Skip to main content

Quantum cryptography's security called into question

Quantum cryptography's security called into question


Research by physicists from the UK and Canada suggests that secure device-independent quantum key distribution cryptography might not be possible.

Share this story

Quantum cryptography has been championed as the next step in security, with companies and governments investing in the technology that's been widely believed to be totally secure. This belief was dispelled in 2010, as a group of researchers from the University of Toronto proved that a commercially available system called ID Quantique was all-too-easily broken. This news sparked investigation into device-independent cryptography, where imperfections in the equipment used could not damage the security of the system.

However, a group of physicists from the UK and Canada have realized a fatal flaw in any device using device-independent quantum key distribution (QKD) to send and receive data: the perfect security is based on a device only being used once. Because there's no easy way to look for loopholes in a cryptographic system, the team suggests that a malicious device manufacturer could easily create a unit which acts as a trojan horse. This could store the raw data before it's transmitted before sending it out as part of subsequent transmissions, rendering the security of the system useless. The only way around this problem would be to dispose of a transmitter after each message is sent, a move that the authors say would be costly and would "severely limit the practicality of device-independent cryptography."

Ultimately, this calls into question the viability of QKD as a totally unbreakable security system, and questions whether it's possible to actually create a secure system if you can't trust the source of the parts. The likelihood of insecure hardware being produced isn't addressed, though it's bound to concern those who have firm-held beliefs in the tech.

Image credit: Tim Gage / Flickr