Practical man in the middle attack against quantum crypto published.

01 September 2010

A long-standing problem in cryptography has been the sharing of secrets (understatement of the century, right?) Assuming that your communication medium can't be trusted because anyone and everyone could be listening in, how do you distribute keys to everyone you want to securely contact? The most obvious method is to meet up with everyone and hand them the keying material personally. However that way fraught with problems, from your courier getting ganked for the keying material to a simple matter of common sense: if you're going to meet with the intended recipient, why not just tell them and not bother with encryption? Then public key crypto came along and it works but it's difficult to explain to people in a manner that makes them want to use it (I'm working on that) and you can't always believe that the person whose name is on the key is the person you really want to send encrypted messages to. Then quantum cryptography was invented in an attempt to help solve the key distribution problem. Long story short (and doing it no justice at all), entangled pairs of photons will either pass through sets of filters or will not depending on their polarization; call one orientation '0' and the other '1'. If a third party observes the polarizations of the photons by sticking a detector in the beam of light at least half (statistically speaking) of the photons/bits will be wrong due to the Heisenberg uncertainty principle. The other party you want to communicate with measures the polarizations of the photons and uses them to generate the key to decrypt a message received by some other means. If someone tries to tap the keystream the key will be bad. Right?

Nobody ever figured that an attacker might re-transmit the key after intercepting it.

Yep.. a team of cryptographers at the Norwegian University of Science and Technology, headed up by one Vadim Makarov found a way. Their attack requires the third party (traditionally referred to as Eve) to shine a laser not much more powerful than a laser pointer on the other party's detector (used to record the qubits of the crypto key) and intercept the beam of light with a photodetector. This might take a bit of hardware hacking to pull off, like splicing optical fibre someplace or doing a bit of jiggery pokery on the physical connections somewhere along the line without anyone noticing. The thing about photodetectors is that they also pick up variances in light in addition to polarization of photons. So the attacker figures out which qubits are 1's and fires a slightly brighter pulse of light at the other side's detector, where it is registered as one of the bits of the crypto key. The team that published the attack against a number of commercial quantum crypto systems has a website detailing their research, from reverse engineering the modules to the equipment they used for the tests. Pretty clever stuff. Quantum crypto isn't yet in wide enough use for anyone to need to worry about attacks like this (though the early adopters are no doubt cursing and wailing) but some serious rethinking is going to be required in the near future to fix this problem.