'Unbreakable' quantum crypto might not be as secure as first thought...

Stockholm and Linköping University researchers find flaws in quantum encryption architectures

Quantum cryptography, which has been touted as virtually uncrackable, might not be as secure as first thought. That is the claim of researchers from Stockholm University and Linköping University in Sweden, in a highly technical paper published just before Christmas.

The researchers suggest that the device-independent quantum key distribution mechanism on photonic encryption systems, which ought to ensure that a potential attacker cannot eavesdrop on or control the communications, may be flawed.

"We show how this security test can be circumvented in energy-time entangled systems when using standard avalanche photodetectors, allowing an attacker to compromise the system without leaving a trace," claim the researchers.

According to Larry Loeb, writing for IBM's Security Intelligence: "The energy-time entanglement of quantum encryption is based on testing the connection at the same time as the encryption key is created. In practice, two photons are sent out at exactly the same time in two different directions. At both ends of the connection, an interferometer is placed to measure the interference of the detected light.

"If the photon stream is being eavesdropped, there should be observational noise present, which can be detected using a theorem from quantum mechanics called Bell's inequality. If the connection is secure and free from noise, the remaining photons can be used as an encryption key to protect the message."

One interpretation of quantum mechanics suggests that two quantities cannot be measured at the same time because the measurement process disturbs the system, adds Loeb.

"Bell's inequalities provide a way to test this interpretation. If there were hidden variables, then the observed distributions would have to have come from a single, hidden joint distribution and would therefore have to obey Bell's inequalities," he added.

But the paper indicates that a specially crafted light source can fool the "interferometers", making the Bell's inequality test fail.

"The researchers at Linköping University figured out that if the photon source is replaced with a traditional and pulsed light source that floods the interferometers with light, someone can identify the key or the code string. This means it is also possible to read the message without detection. The security test based on Bell's inequality will not react even though an attack is underway because the photon detectors in the interferometers are swamped by the bright light," he concludes.