« US higher education | Main | Robot built to spy on whales »

Quantum cryptography is hacked

Simulation proves it's possible to eavesdrop on super-secure encrypted messages.

A team of researchers has, for the first time, hacked into a network protected by quantum encryption.

Read the story here.

Posted by Nicola Jones on April 27, 2007 05:57 PM |

TrackBack

TrackBack URL for this entry:
http://blogs.nature.com/cgi-bin/mt/mt-tb.cgi/2415

Comments

I must admit I'm one who thought that we might have found a truly unique solution to our online security needs with the use of quamtum cryptography. While we know that there will always be people who will come up with ways to overcome the latest protection techniques the effort to do so must be made difficult. Today's criminals have the money, time and reasons to exploite advanced systems. Our banks, credit card companies, government agencies (IRS)etc and have done their financial analysis and decided that even though they know that today's firewall, antivirus security software/hardware is not safe the financial rewards they garner equate to billions in profit. They continue to push people into using the net to do transactions. While I think technology has benefited us greatly, the dark side remains and we must get a handle on overcoming it.
Somehow,

Posted by: Courtney Benson | April 29, 2007 02:01 PM

What if an easedropper measured the photon and generated another photon to replace the photon that was altered by measuring its polarity?
How would the receiver know it was not a "cloned" photon?

Posted by: James Bond | April 29, 2007 06:47 PM

The article's title says "Quantum cryptography is hacked" but the article itself says, several times, "Quantum cryptography is not hacked, this can't work in reality".

As someone with a background in both cryptography and quantum mechanics, I find this article to be ridiculous, and cannot justify its existence.

Have you ever heard of yellow journalism? Look it up.

Posted by: Richard | April 30, 2007 02:02 AM

This story is highly misleading. In particular when you write


Most researchers consider such quantum networks to be nearly 100% uncrackable. But a group from the Massachusetts Institute of Technology (MIT) in Cambridge was able to 'listen in' using a sort of quantum-mechanical wiretap.

it falsely implies that some controversy exists over the security of quantum key distribution (QKD).

In fact, everyone in the field agrees that QKD is absolutely secure if we assume the laws of quantum mechanics are valid and that both parties properly implement their halves of the protocol. (And some recent work has been able to relax both of these assumptions.) While proper implementation is not easy, and bad implementations can definitely be insecure, the Shapiro et al. experiments should not change our belief that secrets can be made arbitrarily secure using quantum communication. In fact the security proofs encompass the James Bond attack, the Shapiro et al attacks and any other possible attack that doesn't involve breaking into the labs of one of the communicating parties.

Perhaps to be clear you should properly define what cryptographers mean by "arbitrarily secure." This means that the communicating parties choose a parameter p such that an eavesdropper cannot guess a single bit of the message with success probability greater than 1/2 + p. (Random guessing gets the right answer half the time.) If p is chosen to be 1/10, then the protocol is not very secure. But p could be chosen to be 1 in 10^100 with only a moderate increase in effort. This is not "perfect" security, but neither is it surprising.

Posted by: Aram Harrow | April 30, 2007 12:12 PM

This article is a misrepresentation of the PRA article and is highly misleading to anyone outside the field. The type of eavesdropping attack performed by Shapiro et al has been known to the quantum crypto community for almost decade. Furthermore, the authors of the PRA did not attempt to make use of privacy amplification, a technique which eliminates any residual information gained by an eavesdropper. Privacy amplification would certainly be used by anyone serious about performing quantum cryptography, as it is known to be necessary for complete security. (All of these facts were clearly addressed in the PRA). Thus the research, while important to the field, is not a revelation of an unsuspected weakness in quantum cryptography as the Nature article implies.

Posted by: Ryan Bennink | April 30, 2007 04:06 PM

Post a comment

Comments will be reviewed by staff before being published. You can be as critical or controversial as you like, but please don't get personal or offensive, and do keep it brief. Excessively long entries may be cropped. Remember this is for feedback and discussion - not for publishing papers or press releases.

We strongly encourage you to use your real, full name. Email addresses are required: this is just in case we need to discuss your comment with you privately. They won’t be published.


Please enter the numbers you see below - this helps us to cut down on spam. If you are having trouble with this system, you can instead e-mail a comment to 'inthefield at nature.com'.

Search