Quantum entanglement is such a neat phenomenon, but secure communication feels like such a boring application. How much extra security would a quantumly protected communication channel provide over just using some really heavy encryption sent in a normal manner?
Yes, this is pretty much the basis to quantum key distribution protocols, and probably one of the first studied uses of quantum information in general. Consider BB84 (http://www.cse.wustl.edu/~jain/cse571-07/ftp/quantum/, https://en.wikipedia.org/wiki/BB84, apparently the first quantum cryptography protocol), which would allow the transmission of a one time pad with an any eavesdropper being unnoticed with provably exponentially decreasing probability in terms of key length. The one time pad can then be used to securely transmit data.
Thus it is possible to transmit arbitrary (classical) data with exponentially decreasing probability that we do not detect an eavesdropper. Alice and Bob can communicate with each other knowing that there is provably pretty much no chance that anyone else knows what they said to each other.
> Encryption that breaks if someone other than the authorized parties observes it. Something which isn't possible with "traditional" encryption.
As stated, this isn't possible with encryption enabled by quantum key exchange, either, nor is it an intended goal of the procedure. Quantum key exchange empowers integrity in the cryptographic key exchange process, but it doesn't intrinsically do anything to empower confidentiality (encryption) or authentication. If you successfully share a key with another party using a channel established via quantum entanglement, you will be (theoretically) capable of discerning with certainty whether or not there has been an attempt to record the key "outside" the channel.
The quantum innovation ceases once the key has been successfully shared. The ciphertexts encrypted with a key shared via quantum key exchange are just like ciphertexts encrypted with a key shared via traditional key exchange. They will not "break" if observed by an unauthorized party; in fact, there is no way to endow a ciphertext with that property. Either a party has the correct key or the don't, but the ciphertext will not "self-destruct" or cease to become usable if the incorrect key is used.
I feel this is an important nit to pick because even if you understand this, others reading your comment might not. Conceptually speaking, assurance of secure channel integrity is very different from assurance of confidentiality. It would be more accurate to say that in a quantum channel, you could exchange information in such a way that it cannot feasibly be read or tampered with; however, if the ciphertext were extracted from that channel, it would not be meaningfully different from a ciphertext extracted from TLS.
No but if you treat the "key exchange" process as a one time pad key and simply xor it with the message it doesn't matter that the actual ciphertext can be intercepted, since it's impossible to decrypt it. The only catch is that you would need to delay reading the "key" until the last possible second, and of course side channel attacks are still possible on both sides.
Now with how complicated and costly creation of the entangled particles will be, I'm assuming that usage like this will be very very rare, but it's still possible.
> No but if you treat the "key exchange" process as a one time pad key, it doesn't matter that the actual ciphertext can be intercepted, since it's impossible to decrypt it.
Sure, I'm not saying you can't achieve information theoretic security. My point here is that discussion of quantum key exchange should use precision in terminology - integrity and confidentiality are meaningfully different. If the ciphertext from a quantum channel is extracted (in whatever way), it is not more secure than a ciphertext in which the keys were shared in person and promptly destroyed via Cold War-era means. You won't be aware of an adversary trying to break the encryption once they have it in their possession, and the ciphertext won't "break" if plied with an incorrect key (though it would be secure for other reasons). Rather, you'd know if the key exchange process is being broken, or if information was not transmitted correctly.
This kind of observation would already require physical access to the communications medium (e.g. a fiber optic cable). So if you could DoS a quantum encrypted channel by measuring it, you could equally well DoS a classical channel by just cutting the fiber.
If you have secrets to keep, and your adversaries have that kind of access, better a DDOS than a leak.
Edit:
This kind of observation would already require physical access to the communications medium (e.g. a fiber optic cable). So if you could DoS a quantum encrypted channel by measuring it, you could equally well DoS a classical channel by just cutting the fiber.
The comment just above mine, which does a better job than me of explaining the degree of access required.
Besides which, it’s not as though you can only use this. You try your quantum channel first, and if it’s down you know you’re under attack, and act accordingly with your Classical backups.
What is the practical application of this then, considering that you can choose an arbitrarily large key to make eavesdropping or tampering practically impossible?
I don't get what's so exciting about this.
Or does this only become practically useful once quantum computing breaks traditional encryption?
All encryption across channels currently still functions with a man in the middle being able to intercept all traffic between 2 parties. Look into RSA and Diffie-Hellman.
One-time pads seem like a much easier solution, and they're never breakable given any amount of computation. They require upfront preparation to trade the pad, but seem a lot easier than quantum anything.
I'm in the camp that quantum cryptography (i.e. quantum key exchange) is silly. If quantum key exchange is not easier to use than a one-time pad, that's an argument against both, not an argument for a one-time pad. One-time pads are approximately never worth their effort, and in the modal case would just encourage poorer security overall.
The problem with one time pads is that you have to deliver the pad to your recipient first without it being observed in transit. This typically requires cumbersome physical security, and even then you can't be 100% sure.
Transmitting the one time pad over a medium that you can be positively sure nobody has eavesdropped on could make it practical. If someone does eavesdrop on the signal than you ignore that one time pad.
This is the technology that makes one time pads finally practical, at least in some cases.
Current production quantum key distribution systems are actually succeptable to attack by gaming the systems that detect the particles and going beyond their limitations .
You would know that a third party is not even storing your encrypted data for a future time when that encryption method/implementation may become obsolete.
I have not read the full article, but usually you need a laser which can produce single photons and which can control their polarisation (Other sources produce quantum superpositions of having 1 photon, 2 photons, 4 photons, etc. It's a probability distribution containing all those numbers).
No, it's just one particular method of creating entangled pairs, e.g. there are integrated semiconductor devices that can be used to generate them using other physical effects (but AFAIK SPDC is what most people use in practical situations)
Interesting, do you have any search terms I could use to google for the semiconductor devices (I’ll try myself, but if you have a jumping off point that would be helpful).
Sure, one example that I'm familiar with is frequency entangled photons produced by parametric scattering of exciton-polaritons (it's scattering of quasiparticles in a quantum well which are strongly coupled to a photon field). Although, I actually can't recall if I've seen a convincing experimental demonstration of this.
I have seen a bunch of experimental results which demonstrated entanglement using integrated silicon waveguides, where there are two waveguides that overlap in an effective "beam splitter" section then separate again (this is analogous to how you can get entanglement from an Hong-Ou-Mandel setup, which is two (EDIT: identical photons) incident on a 50/50 beam splitter which produces so-called "path entangled" photons).
Here's a recent short review paper which goes over some additional semiconductor devices which can produce entangled photon pairs[1].
Sadly even if we achieve quantum communication it will be only be for military and governments as we have already seen how government and law enfrocement all over the world has been against secure communication between people.
I’m as dystopian and paranoid as the next guy, but come on... we’re using the results of ARPANET night now. Our devices have GPS. We can use whatever encryption we like (for now). The governments of most of the world monopolizing a means of communication for long, is unlikely.
