"Unhackable" Quantum Encryption...well, not really...
Quantum communications and Quantum encryption have been touted as "unhackable", but thanks to "Injection Locking", Chinese researchers have found a way to do it without relying on the reflections of the polarizers inside the Quantum Encryption equipment. If I've lost you already, keep reading as I'll try to explain this in a somewhat easy-to-understand way...maybe.
A fair warning, the word quantum will be used a lot.
Quantum mechanics is strange; the way quantum networks function is by "entangling" particles - this means that you can link two or more particles so that they are in a shared state. This also means that whatever happens to one particle will affect the other, even if they are miles apart. When you share an entangled pair of particles between 2 separate locations, the quantum information can get across and "teleport" to the other location even if there's no physical connection between them.
The security behind quantum cryptography lies in the fact that being able to send a message from one point of the Universe to the other using the laws of physics should theoretically prevent any interception or eavesdropping. Successful attacks against quantum cryptography systems have exploited imperfections in the actual equipment that's used to send the quantum message, not the interception of the message itself. Even though the laws of physics can offer amazing security levels, no equipment can be perfect.
This led to the development of Device-Independent Quantum cryptography, which in theory delivers the promised land of perfect security, even if the equipment is not perfect.
But... there's always something important that gets overlooked.
Photon-Encoding Quantum Encryption Systems
The majority of quantum encryption systems work by encoding photons, and without writing a 500-page book explaining this, the tl;dr version is: Alice sends photons to Bob, and Bob measures said Photons to reveal the information. This method relies on the fact that if you measure the quantum properties of a photon, it will change the information it was carrying - again, quantum is strange.
This means that if there is an eavesdropper (Eve), Alice and Bob will know because Eve will introduce changes to the original message the photons were sending. This method is not used by Alice to send an entire private message, rather it's to send Bob a one-time key because if you were to send a message, you could only tell that Eve was listening after she's eavesdropped in.
Once this one-time key is received and validated by Alice and Bob, that key is then used to encrypt a message that's sent via a classical authenticated channel. As long as no one else knows it, a one-time key is pretty secure.
Well...researchers have found a way to hack this method - of course. The exploit relies on the way that the data is encoded, often by the polarization of a photon. In the first picture above, a vertically polarized photon would encode a 1 and a horizontally polarized proton a 0. The hack works by shining a very high-powered laser into the equipment so that it reflects off the polarizers inside, and those reflections would indicate the orientation used to polarize and encode the photons going to Bob, thus revealing the code.
领英推荐
So then developments were made to prevent these reflections.
Quantum Key Distribution Hacking through Injection Locking
Enter Xiao-Ling Pang and his team at the Shanghai Jaio Tang University in China, who say they've found a new way to hack quantum communications without relying on reflections. This technique relies on a method called "Injection Locking", which essentially sends photons with a different "seed frequency" into the cavity of Alice's laser. This ends up changing Alice's laser output frequency to resonate with the seed frequency. As long as Pang's photons are able to go through Alice's polarizer and into her systems laser cavity, then this hack is good to go.
According to their research paper, they inject 4 photons all with different orientations and then wait to see if this changes the frequency of Alice's outgoing photon. If the frequency is changed, then that means the polarization of the sent photon matches Alice's outgoing one. This method reveals Alice's outgoing code without any measurements of the outgoing photon polarization, which makes this quantum hack undetectable to Alice or Bob. Before Bob receives any photons, Pang's team (or Eve in the diagram above) changes the frequency of the photon back to the one Alice intended, remaining undetected.
Pang's team says they've tried this method numerous times, and have achieved a hacking success rate of 60%. Now that they've found this method, they're currently working on finding ways to stop it, and they call these devices "isolators", which allow photons to travel in one direction but not the other. The problem with isolators is that they don't work 100% as intended, as they reduce the number of photons that travel in the opposite intended direction. In their tests, isolators reduced their hacking success rate to 36%, a number they say is still considerably high.
The message behind this research is that Device-Independent Quantum Cryptography is still in its infancy, and more flaws and exploits will be found. There are companies now selling the promised land of "unhackable" security, but as we know now nothing is unhackable.
Super secure? Yes. Unhackable? Never.
Here are a few links if you want to read some more:
Link to the arXiv/Cornell University research paper, PDF download is top right: https://arxiv.org/abs/1902.10423
Link to Wikipedia if you want to learn more about the Quantum key distribution method: https://en.wikipedia.org/wiki/Quantum_key_distribution#Quantum_key_distribution_networks
Link to Wiki page about Injection Seeders: https://en.wikipedia.org/wiki/Injection_seeder
Strategist, Researcher, Hacker, Advisor, CISO/vCISO, Architect, and writer (Sidragon at Substack) Please remember Rule No. 1 "Do not act incautiously when confronting small bald wrinkly smiling men.
4 年Love it, HOWEVER, as it's stated (and hopefully folks worked out) this involved the current equivalent of having a keylogger on the computer...there's always going to be something that is the weak link in the chain, so we have to make sure (in this case) that the devices themselves are tamper proof etc.....it's always a chess game :) LOVED the article though!
R&D Security Researcher
5 年Sufyan A. Great post , thanks for sharing. Eli Benisty you'll find it interesting.
Business Advisor | Technology Strategist | Leadership Coach
5 年Interesting piece Sufyan A. it’s good to steer clear of the word unhackable (I’ve used the word “untaparable”) and Dr Pang should know, he’s behind some awesome demonstrations of QKD but the means by which he’s injecting into the “Alice” apparatus seems to assume a few things that would not necessarily be the case in a practical setting. Still, the fact that he’s modelling hacking and devising counter measures underlines China’s commitment, and indeed, leadership in QKD.
Cybersecurity/software/electrical engineer ?? Security specialist with a hand of steel, in a velvet glove
5 年Hi Sufyan A.?and Robin Salen, the two of you have similar interests??????? Thank you for sharing this, Sufyan. I haven't wrapped my head around the subject completely, but at first glance I'm extremely disappointed. You see, I was counting on?CV-QKD to save the world.? ref.: my comment in Robin's previous article https://www.dhirubhai.net/pulse/one-step-closer-quantum-cryptography-robin-salen/ Keep on sharing this interesting futuristic stuff, please. Cheers.