
Successful Attack Against a Quantum Cryptography System - soundsop
http://www.schneier.com/blog/archives/2010/09/successful_atta.html
======
beloch
Quantum crypto and classical crypto are both susceptible to faults in
implementation. Big freakin' deal. Here's why Quantum crypto is the future:

If you encode something via any classical crypto system (e.g. RSA) it's
usually based on something that is computationally difficult to crack rather
than something that is impossible to crack. You can usually find somebody
willing to tell you it will somewhere on the order of thousands of years to
crack that message, even assuming Moore's law growing resources. That's utter
crap. In reality, algorithms continually evolve such that encryption
algorithms become insecure in a matter of decades, and that's without
disruptive algorithms/tech. (e.g. Quantum computing will shake things up
bigtime if and when it happens, but 4096 bit RSA will probably be toast long
before that happens.)

Here's where things get scary. Any encrypted message you send today that is
encrypted classically can be archived by an eavesdropper without your
knowledge and cracked at any point in the future. Your credit card info is
going to change before that's likely to happen, but what about your medical
records? If information is going to remain sensitive for decades or more, it's
already idiotic to protect it with classical encryption.

So how is quantum crypto different? Why can't an eavesdropper just archive a
quantum encrypted message and crack it at their leisure the way they can with
a classically encrypted message? The answer boils down to the no-cloning
theorem, which I encourage you to look into if you're interested. To be brief,
quantum crypto algorithms rely on exchanges of quantum states that, if an
eavesdropper attempts to intercept and copy, will introduce errors that will
alert the sender/receiver to the fact that they are being eavesdropped upon.
With quantum crypto, an eavesdropper can obtain no information unless she has
an attack that works at the time the message is sent. The attack mentioned in
the article is no different. This isn't like DES, where the vulnerability
means that all past messages sent can now be trivially cracked. It means that
future messages might be compromised if upgrades are not made, but that's it.

With quantum crypto you only have to worry about attacks that can be made with
existing knowledge and technology, not all attacks that could be made in the
future. If you send a message via quantum crypto and it's safe when you send
it, it will be safe for all time. Not just for a while like with classical
crypto.

Classical encryption is not safe. It's safe for a while. Quantum crypto is
actually safe.

~~~
recampbell
So it sounds like Quantum cryptography is only useful for data being
transmitted between two points, and would not apply to data at rest? Or is
this a false distinction?

~~~
sp332
Yeah, that's true. It depends on entanglement of particles (or photons in this
case, which are definitely never at rest!), which is hard to maintain for more
than a fraction of a second.

Edit: If they ever get this working that might change!
<http://www.physorg.com/news196613216.html>

------
JCThoughtscream
Should be pointed out that it was a hack against the hardware, not the theory.
Hardware vulnerabilities will probably remain the key weakness of quantum
encryption, not that this is necessarily anything new.

~~~
amalcon
You're absolutely correct, but the irony is that the whole point of quantum
encryption is to eliminate certain classes of hardware vulnerability. You
_could_ skip the whole quantum thing and send a conventionally generated key
over a dedicated line (regular fiber or even copper), and you'd be no more
vulnerable except to hardware attacks (cable splicing or other eavesdropping
tricks).

------
Blunt
help me understand Quantum Mechanics. As I've read, with great interest, QM is
a no longer a theory but a provable science that electron spin or rotation is
equally opposite in two different places at the same time? What hardware do we
use to detect electron spin direction and such... Can anyone explain this in
easier terms?

~~~
Estragon

      QM is a no longer a theory but a provable science that 
      electron spin or rotation is equally opposite in two  
      different places at the same time?
    

No, this "superpositioning" aspect of QM is still a completely untested
theory, al beit one which is accepted without question by most contemporary
physicists. It's called the Copenhagen Interpretation. There are other
possibilities, and no empirical basis for distinguishing between them, at this
stage.

~~~
eru
Don't most scientist prefer the many worlds interpretation now?

~~~
sp332
Neither of them is really accepted. Scientists might have a preference toward
one or the other, but so far they both have inconsistencies.

~~~
eru
Both may not be very convincing, depending on your biases. But I found them
consistent (especially the many worlds interpretation). Could you explain?

~~~
sp332
I'm not an expert, but this guy is:
[http://quantummoxie.wordpress.com/2007/04/18/inconsistencies...](http://quantummoxie.wordpress.com/2007/04/18/inconsistencies-
in-the-many-worlds-interpretation-of-quantum-mechanics/)

