Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Tuesday October 03 2017, @08:47PM   Printer-friendly
from the yes-and-no dept.

Hackers, take notice: Ultrasecure quantum video chats are now possible across the globe.

In a demonstration of the world's first intercontinental quantum link, scientists held a long-distance videoconference on September 29 between Austria and China. To secure the communication, a Chinese satellite distributed a quantum key, a secret string of numbers used to encrypt the video transmission so that no one could eavesdrop on the conversation. In the call, chemist Chunli Bai, president of the Chinese Academy of Sciences in Beijing, spoke with quantum physicist Anton Zeilinger, president of the Austrian Academy of Sciences in Vienna.

"It's a huge achievement," says quantum physicist Thomas Jennewein of the University of Waterloo in Canada, who was not involved with the project. "It's a major step to show that this approach could be viable."

I can't wait to use this!


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Informative) by takyon on Tuesday October 03 2017, @09:11PM (17 children)

    by takyon (881) <reversethis-{gro ... s} {ta} {noykat}> on Tuesday October 03 2017, @09:11PM (#576778) Journal

    You're right. It's quantum key distribution [wikipedia.org].

    --
    [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
    Starting Score:    1  point
    Moderation   +4  
       Informative=4, Total=4
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 3, Interesting) by edIII on Tuesday October 03 2017, @10:23PM (15 children)

    by edIII (791) on Tuesday October 03 2017, @10:23PM (#576820)

    Is it?

    Why is the satellite involved? That would seem to be three parties, not two. It also says distribution which implies to me that the satellite has a copy of the key. Not exactly the perfectly secure communication that quantum promises. That key is possessed by the Chinese government, unless they meant to say "transmit". Which again, if it was transmitted in a quantum fashion, why the need for the satellite?

    I'm not so sure it is quantum, maybe quantum-containing, or quasi-quantum. Still, it is a much better key distribution mechanism and can lead toward secure communications. Bandwidth is still heavily restricted, but if all you used it for was an "out-of-band" channel for key distribution the load would be much lighter.

    Really, since this was just key distribution, you can mimic it on Earth without the expensive satellites. Just use a lead lined sleeve and send pages of QR codes that contain the key. Or even better, take a 10TB drive and fill it with high entropy random noise. Ship it be secured carrier (guy handcuffed to a briefcase) to other side and use OTP. I still prefer OTP since that is provably unbreakable, and quantum is thought to be unbreakable if we could achieve it. Still don't think we are at quantum yet.

    I certainly don't think it's beyond the ability of the Chinese government to intercept and manage.

    --
    Technically, lunchtime is at any moment. It's just a wave function.
    • (Score: 4, Informative) by wonkey_monkey on Tuesday October 03 2017, @10:41PM (2 children)

      by wonkey_monkey (279) on Tuesday October 03 2017, @10:41PM (#576823) Homepage

      The satellite doesn't have a copy of the key. It transmits the photons which are measured by the recipients, and then in their comparison of their measurements (communicated classically and unencrypted) they decide which measurements they will use to make the key.

      I'm not sure how or if you can get around the possibility that the satellite could transmit photons it has already measured, and could therefore reconstruct the key if it also had the comparison communications.

      That said, it's still only two parties if one of the parties owns, and can be confident in the security of, the satellite.

      Which again, if it was transmitted in a quantum fashion, why the need for the satellite?

      There's no such thing as "transmit[ting] in a quantum fashion."

      As to why a satellite, that's because...

      ...fibre optics and the atmosphere both cause scattering which destroys the entangled state, and this limits the distance over which QKD can be carried out. Sending the keys [should say photons, really] from an orbiting satellite results in less scattering, which allows QKD to be performed over much greater distances.

      --
      systemd is Roko's Basilisk
      • (Score: 1, Informative) by Anonymous Coward on Wednesday October 04 2017, @08:42AM (1 child)

        by Anonymous Coward on Wednesday October 04 2017, @08:42AM (#576950)

        I'm not sure how or if you can get around the possibility that the satellite could transmit photons it has already measured

        On the if: Yes, definitely. That's the whole point of quantum key distribution.

        On the how: There are basically two different methods. Method 1 is that you rely on the inability of measuring an unknown quantum state without changing it. So if someone tries to find out the state, he'll necessarily change it, and that change will be detectable.

        Method 2 uses entangled photons, and basically the key is generated non-locally at both end points. Here the key is never actually transmitted, and monogamy of entanglement ensures that no third party can be also entangled with the sender's half of the entangled pair, as that would break entanglement between sender and receiver. Entanglement (actually non-locality, which for noisy states is a stricter condition) can be tested by verifying that the Bell inequality is violated.

        • (Score: 2) by wonkey_monkey on Wednesday October 04 2017, @08:00PM

          by wonkey_monkey (279) on Wednesday October 04 2017, @08:00PM (#577148) Homepage

          On the if: Yes, definitely. That's the whole point of quantum key distribution.

          I think I see it... the satellite could pre-set the spins of the photons it sends out, but only along one axis. If the ground stations happen to both use the other axis, the spins won't be correlated and they'll realise this when they come to construct their key.

          Is that right?

          --
          systemd is Roko's Basilisk
    • (Score: 2) by JoeMerchant on Tuesday October 03 2017, @10:49PM (2 children)

      by JoeMerchant (3937) on Tuesday October 03 2017, @10:49PM (#576827)

      OTP is _the_ answer as far as I am concerned, where you get that OTP should be as unique and obscure as possible.

      --
      🌻🌻 [google.com]
      • (Score: 0) by Anonymous Coward on Wednesday October 04 2017, @09:15AM (1 child)

        by Anonymous Coward on Wednesday October 04 2017, @09:15AM (#576953)

        And entanglement-based quantum key distribution is non-local OTP generation (well, OK, whether you actually use your shared non-locally generated random data as OTP or as key for other classical cryptographic algorithms is up to you; I suspect the key generation rate of the satellite photons is not large enough for a video stream OTP, so I guess in that case they used another encryption method, or maybe "diluted" the QKD using a PRNG, similar to how /dev/urandom "dilutes" the entropy collected in /dev/random).

        Basically, QKD eliminates the one weakness of OTP: You have to somehow transmit the key (where "written on a CD and carried in a suitcase" is also just one way of transmission), and if anyone manages to intercept that transmission (get hold of the CD to make a copy), he can read the message encrypted with it. With entanglement-based QKD, the key is never transmitted. What is transmitted is entangled states (which are no secret; everyone knows what they look like). Both ends can verify that the states they get are indeed entangled (by measuring Bell inequality violations). And they can use them to non-locally generate the key.

        There's one loophole: AFAICT you cannot use the very same pairs you checked entanglement on to also generate the key (because the check requires communication of measurement results, while those results you use for the key should of course not be transmitted). But exploiting that would require the eavesdropper to know in advance which pairs you use for Bell tests, and which for actual key generation.

        • (Score: 2) by wonkey_monkey on Wednesday October 04 2017, @08:54PM

          by wonkey_monkey (279) on Wednesday October 04 2017, @08:54PM (#577176) Homepage

          There's one loophole: AFAICT you cannot use the very same pairs you checked entanglement on to also generate the key (because the check requires communication of measurement results, while those results you use for the key should of course not be transmitted). But exploiting that would require the eavesdropper to know in advance which pairs you use for Bell tests, and which for actual key generation.

          Doesn't simply checking whether the key ultimately works - encrypt and send something - tell you whether or not entanglement was uncompromised?

          --
          systemd is Roko's Basilisk
    • (Score: 3, Informative) by takyon on Tuesday October 03 2017, @10:55PM

      by takyon (881) <reversethis-{gro ... s} {ta} {noykat}> on Tuesday October 03 2017, @10:55PM (#576834) Journal

      The use of the satellite relates to how far China can transmit quantum information.

      China's Quantum Communications Satellite Beats Record [soylentnews.org]

      It's pretty convenient to be able to do it with a satellite.

      --
      [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
    • (Score: 2) by frojack on Tuesday October 03 2017, @11:15PM (6 children)

      by frojack (1554) on Tuesday October 03 2017, @11:15PM (#576842) Journal

      Still, it is a much better key distribution mechanism and can lead toward secure communications.

      Why, after poking holes in the distribution method, do you suddenly change your tune?

      I really see nothing new here other than they sent the key by satellite and assumed it to be safe, because: sciencie stuff.
      Still can't beat a onetime pad.

      --
      No, you are mistaken. I've always had this sig.
      • (Score: 2) by takyon on Tuesday October 03 2017, @11:31PM (2 children)

        by takyon (881) <reversethis-{gro ... s} {ta} {noykat}> on Tuesday October 03 2017, @11:31PM (#576846) Journal

        It's better than a one-time pad because it should also be unbreakable if done right [wikipedia.org], but doesn't have the practical issues [wikipedia.org] of the one-time pad.

        --
        [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
        • (Score: 3, Informative) by edIII on Wednesday October 04 2017, @12:43AM (1 child)

          by edIII (791) on Wednesday October 04 2017, @12:43AM (#576868)

          You need to slow down there a little :)

          QKD is not quantum encryption, of which I know of no at-rest quantum encryption anywhere for that matter. So only the key distribution method is quantum, of which they say as much in the article and state that it isn't unbreakable. Furthermore, even in fully quantum based communications, the streamed content is plain text not cypher text. The security is established by more or less knowing that the link is being eavesdropped on so that you can stop transmitting plain text. Quantum is never unbreakable, it's just a plain text conversation snapping shut the instance you open the door to the room so speak. Similar to the refrigerator light paradox. Is it on? :)

          In the end, you are still using conventional non-quantum encryption algorithms. None of those have been proven to be unbreakable like OTP has. This QKD cannot be better than OTP, if it requires to OTP to work. It's QKD-OTP.

          I'm with Frojack on the "sciency stuff". You might not be able to measure something without changing it, but is that really the sum totality of the attack vector? I remember reading something interesting in a science article some time back where dimensionally speaking information was leaking at a "higher harmonic" and that events happening in one dimension were causing an event in another. Probably explained that awkward as hell, but the bottom line was that the information may be leaking through in other dimensions in ways we don't understand yet.

          I'm not convinced that a quantum based side channel attack isn't possible on quantum communications.

          OTP is different. At rest it is purely, and mathematically proven to be, unbreakable. Like traditional methods, its greatest vulnerability is the implementation of the key exchange. Others were, again, fairly unwise use of the key. The encryption method itself though is perfect, so as long as the input is high entropy, and zero bits of the key are used more than once, it is completely unbreakable. That, and OTP works at rest, and that is highly valuable.

          The Wikipedia article you've referenced points out that QKD+OTP is incredibly secure. Redundant for communications, but provides the at-rest capability you need for many encryption use cases. However, it is also extremely unlikely to provide the required bandwidth. You would be sending one bit to receive it back as cypher text. Which would be unreliable, so add on some methods to make it reliable, and that's where it starts to get expensive to send a bit. You may need to add a bit (no pun intended) more to overcome OTP's stream cipher vulnerability. I sincerely doubt that the satellites have that much bandwidth and can escape the costs that force us to use lesser algorithms to squeeze more out of keys.

          There is one more thing about OTP... You could use it with bad actors intercepting your data, where with quantum methods you just need to shut up. Quantum on its own doesn't have it what it takes.

          --
          Technically, lunchtime is at any moment. It's just a wave function.
          • (Score: 1, Interesting) by Anonymous Coward on Wednesday October 04 2017, @10:03AM

            by Anonymous Coward on Wednesday October 04 2017, @10:03AM (#576956)

            of which I know of no at-rest quantum encryption anywhere for that matter.

            The problem with at-rest quantum encryption is that we don't know how to preserve quantum states over extended periods of times (an encryption method where you have to decrypt and re-encrypt your document every few milliseconds, or even every few seconds, isn't exactly useful). If we had long-term quantum memory (where long-term means something like months or even years), at-rest quantum encryption would be feasible.

            Indeed, it would be rather easy: Just generate entangled pairs of qubits, where one side is the key, and the other is the memory. You can encode the data into the memory qubits, even without having the key qubits, but you cannot read them out without the key qubits; moreover, the key qubits cannot be copied (the no-cloning theorem of quantum mechanics); any attempt to do so would destroy them. And as bonus, every qubit could store two classical bits in that scheme (it's basically just superdense coding).

            What this scheme would not do is to make the data tamper-proof (while you cannot read it out, you can easily flip some bits if you know where they are). But give that this is the most immediate method that comes into mind, I'm sure that more sophisticated schemes could fix that, too (and probably smart people already did think of such schemes). But then, without long-term quantum information storage, this is all very theoretical anyway.

      • (Score: 3, Interesting) by edIII on Tuesday October 03 2017, @11:47PM (2 children)

        by edIII (791) on Tuesday October 03 2017, @11:47PM (#576851)

        Why, after poking holes in the distribution method, do you suddenly change your tune?

        My tune is changed because even if it is quasi-quantum it represents a relatively high security out-of-band channel in which to only perform key exchange. Most breaches are thought to occur because of poor implementation, particularly in the key exchange methods used. If this does represent a low bandwidth high latency key exchange medium, that is valuable. I would still be suspicious as fuck because it is China and they just LOVE VPNs and encryption they can't see through.

        According to other posters the satellite is just "relaying" photons since they perform better in space than in an atmosphere or fiber. If China has ability to intercept the photons than it is just a key escrow system with a government. A very secure one. If they don't, then it does represent a very secure key exchange mechanism.

        Since it apparently works I can imagine China moving to secure all military and sensitive communications with it within 10-15 years max. I can also see China selling the service to the rest of the world. The selling point is that the only other person in the room could be China, and they're not the Five Eyes. If I were really honest, I think most people trust China more than the U.S. Especially after it was revealed just how much respect the U.S government has for our civil rights by Snowden et al.

        I was being fair even it wasn't fully quantum. Still, just like you said, OTP is the King. That will never change. They're thinking they will have 100TB storage devices pretty soon. Can you imagine using that as an OTP buffer? Imagine using some PRNGS on it to expand the size when you don't need perfectly secure, but good enough to fuck with governments for a few months on a server farm somewhere.

        --
        Technically, lunchtime is at any moment. It's just a wave function.
        • (Score: 2) by takyon on Wednesday October 04 2017, @12:06AM

          by takyon (881) <reversethis-{gro ... s} {ta} {noykat}> on Wednesday October 04 2017, @12:06AM (#576855) Journal

          I would still be suspicious as fuck because it is China and they just LOVE VPNs and encryption they can't see through.

          Governments want secure communications for themselves.

          --
          [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
        • (Score: 2) by wonkey_monkey on Wednesday October 04 2017, @08:48PM

          by wonkey_monkey (279) on Wednesday October 04 2017, @08:48PM (#577171) Homepage

          According to other posters the satellite is just "relaying" photons

          No, it's generating the photons and sending them to the two parties.

          The selling point is that the only other person in the room could be China, and they're not the Five Eyes.

          The real selling point is that it's literally impossible for them to tamper with or record any part of your key (or rather, the bits you and your compatriot will ultimately use to make up the key) without you knowing about it.

          --
          systemd is Roko's Basilisk
    • (Score: 2) by wonkey_monkey on Wednesday October 04 2017, @08:39PM

      by wonkey_monkey (279) on Wednesday October 04 2017, @08:39PM (#577166) Homepage

      Further to my previous reply:

      I wasn't sure about it at first, but the satellite can't MITM the entangled photons it sends out (the ground stations would discover it as a rate of failed correlations) so that concern is dealt with.

      Really, since this was just key distribution, you can mimic it on Earth without the expensive satellites. Just use a lead lined sleeve and send pages of QR codes that contain the key. Or even better, take a 10TB drive and fill it with high entropy random noise.

      Either of those could, in theory, be intercepted and copied. You just need a bribable or oblivious courier, that's all. Compared to the incorruptible laws of quantum physics, that's no security at all.

      --
      systemd is Roko's Basilisk
  • (Score: 2) by wonkey_monkey on Wednesday October 04 2017, @08:23PM

    by wonkey_monkey (279) on Wednesday October 04 2017, @08:23PM (#577161) Homepage

    It (QKD) is really more like cooperative key generation than distribution. I mean, it's effectively the same, but calling it "distribution" does imply an insecurity (that the key already exists, and could be copied, en route) which it doesn't have.

    --
    systemd is Roko's Basilisk