China’s Quantum Satellite Security Has Been Broken

China created a satellite for secure distribution of keys for encrypted data. The hope was that this would enable totally secure unbreakable transmission of the keys for coded data.

Quantum key distribution (QKD) is a secure communication method which implements a cryptographic protocol involving components of quantum mechanics. It enables two parties to produce a shared random secret key known only to them, which can then be used to encrypt and decrypt messages. It is often incorrectly called quantum cryptography, as it is the best-known example of a quantum cryptographic task.

Nextbigfuture was told by a quantum security expert (Cambridge Quantum Coomputing)that the QKD implementations of Russia and China have been broken via Quantum Hacking. Although QKD security can theoretically be unbreakable, the actual implementations are not perfect and have been broken. This is a constant battle of improving security and improved hacking.

Quantum hacking

Hacking attacks target vulnerabilities in the operation of a QKD protocol or deficiencies in the components of the physical devices used in construction of the QKD system. If the equipment used in quantum key distribution can be tampered with, it could be made to generate keys that were not secure using a random number generator attack. Another common class of attacks is the Trojan horse attack which does not require physical access to the endpoints: rather than attempt to read Alice and Bob’s single photons, Eve sends a large pulse of light back to Alice in between transmitted photons. Alice’s equipment reflects some of Eve’s light, revealing the state of Alice’s basis (e.g., a polarizer). This attack can be detected, e.g. by using a classical detector to check the non-legitimate signals (i.e. light from Eve) entering Alice’s system. It is also conjectured that most hacking attacks can similarly be defeated by modifying the implementation, though there is no formal proof.

An example of quantum hacking is in the paper, Laser damage attack against optical attenuators in quantum key distribution.

Many quantum key distribution systems employ a laser followed by an optical attenuator to prepare weak coherent states in the source. Their mean photon number must be pre-calibrated to guarantee the security of key distribution. Here we experimentally show that this calibration can be broken with a high-power laser attack. We have tested four fiber-optic attenuator types used in quantum key distribution systems, and found that two of them exhibit a permanent decrease in attenuation after laser damage. This results in higher mean photon numbers in the prepared states and may allow an eavesdropper to compromise the key.

Quantum Satellite Encryption Technology

Several other attacks including faked-state attacks, phase remapping attacks, and time-shift attacks are now known. The time-shift attack has even been demonstrated on a commercial quantum cryptosystem. This is the first demonstration of quantum hacking against a non-homemade quantum key distribution system. Later on, the phase-remapping attack was also demonstrated on a specially configured, research oriented open QKD system (made and provided by the Swiss company Id Quantique under their Quantum Hacking program). It is one of the first ‘intercept-and-resend’ attacks on top of a widely used QKD implementation in commercial QKD systems. This work has been widely reported in media.

The first attack that claimed to be able to eavesdrop the whole key without leaving any trace was demonstrated in 2010. It was experimentally shown that the single-photon detectors in two commercial devices could be fully remote-controlled using specially tailored bright illumination. In a spree of publications thereafter, the collaboration between the Norwegian University of Science and Technology in Norway and Max Planck Institute for the Science of Light in Germany, has now demonstrated several methods to successfully eavesdrop on commercial QKD systems based on weaknesses of Avalanche photodiodes (APDs) operating in gated mode. This has sparked research on new approaches to securing communications networks

The main instrument for transmitting is a “Sagnac effect” interferometer. This is a device which generates pairs of entangled photons, allowing one of each to be transmitted to the ground. This will allows Quantum key distribution (QKD) – the transmission of a secure cryptographic key that can be used to encrypt and decrypt messages – to two ground stations. QKD theoretically offers truly secure communication. In QKD, two parties who want to communicate share a random secret key transmitted using pairs of entangled photons sent with random polarization, with each party receiving one half of the pair. This secret key can then be used as a one-time pad, allowing the two parties to communicate securely through normal channels. Any attempt to eavesdrop on the key will disturb the entangled state in a detectable way. QKD has been attempted on Earth, both with direct line-of-sight between two observatories, and using fibre optic cables to transmit the photons. However, fibre optics and the atmosphere both cause scattering which destroys the entangled state, and this limits the distance over which QKD can be carried out. Sending the keys from an orbiting satellite result in less scattering, which allows QKD to be performed over much greater distances.

7 thoughts on “China’s Quantum Satellite Security Has Been Broken”

  1. Serves ’em right.

    I know darn well who stole my security clearance paperwork (as well as who let it happen).

  2. the enigma machine was thought to work like this, having one didn’t really give you any way of deciphering messages without knowing the encoding they were using, but this was broken by intercepting the codes they used and then later by brute forcing the language being output. but the underlying hardware was mechanical and could only be used to decipher messages remotely, no central system to intercept except that of the broadcast message….which wasn’t a hardware tamper per say.

  3. …If the equipment used in quantum key distribution can be tampered with…

    Is there any security construct that can’t be hacked even if you can tamper with the underlying hardware?

Comments are closed.