A first: Commercial quantum cryptography system hacked

Published 18 May 2010

Physicists have mounted the first successful attack of its kind on a commercial quantum cryptography system; since in the real world it is impossible to get rid of errors entirely, quantum encryption tolerates a small level of error; various proofs show that if the quantum bit error rate is less than 20 percent, then the message is secure; these proofs, though, assume that the errors are the result of noise from the environment; researchers show how hackers can exploit this assumption

They tell us that when it comes to secure messaging, nothing beats quantum cryptography, a method that offers perfect communication security. Messages sent using quantum keys can never be cracked by an eavesdropper, no matter how powerful (“Breakthrough: new record bit rate for quantum key distribution,” 21 April 2010 HSNW; and “Encryption breakthrough: new way to generate random numbers,” 24 November 2008 HSNW).

This is what the theory of quantum encryption says. Technology Review reports that Feihu Xu, Bing Qi, and Hoi-Kwong Lo at the University of Toronto in Canada say they have broken a commercial quantum cryptography system made by the Geneva-based quantum technology startup ID Quantique, the first successful attack of its kind on a commercially-available system.

Here is how they did it. Technology Review notes that any proof that quantum cryptography is perfect relies on assumptions that do not always hold true in the real world. Identify one of these weaknesses and you have found a loophole that can be exploited to hack in to such a system.

The new attack is based on assumptions made about the types of errors that creep in to quantum messages. Alice and Bob always keep a careful eye on the level of errors in the messages they send each other because they know that Eve will introduce errors if she intercepts and reads any of the quantum bits. So a high error rate is a sign that the message is being overheard.

It is impossible, however, to get rid of errors entirely. There will always be noise in any real world system so Alice and Bob have to tolerate a small level of error. This level is well known. Various proofs show that if the quantum bit error rate is less than 20 percent, then the message is secure.

These proofs, though, assume that the errors are the result of noise from the environment. Feihu and colleagues say that one key assumption is that the sender, Alice, can prepare the required quantum states without errors. She then sends these states to Bob and together they use them to generate a secret key that can be used as a one-time pad to send a secure message.

In the real world, Alice always introduces some errors into the quantum states she prepares and it is this that Feihu and his colleagues have exploited to break the system.


They say this extra noise allows Eve to intercept some of the quantum bits, read them and then send them on, in a way that raises the error rate to only 19.7 per cent. In this kind of “intercept and resend attack,” the error rate stays below the 20 percent threshold and Alice and Bob are none the wiser, happily exchanging keys while Eve listens in unchallenged.

Feihi and colleagues say they have even tested the idea successfully on a system from ID Quantique.

Technology Review notes that this is a significant blow to commercial quantum cryptography but not because ID Quantique’s system is now breakable. It is not. Now that the weakness is known, it is relatively easy for the company to institute more careful checks on the way Alice prepares her states so that unknown errors are less likely.

There is now a significant body of work showing how to break conventional quantum cryptography systems based on various practical weaknesses in the way they are set up; things like unwanted internal reflections in the gear that generates quantum bits, efficiency mismatches between photon detectors, and lasers that produce extra, hidden photons that Eve can latch on to. All these have been used to find cracks in the system.

While the known loopholes can be papered over, it is the unknown ones that represent threats in the future. The problem that Feihu and his colleagues have opened up is in showing how easy it is with a little malicious intent to bend the assumptions behind perfect quantum cryptography. That will have a few quantum cryptographers losing sleep in the months and years to come.

Ref: arxiv.org/abs/1005.2376: Experimental Demonstration Of Phase-Remapping Attack In A Practical Quantum Key Distribution System

-Read more in Feihu Xu, Bing Qi, Hoi-Kwong Lo, “Experimental demonstration of phase-remapping attack in a practical quantum key distribution system,” arXiv.org (13 May 2010)