Is Quantum Cryptography About to be Hacked (again)?

I saw a curious note on the BBC teletext service saying physicists in Canada had just proved that the Heisenberg Uncertainty Principle wasn’t quite right and that therefore Quantum Cryptography was probably not as secure as we’d hoped.

The Heisenberg principle basically states that at quantum level (very small things) it’s impossible to measure the precise position and speed of anything (or measure any other two attributes). The more accurate a position reading, the less accurate the speed measurement, or if you measure the speed accurately the position will become uncertain.

However, quantum cryptography relies on is something much less weird to work practically – namely the Observer Effect, or Heisenberg’s Measurement-Disturbance Relationship. This is what the Canadian team were actually on about. You can find the paper causing all the fuss here:

Lee A. Rozema, Ardavan Darabi, Dylan H. Mahler, Alex Hayat, Yasaman Soudagar, and Aephraim M. Steinberg, Centre for Quantum Information & Quantum Control and Institute for Optical Sciences, Department of Physics, 60 St. George Street, University of Toronto, Toronto, Ontario, Canada M5S 1A7

The Observer Effect is much easier to understand. It says that when you measure some things you necessarily change them by the act of measuring. There are plenty of examples to choose from, like a volt meter in an electrical circuit connecting two hitherto unconnected points and allowing a current to flow that wasn’t there before the meter was introduced. If electronics isn’t your bag, consider measuring the tyre pressure on a car. When you apply the gauge a small amount of air escapes, so the pressure is obviously less than it was before you measured it.

As to whether it’s going to make a jot of difference to the safety of your credit card details, I highly doubt it. Quantum Cryptography is not widely used, although I believe laboratory experiments continue (notably British Telecom’s research lab in Ipswitch and latterly Raytheon BBN Technologies). And even then, it’s not at all clear whether this will make any difference to it.

So what is Quantum Cryptography in practice?

Unless you slept through ‘O’ Level (now GCSE) Physics at school, you’ll think you know what a polaroid is:  a filter that allows light waves through if the waves are oriented correctly and blocks them if they’re not; a bit like grating for light waves. Except, of course, they don’t behave like that in the real world, do they?

Please generate and paste your ad code here. If left empty, the ad location will be highlighted on your blog pages with a reminder to enter your code. Mid-Post

There’s the classic experiment where you take two polaroids and place them one in front of the other. If you have two polaroid sunglasses, try it now. If you have only one pair you could snap them in half to get two lenses, or just take my word for what follows.

As you look through the two lenses and rotate one they’ll either be transparent, black or at various states of fading in between. When the polaroids are aligned the theory says that all the light gets through, when they’re 90° apart then all the light will be blocked. But what about when they’re 45°apart? How come you can still see through? ‘O’ Level physics doesn’t want to bother you with quantum mechanics but as I understand it, this is caused by those pesky photons randomly changing direction all the time, and side-stepping the grill. There’s a random chance of photons still getting through, and it’s proportional to how far around the polaroid is out of alignment. Slightly out of line means most still get through, 45° means half get through and 90° means none get through.

Now suppose we’re sending information by polarising light and shoving it down an optical fibre; we send it through a polaroid. To measure the result we stick it through another polaroid at the other end, aligned at random. The sender’s polarisation pattern is secret at this time. If the receiving polaroid it a bit off, we’ll still get a signal but it will vary randomly. The thing is that there is no way of knowing whether we’re looking at a randomly corrupted signal, or whether all photons are getting through. However, we can record the results and if we’re later told what the polarisation settings were, we can discard the measurements we made with our receiving polaroid was set wrong and use simple error-correction techniques to make use of the remaining “good” data. The polarisation settings can be transmitted insecurely after the event, because they’re of no use to an attacker by then. This is subtle…

If someone decides to bung a polaroid in the middle of the line to try and examine our photons, unless they get lucky and have exactly the right polarisation every time then they’re going to filter off some of our the signal. This is going to show up as corrupted data by the recipient, and we’ll know we have an eavesdropper. When the correct settings are published, even if the eavesdropper gets to hear about them it will be too late – they will have corrupted the signal and given their presence away.

The current state-of-the-art in Quantum Cryptography relies on sending and detecting single or pairs of photons. Good luck with that one! It’s also not an easy thing to send and receive  a single polarised photon, so the research is looking towards simply swapping encryption keys for protecting the actual payload later. This is known as QKD – Quantum Key Distribution.

Suffice to say that this technique makes it impossible to eavesdrop on a line as to do so will corrupt whatever is being intercepted  and, with an appropriate protocol, it’ll be almost impossible to try this without being detected before any real data is exposed.

So why does the Heisenberg’s Measurement-Disturbance Relationship matter to all of this? Well, supposing someone was able to make a polarisation detector that could measure polarisation at any angle. With this they could read the polarisation of whatever was passing, and even if they destroyed it in doing so, they could re-transmit a new photon polarised the same way. Quantum mechanics currently says you can only test for polarisation in one plane (basis) at a time, so the eavesdropper couldn’t possibly do this. If quantum theory was actually wrong, someone would still have to find a practical way measure all-ways polarisation. Quantum Cryptography itself has practicality issues, this isn’t a reason to lose any sleep in the real world. A few companies offer QKD networking equipment, and demonstration networks come and go, but unless anyone can enlighten me, I’m not aware of any real-world users of the technology. Given the number of successful attack vectors found in all known experimental systems, it’s not surprising.

Please note – I am not a theoretical physicist; I’m looking at this from an application perspective. I’d love to hear from anyone with a full understanding of quantum mechanics able to shed further light on this, as long as they can keep it simple.

Leave a Reply

Your email address will not be published. Required fields are marked *