hngopher.com

       [HN Gopher] Unforgeable Quantum Tokens Delivered over Fiber Network
       ___________________________________________________________________
        
       Unforgeable Quantum Tokens Delivered over Fiber Network
        
       Author : pseudolus
       Score  : 50 points
       Date   : 2024-12-22 11:53 UTC (3 days ago)
        
 (HTM) web link (spectrum.ieee.org)
 (TXT) w3m dump (spectrum.ieee.org)
        
       | londons_explore wrote:
       | I am worried about the future of quantum tokens...
       | 
       | Whilst theoretically they are secure, I worry about potential
       | huge side-channels allowing leaking of the key...
       | 
       | All it takes is a few extra photons emitted at some harmonic
       | frequency for the key to be leaked...
       | 
       | I would much prefer dumb hardware and clever digital software,
       | because at least software is much easier to secure against side
       | channels, and much easier to audit.
        
         | tucnak wrote:
         | Hybrids?
        
         | Strilanc wrote:
         | In principle quantum communication has no side channels because
         | side channels act like measurements, and measurements make it
         | not a functioning quantum channel in the first place. So you
         | need to have already solved side channel issues for basic
         | function.
         | 
         | That said, wherever you convert the quantum data into classical
         | data there will be potential side channels. For example, there
         | have been attacks based on using a laser down the communication
         | line to track the orientation of the measurement device at the
         | receiver.
         | 
         | In general, the more you can do while the data stays quantum
         | the better. For example, if you transduce the photon into a
         | qubit inside a quantum computer, then the measurement can be
         | hidden away inside the computer, instead of exposed to the
         | communication line. And the measurement basis can be chosen
         | after transmission arrival, instead of before.
        
           | robryk wrote:
           | The larger issue for most quantum key exchange setups is the
           | transition from classical to quantum: you want not to
           | accidentally generate two unentangled photons in the same
           | secret polarization.
        
         | UltraSane wrote:
         | Isn't the entire security of Quantum Communication predicated
         | on its complete lack of side-channels due to the fact that
         | measuring quantum systems collapses their wave function?
        
           | TachyonicBytes wrote:
           | Yes, in theory. In practice, photon generators won't behave
           | perfectly. There are lots of possible attacks, like photon
           | splitting [1].
           | 
           | [1] https://onlinelibrary.wiley.com/doi/full/10.1002/qute.202
           | 300...
        
             | gus_massa wrote:
             | Once you put error correction, doenn't you lose all the
             | nice properties of the non cloning theorem? If the protocol
             | tolerates 30% of errors, doesn't it tolerate 30% of MITM?
             | (60%??)
        
               | TachyonicBytes wrote:
               | You don't need error correction for some crypto
               | primitives. There are QKD networks deployed that don't
               | have that kind of error correction, as far as I know.
        
         | TachyonicBytes wrote:
         | With quantum tokens, law enforcement have to crack your
         | physical devices, so they at least have to good-old-fashion bug
         | your devices. With classical schemes, they can intercept on the
         | way.
         | 
         | I wouldn't say that current side-channels, most certainly
         | enabled by hardware, not software, are easier to audit.
        
           | Vecr wrote:
           | I don't think that's true. If you're paranoid you can build a
           | very simple and easy to audit device that lets packets
           | through exactly every x microseconds, with a short buffer to
           | prevent timing via dropouts.
           | 
           | Works fine for digital, doesn't work for quantum stuff.
        
           | foolfoolz wrote:
           | "lawful intercept" can be mandated to be built into anything
        
         | joshmarinacci wrote:
         | Security is never about absolutes. It's about relative costs vs
         | the attacker. It seems like this system adds a strong enough
         | layer of security over the transport that the attacker would
         | switch to going after the endpoints instead.
        
       | amluto wrote:
       | Does this have anything resembling details? The press release is
       | here:
       | 
       | https://www.nec.com/en/press/202411/global_20241118_01.html
       | 
       | And it has goodies like:
       | 
       | > Token: A digital certificate indicating certain rights and
       | values, such as digital assets, user information, and access
       | rights.
       | 
       | That is not much detail.
       | 
       | > Quantum key distribution (QKD) systems use quantum mechanics to
       | share random secret keys between two communicating parties in
       | order to guarantee secure communication, and then encrypt and
       | decrypt information based on those keys. (Patented (as of
       | November 18, 2024))
       | 
       | This sounds like rather old technology. What exactly is novel
       | here?
       | 
       | In any case, the article's drawing makes it look like the
       | customer's "token" is some classical information. This cannot
       | work.
        
       ___________________________________________________________________
       (page generated 2024-12-25 23:00 UTC)