Quantum cryptography, light traps, and counterfeit-proof dollar bills

[Freakshow]

My expertise is in computer and network security. I'm not a physicist. I was hoping someone could help explain something to me.

I have read "The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography", but Simon Singh. In the section on quantum cryptography, he talks about an idea (not his idea, he is simply an author who is writing about many other people's cryptography work) for making dollar bills that cannot possibly be counterfeited. He doesn't say they would be difficult to counterfeit. He says it will be impossible.

The idea is to have a dollar bill with "light traps" (which don't exist yet) that can capture and hold a single photon. The photon will of course have one specific polarization. There would be, for example, 20 light traps, each with a single photon, each with a random polarization. The bill will also have a serial number on it.

Before the bill is released into circulation, the serial number and orientation of the photons in the light traps is recorded. So later, the bank could examine the serial number, look up the orientation of the photons in the light traps, and then measure the orientations with polarizing filters. If they are the correct orientation for what that bill should be (associated with its serial number), then they know that the bill is genuine, and not counterfeit.

He says that a counterfeiter would not be able to recreate the light traps with the correct polarization, because the counterfeiter cannot measure them. Of course, he tosses in the Heisenberg uncertainty principle.

But what Singh says makes no sense. He says that the counterfeiter could put a polarized filter in front of the light trap, and if it is not the correct orientation, the counterfeiter knows that it is incorrect. However, he said that the counterfeiter has no way to determine the correct orientation.

Why can't the counterfeiter just put the filter in front of the light-trap, and rotate it until he observes the photon in the light trap? This should tell him the orientation. This can be done with each of the light traps, and the coutnerfeiter could recreate this in the counterfeit bill.

It was my impression that the bank would measure the orientation of the photons in the light traps in the same way: orient polarized filters to be what should be correct for the light traps in that bill, and check if the photon in the light trap can be observed through it.

So why wouldn't my very obvious solution work? Note that Singh did not say it would be difficult and expensive to counterfeit the bill. He said that, due to the Heisenberg uncertainty principle, it would be impossible.

Can a physicist clear this up for me? I get the feeling that Singh neglected something in his explanations.

 

[LordoftheLeftHand]

While I can't really comment on the science aspect of the question, but I would wager you are correct. That anything that can be produced, can just be produced again by someone else willing to work hard enough.

Maybe a bill that costs more to produce/reproduce than its face value would work (making counterfeiting not profitable). Of course this might have serious economic consequences...

What we really need to stop counterfeiters is magical floobie ink!

LLH

 

[Freakshow]

While I can't really comment on the science aspect of the question, but I would wager you are correct. That anything that can be produced, can just be produced again by someone else willing to work hard enough.

Maybe a bill that costs more to produce/reproduce than its face value would work (making counterfeiting not profitable). Of course this might have serious economic consequences...

What we really need to stop counterfeiters is magical floobie ink!

LLH

I agree about making a bill more expensive to produce than its face value. And reading about the bill, that is what I would think. But Singh specifically said that it was NOT POSSIBLE to copy the bill, with the correct orientation of the photons in all the light traps. Not only can it not be created, but he said they could not even be measured. I'm not totally sure Singh got all his facts right on this one.

But it is overall a VERY good book. I'd recommend it to anyone who is interested in cryptography.

 

[clarsct]

Hmmmmmmm.

If it cannot be measured, then how will the bank know it is real?

If it cannot be reproduced, then how will we encode the serial numbers correctly? If orientation A is a 1 and orientation B is a 2, and so on, then they MUST be able to be reproduced. Unless a random orientation is produced for EACH specific bill. This would be akin to naming them. So where and how is this database accessed?

I think that what he is trying to say is that each light trap would be different, and that we couldn't make them the same, no matter how we try. This is where he invokes Heisenburg.

It would be easier to hack the system and put on the serial numbers on the bill that most closely match the light traps you've made.

Thus, each bill has a unique light trap set to go with its serial number.

How much is the tech for these 'light traps'. Unknown. If it is more than the cost of printing the bill, then yes, we have problems. I wouldn't think it would be used for a one dollar bill, however.

 

[LordoftheLeftHand]

I agree about making a bill more expensive to produce than its face value. And reading about the bill, that is what I would think. But Singh specifically said that it was NOT POSSIBLE to copy the bill, with the correct orientation of the photons in all the light traps. Not only can it not be created, but he said they could not even be measured. I'm not totally sure Singh got all his facts right on this one.

But it is overall a VERY good book. I'd recommend it to anyone who is interested in cryptography.

Well if these photons can't be measured, how can the bank measure them (or how could something that is unmeasurable contain useful information)? Even if they could only be measured at the bank (which seems doubtful), how would this prevent someone from passing the bill to a merchant? Seems a little fishy to me as well.

LLH

 

[Rof]

Why can't the counterfeiter just put the filter in front of the light-trap, and rotate it until he observes the photon in the light trap? This should tell him the orientation. This can be done with each of the light traps, and the coutnerfeiter could recreate this in the counterfeit bill.

Each light trap contains a single photon, remember. You can only measure a single photon once; if it's blocked by the polarizer, then it's gone forever, there's no way to replicate it.

Note, of course, this means that the bank is only able to check each bill once for authenticity.

 

[Ed]

Try emailing Simon. He is reasonably responsive..

simon@simonsingh.net

Actually he might be at TAM, I think he told me he was at the last one. You might ask Linda if he has registered.

 

[TonyL]

Each light trap contains a single photon, remember. You can only measure a single photon once; if it's blocked by the polarizer, then it's gone forever, there's no way to replicate it.

Note, of course, this means that the bank is only able to check each bill once for authenticity.

Even worse, if a person other than the bank were to "read" the photons, the information would be lost and the authenticity of the bill would no longer be verifiable (I'm assuming that the photon traps have to be re-populated by the bank and the new photon states stored by the bank every time the dollar is read). From my understanding, an important part of quantum key distribution is single photon transmission, so that any any interception of a photon destroys that part of the signal, requiring a resend. Granted, my experience with quantum cryptography is limited to seeing a few talks and reading a few papers about quantum key distribution, so although slightly knowlegable, I'm not an expert and may be mistaken.

 

[CurtC]

So did you do the puzzles in the back of the book?

I did the ones up through the Vigniere (sp?) cipher, and I recall doing that one on an airplane with only pencil and paper. I hafta say I was kinda impressed with myself then. I didn't even attempt the more advanced ones though.

 

[chulbert]

Each light trap contains a single photon, remember. You can only measure a single photon once; if it's blocked by the polarizer, then it's gone forever, there's no way to replicate it.

Note, of course, this means that the bank is only able to check each bill once for authenticity.

Rof is correct. Once you let the photon out of its cage, you only have one shot to guess the polarization. Guessing 20 of them correctly at the same time is statistically impossible and once you've failed, you've got an "empty" bill, which is then valueless (and would almost certainly be a crime to possess). But even if you did happen to do it once, you've only copied a single bill.

My main concern with an "uncrackable" system like this is that we might rely upon it almost exclusively and that eventually the monetary database, however secure it might be, would someday be compromised.

 

[kmortis]

Rule of thumb: Any lock can be picked.

It is only a matter of time. To be produced, it has to be able to be reproduced.

Look at One-time pads. The only reason they are considered to be unbreakable is that, with a code that changes on a daily basis by the time the Bad Guys decypher that day's code, it's useless to them other than to break the messages sent on that day. Since a goodly portion of classified data that would require the use of a OTP is usually (can I put any more qualifiers in this?) time-sensitive (e.g. along the lines of "We bomb the target tonite"), breaking the OTP after the fact isn't all that usefull.

Ok, so how does this relate to the OP? Well, if the light-lock (LL) is a stagnant thing, then it's only a matter of time before the Bad Guys get the code. How difficult would it be to figure out the physics of the detector? Once you figure out the physics, the engineering wouldn't be all that difficult, especially to people who are standing to make millions, both literally and figuratively, of dollars in counterfeit bills.

 

[BillC]

The strength of a one-time pad comes from the fact that it is (or should be) used literally only once, not as a 'day key' for a day's-worth of different messages. If a one-time pad is used only once, and the pads are kept secure at both sending and receiving ends, then it is demonstrably impossible, not just very hard, to break. The weakness of the OTP is keeping the pads secure.

I really got into the Challenge at the back as well. I got numbers 1-8, and was part of a syndicate of around 100 who broke #9 by a brute force attack. Number ten proved too large a problem until it was broken by a Swedish team.

Edit: change cipher to key

 

[Freakshow]

Thanks for the replies, everyone. And Ed, thanks for the info on Simon. I'll e-mail him and give it a shot. Although I may know very little about physics, my job is a Senior Engineer doing security work for one of the most well-known tech companies in the world. I'll e-mail him from my work address, as that should up the chances of him reading it and responding.

ETA: I'll be sure to re-read the section carefully one more time before e-mailing him. But I've already read it more than once (and those were not deeply careful readings). If the answer is in there, it is far from obvious.

 

[Freakshow]

Rule of thumb: Any lock can be picked.

It is only a matter of time. To be produced, it has to be able to be reproduced.

Look at One-time pads. The only reason they are considered to be unbreakable is that, with a code that changes on a daily basis by the time the Bad Guys decypher that day's code, it's useless to them other than to break the messages sent on that day. Since a goodly portion of classified data that would require the use of a OTP is usually (can I put any more qualifiers in this?) time-sensitive (e.g. along the lines of "We bomb the target tonite"), breaking the OTP after the fact isn't all that usefull.

Ok, so how does this relate to the OP? Well, if the light-lock (LL) is a stagnant thing, then it's only a matter of time before the Bad Guys get the code. How difficult would it be to figure out the physics of the detector? Once you figure out the physics, the engineering wouldn't be all that difficult, especially to people who are standing to make millions, both literally and figuratively, of dollars in counterfeit bills.

Actually, to REALLY be considered a one-time pad, it should be used for one and only one message.

 

[Freakshow]

The strength of a one-time pad comes from the fact that it is (or should be) used literally only once, not as a 'day key' for a day's-worth of different messages. If a one-time pad is used only once, and the pads are kept secure at both sending and receiving ends, then it is demonstrably impossible, not just very hard, to break. The weakness of the OTP is keeping the pads secure.

I really got into the Challenge at the back as well. I got numbers 1-8, and was part of a syndicate of around 100 who broke #9 by a brute force attack. Number ten proved too large a problem until it was broken by a Swedish team.

Edit: change cipher to key

Oh, oops. I missed this before I replied. Sorry, Bill!

 

[Freakshow]

Even worse, if a person other than the bank were to "read" the photons, the information would be lost and the authenticity of the bill would no longer be verifiable (I'm assuming that the photon traps have to be re-populated by the bank and the new photon states stored by the bank every time the dollar is read). From my understanding, an important part of quantum key distribution is single photon transmission, so that any any interception of a photon destroys that part of the signal, requiring a resend.

Tony, that is the most likely explanation I've heard thus far. That makes a lot of sense, and that little bit of info would make this work. Now, that's not what Simon said in his book. But as I said earlier, he is a great author, but not a physicist. He might have gotten some details wrong. Quantum cryptography isn't exactly something you pick right up by reading a paper or two about it.

 

[tsg]

Look at One-time pads. The only reason they are considered to be unbreakable is that, with a code that changes on a daily basis by the time the Bad Guys decypher that day's code, it's useless to them other than to break the messages sent on that day.

Uh, no. A one-time pad is a key where the elements of the key are chosen completely at random and used only once[1]. The reason that it is unbreakable is that the message could be any possible message with no way to distinguish the correct message from all the other possibilities. The only way to crack a one-time pad is to have the key. What makes it impractical 99% of the time is that you need a secure means of transmitting the key to the other party and, if you have that, you may as well send the message that way.

[1] A typical application is a random string of characters that become the seed for a Ceaser Cipher. Each letter of the message gets a new seed. Essentially a Vignere Cipher with an infinitely-long, random key.

Ok, so how does this relate to the OP? Well, if the light-lock (LL) is a stagnant thing, then it's only a matter of time before the Bad Guys get the code. How difficult would it be to figure out the physics of the detector? Once you figure out the physics, the engineering wouldn't be all that difficult, especially to people who are standing to make millions, both literally and figuratively, of dollars in counterfeit bills.

The point of the light lock is that the orientations of the photons can't be read without releasing the photons from the lock. The only way to measure the orientation is to filter the photons. The filter blocks photons whose orientations don't match that of the filter and allows the photon to pass through where it does. If the photon can have any of four orientations, the filter will block three and allow one. If the orientation of the filter is wrong, you won't know what the correct orientation is. And, with only one chance to read the orientations, it is very unlikely that you will get all of them right and you are now left with a bill that is worthless.

Of course, this is all dependent on the security of the list which gives the photon orientations for a particular bill.

 

[LordoftheLeftHand]

Uh, no. A one-time pad is a key where the elements of the key are chosen completely at random and used only once[1]. The reason that it is unbreakable is that the message could be any possible message with no way to distinguish the correct message from all the other possibilities. The only way to crack a one-time pad is to have the key. What makes it impractical 99% of the time is that you need a secure means of transmitting the key to the other party and, if you have that, you may as well send the message that way.

[1] A typical application is a random string of characters that become the seed for a Ceaser Cipher. Each letter of the message gets a new seed. Essentially a Vignere Cipher with an infinitely-long, random key.



The point of the light lock is that the orientations of the photons can't be read without releasing the photons from the lock. The only way to measure the orientation is to filter the photons. The filter blocks photons whose orientations don't match that of the filter and allows the photon to pass through where it does. If the photon can have any of four orientations, the filter will block three and allow one. If the orientation of the filter is wrong, you won't know what the correct orientation is. And, with only one chance to read the orientations, it is very unlikely that you will get all of them right and you are now left with a bill that is worthless.

Of course, this is all dependent on the security of the list which gives the photon orientations for a particular bill.

Ok so when you test the bill you lookup its orientations in some master list based on its serial number. So if you don't know the correct orientations, if you test the bill you will likely invalidate it.

I think it’s a great idea and might have lots of uses, but I just don't see how it is supposed to work with currency. To test a bills authenticity you have to know its orientations (or run the huge risk of ruining it). If this correct list of orientations is strictly controlled (like only distributed to the banks) this will not prevent someone from passing the bill to anyone except a bank. If this list is widely distributed, then sooner or later a counterfeiter will get it.

LLH

 

[tsg]

Ok so when you test the bill you lookup its orientations in some master list based on its serial number. So if you don't know the correct orientations, if you test the bill you will likely invalidate it.

I think it’s a great idea and might have lots of uses, but I just don't see how it is supposed to work with currency. To test a bills authenticity you have to know its orientations (or run the huge risk of ruining it). If this correct list of orientations is strictly controlled (like only distributed to the banks) this will not prevent someone from passing the bill to anyone except a bank. If this list is widely distributed, then sooner or later a counterfeiter will get it.

LLH

Hence the impractibility (did I make that word up?). Unfortunately cryptography is full of theoretically uncrackable algorithms that just don't work in practice. Cost is another factor. If it costs $50 to protect a $20 bill, is it really worth it? But, to my recollection, Singh was using this as a theorectical example of quantum cryptography and not necessarily advocating it as a viable means of protecting currency.

 

[chulbert]

I think it’s a great idea and might have lots of uses, but I just don't see how it is supposed to work with currency. To test a bills authenticity you have to know its orientations (or run the huge risk of ruining it). If this correct list of orientations is strictly controlled (like only distributed to the banks) this will not prevent someone from passing the bill to anyone except a bank. If this list is widely distributed, then sooner or later a counterfeiter will get it.

I don't think it's meant to prevent all counterfeiting, just the big stuff. This system won't stop you from printing a $20 bill on your home color laser printer and giving it to a gas station clerk. This system WILL prevent someone from printing $1 million and taking it to the bank.