Researchers test quantum encryption hacking risk

May 28, 2013
This image illustrates the standard assumption made in quantum cryptography, namely that the devices, such as photon sources and detectors, used by the honest parties, "Alice" and "Bob," are completely trusted (yellow boxes indicate the trusted region), whereas the channel connecting Alice and Bob may be controlled by an adversary. Credit: Renato Renner.

( —Quantum communication systems offer the promise of virtually unbreakable encryption. Unlike classical encryption, which is used to send secure data over networks today and whose security depends on the difficulty of solving mathematical problems like the factoring of large numbers, most quantum encryption schemes keep the encryption key separate from the data. This approach ensures that an eavesdropper with access only to the data could not decipher the key. However, researchers have recently demonstrated that even quantum encryption may be susceptible to hacking.

In a presentation next month at the Conference on Lasers and Electro-Optics (CLEO: 2013) in San Jose, Calif., Renato Renner of the Institute for in Zurich will discuss how he and his team of are working on new ways to calculate the failure probability of certain schemes. The numbers would allow users to estimate how likely it would be that an adversary could read their secret messages—information that is critical for ensuring the overall security of quantum communications.

Quantum key distribution (QKD) is a kind of quantum encryption in which a secret password is shared between two distant parties (usually named Alice and Bob in thought experiments). The secret password, or key, is distributed as bits of quantum data, so that if an eavesdropper (usually named Eve) tries to intercept the message, the bits will be disturbed and Alice and Bob will know the transmission has been compromised. If the key is not disturbed, it can be used to encode messages that are sent over an insecure channel.

"The security of Quantum Key Distribution systems is never absolute," says Renner. He notes that the security of QKD systems depends on three assumptions: the initial secrecy of the password, the correctness and completeness of , and the reliability of the devices in the quantum communication system.

In device-independent cryptography, the required trust is much smaller (indicated by the smaller yellow boxes). Here, security is guaranteed even if Alice and Bob's devices do not work according to their specifications. Credit: Renato Renner.

Recent work by other research groups has illustrated how real-world devices that are not 100 percent reliable can leave weaknesses in schemes that may be exploited by a clever hacker. For example, the photon detectors used in QKD should click with a certain probability whenever a photon is detected, but in practice the devices can be "blinded" by a strong light pulse and not click. "In fact, an adversary may use strong light pulses to 'remotely control' the detector," says Renner.

Since such bright light hacking techniques were first demonstrated in 2010, physicists have been keen to find ways to calculate the security of quantum without making assumptions about the reliability of the devices. The quest has generated a lot of interest in a field called device-independent cryptography.

"In device-independent cryptography, the proof of security is based solely on directly observable correlations between sender and receiver, and it does not matter how these correlations have been established," says Renner. "Even if the detectors were blinded, for instance, as long as they produce the right correlations, a secret key can be extracted from them." This differs from the traditional approach to calculating quantum encryption security, which is only valid in the nearly impossible case of the devices working exactly according to theoretical specifications.

Renner and others are working on theory-based calculations that establish the device-independent security of certain QKD systems. "With modern proof techniques, it is now possible to quantify their in terms of a 'failure probability,'" says Renner. "Specifically, it is possible to make claims such as 'the probability that this particular QKD system can be broken is at most 10-20,'" a vanishingly small number.

Renner notes that it is important to be able to reliably calculate the order of magnitude of the failure probability of an encryption system, whether it is tiny like 10-20 or significantly larger. "Compare it to an aircraft," he says. "Once we realize it is not 100 percent safe, we want to be sure that the failure probability is still small enough so that we are ready to carry the risk. If we have a system that may fail, but do not know how likely it is to fail, then we will probably not want to use it."

Explore further: Researchers discover new quantum encryption method to foil hackers

More information: CLEO: 2013 presentation QTu2C.1. "How secure is quantum cryptography?" by Renato Renner is at 2 p.m. on Tuesday, June 11 in the San Jose Convention Center. CLEO: 2013

Related Stories

Making quantum encryption practical

May 21, 2013

One of the many promising applications of quantum mechanics in the information sciences is quantum key distribution (QKD), in which the counterintuitive behavior of quantum particles guarantees that no one can eavesdrop on ...

Researchers weight safety of quantum cryptology

March 31, 2011

Scientists in Belgium and Spain have proved for the first time that new systems of quantum cryptology are much safer than current security systems. The study was published in the journal Nature Communications.

Making quantum cryptography truly secure

June 14, 2011

Quantum key distribution (QKD) is an advanced tool for secure computer-based interactions, providing confidential communication between two remote parties by enabling them to construct a shared secret key during the course ...

Quantum eavesdropper steals quantum keys

June 20, 2011

( -- In quantum cryptography, scientists use quantum mechanical effects to encrypt and then communicate confidential information. Although quantum cryptography codes are unbreakable in principle, even the best ...

Recommended for you

Sci-fi holograms a step closer with tiny invention

January 24, 2017

Australian National University physicists have invented a tiny device that creates the highest quality holographic images ever achieved, opening the door to imaging technologies seen in science fiction movies such as Star ...

Experiment resolves mystery about wind flows on Jupiter

January 23, 2017

One mystery has been whether the jets exist only in the planet's upper atmosphere—much like the Earth's own jet streams—or whether they plunge into Jupiter's gaseous interior. If the latter is true, it could reveal clues ...

1 comment

Adjust slider to filter visible comments by rank

Display comments: newest first

not rated yet May 28, 2013
Quote: Most quantum encryption schemes keep the encryption key separate from the data. This approach ensures that an eavesdropper with access only to the data could not decipher the key.

Since 2007 the Freemove Quantum Exchange System is operational which achieves the same using true quantum randomness and information-theoretic provable security.

An example proof can be eg. found on

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.