Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Encryption Science Technology

Commercial Quantum Cryptography System Hacked 117

KentuckyFC writes "Any proof that quantum cryptography is perfect relies on idealized assumptions that don't always hold true in the real world. One such assumption is related to the types of errors that creep into quantum messages. Alice and Bob always keep a careful eye on the level of errors in their messages because they know that Eve will introduce errors if she intercepts and reads any of the quantum bits in a message. So a high error rate is a sign that the message is being overheard. But it is impossible to get rid of errors entirely, so Alice and Bob have to tolerate a small level of error. This level is well known. Various proofs show that if the quantum bit error rate is less than 20 percent, then the message is secure. However, these proofs assume that the errors are the result of noise from the environment. Now, physicists have come up with an attack based on the realization that Alice also introduces errors when she prepares the required quantum states to send to Bob. This extra noise allows Eve to intercept some of the quantum bits, read them and then send them on, in a way that raises the error rate to only 19.7 percent. In this kind of 'intercept and resend attack,' the error rate stays below the 20 percent threshold and Alice and Bob are none the wiser, happily exchanging keys while Eve listens in unchallenged. The physicists say they have successfully used their hack on a commercial quantum cryptography system from the Geneva-based startup ID Quantique."
This discussion has been archived. No new comments can be posted.

Commercial Quantum Cryptography System Hacked

Comments Filter:
  • by SomeJoel ( 1061138 ) on Monday May 17, 2010 @06:24PM (#32245794)

    Alice is a man.

    I disagree, as per TFS:

    Alice also introduces errors when she prepares the required quantum states to send to Bob

  • Re:Quantum Bullshit (Score:2, Informative)

    by arndawg ( 1468629 ) on Monday May 17, 2010 @06:35PM (#32245932)
    It's not just that you can tell when a message have been altered. It's that you can tell if someone have been eavesdropping.
  • Re:Quantum Bullshit (Score:3, Informative)

    by Hurricane78 ( 562437 ) <deleted@slashdoA ... inus threevowels> on Monday May 17, 2010 @07:22PM (#32246560)

    All a man in the middle attack has to do is read the message, recreate it, and send out a spoofed message instead of the original message.

    Reading the message is trivial.

    You don’t understand quantum physics AT ALL, do you? Or you’re just a troll.

    Read up on entanglement.

    There is no way to recreate the message. Because you can’t entangle the photons again. It’s literally physically impossible.

  • by Dthief ( 1700318 ) on Monday May 17, 2010 @08:51PM (#32247470)
    Insightful FTA:

    Moreover, in our attack, Eve only sends two states to Bob. Alice and Bob can detect this attack by estimating the statistics of the four BB84 states. Note that, once a security loophole has been found, it is often easy to develop countermeasures. However, the unanticipated attacks are the most fatal ones.

  • Re:Quantum Bullshit (Score:4, Informative)

    by Interoperable ( 1651953 ) on Monday May 17, 2010 @08:57PM (#32247514)

    Sending out the spoofed message is trivial.

    No it isn't. It's impossible to do it with better than 50% accuracy, which will make the man-in-the-middle very, very detectable. None of the useful information is ever sent using quantum bits, it's only one-time-pad style key. If a man-in-the-middle is detected, the key is not used and no secure information is breached. I mentioned it in an above post, but the best that a "hacker" could ever do is get a few random bits of information out of every hundred, even with this attack. That isn't enough information about the key to extract any information about the message.

    Alice and Bob compare measurement results before send the message. There is theoretically no way to intercept and resend bits or eavesdrop without introducing errors.

  • by ortholattice ( 175065 ) on Monday May 17, 2010 @09:24PM (#32247706)
    But at what dark-count rate? There are always trade-offs.

    The dark count is essentially zero. That's what makes this breakthrough so impressive.

    FTA I linked:

    "When these detectors indicate they've spotted a photon, they're trustworthy. They don't give false positives," says Nam, a physicist with NIST's Optoelectronics division. "Other types of detectors have really high gain so they can measure a single photon, but their noise levels are such that occasionally a noise glitch is mistakenly identified as a photon. This causes an error in the measurement. Reducing these errors is really important for those who are doing calculations or communications."

  • by Interoperable ( 1651953 ) on Monday May 17, 2010 @10:32PM (#32248248)

    I happen to have have read a number of such papers because it is related to the field that I work in and I have some idea of what is involved in determining bounds on error rates. They are absolutely proofs in the very strictest sense of the word. They state up-front what the assumptions are and derive rigorous proofs within the conditions that were laid out.

    The mathematical premises are completely sound. The only question is what physical system the assumptions used to arrive at those premises apply to. The idealized system is clearly laid out in the paper and can be assessed for how applicable it is to a given physical system. To say that the premises are unsound because the simplifying assumptions may not apply to real systems is to reject any mathematical analysis of the physical world.

    You are confusing the ideas of a premise in mathematics and an assumption in physics. What has been done is the different between a correct analysis of an idealized system. What you claim is that an incorrect analysis of a realistic model has occurred, which is incorrect.

  • Re:Quantum Bullshit (Score:3, Informative)

    by Interoperable ( 1651953 ) on Tuesday May 18, 2010 @12:11PM (#32253988)

    I was basing my description on the BB84 cryptographic protocol. That protocol does not use an entangling source, rather it sends single q-bits along a quantum channel to be detected by Bob. I interpreted a man-in-the-middle attack to be an intercept-resend attack in that channel. So:

    Ideal: Alice --------> Bob

    MITM: Alice ------> detect - read - resend ------> Bob

    If the channel is noise-free, the detectors are ideal and the states are prepared perfectly, this is theoretically secure against if error rates are lower than 20%. The article exploits imperfectly prepared states in a first-generation commercial system to gain full access to information using an elaborate intercept resend attack.

    A system that uses entangled sources is employed to boost transmission distances by sending entangled pairs to Alice and Bob from a central source, thus reducing distances:

    Alice ------- Pair Source -------> Bob

    In simple schemes, the source has to be trusted because it is vulnerable to MITM attacks; however, the scheme can be secured using more elaborate techniques. For example, if Alice and Bob each generate an entangled pair and send one side of those pairs to a central location, then no party at that location can break into the information. This is called entanglement swapping.

    The system developed by Id Quantique is a very simplistic implementation of the BB84 protocol using time-bin encoded q-bits. It uses no entangled pairs, just a source at Alice and a detector at Bob. It uses imperfect sources, detectors and channels and is in no way theoretically secure against all attacks.

    I once attended a presentation made by an Id Quantique representative to a room of experts (among them was Brassard, one of the "B"s of the BB84 protocol). The representative made a list of what was needed to build a quantum cryptography system. It included: books on TCP/IP protocols, Linux driver manuals and fiber optic cable. Absent was a source of quantum light (they use weak lasers, not true quantum sources), or a text on quantum optics.

    The point was that the commercial systems are not attempting to implement the elaborate privacy-increasing techniques that are being thought out by the academics in quantum information. They are simple, first-generation devices that aren't trying to keep up with attacks devised by the academic community.

    Quantum cryptography absolutely can be theoretically secure if proper sources and detectors are used. Such sources are difficult to build and are very expensive at the moment but much effort is being directed towards that goal. The other side of the coin is that much effort is going into determining exactly what attacks can be leveled against particular imperfections in equipment and how those attacks can be countered.

Competence, like truth, beauty, and contact lenses, is in the eye of the beholder. -- Dr. Laurence J. Peter