Commercial quantum cryptography system hacked

Scientists have succeeded in completely hacking a commercial quantum encryption system for the first time ever.

Theoretically quantum cryptography - using quantum systems to encrypt information securely - is perfectly secure.

It takes advantage of the fact that it is impossible to chalk out measurements of a quantum system without disturbing it in some way.

Thus, if two people produce a shared quantum key to encode their messages, they are almost sure no third party can eavesdrop without introducing errors that will show up when they compare their keys, setting off a warning.

However, in practice no quantum cryptographic system is perfect and errors will creep in due to mundane environmental noise.

Quantum physicists have calculated that as long as the mismatch between two person's keys is below a threshold of 20 per cent, security has not been breached.

But now quantum physicist Hoi-Kwong Lo and his team at the University of Toronto in Ontario, Canada, have hacked a commercial system released by ID Quantique (IDQ) in Geneva, Switzerland, while remaining below the 20 per cent threshold.

"Even with a relatively simple attack, the hacker can get the complete key, and nobody would know anything about it," Nature quoted Lo, as saying.

Lo's hack works by intercepting the bits that two people, say Alice sends to Bob, while creating the key, and resending a slightly modified version to Bob.

In standard quantum cryptographic techniques, Alice encodes each bit using the polarization of photons. When she sends these bits out, the polarization should be perfectly oriented in one of four directions, separated by 45 degrees (north, northeast, east or southeast).

In a perfect world, any hacking attempt would disturb a significant fraction of the bits' orientations, introducing errors just above the threshold.

But in practice, Alice cannot switch orientations for successive bits instantaneously - each time she wants to send a bit with a new orientation, she must change the voltage applied to the photon to shift its orientation.

This gives the hacker time to swoop in and hijack the bit before it is sent out to Bob, measure it, and then send it on its way again.

However, if the hacker simply sends the bit to Bob along one of the four orientations that Alice originally defined, his presence will be discovered because his measurements will introduce random errors into the system that exceed the 20% limit.

But Lo's team has now shown that if the hacker sneakily sends the bits along slightly different directions, the errors introduced by his interference will fall just under the 20% threshold at 19.7%.

Grégoire Ribordy, chief executive of IDQ, says Lo's hack does not threaten the security of IDQ's commercial product, which contains extra alarms above those included in the version that was sold to Lo's group a few years ago.