Researchers develop quantum encryption method to foil hackers

Researchers develop quantum encryption method to foil hackers

Summary: Researchers from the University of Toronto and the University of Vigo believe quantum cryptography is the solution to the hacker problem. They are turning their proof-of-concept into a prototype.

TOPICS: Security

Researchers say quantum encryption is what will finally stop hackers. University of Toronto Professor Hoi-Kwong Lo, a faculty member in The Edward S. Rogers Sr. Department of Electrical & Computer Engineering and the Department of Physics, as well as his team consisting of Senior Research Associate Dr. Bing Qi and Professor Marcos Curty of the University of Vigo, say they have found a new quantum encryption method that can trip up even the most sophisticated hackers.

Quantum cryptography ensures that any attempt by an eavesdropper to read encoded communication data will lead to disturbances that can be detected by the legitimate user. As a result, quantum cryptography allows the transmission of an unconditionally secure encryption key between user1 and user2, even in the presence of a potential hacker, user3. The encryption key is communicated using light signals and is received using photon detectors.

The encryption key in quantum cryptography isn't some super-long password. Instead, it's made up of light signals and photo detectors. In previous versions of the quantum key distribution (QKD) method, hackers could alter commercial QKD systems. In other words, the challenge is that user3 can intercept and manipulate the signals. Quantum hacking occurs when light signals subvert the photon detectors, causing them to only see the photons that user3 wants user2 to see.

Now, Professor Lo and his team say they have come up with a solution to the untrusted device problem: the "Measurement Device Independent QKD" method. While a potential hacker may operate the photon detectors and broadcast measurement results, the two users no longer have to trust those measurement results. Instead, they can simply verify the hacker's honesty by measuring and comparing their own data. This works because when user3 attempts to manipulate the photons that transmit quantum data, he or she also inevitably introduces subtle changes in the data stream.

In Measurement Device Independent QKD, the two users send their signals to an untrusted relay, user4, who may or may not be controlled by user3. This fourth party performs a joint measurement on the signals, providing another point of comparison.

"A surprising feature is that [user4]'s detectors can be arbitrarily flawed without compromising security," Professor Lo said in a statement. "This is because, provided that [user1] and [user2]'s signal preparation processes are correct, they can verify whether [user3] or [user4] is trustworthy through the correlations in their own data following any interaction with [user3/user4]."

A proof-of-concept measurement has already been performed. Professor Lo and his team are now developing a prototype, which they expect will be ready within five years.

Disclaimer: I attend the University of Toronto.

See also:

Topic: Security

Emil Protalinski

About Emil Protalinski

Emil is a freelance journalist writing for CNET and ZDNet. Over the years,
he has covered the tech industry for multiple publications, including Ars
Technica, Neowin, and TechSpot.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • What good is this if

    What good is this if you keep your customers passwords in clear text? Or use poor passwords. What is being used now is fine its humans that are the weak links.
    • Most passwords are very simple

      Which is a big part of the problem right now. People (I am guilty of this on most sites as well) use very very very weak passwords 99% of the time, save on financial data websites.
  • Heard this before

    New and improved, will keep out hackers.
    Heard that many times before.
    Ten minutes after it comes out someone will prove them wrong.
    • Not for storage but for communication, and in that context, 100%

      Nope. Quantum encryption is absolutely 100% un-hackable. Actually, that's not even quite true, it is just as hackable as any other kind of transmission, but what makes it special is that the receiver [i]will know right away that they have been intercepted.[/i] Thus, they can stop transmitting until a secure channel is established.

      There are fundamental laws of physics at play here. No "clever" computer algorithm can change the laws of the universe.
      x I'm tc
      • ...

      • ...

        x I'm tc
      • Well...

        If the hacker can intercept the link at both ends before the communications starts, he can MITM them anyway. Adding a 3rd party? Whatever, MITM that guy too - because how can you tell the difference? If there are no shared secret in advance, you can't prove you aren't MITM'd. You can only prove that *after* the first communication when a shared secret has been established.
      • Never

        Never say never, it can come back and bite you on the backside. Computer history is full of those "Never can happen" statements that were proved wrong over the years. There's some hacker out there that will figure out a way to stealthily intercept....
  • 5 years

    When a professor says 5 Years, you know he is dreaming and just looking for grant money. There is nothing here. Not saying that this idea could work is just so far into the future.
  • Expect the FBI and CIA...

    Expect the FBI and CIA to go to them whining and crying for a backdoor... They have a habit of doing this.... Back in the early 90's when we were all using modems and encryption software was on the rise, they went begging for backdoors and said they were spending too many man hours decrypting communication... Mind you, these were going over normal phone lines.

    If you read between those lines, they were recording everything that went over those phone lines... from anyone and everyone...

    When someone finally does develop unbreakable encryption, they better flood it out there where it can't be stopped... They should have pulled an Apple and saved the announcement for after it was done and shipped around the world... Certain governments do not want encryption like that making it out into the world. If it is unbreakable encryption, counter-intelligence will become a dinosaur overnight.
    • lol you've watched too many episodes of X-files

      There's already plenty of encryption that's so good you'd need to book several years of supercomputing time to break and yes that includes the feds too, unless you think they have some secret way of breaking AES that they are not telling us about! As pointed out the weak link is usually humans not the encryption itself.
  • Heisenberg Uncertainty Principle and alse positives

    I see two problems with this:
    [b]Problem 1:[/b] The Heisenberg Uncertainty Principle, upon which quantum cryptography is based, would likely produce many false positives for hacking. This is because anything could alter the data-stream to trigger the flag.

    [b]Problem 2:[/b] Provided problem 1 is solved, the application of the Heisenberg Uncertainty Principle would make is easier for a hacker to launch Denial of Service (DOS) and DDOS attacks by simply sending noise into the data stream.