UGN Security
Posted By: paradox Another Look at Quantum Crypto - 11/10/03 08:47 PM
On Friday, I voiced moderate scepticism about whether MagiQ's launch of quantum cryptography was the real thing.

I've had an e-mail from a computer science lecturer at Massey University in New Zealand, Bruce Mills, which sheds some light on the topic (with the weight of expertise rather than guesswork!).

The short version is that the MagiQ product is feasible, but there's a gap between what it does and the hype it's attracted.

Mills said he's been aware of prototypes of such systems in research laboratories for about four years. "The idea is conceptually very simple," he wrote. "In order to steal information from a communications link, you have to steal energy."

Among other things, quantum mechanics describes the smallest amount of energy which can exist - one quantum - which in light equates to a single photon. Stealing information, in this context, means stealing at least one photon; and since there's only one there, the light goes out.

If all we did was send individual photons for ones and zeros (for example, polarised vertically for 1, polarised horizontally for a 0), the system is vulnerable to a man-in-the-middle attack.

Mills explained to me that the first problem with the man-in-the-middle approach is simply that the delay could be detectable. And the system can be made even more secure using a property called "entanglement".

Entanglement is a very weird aspect of physics which I'll explain further down; in practical application, it means the photon generated by the man-in-the- middle can never be identical to the photon the attacker intercepted.

So if the communication is intercepted, detection is a certainty.

"An important technical point is that what's called quantum encryption is not encryption at all," Mills said. "It is, rather, a system for detecting snooping on the communications link."

It might, however, be unfair to criticise MagiQ for using the expression "quantum cryptography", because this inaccurate shorthand which was adopted by the popular science press some years ago, and MagiQ merely adopted common usage.

Entanglement:
Disclaimer: this won't even do as a primer, but there's lots of people who didn't do university physics - I'm one of them - and since quantum mechanics is intruding into our industry, here's a short grab.

Schrodinger - the physicist who killed the cat, or didn't, in the thought experiment - noticed that certain quantum states could exist in which pairs of quantum systems are "entangled". What happened to one of them would be observable in the other system, even though there was no communication between the two.

In the "macro" world, it would be like throwing a die in Sydney, and having its entangled pair show a six in Brisbane.

However, entanglement was only an artefact of the maths of quantum physics. For many years, it was chiefly treated as a mistake. In the 1960s and into the 1970s, an Irish physicist, John Bell, revived interest in entanglement by using the theory to describe simpler systems. He looked at how entanglement might apply to quantum systems with two values in common, such as polarization and spin (both of which can apply to photons).

And one of the things which he demonstrated was that entanglement can survive across significant distance. This means I can send you a photon, and manipulate its state after you receive it, by doing things to the "entangled mate" at my end.

In a "classical" communication system, interception can be undetectable; all I need to do is make sure that what I retransmit is exactly the the same as what I received. A perfect repeater is a perfect interception device, and vice-versa.

But if I grab one entangled photon from a pair "Aa - Ab", it's useless. I can generate a new photon, let's call it Ba, but it's not entangled with Aa. It won't respond to changes of state in Aa. Ba might look like a duck and quack like a duck - but it's not a duck.

If entanglement lasted forever, that would be the end of the matter. I could create a entangled pair of photons, send one of them to the receiver, and use them as a permanent and untappable communications system.

Sadly, however, physics gets in the way. I can use the entangled pair to communicate once, and once only, after which I can no longer control Aa.

So the quantum communication system has to work differently - it creates a pair, communicates data (say, two bits); creates a new pair, communicates, and so on.

source: comms world
© UGN Security Forum