Quantum Hacking cracks quantum crypto

Quantum cryptography sounds like science fiction, but the people at Quantum Hacking have already cracked a pair of commercial quantum crypto implementations.

Quantum cryptography sounds like science fiction, but the people at Quantum Hacking have already cracked a pair of commercial quantum crypto implementations.

Quantum key exchange is generally regarded as a perfect solution to the problem of securely exchanging cryptographic keys. Ensuring that keys are exchanged in a secure manner is a critical part of the process of communicating secret information without any chance of an eavesdropper acquiring the secrets.

One of the foundational principles of modern cryptology theory is Kerckhoffs' Principle, which states that a cryptosystem should be secure even if everything about the system is known by potential attackers except its key. Shannon's Maxim, a roughly equivalent but much more succinct formulation, says "The enemy knows the system."

With such principles of security firmly in mind, two obviously necessary policies for secure systems arise:

  1. The security of a system can only benefit from making its design subject to public review so that potential weaknesses can be detected and fixed. This is often referred to as a recognition that obscurity is not security or, more to the point, a policy of security through visibility.
  2. The key used to decrypt a secret message must, itself, be a secret held as exclusively as possible.

There are two generally accepted ways to solve the problem of key exclusivity:

  1. Keep a key exclusive to a particular individual. This is the approach that leads to techniques of public key cryptography such as is used in OpenPGP systems, where only one person knows the key used to decrypt a message -- but everyone in the world might know the key used to encrypt it. This ensures the secrecy of a message sent to the recipient, so long as the recipient's private key is the only key that can be used to decrypt it, and so long as the implementation and security practices of the two parties are sufficiently strong to negate any attempts to crack the system.
  2. Keep a key exclusive to a particular relationship. This approach depends upon the communications between two parties being protected by a key, or keys, that are specific to the relationship between those two parties, and not reused anywhere else. It serves as the basis for the one-time pad cipher, the only truly uncrackable cipher known to modern cryptology -- and a cipher that is almost completely impractical for regular use. It also serves as the underlying assumption of cryptographic exchange in more practical symmetric key ciphers.

The problem of key exchange has been the subject of much debate, research, and effort over many years. Public key cryptography essentially avoids the whole issue by using key pairs, where the system is not only not compromised if half the keyset falls into the wrong hands, but it works better if that half of the keyset is public knowledge. For certain purposes, however, symmetric key encryption is often preferable, so long as the key exchange problem is solved.

The promise of quantum key exchange, and its weaknesses

Heisenberg's uncertainty principle has plagued physicists for decades. When what you study gets small enough, the tiny little particles -- photons, the building blocks of things like "light", for instance -- that you need to bounce off of what you are trying to observe are no longer inconsequential to the target of observation. When you want to observe the behavior of an electron, trying to bounce a photon off the electron can alter the state of the electron, leaving you with an uncertain read on the particle's state. It gets worse as the targets of your observation get even smaller, as in the case of trying to observe photons themselves.

Quantum key exchange makes clever use of this uncertainty principle. Systems that make use of quantum key exchange take advantage of the uncertainty principle to guarantee, at least in theory, that nobody has attempted to observe the key in transit. Any attempt to do so will change the state of the communication, thus producing detectable anomalies, alerting the communicating parties to the presence of an eavesdropper so they will know the key has been compromised and will not use it.

In theory, it seems like an infallible system. In practice, the actual security of the system is subject to the limitations of implementation -- the one weakness that plagues all cryptosystems. Commercial quantum key distribution systems exist, but the technology is still not a 100% perfectly solved problem.

Such systems typically use a fiber optic cable to communicate data across distances measured in kilometers, employing avalanche photodiodes to detect individual photons. The work of a group of quantum information scientists at the Norwegian University of Science and Technology, known as the Quantum Hacking group, in collaboration with the Max Planck institute for the science of light and the University of Erlangen-Nürnberg, has produced a means to crack two quantum key distribution systems by exploiting a characteristic of the design of avalanche photodiodes.

In simplified form, the crack consisted of a man in the middle attack that works by fooling the photodiode itself, using nothing but off-the-shelf (if somewhat expensive for casual use) components. "Blinding" the receiving system's photodiodes with a laser so that it cannot read the quantum states of incoming photons causes the diodes to behave as a "classical detector", recording bit values not due to the quantum states of incoming photons but due to the detection of pulses of brighter light. As such, the eavesdropper can "blind" the intended recipient, receive the key in its stead, then convey the key's value to the still-blinded avalanche photodiodes in the intended recipient system by way of pulses of bright light.

One of the researchers, Vadim Makarov, said of the crack, "We have exploited a purely technological loophole that turns a quantum cryptographic system into a classical system, without anyone noticing." (In the picture above, a member of the Quantum Hacking team, Lars Lydersen, tests Clavis2 quantum cryptography system for detector controllability. Photo credit: 2009 Vadim Makarov, www.vad1.com)

Since discovering the vulnerability, the researchers have worked in collaboration with ID Quantique, the vendor for one of the commercial systems, to fix the weakness in this type of quantum key distribution system. The Quantum Hacking group's paper was published in the Nature Photonics journal, as Hacking commercial quantum cryptography systems by tailored bright illumination.

Photos of the equipment used to analyze the cracked systems and perform the crack are available at the Quantum Hacking site, in Cracking commercial quantum cryptography: how we did it, in pictures. They even provide a link to a photo of ID Quantique engineers feeding pizza to Quantum Hacking researchers as they worked on a fix for the vulnerability.