Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Encryption Science Technology

Commercial Quantum Cryptography System Hacked 117

KentuckyFC writes "Any proof that quantum cryptography is perfect relies on idealized assumptions that don't always hold true in the real world. One such assumption is related to the types of errors that creep into quantum messages. Alice and Bob always keep a careful eye on the level of errors in their messages because they know that Eve will introduce errors if she intercepts and reads any of the quantum bits in a message. So a high error rate is a sign that the message is being overheard. But it is impossible to get rid of errors entirely, so Alice and Bob have to tolerate a small level of error. This level is well known. Various proofs show that if the quantum bit error rate is less than 20 percent, then the message is secure. However, these proofs assume that the errors are the result of noise from the environment. Now, physicists have come up with an attack based on the realization that Alice also introduces errors when she prepares the required quantum states to send to Bob. This extra noise allows Eve to intercept some of the quantum bits, read them and then send them on, in a way that raises the error rate to only 19.7 percent. In this kind of 'intercept and resend attack,' the error rate stays below the 20 percent threshold and Alice and Bob are none the wiser, happily exchanging keys while Eve listens in unchallenged. The physicists say they have successfully used their hack on a commercial quantum cryptography system from the Geneva-based startup ID Quantique."
This discussion has been archived. No new comments can be posted.

Commercial Quantum Cryptography System Hacked

Comments Filter:
  • by razathorn ( 151590 ) on Monday May 17, 2010 @06:26PM (#32245828)

    ...stopping reading the blurb on slashdot last week about the new position based system being secure because the people who previously said it wasn't secure changed their mind and said it was provably secure and then proceeded to use the words "cannot easily" to justify it being secure. Now, this week I see a commercial system that has been cracked because some how thresholds of likely hood were once again used. Anyone else see a trend?

  • by Anonymous Coward on Monday May 17, 2010 @06:27PM (#32245832)

    If this article is correct, all an eavesdropper has to know is the proper error threshold to stay under to remain undetected.

    Doesn't seem so secure to me.

  • The ability to control external noise in real-world operating environments, at least to the degree necessary to mitigate this issue, would seem to represent a rather nasty challenge. This may be a severely constraining factor on the potential for practical usefulness of quantum cryptography, at least for the time being.
  • can be broken by a man

    depending upon your current situation in life, this is either a wonderfully hopeful or horribly depressing realization

  • by fuzzyfuzzyfungus ( 1223518 ) on Monday May 17, 2010 @07:06PM (#32246342) Journal
    In a sense, though it is called "cryptography", quantum crypto is basically about link integrity detection, rather than anything resembling cryptography in the classical sense.

    Basically, if you have a fiber run that you want to make sure nobody is tapping, you can either station trustworthy guys with guns every few yards along its length or you can put a quantum crypto box at each end. Given that the guys-with-guns approach is largely impractical(especially for buried or undersea lines) the potential to get the same effect just by putting a pricey network box on each end is rather attractive. Almost wholly unlike classical crypto, which is designed around keeping information useless without the key, even across known-untrusted links.
  • by Interoperable ( 1651953 ) on Monday May 17, 2010 @09:04PM (#32247570)

    Those "morons" have doctorates in math and physics. What do you have?

    The idea is that if you can account for all known systemic noise sources then anything left will be from the attacker. The proofs set bounds for what error thresholds rule out the possibility of an attacker under given, known sources of noise in the system. The proofs are not wrong, they were simply done using particular sets of assumptions. If those assumptions are not applicable to a particular system, then obviously those calculations wouldn't be used.

    It astounds me that people think they know better than an entire discipline and even more so that they get modded up for doing it. But then is the internet.

  • by TheLink ( 130905 ) on Monday May 17, 2010 @10:49PM (#32248362) Journal
    Thing is nowadays TB drives are quite cheap. Generate a huge OTP, spread it over three drives at A, spread it over another three drives and send all three to B via three different couriers/paths. Add ECC if you want.

    If they all made it safely without interception. You've got your secure channel. 1TB/128kbps = 2 years. 1TB/256kbps = 1 year.

    You could send more than one set of drives. When they all arrive, you tell the "B" let's start with drive set #5.
  • by Anonymous Coward on Tuesday May 18, 2010 @04:36AM (#32250108)

    I think his point is that traditional MITM will always succeed. Say Alice wants to talk to Bob, using QC. Evil Mallory sits in the middle, posing as Bob for Alice and Alice for Bob. When Alice sends the quanta to what she thinks is Bob, she's actually negotiating a connection with Mallory; and so is Bob. Thus, Alice encrypts, sends to "Bob" (Mallory), Mallory decrypts, re-encrypts, and sends to Bob.

    No system, quantum or classical, can protect against this unless Alice and Bob have a shared secret. If they do, they can negotiate a key that Mallory doesn't know, and so his interception is pointless. In the quantum world, this might be prior entangled particles in a Penning trap or something like that.

    Thus, quantum encryption can't do anything that classical public key encryption can't -- except provide provable security for the "key". The entire quantum crypto setup can be considered akin to a key that cannot be broken (at least not in ideal systems - some current implementations may leak photons and so let Eve infer the superpositions or add noise below the threshold like what's being shown here).
      If you have a public key system whose keys cannot be broken, you can still intercept communication between two parties who haven't exchanged any keys yet; you just make yourself look like the other party to each of them so they'll exchange keys with you.

  • by Interoperable ( 1651953 ) on Tuesday May 18, 2010 @08:05AM (#32251154)

    It's not the questioning of conclusions that I disagree with. Scientists love informed debate, but don't appreciate being called "morons." Anyone with the insight about the discipline to make a shrewd observation about the correctness of the work would recognize that the people involved are not morons.

    It's important to keep an open mind, but the vast, vast majority of "OMG, how can you sheeple be so stupid?" posts about quantum physics can be safely ignored without any loss to the body of knowledge.

Lend money to a bad debtor and he will hate you.