Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

When it comes to secure messaging, nothing beats quantum cryptography, a method that offers perfect security. Messages sent in this way can never be cracked by an eavesdropper, no matter how powerful.

At least, that’s the theory. Today, Feihu Xu, Bing Qi and Hoi-Kwong Lo at the University of Toronto in Canada say they have broken a commercial quantum cryptography system made by the Geneva-based quantum technology startup ID Quantique, the first successful attack of its kind on a commercially-available system.

Here’s how they did it. Any proof that quantum cryptography is perfect relies on assumptions that don’t always hold true in the real world. Identify one of these weaknesses and you’ve found a loophole that can be exploited to hack in to such a system.

The new attack is based on assumptions made about the types of errors that creep in to quantum messages. Alice and Bob always keep a careful eye on the level of errors in their messages because they know that Eve will introduce errors if she intercepts and reads any of the quantum bits. So a high error rate is a sign that the message is being overheard.

However, it is impossible to get rid of errors entirely. There will always be noise in any real world system so Alice and Bob have to tolerate a small level of error. This level is well known. Various proofs show that if the quantum bit error rate is less than 20 per cent, then the message is secure.

However, these proofs assume that the errors are the result of noise from the environment. Feihu and co say that one key assumption is that the sender, Alice, can prepare the the required quantum states without errors. She then sends these states to Bob and together they use them to generate a secret key that can be used as a one-time pad to send a secure message.

But in the real world, Alice always introduces some errors into the quantum states she prepares and it is this that Feihu have exploited to break the system.

They say this extra noise allows Eve to intercept some of the quantum bits, read them and then send them on, in a way that raises the error rate to only 19.7 per cent. In this kind of “intercept and resend attack”, the error rate stays below the 20 per cent threshold and Alice and Bob are none the wiser, happily exchanging keys while Eve listens in unchallenged.

Feihi and co say they’ve even tested the idea successfully on a system from ID Quantique.

That’s a significant blow to commercial quantum cryptography but not because ID Quantique’s system is now breakable. It is not. Now that the weakness is known, it’s relatively easy for the company to institute more careful checks on the way Alice prepares her states so that unknown errors are less likely.

However, there is now a significant body of work showing how to break conventional quantum cryptography systems based on various practical weaknesses in the way they are set up; things like unwanted internal reflections in the gear that generates quantum bits, efficiency mismatches between photon detectors and lasers that produce extra, hidden photons that Eve can latch on to. All these have been used to find cracks in the system.

But while the known loopholes can be papered over, it’s the unknown ones that represent threats in the future. The problem that Feihu and co have opened up is in showing how easy it is with a little malicious intent to bend the assumptions behind perfect quantum cryptography. That will have a few quantum cryptographers losing sleep in the months and years to come.

Ref: arxiv.org/abs/1005.2376: Experimental Demonstration Of Phase-Remapping Attack In A Practical Quantum Key Distribution System


5 comments. Share your thoughts »

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me
×

A Place of Inspiration

Understand the technologies that are changing business and driving the new global economy.

September 23-25, 2014
Register »