Researchers find security hole in quantum cryptography

Quantum cryptography is considered a fully secure encryption method, but Swedish researchers have discovered that this is not always the case.

The method that forms the basis for many systems of quantum cryptography – energy-time-entanglement – is hackable. We speak with the authors Jonathan Jogenfors and Jan-Åke Larsson, author of the study that appeared in Science Advances today.

ResearchGate: How would you explain quantum cryptography to a six-year old?

Jan-Åke Larsson: Quantum cryptography sends information using little packets of light, or photons. Since photons are small and fragile, an eavesdropper would destroy the information if he or she tries to listen in.

RG: How does it work, and what would it be used for?

Jonathan Jogenfors: Quantum key distribution allows us to create perfect encryption, that is, encryption that cannot be broken even if an attacker has an infinitely fast computer. It can be used when we want the highest level of security for communicating very sensitive data.

RG: Why did people think quantum cryptography was uncrackable and what made you think that this isn’t the case?

Larsson: Quantum key distribution is uncrackable if designed correctly. However, we looked at so-called energy-time entanglement-based systems that are very popular since they are robust against environmental disturbances. Even though they are robust, we found that they also are more sensitive to hacking than traditional, polarization-based, quantum key distributions systems.

RG: How did you test the safety of quantum cryptography in your study?

Jogenfors: This type of system performs continuous tests to ensure the security of the system. We were able to mask the attack so that it remains undetected.

RG: What did you find?

Larsson: Quantum key distribution can be very secure, but needs careful implementation. A subtle flaw like the one we found could expose sensitive data to unauthorized third parties.

RG: You mention that you also found a solution to the security hole. What is it?

Larsson: One solution is to change the security test, and another is to slightly modify the design. A good proposal that has already been tested in experiment is the aptly named "Hugging interferometer". This system can be proven secure from all attacks, and experiments by Prof. Guilherme Xavier at University of Concepción in Chile show promise.

RG: In your opinion, what’s the safest way of information transfer?

Larsson: A one-time pad encryption scheme is the best method for ultra-secure encryption. However, it requires that you meet the recipient in person and agree on an encryption key, or perform Quantum Key Distribution. This would make it hard to use over the current Internet, but in the right hands it is impossible to break.

Jogenfors: What are you working on now?

Larsson: We are working on building simple and robust quantum cryptography systems that are easy to use and achieve high levels of security. The current challenge is to make the systems resistant to noise from the environment so that it can be used anywhere at any time.

RG: Are your findings something we should be worried about?

Larsson: Finding flaws in secure systems is nothing to be worried about, it's an important process on the road to more secure systems. The future for quantum cryptography is bright, and now that quantum networks are being built we can begin to communicate with perfect secrecy.

Picture courtesy of Charlie Collis