Quantum crypto boffins in successful backdoor sniff

Erroneous error-handling undermines bulletproofness

Computer scientists have pulled off what is claimed to be the first successful attack against a commercial system based on theoretically uncrackable quantum cryptography.

Quantum key exchange, which forms the basis of quantum cryptography, relies on a principle of quantum physics that means it is not possible to eavesdrop on single quanta - generally photons in an optical fibre - without changing their state. Alterations would be detected as errors, immediately alerting the intended recipient of a key that there's a problem. When properly implemented, quantum key distribution/exchange offers bullet-proof security.

In practice, however, it is not possible to completely eliminate errors in electronic communications because of factors such as noise and signal degradation. So practical systems accept key exchanges where the error rate is less than 20 per cent.

Feihu Xu, Bing Qi and Hoi-Kwong Lo at the University of Toronto in Canada have developed a subtle "intercept and resend attack" where they eavesdrop on some of the quantum bits sent during a quantum key exchange but not so many as push the error rate over the 20 per sent threshold. The boffins demonstrated such a "phase remapping" attack against commercial quantum cryptography systems from ID Quantique.

As the boffins explain, their attack takes advantage of the mistaken assumption that the sender can prepare the required quantum states without errors.

The ID Quantique system is not broken, they say, but requires tweaking to get over the unsafe assumption that error rates of less than 20 per cent must be due to noise and can be safely disregarded. The attack, as is so often the case in the history of the battle between code makers and code breakers, is an implementation weakness rather than a systemic one.

The work of the Canadian team follows lab-based attacks on quantum crypto set-ups that relied on exploiting internal reflections in kit that generates quantum bits, or the interception of stray photons between detectors and lasers to eavesdrop on supposedly secure communications channels. The Canadian team's paper, Experimental demonstration of phase-remapping attack in a practical quantum key distribution system, can be found here.

A summary of their work can be found in a story by Technology Review here. ®

Sponsored: Webcast: Why you need managed detection and response

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER


Keep Reading

NSA

Remember the Clipper chip? NSA's botched backdoor-for-Feds from 1993 still influences today's encryption debates

Enigma We'll laugh at today's mandated holes in the same way we laugh at those from 25 years ago

Americans should have strong privacy-protecting encryption ...that the Feds and cops can break, say senators

I don't care if it's mathematically impossible, make it happen nerds!
Protestors in Hong Kong

China's Winnti hackers (apparently): Forget the money, let's get political and start targeting Hong Kong students for protest info

Supply-chain hackers now taking aim at kids fighting for democracy, say researchers
Someone enjoying a spliff

FBI, NSA to hackers: Let us be blunt. Weed need your help. We'll hire you even if you've smoked a little pot in the past

Black Hat Now that's what we call a joint task force: Uncle Sam chills out, relaxes recruitment rules on drugs
Wray

Backdoors won't weaken your encryption, wails FBI boss. And he's right. They won't – they'll fscking torpedo it

Give it a Wray, give it a Wray, give it a Wray now: Big Chris steps in to defend blowing a hole in personal crypto
hacker

'Friendly' hackers are seemingly fixing the Citrix server hole – and leaving a nasty present behind

Congratulations, you've won a secret backdoor

ISO blocks NSA's latest IoT encryption systems amid murky tales of backdoors and bullying

Experts complain of shoddy tech specs and personal attacks
A lock symbol over a computer chip

Don't miss this patch: Bad Intel drivers give hackers a backdoor to the Windows kernel

Alarm raised over more holes in third-party low-level code

Biting the hand that feeds IT © 1998–2020