
Quantum Cryptography Outperformed By Classical Technique - llambda
http://www.technologyreview.com/view/428202/quantum-cryptography-outperformed-by-classical/
======
dhx
After reading through the paper[1] it appears that the only security afforded
is an ability to detect energy fluctuations caused by a MITM attacker? A
public channel is then assumed to exist to allow both parties to broadcast the
monitored energy levels to each other for comparison (evidently over a high
bandwidth link and with low latency). A further assumption appears to be made
that an attacker is unable to perform a MITM attack on the public broadcast
link.

I am naturally sceptical of research of this nature that does not mention:

* practical implementation issues such as the required accuracy of clock synchronisation, required A2D converter parameters, required tolerances for electronic components, etc.

* emanation security/side channel considerations (timing analysis, power analysis and filtering, etc)

* prior work and existing equipment in the space of protected cabling: pressurised cable monitoring, time-domain reflectometry, etc.

[1] <http://arxiv.org/pdf/1206.2534v2>

~~~
electrograv
I didn't read the whole paper and I'm no electrical engineer, but I'm also
quite skeptical that this works. I'd probably believe it if current propagated
infinitely fast, but obviously it doesn't.

My first attempt to tap into a channel with this system would be to tap into
two points at some distance apart, then measure then changes in current at
each point. Since the receiving resistor is flipped randomly and the sending
resistor is flipped with the data, it seems to me intuitively that all you
need to do to crack this is use a bit of basic electromagnetic physics to
derive a formula to extract the data from propagation delays of the effective
resistance experienced by the circuit measured at two distant points. I could
be wrong though.

------
fjorder
First of all, this sort of paper pops up fairly frequently and, so far, none
have stood up to peer review for long. There's probably an error somewhere in
their proof.

Second, long distance communication and scalable networks cannot rely on
direct point-to-point links. You can't build everyone a point to point link
with each other and individual links, even for classical signals, can only
extend for a few hundred kilometers before signal-to-noise drops so far that
any known communication protocol breaks down completely. Yes, commercial
quantum systems built to date do rely on point-to-point links, but quantum
memory and quantum repeater networks (currently enjoying rapid improvement in
research) will allow chained entanglement swapping through untrusted nodes,
allowing quantum crypto to work in network topologies very similar to the
existing internet. The method in the linked paper does not appear to permit
this and would have to rely on trusted nodes at best.

In other words, even if it there isn't an error in their proof, they need to
show that their technology can be expanded beyond trusted-point-to-trusted-
point links in order for it to be of practical use.

------
themenace
If you want truly unbreakable encryption, there's always the one-time pad. In
that case, the unbreakability is guaranteed by mathematics, an even stronger
guarantee than physics.

Certainly, the one-time pad suffers from the need of each pair of parties to
exchange keys beforehand. As far as I can see, the problem is just as bad for
quantum crypto or this thermodynamic crypto because you have to arrange a
fiber optic cable, a laser line of sight, or a copper wire between each pair
who want to communicate.

You can't use quantum crypto or this thermodynamic crypto on the Internet for
example. You need to set up unshared exclusive-use connections between each of
the parties.

If you're going to the trouble of doing that, you might just as well exchange
some terrabyte disks of one-time pad data, and you'll achieve the same (or
greater) guarantee of security.

~~~
yvdriess
Quantum Cryptography is actually Quantum Key Distribution, an algorithm for
securely creating a one-time pad between two peers. The proof that quantum
crypto is unconditionally secure is just Shannon's proof.

The benefit of quantum crypto is that you can basically setup or even stream a
one-time pad over a public network, without having to trust the middle-man.
Another benefit over, say non-linear/chaotic systems is that fibre, line-of-
sight wireless and satellite communication already forms the backbone of our
network infrastructure.

Now only to solve the single-photon detector hardware issues.

------
themenace
While this is good science and I enjoy hearing about it, it needs to be said
that "unbreakable" encryption is a solved problem.

The existing public key plus symmetric key infrastructure, with a sufficiently
long key, achieves "unbreakable" encryption for any practical purpose,
including communications that are a matter of life & death and national
security.

There are many ways to compromise existing crypto through implementation
errors, bugs, or bad key management, but the same caveat would apply to
quantum crypto or this new thermodynamic crypto.

The main unsolved practical problem in crypto is getting it built into every
form of communication to happen automatically and transparently. And that
would happen if people demanded it. So the main problem is a social one:
getting people to care about privacy and secrecy enough that they demand it.

------
measlyweasel
Alice is essentially sending plaintext and bob is encoding it via the random
resistor configurations he chooses. Since the reciever controls the
encryption, as dhx pointed out, you could just act as a man in the middle
reading signals from alice on one circuit and forwarding them to bob on
another, A & B would never be the wiser.

Didn't read the paper yet but it also seems that without having many many
resistors the number of signal states would be pretty low (bob's resistor
count squared, assuming alice only has 2 resistors, i.e. a digital signal)
making it rather trivial to extrapolate the original signal. Would this
essentially rule out using this technique for encrypting a digital signal ?

------
zacharyvoase
This really reminds me of Diffie-Hellman key exchange. Does anyone with a
background in physics know how it might be related (or not)?

------
willvarfar
Reminds me of SIGSALY from WW2: <http://en.wikipedia.org/wiki/SIGSALY>

