SECURITY THREAT?: Quantum entanglement does some mind-bending things. In this laser experiment entangled photons are teleported from one place to another.
Image: NASA
-
Gravity's Engines
We’ve long understood black holes to be the points at which the universe as we know it comes to an end. Often billions of times more massive than the Sun, they...
Read More »
The nascent industry of quantum communications could suffer a fatal blow if the U.S. enacts sweeping new regulations to provide wiretapping access to law enforcement.
The weirdness of quantum mechanics makes it possible for two parties to share an encryption key and be sure that no one else can copy it. Any attempt to eavesdrop on the communication of the quantum key would irreversibly disturb its quantum state, thus revealing that the channel is being wiretapped.
In recent decades, the development of quantum communication and encryption has motivated significant advances in basic research in mathematics, physics and engineering.
The first of such futuristic systems are already commercially available and have been installed by a few banks and government agencies. And quantum data security could one day be available over the Internet to anybody with a fiber-optic connection, as MIT physicist Seth Lloyd wrote in Scientific American [see "Privacy and the Quantum Internet," October 2009, http://www.scientificamerican.com/article.cfm?id=prviacy-and-the-quantum-internet].
The New York Times now reports that the U.S. government is seeking to establish new regulations that would outlaw encryption systems that don’t provide a built-in way for a third party to intercept and decrypt the data. Law enforcement would use such "backdoor" access, subject to court approval.
The details of the proposal are still being debated among various branches of government, but according to the Times—which first broke the story on September 27—the Obama administration plans to introduce a new bill next year.
The bill would affect all sorts of services that use encryption, from BlackBerrys to Skype. These services would have to be redesigned to enable wiretapping, which could put a considerable burden on the companies that provide them and on any future start-up company attempting to bring innovation to the field.
Critics have also pointed out that similar government efforts have been tried in the past, only to be abandoned when authorities found them to be unenforceable, in part because it is relatively easy to write and distribute encryption software. A document sent over a BlackBerry, for example, could have an additional level of encryption added by the user. Factory-provided backdoor access would then not be of much help to a wiretapper; it would be like unlocking a safe only to find another safe inside.
As the Times article noted, it is hard to see how such laws could be enforced on encryption software that users have already installed on their computers, or that is sold by foreign companies—to which U.S. law would not apply—or made freely available by amateur programmers. "There would be a black market for cryptosystems without a back door," says Lloyd.
But quantum encryption systems would face stark consequences. "This would probably be the end of the quantum key distribution industry," says physicist Norbert Lütkenhaus of the University of Waterloo in Ontario.
Quantum key distribution requires special hardware to produce the encryption keys. And the laws of physics make it impossible for a third party to copy or store the key.
Two types of quantum weirdness make quantum encryption possible: quantum superposition and quantum entanglement. Here’s how it works: the device that produces quantum keys emits pairs of photons, and sends one photon from each pair to Alice and the other one to Bob. Each photon is in a superposition of states—for example, a photon’s polarization can be simultaneously horizontal and vertical—thus representing a "0" and a "1" at the same time. Only the act of detecting the photon can make it settle on one of the possible choices.
Moreover, the two photons in each pair are "entangled," which means that once Alice finds a photon to be, say, a 1, she knows that the corresponding photon received by Bob must necessarily be a 0. Alice and Bob can then use their strings of correlated bits as a common encryption key. Any act of eavesdropping will destroy the entanglement, so it’s easy for Alice and Bob to detect the breach.
Once Alice and Bob have their shared encryption key, Alice can then use it to encrypt her message and send it to Bob by any means of communication: to anyone who intercepts it, the encrypted message will look like a string of totally random bits, and only Bob, who has the key, will be able to decrypt it.
Trouble is, there is no way for the designers of the quantum encryption device to store a copy of the key or to provide it to a third party: after the device has sent out the photons, even the device itself has no way of knowing which of the bits will turn into 1s and which will turn into 0s. "Nature kind of has a guaranteed right of privacy already built in," Lloyd says.
It is possible that new quantum encryption protocols could be designed to allow a "trusted intermediary," which could be a company such as Skype, to oversee the process, for example using triplets of entangled photons instead of pairs, says Artur Ekert of the National University of Singapore, a pioneer of the field. But secure communication that relies on a third party can also be established using classical physics, Lütkenhaus points out; the whole point of quantum encryption was to guarantee secure communications without the need to trust a third party.
Thus any legal requirement for all communication technology to provide backdoor access could effectively outlaw the entire quantum encryption industry. Ironically, governments, which are themselves customers of the technologies, could end up suffering too.
There is another way that regulators could get around the problem, Lloyd says: "Maybe they could try to legislate the laws of physics."
See what we're tweeting about
34 Comments
Add CommentWhile it's not really clear from all the descriptions of 'what could be done' included in this article is that quantum encryption is not likely to appear on the internet any time soon.
Reply | Report Abuse | Link to thisOne of the current requirements is the transmission of an entangled photon to all authorized parties to an quantum key encrypted message. Entangled photon transmissions are impossible over public networks containing various transmission technologies.
Moreover, once an entangled photon has been detected entanglement is broken (this is what makes it so secure). This prevents the use of signal repeaters in fiber-optic networks, limiting the transmission distance over which quantum encryption can be employed.
These issues do not prevent the demonstration of quantum encryption in laboratory environments or over limited distances in very high value private networks. Don't expect quantum encryption for at the local coffee shop anytime soon, and don't sign into bank from your hotel room...
Meanwhile, SA should be more responsible than to paint such an overoptimistically enthusiastic picture of the state this technology for its readership.
One of the more important issues with legislating against encryption is that the rest of the world will not be effected and domestic terrorists may simply chose to violate that law. That would ensure only that the NSA could monitor the domestic communications of law-abiding U.S. citizens for terrorist or other threats. Almost makes on wonder what it is they really want to monitor...
Reply | Report Abuse | Link to thisI'm not an American and subjust to domestic U.S. laws.
Reply | Report Abuse | Link to thisI know this publication is called Scientific 'American'...but science is worldwide. As a geologist I don't think of science in terms of borders.
In 2010 a more international perspective would be realistic when it comes to topics such as this, genetic engineering, energy alternatives, space technology, etc.
You're correct, of course, but you are not subject to U.S. laws when outside U.S. territory. Of course, any terrorist even within U.S. borders would likely to chose to ignore any restrictions on encryption if it suited his purposes.
Reply | Report Abuse | Link to thisIf I recall correctly, similar restrictions were sought when 128 bit encryption became available years ago. It was widely employed outside the U.S., so only U.S. domestic internal communications would have been affected, allowing the National Security Agency and others to more easily monitor domestic communications only. I recall an incident when national security representatives spent a great deal of time attempting to decrypt the hard drive on a terrorists' laptop that had been encrypted with a 128 bit key.
Other countries around the world would not likely agree to these restrictions on encryption, since they could allow the U.S. and others to (more easily) intercept their internal and external communications.
The U.S. is a proponent of agricultural genetic engineering, as it is in the economic interest of U.S. companies. Other countries may not share in those economic benefits and are concerned about environmental and health considerations.
These issues involving national interests can be very difficult for multiple nations to agree upon.
The question of what they are actually trying to monitor is a valid one and should be aggressively pursued by the media. They are the only one that have the access to ask the question until they get an answer. It is obvious that it is not terrorists.
Reply | Report Abuse | Link to thisThe other problem is that it won’t take long for the back door to be discovered and published. That would totally defeat encryption.
One great thing about the internet...it is not restricted to one geo location, it is international. I have many different security systems set up at my publishing company to prevent piracy of the author's art from anywhere in the world. My business account is in one country and my business is registered in another country, so the U.S. can pass all the laws they want and it will not effect my company's security that much and without a court order from the country the author's work originated from and still protected under that countries privilege, the U.S. cannot breech that country's privacy laws. If the U.S want to go through all the red-tape, then they can force me to reveal the author's work or hand over the encryption key, and if the U.S. wanted to go that far, then they would be violating my 1st, 5ft, and 7th Constitutional Rights.
Reply | Report Abuse | Link to thisI don't think that law will ever pass under an intelligent Congress.
If you think that the NSA is not monitoring international communications, as are other governments and industries around the world, what do you think they are doing with all of those multi-language interpreters and communications links? Of course, they're not monitoring the communications of U.S. citizens outside the U.S., are they? Other governments and industrial subcontractors wouldn't be either, right? I'm sure you're entirely protected against such activities.
Reply | Report Abuse | Link to thisIsn't it true that once quantum computing comes to the forefront, quantum hackers will also make their appearance, and a new age of encryption/decryption will ensue?
Reply | Report Abuse | Link to thisOn point: the government feels their hold on power slipping away over time, and this is one attempt to hold on to it. I doubt that they'll succeed. I foresee the Internet and IT technology evolution paving the way for less and less government over time, with power going to the people.
Backdoors do not always require legislation if it is simply made a feature of the processor chip itself. At that point, it is a feature and not one that is created by law. Intel recently annnounced (sept2010) that its 2nd generation core processor architecture would have the ability to either disable the PC or erase material from the hard drive without requiring permission from the current operator of the PC. Commands could be received from 3G spectrum or thru wired connection to an intranet or the internet.
Reply | Report Abuse | Link to thisReference: "www.pcmag.com/article2/0,2817,2369110,00.asp"
So, the idea of backdoors existing in hardware is not new as it will be included as a feature. Of course, this is the publicly announced feature. If there are any secret features, they would not be publicly announced of course.
As for laws not passing congress, don't forget that "policy laundering" can be used to bypass that. International treaty obligations can usually override existing court decisions. An example is the ACTA Treaty whose provisions would normally be blocked by any number of existing precedent-setting court decisions; but since ACTA is a treaty, it will override those court decisions on fair use, usage, and privacy rights.
Your reference describes only a security feature allowing the authorized owner to remotely disable and restore a processor in order to eliminate theft value.
Reply | Report Abuse | Link to thisI don't understand how that capability relates to an unauthorized backdoor facility, or especially how any of that relates to quantum encryption or wiretapping legislation. Please explain.
Quantum Key Encryption has nothing to do with quantum computing. Quantum encryption is technically fully demonstrable in very expensive distance restricted networks today. I suggest it will be many years if ever before its use will be widespread. As I understand, quantum computing is so far from technical reality that there is no assurance that it will ever become useful or practical. I suggest that quantum computing will not be implemented in a consumer product within our lifetimes.
Reply | Report Abuse | Link to thisTo the extent that quantum hackers will be able to slip a mirror into optical circuit to partition a light wave without detection or disruption, sure.
As a pendulum swings to one side, it swings again with similar force to the opposite. Likewise, human ingenuity will always outpace the attempts of a few to contain that ingenuity; when regulators impose restraint, those restraints are overcome with equal vigor.
Reply | Report Abuse | Link to thisAs with guns, when quantum communication is outlawed, only outlaws with have quantum communication.
Government efforts to "monitor everything" would only go so far.
Reply | Report Abuse | Link to thisThese days a talented high school kid could write an unbreakable encryption algorithm, although not quantum encryption. Consequently the people that the government would be most interested in could (and would probably) have secure communications.
Was my log-in encrypted?
Reply | Report Abuse | Link to thisEvery penny we spend on things such as this is a penny towards the terrorists' victory. What does it cost them to occasionally versus what our (the world's)reactions cost? Even if it's a million to a billion, who's winning? We ARE terrorized and throwing money at a vague fear is just as they desire. "Privacy" is just that - something you refer to in quotation marks, just like you would refer to the "tooth fairy" - neither exist in 2010.
Encryption is not just a personal privacy issue. While there is little to distinguish the value any specific individual's information from any others, Organizations such the U.S. Dept. of Defense and our military are in competition with other organizations that could be a matter of life or death of many millions. National and international corporations are in competition with others that can produce financial gain or loss for many millions of employees and stockholders. Intercepting and decoding these organizations critical communications can produce very high value results for competitors. The privacy of these organizations' critical communications is a very high value concern in 2010 and for as long as these organizations' operations can continue.
Reply | Report Abuse | Link to thisIf you spend much time traveling around to public Wi-Fi 'hotspots' signing into you bank account, you may discover that your own personal privacy is still quite important to you.
In the end, privacy only exists to the extent we educate and train ourselves to understand when it is important and how to respect it, then carry that personal code over into our laws. If we think of it only as a technical issue (we have privacy if our encryption is good enough, otherwise we don't), we'll never really have much privacy.
Reply | Report Abuse | Link to thisToday's culture in the US cares a lot less about respecting people's privacy than earlier generations (heck just watch any old movies where people often say "that's none of your business" when approached for any personal question at all, verses today's movies where everything is fair game... the reactions in the movies are a reflection of the prevalent attitudes).
If the general population in a democracy has massively redefined (and loosened) the boundaries of personal privacy over a relatively short period of time, then it isn't suprising that the legislators and enforcement agencies would begin to take advantage of those changes. In a broad sense (with some time lag and dillution) our goverment's actions are a general reflection of the population's attitudes.
While encryption is always important to protect from criminals (since they will invade privacy regardless of law or culture), I'd argue that the governmental intrusion issue is less one of technology and more one of education and changing cultural values.
Ahh, but the strawberries that's... that's where I had them. They laughed at me and made jokes but I proved beyond the shadow of a doubt and with... geometric logic... that a duplicate key to the wardroom icebox DID exist, and I'd have produced that key if they hadn't of pulled the Caine out of action. I, I, I know now they were only trying to protect some fellow officers...
Reply | Report Abuse | Link to thisSadly the laws will most likely prevent legitimate parties from using these technologies while those who are willing to skirt the law will use them for their own ends. Perhaps the government is attempting to prevent the use of this technology for commercial communication?
Reply | Report Abuse | Link to thisCouldn't a company simply get around this by simply providing the government with a key? While I don't like the idea of the government reading my mail. I recognize that they do so anyway. Until common sense prevails and we have laws that better protect private and commercial communication from government interception this is likely the best policy. However, the best way to prevent problems in this case is to simply express your democratic responsibility as a citizen and participate in the political process.
Whether or not the legislation is evetually passed, encryption, even quantum encryption, will survive and prevail - if for no other reason that those who have data to protect (either to cover-up illegal activity or to protect sensitive data) will find a way to keep their secrets.
Reply | Report Abuse | Link to thisRegarding quantum cryptography, there is a known attack whereby if the number of bits altered falls below the number of errors likely to occur by chance, the wiresniffing can be hidden from either end.
Reply | Report Abuse | Link to thisAs for banning backdoor-proof cryptography, it would be a truly optimistic government that tried to ban the XOR function. One-Time Pads are provably immune from attack. The only real problem is sharing the pad and there have been efforts to use extrasolar radio sources to solve that one.
Such a ban would also wreck havoc with opportunistic encryption (a feature of IPSec) on the technological front but it would also pose severe legal headaches for businesses wishing to trade with Europe. Remember, most network appliances used in Europe are of American origin.
(This matters in two respects. First, the US Government was implicated by Airbus in the theft of documents that ended up at Boeing. Secondly, the US was caught stealing from the SWIFT criminal database, leading to treaties on what the US can get - treaties that become worthless if the US can wiresniff in unencrypted form all European transactions including SWIFT database accesses.)
I'm not saying this will destroy civilization, but it will likely cause considerable strain for everyone from the eCommerce shopper (backdoors mean greater vulnerability to plain theft and identity theft, since anyone can use a backdoor) right the way up to the major trading blocs.
Paranoia is not good for a healthy society.
When the secrets are conceived will be the chance to reveal them in the name of progress.
Reply | Report Abuse | Link to thisOtherwise , they will be gathering in the dark and windy avenues, not always bad places.
Physics will rule.
as imipak stated...the current state of "quantum" encryption can and has been broken....
Reply | Report Abuse | Link to thiswhen and if true entanglement can be preserved....secure communications can occur instantly regardless of distance....literally point to point....no transmission medium needed....
interesting times we live in....
You're obviously more in tune with these issues than I've been the past 10-15 years, but wouldn't the interception (detection) of a quantisized light wave transmitting entangled photons prevent their reception at their intended destination detectors? Is this an attack that has actually been successfully demonstrated?
Reply | Report Abuse | Link to thisIf you're referring to a point to point laser transmission, that's fine for laboratory demonstrations but for longer distances it would seem that the variability of the atmospheric medium compared optical fiber must become highly problematic, in terms of maintaining entanglement integrity. I'm just guessing.
Reply | Report Abuse | Link to thisjtdwyer...no...thats not what i'm talking about...with true entanglement...the atoms(or sub particles) can be moved apart to any distance and when you read/change one...the other one changes instantly(no mater the distance)...
Reply | Report Abuse | Link to thisit was only a couple of weeks ago sciam had an article on how they broke a it...it might have also been in science or nature...other mags i check out...on a quick search on google one link i find is...
http://www.science20.com/news_releases/unbreakable_quantum_cryptography_broken
note...on the article i read they did not mention a solution....
Wayne, I may be interpreting your link differently. That article states:
Reply | Report Abuse | Link to this"In quantum cryptography, security is guaranteed by the laws of quantum mechanics. Quantum-mechanical objects have the peculiar property that they cannot be measured or manipulated without being disturbed. If somebody tries to copy a quantum-cryptographic key in transit, it will make extra 'noise.' An eavesdropper can cause problems, but not extract usable information."
"Jan-Åke Larsson, associate professor of applied mathematics at Linköping University, working with his student Jörgen Cederlöf, has shown that not even quantum cryptography is 100-percent secure. There is a theoretical possibility that an unauthorized person can extract the key without being discovered, by simultaneously manipulating both the quantum-mechanical and the regular communication needed in quantum cryptography."
I see the first paragraph as confirming my assessment. In the second paragraph I'd emphasize the theoretical aspect of their security 'hole', apparently described but not demonstrated, that requires manipulation of both key and data transmissions. I think that would be extremely difficult, at best. But that's just my interpretation.
Regarding quantum entanglement in general; quoting from:
http://en.wikipedia.org/wiki/Quantum_entanglement
Concept (section)
""...Now that entangled particles have been created, quantum mechanics also holds that an observable, for example spin, is indeterminate until a measurement is made of that observable. At that instant, all of the possible values that the observable might have had "collapse" to the value that is measured.
...Measuring one member of the pair tells you what the spin of the other member is without actually measuring its spin.""
I find no mention of altered states being instantaneously remotely mirrored.
My own interpretation is that the state of mirrored, directionally split, light of undetected photons is singular. This is somewhat consistent with the Bohm interpretation, which "postulates that a guide wave exists connecting what are perceived as individual particles such that the supposed hidden variables are actually the particles themselves existing as functions of that wave."
This stuff is way too complicated...
The article closes with:
Reply | Report Abuse | Link to this"There is another way that regulators could get around the problem, Lloyd says: "Maybe they could try to legislate the laws of physics.""
I find this suggestion surprising, since currently only the physics community that is allowed to legislate the laws of physics...
jtdwyer...crap...after reviewing the docs on entanglement...i don't see how they can do what i wanted them to do...(spooky action at a distance;-)...
Reply | Report Abuse | Link to thisjust one more thought for those in the field...if you take you take a bec(bose-einstein condensate) and align it in a magnetic field and then split it apart...will one part reflect action taken on the other part...just food for thought....
Reply | Report Abuse | Link to thisSorry. There seems to be quite a few folks that wish that - it would be useful. Gotta keep searching...
Reply | Report Abuse | Link to thisMore power to the people also means more power to people who are criminals and/or terrorists.
Reply | Report Abuse | Link to thisLaws that limit the liberties of the general population do not usually restrict the activities of the lawless.
Reply | Report Abuse | Link to thisIt is very interesting. More information about this and Quantum Mechanics should become available, and very probably is available for those wonderful people interested in science. I have no idea about how the technology for encryption works but no body should try to stop the development and use of this technology. Very probably any attempt to stop the development and deployment of this technology by anybody or any institution would be futile. On the other hand it would not be in any way recommendable to do so.
Reply | Report Abuse | Link to this