Hardware Hack Busts Quantum Encryption

Quantum cryptography is absolutely unbreakable, as it relies on the laws of physics to rat out eavesdroppers. But like other encryption methods, it is sometimes only as good as the users and their hardware.

A group at the Norwegian University of Science and Technology and Germany's University of Erlangen-Nürnberg, together with the Max Planck Institute for the Science of Light, found a vulnerable point in quantum cryptography systems.

Gregoire Ribordy, CEO of ID Quantique, a Swiss company that builds equipment used in quantum encryption systems, says the trick is avoiding the laws of quantum mechanics. Quantum encryption's only assumption is that the laws of quantum physics apply, he said. In situations where the laws don't apply, the code can be broken.

Quantum cryptography doesn't actually encrypt a signal by itself -- but it is a way to send decryption keys in a secure way. In its simplest form, it is just sending single photons down a fiber optic cable to a detector, at very low power.

The photons are given a certain state, usually polarization or phase, and those states represent a 0 or 1. If an eavesdropper tries to listen in, the state of the photons will be wrong and there will be errors in the transmission. It is as though the act of listening to a secret radio transmission of phone call garbled the signal. Once the sender and receiver know someone is listening they can stop sending signals or try another code.

To mount an attack, the eavesdropper would have to duplicate the signal the receiver would get exactly. But quantum mechanics says you can't do that because you can't copy quantum states.

A hacker can fool the detector into thinking that a quantum signal has arrived by simply blinding it for a few seconds. The hacker attaches another device to the fiber optic cable and receives the sender's signal. To fool the intended receiver he sends a signal down the cable that is orders of magnitude stronger than usual, which blinds the detector. Then he can send ordinary pulses of light to the detector, which is no longer able to see single photons.

Even though a hacker can't copy quantum bits, he can send ordinary, classical light pulses that look just like them to an impaired detection system, neatly sidestepping the laws of quantum mechanics.

We know from the history of encryption, there are always implementation problems, said Vadim Makarov, one of the lead researchers on the project. In this case, unlike other types of encryption breaking, the hacking is done via hardware rather than software.

Makarov says the research group notified the manufacturers of quantum cryptography systems, and that they have been working on solutions.

Ribory says quantum encryption is used in systems where there is a single fiber-optic connection between two points, where long-term security is an issue -- as it is for banks, medical records or the military. In these systems anybody attacking it has to mount a physical assault on the connection itself.

Quantum communications systems also cost a lot. Makarov notes the system in his lab would be on the order of $100,000. That puts it out of the reach of basement tinkerers, at least for a time. Another feature of quantum cryptography is that it is future proof -- as long as the hardware is kept safe, the code itself cannot be broken without someone knowing about it. So it will likely become more widespread as it becomes cheaper. By finding ways to attack the system, Makarov says, he helps make them stronger.

An army deteriorates pretty quickly if there isn't a war, he said. For these systems, we provide the opposing force.