
Super-Secure Quantum Cable Hiding in the Holland Tunnel - Trisell
https://www.bloombergquint.com/businessweek/the-super-secure-quantum-cable-hiding-in-the-holland-tunnel#gs.joYx7bDV
======
hannob
"Each key is usually extra-encrypted, but documents disclosed by former
National Security Agency contractor Edward Snowden in 2013 showed that the
U.S. government, which hoovers up most of the world’s internet traffic, can
also break those tougher codes. Exactly how the NSA accomplishes this isn’t
widely known. (One suspicion is that while keys are supposed to be based on
multiplying two random large prime numbers together, many systems use a
relatively small subset of primes, making it much easier for a computer to
guess the key.)"

Sorry, what a load of bullshit...

~~~
fazzone
This sounds like sort of reasonably OK layman's explanation of Weak DH
[https://weakdh.org/](https://weakdh.org/)

~~~
nneonneo
Except that Weak DH only needs one prime - not two. It sounds like the author
conflated RSA with DH somehow. It's _very_ rare for real in-the-wild RSA keys
to share factors (barring stupid errors like Debian's randomization fail).

~~~
gdavisson
Not as rare as it should be (see [https://cryptosense.com/blog/more-weak-rsa-
keys-in-network-d...](https://cryptosense.com/blog/more-weak-rsa-keys-in-
network-devices/)) -- but there are much easier fixes than QKD.

------
nneonneo
> If any of the pulses’ paths are interrupted and they don’t arrive at the
> endpoint at the expected nanosecond, the sender and receiver know their
> communication has been compromised.

This isn't how QKD works - it isn't based on timing or delays. The common BB84
protocol (and the decoy-state modification) are based on the fact that
measuring a photon necessarily changes it. Essentially, it is easy to
distinguish a photon that's been measured twice from a photon that's been
measured once (statistically speaking). Because an eavesdropper would
_necessarily_ have to measure photons in order to extract any useful
information about the communication, their presence can be easily detected.

------
tyfon
"Yet for high-speed transmissions under real-world conditions, the record is
just 60 miles. Farther transmissions require a series of “trusted nodes,”
relays that are themselves vulnerable to hackers or physical tapping. China
uses armed guards to secure the nodes in its 1,240-mile QKD network"

Armed guards at the relays.. I wonder what they are transmitting on that
cable. In any case it seems they take the thread of fiber tapping very
seriously. I bet the US government have similar experiments only they don't
talk about it.

------
comex
I still don’t understand the point of quantum key distribution. It protects
against passive snooping but not against an active man-in-the-middle attack:
thus it gives you no more protection than, say, the Diffie-Hellman exchange
performed at the start of every TLS connection. The main counterargument is
that quantum computers can break Diffie-Hellman, and can do so retroactively
if someone is tapping your communications today and saving them for the
future. But post-quantum public key cryptography exists; admittedly it’s not
as vetted yet as the traditional kind. but it will be soon enough, so even if
there’s some rationale for using QKD today, it’s not the “future-looking”
technology it’s sold as.

And in the meantime, if you really want to guarantee the confidentiality of
your shared secret that badly, you can just physically drive over to the other
organization carrying a copy of it. Inconvenient, but surely less so than
running long fiber-optic cables through tunnels solely for that purpose.

~~~
praseodym
QKD does defend against active man-in-the-middle. Working from the premise
that qubits in general cannot be cloned (the no-cloning theorem), a protocol
can be devised that can detect tempering by an adversary with unlimited
computational power and technological abilities. BB84[1] is such a protocol,
which is also used in commercial QKD products.

Of course it doesn’t defend against attacks on the devices, buildings or
people; these are likely higher ranked risks than crypto attacks for many
organisations.

[1]: [https://en.wikipedia.org/wiki/BB84](https://en.wikipedia.org/wiki/BB84)

~~~
nneonneo
I think OP's point is that no key establishment protocol - quantum or
otherwise - protects against a true "man-in-the-middle" who can simply
negotiate different keys with both parties and transparently decrypt-encrypt
in the middle.

Of course, this isn't what QKD is supposed to solve, anyway. QKD does not
address authentication, only key distribution.

------
vortico
>showed that the U.S. government, which hoovers up most of the world’s
internet traffic, can also break those tougher codes

There's a lot the NSA hasn't broken. Why not just use higher block sizes like
RSA-2048 or large DHE parameters instead of a quantum network?

~~~
SteveNuts
How do you know what the NSA has broken?

~~~
throwawaymath
We don't. In cryptography we generally trade off information theoretic
security for computational security. This means that (more broadly speaking)
we don't usually _know_ what _anyone_ has broken if there's no public proof.

But that also means that, as a research community, we've mostly accepted that
that's okay. Likewise as a heuristic we can generally say the same thing about
any cryptographic algorithm that hasn't been publicly broken. And that means
that evaluating the security of publicly unbroken cryptography by postulating
the hypothetical strength of the NSA isn't very useful.

We know the following based on an examination of history:

1) Most vulnerabilities which compromise confidentiality or authenticity
actually happen in cryptographic _implementations_ or infrastructure code, not
algorithm design;

2) RSA has not been publicly broken. Moreover, we have no research providing a
way to break RSA given current technology (nor even a path forward);

3) Quantum key distribution is extremely immature technology, which trades off
decades of well-studied literature about computational security to pursue
information theoretic assurances.

Quantum key distribution is an extremely overengineered and brittle solution.
That's not to say it isn't technically _cool_...but it's difficult to
reconcile with everything we know about modern cryptography.

------
rb808
> ...fire data in weak pulses of light, each just a little bigger than a
> single photon. If any of the pulses’ paths are interrupted...

We are living in the future already.

------
spiderfarmer
Interesting. Here in The Netherlands there will be a quantum network
connecting Delft, The Hague, Leiden and Amsterdam, but that's largely still a
research project and it won't be up and running before 2020. If QuantumXC has
commercially available tech then they seem to be ahead by a couple of years.

~~~
praseodym
That research quantum network has a different purpose. Quantum key
distribution (QKD) as mentioned in the article has been commercially available
for a number of years now (for example by ID Quantique [1]). These products
rely on having a direct connection, i.e. a single fibre line without repeaters
or other ‘interruptions’. This limits their range to about 100km (20dB
attenuation).

The research network in The Netherlands is more ambitious than that. The
researchers’ goal is to build a true quantum internet, with ‘quantum
repeaters’ that allow connections over longer distances [2]. These quantum
repeaters work on the principe of quantum entanglement generation and
purification to achieve quantum teleportation of qubits to allow end to end
communication [3].

If you’re interested in learning more about this, I can highly recommend the
free edX course by TU Delft and Caltech on quantum cryptography [4].

[1]: [https://www.idquantique.com/quantum-safe-
security/overview/q...](https://www.idquantique.com/quantum-safe-
security/overview/qkd-technology/) [2]: [https://qutech.nl/roadmap/quantum-
internet/](https://qutech.nl/roadmap/quantum-internet/) [3]:
[https://en.m.wikipedia.org/wiki/Quantum_network#Quantum_repe...](https://en.m.wikipedia.org/wiki/Quantum_network#Quantum_repeaters)
[4]: [https://www.edx.org/course/quantum-
cryptography-0](https://www.edx.org/course/quantum-cryptography-0)

------
ryandrake
What I see when I tap the link on mobile:

1\. Huge ad at the top.

2\. Large persistent bar under that telling me I’m on Bloomburg’s Site.

3\. Headline in large bold font.

4\. Author and dateline

5\. Huge blue (sharing?) icon with white dots

6\. Huge persistent bar begging me to log in or subscribe.

7\. Large persistent ad at the bottom.

After much scrolling you can get to the article. The state of mobile web
journalism I guess.

~~~
vortico
Is there an extension that converts news articles to basic HTML and then
allows custom CSS to be applied to it?

~~~
noir_lord
Firefox has reader mode which is fairly configurable and does a good job.

Firefox for Android has it as well, combined with ublock origin it makes
reading long form on a phone pleasant.

------
woodrowbarlow
> fire data in weak pulses of light, each just a little bigger than a single
> photon.

so the stream can't be split because the bits are so small?

~~~
nneonneo
Technically speaking when you turn a laser's power down far enough, you start
adjusting the _probability_ that the laser will emit a photon. Many pulses
will generate zero photons, some will generate one, and a few might generate
two or more. The two or more case is the scary one where an attacker could
siphon off a photon to measure.

------
fastball
Why not just encrypt all traffic e2e?

