Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Encryption Science Technology

Commercial Quantum Cryptography System Hacked 117

KentuckyFC writes "Any proof that quantum cryptography is perfect relies on idealized assumptions that don't always hold true in the real world. One such assumption is related to the types of errors that creep into quantum messages. Alice and Bob always keep a careful eye on the level of errors in their messages because they know that Eve will introduce errors if she intercepts and reads any of the quantum bits in a message. So a high error rate is a sign that the message is being overheard. But it is impossible to get rid of errors entirely, so Alice and Bob have to tolerate a small level of error. This level is well known. Various proofs show that if the quantum bit error rate is less than 20 percent, then the message is secure. However, these proofs assume that the errors are the result of noise from the environment. Now, physicists have come up with an attack based on the realization that Alice also introduces errors when she prepares the required quantum states to send to Bob. This extra noise allows Eve to intercept some of the quantum bits, read them and then send them on, in a way that raises the error rate to only 19.7 percent. In this kind of 'intercept and resend attack,' the error rate stays below the 20 percent threshold and Alice and Bob are none the wiser, happily exchanging keys while Eve listens in unchallenged. The physicists say they have successfully used their hack on a commercial quantum cryptography system from the Geneva-based startup ID Quantique."
This discussion has been archived. No new comments can be posted.

Commercial Quantum Cryptography System Hacked

Comments Filter:
  • by obarel ( 670863 ) on Monday May 17, 2010 @06:30PM (#32245882)
    It's about Alice Cooper.

    "she" is a typo (extra 's').

    Bob is Bob Ezrin.
  • Quantum Bullshit (Score:2, Interesting)

    by sexconker ( 1179573 ) on Monday May 17, 2010 @06:32PM (#32245900)

    The core idea of using quantum communication security (or, in general, quantum communication) is that you'll be able to tell when the message has been altered.

    All a man in the middle attack has to do is read the message, recreate it, and send out a spoofed message instead of the original message.

    Reading the message is trivial.

    Recreating the message, while introducing tolerable levels of noise is trivial once you have the key. Alice does it all the time.

    Blocking the original message is not trivial, but it is also not hard. It just requires physical access to the network. Be it jamming a wireless signal, splicing your attack node between two routers, whatever.

    Sending out the spoofed message is trivial. The internet is slow and laggy. You can easily read, alter, and resend the message without the delay being noticed.

    The only thing stopping a man in the middle attack is the need to have the key to resign an altered message as to make it appear that it came from Alice. This is a key-sharing problem. All digital security problems boil down to a key-sharing problem.

    The only thing the quantum nature of communication adds is the ability to detect when people might be listening. This only gets around eavesdropping, not an actual MITM attack.
    Indeed, the quantum nature of the "security", as this paper shows, actually opens the door to attacks, as the communication medium is not perfect and there is now a threshold for tolerable noise. Attacks can play around in that threshold all day long.

  • by pla ( 258480 ) on Monday May 17, 2010 @06:36PM (#32245940) Journal
    Various proofs show that if the quantum bit error rate is less than 20 percent, then the message is secure. However, these proofs assume that the errors are the result of noise from the environment.
    Then they do not "prove" anything.

    When you start from a false premise, you produce "garbage", not "proofs" (Actually, you can produce some really useful counterfactuals that way, but you wouldn't present it in the context of a proof of the original concept). Particularly when talking about security, what moron would assume any sources of error come from the environment rather than the attacker???
  • Hardware Arms Race (Score:1, Interesting)

    by Anonymous Coward on Monday May 17, 2010 @06:58PM (#32246224)

    The third paragraph from the end of TFA is the key. Alice/Bob will be in an arms race with Eve. Alice/Bob will need better single-photon detectors and generators to stay ahead of Eve. As Alice/Bob improve the quality of their hardware and increase the probability of being to emit and then detect a single photon increase, Eve has to keep pace with the quality of her hardware. Over time as Alice/Bob increase the quality of their hardware, the attack surface available to Eve shrinks, and it will take her longer to intercept without being discovered. Eve will also need an accurate assessment of Alice/Bob's hardware capability to mount a credible threat.

  • by ortholattice ( 175065 ) on Monday May 17, 2010 @08:22PM (#32247222)
    One the main contributors to the error rate is the photon detection efficiency, where 80% or better is considered "good". In a major breakthrough last month, NIST (yes, the National Institute of Standards and Technology, not some startup company's marketing hype) has achieved a record single-photon detection rates of 99% [sciencedaily.com] - and possibly better, since there currently exists no metrology to test that level of efficiency. So in terms of that source of error, things are looking up.
  • by pla ( 258480 ) on Monday May 17, 2010 @09:28PM (#32247746) Journal
    It astounds me that people think they know better than an entire discipline and even more so that they get modded up for doing it. But then again...it is the internet.

    Funny thing about the internet... Believe it or not, some of us do actually count as experts in the domain of knowledge in question, fully capable of calling BS even on all those magically-always-right PhDs out there.

    In this case, I can't claim myself an expert (merely have a minor in math, concentrating on, of all things, proof theory). But I stand by my statement - A proof with easily violated premises doesn't "prove" anything. It may remain valid for some subset of input sets, but validity does not equal truth. And when your input set equals the real world, you can't just arbitrarily constrain it and still call it true.
  • by bertok ( 226922 ) on Monday May 17, 2010 @11:36PM (#32248668)

    The ability to control external noise in real-world operating environments, at least to the degree necessary to mitigate this issue, would seem to represent a rather nasty challenge. This may be a severely constraining factor on the potential for practical usefulness of quantum cryptography, at least for the time being.

    Can someone explain to me why anybody is even bothering with this technology?

    Are existing cryptographic algorithms so untrustworthy that it's better to use an untested technology that a) makes the already very expensive line equipment significantly more expensive, b) may prevent the use of certain kinds of repeaters or active splices, c) is so insanely complex that nobody except a select few physicists understand the details.

    Also, unlike current cryptographic techniques, quantum cryptography is strictly one hop instead of end-to-end, which is a big issue in many cases, like when one ISP tunnels their data over another ISP's link.

    More importantly, it doesn't actually encrypt any of the data in the traditional sense. The data goes across the wire unencrypted, the quantum system just detects a man-in-the-middle attack. If someone comes up with a technique for reading the data without interference (like the article says), then you're screwed. With a traditional crypto solution, it might be sufficient to just increase the key size parameter in a config file somewhere!

    I don't see how this can compete with standard crypto. If someone is that paranoid, it should be more than enough to just nest a couple of different algorithms together, and use the maximum keysizes for all of them. There's just no way anybody is breaking that at 2Tbps line rates any time soon, no matter what conspiracy theories you subscribe to about the NSA's capabilities!

    Think about it this way: with traditional crypto, it's at least possible, in principle, for an end-user to use an open source software stack using an open, publicly tested algorithm, and completely verify the implementation. With quantum crypto, you get a black box with some physics in it that no IT administrator will understand and be able to test. It'll send data unencrypted across a wire that you now hope is hack proof. For all anybody knows, it'll be sending data as-is with no protection, and nobody will be able to even tell. If you were the NSA and wanted access to fibre optic links, wouldn't this be the best thing ever?

"I will make no bargains with terrorist hardware." -- Peter da Silva