Re: Quantum cryptography gets "practical"
Steve Furlong wrote: On Thu, 2004-10-07 at 14:50, Dave Howe wrote: The "regular encryption scheme" (last I looked at a QKE product) was XOR Well, if it's good enough for Microsoft, it's good enough for everyone. I have it on good authority that Microsoft's designers and programmers are second to none. (Microsoft's marketing department is a good authority, right?) well, what they *don't* tell you is the question was "which would you prefer to impliment security, a microsoft programmer or none at all" and they *still* came second :)
Re: Quantum cryptography gets "practical"
On Thu, 2004-10-07 at 14:50, Dave Howe wrote: > The "regular encryption scheme" (last I looked at a QKE product) was XOR Well, if it's good enough for Microsoft, it's good enough for everyone. I have it on good authority that Microsoft's designers and programmers are second to none. (Microsoft's marketing department is a good authority, right?)
Re: Quantum cryptography gets "practical"
On Wed, 2004-10-06 at 06:27, Dave Howe wrote: > I have yet to see an advantage to QKE that even mildly justifies the > limitations and cost over anything more than a trivial link (two > buildings within easy walking distance, sending high volumes of > extremely sensitive material between them) But it's cool! More seriously, it has no advantage now, but maybe something will come up. The early telephones were about useless, too, remember. In the mean time, the coolness factor will keep people playing with it and researching it.
Re: Quantum cryptography gets "practical"
Tyler Durden wrote: Oops. You're right. It's been a while. Both photons are not utilized, but there's a Private channel and a public channel. As for MITM attacks, however, it seems I was right more or less by accident, and the collapsed ring configuration seen in many tightly packed metro areas (where potential customers of Quantum Key Exchange reside) does indeed make such attacks much easier. Come to think of it, an intruder that were able to gain access to a CO without having to notify the public (Patriot Act) should easily be able to insert themselves into a QKE client's network and then do whatever they want to (provided, of course, they have the means to crack the 'regular' encryption scheme used to encode the bits--NSA). Which means that, should a $75K/year NSA employee want to strike it really, really rich, they'd be able to procure advanced notice of any mergers/acquisition deals. Unless someone has come up with a new wrinkle to this since I last looked, the QKE system indeed requires three channels - the key photon one which must be optical, and a conventional comms pair (the latter of course can be substituted with any comms pair you have handy, but if you are running fibre from A to B you might as well run three) As all three require MiTM to be mounted, it would be better to have a physically diverse path for the conventional pair - but in a small city where you are patching the optical channel though the nearest exchange, this may not be practicable. The "regular encryption scheme" (last I looked at a QKE product) was XOR
Re: Quantum cryptography gets "practical"
Oops. You're right. It's been a while. Both photons are not utilized, but there's a Private channel and a public channel. As for MITM attacks, however, it seems I was right more or less by accident, and the collapsed ring configuration seen in many tightly packed metro areas (where potential customers of Quantum Key Exchange reside) does indeed make such attacks much easier. Come to think of it, an intruder that were able to gain access to a CO without having to notify the public (Patriot Act) should easily be able to insert themselves into a QKE client's network and then do whatever they want to (provided, of course, they have the means to crack the 'regular' encryption scheme used to encode the bits--NSA). Which means that, should a $75K/year NSA employee want to strike it really, really rich, they'd be able to procure advanced notice of any mergers/acquisition deals. -TD From: Dave Howe <[EMAIL PROTECTED]> To: Tyler Durden <[EMAIL PROTECTED]> Subject: Re: Quantum cryptography gets "practical" Date: Wed, 06 Oct 2004 11:26:32 +0100 Tyler Durden wrote: An interesting thing to think about is the fact that in dense metro areas, you pretty much have a "star" from the CO out to a premise (which is the cause of deployment of "Collapsed SONET Rings"). This means the other photon of your encrypted pair might easily pass through the same CO somewhere, which would make the system suscpetible to a sort of man in the middle attack. Or at least, your fancy quantum crypto system has defaulted back to standard crypto in terms of its un-hackability. Unless I am mistaken as to the Quantum Key Exchange process, only one photon is ever transmitted, with a known orientation; the system doesn't use entanglement AFAIK. I note also that, as QKE is *extremely* vulnerable to MitM attacks, a hybrid system (which need only be tactically secure, not strategically secure) can be used to "lock out" a MitM attacker for long enough that his presence can be detected, without having to resort to a classical but unblockable out of band data stream. I think this is part of the purpose behind the following paper: http://eprint.iacr.org/2004/229.pdf which I am currently trying to understand and failing miserably at *sigh* Moral of this story is, even if this thing is useful, you'll probably have a very hard time finding a place it can be deployed and still retain its "advantages". I have yet to see an advantage to QKE that even mildly justifies the limitations and cost over anything more than a trivial link (two buildings within easy walking distance, sending high volumes of extremely sensitive material between them) -TD From: Dave Howe <[EMAIL PROTECTED]> To: Email List: Cryptography <[EMAIL PROTECTED]>,Email List: Cypherpunks <[EMAIL PROTECTED]> Subject: Re: QC Hype Watch: Quantum cryptography gets practical Date: Tue, 05 Oct 2004 17:48:30 +0100 R. A. Hettinga wrote: Two factors have made this possible: the vast stretches of optical fiber (lit and dark) laid in metropolitan areas, which very conveniently was laid from one of your customers to another of your customers (not between telcos?) - or are they talking only having to lay new links for the "last mile" and splicing in one of the existing dark fibres (presumably ones without any repeaters on it) _ On the road to retirement? Check out MSN Life Events for advice on how to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement _ Is your PC infected? Get a FREE online computer virus scan from McAfee® Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
Re: Quantum cryptography gets "practical"
Dave Howe wrote: I think this is part of the purpose behind the following paper: http://eprint.iacr.org/2004/229.pdf which I am currently trying to understand and failing miserably at *sigh* Nope, finally strugged to the end to find a section pointing out that it does *not* prevent mitm attacks. Anyone seen a paper on a scheme that does?
Quantum cryptography gets "practical"
Actually, that's an interesting point. In places like downtown NYC, if the fiber doesn't actually go to the basement of a building, it will certainly go within a few 100 feet, so that last hop is trivial. (But the kind of companies this would be targeted for this would already have fiber to the premises or FTTP anywayhowever, that fiber will only on occasion make it all the way to the telecom room...the internal building wiring will often be copper.) However, it's not like you'd have a continuous piece of fiber all the way from Customer X Location A to Customer X Location B...you'd definitely go through at least one fiber distributing frame (FDF) aka an optical "patch panel". However, the connectors will almost certainly be at least slightly anisotropic, so you'd get a wavefunction collapse, or at least diminish the distance you can go. So I imagine they actually perform a splice and remove the connectors...this will limit you of course to new, high quality fiber (which is extremely isotropic, and I know this for a fact having previously done a lot of testing for PMD, or Polarization Mode Dispersion.) An interesting thing to think about is the fact that in dense metro areas, you pretty much have a "star" from the CO out to a premise (which is the cause of deployment of "Collapsed SONET Rings"). This means the other photon of your encrypted pair might easily pass through the same CO somewhere, which would make the system suscpetible to a sort of man in the middle attack. Or at least, your fancy quantum crypto system has defaulted back to standard crypto in terms of its un-hackability. Moral of this story is, even if this thing is useful, you'll probably have a very hard time finding a place it can be deployed and still retain its "advantages". -TD From: Dave Howe <[EMAIL PROTECTED]> To: Email List: Cryptography <[EMAIL PROTECTED]>, Email List: Cypherpunks <[EMAIL PROTECTED]> Subject: Re: QC Hype Watch: Quantum cryptography gets practical Date: Tue, 05 Oct 2004 17:48:30 +0100 R. A. Hettinga wrote: Two factors have made this possible: the vast stretches of optical fiber (lit and dark) laid in metropolitan areas, which very conveniently was laid from one of your customers to another of your customers (not between telcos?) - or are they talking only having to lay new links for the "last mile" and splicing in one of the existing dark fibres (presumably ones without any repeaters on it) _ On the road to retirement? Check out MSN Life Events for advice on how to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
Re: Quantum cryptography gets "practical"
Tyler Durden wrote: An interesting thing to think about is the fact that in dense metro areas, you pretty much have a "star" from the CO out to a premise (which is the cause of deployment of "Collapsed SONET Rings"). This means the other photon of your encrypted pair might easily pass through the same CO somewhere, which would make the system suscpetible to a sort of man in the middle attack. Or at least, your fancy quantum crypto system has defaulted back to standard crypto in terms of its un-hackability. Unless I am mistaken as to the Quantum Key Exchange process, only one photon is ever transmitted, with a known orientation; the system doesn't use entanglement AFAIK. I note also that, as QKE is *extremely* vulnerable to MitM attacks, a hybrid system (which need only be tactically secure, not strategically secure) can be used to "lock out" a MitM attacker for long enough that his presence can be detected, without having to resort to a classical but unblockable out of band data stream. I think this is part of the purpose behind the following paper: http://eprint.iacr.org/2004/229.pdf which I am currently trying to understand and failing miserably at *sigh* Moral of this story is, even if this thing is useful, you'll probably have a very hard time finding a place it can be deployed and still retain its "advantages". I have yet to see an advantage to QKE that even mildly justifies the limitations and cost over anything more than a trivial link (two buildings within easy walking distance, sending high volumes of extremely sensitive material between them) -TD From: Dave Howe <[EMAIL PROTECTED]> To: Email List: Cryptography <[EMAIL PROTECTED]>, Email List: Cypherpunks <[EMAIL PROTECTED]> Subject: Re: QC Hype Watch: Quantum cryptography gets practical Date: Tue, 05 Oct 2004 17:48:30 +0100 R. A. Hettinga wrote: Two factors have made this possible: the vast stretches of optical fiber (lit and dark) laid in metropolitan areas, which very conveniently was laid from one of your customers to another of your customers (not between telcos?) - or are they talking only having to lay new links for the "last mile" and splicing in one of the existing dark fibres (presumably ones without any repeaters on it) _ On the road to retirement? Check out MSN Life Events for advice on how to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
Re: QC Hype Watch: Quantum cryptography gets practical
R. A. Hettinga wrote: Two factors have made this possible: the vast stretches of optical fiber (lit and dark) laid in metropolitan areas, which very conveniently was laid from one of your customers to another of your customers (not between telcos?) - or are they talking only having to lay new links for the "last mile" and splicing in one of the existing dark fibres (presumably ones without any repeaters on it)
RE: QC Hype Watch: Quantum cryptography gets practical
At 05:12 PM 9/30/2004, Tyler Durden wrote: What's a "quantum repeater" in this context? It's also known as a "wiretap insertion point"... > As for "Hype Watch", I tend to agree, but I also believe that Gelfond > (who I spoke to last year) actually does have a 'viable' system. > Commerically viable is another thing entirely, however. "Practical" implies that there's a crossover point between cost and benefit and that implementation is on the "benefit" side. Implementation may now be possible, and the costs may be lower than their previous infinite value, but the main benefits I see are public relations hype to impress the rubes and protect against zero-day exploits against Diffie-Hellman or Cisco IOS. But you could protect against the Cisco exploits just as easily with a conventional-key encryption hardware box, and you wouldn't need contiguous fiber.
RE: QC Hype Watch: Quantum cryptography gets practical
Yes, I am indeed a little suspicious. Clearly, this "quantum repeater" can't be doing an O/E, or no amount of hype will budge this product an inch. Quantum Crypto utilizes pairs of correlated photons, so we can't be talking about an optical amplifer. So since I've been away from the literature for a while, is there a device that can repair a deteriorating, about-to-be-collapsed superposition state? I can't see how this could occur without the requirement of acting on the other (correlated) photon either, and if that photon is physically removed from the first, then forget about it. (Though theoretically I think I can conceive of the possibility of two "correlated quantum repeaters" exchanging 'information' (including gating) about the photon pair they are collectively handling*, but no way that can be useful commerically.) *: This isn't quite as farfetched as it seems: Even 5 to 10 years ago it was shown that there can be quantum Forward Error Correction, and simple devices were demonstrated in the laboratory. -TD From: Bill Stewart <[EMAIL PROTECTED]> To: "Tyler Durden" <[EMAIL PROTECTED]> CC: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: RE: QC Hype Watch: Quantum cryptography gets practical Date: Fri, 01 Oct 2004 11:59:40 -0700 At 05:12 PM 9/30/2004, Tyler Durden wrote: What's a "quantum repeater" in this context? It's also known as a "wiretap insertion point"... > As for "Hype Watch", I tend to agree, but I also believe that Gelfond > (who I spoke to last year) actually does have a 'viable' system. > Commerically viable is another thing entirely, however. "Practical" implies that there's a crossover point between cost and benefit and that implementation is on the "benefit" side. Implementation may now be possible, and the costs may be lower than their previous infinite value, but the main benefits I see are public relations hype to impress the rubes and protect against zero-day exploits against Diffie-Hellman or Cisco IOS. But you could protect against the Cisco exploits just as easily with a conventional-key encryption hardware box, and you wouldn't need contiguous fiber. _ Is your PC infected? Get a FREE online computer virus scan from McAfee® Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
RE: QC Hype Watch: Quantum cryptography gets practical
What's a "quantum repeater" in this context? As for "Hype Watch", I tend to agree, but I also believe that Gelfond (who I spoke to last year) actually does have a 'viable' system. Commerically viable is another thing entirely, however. -TD From: "R. A. Hettinga" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: QC Hype Watch: Quantum cryptography gets practical Date: Thu, 30 Sep 2004 17:39:24 -0400 <http://www.computerworld.com/printthis/2004/0,4814,96111,00.html> - Computerworld Quantum cryptography gets practical Opinion by Bob Gelfond, MagiQ Technologies Inc. SEPTEMBER 30, 2004 (COMPUTERWORLD) - In theory and in labs, quantum cryptography -- cryptography based on the laws of physics rather than traditional, computational difficulty -- has been around for years. Advancements in science and in the world's telecommunications infrastructure, however, have led to the commercialization of this technology and its practical application in industries where high-value assets must be secure. Protecting information today usually involves the use of a cryptographic protocol where sensitive information is encrypted into a form that would be unreadable by anyone without a "key." For this system to work effectively, the key must be absolutely random and kept secret from everyone except the communicating parties. It must also be refreshed regularly to keep the communications channel safe. The challenge resides in the techniques used for the encryption and distribution of this key to its intended parties to avoid any interception of the key or any eavesdropping by a third party. Many organizations are advancing quantum technology and bringing it outside academia. Research labs, private companies, international alliances such as the European Union and agencies such as the Defense Advanced Research Projects Agency are investing tens of millions of dollars in quantum research, with projects specifically focused on the challenge of key distribution. The trouble with key distribution Huge investment in the late 1990s through 2001 created a vast telecommunications infrastructure resulting in millions of miles of optical fiber laid across the country and throughout buildings to enable high-speed communications. This revolution combined a heavy reliance on fiber-optic infrastructure with the use of open network protocols such as Ethernet and IP to help systems communicate. Although this investment delivers increased productivity, dependence on optical fiber compounds key distribution challenges because of the relative ease with which optical taps can be used. With thousands of photons representing each bit of data traveling over fiber, nonintrusive, low-cost optical taps placed anywhere along the fiber can siphon off enough data without degrading the signal to cause a security breach. The threat profile is particularly high where clusters of telecommunications gear are found in closets, the basements of parking garages or central offices. Data can be tapped through monitoring jacks on this equipment with inexpensive handheld devices. This enables data to be compromised without eavesdroppers disclosing themselves to the communicating parties. Another important aspect of this problem is the refresh rate of the keys. Taking large systems off-line to refresh keys can cause considerable headaches, such as halting business operations and creating other security threats. Therefore, many traditional key-distribution systems refresh keys less than once per year. Infrequent key refreshing is detrimental to the security of a system because it makes brute-force attacks much easier and can thereby provide an eavesdropper with full access to encrypted information until the compromised key is refreshed. Adding quantum physics to the key distribution equation Companies are now in a position to use advancements in quantum cryptography, such as quantum key distribution (QKD) systems, to secure their most valued information. Two factors have made this possible: the vast stretches of optical fiber (lit and dark) laid in metropolitan areas, and the decreasing cost in recent years of components necessary for producing QKD systems as a result of the over-investment in telecommunications during the early 2000s. Based on the laws of quantum mechanics, the keys generated and disseminated using QKD systems have proved to be absolutely random and secure. Keys are encoded on a photon-by-photon basis, and quantum mechanics guarantees that the act of an eavesdropper intercepting a photon will irretrievably change the information encoded on that photon. Therefore, the eavesdropper can't copy or read the photon -- or the information encoded on it -- without modifying it, which makes it possible to detect the security breach. In addition to mitigating the threat of optical taps, QKD systems are able to refresh keys at a rate of up to 10 tim