Quantum cryptography is one of the most secure known means of transmitting data, due to the fact that even if a third party does intercept a quantum signal, that interference changes the encryption key, making the tampering apparent to parties at both ends. But a handful of quantum hackers at Norwegian University of Science and Technology in Trondheim recently performed successful hacks of two commercial quantum cryptographic systems -- and they did so without leaving a trace.
Quantum encryption is based on the notion that you cannot take measurements of a quantum system without in some way disturbing it. A sender uses standard values of zeros and ones. That key is encoded into a beam of light using two different quantum states of photons. The receiver has a detector that measures the quantum states of the incoming photons. Anyone who messes with the signal in between will change it in some way, making it apparent to the sender and receiver that someone tampered with the signal.
The quantum hackers got around the rules of quantum physics by simply intercepting the incoming signal and generating a brand new one to send on to the receiver. To do so, they shined a continuous 1-milliwatt laser at the receiver's detector, blinding it while they intercepted the sender's signal.
But the trick is in how they blind the receiver's detector. While blinded, it cannot act as a quantum detector, but it still functions as a classical light detector, reading a "one" if an extra bright pulse of light hits it, quantum properties of the light notwithstanding. So as the interceptor receives the sender's signal, it pumps an extra bright pulse of light at the receivers' detector every time it reads a "one" in the original signal.
In this way, the receiver still receives the correct signal from the interceptor even though it's a forged signal. Since it's a classical signal rather than a quantum one, quantum rules no longer apply and the sender and receiver aren't made aware of the signal tampering.
The makers of the two quantum cryptographic schemes, Switzerland-based ID Quantique and Boston's MagiQ Technologies, likely weren't thrilled to find a hole in their systems but welcomed the news as it will help them to shore up weaknesses in their encryption schemes.
When PopSci announced this encryption method a while back I said then that it wouldn't take long before it got defeated. Some of you mocked and ridaculed me for saying that. Well I get to say "I told you so" and it took less time than I thought too.
If we can make it, we can break it. This is not shocking news.
Quantum cryptography is not broken only a flawed implementation is.
first of all, if you've got a sensitive receiver line in the open where any punk with a laser pointer can read you messages- you deserve to be shot. Second, quantum cryptography does not to be broken- no matter how good your protection, your average end user is as stupid and susceptible to social engineering as ever, his/her system is likely to be crawling with keyloggers.
The anthropologists of the future; rejoice!
lol so they basically beat-down the messenger and then hand-delivered the message to the reciever.
Talk about an old-school method.
But it does seem like this was a flaw in the communication.
According to the statement:
"due to the fact that even if a third party does intercept a quantum signal, that interference changes the encryption key, making the tampering apparent to parties at both ends"
Sounds like neither the sender nor the receiver was able to tell that the signal was intercepted.
That's more than an implementation issue...thats a major flaw since it did not adhere to one of its major principles.
@Dustin...yeah, you are right (generally), but I doubt they are playing around with Quantum Cryptography for Facebook or general inter-webs users.
You'll never make a system better if you don't find its faults. While this might not be a true real-world scenario it is a valid test.
No encryption is perfect, the best we can hope for is to make it so difficult as to not be worth the effort. Internet security is a cold war, with each side trying to one-up the other with neither side winning for long.
The most secure computer in the world has never been turned on.
lol AlBme...even THAT's not secure
I said you could do exactly this the first time I heard quantum encryption was unbreakable. Alright, so you can't read the signal without destroying it, and therefore alerting the other end when it doesn't show up. But as long as you can make that exact signal in the first place someone else can replicate it after reading it, so as long as they can stop the first signal entirely they can replace it.
Go ahead, I dare you to try
Yeah I love how they say "by simply intercepting the incoming signal and generating a brand new one to send on to the receiver." So while you cut through the fiber optics to do that, signal is lost and your busted. Of course I am naive
3 letters. PHB.
Yep .. some people actually believe in security through obscurity, sadly. In fact, too many do.
Fact is this.
Safest would be turning off every computer. But - you think that's still secure? Oh it's locked you say? Ever hear of : stealing the key ? Or lock picking ? Etc.
No such thing as 100% secure data. Quite amusing, however, to see how many people get told this, and they then disagree .. until it bites them, and hard.
As I think someone else mentioned - which I also said above in more detail - even a "safely turned off" computer is not 100% secure (why do you think there is the program : shred and similar ?). Yet time and again, people do not get this. This includes every kind of organization, group, whatever.
Also, it doesn't matter if the algorithm is cracked (as someone had to point out) or not. I mean really, if you care about that, versus your data / site being safe, well then you're quite ... troubled. Reminds me of the ancient apache bug (phf - for those who remember that). Allowed you to say, spit out /etc/passwd .. sure, the encryption algorithm was good, but you know, without shadows (read : You have the encrypted password) it does not make a difference; brute force still wins!
Sure, you can be fairly secure or even very secure.. PCI Compliant, and all that stuff. But to just assume - well we know what that does.
I am surprised that someone has not tried to entangle an entire PC hard drive and just take the data by in fact having a remote copy that was generated by the entanglement. Then you don't have to steal the encrypted data. You have the original. :P How is that for scary?