Quantum crack in cryptographic armour
A commercial quantum encryption system has been fully hacked for the first time.
In theory, quantum cryptography — the use of quantum systems to encrypt information securely — is perfectly secure. It exploits the fact that it is impossible to make measurements of a quantum system without disturbing it in some way. So, if two people — Alice and Bob, say — produce a shared quantum key to encode their messages, they can be safe in the knowledge that no third party can eavesdrop without introducing errors that will show up when they compare their keys, setting off warning bells.
In practice, however, no quantum cryptographic system is perfect and errors will creep in owing to mundane environmental noise. Quantum physicists have calculated that as long as the mismatch between Alice's and Bob's keys is below a threshold of 20%, then security has not been breached. Now, however, quantum physicist Hoi-Kwong Lo and his colleagues at the University of Toronto in Ontario, Canada, have hacked a commercial system released by ID Quantique (IDQ) in Geneva, Switzerland, while remaining below the 20% threshold.
"Even with a relatively simple attack, the hacker can get the complete key, and nobody would know anything about it," says Lo.
Lo's hack works by intercepting the bits that Alice sends to Bob while creating the key, and resending a slightly modified version to Bob. In standard quantum cryptographic techniques, Alice encodes each bit using the polarization of photons. When she sends these bits out, the polarization should be perfectly oriented in one of four directions, separated by 45 degrees (north, northeast, east or southeast).
In a perfect world, any hacking attempt would disturb a significant fraction of the bits' orientations, introducing errors just above the threshold. However, in practice, Alice cannot switch orientations for successive bits instantaneously — each time she wants to send a bit with a new orientation, she has to change the voltage applied to the photon to shift its orientation. This gives the hacker time to swoop in and hijack the bit before it is sent out to Bob, measure it, and then send it on its way again.
However, if the hacker simply sends the bit to Bob along one of the four orientations that Alice originally defined, the hacker's presence will be discovered because his measurements will introduce random errors into the system that exceed the 20% limit. But Lo's team has now demonstrated that if the hacker sneakily sends the bits along slightly different directions, the errors introduced by his interference will fall just under the 20% threshold at 19.7%1.
Hack attack: read on....