My expertise is in computer and network security. I'm not a physicist. I was hoping someone could help explain something to me.

I have read "The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography", but Simon Singh. In the section on quantum cryptography, he talks about an idea (not his idea, he is simply an author who is writing about many other people's cryptography work) for making dollar bills that cannot possibly be counterfeited. He doesn't say they would be difficult to counterfeit. He says it will be impossible.

The idea is to have a dollar bill with "light traps" (which don't exist yet) that can capture and hold a single photon. The photon will of course have one specific polarization. There would be, for example, 20 light traps, each with a single photon, each with a random polarization. The bill will also have a serial number on it.

Before the bill is released into circulation, the serial number and orientation of the photons in the light traps is recorded. So later, the bank could examine the serial number, look up the orientation of the photons in the light traps, and then measure the orientations with polarizing filters. If they are the correct orientation for what that bill should be (associated with its serial number), then they know that the bill is genuine, and not counterfeit.

He says that a counterfeiter would not be able to recreate the light traps with the correct polarization, because the counterfeiter cannot measure them. Of course, he tosses in the Heisenberg uncertainty principle.

But what Singh says makes no sense. He says that the counterfeiter could put a polarized filter in front of the light trap, and if it is not the correct orientation, the counterfeiter knows that it is incorrect. However, he said that the counterfeiter has no way to determine the correct orientation.

Why can't the counterfeiter just put the filter in front of the light-trap, and rotate it until he observes the photon in the light trap? This should tell him the orientation. This can be done with each of the light traps, and the coutnerfeiter could recreate this in the counterfeit bill.

It was my impression that the bank would measure the orientation of the photons in the light traps in the same way: orient polarized filters to be what should be correct for the light traps in that bill, and check if the photon in the light trap can be observed through it.

So why wouldn't my very obvious solution work? Note that Singh did not say it would be difficult and expensive to counterfeit the bill. He said that, due to the Heisenberg uncertainty principle, it would be impossible.

Can a physicist clear this up for me? I get the feeling that Singh neglected something in his explanations.

While I can't really comment on the science aspect of the question, but I would wager you are correct. That anything that can be produced, can just be produced again by someone else willing to work hard enough.

Maybe a bill that costs more to produce/reproduce than its face value would work (making counterfeiting not profitable). Of course this might have serious economic consequences...

What we really need to stop counterfeiters is magical floobie ink!

LLH

While I can't really comment on the science aspect of the question, but I would wager you are correct. That anything that can be produced, can just be produced again by someone else willing to work hard enough.

Maybe a bill that costs more to produce/reproduce than its face value would work (making counterfeiting not profitable). Of course this might have serious economic consequences...

What we really need to stop counterfeiters is magical floobie ink!

LLH
I agree about making a bill more expensive to produce than its face value. And reading about the bill, that is what I would think. But Singh specifically said that it was NOT POSSIBLE to copy the bill, with the correct orientation of the photons in all the light traps. Not only can it not be created, but he said they could not even be measured. I'm not totally sure Singh got all his facts right on this one.

But it is overall a VERY good book. I'd recommend it to anyone who is interested in cryptography.

Hmmmmmmm.

If it cannot be measured, then how will the bank know it is real?

If it cannot be reproduced, then how will we encode the serial numbers correctly? If orientation A is a 1 and orientation B is a 2, and so on, then they MUST be able to be reproduced. Unless a random orientation is produced for EACH specific bill. This would be akin to naming them. So where and how is this database accessed?

I think that what he is trying to say is that each light trap would be different, and that we couldn't make them the same, no matter how we try. This is where he invokes Heisenburg.

It would be easier to hack the system and put on the serial numbers on the bill that most closely match the light traps you've made.

Thus, each bill has a unique light trap set to go with its serial number.

How much is the tech for these 'light traps'. Unknown. If it is more than the cost of printing the bill, then yes, we have problems. I wouldn't think it would be used for a one dollar bill, however.

I agree about making a bill more expensive to produce than its face value. And reading about the bill, that is what I would think. But Singh specifically said that it was NOT POSSIBLE to copy the bill, with the correct orientation of the photons in all the light traps. Not only can it not be created, but he said they could not even be measured. I'm not totally sure Singh got all his facts right on this one.

But it is overall a VERY good book. I'd recommend it to anyone who is interested in cryptography.

Well if these photons can't be measured, how can the bank measure them (or how could something that is unmeasurable contain useful information)? Even if they could only be measured at the bank (which seems doubtful), how would this prevent someone from passing the bill to a merchant? Seems a little fishy to me as well.

LLH

Why can't the counterfeiter just put the filter in front of the light-trap, and rotate it until he observes the photon in the light trap? This should tell him the orientation. This can be done with each of the light traps, and the coutnerfeiter could recreate this in the counterfeit bill.


Each light trap contains a single photon, remember. You can only measure a single photon once; if it's blocked by the polarizer, then it's gone forever, there's no way to replicate it.

Note, of course, this means that the bank is only able to check each bill once for authenticity.

Try emailing Simon. He is reasonably responsive..

simon@simonsingh.net

Actually he might be at TAM, I think he told me he was at the last one. You might ask Linda if he has registered.

Each light trap contains a single photon, remember. You can only measure a single photon once; if it's blocked by the polarizer, then it's gone forever, there's no way to replicate it.

Note, of course, this means that the bank is only able to check each bill once for authenticity.

Even worse, if a person other than the bank were to "read" the photons, the information would be lost and the authenticity of the bill would no longer be verifiable (I'm assuming that the photon traps have to be re-populated by the bank and the new photon states stored by the bank every time the dollar is read). From my understanding, an important part of quantum key distribution is single photon transmission, so that any any interception of a photon destroys that part of the signal, requiring a resend. Granted, my experience with quantum cryptography is limited to seeing a few talks and reading a few papers about quantum key distribution, so although slightly knowlegable, I'm not an expert and may be mistaken.

So did you do the puzzles in the back of the book?

I did the ones up through the Vigniere (sp?) cipher, and I recall doing that one on an airplane with only pencil and paper. I hafta say I was kinda impressed with myself then. I didn't even attempt the more advanced ones though.

Each light trap contains a single photon, remember. You can only measure a single photon once; if it's blocked by the polarizer, then it's gone forever, there's no way to replicate it.

Note, of course, this means that the bank is only able to check each bill once for authenticity. Rof is correct. Once you let the photon out of its cage, you only have one shot to guess the polarization. Guessing 20 of them correctly at the same time is statistically impossible and once you've failed, you've got an "empty" bill, which is then valueless (and would almost certainly be a crime to possess). But even if you did happen to do it once, you've only copied a single bill.

My main concern with an "uncrackable" system like this is that we might rely upon it almost exclusively and that eventually the monetary database, however secure it might be, would someday be compromised.

Rule of thumb: Any lock can be picked.

It is only a matter of time. To be produced, it has to be able to be reproduced.

Look at One-time pads. The only reason they are considered to be unbreakable is that, with a code that changes on a daily basis by the time the Bad Guys decypher that day's code, it's useless to them other than to break the messages sent on that day. Since a goodly portion of classified data that would require the use of a OTP is usually (can I put any more qualifiers in this?) time-sensitive (e.g. along the lines of "We bomb the target tonite"), breaking the OTP after the fact isn't all that usefull.

Ok, so how does this relate to the OP? Well, if the light-lock (LL) is a stagnant thing, then it's only a matter of time before the Bad Guys get the code. How difficult would it be to figure out the physics of the detector? Once you figure out the physics, the engineering wouldn't be all that difficult, especially to people who are standing to make millions, both literally and figuratively, of dollars in counterfeit bills.

The strength of a one-time pad comes from the fact that it is (or should be) used literally only once, not as a 'day key' for a day's-worth of different messages. If a one-time pad is used only once, and the pads are kept secure at both sending and receiving ends, then it is demonstrably impossible, not just very hard, to break. The weakness of the OTP is keeping the pads secure.

I really got into the Challenge at the back as well. I got numbers 1-8, and was part of a syndicate of around 100 who broke #9 by a brute force attack. Number ten proved too large a problem until it was broken by a Swedish team.

Edit: change cipher to key

Thanks for the replies, everyone. And Ed, thanks for the info on Simon. I'll e-mail him and give it a shot. Although I may know very little about physics, my job is a Senior Engineer doing security work for one of the most well-known tech companies in the world. I'll e-mail him from my work address, as that should up the chances of him reading it and responding. :)

ETA: I'll be sure to re-read the section carefully one more time before e-mailing him. But I've already read it more than once (and those were not deeply careful readings). If the answer is in there, it is far from obvious.

Rule of thumb: Any lock can be picked.

It is only a matter of time. To be produced, it has to be able to be reproduced.

Look at One-time pads. The only reason they are considered to be unbreakable is that, with a code that changes on a daily basis by the time the Bad Guys decypher that day's code, it's useless to them other than to break the messages sent on that day. Since a goodly portion of classified data that would require the use of a OTP is usually (can I put any more qualifiers in this?) time-sensitive (e.g. along the lines of "We bomb the target tonite"), breaking the OTP after the fact isn't all that usefull.

Ok, so how does this relate to the OP? Well, if the light-lock (LL) is a stagnant thing, then it's only a matter of time before the Bad Guys get the code. How difficult would it be to figure out the physics of the detector? Once you figure out the physics, the engineering wouldn't be all that difficult, especially to people who are standing to make millions, both literally and figuratively, of dollars in counterfeit bills.Actually, to REALLY be considered a one-time pad, it should be used for one and only one message. :)

The strength of a one-time pad comes from the fact that it is (or should be) used literally only once, not as a 'day key' for a day's-worth of different messages. If a one-time pad is used only once, and the pads are kept secure at both sending and receiving ends, then it is demonstrably impossible, not just very hard, to break. The weakness of the OTP is keeping the pads secure.

I really got into the Challenge at the back as well. I got numbers 1-8, and was part of a syndicate of around 100 who broke #9 by a brute force attack. Number ten proved too large a problem until it was broken by a Swedish team.

Edit: change cipher to keyOh, oops. I missed this before I replied. Sorry, Bill! :)

Even worse, if a person other than the bank were to "read" the photons, the information would be lost and the authenticity of the bill would no longer be verifiable (I'm assuming that the photon traps have to be re-populated by the bank and the new photon states stored by the bank every time the dollar is read). From my understanding, an important part of quantum key distribution is single photon transmission, so that any any interception of a photon destroys that part of the signal, requiring a resend. Tony, that is the most likely explanation I've heard thus far. That makes a lot of sense, and that little bit of info would make this work. Now, that's not what Simon said in his book. But as I said earlier, he is a great author, but not a physicist. He might have gotten some details wrong. Quantum cryptography isn't exactly something you pick right up by reading a paper or two about it. :)

Look at One-time pads. The only reason they are considered to be unbreakable is that, with a code that changes on a daily basis by the time the Bad Guys decypher that day's code, it's useless to them other than to break the messages sent on that day.

Uh, no. A one-time pad is a key where the elements of the key are chosen completely at random and used only once[1]. The reason that it is unbreakable is that the message could be any possible message with no way to distinguish the correct message from all the other possibilities. The only way to crack a one-time pad is to have the key. What makes it impractical 99% of the time is that you need a secure means of transmitting the key to the other party and, if you have that, you may as well send the message that way.

[1] A typical application is a random string of characters that become the seed for a Ceaser Cipher. Each letter of the message gets a new seed. Essentially a Vignere Cipher with an infinitely-long, random key.

Ok, so how does this relate to the OP? Well, if the light-lock (LL) is a stagnant thing, then it's only a matter of time before the Bad Guys get the code. How difficult would it be to figure out the physics of the detector? Once you figure out the physics, the engineering wouldn't be all that difficult, especially to people who are standing to make millions, both literally and figuratively, of dollars in counterfeit bills.

The point of the light lock is that the orientations of the photons can't be read without releasing the photons from the lock. The only way to measure the orientation is to filter the photons. The filter blocks photons whose orientations don't match that of the filter and allows the photon to pass through where it does. If the photon can have any of four orientations, the filter will block three and allow one. If the orientation of the filter is wrong, you won't know what the correct orientation is. And, with only one chance to read the orientations, it is very unlikely that you will get all of them right and you are now left with a bill that is worthless.

Of course, this is all dependent on the security of the list which gives the photon orientations for a particular bill.

Uh, no. A one-time pad is a key where the elements of the key are chosen completely at random and used only once[1]. The reason that it is unbreakable is that the message could be any possible message with no way to distinguish the correct message from all the other possibilities. The only way to crack a one-time pad is to have the key. What makes it impractical 99% of the time is that you need a secure means of transmitting the key to the other party and, if you have that, you may as well send the message that way.

[1] A typical application is a random string of characters that become the seed for a Ceaser Cipher. Each letter of the message gets a new seed. Essentially a Vignere Cipher with an infinitely-long, random key.



The point of the light lock is that the orientations of the photons can't be read without releasing the photons from the lock. The only way to measure the orientation is to filter the photons. The filter blocks photons whose orientations don't match that of the filter and allows the photon to pass through where it does. If the photon can have any of four orientations, the filter will block three and allow one. If the orientation of the filter is wrong, you won't know what the correct orientation is. And, with only one chance to read the orientations, it is very unlikely that you will get all of them right and you are now left with a bill that is worthless.

Of course, this is all dependent on the security of the list which gives the photon orientations for a particular bill.

Ok so when you test the bill you lookup its orientations in some master list based on its serial number. So if you don't know the correct orientations, if you test the bill you will likely invalidate it.

I think it’s a great idea and might have lots of uses, but I just don't see how it is supposed to work with currency. To test a bills authenticity you have to know its orientations (or run the huge risk of ruining it). If this correct list of orientations is strictly controlled (like only distributed to the banks) this will not prevent someone from passing the bill to anyone except a bank. If this list is widely distributed, then sooner or later a counterfeiter will get it.

LLH

Ok so when you test the bill you lookup its orientations in some master list based on its serial number. So if you don't know the correct orientations, if you test the bill you will likely invalidate it.

I think it’s a great idea and might have lots of uses, but I just don't see how it is supposed to work with currency. To test a bills authenticity you have to know its orientations (or run the huge risk of ruining it). If this correct list of orientations is strictly controlled (like only distributed to the banks) this will not prevent someone from passing the bill to anyone except a bank. If this list is widely distributed, then sooner or later a counterfeiter will get it.

LLH


Hence the impractibility (did I make that word up?). Unfortunately cryptography is full of theoretically uncrackable algorithms that just don't work in practice. Cost is another factor. If it costs $50 to protect a $20 bill, is it really worth it? But, to my recollection, Singh was using this as a theorectical example of quantum cryptography and not necessarily advocating it as a viable means of protecting currency.

I think it’s a great idea and might have lots of uses, but I just don't see how it is supposed to work with currency. To test a bills authenticity you have to know its orientations (or run the huge risk of ruining it). If this correct list of orientations is strictly controlled (like only distributed to the banks) this will not prevent someone from passing the bill to anyone except a bank. If this list is widely distributed, then sooner or later a counterfeiter will get it. I don't think it's meant to prevent all counterfeiting, just the big stuff. This system won't stop you from printing a $20 bill on your home color laser printer and giving it to a gas station clerk. This system WILL prevent someone from printing $1 million and taking it to the bank.

Hence the impractibility (did I make that word up?). Unfortunately cryptography is full of theoretically uncrackable algorithms that just don't work in practice. Cost is another factor. If it costs $50 to protect a $20 bill, is it really worth it? But, to my recollection, Singh was using this as a theorectical example of quantum cryptography and not necessarily advocating it as a viable means of protecting currency. Well, if you have a hundred thousand $20 bills that you're trying to deposit, $50 to test a few of them seems like a bargain. :)

Well, if you have a hundred thousand $20 bills that you're trying to deposit, $50 to test a few of them seems like a bargain. :)

I was assuming that it would be $50 per bill (the light traps on each bill will likely not be cheap), but, yes, the argument could be made that spending $50 on a single bill to prevent someone from counterfeiting a million of them might be feasible.

I havent really thought it through, but I guess the system could allow the shopkeeper to contact the bank, request a few of the orientations be sent to him, and then he can check them. He would then NOT replenish the photons, and so a bill would eventually be degraded - much like dirty bills are in our current system.

I was able to read through it again and find the points that I missed before. They aren't given much emphasis in the writing, and take up just a tiny part of the overall explanation. (In case you are wondering, I read much more carefully for my job than I do when I am just reading for entertainment and relaxation. Totally different approaches.)

For one, TSG is right. After the bank validates the bill, the photons have left the light traps. So the light traps will have to be refilled, and possibly the validation database updated.

The other point that I missed relates to the behavior of photons upon reaching a polarized filter. Singh says that when photons reach a filter that is almost, but not exactly, oriented to the photon, some random things happen. Some will be blocked randomly. Some will be oriented to line up with the polarized filter. There is no way to predict what will happen with a particular photon. It is this property, according to the book, that allows the bank to validate the orientation of the photons, but prevents the counterfeiter from measuring the orientation of the photons.

But I agree with what others have said here. This is very likely an unpractical approach, and the weakness in the system is the integrity and security of the database that matches photon orientation to serial numbers.

But it makes for some fun discussion on the Internet, doesn't it? :)

I feel slightly petty, in that my first post (hello everyone) is going to be nit-picking. But that's not going to stop me :wink: Freakshow, you mention that although Singh is a great author, he's not a physicist. From his biog, I read that he has a Phd in particle physics from Cambridge. I don't know how much further work he's done in the field since then, but I think it should give him some background in the area.

Why can't the counterfeiter just put the filter in front of the light-trap, and rotate it until he observes the photon in the light trap? This should tell him the orientation. This can be done with each of the light traps, and the coutnerfeiter could recreate this in the counterfeit bill.

No, he can't. It's a single photon, so you only get one chance to do the measurement, and the single measurement doesn't actually tell you much. This isn't actually a perfect system, though. If the polarizer is oriented correctly, the probability of passing through is 100%, if it's off by 90 degress it's 0%, but the probability varies between them. Which means you have some chance of picking up the photon even if the filter is at the wrong angle, and you have some chance of blocking the photon even if you're not at exactly 90 degrees off. But the counterfeiter can't tell which is which: how far off is he if he didn't detect the photon, and how close is he if he did?. He can make some guesses based on measuring the photons, which have some probability distribution of resembling the real bill, but he can't know for sure. And the reserve banks testing a bill have some probability of accepting it even if the angles are not all correct. But with 20 different photons, the probability of such a reconstructed bill passing the test, while not zero, are VERY small - you might by chance sneak a few bill through, but if you're trying to counterfeit lots of money, most of the bills will get caught.

The main problems with this scheme, however, are two-fold: first, we don't have photon traps, and aren't likely to get any that would fit on currency any time soon. And second, counterfeit money doesn't necessarily have to be undetectable, it just has to be undetected long enough that the chain of ownership can't be traced back to the source.

Welcome Mashuna!

In the things I know about, I've found Singh very good, though not perfect. Wouldnt surprise me if he did have a PhD in physics, I know he did his undergrad in physics where I happen to work.

Since this thread is about quantum cryptography, I'll pass the comment that I think that its really poor that the technology is passed off as "unconditionally secure". Its no more secure than other forms of technological security - its just that where you're placing the faith is different. In this case the faith is being placed in the belief that the apparatuses are well modelled by an actually-quite-limited set of equations (when in reality we know there are many more degrees of freedom to them).

I once wrote an essay about this: http://xxx.lanl.gov/abs/quant-ph/0202143 if anyone is interested... (though my ideas have developed since then and in fact I'd be MUCH more scathing were I to write it today!)

I feel slightly petty, in that my first post (hello everyone) is going to be nit-picking. But that's not going to stop me :wink: Freakshow, you mention that although Singh is a great author, he's not a physicist. From his biog, I read that he has a Phd in particle physics from Cambridge. I don't know how much further work he's done in the field since then, but I think it should give him some background in the area.I thus stand corrected. :) Well, actually, I am sitting. So I sit corrected. :D

Welcome to the forum!

Welcome Mashuna!

In the things I know about, I've found Singh very good, though not perfect. Wouldnt surprise me if he did have a PhD in physics, I know he did his undergrad in physics where I happen to work.

Since this thread is about quantum cryptography, I'll pass the comment that I think that its really poor that the technology is passed off as "unconditionally secure". Its no more secure than other forms of technological security - its just that where you're placing the faith is different. In this case the faith is being placed in the belief that the apparatuses are well modelled by an actually-quite-limited set of equations (when in reality we know there are many more degrees of freedom to them).

I once wrote an essay about this: http://xxx.lanl.gov/abs/quant-ph/0202143 if anyone is interested... (though my ideas have developed since then and in fact I'd be MUCH more scathing were I to write it today!)Thanks, Tez. I am really interested in reading the paper. At this moment, I am home sick with the flu and bronchitis, so my brain isn't really firing on all cylinders. I'm a bit out of it. Actually, I'm WAY out of it. But I will read the paper at a later date. It looks very interesting.

As I said earlier, I am not a physicist, but I have extensive experience in computer and network security, and have made a very good career out of it. When I read about some idea for some unbreakable security, my alarm bells start going off. I'm paid to be more paranoid than to just trust someone when they say "Oh don't worry, its secure!" :)

Can't we just add a tracking chip to every piece of currency, and send up a fleet of tracker satellites to keep track of it all? :D

A question emerged for me, that was never addressed:

Is there a problem now, with banks being unable to tell when a bill is counterfeit? I always supposed counterfeit bills were never intended to fool banks, only vendors.

Can't we just add a tracking chip to every piece of currency, and send up a fleet of tracker satellites to keep track of it all? :D

"They" are already doing ... sorry. Wrong forum. The conspiracy forums are this way ------>.

Is there a problem now, with banks being unable to tell when a bill is counterfeit? I always supposed counterfeit bills were never intended to fool banks, only vendors.I think it's been a pretty theoretical discussion so far, not concerned with petty little practicalities like that.

From what I've seen, if you intend to counterfeit, just make sure you use starch-free paper and you'll get away with it. I get a couple of hundreds every month or so for walking around money, which I douse with spray starch as soon as I get them. Twice now I've had the clerk I gave them to check them with the "counterfiet detector" pens, which make black marks on the bills. Each time it sent them into a minor tizzy, but neither said a word to me about it and accepted the bills after a few seconds.

I think it's been a pretty theoretical discussion so far, not concerned with petty little practicalities like that.

From what I've seen, if you intend to counterfeit, just make sure you use starch-free paper and you'll get away with it. I get a couple of hundreds every month or so for walking around money, which I douse with spray starch as soon as I get them. Twice now I've had the clerk I gave them to check them with the "counterfiet detector" pens, which make black marks on the bills. Each time it sent them into a minor tizzy, but neither said a word to me about it and accepted the bills after a few seconds.

A friend prefers to make the point with less chance of fouling up the transaction--he brings in a roughly rectangular torn piece of newsprint with $100 scribbled in the corners and a cartoon face, and asks them to check it. It comes up good.

Can't we just add a tracking chip to every piece of currency, and send up a fleet of tracker satellites to keep track of it all? :D

I want to do that, but with people.