it's a star (radial) topology, with quantum links outwards only, which is enough to distribute keys. end nodes only need quantum receivers so it's cheaper than bi-directional systems.
The breakthrough claimed is that only one side (the router side) is equipped with a qubit detector, and end nodes only have quantum transmitters, and therefore the cost of deployment for each end node is much lower. This tech doesn't change the basic limitations of what quantum cryptography requiring trusted nodes can achieve: It only secures fiber links, and every router along a path still has to be trusted (ISPs have to be trusted and incorruptible, for instance). It also doesn't help prevent typical hacking, where nodes are attacked, not network links.
See http://www.youtube.com/watch?v=UVzRbU6y7Ks for the quantum key exchange protocol. The protocol doesn't need a quantum back-channel. What has been "declassified" about this approach?
Whenever you purchase something online and you hit the ‘buy’ button and your computer seems to buffer, taking its sweet time to present you with the order confirmation page and you begin to doubt that the order went through successfully, “that’s because of the cryptography,” says Hughes. It takes time to create a secure line to transmit sensitive information, like your card number, between your laptop, eBay, and your bank. But “in our case that just wouldn’t happen,” says Hughes, “in principle [our invention] could speed up the Internet.”
Bad journalism. That quote is probably taken way out of context. Website delays usually have very little to do with cryptography, and everything to do with the web apps and backend databases or credit card processors being slow to process orders. The slow part of SSL encryption (key exchange) isn't that slow, and is probably already done before you submit an order, if the site uses a ssl session cache.
Nothing personal, this is intended as constructive criticism.
You completely ignore the main point of the article, and come quibbling about an unrelated detail.
This kind of comment often ends up at the top of the comment thread and obscures the comments that discuss the subject matter.
Your point is rather obvious, and I suppose that you end up being upvoted by folks not knowledgeable enough to discuss TFA, but feel validated by the fact that they also spotted the error.
You should restate the main point of the article and then explain why the top comment is a quibble about an unrelated detail. If the readers aren't as knowledgeable as yourself, then you have an opportunity to change that rather than complain about it.
I'm not qualified to discuss the main point, but enough to separate chaff from wheat in this case.
The article is about quantum cryptography. The author gives credit card processing as a layman example of encrypted communication, and states, erroneously, that the connection process is slow because of the SSL handshake.
It is true that SSL increases latency, but it is not the main factor, as harshreality said.
However, the example is an aside, and the error is a small aside in the aside. Not really worth discussing, and it definitely doesn't have its place at the top of the thread, where it was when I first posted. It is still currently the second comment.
Note that harshreality improved his post after the fact... or did I miss the good bits when I first read it? Hoist with my own petard? If so, sincere appologies.
Nothing else in the article was particularly worth discussing either; other comments are detailing how this is not a breakthrough, or making minor clarifications, with beloch's in particular highlighting an alternative that might actually have interesting applications.
Also—other subject matter of this article aside—what are these HTTPS delays the author is talking about? All of the online merchants I shop with and the secure logins I experience are plenty fast. Why is this author trying to sell the reader on something that's neither (a) a problem, nor (b) the cool thing about this topic?
1. Quantum crypto only helps with eavesdropping. To defend against man-in-the-middle attacks you have to use a conventional message authentication code. The system is no stronger than the MAC.
2. Quantum nondemolition measurements have been used to detect macroscopic objects with a vanishing probability of interaction. There is a good chance the approach can be adapted to detect photons, breaking quantum crypto.
Basically, quantum crypto is at best snake oil and probably worthless.
> Quantum crypto only helps with eavesdropping. To defend against man-in-the-middle attacks you have to use a conventional message authentication code. The system is no stronger than the MAC.
False. See e.g. "Quantum protocols for the millionaire problem are trivial", He 2012
> Quantum nondemolition measurements have been used to detect macroscopic objects with a vanishing probability of interaction. There is a good chance the approach can be adapted to detect photons.
Interaction-free measurement has certainly been demonstrated, but it doesn't do what you think it does. It is provably impossible to measure a state without forcing it to be expressed in the basis of measurement, but this is not the same thing as interaction. I.e. if you measure the position of a particle, you will always find it has a definite position, but you cannot find that it was previously in a state without a definite position. See:
How can #1 be false? No optical measurement can distinguish between good and evil photons. Eve can simply cut the cable, hook a pair of quantum machines up to the ends, and proxy the data between Alice and Bob.
There are information theoretically unbreakable message authentication codes[1]
The main point of quantum crypto deployments (at least now) is to protect against future offline attacks (possibly using quantum computer). So in practice, I don't believe these authentication schemes are deployed.
A quick search on the mentioned quantum smart card (a.k.a. generation-1 QKarD) turned up this presentation: "Quantum Cryptography at Los Alamos National Laboratory: QES & QKarD" (2010) http://www.lanl.gov/orgs/tt/pdf/techs/quantum_crypt.pdf
I think it should be noted explicitly, that this is just quantum encryption on the link level, so the data is secure on the fibre, but apparently needs to be decrypted at the router. So this is a nice application, but simply does not solve most security needs. ( Except protecting against and adversary who is willing to splice into the fibre, if you happen to control all endpoints and the intermediate routers.)
Quantum cryptography requires quantum correlation as far as I know. Einstein called it "spooky action at a distance" and there is no mention of it here. I think this is not exactly a scoop, to say the least.
The theconnectivist article doesn't mention it, but the quantum network being discussed is a trusted node network. If two users on the network communicate, the central trusted hubs have access to the plain-text (There would have to be multiple interconnected trusted hubs to overcome distance limitations). Other, far better documented networks of this kind already exist (e.g. SECOQ).
Trusted node networks are a viable option for corporations. Indeed, several European banks are already using IDQuantique turnkey systems, as mentioned in the article. These networks are not viable for private individuals, especially those who are not comfortable with entrusting their plaintext to the operator(s) of the trusted nodes.
There are ways to build quantum repeater networks that do not require the use of trusted nodes, but these remain experimental because some of the underlying technologies needed to overcome distance limitations in such networks (e.g. Quantum memories) are still in their infancy. The quantum smart cards in this article do not even attempt to address this.
Corporations interested in building a private trusted node quantum network similar to IDQuantique's offerings may want to look into these quantum smart cards. They are wildly inappropriate for civilian use however. Even plugging in directly to your local bank would require you to have a direct fiber link to a node under the control of that bank. This would be prohibitively expensive.
Read the arXiv paper: it's quite short and not very technical. The BB84 protocol used is described in a lower comment by 'harshreality. It is secure against any purely classical attacker; Preskill and Shor give a (highly involved) proof of security here:
LANL probably thinks this is infeasible at the moment -- with good reason: quantum computing equipment is extraordinarily difficult to obtain or produce, and so it would be very hard indeed to carry out such an attack in secret. There are approaches to dispelling quantum MitM, such as a paper I've posted below.
I was just thinking yesterday that this may be a foregone conclusion after thinking about the state of military and intelligence technology (along with some other insights). I doubt this is bullshit. Wish I could have done some investing to take advantage of it somehow.
25 comments
[ 3.8 ms ] story [ 68.0 ms ] threadit's a star (radial) topology, with quantum links outwards only, which is enough to distribute keys. end nodes only need quantum receivers so it's cheaper than bi-directional systems.
See http://www.youtube.com/watch?v=UVzRbU6y7Ks for the quantum key exchange protocol. The protocol doesn't need a quantum back-channel. What has been "declassified" about this approach?
Whenever you purchase something online and you hit the ‘buy’ button and your computer seems to buffer, taking its sweet time to present you with the order confirmation page and you begin to doubt that the order went through successfully, “that’s because of the cryptography,” says Hughes. It takes time to create a secure line to transmit sensitive information, like your card number, between your laptop, eBay, and your bank. But “in our case that just wouldn’t happen,” says Hughes, “in principle [our invention] could speed up the Internet.”
Bad journalism. That quote is probably taken way out of context. Website delays usually have very little to do with cryptography, and everything to do with the web apps and backend databases or credit card processors being slow to process orders. The slow part of SSL encryption (key exchange) isn't that slow, and is probably already done before you submit an order, if the site uses a ssl session cache.
And bad comment :-/
Nothing personal, this is intended as constructive criticism.
You completely ignore the main point of the article, and come quibbling about an unrelated detail.
This kind of comment often ends up at the top of the comment thread and obscures the comments that discuss the subject matter.
Your point is rather obvious, and I suppose that you end up being upvoted by folks not knowledgeable enough to discuss TFA, but feel validated by the fact that they also spotted the error.
The article is about quantum cryptography. The author gives credit card processing as a layman example of encrypted communication, and states, erroneously, that the connection process is slow because of the SSL handshake.
It is true that SSL increases latency, but it is not the main factor, as harshreality said.
However, the example is an aside, and the error is a small aside in the aside. Not really worth discussing, and it definitely doesn't have its place at the top of the thread, where it was when I first posted. It is still currently the second comment.
Note that harshreality improved his post after the fact... or did I miss the good bits when I first read it? Hoist with my own petard? If so, sincere appologies.
2. Quantum nondemolition measurements have been used to detect macroscopic objects with a vanishing probability of interaction. There is a good chance the approach can be adapted to detect photons, breaking quantum crypto.
Basically, quantum crypto is at best snake oil and probably worthless.
False. See e.g. "Quantum protocols for the millionaire problem are trivial", He 2012
http://arxiv.org/pdf/1207.6739
> Quantum nondemolition measurements have been used to detect macroscopic objects with a vanishing probability of interaction. There is a good chance the approach can be adapted to detect photons.
Interaction-free measurement has certainly been demonstrated, but it doesn't do what you think it does. It is provably impossible to measure a state without forcing it to be expressed in the basis of measurement, but this is not the same thing as interaction. I.e. if you measure the position of a particle, you will always find it has a definite position, but you cannot find that it was previously in a state without a definite position. See:
http://en.wikipedia.org/wiki/Elitzur-Vaidman_bomb_tester
The main point of quantum crypto deployments (at least now) is to protect against future offline attacks (possibly using quantum computer). So in practice, I don't believe these authentication schemes are deployed.
[1]https://wiki.cc.gatech.edu/theory/images/9/9e/Lec11.pdf
Not so sure about this one. As long as you have humans in charge, episodes like the Edward Snowden affair will continue to occur.
Trusted node networks are a viable option for corporations. Indeed, several European banks are already using IDQuantique turnkey systems, as mentioned in the article. These networks are not viable for private individuals, especially those who are not comfortable with entrusting their plaintext to the operator(s) of the trusted nodes.
There are ways to build quantum repeater networks that do not require the use of trusted nodes, but these remain experimental because some of the underlying technologies needed to overcome distance limitations in such networks (e.g. Quantum memories) are still in their infancy. The quantum smart cards in this article do not even attempt to address this.
Corporations interested in building a private trusted node quantum network similar to IDQuantique's offerings may want to look into these quantum smart cards. They are wildly inappropriate for civilian use however. Even plugging in directly to your local bank would require you to have a direct fiber link to a node under the control of that bank. This would be prohibitively expensive.
https://news.ycombinator.com/item?id=5661576
http://arxiv.org/abs/1305.0305?utm_source=feedly
Read the arXiv paper: it's quite short and not very technical. The BB84 protocol used is described in a lower comment by 'harshreality. It is secure against any purely classical attacker; Preskill and Shor give a (highly involved) proof of security here:
http://arxiv.org/pdf/quant-ph/0003004
However, the BB84 protocol used is susceptible in its original form to quantum man-in-the-middle attacks, eg:
http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=523467...
LANL probably thinks this is infeasible at the moment -- with good reason: quantum computing equipment is extraordinarily difficult to obtain or produce, and so it would be very hard indeed to carry out such an attack in secret. There are approaches to dispelling quantum MitM, such as a paper I've posted below.