Does quantum cryptology offer hack-proof security?

Discussion in 'privacy technology' started by ronjor, Sep 9, 2015.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,779
    Location:
    Texas
  2. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    Agreed, the problem is definitely an understanding one. Most people at most have high school physics which at best covers Newtonian physics. Very few people have had education in Quantumn Mechanics and only a smaller subset understand it.

    I have a grad degree in science and pretty good quantumn mechanics knowledge. Even with that I am out of my league understanding it.
     
  3. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,215
    I have studied quantum physics and I'm very well educated and yes the hypothesis is that it is suppose to be hack-proof when it comes to quantum level, but actually I don't believe in hack-proofness even if it's on quantum level when it comes to any machine, instead I'd rather use ultra-paranoid cryptology/cryptography where you can actually store information into the only medium that is 100% safe against hacking-human brain-this is the newest approach-right now it is in experimental stages so we will see in the future.

    Also, many of you don't know that quantum computing can actually bypass and hack through any and every single classic supercomputer including RSA supercomputer-that is suppose to be unhackable, so yes quantum computer could be used to hack you as well.
    However, big thanks to quantum phenomenon called quantum entanglement, there is no way the hacker can hide its own malicious actions of being undetected, when it tries to hack you.
    The point of quantum entanglement is this:
    Every time you are influencing or changing the state of one particle (particle A) in any way the other particle (particle B) no matter how distant any particle is, that particle B will also "feel" and be changed to the state the first particle A has changed into instantly the very first moment the first particle A changed, and that little thing will always allow to anyone to know and be detected when he or she has been attacked in the first place.
     
  4. blainefry

    blainefry Registered Member

    Joined:
    Jan 25, 2014
    Posts:
    165
    1) Nobody understands quantum mechanics.

    2) As one expert says: "Quantum Cryptography: As Awesome As It Is Pointless"


    I'm not sure what you mean "quantum computing can actually bypass and hack through any and every single classic supercomputer." I'm also not sure what an "RSA supercomputer" is, nor have I ever heard any serious person in the security field call anything "unhackable."

    It sounds like you're just talking about the threat to a lot of current (i.e. widely used) encryption schemes posed by the speed of quantum computing. And sure:

    "a quantum computer using something called Shor's algorithm can efficiently factor numbers, breaking RSA. A variant can break Diffie-Hellman and other discrete log-based cryptosystems, including those that use elliptic curves. This could potentially render all modern public-key algorithms insecure."​

    But read the rest of the post:
    NSA Plans for a Post-Quantum World

    Not the least of which is:
     
  5. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    "I think I can safely say that nobody understands quantum mechanics." - Richard Feynman. (ref the quote above)
    In a recent experiment by Ronald Hanson and team at Delft in the Netherlands, they nicely demonstrated entanglement and action-at-a-distance disproving Einstein's interpretation, using Bell's inequality:
    https://www.newscientist.com/articl...roved-real-in-first-loophole-free-experiment/.
    http://arxiv.org/abs/1508.05949
    This experiment apparently shuts down some backdoors that there might have been in using entanglement for cryptography - and, inter alia, demonstrating that Law enforcement is unequal to universal law.
    I thought in any case, attacks on the crypto would happen easier ways, like when it goes electrical (and there are some efforts to keep it optical and coherent for as long as possible). And the usual key exchange problem, rngs and so on.
     
  6. blainefry

    blainefry Registered Member

    Joined:
    Jan 25, 2014
    Posts:
    165
    That's basically the crux of it, hence Schneier's "pointless" comment...

    "Cryptography is the one area of security that we can get right. We already have good encryption algorithms, good authentication algorithms and good key-agreement protocols. Maybe quantum cryptography can make that link stronger, but why would anyone bother? There are far more serious security problems to worry about, and it makes much more sense to spend effort securing those.

    "As I've often said, it's like defending yourself against an approaching attacker by putting a huge stake in the ground. It's useless to argue about whether the stake should be 50 feet tall or 100 feet tall, because either way, the attacker is going to go around it."​

    The crypto is usually already the strongest link in the security chain. It's almost always a waste to bother attacking it directly because there are plenty of other ways for the attacker to get what he wants...therefore it's largely a waste to bother trying to make crypto stronger when you have much more pressing weaknesses to deal with (not only because they are weaker, but because they are more likely to be exploited...because they are weaker.)
     
  7. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    The only push back that I have is that pursuing stronger crypto is still important. Remember that crypto that holds up today may not hold up tomorrow. I like the idea of stronger crypto because I am worrying about the attacks 20 to 30 years from now. Agencies could easily sieze data and wait for attack techniques to improve. I am sure agencies are collecting and storing troves of information waiting until the point where they could decrypt the data.
     
  8. blainefry

    blainefry Registered Member

    Joined:
    Jan 25, 2014
    Posts:
    165
    Just to be clear, no one is arguing that cryptology should stay stagnant. (That wouldn't happen even if you wanted it to, anyway.) The point is it doesn't matter how strong your crypto is if an adversary can get at the information you're hiding anyway.

    That being said, even if that's the argument you want to make ("I am worrying about the attacks 20 to 30 years from now. Agencies could easily sieze data and wait for attack techniques to improve"), then that's still not an argument for quantum crypto...

    "The idea behind quantum crypto is that two people communicating using a quantum channel can be absolutely sure no one is eavesdropping." This has virtually nothing to do with data-at-rest scenarios that you express worry about. In a quantum crypto scheme "the keys are exchanged with photons, but a conventional mathematical algorithm takes over for the actual encryption."

    If your concern is with future cryptanalytic attacks on stored data, quantum cryptography does absolutely nothing to improve on that threat.

    So again, the point still stands:

    "I'm always in favor of security research, and I have enjoyed following the developments in quantum cryptography. But as a product, it has no future. It's not that quantum cryptography might be insecure; it's that cryptography is already sufficiently secure."​

    And just to quash any "but, but!," I'll add the caviat: "cryptography is already sufficiently secure" in the area that quantum crypto would ostensibly improve it. If an adversary can't decode what you're communicating, it doesn't really matter much whether they can eavesdrop on the communication.

    And just as a final note on advancement of computing and supposed threats it brings, we do already have public-key algorithms that are currently secure against a quantum computer. And "quantum computation only speeds up a brute-force keysearch by a factor of a square root, so any symmetric algorithm can be made secure against a quantum computer by doubling the key length." This means AES, Twofish, Serpent and any other popular symmetric cyphers are not in danger from any foreseeable computing advancements. (And of course there has been no cryptanalytic attacks on any of those main three that are even remotely close to being a break, let alone practical.)

    Almost all of this is in the two articles I already linked to.

    So the point is, while quantum crypto is really cool, it's still pretty pointless. There are so many more things that would offer so much more benefit. Off the top of my head, how about a practical scheme for secure distributed computation? Can you imagine being able to have everything encrypted in the cloud, and still perform computations on it? That would be useful.
     
  9. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,215
    It doesn't really matter since quantum computers will not be as that fast as expected and will not have that many qubits as expected plus there are some really serious issues with quantum decoherence that are unsolvable.
     
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    My simple-minded take is that the defense/attack balance in quantum crypto will probably be about the same as with current technology. Consider what happened during the transition from paper to mechanical devices, and then to increasingly capable computers. But of course, defenders using classical crypto will get hosed by attackers using quantum crypto.
     
  11. blainefry

    blainefry Registered Member

    Joined:
    Jan 25, 2014
    Posts:
    165
    Why wouldn't they? And are you suggesting they wouldn't be able to efficiently factor numbers? What is your evidence of this?

    How do you attack someone by using crypto?
     
  12. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,215
    The computational power of classical computers is limited with the same uncertainty principle, like the power of quantum ones. The quantum computers are fast but fuzzy - for to achieve the 32/64 bit precision of classical computers you should repeat their calculations a billion-times, which would wipe their advantage in speed. This theorem has been already proved for throughput quantum communication and the quantum processing is just a subset of quantum communication. The quantum computers are similar silly hype enforced with theorists, like the string theory. Their common problem isn't they cannot work at all, but that they cannot work better than existing approaches.
    http://phys.org/news/2013-01-quantum-strategies-capacity-optical-channels.html

    http://www.cs.virginia.edu/~robins/The_Limits_of_Quantum_Computers.pdf

    The problem with optics is that you cannot control light in the ways needed for computing. You cannot make light turn corners for example without loosing its energy, hence loss of data. That research while in full swing is way behind any transpiration by 2020.
    And yes, heat is a major issue in current silicon transistor Integrated Circuits (IC) microchips that is contributing to the obsolescence of Moore's Law and current chip technologies.
    Super-conductivity on room temperature without any cooling is the solution for all of major heat issues:
    http://www.sciencealert.com/physicists-achieve-superconductivity-at-room-temperature
    http://www.gizmag.com/record-high-temperature-superconductor/39056/

    However, there are no solutions yet as everyone would expect it.
    http://www.researchgate.net/post/Room_temperature_superconductivity_was_finally_achieved
    ...pressure...750 K bar..., 11 million PSI..., hey no problem, just call Superman to solve this unsolvable problem...
    Bummer, so near, yet sooo far away. Too much like nuclear fusion.
    That's all good stuff, but it sounds a lot like "EVERfund" my career to me. Have you ever wondered why the solution is ALWAYS 30 years away?
     
  13. blainefry

    blainefry Registered Member

    Joined:
    Jan 25, 2014
    Posts:
    165
    I'm still not sure what the overall point of all that is. Again, are you suggesting that quantum computers are impossible, or that quantum computing wouldn't provide benefits over current modes? Or that such machines wouldn't be able to say, factor numbers?

    As far as the "ALWAYS 30 years away" claim, no, I've never wondered that because I haven't known that to be the case. I don't recall anyone saying "30 years away" back in the 80s, and in 2012 some researchers suggested "5 to 10 years" away, and Snowden documents reveal the NSA is worried enough about advances in the technology to start transitioning away from algorithms that are vulnerable to a quantum computer...to which at least one expert (Schneier) responds: "Does this mean that they envision practical quantum computers sooner than my 30-to-40-year estimate? Certainly."

    He actually comes back later to reiterate:

    "Seems that I need to be clearer: I do not stand by my 30-40-year prediction. The NSA is acting like practical quantum computers will exist long before then, and I am deferring to their expertise."
     
  14. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    They break encryption on your FDE, read your encrypted email, snoop on your encrypted web browsing, SSH, VPNs, etc, etc.
     
  15. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    There are far more venial, and IMO likely interpretations of the NSA investigating an earlier practical implementation of quantum computing. For one thing, the precautionary principal would be sensible in the circumstances, so at least you had thought about contingencies, and could make more informed estimates anyway. And for another, yet another reason for increased budget and empire building. Quantum computing on the Enterprise bridge is just the thing for megalomania.
     
  16. blainefry

    blainefry Registered Member

    Joined:
    Jan 25, 2014
    Posts:
    165
    No I mean literally, you said "defenders using classical crypto will get hosed by attackers using quantum crypto."

    My question is how exactly do you use cryptography to attack someone?
     
  17. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    http://www.merriam-webster.com/dictionary/cryptography

    Attack = Deciphering
     
  18. blainefry

    blainefry Registered Member

    Joined:
    Jan 25, 2014
    Posts:
    165
    I'm pretty sure when they talk about "enciphering and deciphering of messages" and "encoding and decoding of information" they're talking about the expected use of secret messaging, as in Alice enciphers a message and her confederate Bob deciphers it using the proper key so he can determine what she is communicating to him. "Cryptography" is the name for the process of their communication.

    Deciphering that encryption without the key would be cryptanalysis, which makes it really odd that that term would be included as a definition. That implies that they are synonyms...but if anything, those terms would be antonyms, but even that seems to be a stretch because they don't seem like words you could use in the same context anyway.

    I will definitely admit that's a really weird dictionary entry overall. Dictionary.com's seems much more in line with how the term is used (notice the instruction to "compare" cryptanalysis):

    In any case, I'm still curious how quantum crypto can be used in an offensive manner. I was under the impression that the quantum techniques in "quantum cryptography" referred to making communication more secure, not weakening or breaking it.

    Were you just talking about quantum computing this whole time?
     
  19. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    As I understand it, "cryptography" is a field of study that includes "cryptanalysis".

    Quantum computing is just a tool, which can be used for all of it, in one way or another.
     
  20. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    I thought the current focus was getting the things factoring primes with obvious application to cryptography.
     
  21. blainefry

    blainefry Registered Member

    Joined:
    Jan 25, 2014
    Posts:
    165
    Ah no from the way I've seen people in the field talk, "quantum cryptography" refers to using quantum properties to essentially enhance the security of cryptographic communication...not break it. Again I'm not aware of any usage of the term "quantum cryptography" that refers to any sort of "cryptanalysis."

    Quantum computing is simply utilizing quantum-mechanical properties to perform computing operations. This can be applied to cryptography, most notably in factoring numbers, because several popular cryptographic schemes rely on the "factoring problem," and utilizing quantum machines and methods like Shor's algorithm it is theorized that that problem would be "solved" (i.e. the technology would provide a practical way to factor large prime numbers)...thus rendering those popular public-key ciphers insecure.

    But "The only thing quantum computation and quantum cryptography have to do with each other is their first words."

    (also,) "It is also completely different from the NSA's QUANTUM program, which is its code name for a packet-injection system that works directly in the Internet backbone."
     
  22. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Maybe so. Battle of the quantum titans time ;)
     
Loading...