Quantum cryptography, considered to be one of the most complex and unbreakable methods of encryption, has been found to be vulnerable to attack, according to a major new study.
Published in Science Advances, the paper concluded that energy-time entanglement, which underpins many forms of quantum cryptography, is exploitable.
Researchers from Stockholm University and Linköping University observed in theoretical models and later in actual experiments that the critical security flaw could allow for attackers to “eavesdrop on traffic without being detected”.
“The energy-time entanglement technology for quantum encryption studied here is based on testing the connection at the same time as the encryption key is created,” the experts highlighted in an official press release.
“Two photons are sent out at exactly the same time in different directions. At both ends of the connection is an interferometer where a small phase shift is added. This provides the interference that is used to compare similarities in the data from the two stations.
“If the photon stream is being eavesdropped there will be noise, and this can be revealed using a theorem from quantum mechanics – Bell’s inequality.”
All that said, if the connection is actually secure – and therefore “free from noise” – the photons can be used as an encryption key. This ensures that your communication remains inaccessible and unreadable.
“IF THE PHOTON STREAM IS BEING EAVESDROPPED THERE WILL BE NOISE, AND THIS CAN BE REVEALED USING A THEOREM FROM QUANTUM MECHANICS – BELL’S INEQUALITY.”
What the researchers have therefore deduced from their experiments is that if the photon source is substituted with what they call a traditional light source, a particularly informed attacker can extract the code string.
Armed with that insight – i.e. they now know what the key is – the snoop can access the encrypted data surreptitiously, rendering Bell’s inequality-inspired security test redundant.
Writing about quantum cryptography last year, the information security consultant Rob Slade said that while he appreciates the idea behind it, “it is just another form of key exchange”.
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.