Quantum cryptography is absolutely unbreakable, as it relies on the laws of physics to rat out eavesdroppers. But like other encryption methods, it is sometimes only as good as the users and their hardware.
A group at the Norwegian University of Science and Technology and Germany's University of Erlangen-Nürnberg, together with the Max Planck Institute for the Science of Light, found a vulnerable point in quantum cryptography systems.
To mount an attack, the eavesdropper would have to duplicate the signal the receiver would get exactly. But quantum mechanics says you can't do that because you can't copy quantum states.
A hacker can fool the detector into thinking that a quantum signal has arrived by simply blinding it for a few seconds. The hacker attaches another device to the fiber optic cable and receives the sender's signal. To fool the intended receiver he sends a signal down the cable that is orders of magnitude stronger than usual, which blinds the detector. Then he can send ordinary pulses of light to the detector, which is no longer able to see single photons.
Even though a hacker can't copy quantum bits, he can send ordinary, classical light pulses that look just like them to an impaired detection system, neatly sidestepping the laws of quantum mechanics.
"We know from the history of encryption, there are always implementation problems," said Vadim Makarov, one of the lead researchers on the project. In this case, unlike other types of encryption breaking, the hacking is done via hardware rather than software.
Makarov says the research group notified the manufacturers of quantum cryptography systems, and that they have been working on solutions.
Ribory says quantum encryption is used in systems where there is a single fiber-optic connection between two points, where long-term security is an issue -- as it is for banks, medical records or the military. In these systems anybody attacking it has to mount a physical assault on the connection itself.
Quantum communications systems also cost a lot. Makarov notes the system in his lab would be on the order of $100,000. That puts it out of the reach of basement tinkerers, at least for a time. Another feature of quantum cryptography is that it is "future proof" - as long as the hardware is kept safe, the code itself cannot be broken without someone knowing about it. So it will likely become more widespread as it becomes cheaper. By finding ways to attack the system, Makarov says, he helps make them stronger.
"An army deteriorates pretty quickly if there isn't a war," he said. "For these systems, we provide the opposing force."
Both IDQ and MagiQ welcome the hack for exposing potential vulnerabilities in their systems. Makorov informed both companies of the details of the hack before publishing, so that patches could made, avoiding any possible security risk.
"We provide open systems for researchers to play with and we are glad they are doing it," says Anton Zavriyev, director of research and development at MagiQ.
Makarov agrees that the hack should not make people lose confidence in quantum cryptography. "Our work will ultimately make these systems stronger," he says. "If you want state-of-the-art security, quantum cryptography is still the best place to go."