

Zeroing in on unbreakable computer security - netvarun
http://tech.fortune.cnn.com/2013/07/29/from-russia-unbreakable-computer-code/

======
kens
A few years ago researchers found a way to eavesdrop on a commercial
theoretically-secure quantum key distribution system. The trick was to replace
the polarized light pulses with bright pulses that overwhelmed the sensors,
sidestepping the whole quantum business. The point is that even if a system is
theoretically unbreakable, it's only as secure as the implementation, which
may have nonobvious flaws.

References, which explain this much better than I did:
[http://www.vad1.com/lab/full-
eavesdropping-2011/](http://www.vad1.com/lab/full-eavesdropping-2011/)
[http://www.nature.com/ncomms/journal/v2/n6/full/ncomms1348.h...](http://www.nature.com/ncomms/journal/v2/n6/full/ncomms1348.html)

------
Fortaymedia
It starts off saying that it is unbreakable i.e the title, then a little way
through goes onto say that its virtually impossible then towards the end it
mentions that the Americans 'probably' wont be able to break it. It sounds
like its just a exaggerated title to get people to click :/ but the theory
behind quantum encryption is amazing.

------
sirkneeland
If you believe any code is "unbreakable", I've got an "unsinkable" ship to
sell you (may show signs of iceberg damage)

~~~
gcommer
Are you familiar with the one time pad (OTP)?

[http://en.wikipedia.org/wiki/One-time_pad](http://en.wikipedia.org/wiki/One-
time_pad)

As long as the key is securely shared between the two parties, this scheme
provides perfect secrecy, and the proof of this is trivial (check the link).

The main issue (and the reason OTP is very rarely used) is the key
distribution. Quantum communication can solve this however by providing a
channel which can be proven (to an arbitrarily high probability) to have not
been eavesdropped or intercepted. Sadly, this doesn't scale at all, but it
does give us a perfectly secure scheme to build up from.

[http://en.wikipedia.org/wiki/Quantum_key_distribution](http://en.wikipedia.org/wiki/Quantum_key_distribution)

~~~
sirkneeland
"perfect" is a dangerous word. Whether it's someone saying a "perfect" product
or "perfect" society or "perfect" anything, I tend to run in the opposite
direction. What can I say, I'm a digital Burkean..

~~~
gcommer
Philosophically I may agree, but in this case "perfect secrecy" is a
mathematically defined term with a specific definition.

Basically, it is mathematically impossible for any encryption scheme to ever
provide better data secrecy than the OTP, so I think calling it "perfectly
secret" is perfectly alright :)

------
comex
Just an obligatory reminder that as cool as quantum cryptography is, it's very
unlikely that anyone (including NSA) can break today's run-of-the-mill
classical encryption, and an XOR cipher plus a hardware RNG (such as, unless
you're somewhat paranoid, the ones built into modern Intel processors) is
essentially completely unbreakable.

~~~
draz
true, unbreakable now, but probably breakable in a few years.... You store
whatever SIGINT you pick up now, and understand it in a few years. A lot of it
will still be valuable in 5,10, 15 years

~~~
comex
True. But

(a) These quantum links are physical cables that have to be laid between
sites. If you lay your own normal cable rather than using the Internet, you
probably won't be intercepted either. Or...

(b) While shuttling around massive XOR pads on hard drives is probably too
annoying for most individuals, it's quite feasible for the kinds of
organizations that could buy this stuff and a whole lot cheaper, unless they
have enormous quantities of data to transfer; though the scheme can then be
broken by passively copying the pad rather than continuously actively
subverting the quantum link, I'm not sure this makes much difference in
practice.

------
derekp7
A bit off topic, but I noticed that the title that was originally submitted
for this story is the HTML title of the linked article. It was then changed to
the article's <h1> title. When submitting articles to HN, which title is
actually the preferred one to submit?

~~~
AsymetricCom
It doesn't matter, the editors will change it to the one they like.

------
txutxu
I think I've write fun things in this life (in the sense of code to do stuff).
But I can't imagine how the "job" of persons behind all this stuff could be...
mmm...

------
hownottowrite
The CNN Headline is sort of misleading... The International Conference on
Quantum Technologies was held in Moscow, but the company profiled (ID
Quantique) is based in Geneva.

[http://www.idquantique.com/contact-
us.html](http://www.idquantique.com/contact-us.html)

