'Unbreakable' encryption unveiled

AcidRaZor said:
The idea behind this encryption is that no one would be able to eavesdrop on information without being detected. Not even the guvva-mint
Click to expand...

The idea is that no encryption scheme will be allowed to exist without
a backdoor which you won't know about. Its that or the developers going
off to a Gitmo like holiday resort or pound-me-in-the-a_s government prison.
Don't worry local govt has the backdoors to all the encryption schemes available.
 
But experiments eventually proved that he apparently does, and also laid the technical foundations for today's quantum information revolution - cryptography, teleportation, and computation.
Click to expand...

Teleportation today?!!! I must have been out of the loop for a while.
 
The encryption itself "might" be unbreakable... but there is always a flaw in the system. A hacker will exploit the flaw and not bother with the encryption. If you test the lock against a code that is stored somewhere else on the internet, then it means that at some stage the unlock key, or even the unprotected data itself has to travel across the internet. That is where the hacker will attack. There is also the human element. Data might be encrypted, but there are human beings running those computers... and any human being has his price. ;)
 
PeterCH said:
The idea is that no encryption scheme will be allowed to exist without
a backdoor which you won't know about. Its that or the developers going
off to a Gitmo like holiday resort or pound-me-in-the-a_s government prison.
Don't worry local govt has the backdoors to all the encryption schemes available.
Click to expand...

Once again, this is not an encryption scheme, it is a fact of science. Saying there is a backdoor to quantum physics is like saying there is a backdoor to to the universe.If I had a point to point fiber link with this encryption, I would be able to pick up an intrusion, guaranteed. Even if it was a government.

Garyvdh said:
If you test the lock against a code that is stored somewhere else on the internet, then it means that at some stage the unlock key, or even the unprotected data itself has to travel across the internet. That is where the hacker will attack. There is also the human element. Data might be encrypted, but there are human beings running those computers... and any human being has his price. ;)
Click to expand...

No. These are dedicated fiber links. It has to be for the quantum encryption to work. With quantum cryptography there is no key to work with (not at the quantum level, at the software level yes). By observing the data you change it, that is how they pick you up. If you try a man in the middle attack, the data will become incoherent. Of course this is all after you physically tapped into a dedicated fiber link not connected the the internet.

There is the human element, but that is not breaking the encryption, just circumventing it. It is easy to remove the human element from certain transactions and other critical pieces of data.

Guys, read some research papers on this subject. As I said before, this is a whole new ballgame.
 
Last edited:
Nuro said:
Once again, this is not an encryption scheme, it is a fact of science. Saying there is a backdoor to quantum physics is like saying there is a backdoor to to the universe.

No. These are dedicated fiber links. It has to be for the quantum encryption to work. With quantum cryptography there is no key to work with (not at the quantum level, at the software level yes). By observing the data you change it, that is how they pick you up. If you try a man in the middle attack, the data will become incoherent. Of course this is all after you physically tapped into a dedicated fiber link not connected the the internet.

There is the human element, but that is not breaking the encryption, just circumventing it. It is easy to remove the human element from certain transactions and other critical pieces of data.
Click to expand...

Wow, you sound very confident. That is unusual given that 99% of all encryption schemes have been broken or rendered useless in the past. It is not a business I would like to get into.

http://technology.newscientist.com/article/dn14866

Laser cracks 'unbreakable' quantum communications

Quantum cryptography is supposed to be unbreakable. But a flaw in a common type of equipment used makes it possible to intercept messages without detection.

Quantum cryptography has been used by some banks to protect data, and even to hide election results in Switzerland last year. But it has been discovered that shining bright light into the sensitive equipment needed makes it possible to hijack communications without a trace.

"It turns the equipment into a puppet-box that an eavesdropper can control," says Vadim Makarov from the Norwegian University of Science and Technology in Trondheim, who uncovered the vulnerability.
Super secret

Quantum cryptography relies on both users sharing a secret key, each digit of which is encoded into the polarisation of an individual light photon.

"Alice", the sender transmits a stream of photons signalling either 1s or 0s. But for each one she randomly chooses from one of two ways to encode the digit.

Because the receiver, "Bob", doesn't know which system Alice has used he must be able to decode both types and has two pairs of photon detectors – one for each system.

A beam splitter randomly directs each photon received to one of the pairs. If a photon reaches the correct pair it is decoded correctly, if not Bob receives a false result.

Once the transmission is over, Alice uses an unencrypted channel to tell Bob which system she used for each photon. Digits decoded wrongly are discarded to reveal the final secret key used to secure later communications.

In practise, these steps are carried out automatically by a computer system.

An eavesdropper, "Eve", who intercepts the transmission, must emulate Bob's detection method and then pass the data on to him unaltered to fool him everything is normal.

But quantum mechanics makes that impossible. The message will have been changed by Eve's interception to contain errors that reveal her presence when Alice and Bob compare notes later.
Dead giveaway

Now, however, Makarov and colleagues from Sweden and Russia have shown that Eve could control Bob's equipment, so that they both decode exactly the same digits from Alice's transmission.

When Alice later tells Bob which photons he encoded wrong, Eve can learn the key by listening in on the unencrypted message, and there are no extra errors to give her away.

The method exploits the way a common type of photon counter can have its sensitivity reduced by a very bright flash of light. The attack begins when Eve fires a pulse of laser light to all four detectors in Bob's equipment.

After that, Eve can send a second pulse and target it to just one of the four detectors. The pulse is a burst of many single photons all encoded using the same of the two quantum systems, and all carrying the same digit.

Bob's beam splitter initially sends half the photons to each pair of detectors. Photons that reach the detector that is not designed for that encoding system are split again between the two detectors. But not enough power reaches them to exceed the newly raised sensitivity threshold.

The half of the initial pulse that reaches the pair designed for that encoding system are all directed to a single detector – this time with enough intensity to exceed its raised threshold, and it registers a digit.

So by sending on a sequence of encoded photons that are identical to the ones she receives from Alice, Eve can safely intercept a message without leaving the tell-tale quantum errors.
Flash in the pan?

Makarov and colleagues have now uncovered such vulnerabilities in two of the three types of quantum equipment commonly used. They are now investigating ways to solve the flaw without introducing more weaknesses.

Norbert Lütkenhaus from the Institute for Quantum Computing in Waterloo, Canada, acknowledges Makarov's team has discovered a flaw. But he points out that the stronger laser pulses used to prime the detector might be noticed by Bob, giving away the attack.

"I don't think it's a serious flaw," he says. Makarov counters that the initial bright flash would likely be mistaken for noise. However, it should be possible to solve the problem completely by redesigning the vulnerable detector.
Click to expand...
 
This article deals with equipment flaws, not the quantum encryption itself.
 
Nuro said:
Once again, this is not an encryption scheme, it is a fact of science. Saying there is a backdoor to quantum physics is like saying there is a backdoor to to the universe.If I had a point to point fiber link with this encryption, I would be able to pick up an intrusion, guaranteed. Even if it was a government..
Click to expand...

I understand that the data has to be 1. Encrypted somehow.
2. Decrypted afterwards - I see no sense not being able to decrypt data.

So whatever application encrypts the data can keep backdoor information available for government sponsored entry into the data.

Its the same with current encryption algorithms, some are so complex it would take thousands of years with dedicated government computers, however if the application in question does something to
backup the password or encryption key or whatever in whatever
technical form that may be - that will be done or the author will find
himself in some prison cell living it up with his new husband Bubba.

That's what a backdoor is. It's not a suspension of reality or a magical
wand which defeats 'laws of physics' but a hack put in place by the author
of the application to allow authorised decoding.

Secondly even encrypted data can be decyphered through force or social engineering. You can encrypt your harddrive but the customs guys can ask
you to decrypt it and if you refuse they can hold you indefinately until you
relent. Worse regimes can torture you till you reveal your data OR they can
format your hd desctructively thus nullifying all data there - so much for
the super encryption. That's what happens IRL.
 
Nuro said:
99% of all schemes? Source please? I would love to see someone break something as simple modern PGP even.
Click to expand...

Sure.

Cop: Is that your PGP file, Sir?
You: Yes it is.
Cop: Would you mind decrypting it?
You: No - I won't.
Cop: If you refuse I will have to detain you.
You: I have rights, and you need a warrant.
Cop: Section 3, paragraph 12 of the Constiutional Amendment on Searches and Seizures related to Border Crossings authorises me to detain you indefinately without a warrant or even probable cause.
You: Err.... Why don't you try to decrypt it, my file is undecryptable!
Cop: We don't need to do that, sir. We will hold you in detention till
you provide the password.

Months later... in a local jail cell.

You: But my encryption was unbreakable!!!
Vusi: Yeah, luckily my xxxxxx is unbreakable. Now bend over, b......

You see no matter how good the encryption is, and even without backdoors (which would be found on commercial
or allowed public versions of programs anyway) there is no way that the building holding the decrypted data can't be broken
into or some other intrusion can't occur. Any encrypted data has to be decrypted and that makes all encrypted material
vulnerable.
 
Last edited:
PGP already, is very secure. Yes it can be broken, but once again brings up the issue of relevance with time and effort.... :p
 
PeterCH said:
The idea is that no encryption scheme will be allowed to exist without
a backdoor which you won't know about. Its that or the developers going
off to a Gitmo like holiday resort or pound-me-in-the-a_s government prison.
Don't worry local govt has the backdoors to all the encryption schemes available.
Click to expand...

Govt has back doors to all encryption schemes available? :D
Not mine....
 
its just as good you say no i've got unbreakable protection in my house, (it takes the tsotsies longer to get in) does not mean that you won't be able to get in somehow.

I hate it when people make statements like unbreakable encryption...

Anything a human makes is imperfect!!
 
PeterCH said:
I understand that the data has to be 1. Encrypted somehow.
2. Decrypted afterwards - I see no sense not being able to decrypt data.

So whatever application encrypts the data can keep backdoor information available for government sponsored entry into the data.

Its the same with current encryption algorithms, some are so complex it would take thousands of years with dedicated government computers, however if the application in question does something to
backup the password or encryption key or whatever in whatever
technical form that may be - that will be done or the author will find
himself in some prison cell living it up with his new husband Bubba.

That's what a backdoor is. It's not a suspension of reality or a magical
wand which defeats 'laws of physics' but a hack put in place by the author
of the application to allow authorised decoding.

Secondly even encrypted data can be decyphered through force or social engineering. You can encrypt your harddrive but the customs guys can ask
you to decrypt it and if you refuse they can hold you indefinately until you
relent. Worse regimes can torture you till you reveal your data OR they can
format your hd desctructively thus nullifying all data there - so much for
the super encryption. That's what happens IRL.
Click to expand...

With quantum cryptography there does not need to be a encoding and decoding process. If the middle man looks at the data, he corrupts it. Alarm bells go off for the real recipient of the data. Other side can get notified, and the data stops.

There is a difference between breaking encryption, and breaking a human to reveal the key so that you can decrypt. Don't blame encryption schemes for human weakness. But I agree that all data is somewhere decrypted between a human and a computer, and that is any scheme's weakness. Still, for sensitive data, I know mine is safe from everyone but torture squads :D
 
Bruce Schneier on Quantum Encryption:

Moving data from point A to point B securely is one of the easiest security problems we have. Conventional encryption works great. PGP, SSL, SSH could all be used to solve this problem, as could pretty much any good VPN software package; there's no need to use quantum crypto for this at all. Software security, OS security, network security, and user security are much harder security problems; and quantum crypto doesn't even begin to address them.
Click to expand...

http://www.schneier.com/blog/archives/2007/10/switzerland_pro.html
 
Nuro said:
On what do you base your statement? Ordinary encryption can be broken with time, but it might take so long that it is for all purposes unbreakable. We have encryption now, free for download, that will take so long to brute force attack that when you finally succeed, the data is useless (hundreds to thousands of years).

There are three kinds of attacks I can think of: Finding a mathematical vulnerability, human weakness (selling a private key for example), and brute force attacks. Brute force attacks take too long with current schemes, human error can be eliminated with the right security protocols, and mathematical vulnerabilities are rare.

Now, to add to the complication, they throw in a known and proven scientific principle to make it more secure. Not a human conceived idea, but a law of nature. It it gets broken, we have other things to worry about than compromised data, since it turns out we do not know the universe as well as we thought we did.
Click to expand...

The more complicated mathematical theory becomes, the more vulnerabilities are inherent in a system...

The laws may not be broken, but they can be bent so as to render a system unusable.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X