Quantum Theory and Encryption

Members of this forum may be interested in a “quantum leap" in encryption technology by MagiQ Technologies, as described by the Wall Street Journal (May 5th, 2009):

Source: Science, Spirituality, and Some Mismatched Socks

And…

Source: Scientific American 50 Award

 

I had seen this a few mos. back and was impressed. It is the next big thing in cryptography IMO.

There have also been breakthroughs recently in prime number characterization that will improve key strength as well (cf. http://www.physorg.com/news160994102.html, http://www.madsci.org/posts/archives/1998-05/893442660.Cs.r.html, and http://www.sciencenews.org/view/generic/id/36979/title/Largest_known_prime_number_found).

 

Yes and no. While the quantum crypto is cool, it's kind of useless. The weakest part of the cryptography is not it's algorithm or its transmission, but it's implementation. Poorly implemented cryptography that is transmitted by quantum is just as insecure as poorly implemented cryptography that is transmitted electronically.

 

Other companies pursuing “quantum cryptography” include id Quantique and SmartQuantum.

A good overview article on this fascinating topic is Key to the quantum industry, for those who may be interested.

Of course, as noted by SteveTX, it’s essential that the “basics” of cryptography—the implementation—be done properly. In the absence of a solid foundation, it seems reasonable to question the strength of any cryptographic solution.

 

True.
Also, IMO, it would be easier and more effective to think a new mathematical encryption alghoritm (maybe with longer key) when computer power will be available to crack the keys we are using at this point. We have long experience on Mathematics, not so long on quantum physics.

 

Markoman, as I understand it, “quantum cryptography” isn’t primarily about enhancing the strength of encryption per se through a new algorithm, but is about enabling the secure exchange of keys – a critical issue that isn’t addressed by increasing the size of a key (i.e., the foucs is "data in transit" rather than "data at rest").

By the way, concerning key size recommendations, this article may be of interest. RSA believes that a 2048 bit key is secure through the year 2030, after which it recommends a 3072 bit key length.

The area of “quantum cryptography” seems to be in a nascent condition at present. It will be interesting to see what develops in this realm in the future.

What else is on the horizon for enhancements in the field of encryption?

 

For example,I send my traditional "poor" encrypted password 123 through electronic wire. A hacker get the text "123". But the real password is 102030. What if the wire is hacked? That's what we call encryption.

We've read a lot and know that we don't need more encryption methods but a better implementation. Or maybe they just look far far away?

 

Well, while this is theoretically a very interesting technology, though the quantum part is not actually cryptography at all, you don't generate a key on one side and transfer is to the other side, but rather the same key is created on booth sides.

This works using entangled photons, that means that you have 2 photons and you know the sum of their properties at the time of their creation, but you don't know witch one got what Property until you measure one of them.
That happens on each side of the connection. When one side Measures the Spin State of the received photon it knows what the other side will measure, and as far as we know the photon state is not fix until it gets measured, so the key information is not present while the photon is on its way only when it arrives.

And Quantum physics tels that you cant clone a qbit so a Attacker cant get a copy of the quantum state to measure, and obviusly when he messure the real one he destroys it.

This has some weaknesses like a man in the middle attack, what needs additional authentication (like a shared secret or some other classical cryptography), otherwise the 2 sides cant tell is there is someone in the Middle intercepting decoding and re encoding (using an own entangled photon source) the stream.

Also when the eavesdropper get hold on the informations in witch bases the measurement is supposed to be done (that info is transited over a classical channel) he can get the right key and send prepared "faked" photons that already have a defined state.
Howe ever for this there is a simple solution the 2 legit sides makes first their measurements using on boot sides random bases and than classically communicate what bases ware used and use only this measurements where booth head chosen the same bases.

Assuming you can be sure of your authentication, like always using the last key in the previews Session to authenticate the new one and initialize this on the production side where no man in the middle can be (like connecting box 1 to box 2 with a cable and have a lawyer watching), you can be pretty sure that no one will ever get his hands on the key.

But nevertheless that terribly complicated system and well it obviously requires the 2 participants to have a direct fiber link connection, for big corporations/data centers/banks/the army thats feasible and since this kind of people have to be borderline paranoid nothing can be to secure no mater how much it costs.
But for Consumers and smaller organizations thats total overkill and most likely terribly hard to implement, you would need a kind of fiber connection at hone that you can connect optically to any other connection of someone you want to talk securely to.
I believe such kind of optical crossbar switches can be developed but I seriously doubt that this will be something that will ever find its way into the general use.
Its simply to much overkill and suffering from the authentication problem that has to be solved classicaly (unless you are going to take your crypto box and wisit everyone you want to talk to first in persno in order to establish a initial key exchange.).

You can create very good keys using classical methods like PK cryptography or DH, and hell just start using 10kbit long keys.

 

DavidXanatos, a few comments...

SmartQuantum summarizes it this way: “In other words ‘quantum cryptography’ should be read as ‘quantum’ for the key sharing process, and ‘cryptography’ for the encryption process. Actual encryption belongs to classical symmetric algorithms.”

SmartQuantum has a different viewpoint: “The major feature of the QKD {Quantum Key Distribution} is therefore the fact that the use of such a technology prevents any risk of interception of the shared secret on the optical link.”

 

Interesting. The left and the upper mid picture of the homepage is the main problem.

Think so.

 

Well that applies only to attempts of a passive interception of the communication, you confuse a eavesdrop attack with a man in the middle attack.

While the later is only an passive interception of data, the later means that there is some one in the middle that says to side 1 that he is side 2 and to side 2 that he is side 1 he establishes 2 independent quantum links and there is no way in nature that 1 can know that it is not talking to 2 but to the attacker, or vice versa.
To solve this problem you need some classical means of authenticating the 2 participating sides.
I described one way how such an authentication can be performed with as less classical crypto as possible, but its only applicable in dedicated point to point connections where you initialize booth boxes onside and than transport the to the 2 locations.

 

DavidXanatos, you’re right: “Quantum cryptography protocols typically authenticate part or all of their classical communication with an unconditionally secure authentication scheme (e.g. Wegman-Carter authentication)” (see here).

 

One should take what journalists write about quantum mechanics with a pinch of salt, even in Scientific American, especially if they write:

"According to the Heisenberg uncertainty principle, if an eavesdropper attempted to observe the photons, that act would alter the key, making it impossible to steal."

The journalist here seems to have confused two ideas. As David Xanatos correctly says, quantum encryption actually relies on "entangled" quantum states, which were originally called "non-separable" states by Einstein, Podolsky & Rosen in 1935. (They showed that the quantum states of a composite system are, in general, non-separable, which means that they cannot be represented by a direct product of states for the individual components. Hence, the quantum states of the individual components do not represent separate "elements of physical reality".)

Strange though it is from an everyday classical viewpoint, non-separability should not be confused with Heisenberg's Uncertainty Principle. The HUP is another strange (but unrelated) idea in quantum mechanics. (It is a consequence of the fact that the Hermitian operators for certain pairs of observalbles, such as position and momentum, do not commute and therefore do not possess a set of simultaneous eigenstates and cannot be measured simultaneously. "Wave-particle duality" is a well-known manifestation of this.)