Feeds

Quantum crypto backdoor closed

Cambridge boffins patch photon-splitting vuln

Top three mobile application threats

Researchers believe they have secured a potential backdoor in a cryptography technique known as Quantum Key Distribution (QKD).

The QKD method involves the use of laser diodes to transmit crypto keys along fibre optic lines as streams of light quanta – individual photons. Any attempt to eavesdrop on the transmission involves measuring it in some way at a quantum level, which will necessarily alter the transmitted data and reveal to the communicating parties that the key is compromised.

The scientists at the Toshiba Research Europe Labs at Cambridge found that the laser diodes sometimes transmitted an extra photon in response to an energy pulse designed to elicit only one. This would allow an attacker to measure the second photon and leave the first untouched, potentially reading the secret key without being rumbled. This problem was especially prevalent when using stronger pulses so as to increase the rate at which key data could be sent.

But a team bossed by Dr Andrew Shields, Quantum Information group leader at Toshiba Research Europe, has stymied such so-called "pulse-splitting" attacks by introducing lower-intensity "decoy photons" to verify that a transmission is unmonitored.

According to Shields and his team, these decoy pulses seldom have a trailing partner and as such are impossible to read covertly. The communicating parties can use the decoys to check that no eavesdropping has taken place, so be assured that their higher-intensity, higher-bandwidth multiphoton stream of keys is uncompromised.

"Using these new methods for QKD we can distribute many more secret keys per second, while at the same time guaranteeing the unconditional security of each," says Shields. "This enables QKD to be used for a number of important applications such as encryption of high bandwidth data links."

QKD can now transmit at 5.5kbits/sec over a 25km optical fibre, a hundred times the previous rate.

Shields' crew has also, in a further burst of enthusiasm, rendered its own research ultimately irrelevant. The team has developed a new class of nano-diodes which are so small – at 45nm across – they can contain only a few electrons. This means they can only ever emit a single photon at the selected wavelength, so sidestepping the multi-photon minefield entirely. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
Burnt out on patches this month? Oracle's got 104 MORE fixes for you
Mass patch for issues across its software catalog
Reddit users discover iOS malware threat
'Unflod Baby Panda' looks to snatch Apple IDs
Oracle working on at least 13 Heartbleed fixes
Big Red's cloud is safe and Oracle Linux 6 has been patched, but Java has some issues
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.