A team of researchers has uncovered a new way to crack the security of quantum cryptography.
The researchers hailed from the Norwegian University of Science and Technology in Norway as well as the University of Erlangen-N??rnberg and Max Planck Institute for the Science of Light in Germany. Their findings revealed a way to remotely control photon detectors, key components of most of today’s quantum cryptography systems.
According to the researchers, quantum key distribution (QKD) implementations rely on the detectors to measure the quantum property of single photons. Using bright illumination, the team demonstrated how two commercially available QKD systems-id3110 Clavis2 and QPN 5505, developed by vendors ID Quantique and MagiQ Technologies, respectively-can be fully remote-controlled.
“This makes it possible to tracelessly acquire the full secret key; we propose an eavesdropping apparatus built from off-the-shelf components,” the team wrote. “The loophole is likely to be present in most QKD systems using avalanche photodiodes to detect single photons.”
The method relies on being able to manipulate the single photon detectors into entering a “classical state”, where they are not single photon sensitive any more and therefore respond only to bright illumination, Lars Lydersen, a Ph.D. student at the Norwegian University of Science and Technology who worked on the project, explained to eWEEK.
“Thus it can be applied to every system where one is able to keep the detectors in this “classical state” without being detected,” he said. “I don’t know if this is the case for systems other than the [ones] we have tested…hopefully all new detectors and systems are made such that they are not vulnerable to this type of attack.”
The security of quantum cryptography relies not only on quantum physics, but also proper implementation, said Gerd Leuchs of the University of Erlangen- N??rnberg and the Max Planck Institute for the Science of Light.
“This fact was often overlooked in the past,” he said in a statement.
The team wrote that both ID Quantique and MagiQ Technologies were notified about the situation before the information was published. Quantique has implemented countermeasures, and MagiQ Technologies’ QPN 5505 system has been discontinued, according to the researchers.
*This story was updated to include additional comment.