Shape of things to comeSetback: Laser breaks "unbreakable" quantum communications

Quantum cryptography is supposed to be unbreakable because the very breaking of the encryption would alert the transmitter and receiver to the presence of an eavesdropper. Well, so much for the theory, because a flaw in a common type of equipment currently in use makes it possible to intercept messages without detection.

Quantum cryptography has been used by some banks to protect data, and even to hide election results in Switzerland last year (see 12 October 2007 HS Daily Wire story). Now, New Scientist’s David Robson writes, researchers have discovered that shining bright light into the sensitive equipment needed makes it possible to hijack communications without a trace. “It turns the equipment into a puppet-box that an eavesdropper can control,” says Vadim Makarov from the Norwegian University of Science and Technology in Trondheim, who uncovered the vulnerability.

Quantum cryptography relies on both users sharing a secret key, each digit of which is encoded into the polarization of an individual light photon. “Alice,” the sender transmits a stream of photons signaling either 1s or 0s, but for each one she randomly chooses from one of two ways to encode the digit. Because the receiver, “Bob,” does not know which system Alice has used he must be able to decode both types and has two pairs of photon detectors — one for each system. A beam splitter randomly directs each photon received to one of the pairs. If a photon reaches the correct pair it is decoded correctly; if not, Bob receives a false result.

Once the transmission is over, Alice uses an unencrypted channel to tell Bob which system she used for each photon. Digits decoded wrongly are discarded to reveal the final secret key used to secure later communications. In practice, these steps are carried out automatically by a computer system.

An eavesdropper, “Eve,” who intercepts the transmission, must emulate Bob’s detection method and then pass the data on to him unaltered to fool him everything is normal. Quantum mechanics, however, makes this impossible. The message will have been inevitably changed by Eve’s very interception to contain errors which reveal her presence when Alice and Bob compare notes later.

Now, however, Makarov and colleagues from Sweden and Russia have shown that Eve could control Bob’s equipment, so that they both decode exactly the same digits from Alice’s transmission. When Alice later tells Bob which photons he encoded wrong, Eve can learn the key by listening in on the unencrypted message, and there are no extra errors to give her away.

The method exploits the way a common type of photon counter can have its sensitivity reduced by a very bright flash of light. The attack begins when Eve fires a pulse of laser light to all four detectors in Bob’s equipment. After that, Eve can send a second pulse and target it to just one of the four detectors. The pulse is a burst of many single photons all encoded using the same of the two quantum systems, and all carrying the same digit.

Bob’s beam splitter initially sends half the photons to each pair of detectors. Photons that reach the detector which is not designed for that encoding system are split again between the two detectors — but not enough power reaches them to exceed the newly raised sensitivity threshold. The half of the initial pulse that reaches the pair designed for that encoding system are all directed to a single detector — this time with enough intensity to exceed its raised threshold, and it registers a digit. So by sending on a sequence of encoded photons that are identical to the ones she receives from Alice, Eve can safely intercept a message without leaving the tell-tale quantum errors.

Makarov and colleagues have now uncovered such vulnerabilities in two of the three types of quantum equipment commonly used. They are now investigating ways to solve the flaw without introducing more weaknesses.

Norbert Lütkenhaus from the Institute for Quantum Computing in Waterloo, Canada, acknowledges Makarov’s team has discovered a flaw, but he points out that the stronger laser pulses used to prime the detector might be noticed by Bob, giving away the attack. “I don’t think it’s a serious flaw,” he says. Makarov counters that the initial bright flash would likely be mistaken for noise.

-read more in Vadim Makarov, Andrey Anisimov, and Sebastien Sauge, “Can Eve Control Perkin-Elmer Actively-Quenched Single-Photon Detector?” Arxiv 919 September 2008); see also this 21 April 2008 HS Daily Wire story about vulnerabilities in quantum communication discovered by Swedish researchers