Feeds

Quantum crypto boffins in successful backdoor sniff

Erroneous error-handling undermines bulletproofness

Boost IT visibility and business value

Computer scientists have pulled off what is claimed to be the first successful attack against a commercial system based on theoretically uncrackable quantum cryptography.

Quantum key exchange, which forms the basis of quantum cryptography, relies on a principle of quantum physics that means it is not possible to eavesdrop on single quanta - generally photons in an optical fibre - without changing their state. Alterations would be detected as errors, immediately alerting the intended recipient of a key that there's a problem. When properly implemented, quantum key distribution/exchange offers bullet-proof security.

In practice, however, it is not possible to completely eliminate errors in electronic communications because of factors such as noise and signal degradation. So practical systems accept key exchanges where the error rate is less than 20 per cent.

Feihu Xu, Bing Qi and Hoi-Kwong Lo at the University of Toronto in Canada have developed a subtle "intercept and resend attack" where they eavesdrop on some of the quantum bits sent during a quantum key exchange but not so many as push the error rate over the 20 per sent threshold. The boffins demonstrated such a "phase remapping" attack against commercial quantum cryptography systems from ID Quantique.

As the boffins explain, their attack takes advantage of the mistaken assumption that the sender can prepare the required quantum states without errors.

The ID Quantique system is not broken, they say, but requires tweaking to get over the unsafe assumption that error rates of less than 20 per cent must be due to noise and can be safely disregarded. The attack, as is so often the case in the history of the battle between code makers and code breakers, is an implementation weakness rather than a systemic one.

The work of the Canadian team follows lab-based attacks on quantum crypto set-ups that relied on exploiting internal reflections in kit that generates quantum bits, or the interception of stray photons between detectors and lasers to eavesdrop on supposedly secure communications channels. The Canadian team's paper, Experimental demonstration of phase-remapping attack in a practical quantum key distribution system, can be found here.

A summary of their work can be found in a story by Technology Review here. ®

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
Microsoft: We plan to CLEAN UP this here Windows Store town
Paid-for apps that provide free downloads? Really
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Hear ye, young cyber warriors of the realm: GCHQ wants you
Get involved, get a job and then never discuss work ever again
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
BYOD's dark side: Data protection
An endpoint data protection solution that adds value to the user and the organization so it can protect itself from data loss as well as leverage corporate data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?