Pages

Wednesday, November 21, 2012

New quantum crypto work

Some new quantum crypto research was announced: Quantum Cryptography Conquers Noise Problem, and Quantum Cryptography At The End Of Your Road.

None of this has any practical utility. The whole subject is based on misunderstandings of both cryptography and quantum mechanics.

Update: John Markoff of the NY Times reports:
Scientists at Toshiba and Cambridge University have perfected a technique that offers a less expensive way to ensure the security of the high-speed fiber optic cables that are the backbone of the modern Internet.

The research, which will be published Tuesday in the science journal Physical Review X, describes a technique for making infinitesimally short time measurements needed to capture pulses of quantum light hidden in streams of billions of photons transmitted each second in data networks. Scientists used an advanced photodetector to extract weak photons from the torrents of light pulses carried by fiber optic cables, making it possible to safely distribute secret keys necessary to scramble data over distances up to 56 miles.

Such data scrambling systems will most likely be used first for government communications systems for national security. But they will also be valuable for protecting financial data and ultimately all information transmitted over the Internet.
No, there is no value in using this technology for the internet. (I do not capitalize "internet" because it is a generic term, not a trademark or brand name.)
The approach is based on quantum physics, which offers the ability to exchange information in a way that the act of eavesdropping on the communication would be immediately apparent. The achievement requires the ability to reliably measure a remarkably small window of time to capture a pulse of light, in this case lasting just 50 picoseconds — the time it takes light to travel 15 millimeters.

The secure exchange of encryption keys used to scramble and unscramble data is one of the most vexing aspects of modern cryptography.

Public key cryptography uses a key that is publicly distributed and a related secret key that is held privately, allowing two people who have never met physically to securely exchange information. But such systems have a number of vulnerabilities, including potentially to computers powerful enough to decode data protected by mathematical formulas.
This is confused. Quantum key distribution is no substitute for public key cryptography because public key cryptography allows messages to be signed and authenticated.
If it is possible to reliably exchange secret keys, it is possible to use an encryption system known as a one-time pad, one of the most secure forms. Several commercially available quantum key distribution systems exist, but they rely on the necessity of transmitting the quantum key separately from communication data, frequently in a separate optical fiber, according to Andrew J. Shields, one of the authors of the paper and the assistant managing director for Toshiba Research Europe. This adds cost and complexity to the cryptography systems used to protect the high-speed information that flows over fiber optic networks.

Weaving quantum information into conventional networking data will lower the cost and simplify the task of coding and decoding the data, making quantum key distribution systems more attractive for commercial data networks, the authors said.
Again, this is badly confused. A one-time pad requires a secret key as long as the message. The whole point of using secret keys is to have keys much shorter than the message. It is only secure in a technical mathematical sense, but not secure in the ordinary sense of the word because it has no way of detecting data corruption errors. So no one ever uses a one-time pad, even if they can reliably exchange secret keys.

Markoff is a smart guy who has been covering cryptology issues for many years, but he has been conned with this story.

Update: As of Friday Nov. 23, this Markoff article is the most emailed article on the NY Times site. That is what happens when research is overhyped.

No comments:

Post a Comment