back to article Bulletproof quantum crypto dinged by implementation weakness

Security researchers have identified possible weaknesses in quantum cryptography implementations. A team from Linköping University in Sweden has also come up with suggestions about how the attack could be blocked. Quantum cryptography allows two users on an optical fibre network to exchange secret keys. It takes advantage of …


This topic is closed for new posts.
  1. Rich

    Not surprised - have you ever been to Linköping???

    Obviously these people had a fair bit of time on their hands to do this research, and good on 'em.

    ...BUT ...if you'd ever been to Linköping you would know why! I went there some years ago for an interview. It is the dullest, flattest, most barren, and dullest (have I mentioned that?) place I have ever been to (image the north pole with tufty grass).

    I didn't get the job. Mostly because the agency completely failed to match what they (Nokia) were looking for with what I did, but I'm sure my complete lack of enthusiasm for the place showed through too! The idea of working in an Ikea showroom (I kid you not) gave me the willies too :-)

    Odd thing is, some years later, I met some Swedish people in Germany who went to Linköping Uni, and they reckoned it was a swinging place! So, what do I know? Either that or there are two places with the same name.

  2. Gary

    Quantum crypto too easy

    So they worked out a complex way of getting partial key, great. But this becomes a man in the middle attach and prone to the issue that as soon as you leave or make a single mistake, you are noticed.

    You still have valuable data, but now they know and will be after you.

    From the depths of history (say about 5 years ago) there was a much better attack.

    Quantum key transport relies on groups or orthogonal detectors at each end of the link, such that as each entangled photon is received one measurement (e.g. polarization) is randomly made and the result stored. Later the other party, making random measures on the entangled pair of each photon you got passes their result table (in the clear) to you. (no risk here as the table is just random bits)

    By Xor'ing the tables together you get the crypto key to be used on subsequent comms.

    Here is the weakness: the random choice of measure is just that random, it is the comparison of the two tables that results in a key. If you could fix the random choice of one party to a known string then you can know what measure they will make and then be able to listen in, do what they would do and pass on the result.

    The easiest way to do that is simple, just send a burst of polarized light bright enough to blind one sensor of one party, before they get to exchanging keys. Then you know that from then on whatever random measurement choice they make the crypto bits will always come from the other channel.

    Hard to explain, but easy to do hence looking for my calculator.

  3. brian


    "I met some Swedish people in Germany who went to Linköping Uni, and they reckoned it was a swinging place! So, what do I know? "

    WIth only tufty grass and time on their hands - what do you think they did to pass the time?

    Swinging....... Hmmmm..... I'll bet it did not involve a pendulum-like oscillating seat.

  4. Mike Moyle

    Should have seen it coming, actually...

    " The underlying reason for this is that the authentication used, which is insensitive to such message changes when the key is unknown, becomes sensitive when used with a partially known key." the message is in a box and is both alive and dead until someone uses the crypto-key to look into the box.

    Dr Schrödinger would be so proud!

  5. Daniel B.

    Quantum Crypto

    I still don't really grasp on QC protocols. Basically, you send KeyLength+X bits from Alice to Bob, then Bob takes X bits at random, and cross-checks the value of said bits with Alice. If most of these are ok, then the bits (minus the ones used to verify) will be used as the encryption key.

    Except you can't really guarantee that the other bits did go through, as it is an entirely random occurrence on both sending and receiving. Of course, if there are too many failures in checking, you would know that (probably) someone's tapping in the conversation.

    Anyway, unlike current crypto systems, QC actually requires you to have a physical medium (fiber) running directly from sender to receiver. Kind of prohibitive for standard e-commerce, isn't it?

  6. Anonymous Coward
    Anonymous Coward


    "Dr Schrödinger would be so proud!"

    Would someone please ask the proud little fellow why the cat litter ALWAYS needs changing?

  7. Charles Manning

    Cat litter

    The turds are only in the litter if you look!

  8. ImaGnuber

    RE: Cat Litter

    No. If cat box not cleaned then cat pees on bed as a gentle reminder. I guess if the cat looks etc. then I look etc.


    @Daniel B

    "Kind of prohibitive for standard e-commerce, isn't it?"

    Sounds rather impractical for all but the most critical situations.

    Sounds like you and a few others follow this - what about linked photons (or whatever the term is) that we used to hear so much about? Needing a physical medium seems extremely limiting. Couldn't exactly use it for communications requiring a satellite link, for example.

  9. Lukin Brewer

    Superposing the themes here...

    Erwin Schrödinger (above left) ties in very nicely with swinging, being something of a ladies' man. Proving that it is possible to be a Romeo and a geek simultaneously (how does this compare with a cat being both alive and dead?), he would delay his climax by solving complex equations in his head. His famous wave equation is supposed to have originated during a tryst in the Austrian Tirol.

  10. CTG


    So if any keys that get observed in transit are discarded, this would seem to expose a fairly simple DoS attack. If you have access to the physical cable, you would just need to put on a device that observed all of the traffic in flight, and it would discard every key it tried to send. It would be fairly obvious you had done this, but if your goal was just to disrupt comms rather than intercept them, that would work fine.

    That would mean you'd need pretty good physical security on the fibre from source to destination, which would definitely bump the cost up a good deal.

  11. Anonymous Coward
    Paris Hilton

    @ brian

    'Swinging....... Hmmmm..... I'll bet it did not involve a pendulum-like oscillating seat.'

    Depends which catalogues you order from. Not that I have any experience of course.

    Paris, well... Obvious really innit...

  12. Anonymous Coward

    @Daniel B

    Nearly right, in fact you send Keylength*3 (say) qbits. The first keylength qbits allow us to check if line is being tapped, we share publicly which filter we used and the result of using that filter with other party, if when using same filter we have different readings (more than can be accounted for by noise) we know comms are being intercepted. (This is due to quantum! ie observing the qbit affects it's state.

    We can then use remaining Keylength*2 qbits to create the key, we form this by sharing with other party publicly the filters used for each qbit. Where we used the same filter we will both know what the polarisation of the qbit was and hence can use this info to create a key that can then be used for a more standard crypto system (ie a perfectly secure one time pad)

    </geek mode>

  13. Anonymous Coward
    Paris Hilton


    If you have physical access to the cable you can cut the fscking thing. That would be a pretty effective DoS attack too.

  14. Anonymous Coward

    @CTG and AC

    I like the JCB line of DoS tools myself, their fibre detecting units seem to be highly accurate....

This topic is closed for new posts.

Other stories you might like