Quantum cryptography has been regarded as 100-percent protection against attacks on sensitive data traffic. But now a research team at Linköping University in Sweden has found a hole in this advanced technology. The risk of illegal accessing of information, for example in money transactions, is necessitating more and more advanced cryptographic techniques.

When you send an encrypted message via the computer network, one of the most difficult problems to solve is how the key should be transmitted. One way is to send it by courier (either by regular mail or, as in spy movies, a person with a briefcase attached to his wrist). Another way is a "public key," which is used for online banking and security functions in Web browsers (https://).

A courier must of course be reliable, otherwise there is a risk that the key will be secretly copied on the way. A public key is regarded as secure, since enormous calculations are required to break the long strings of data bits - some 2,000 - that make up the key.

But a new technology called quantum cryptography is supposed to be absolutely secure. Thus far, however, very few people have made use of it. It requires special hardware, for example with a type of laser that emits polarized light particles (photons) via optic fiber or through the air. Some companies and banks in Austria are testing the system, and trials are underway with satellite-TV transmission.

The security is guaranteed by the laws of quantum mechanics. Quantum-mechanical objects have the peculiar property that they cannot be measured upon or manipulated without being disturbed. If somebody tries to copy a quantum-cryptographic key in transit, this will be noticeable as extra noise. An eavesdropper can cause problems, but not extract usable information.

But Jan-Åke Larsson, associate professor of applied mathematics at Linköping University, working with his student Jörgen Cederlöf, has shown that not even quantum cryptography is 100-percent secure. There is a theoretical possibility that an unauthorized person can extract the key without being discovered, by simultaneously manipulating both the quantum-mechanical and the regular communication needed in quantum cryptography.

"The concern involves authentication, intended to secure that the message arriving is the same as the one that was sent. We have scrutinized the system as a whole and found that authentication does not work as intended. The security of the current technology is not sufficient," says Jan-Åke Larsson.

In the article, published in the journal IEEE Transactions on Information Theory, the authors propose a change that solves the problem.

"We weren't expecting to find a problem in quantum cryptography, of course, but it is a really complicated system. With our alteration, quantum cryptography will be a secure technology," says Jan-Åke Larsson.