Read our COVID-19 research and news.

Maksim Kabako/Shutterstock

Quantum Cryptography Is Safe Again

In theory, so-called quantum cryptography provides a totally secure way of sending information. In practice, maybe not. But now physicists have demonstrated how to close a technological loophole that could have left secrets open to eavesdroppers.

Suppose Alice wants to send Bob a secret message. In ordinary cryptography, she can convert the message to binary numbers—i.e., a string of 0s and 1s—and then scramble it by combining it mathematically with another string of random 0s and 1s, which serves as the key. Bob then uses this key to undo the scrambling and read the message. Of course, to make the scheme work, Alice must pass the key to Bob without letting it be intercepted by an eavesdropper, Eve.

Quantum cryptography introduces a twist—literally. Alice passes Bob the key by encoding it in single photons, which can be polarized horizontally to signal a 0 or vertically to signal a 1. If this were all there were to it, then Eve the eavesdropper could also read the key and then pass the photons to Bob. But Alice can also randomly rotate her transmitter to send photons polarized diagonally at plus or minus 45° some of the time. When her transmitter isn't aligned with Bob's receiver, the key transmission becomes ambiguous: For example, if Alice sends a photon polarized at 45° and Bob has his detector set to the horizontal-or-vertical orientation, then according to the rules of quantum mechanics, Bob will register a horizontal click with 50% probability or a vertical click with 50% probability. That's no problem, as after the transmission of stream of photons, Alice and Bob can tell each other for which photons their devices were aligned and use only those to define the key.

All this twisting shuts Eve out. Eve doesn’t know which orientations Alice and Bob are using, and if she guesses wrong she'll disturb the photons in a detectable way. For example, suppose for a particular photon both Alice and Bob have their apparatuses set in the horizontal-vertical orientation, but Eve has hers set at 45°. Then, according to quantum mechanics, her measurement of the photon will change its state and leave it polarized at plus or minus 45°. This will then ruin the perfect agreement that Alice and Bob should see. Later, when they compare notes, they will spot errors and realize that someone has tampered with the transmission.

However, in 2010, an international team of researchers showed that Eve could hack the system by exploiting a weakness in the so-called avalanche photodiodes (APDs) used to detect the individual photons. The problem is that APDs react differently to intense pulses of light than they do to single photons, so that the energy of the pulse must exceed a threshold to register a hit. As a result, all Eve has to do is intercept the single photons, make her best-guess measurements of their polarizations, and send her answers off to Bob as new, brighter pulses. If she guessed right and measured the photons with her apparatus in the same orientation as Alice and Bob's, then Bob's apparatus would interpret the bright pulse just like a single photon. But if she guessed wrong, so that she sent Bob a bright pulse whose polarization was off-kilter relative to the orientation of his apparatus, then Bob's apparatus would actually split it into two dim pulses. Neither of these would be strong enough to make Bob's detectors fire. So Bob would never notice the events in which Eve messed up the polarization of the photons. And he wouldn’t notice the loss of pulses, as a lot of photons never make it from Alice to Bob anyway because of detector inefficiency.

Last year, physicist Hoi-Kwong Lo at the University of Toronto and colleagues claimed to find a way around the problem. In the new protocol, Alice and Bob would begin the creation of a quantum key by sending randomly polarized signals to Charlie, a third party. Charlie would measure the signals to determine not their actual polarization, but only whether the polarizations were at right angles. For instance, if Alice sent a vertical signal and Bob also sent a vertical signal, Charlie would signal "no." But if Alice sent a vertical signal and Bob sent a horizontal signal, Charlie would signal "yes." Once Bob heard a "yes," he would simply twist his signal by 90° to make it the same as Alice’s—and this would form the quantum key. The trick here is that Charlie merely compares the polarizations of the photons without determining what they are, so there can be no splitting of photons, and no half-strength signals. As a result, no tampering by Eve would go unnoticed. Even if she peered over Charlie’s shoulder, she would know only whether Alice’s and Bob’s signals were correlated—never their actual values.

Lo and colleagues just presented their idea. Now, in papers in press at Physical Review Letters, two independent groups of physicists have shown that the new protocol works. Wolfgang Tittel and colleagues at the University of Calgary in Canada placed Charlie’s detector on the Calgary main campus, Bob’s signal-generator in a lab 6 kilometers away, and Alice’s signal-generator in another lab 12 kilometers away. Although the researchers did not have Bob and Alice generating random signals as truly secure cryptography requires, they did show that the signal timings and measurements could be performed over such great distances. Meanwhile, Jian-Wei Pan at the University of Science and Technology of China in Hefei and colleagues have demonstrated the quantum-cryptography protocol with random signals, albeit just in the lab.

Does this mean that quantum cryptography is safe after all? Grégoire Ribordy, CEO of the Swiss company ID Quantique, which makes commercial quantum cryptography, says that practical systems had already largely got around the blinding loophole by continuously adjusting the detectors, so that they are always reacting differently to incoming photons. Such a countermeasure makes it very difficult for Eve to thwart the security, because she would have to continuously tailor her strong light signal. But Ribordy adds that the demonstration of the new protocol by Tittel and others is welcome for developing future systems: “The short answer is that it is very interesting—although it is not yet mature enough to implement, from a practical point of view.”