back to article Quantum cryptography demo shows no need for ritzy new infrastructure

Telefónica and Huawei have carried out a successful field trial of quantum cryptography on commercial optical networks. Other teams, notably a Toshiba Research and Cambridge University Engineering Department, have made great strides in Quantum Key Distribution (QKD), a technology that promises unprecedented secrecy. While …

  1. Mage Silver badge

    So...

    GCHQ, CIA etc need to monitor inside your ISP.

    Except maybe they do already.

    Then even if you use Signal or Telegram or encrypted email, perhaps the laptop or phone is compromised.

    Wonderful boffinry. Maybe a colo server in a suitable data centre can take advantage of it.

    I like the idea, the devil is in the end to end details. Meanwhile, MS, Google, Facebook, Amazon etc are trying to make encrypted fibre irrelevant for ordinary folk.

    1. Anonymous Coward
      Anonymous Coward

      Re: So...

      I have upvoted... as while interception is detectable, AFAIK, if the QM is not end to end, then anyone can intercept the network stack/computer/router that is not fibre optic, and insert their own replacement service to this.

      If you are certain the photon is travelling from sender to receiver, and not sender to CIA, then down cat 5 to you, then it is "uncrackable". But as soon as you get a delivery method switch (optic to wire, wire to wifi, wifi to PC OS) that is compromised, they could be decoding/encoding and then passing back to you pretend content/communication.

      https://news.netcraft.com/wp-content/uploads/2016/03/mitm-simple.png

      The attacker would have to setup 2 QM connections, one to you, one to the sender, and "know" your setups well enough to not be detectable.

      1. Destroy All Monsters Silver badge

        Re: So...

        But as soon as you get a delivery method switch (optic to wire, wire to wifi, wifi to PC OS) that is compromised, they could be decoding/encoding and then passing back to you pretend content/communication.

        That's true for classical information.

        But you cannot have quantum cryptography that is not "end to end" (expect politicians demanding "non end-to-end quantum cryptography", similar to "decryptable crypto without backdoor" any moment now).

        When transmitting the entangled photon from A to B, when C reads it "in flight", you will know it, as extracting the classical bit midway breaks the entanglement. B will obtain a garbled key, instead of bits out correlated to the bits in, there will be random bits in there. In case not all photons are read - as will be the case in any real-world channel as "bits are read" by anything on the line - you will still get a certain percentage of good bits, some heavy redundancy in the message should be helpful in that case.

  2. Mark 85

    Meanwhile, MS, Google, Facebook, Amazon etc are trying to make encrypted fibre irrelevant for ordinary folk.

    Needs fiber so many, if not most of us in the States will never have access to it.

  3. Anonymous Coward
    Anonymous Coward

    I love the fact that the Americans can't buy in. Because Huawei are on the "dodgy foreign company" list :-)

    1. Claptrap314 Silver badge

      You think that a world dominated by China would be a better place than one dominated by the US? You've got some seriously odd priorities.

  4. Anonymous Coward
    Anonymous Coward

    No mention of a dedicated fibre between endpoints. Interesting.

    1. Christian Berger

      Obviously it needs that

      All those schemes work on dedicated unamplified fibre, and don't even dream about repeaters.

  5. eldakka

    > Any attempt by an eavesdropper to intercept and measure the photons alters their encoding, thanks to fundamental principles of quantum physics. This means that eavesdropping on quantum keys can be detected. Compromised key exchanges can be dropped and the process repeated until a theoretically unbreakable key is exchanged.

    Maybe I don't properly understand quantum encryption (actually, that's a given), but isn't this still susceptible to man in the middle attacks? Intercept the entire key (i.e. break the comms path between sender and recipient), then send the same key that was received. I mean, the sender has to create the key, then encode that onto the photons, then send them for the receiver to read. So there must be a way to encode a known sequence onto the photons in the first place. So just pick up all the photons, read the key, and re-encode the same key onto a new set of photons and send that to the intended recipient.

    1. Philip Mather

      "but isn't this still susceptible to man in the middle attacks?"

      "but isn't this still susceptible to man in the middle attacks?"

      No they shouldn't be, as per wikipedia (https://en.wikipedia.org/wiki/Quantum_network#Trusted_repeaters)

      If you have a Trusted Repeater that repeater will decode your message, if you have a Quantum Repeater then it can't, even though it will be doing error correction to clean and further propagate the signal. I'm a bit vague about whether you would be able to distinguish (from a fundamental point of view) between a remote end point and a TR masquerading as it.

      I can understand how the Quantum Repeater works, broadly speaking, based on my degree but I'm not clear about distinguishing an endpoint from a TR. I get the bit where they start talking about Bell States but nobody seems to address the question of identity, but the easy way of telling would be to communicate with yourself via your ISP i.e. have a transmitter and receiver at your end, establish entanglement between them and then examine their state to make sure they are directly entangled.

      As per wikipedia...

      "A true quantum repeater allows the end to end generation of quantum entanglement, and thus - by using quantum teleportation - the end to end transmission of qubits. In quantum key distribution protocols one can test for such entanglement. This means that when making encryption keys, the sender and receiver are secure even if they do not trust the quantum repeater. Any other application of a quantum internet also requires the end to end transmission of qubits, and thus a quantum repeater."

    2. Andrew Yeomans

      Man-in-the-middle

      > isn't this still susceptible to man in the middle attacks?

      Not on the quantum channel. Check out "BB84". The key is transmitted with random encoding (i.e. with a second random key), the receiver makes a guess on each bit of the encoding. Some time later, that actual second random encoding is sent via a normal non-quantum channel which does not have to be secret. If the guess was wrong, throw away that bit.

      A MITM has no way of knowing that second encoding until it's too late, and so any interception can be detected.

      That's assuming the MITM can't spoof the authentication on that second channel.

      1. DropBear
        Angel

        Re: Man-in-the-middle

        Tried to grasp the basic principles and educate myself (hahaha, isn't he cute...), immediately crashed and burned miserably. Actually, you know the Peter principle, the one that says that in a hierarchy a person tends to raise to his "level of incompetence"? I propose a corollary, stating that any random walk starting out in the "higher spheres" of Wikipedia results in a person rapidly sinking to their level of competence.

        You keep branching off at the second or third unintelligible sentence of each article until you reach a page you can read and understand in its entirety without needing to look up ever-newer (and even more basic) concepts you never heard of - which is how you start at "quantum key distribution" and end up at "plane_(geometry)". Be advised though, only local points of equilibrium exist in this realm - venture far enough away from one you managed to reach, trip on something like "Hesse normal form" (in the same article) and right down the rabbit hole you go again...

        1. Robert Helpmann??
          Paris Hilton

          Re: Man-in-the-middle

          ...right down the rabbit hole you go again...

          I schedule time to do this about once a week. It's a good way to at least pretend to stay up to a certain level of education. It's also handy on trivia nights.

          Icon, because I feel just like that some... er... most days.

        2. amanfromMars 1 Silver badge

          Re: Man-in-the-middle @DropBear

          Welcome to the worlds of NEUKlearer HyperRadioProACTive IT, DropBear, where nothing is real and everything virtualised for Remote Computer Command and Advanced IntelAIgent Control of SCADA Assets.

          And well worth every trip for every drip and drop of information freely shared for Future Processing with Augmented Virtual Realisations ....... although I do suppose you would expect all of that to be said :-)

  6. HmmmYes

    Ill believe Quantum when it runs.

    At the moment, it all sounds like a lot of wank, pitched by researchers for money or bigcos trying to look cool - BT on the list, so's MS.

    1. Dabbb

      I'll believe it when someone demonstrates ability to transfer and measure single entangled pair and not probability distribution of half a billion photons fired in a millisecond, 0.1% of which might be entangled.

    2. Tim 11

      Current crypto is good enough. It's not perfect but it's sufficiently difficult to break that if the powers-that-be want to snoop on you they will resort to other measures (of which there are plenty).

      Quantum crypto will always be so much more difficult to deploy that it will probably never find a real-world application.

      The only people willing and able to pay for it will be high level politicians and military types who will have to rely on a massive hierarchy of underlings to actually implement it, and the attack points will be in that hierarchy of human fallibility not the crypto tech itself.

      1. Claptrap314 Silver badge
        Black Helicopters

        "Current crypto is good enough. It's not perfect but it's sufficiently difficult to break that if the powers-that-be want to snoop on you they will resort to other measures (of which there are plenty)."

        Not really. Encryption is building a wall around some secret that you just have to transmit right now. Some of those secrets have fairly long lifetimes. TLAs can (and do) hold on to intercepted encrypted communications for a substantial amount of time--they more or less lay siege to the secret. When compute power catches up or the algorithm being used is broken...down come the walls.

        Using true one-time keys eliminates this weakness.

        Somewhat ironically, advances in quantum computing are a threat against classical encryption that the big boys are taking seriously enough to drive for this. I'm assuming that their threat assessments are more informed than my own. (But I'll also allow for "non-techincal" issues to affect the assessment.)

  7. SpammFreeEmail

    Qbit measurement without alternation is not a given.

    https://arxiv.org/pdf/quant-ph/0312048.pdf

    and that paper was written 15 years ago.....the world and technology jas moved on since then.

    1. Destroy All Monsters Silver badge

      Re: Qbit measurement without alternation is not a given.

      Quite probably an error in interpreting the experimental outcomes. This happens a lot in QM experimentation.

      This would be extremely physics-shattering if true. Not many people seem to have heard about it. As you said, 15 years have passed (say what?) and the paper is rotting in the arxiv. In thos 15 years, QM has not shown holes, quite the contrary.

      Comment on: "Measuring a Photonic Qubit without Destroying It

      "However, for the protocol to work in true QND (quantum non-demolition) fashion, the signal photon

      should propagate freely after the measurement. This means that the proper fidelity measure of a QND

      protocol cannot be based on the coincidence probabilities P_{sm} alone: Using only coincidence counting necessarily implies destructive photo-detection of the signal mode. This is incompatible with

      the definition of a quantum non-demolition measurement. A proper measurement P_{k0} and P_{0k}, where 0 denotes the absence of a detector count and k \member {H,V}."

  8. Christopher Reeve's Horse

    What about denial of service?

    Forgetting the man i the middle risks for a moment, if every interfered with packet gets dropped automatically, wouldn't attempting to eavesdrop have the side effect of blocking the entire communication?

    1. Jon 37 Silver badge
      Black Helicopters

      Re: What about denial of service?

      To interfere you need access to the fiber. If you have access to the fiber, then a pair of low-tech bolt cutters will work perfectly well to deny service.

      However, either kind of denial of service will be followed by the relevant security people driving (or flying) along the fiber route, and finding the problem. If you hang around, you would get into trouble.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like