SoylentNews is people
SoylentNews
from the coming-to-a-credit-card-near-you dept.
Up until now, QKD (Quantum Key Distribution) required devices the size of a refrigerator or larger. Now researchers have developed a QKD chip a mere 3 millimeters in size.
So why is QKD so important? Right now, when we encrypt data we generally use passwords or biometric data, which can be hacked or leaked.
Quantum technology, however, allows us to encrypt the key within the message. Only the person with the exact same key as the one inside the message can open it.
"It is like sending a secured letter," says physicist Kwek Leong Chuan, from Nanyang Technological University (NTU) in Singapore. "Imagine that the person who wrote the letter locked the message in an envelope with its key also inside it. The recipient needs the same key to open it."
The applications for QKD such as something that can be worn on your wrist or in a smartphone are significant in commerce, security, and next generation communications. Additionally, the new solution
developed by the scientists at NTU should be relatively easy and cheap to produce, as it uses standard industry materials like silicon, that are already widely used in computer manufacturing.
Certainly easier than carrying around a refrigerator.
Journal Reference
Zhang, G., Haw, J.Y., Cai, H. et al. An integrated silicon photonic chip platform for continuous-variable quantum key distribution.[$] Nat. Photonics (2019) doi:10.1038/s41566-019-0504-5
(Score: 4, Insightful) by exaeta on Monday November 04 2019, @03:53PM (8 children)
The Government is a Bird
(Score: 2) by exaeta on Monday November 04 2019, @07:33PM
The Government is a Bird
(Score: 4, Informative) by FatPhil on Monday November 04 2019, @10:40PM (3 children)
Note - this is pure bullshit:
"Quantum technology, however, allows us to encrypt the key within the message. Only the person with the exact same key as the one inside the message can open it."
Once you've distributed the key using the quantum technique, you're free to use any other non-quantum technique, which is typically going to be much faster than any quantum technique. Chose your key length and algorithm to provide you with the security you need.
To repeat for clarity - key exchange and message encryption are separate processes. The key is not "encrypted within the message", and there is no "person with the exact same key" until after you've performed the key exchange.
And they are kinda proved, it's decade-old tech in the real world.
Here's a version you can play around with at home: http://fatphil.org/crypto/QKE.html
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 0) by Anonymous Coward on Friday November 08 2019, @05:41AM (2 children)
(Score: 2) by janrinok on Friday November 08 2019, @09:26AM
(Score: 2) by FatPhil on Monday November 11 2019, @10:38AM
How so? I've been to a course of lectures on the subject and learnt enough from those to ask very tricky questions of the lecturer afterwards. That's not called a "conflict of interest", that's called an "education".
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 3, Insightful) by edIII on Sunday November 10 2019, @02:52AM (2 children)
There is absolutely zero substantive difference between this QKE and the normal Diffie-Hellman variants as far as the "output" is concerned. You can rewrite your statement as, "Normal cryptographic keys are an unproven technology".
All they're talking about is the exchange of keys, NOT the methods of encryption. It is in fact as robust as normal cryptography is, in so far as encryption itself is concerned.
The only actual difference that QKE provides is theoretically 100% secure channels to perform key exchange with. If you're paying attention, that means it's extremely bandwidth constrained, because it would otherwise communicate the entire message through the secure channel. True Quantum Cryptography isn't cryptographic at all actually, and just a glorified secure channel that theoretically nobody can render "transparent". Real encryption allows the cipher text to be communicated across unsecure channels. 100% secure channels don't require encryption at all.
If QKE is to be described accurately, it's more like a very (theoretically 100%) secure out-of-band channel capable of sending a few bits of data. Adequate enough to exchange traditional keys, and you shouldn't understate the much higher levels of security provided by truly secure key exchange channels. As the failure in encryption is quite often the implementation and key exchange protocols, not the encryption method itself.
As for the proof of Quantum in general, I'm extremely dubious. While it may seem impossible to us know to access the bits, or collapse the wave functions or whatever, I don't believe that the activity itself isn't expressing itself in higher dimensions. Meaning, it's only temporary ignorance protecting quantum telecommunications, which goes by another name; Security Through Obscurity.
If I want something to be really secure, I exchange OTP directly and physically, which has just as much efficacy as QKE without requiring Area 51 super tech.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 2) by exaeta on Sunday November 10 2019, @11:52PM
I've been trying to say that QKE/QKD are the quantum equivalent to diffe hellman, and that it has the weaknesses of diffie hellman (lack of inherit authentication/verification), but the quantum nerds seem to think that quantum encryption magically solves all problems.
I wouldn't have a problem with QKD if they said "this allows us to do a quantum diffe hellman exchange which relies upon physics instead of mathematics to conceal the key", but it seems to be advertised as something much more, as something that will make normal crypto obsolete, which it most certainly will not do. There is no quantum equivalent to asymmetric cryptography, which is the minimum hurdle quantum encryption would need to overcome to be a replacement for classical cryptography.
Even if your QKD is amazing, you inherit the same vulnerabilities of DHE. Namely, if your symmetric cipher is vulnerable it can be possible to recover the key from that. For example, say your symmetric cipher is vulnerable to a known-plaintext attack. It may be possible to recover the key that was exchanged via QKD.
One thing the quantum bullshitters seem to refuse to acknowledge is the difference between a man in the middle attack (which neither QKD nor DHE protect against) and eavesdropping (which they do). By refusing to acknowledge the distinction and convoluting MITM with they are falsely claiming that QKD protects against man in the middle attacks (it doesn't) by claiming that MITM and eavesdropping are equivalent.
QKD offers nothing new over what already exists and is and not newsworthy.
The Government is a Bird
(Score: 2) by exaeta on Monday November 11 2019, @11:49PM
The Government is a Bird
(Score: 3, Informative) by fishybell on Monday November 04 2019, @03:57PM
I needed this, so I'm guessing at least someone else will: Quantum key distribution [wikipedia.org]
(Score: 3, Insightful) by Bot on Monday November 04 2019, @04:00PM (2 children)
we all know the destiny of keys and it is harder to misplace a refrigerator.
Account abandoned.
(Score: 0) by Anonymous Coward on Monday November 04 2019, @04:44PM
I've lost all keys smaller than 2 cm, and these people are talking about 3 mm. completely impractical.
(Score: 2, Funny) by fustakrakich on Monday November 04 2019, @06:24PM
we all know the destiny of keys
Yeah, my couch, forever gone, along with millions of dollars in coins, and a couple of cell phones
La politica e i criminali sono la stessa cosa..
(Score: 3, Informative) by takyon on Monday November 04 2019, @05:07PM
I'm assuming that is 3 mm2. NTU specifies a "3-4 mm" length and it looks about 1 mm wide.
The Apple Watch SoCs [wikipedia.org] look like they are in the ballpark of 30 to 40 mm2 (it looks like it has grown larger as of S4/S5). So that is an additional 10%.
Make it smaller!
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 4, Insightful) by Rosco P. Coltrane on Monday November 04 2019, @05:23PM (22 children)
So, exactly like standard symmetric cryptography then - only the key isn't in the message, cleverly enough.
Yeah? In that analogy, the recipient needs an address a trusted organization (the Postal Services) will deliver the message to, and not to another address. In cryptography, that's called a secure channel - something that removes the need for cryptography in the first place, unless you're exchanging keys with the recipient for further communication over insecure channels.
So unless quantum cryptography can be summed up as a secure channel to exchange symmetric cryptographic keys (hint: it's more than that), the analogy is terrible. And even if it's accurate, it's still terrible, because people don't send keys in envelopes as a secure way to decode a letter in the same envelope.
I wish publications didn't constantly try to dumb down complex problems to football player levels.
(Score: 1, Redundant) by exaeta on Monday November 04 2019, @07:38PM (21 children)
The Government is a Bird
(Score: 0, Disagree) by Anonymous Coward on Monday November 04 2019, @09:47PM (10 children)
It specifically prevents MITM attacks. It is ABSOLUTELY. IMPOSSIBLE. to MITM a QKD system. That's the entire point of QKD. You can't eavesdrop on the key exchange.
(Score: 3, Insightful) by FatPhil on Monday November 04 2019, @10:52PM (8 children)
However, yes, by design the mathematics and hardcore physics makes QKE theoretically impossible to MITM.
Who made your repeaters? Huawei, you say?
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by exaeta on Monday November 11 2019, @12:01AM (7 children)
The Government is a Bird
(Score: 1, Troll) by FatPhil on Monday November 11 2019, @10:34AM (6 children)
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 1, Redundant) by exaeta on Monday November 11 2019, @02:46PM (5 children)
The entire point of cryptography is that you assume your infrastructure is compromised other than 1) your computer and 2) the other party's computer. Let that sink in. Classical crypto works even assuming ALL networking infrastructure is totally and utterly compromised by an adversary. If quantum requires intact infrastructure it is a huge step backwards!
The basic objective of cryptography is that you must be able to guarantee that, given an attacker has complete control of everything inbeweeen you and the other party that either:
1) The message is delivered to the intended recipient and nobody else could read it, OR
2) The message was not delivered, and nobody could read it.
QKD doesn't acomplish this, all it knows is that the message was delivered to *somebody* and you have to use other means to verify who that somebody was. MITM attacks can compromise this sort of connection. Again, there is a parallel between DHE and QKD, but you don't seem to recognize there is a larger security picture in play here and one component like QKD cannot guarantee security of an entire system. QKD is flawed at its heart because, like diffie hellman exchanges, it is a symmetric key exchange function. Symmetric key exchange functions are fundamentally vulnerable to man in the middle attacks even if the implementation is absolutely utterly perfect without any flaws whatsoever. Get this last point through your thick skull. It does not matter how perfect that exchange is, the scope of what it acomplishes is still vulnerable to a MITM attack. This is an inherit category vulnerability to these functions and the scope of what they acomplish and more importantly what they not verify and acomplish. It's an inherit category vulnerability to the system as a whole when you use this class of functions as your sole security measure. If you intend to suggest that QKD provides asymmetric key exchange functionality then please do elaborate exactly how that works.
Saying that QKD is impossible to MITM either shows you are totally ignorant of the scope of what a symmetric key exchange function acomplishes or alternatively you are intentionally decietful and trying to portray QKD as a magic pipe that protects data exchanged through it. I'm hoping it's the former. The guarantees of classic cryptography, when implemented correctly, are far stronger than you appear to comprehend and quantum crypto looks like a laughable toy at the moment. QKD is a joke.
The Government is a Bird
(Score: 1, Troll) by FatPhil on Monday November 11 2019, @08:56PM (4 children)
Wrong.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 1, Redundant) by exaeta on Monday November 11 2019, @11:39PM (3 children)
The Government is a Bird
(Score: 1, Redundant) by FatPhil on Tuesday November 12 2019, @01:10PM (2 children)
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by exaeta on Tuesday November 12 2019, @03:13PM (1 child)
You're the one who doesn't seem to understand the scope of what QKD provides.
Cite: wikipedia.
If you actually understood QKD (I do) you would know that it doesn't protect against a wide variety of attacks, and needs to be augmented with classical cryptography. It's vulnerable to MITM attacks unless you add in other kinds of classical cryptography to protect against them. Per wikipedia, "The main drawback of Quantum Key Distribution is that it usually relies on having an authenticated classical channel of communications.", QKD does NOT provide authentication. That has to be provided by something else. QKD is as vulnerable as your asymmetric encryption channel, it is not impossible to MITM. The asymmetric channel is the ONLY thing preventing a MITM attack against QKD. You don't seem to have a background in cryptography, but you don't seem to understand the scope of the QKD either.
I call QKD bullshit, not because it doesn't work, but because it provides very little that an asymmetric channel doesn't already provide. Tell me, do you actually even know the difference between cryptographic authentication and cryptographic verification? Or between asymmetric and symmetric encryption? It's not readily apparent that you know what you are talking about, since you haven't made a single valid counterpoint, just blind assertions with no reasoning or evidence. YOU are the one misunderstanding QKD and what it is supposedly able to do. I don't think you have the background knowledge about various attacks on cryptographic systems that have developed to be able to intuitively understand the weaknesses about systems like this. I have not at any point challenged the eavesdropping immunity of a QKD exchange, which is what the physics provides. What you seem to lack is the ability to comprehend that this level of secrecy is still vulnerable because you have an oversimplified view of information security.
If you DO understand this subject, care to explain, in a short paragraph, the vulnerability of a Diffie Hellman exchange to a Man In The Middle attacker? Then, explain to me why QKD is NOT vulnerable to the same attack (hint: you wont be able to). If you don't, we can fairly assume you don't have a clue what you are talking about. Impossible is a bold claim, we usually prefer infeasible and support that reasoning with evidence. The burden of proof of security is always on the person claiming a system to be secure; because most of the time, they aren't.
The Government is a Bird
(Score: 1, Troll) by FatPhil on Tuesday November 12 2019, @08:32PM
I suspect you've started to do a bit of reading, as you've started to repeat some of the things I was saying earlier.
You seem to think that QKD attempts to solve problems that it's not been designed to solve, and therefore *those are not weaknesses in the design*. You can keep your straw men, I'm not interested.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by exaeta on Tuesday November 05 2019, @06:14PM
QKD is not impossible to MITM... The fact you think so illustrates your ignorance of security. MITM is not the same as eavesdropping.
QKD is theoretically impossible to eavesdrop on. But how can it be MITM'd? Simple, the attacker does a QKD with you and a separate QKD with the other side, translating messages as needed so it passes validation on both sides.
There is a valid QKD channel between the attacker and another QKD channel with the other party.
This is the exact vulnerability Diffe Hellman Exchanges have and QKD does not solve it. Classical cryptography already solved this issue with something called "public key cryptography".
QKD provides only confidentiality, it has no mechanism to verify the identity of the other side. Let that sink in. Sure, you might have a secure channel, but with who?
Phsyicists with no idea how information security works need to
shut up already about garbage quantum cryptobecome educated about how information security works before touting how amazing quantum is.Sorry if I come off as rude, but you are wrong and need to be corrected.
The Government is a Bird
(Score: 1, Redundant) by FatPhil on Monday November 04 2019, @10:49PM (9 children)
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by exaeta on Tuesday November 05 2019, @06:26PM (8 children)
The Government is a Bird
(Score: 1, Redundant) by FatPhil on Tuesday November 05 2019, @11:02PM (7 children)
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 1, Redundant) by exaeta on Wednesday November 06 2019, @06:33AM (6 children)
Uh... when you initiate the exchage. How do you know you weren't talking to Evil Eve to begin with?
Man in the middle doesn't perturb anything. Man in the middle is a case of identity falsification... imagine for a moment, the other computer was disconnected from the QKD network and the QKD connection was instead plugged into the attacker's computer. The attacker has the same type of QKD device as the intended target... how can you detect this compromise? The hardware is identical and made by the same manufacturer as the intended QKD partner. How do you detect this? Does QKD give you verification of the other party's location?
Bob: I'm Bob, My qkd key is 2ir702o27294.
Eve: I'm Alice, I also verified that key of 2ir702o27294. No eavesdropping detected.
Bob: Okay Alice, I checked your key 2ir702o27294 and I see we establushed an eavesdropping proof quantum connection!
Bob: Log into my account bob@warez.net with password foobar0y2k
Eve: Okay, Bob, here's you bank account information. 3882 3882 1882 8888
Meanwhile:
Eve: I'm Bob, My qkd key is 3988d002028noz
Alice: I'm Alice, I also verified that key of 3988d002028noz. No eavesdropping detected.
Eve: Okay Alice, I checked your key 3988d002028noz and I see we establushed an eavesdropping proof quantum connection!
Eve: Log into my account bob@warez.net with password foobar0y2k
Alice: Okay, Bob, here's you bank account information. 3882 3882 1882 8888
Result: Eve now has Bob's bank account information, despite the quantum tunnel.
The Government is a Bird
(Score: 2, Interesting) by FatPhil on Wednesday November 06 2019, @08:08AM
Clue - that's answered in my prior post.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by janrinok on Friday November 08 2019, @09:33AM (4 children)
Just because you disagree with him doesn't mean that he is trolling. I'm not saying that he is right and you are wrong, but you could at least debate the point without trying to suppress his views. I would suggest that the 'Disagree' moderation is more appropriate in this instance.
(Score: 0) by Anonymous Coward on Friday November 08 2019, @02:56PM (2 children)
(Score: 1, Troll) by janrinok on Friday November 08 2019, @05:54PM (1 child)
If you re-read the post you believe he is trolling in, you will see that he has answered that question.
(Score: 0) by Anonymous Coward on Saturday November 09 2019, @03:50PM
(Score: 2) by exaeta on Monday November 11 2019, @11:44PM
The Government is a Bird
(Score: 2) by HiThere on Monday November 04 2019, @05:25PM
It's all very well for the chip to be small, but if it needs to be submerged in liquid helium to work, it's not going to be very portable.
FWIW, the article doesn't appear to say what operating temperature it needs, merely that it's made of "standard components" like silicon.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.