The advanced technology was thought to be unbreakable due to laws of quantum mechanics that state that quantum mechanical objects cannot be observed or manipulated without being disturbed.
In quantum cryptography, regular information is encrypted and decrypted with a quantum key. Any attempts to copy a quantum cryptographic key in transit will be noticeable as extra noise, and cause the communication to be aborted.
But a research team at Linköping University in Sweden claim that it is possible for an eavesdropper to extract the quantum cryptographic key without being discovered.
“We weren't expecting to find a problem in quantum cryptography, of course, but it is a really complicated system,” said Jan-Åke Larsson, an associate professor of Applied Mathematics at the University.
“The concern involves authentication, intended to secure that the message arriving is the same as the one that was sent,” he explained. “We have scrutinised the system as a whole and found that authentication does not work as intended.”
“The security of the current technology is not sufficient,” he said.
The currently-used Wegman-Carter authentication protocol requires users to share the key initially, before the quantum cryptographic channel is set up. This key is used to generate future quantum cryptographic keys.
By simultaneously manipulating the initial key and the regular message to be authenticated, an eavesdropper may compromise the security of quantum cryptographic authentication, the researchers suggest.
In a research paper, published in the International engineering journal IEEE Transactions on Information Theory, Larsson and his postgraduate student Jörgen Cederlöf have proposed a change in the quantum cryptography process that he expects will restore the security of the technology.
The researchers propose an additional, non-quantum exchange of a small amount of random bits that are separate from the quantum key. The modification is not expected to produce noticeable degradations in the performance of a quantum cryptography system.
While the researchers note that it is difficult to exploit the recently-exposed security gap, Larsson recommends usage of the modification, or an equivalent extra security measure in quantum cryptography.
“With our alteration, quantum cryptography will be a secure technology,” he said.
Quantum cryptography not yet perfectly secure, researchers say
By Liz Tay on May 13, 2008 4:47PM