We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Emerging Technology from the arXiv

A View from Emerging Technology from the arXiv

Commercial Quantum Cryptography System Hacked

Physicists have mounted the first successful attack of its kind on a commercial quantum cryptography system.

  • May 17, 2010

When it comes to secure messaging, nothing beats quantum cryptography, a method that offers perfect security. Messages sent in this way can never be cracked by an eavesdropper, no matter how powerful.

At least, that’s the theory. Today, Feihu Xu, Bing Qi and Hoi-Kwong Lo at the University of Toronto in Canada say they have broken a commercial quantum cryptography system made by the Geneva-based quantum technology startup ID Quantique, the first successful attack of its kind on a commercially-available system.

Here’s how they did it. Any proof that quantum cryptography is perfect relies on assumptions that don’t always hold true in the real world. Identify one of these weaknesses and you’ve found a loophole that can be exploited to hack in to such a system.

The new attack is based on assumptions made about the types of errors that creep in to quantum messages. Alice and Bob always keep a careful eye on the level of errors in their messages because they know that Eve will introduce errors if she intercepts and reads any of the quantum bits. So a high error rate is a sign that the message is being overheard.

However, it is impossible to get rid of errors entirely. There will always be noise in any real world system so Alice and Bob have to tolerate a small level of error. This level is well known. Various proofs show that if the quantum bit error rate is less than 20 per cent, then the message is secure.

However, these proofs assume that the errors are the result of noise from the environment. Feihu and co say that one key assumption is that the sender, Alice, can prepare the the required quantum states without errors. She then sends these states to Bob and together they use them to generate a secret key that can be used as a one-time pad to send a secure message.

But in the real world, Alice always introduces some errors into the quantum states she prepares and it is this that Feihu have exploited to break the system.

They say this extra noise allows Eve to intercept some of the quantum bits, read them and then send them on, in a way that raises the error rate to only 19.7 per cent. In this kind of “intercept and resend attack”, the error rate stays below the 20 per cent threshold and Alice and Bob are none the wiser, happily exchanging keys while Eve listens in unchallenged.

Feihi and co say they’ve even tested the idea successfully on a system from ID Quantique.

That’s a significant blow to commercial quantum cryptography but not because ID Quantique’s system is now breakable. It is not. Now that the weakness is known, it’s relatively easy for the company to institute more careful checks on the way Alice prepares her states so that unknown errors are less likely.

However, there is now a significant body of work showing how to break conventional quantum cryptography systems based on various practical weaknesses in the way they are set up; things like unwanted internal reflections in the gear that generates quantum bits, efficiency mismatches between photon detectors and lasers that produce extra, hidden photons that Eve can latch on to. All these have been used to find cracks in the system.

But while the known loopholes can be papered over, it’s the unknown ones that represent threats in the future. The problem that Feihu and co have opened up is in showing how easy it is with a little malicious intent to bend the assumptions behind perfect quantum cryptography. That will have a few quantum cryptographers losing sleep in the months and years to come.

Ref: arxiv.org/abs/1005.2376: Experimental Demonstration Of Phase-Remapping Attack In A Practical Quantum Key Distribution System

Want to go ad free? No ad blockers needed.

Become an Insider
Already an Insider? Log in.
Want more award-winning journalism? Subscribe to Insider Plus.
  • Insider Plus {! insider.prices.plus !}*

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

    See details+

    Print + Digital Magazine (6 bi-monthly issues)

    Unlimited online access including all articles, multimedia, and more

    The Download newsletter with top tech stories delivered daily to your inbox

    Technology Review PDF magazine archive, including articles, images, and covers dating back to 1899

    10% Discount to MIT Technology Review events and MIT Press

    Ad-free website experience

You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.