Hacking quantum crypto not blindingly obvious after all

A recently proposed physical attack on a quantum cryptography system has been comprehensively rejected by researchers at Toshiba in Cambridge, who say that as long as the kit is all operating correctly, the so-called 'blinding' attack will not work.

A recently proposed physical attack on a quantum cryptography system has been comprehensively rejected by researchers at Toshiba in Cambridge, who say that as long as the kit is all operating correctly, the so-called 'blinding' attack will not work.

The protocols of quantum crypto are as safe as they ever were; any attempt to eavesdrop on the exchange of the keys to the cipher will disrupt the transmission, alerting the recipient that the message has been compromised and preventing the key exchange.

Faced with these impenetrable protocols, the Norwegian researchers focused their efforts on the physical system. They came up with the notion of ‘blinding’ the message detector - known as an avalanche photo detectors - with a bright laser beam. They contended that this would disrupt the hardware enough that errors thrown up by the act of eavesdropping would be lost in the noise. An eavesdropper could read off the keys, undetected.

However, the researchers at Toshiba’s Cambridge labs have challenged the attack in a letter published in the December issue of Nature Photonics. They say the hack would only work if a system had not been properly implemented:

"The attack will be ineffective on most single photon avalanche photodiodes (APDs) and certainly ineffective on any detectors that are operated correctly," the researchers write. "The attack is only successful if a redundant resistor is included in series with the APD, or if the detector discrimination levels are set inappropriately."

Further, the researchers say, the hack as described can be prevented by simply monitoring the photocurrent generated by the detector.

Those with access can read more from Nature Photonics here

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All