2. The loss in a long fiber only means that perhaps only 0.1 % to 1 % of the photons arrive at their destination, but those arriving may still be used to generate a secret key.

Re:

[mspohr]

No, these are obviously "big photons being a little bigger than a single photon".
I, for one, would like to know where they get these big photons... I could use a few of them around the house. They might be slower than the standard photons and might hang around longer.

Re:

[angel'o'sphere]

A pulse of light a bit bigger than one photon makes perfectly sense ...

Re:

[vbdasc]

Is this an artifact of averaging and poor journalism

Good luck finding journalists who understand quantum physics.

What about protecting from jay on backhoe from bra

[Joe_Dragon]

What about protecting from jay on backhoe from braking it ? and after that does this need a lot bigger repair job then with other fiber?

Re:

[es330td]

I like the way they let terrorists know the precise location of a valuable technical target.

Re:

[Joe_Dragon]

more then that Also an 2 for one target

Re:

[PPH]

Probability.

The statistical odds that Jay will actually be operating a backhoe rather than being on a union negotiated break are vanishingly small in NYC.

Re:

[sexconker]

It works because there is no way to make a perfect copy of a photon, so any part of the key that is intercepted can't also be sent to the intended destination. When part of the key is compared between both ends, it won't match, so they know not to use that key.

Seems to me the person sending the photon originally made a perfect instance of it.
Further, how does the person on the receiving end know what it's supposed to look like until they get it? Hell, when you get down to it at the quantum level, how did the SENDER know precisely what they sent and when they sent it without measuring it themselves?

"Quantum" fundamentally does nothing for key distribution. You either need a separate link to negotiate and validate your quantum link, or you end up with the same ke

Re:

[Anonymous Coward]

The sender isn't able to create a copy of an existing photon, only to create two identical (or at least correlated) photons at the same time.

The receiving end needs to know what axis to measure the polarization of the photon in, which the sender sends separately by some method other than the quantum link.

The sender does measure one of the paired photons themselves. If they didn't, they wouldn't know anything about what they sent. Even after measuring the photon they still don't know exactly what they sent.

Y

Dust

[atrex]

So what happens if dust gets in the way?

QKD solves no problem, but creates one

[ffkom]

QKD is only as secure as your believe that the physical model "Quantum Mechanics as of today" describes reality completely. And that we already know not to be the case (as quantum mechanics do not even include the omnipresent phenomenon "gravity"). Nobody can say if a more precise model of reality will open up ways to intercept single photon transmissions without leaving traces.

QKD also solves no problems as conventional cryptography works very well (and its potential failure is not quite the number one th

Re:

[fadethepolice]

To be fair normal physics does not describe gravity correctly either. That is why we invented Dark Matter. At least quantum physics hasn't been giving wrong answers for 100 years.

Re:

[QuantumV]

Nobody can say if a more precise model of reality will open up ways to intercept single photon transmissions without leaving traces.

No, but we also know that in a world where this is possible (sufficiently well), lots of other cool possibilities will open up, such as superluminal communication and time machines. The currently known laws of physics describe pretty much everything possible on earth (and other places in the universe with weak gravity) today. But of course if you could integrate a couple of black holes and maybe a few wormholes into your interception device, we cannot quite rule out that an attack is impossible.

what was once old is new again...

[Anonymous Coward]

call it what it is.. a QuantumLink [wikipedia.org]

Re:

[PPH]

Named after a guy called Holland.

Re:

[bws111]

Who was the chief engineer

Series of Tubes

[nwaack]

Remember how difficult it was to get the congress-critters to understand how the internet works? Making rational laws for this type of tech is gonna be a real cluster fock.

That's not quantum security

[aepervius]

"If any of the pulses' paths are interrupted and they don't arrive at the endpoint at the expected nanosecond, the sender and receiver know their communication has been compromised" it is just plain damn light path measurement, and has nothing to do with real quantum encryption, and the no cloning theorem.

Strong encryption

[DidgetMaster]

How about encrypting the data so that you don't care how many people capture the 1s and 0s going over the wire (be it electrical or optical) since none of them can make any sense of them without the decryption keys?

Re:Strong encryption

[PPH]

without the decryption keys

That's why this is called Quantum Key Distribution.

Once Alice and Bob* have their keys, the messages are encrypted using standard algorithms and passed over normal fiber optic links.

*Should we change this to Achmed and Boris by now?

Re:

[DidgetMaster]

Maybe I misread the summary, but it made it sound like QKD has nothing to do with encryption. It sounds like a way to determine if someone is listening or tapped into the line. Or did I misunderstand this statement: "If any of the pulses' paths are interrupted and they don't arrive at the endpoint at the expected nanosecond, the sender and receiver know their communication has been compromised."

Re:

[PPH]

QKD has nothing to do with encryption

Initial session key exchange has a lot to do with encryption. If a man in the middle can examine the keys, subsequent encryption based on them is not secure.

Re:

[Anonymous Coward]

The summary is wrong in many many ways. Please disregard the summary.

The quantum communication channel is used to exchange keys (for example for one-time-pad encryption). Detection of an eavesdropper relies on the fact that any measurement of the polarized photons doesn't reveal enough information to clone the photons correctly with certainty and send them to the actual recipient. It is assumed that each transmitted bit is sent with ideally just one photon, so that measuring this photon destroys information

Re:

[ceoyoyo]

It has nothing to do with encryption. QKD is about making a communications channel where you know if messages are being intercepted. The most useful thing anyone could think of to do with that is to exchange encryption keys.

Re:

[ceoyoyo]

Of course the REAL question is why Alice and Bob couldn't exchange a key in a conventional way, but they COULD run a fibre optic cable through the Holland Tunnel and build QKD hardware to put on either end of it.

Re:

[thegarbz]

without the decryption keys?

How do you get the decryption key without knowing for sure that someone isn't listening? I would propose a system like Quantum Key Distribution, I think I read about it once on Slashdot.

Ususal quantum crypto nonsense

[WaffleMonster]

Why bother when most network traffic is already encrypted? Encryption is worthless if an attacker manages to get the digital keys used to encode and decode messages.

This is what forward secrecy is for.

Each key is usually extra-encrypted, but documents disclosed by former National Security Agency contractor Edward Snowden in 2013 showed that the U.S. government, which hoovers up most of the worldâ(TM)s internet traffic, can also break those tougher codes.

Unless security vendors have made secret deals with god normal cryptography is still required to authenticate peers and just like normal systems compromise of keys is fatal to future communications.

Just like normal systems:

1. There are still keys that can be stolen.
2. There is still cryptography that can be compromised.

If any of the pulsesâ(TM) paths are interrupted and they donâ(TM)t arrive at the endpoint at the expected nanosecond, the sender and receiver know their communication has been compromised.

Given fiber only runs .67c this is hardly definitive of anything.

Hardly

[nospam007]

If it's _in_ the Holland Tunnel, it might be secure but it ain't safe.

Re:

[OneHundredAndTen]

Right. The Snowden leaks show that the NSA achieves its results by just about any mechanism other than breaking standard cryptosystems - it would seem that, if properly implemented, the NSA is helpless against them.

The *real* story is ...

[fahrbot-bot]

The Super-Secure Quantum Cable Hiding In the Holland Tunnel

... they can't find the cable - which makes it super secure.

Way to go...

[mschaffer]

Now that we know it's there, it's only a matter of time before someone observes the cable and alters the outcome.

Re:

[pipedwho]

I know you're probably going for funny. But, that is the point of QKD. If the entangled photons are observed mid transit, they will be altered or not arrive at the destination. When this happens the distributed keys won't match and therefore the encryption/signatures will fail and the interception will be detected. The summary is incorrect in how it describes the working of QKD.

QKD still relies on classic crypto to encrypt the channel and verify the authenticity of the keys and the participants, otherwise i

Aww...you're no fun anymore

[mschaffer]

https://www.youtube.com/watch?... [youtube.com]

Re:

[pipedwho]

That was funny though!

encryption is rarely the weak link

[joe_frisch]

Most big hacks have been due to human factors, not someone breaking zillion-bit encryption.

Explained - future privacy

[FeelGood314]

This is a key agreement scheme for privacy. Someone wants to keep something secret forever. Today Alice and Bob can use regular encryption to prove they are talking to each other and agree on a secret key using certificates and things like Diffie-Hellman key exchange. We have know how to do this for almost 40 years. The problem with all of this though is that if someone records the Diffie-Hellman key exchange (or other key agreement scheme) and the subsequent communication and computing or math advances in the future to the point where the D-H key exchange can be broken then the communication will no longer be secret. Now if you are the government, communication you do today could be very embarrassing if it was revealed 20 or 30 years from now.

Right now we are back to suitcases with key tables. If an embassy wants to send something that must be kept secret for 50 years, it pretty much has to be physically delivered or the keys for the communication must be physically delivered. Everyone is recording as much communication as they can and trying to build a quantum computer to break the key exchanges. Who will be first? The Americans, the Chinese, the University of Waterloo with money from everyone else???

QKD is simple to understand, I send you a bunch of pulses of photons, you send me back the way you read them, I send you a list of the times you read them the correct way. We now have a subset of photons that we correctly exchanged that we can use as a key. Does it work? As others have pointed out, it only really works if you only send 1 photon at a time. It fails if I send lots of photons each time (which I really need to do) and our attacker has better equipment than we do (which they always will because they get to build theirs after we commit and deploy).

Re:

[QuantumV]

The part about future privacy is spot on. The following to statements in the last paragraph are wrong:
1. It fails if I send lots of photons each time (which I really need to do)
2. [It fails if] our attacker has better equipment than we do

As for 1, the performance certainly degrades quickly if you send more than one photon or each signal, but it is still possible to get a secret key from two- and three-photon pulses provided a protocol ruling out photon-number-splitting attack is used (such as decoy-stat

what's really happening

[Micah NC]

These finance outfits are leaking weak security details so their adversaries never suspect their real security measures.

Re:entanglement

[sexconker]

No. Quantum entanglement does not violate causality. All particles / information / marketing lies still have to be transported classically, below c.