Published online 25 October 2011 | Nature | doi:10.1038/news.2011.611

News

Faked 'entanglement' result challenges cryptographic technique.

Quantum cryptography is supposed to be practically uncrackable, but hackers have repeatedly found ways to beat the system. VOLKER STEGER/SPL

Hackers have cheated a gold-standard test of quantum cryptography. By using lasers to help fake the quantum property of entanglement, they have called into question attempts to build uncrackable cryptographic systems.

Quantum cryptography — which uses the quantum states of light particles called photons to encode information for transmission — exploits the fact that measurements cannot be made of a quantum system without disturbing it. This means that, in principle, it is impossible for an eavesdropper to intercept a quantum encryption key without disrupting it and triggering alarm bells. In practice, however, technological weaknesses in the apparatus provide openings for hackers. In 2010, two independent groups successfully cracked two commercial quantum cryptographic systems and evaded detection1,2.

"There have been some strong statements about quantum cryptography being robust against any attack," says Christian Kurtsiefer, an expert on quantum optics at the Centre for Quantum Technologies of the National University of Singapore. "But it isn't that simple."

These breaches have spurred physicists to try to build more complex devices that can both generate a quantum key — encoding classical bit values of 0 and 1 in two different polarization states of photons — and incorporate a watertight push-button test to certify that the key is still secure, says Kurtsiefer. This strategy uses a string of entangled photons — light particles that are twinned in such a way that measuring the polarization state of one instantaneously modifies the polarization state of its partner. Two parties — 'Alice' and 'Bob' — share a quantum key by each taking one member of each entangled pair generated.

Any attempt to eavesdrop by intercepting either Alice or Bob's photons will destroy the entanglement. To check whether this has happened, the system incorporates a standard entanglement test, known as a Bell test, that compares how well the polarizations of Alice and Bob's photons match up: if the particles are correlated above a certain threshold, then entanglement is confirmed, and the key is certified as secure.

Correlation cheaters

But Kurtsiefer and his colleagues managed to cheat the Bell test. In the test, Alice and Bob's photons are picked up by detectors that differentiate between the polarization states that represent either 0 or 1. Kurtsiefer's team 'blinded' Bob's detector by shining a laser beam at it, and then intercepted his photons, reading off their polarization values. While blinded, the detector can be tricked into registering a value of '1' whenever the hacker fires an additional laser pulse at it. So when the researchers intercepted a genuine value of 1 in Bob's photons, they fired a pulse at his blinded detector — leading Alice and Bob's detectors to record fake correlations, mimicking entanglement. The results appear in Physical Review Letters3.

ADVERTISEMENT

An idealized Bell test should still have been able to identify these as counterfeit correlations because the team's signals could not have been perfectly matched to Alice's photons every time, notes Kurtsiefer. However, this was not flagged up because real Bell tests in the lab allow for a certain number of mismatches owing to imperfections in the equipment. "Even the best current photon detectors only catch a fraction of the photons in the apparatus," says Kurtsiefer.

This "detection loophole" allows hackers to disguise missed correlations as nothing more sinister than the expected inefficiency of the detector.

Antonio Acín, a quantum physicist at the Institute of Photonic Sciences in Barcelona, Spain, admits that, in the past, physicists have been tempted to ignore the detection loophole. "These devices are so technologically demanding that to make building them more feasible, we sometimes think of sacrificing robustness," he says. "This experiment proves that we must not do that."