Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Encryption

Hackers Eavesdrop On Quantum Crypto With Lasers 161

Martin Hellman writes "According to an article in Nature magazine, quantum hackers have performed the first 'invisible' attack on two commercial quantum cryptographic systems. By using lasers on the systems — which use quantum states of light to encrypt information for transmission —' they have fully cracked their encryption keys, yet left no trace of the hack.'"
This discussion has been archived. No new comments can be posted.

Hackers Eavesdrop On Quantum Crypto With Lasers

Comments Filter:
  • by MichaelSmith ( 789609 ) on Monday August 30, 2010 @04:01AM (#33413186) Homepage Journal

    Eve gets round this constraint by 'blinding' Bob's detector — shining a continuous, 1-milliwatt laser at it.

    So Bob could just detect the blinding signal and stop transmitting.

    • I'm sure its not as simple as that. Then agian I didn't understand half the technical stuff of this article.

    • by PseudonymousBraveguy ( 1857734 ) on Monday August 30, 2010 @04:26AM (#33413260)
      Yes, and if I understand the article correctly, the manufacturers developped a patch to fix the hole.

      However, the hack shows (once again), that a system may be secure in theory, but actual implementations of that system may, and will, have bugs that render them insecure. This negates one of the most strong arguments for quantum crypto, i.e. the "proveable" security. If that argument does not hold, you could as well use any common "classical" key exchange algorithm, which also delivers "good, but not 100%" practical security, does not need fixed point-to-point fiber and expensive equipment, and is probably much better tested than the quantum systems.
      • This negates one of the most strong arguments for quantum crypto, i.e. the "proveable" security

        No it doesn't – it just makes the software more expensive to write. It's entirely possible to write software that has key properties proved to be correct and bug free, it's just hard, time consuming, and done by people who get paid a very large amount of money.

        • by PseudonymousBraveguy ( 1857734 ) on Monday August 30, 2010 @07:54AM (#33413958)

          No it doesn't – it just makes the software more expensive to write. It's entirely possible to write software that has key properties proved to be correct and bug free,

          It's not only the software. There's a lot of hardware involved, most of which could have bugs of some kind (e.g. for this hack you'd have to prove that your sensor can reliably detect that it's still in "quantum mode"). And after you have proven a lot of properties off all your hard- and software, you'll have to prove that all those properties are actually sufficient for achieving perfect security.

        • by sjames ( 1099 )

          No it doesn't – it just makes the software more expensive to write. It's entirely possible to write software that has key properties proved to be correct and bug free, it's just hard, time consuming, and done by people who get paid a very large amount of money.

          And then gets undercut by slightly cheaper snake oil coded by the lowest bidder in a sweatshop. Everyone cheers the invisible hand and the triumph of the free market, especially Eve.

  • So OK... (Score:5, Funny)

    by hyades1 ( 1149581 ) <hyades1@hotmail.com> on Monday August 30, 2010 @04:03AM (#33413188)

    ...maybe they've cracked it in this universe, but what about all the others?

  • not really that bad (Score:5, Informative)

    by mogness ( 1697042 ) on Monday August 30, 2010 @04:06AM (#33413204) Homepage
    The problem isn't really with quantum encryption, it's with the technical implementation. And anyway, according to the article, they've already figured out a way to detect the hack and defeat it, so it's still pretty solid.

    Makorov informed both companies of the details of the hack before publishing, so that patches could made, avoiding any possible security risk.

    • Re: (Score:3, Funny)

      by DrXym ( 126579 )
      "And anyway, according to the article, they've already figured out a way to detect the hack and defeat it, so it's still pretty solid."

      if (continuousLaserBeam) hack = true;

    • Re: (Score:3, Insightful)

      by boxwood ( 1742976 )

      Yeah the good guys inform the company of the hack. The question is how many bad guys were aware of this before now, and for how long?

      It took these guys two months in a university lab to figure this out. How long do you suppose it took the NSA (and their counterparts in other countries) who have much bigger budgets?

      This research proves that if you're using these devices, the NSA has your data.

    • they've already figured out a way to detect the hack and defeat it, so it's still pretty solid.

      Perhaps, but there's a larger issue. Quantum crypto was supposed to be the end of the story, iirc. It was supposed to be theoretically impossible to crack. Discussion over.

      Now, it appears that quantum crypto is engaged in the same kind of more arms race that other crypto mechanism are subject to. So it might be pretty solid, but it's apparently no silver bullet.

    • The problem isn't really with quantum encryption, it's with the technical implementation.

      Yes, exactly. This is like saying that one-time pad encryption has been broken because someone found a bug in an implementation (or rather, an implementation of something other than one-time pad encryption).

  • by romiz ( 757548 ) on Monday August 30, 2010 @04:14AM (#33413232)
    There are some photographs of the hacked hardware and the hacking tools on the page [iet.ntnu.no] of the researchers.
  • So, the attack works like this: the middle man sends a continuous laser down to one of the recievers, and simultaneously reads off the transmitted photons (disrupting their state). When "blinded" by this laser light, the reciever still reads the information from the transmitted photon data, but ignores it's quantum state. I don't know the limitations and techniques behind constructing quantum-state detecting photon recievers, but this just has to be a flaw in this particular construction? Maybe the state de
    • The attack workflow has been slightly simplified for the hews article. The actual Eve's workflow is: 1. Blind Bob with a continuous laser, 2. Intercept all photons coming from Alice using a copy of Bob's setup, 3. Every time Eve has a detection, she activates another laser to send a strong light pulse to Bob that tricks Bob's detectors to produce the same detection outcome. I wish there were 4. Profit!, but as for now our lab is running out of grant money with no other funding in sight :)).
  • by Anonymous Coward on Monday August 30, 2010 @04:29AM (#33413270)

    This is what you get when even educated men can't make sense of your technology.

    Pretty obvious now we need to return to traditional cryptosystems such as rot13 etc.
    Arguably not the most secure, but it is efficient. And for military use, where security
    requirements are higher, triple-rot13 is an option.

  • by brainscauseminds ( 1865962 ) on Monday August 30, 2010 @05:25AM (#33413402) Homepage
    Poor Alice and Bob, they do not have a chance ever to live normal lives without hordes of geeky cryptographers debating/fighting over every bloody bit they exchange.
    • ...until they met Ted and Alice, the couple that moved in next door. Then the sex became even more interesting.

      (boy I feel so old)

  • oh boy, am I getting old?
  • And here is the biggest problem with dealing with anything that evolves. Someone or something else will come along and evolve a way to defeat it. This happens in the world of biological viruses and bacteria, this happens in the world of animals, this happens in the world of Electronic Viruses and Spyware, and this happens with encryption.

    I remember when the contest was to crack either the 56-bit or the 64-bit (do not remember exactly which) and it was done in a matter of days and not the years it was though

    • And here is the biggest problem with dealing with anything that evolves. Someone or something else will come along and evolve a way to defeat it. This happens in the world of biological viruses and bacteria, this happens in the world of animals, this happens in the world of Electronic Viruses and Spyware, and this happens with encryption. e

      xcept that in cryptography that doesn't always happen [wikipedia.org].

      • by sjames ( 1099 )

        The method at the theoretical level isn't breakable, but actual real world implementations are. Either people re-use the OTP or the pad itself is intercepted. The interception starts with the sender presuming it's absolutely safe/

        • by jd ( 1658 )

          One suggestion for "practical unbreakable OTPs" was to gather noise from live radio astronomical observations. Alice sends to Bob the pseudo-random radio source location and the precise time to start gathering the OTP. This information need only be secure until that start time plus the baseline for the observers. After that, the pad is no longer retrievable by any third party. Since the pad itself is never transmitted, the risk of the OTP falling into the wrong hands is greatly reduced.

          This is, admittedly,

  • Don't write or talk anything. None will intercept it.
  • Obligatory (Score:2, Funny)

    by ewhenn ( 647989 )
    There is a crack, a crack in everything, that's how the light gets in.
  • How about hacked quantum systems downgraded to std transmission?

    There was no hacking of quantum crypto here.

  • by RevWaldo ( 1186281 ) on Monday August 30, 2010 @06:48AM (#33413618)
    Even respecting the working-all-day-and-night-in-the-basement-computer-lab origin of the term, using 'hacker' in the article seems like a blatant attempt to jazz it up, making it at first glance seem to be more about something akin to bank heist than a story about funded researches working in a university lab trying to find flaws in a security system, with the manufacturer's full approval to boot.

    .
    • by Vadim Makarov ( 529622 ) <makarov@vad1.com> on Monday August 30, 2010 @09:25AM (#33414754) Homepage
      with the manufacturer's full approval to boot

      I'm not sure the manufacturers would approve the existence of our lab [iet.ntnu.no] if they could dictate it. Thankfully we are independent and need not seek their approval. The manufacturers did appreciate responsible disclosure, though. I don't know how this hacking affects their business in the short term (may as well be detrimental to sales), even though it is surely good for business in the long term as it leads to more secure systems.
      • (A reply from the man himself - Cheers!) I didn't intend to imply you're lab was working for the manufacturers. There are certainly many manufacturers who do *not* encourage others to try and find flaws in their products, much less appreciate them for pointing them out; quite the opposite it usually seems. That's all I meant by your group having their "approval". (And by "funded" I meant as opposed to some guy in his garage figuring out how to jailbreak a smartphone.) I was more questioning the use of langu
  • The USA Defense Industry and Congress will write a law that will prevent anyone (except .Com, .Gov & .Mil) from criminally hacking qEncrypt, making USAll safe from Norwegian Hacker Scientist. Also, US, EU, RU, CN... people and governments will be happy to comply with more legal control.

    %~P=WeRFycked+*

  • Tank (Score:2, Funny)

    by Anonymous Coward

    Unfortunately, not everyone has the space required for an aquarium to contain the sharks with those fricken lasers.

  • I'm more interested in quantum computing to generate encryption keys that can't be broken by other quantum computing. Is there even a theoretical model for that?

  • by SeekerDarksteel ( 896422 ) on Monday August 30, 2010 @08:38AM (#33414298)
    The article is either missing massive details or these researchers are vastly overstating the power of their technique. The entire _point_ of quantum key exchange is that if Eve intercepts the signal she cannot tell if she read a 0 or a 1 because she does not know which basis the 0 or 1 was generated in. Even IF Eve passed a 1 along every time she read a 1, when Alice and Bob go to do the basis comparison over the standard channel they will notice errors because Eve read the signal in the wrong basis and passed along an incorrect value.

    I've tried reading the actual journal paper, but unfortunately they just seem to handwave this problem away. Maybe there's a reason they can, but its sure as hell not explained as far as I can see unless they're assuming Eve has also compromised the classical channel as well as the quantum channel.
    • As you correctly notice, Eve does not know Alice's basis and will half the time choose a wrong basis for measurement. We just bite the problem from the other end: we make sure Bob's basis always matches Eve's. Alice and Bob always compare their bases after the transmission and then discard the bits where their bases did not match. During this comparison all bits where Eve has chosen a wrong basis will be discarded. What remains in the key are the bits where Alice, Eve and Bob all have the same basis.

      We h
      • Ok, I must be missing how exactly you're controlling Bob's basis then. I guess that's what your blinding trick is supposed to be doing, but my physics is too weak to understand why. (I studied QC from a computer engineer standpoint, not a physics standpoint). My impression from the Nature article was that you could force Bob to see a 0 or a 1. If that's all you could do, then Eve's interference would have been detectable since she would have passed on bad bits when Alice and Bob's bases agreed but Eve's
        • Re: (Score:3, Informative)

          Good. We are not controlling Bob's basis: he chooses his detection basis randomly. What we do is to send a bright-light state that does not cause a detection event if Bob chooses a basis not matching Alice's, but causes a detection event in a specific detector if Bob chooses the same basis as Eve. See figure 2 in the paper [nature.com] for illustration. Thus, half the time our bright-light state failes to induce any detection, which translates to just 50% detection efficiency. This would be a problem if Bob's photon det
          • We are not controlling Bob's basis: he chooses his detection basis randomly. What we do is to send a bright-light state that does not cause a detection event if Bob chooses a basis not matching Alice's, but causes a detection event in a specific detector if Bob chooses the same basis as Eve.

            So you're actually exploiting the combination TWO flaws:

            - One in Bob's detector - which you can get to efficiently mimic the reception you achieved despite your lack of knowledge of Bob's expected polarization.

            • Re: (Score:3, Informative)

              Your first item is correct, however for the second one I think you need to study a good description of the QKD protocol.

              The QKD protocol is designed to cope with a huge bit loss, both due to detector inefficiency and the loss in the fiber line; in fact, in a typical setup only 1 in 1000 Alice's photon's may be detected by Bob. The loss in the line is the killer item: the best optical fiber is has loss about 0.2 dB per km. This means over 50 km, nine out of ten photons sent by Alice will be lost. (In our
              • Thanks. (I figured that out after posting. B-b ).

                If I've got it correctly:

                - Normally Bob loses 50% of the bits by not being aligned with Alice.
                - Eve loses 50% of the bits by not being aligned with Alice, then
                - Bob loses 50% of the bits by not being aligned with Alice, but
                - The classical signal from Eve to Bob is strong and does not lose
                (a significant number of) bits in the Eve->Bob stretch of fiber.
                This (along with other allowa

          • Ah, ok. That's making a lot more sense. It really didn't come across in the Nature article that way to me. But I guess that's scientific reporting for ya, :P

Computer programmers do it byte by byte.

Working...