[thedoc (OP)]

Will quantum security change online security?
Asked by Kevin Hoover, Facebook


                                        Visit the webpage for the podcast in which this question is answered.

 

[thedoc (OP)]

We answered this question on the show...



 Ross -   Quantum computing appears to be somewhat stalled.  It showed great promise back in the 1990s where there was a prospect of algorithms that wouldn’t allow people to factor large numbers quickly and the Los Alamos report, which looked at the state of the art in prospects said 10 years ago, that within a decade, that is by now, we should have proper working quantum computers that we could use to explore architecture.  But we’re still stuck at the stage of messing around with machines with a maximum of 7 cubits.  And now, scientists are beginning to wonder why it is that quantum computing doesn’t work as it promised and this, with luck, may lead to breakthroughs in physics, but I don’t see it as  changing the world of cryptography any time soon.
Dave -   So, by 7 cubits, you mean that they can factor a number up to that 128?
Ross -   Well in fact, the largest number they’ve been able to factor so far is 15.
Dave -   Probably not that useful.
Ross -   So, there's something missing there and what’s missing is a source of interesting research in its own right.

[yamo]

Likely the interesting research is classified.  Govs will never let it see the light of day, like cold fusion or nanotech..  Too many powerful people have too many trillions of $s to lose.  We are not free...not even close.

[johnab1]

nanotechnology is already out. As for quantum computing... I think china will be the first to crack that cookie. All Im saying.

[Jarek Duda]

Will quantum security change online security?

From one side there is used quantum cryptography like BB84 ... but honestly it is not safer than classical one: if someone can get in the middle of both quantum channel and required classical auxiliary channel (man-in-the-middle attack), he can act for side A as he was B and for B as he was A.
From the other side there might be a threat of quantum computers - more precisely the Shor algorithm to break RSA. For 20 years there didn't appeared any new really practical algorithm showing QC being superior to classical ones, so it is rather enough to replace RSA with elliptic curve asymmetric cryptography and this threat disappears completely ... and generally making practical QC seems to be impossible task because of decoherence - maybe in a century, but personally I'm rather pessimistic.

... but ... instead of maintaining the coherence in standard approach to QC, it might be possible to take the most crucial task into a single use of e.g. controlled delayed quantum erasure - what could lead to even stronger computers - immediately breaking current cryptography ...

[imatfaal]

BB84 is better in the respect that an eavesdropper - rather than a man in the middle - can be detected

[Jarek Duda]

Eavesdropper yes - he damages quantum states.
Man in the middle no - if he controls also classical channels/authorization, he can cut the optical cable in the middle and start BB84 with both A and B separately - convincing A that he is B and B that he is A, such that they believe that they talk directly with each other (like in a nice scene in the last mission impossible movie )
How would you detect/prevent that?

[imatfaal]

To detect/prevent m-in-the-m you tend to rely on other techniques - whilst your interloper might have your optical fibre compromised, does he have the post, telephone, etc as well.  ie the m-in-the-middle is pretty much screwed if the first message is "remember to use the one-time pads to cypher and de-cypher even with the quantum encryption - use the pads I gave you at that party last year starting with number 25!"

[Jarek Duda]

Indeed, as I have written, beside the quantum channel the attacker would also need to control the classical ones ...
Let us compare it with purely classical 2 channels - for example encode the message with AES with not some extremely safe cryptokey, and send bits on even positions through one channel, and odd through the second. Even if the attacker would know the cryptokey, controlling only one of these two channels he would get only useless noise.
Better classical cryptosytems requiring some minimal number of encrypted parts is encoding polynomial by more values than its degree.
... or we can use probably the only mathematically proved to be safe (one time pad): send a completely random bit sequence through one channel and the message xorred with this sequence through the second channel (also completely random looking sequence) - getting only one of these would be just useless.

So in both BB84 (quantum + classical channel) and 2 classical channels, you need to control both channels to get the information - my point was that there is no advantage of using quantum channel (beside sucking money from rich paranoiacs).

[imatfaal]

I see your point Jarek - although I think the eaves-dropper is the primary concern. 

Remember it isn't merely criminal organizations that require tough codes most corporations require them, and these businesses like myself might well believe that the only people capable of mounting a longterm and successful man-in-the-middle attack are the government; and the government can get a court order and force the hand-over of keys in most states.  So the primary method of attack that they fear is the snooper - obtaining an elicit copy of the cypher-text and trying to decrypt it.  They understand with current technology that snooping is relatively easy to accomplish and very difficult to detect if done well - they see quantum encryption as a method to plug this hole.  I am not sure they are quite as deluded as you imply. 

The easiest method of code breaking has always been to get the plain-text before or after it is encoded - that remains so and our banks and retailers are crap at doing anything about it.  Very few organisations could or would run themselves to a level of security that standard non quantum encryption is the weak link in their chain of security.  On that basis quantum channel messaging is merely to suck money from paranoiacs.

As someone interested in code I am sure you will have seen this cartoon - but if not I am sure it will give you a chuckle



from the amazing xkcd

[Jarek Duda]

Ciphertext only attacks are just impossible against modern cryptosystems (...unless we get time-loop computers). They are designed to resist much stronger attacks, like adaptive chosen plaintext attacks, where the attacker can adaptively feed cryptosystem (using a fixed key) with chosen plaintext and observe ciphertexts it produces to try to deduce the key.

So generally I completely agree that it is not the cryptosystems or channels what is the weak link of applied cryptography, but the human factor ... and using quantum cryptography won't help here ... especially that the general belief/confidence that they are ultimately safe is just wrong.

[syhprum]

Are there any recorded incidents where a data break-in has been achieved by breaking a 1024 bit code ? , I think we need to pay more attention to human factors than super unbreakable codes.

[guest46746]

https://www.theregister.co.uk/2017/08/01/quantum_comms_using_dirty_carbon_nanotubes/