WHY THIS MATTERS IN BRIEF
Quantum communications systems, and quantum encryption, are supposed to be unhackable, but they aren’t.
According to experts, and the pioneering companies looking to commercialise the technology, the greatest promise of quantum communications, such as the world’s first quantum video call that took place recently, that use the spooky action of quantum mechanics to send information, is the apparent fact that they offer “perfect, unhackable privacy.” In short, the ability to send a message from one point in the universe to another in a way that the very laws of physics themselves prevent a hacker from intercepting them or an eavesdropper from listening in on them. And that is one of the major reasons why defence companies and governments are all scrambling to get into the sector, and develop the technology to a point where they can use it to protect their own secretive communications.
For hackers, saying that anything is unhackable is like a red flag to a bull. Since the first commercial quantum cryptography systems became available in the early 2000s, people have repeatedly attempted to bring them down, and with some significant success, but all the attacks so far have exploited the variety of imperfections in the equipment used to send the quantum messages rather than trying to intercept the messages themselves. And in doing so, hackers have shown that even if the laws of physics do offer perfect security, equipment itself can never be perfect, and these imperfections create loopholes that they can exploit.
The result of all this hacking was that quantum physicists were forced to respond quickly and develop new quantum protocols that don’t depend on equipment. So called “Device-independent quantum cryptography” they believed offered perfect security even when the equipment is less than perfect. At least, up until now that was the theory. But the frightening truth about implementing quantum cryptography is that somebody, somewhere might have overlooked something important, and that this oversight will enable a hack.
This week, Xiao-Ling Pang and colleagues at Shanghai Jiao Tong University in China say they’ve found one of those overlooked factors, and that thanks to that discovery they’ve managed to hack device-independent quantum cryptography with a frighteningly high success rate.
First some background. Most quantum encryption systems encode information using photons. Alice sends the photons to Bob, who measures them to reveal the information.
This process, and this part is crucial to the belief that quantum communications are unhackable, relies on the fact that measuring the quantum properties of a photon always changes the information it carries. So if any eavesdropper is tuning in, Alice and Bob can spot Eve’s presence by the changes she introduces to the original photons that were used to construct the original message. And if they find evidence of eavesdropping, they begin their message again. Indeed, they keep re-sending the data until they can be sure nobody has overheard it.
Of course, Alice can’t use this technique to send a private message, because it’s only possible to detect Eve after she has listened in. Instead, Alice uses it to send Bob a key, a one time pad, that he can use to encrypt a message and send it over a classical channel. A one time pad is provably secure – that is provided nobody else knows the key.
But various cybersecurity researchers have found ways to hack this kind of system. A shortcoming they’ve exploited is that the data is often encoded in the polarization of a photon, for example, a vertically polarized photon might encode a 1 and a horizontal polarization a 0.
One current quantum hack is to shine a high-powered laser into the equipment itself so that it reflects off the polarizers inside. The reflections reveal the orientation used to polarize and encode the outgoing photons. And that reveals the code. So to counter this physicists developed ways to prevent these reflections.
Now here comes Pang and team, who say they’ve found an entirely new way to attack quantum communication that doesn’t rely on these reflections. The new technique hinges instead on an effect called “Injection locking.” This is a method of changing the frequency of a laser by injecting photons with a different seed frequency into the lasing cavity. Provided the difference in frequency is small, the laser eventually resonates with the seed frequency.
Pang and his team inject photons into Alice’s laser so that they change the output frequency. But this only works if Pang’s photons can pass through the polarizer into the lasing cavity. To ensure that this happens, Pang and co inject four photons, each with a different orientation – horizontal, vertical, and plus or minus 45 degrees. They then wait to see whether this changes the frequency of Alice’s outgoing photon. If the frequency is altered, then the polarization of the incoming photon must have matched the outgoing one.
And that reveals the code without measuring the polarization of the outgoing photon which makes the new quantum hack undetectable to either Alice or bob. The team then change the frequency of this photon back to the intended frequency and send it on to Bob, who is none the wise, and there you have it – a breakthrough quantum hack that breaks quantum communications hitherto lauded “unhackable” status, and reveals the quantum information to Eve without Alice or Bob’s knowledge.
Pang say they’ve tested the approach with remarkable results.
“We demonstrate that Eve can control Alice’s source by forcing her laser resonant at a designed frequency,” they say. “We obtain a hacking success rate reaching 60%.”
That’s interesting work that outlines yet another step in the cat-and-mouse game of quantum hacking. Obviously, the next step is to find ways to prevent injection locking, and Pang and co have made the first attempts. They say an obvious countermeasure is to use devices known as isolators, which allow photons to travel in one direction but not the other.
However, these devices are by no means perfect. They usually allow photons to travel in one direction but merely reduce the number that can travel in the other.
During their experiment Pang included isolators in the teams setup that reduced the transmission of unwanted photons by up to 3 decibels. This reduces the hacking success rate to 36%, which they describe as “still considerably high information leakage.”
Of course, it’s not hard to think of other ways to reduce the effectiveness of this kind of attack. But there is a bigger message here – that flaws in device-independent quantum cryptography are still coming to light.
“The main message we would like to deliver here is that there may exist many other physical loopholes,” said Pang, and that’s an important message, especially as there are now a variety of companies that are now offering commercial quantum cryptography services with the “promise of privacy beyond that achievable with classical systems.” So undoubtedly this kind of work is likely to give them, and their customers, some sleepless nights.
Ref: arxiv.org/abs/1902.10423 : Hacking Quantum Key Distribution via Injection Locking