Slashdot Mirror

← Back to Stories (view on slashdot.org)

Commercial Quantum Cryptography System Hacked

Posted by Soulskill on from the superposition-of-safe-and-unsafe dept.

KentuckyFC writes "Any proof that quantum cryptography is perfect relies on idealized assumptions that don't always hold true in the real world. One such assumption is related to the types of errors that creep into quantum messages. Alice and Bob always keep a careful eye on the level of errors in their messages because they know that Eve will introduce errors if she intercepts and reads any of the quantum bits in a message. So a high error rate is a sign that the message is being overheard. But it is impossible to get rid of errors entirely, so Alice and Bob have to tolerate a small level of error. This level is well known. Various proofs show that if the quantum bit error rate is less than 20 percent, then the message is secure. However, these proofs assume that the errors are the result of noise from the environment. Now, physicists have come up with an attack based on the realization that Alice also introduces errors when she prepares the required quantum states to send to Bob. This extra noise allows Eve to intercept some of the quantum bits, read them and then send them on, in a way that raises the error rate to only 19.7 percent. In this kind of 'intercept and resend attack,' the error rate stays below the 20 percent threshold and Alice and Bob are none the wiser, happily exchanging keys while Eve listens in unchallenged. The physicists say they have successfully used their hack on a commercial quantum cryptography system from the Geneva-based startup ID Quantique."

10 of 117 comments (clear)

  1. Sure, sure, paint me as the bad one again by Anonymous Coward · · Score: 5, Funny

    Really, is a little fidelity in this relationship too much to ask for? I've caught Bob kissing that skank Alice so many fucking times and he always says he's sorry and he'll stop seeing her, but still I can tell they're exchanging information through hidden channels.

    But what I really hate is when people act like I'm so unreasonable by trying to find out what is going on and who my allegedly significant other is seeing behind my back. What the fuck.

    -
    Cryptographically Signed,

    Eve.

    (Inspired by xkcd, of course.)

  2. I don't think "prove" means what you think... by pla · · Score: 4, Interesting

    Various proofs show that if the quantum bit error rate is less than 20 percent, then the message is secure. However, these proofs assume that the errors are the result of noise from the environment.
    Then they do not "prove" anything.

    When you start from a false premise, you produce "garbage", not "proofs" (Actually, you can produce some really useful counterfactuals that way, but you wouldn't present it in the context of a proof of the original concept). Particularly when talking about security, what moron would assume any sources of error come from the environment rather than the attacker???

    1. Re:I don't think "prove" means what you think... by Opportunist · · Score: 4, Funny

      Errors are inevitable. It's a little something called the Heisenberg Uncertainty Principle. Have you heard of it? No?

      I guess the correct answer is maybe. But only possibly so.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:I don't think "prove" means what you think... by Interoperable · · Score: 4, Informative

      I happen to have have read a number of such papers because it is related to the field that I work in and I have some idea of what is involved in determining bounds on error rates. They are absolutely proofs in the very strictest sense of the word. They state up-front what the assumptions are and derive rigorous proofs within the conditions that were laid out.

      The mathematical premises are completely sound. The only question is what physical system the assumptions used to arrive at those premises apply to. The idealized system is clearly laid out in the paper and can be assessed for how applicable it is to a given physical system. To say that the premises are unsound because the simplifying assumptions may not apply to real systems is to reject any mathematical analysis of the physical world.

      You are confusing the ideas of a premise in mathematics and an assumption in physics. What has been done is the different between a correct analysis of an idealized system. What you claim is that an incorrect analysis of a realistic model has occurred, which is incorrect.

      --
      So if this is the future...where's my jet pack?
  3. Isn't this obvious? by mrsteveman1 · · Score: 5, Funny

    Eve is a fucking spy, arrest her.

    I'm not too sure about Alice and Bob either, seems they're always around when these things happen.

    1. Re:Isn't this obvious? by MRe_nl · · Score: 4, Funny

      It's not that easy.

      She's only called Eve online.

      --
      "Kill 'em all and let Root sort 'em out"
  4. Re:the less sensational headline... by WrongSizeGlass · · Score: 4, Funny

    A 20% error rate isn't good enough to launch a missile, but it's better than a weatherman's accuracy. This tells us that Alice, Bob and Eve don't work for NORAD or the National Weather Service. That narrows down the field considerably. It won't be long before their identities are discovered, posted on TMZ and they won't need these silly quantum encrypted messages anymore.

  5. any lock made by a man by circletimessquare · · Score: 4, Insightful

    can be broken by a man

    depending upon your current situation in life, this is either a wonderfully hopeful or horribly depressing realization

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  6. NIST achieved 99% detection efficiency last month by ortholattice · · Score: 4, Interesting

    One the main contributors to the error rate is the photon detection efficiency, where 80% or better is considered "good". In a major breakthrough last month, NIST (yes, the National Institute of Standards and Technology, not some startup company's marketing hype) has achieved a record single-photon detection rates of 99% - and possibly better, since there currently exists no metrology to test that level of efficiency. So in terms of that source of error, things are looking up.

  7. Re:So, quantum cryptography is fundamentally flawe by TheLink · · Score: 4, Insightful

    Thing is nowadays TB drives are quite cheap. Generate a huge OTP, spread it over three drives at A, spread it over another three drives and send all three to B via three different couriers/paths. Add ECC if you want.

    If they all made it safely without interception. You've got your secure channel. 1TB/128kbps = 2 years. 1TB/256kbps = 1 year.

    You could send more than one set of drives. When they all arrive, you tell the "B" let's start with drive set #5.

    --