Quantum cryptography is one of the most secure known means of transmitting data, due to the fact that even if a third party does intercept a quantum signal, that interference changes the encryption key, making the tampering apparent to parties at both ends. But a handful of quantum hackers at Norwegian University of Science and Technology in Trondheim recently performed successful hacks of two commercial quantum cryptographic systems — and they did so without leaving a trace.
Quantum encryption is based on the notion that you cannot take measurements of a quantum system without in some way disturbing it. A sender uses standard values of zeros and ones. That key is encoded into a beam of light using two different quantum states of photons. The receiver has a detector that measures the quantum states of the incoming photons. Anyone who messes with the signal in between will change it in some way, making it apparent to the sender and receiver that someone tampered with the signal.
The quantum hackers got around the rules of quantum physics by simply intercepting the incoming signal and generating a brand new one to send on to the receiver. To do so, they shined a continuous 1-milliwatt laser at the receiver’s detector, blinding it while they intercepted the sender’s signal.
But the trick is in how they blind the receiver’s detector. While blinded, it cannot act as a quantum detector, but it still functions as a classical light detector, reading a “one” if an extra bright pulse of light hits it, quantum properties of the light notwithstanding. So as the interceptor receives the sender’s signal, it pumps an extra bright pulse of light at the receivers’ detector every time it reads a “one” in the original signal.
In this way, the receiver still receives the correct signal from the interceptor even though it’s a forged signal. Since it’s a classical signal rather than a quantum one, quantum rules no longer apply and the sender and receiver aren’t made aware of the signal tampering.
The makers of the two quantum cryptographic schemes, Switzerland-based ID Quantique and Boston’s MagiQ Technologies, likely weren’t thrilled to find a hole in their systems but welcomed the news as it will help them to shore up weaknesses in their encryption schemes.