This white hat hacker cracks quantum encryption for fun and profit

In quantum communication, messages are sent from Alice to Bob. But if you’re hacked, Eve gets the information instead.

I spent the morning at the Waterloo, Ontario Institute for Quantum Computing, one of the world’s top quantum computing and nanotechnology labs. In a brand-new 235,000 square foot, $160 million dollar facility that, inside, looks like the starship Enterprise, I met Alice and Bob.

They weren’t very talkative, of course — they’re computers.

“In quantum cryptography, you’re sending information from A to B … we call A ‘Alice’ and B ‘Bob,'” says Martin LaForest, PhD and a senior manager at IQC. “The eavesdropper, naturally, is Eve.”

Above: “Bob” receives quantum communications

Image Credit: John Koetsier

One part of the vast facility is given over to Vadim — last name not given — who hacks commercially-available quantum communications devices like these two from ID Quantique for fun and profit. The fun is the success, and the profit is that ID Quantique lets him keep Alice and Bob, and even sends him more machines — as do other quantum cryptography companies.

“He’s sort of offering a service to the community,” LaForest says. “If you think you have a good quantum key distribution system, give it to me … and I’ll give it my best shot. And so far, he’s very good.”

Modern cryptography is based on our inability to quickly solve challenging mathematical problems, such as the factoring of very large primes. Theoretically almost any security solution available is hackable over time, but realistically you might need months, years, or even decades to crack some of the top 128-bit and 256-bit encryption algorithms available today.

That’s not possible with quantum cryptography.

“If you want to crack quantum communication, you have to do it in real time,” says LaForest. “When you try to observe it, you perturb it … and you can’t copy it because copying is the same thing, give or take, as looking and copying.”

LaForest is referencing the physicist Schrodinger’s cat example. As Schrodinger famously said, you cannot definitely know much about a quantum state, because the act of observing the state changes it. He illustrated that point with a cat in a box which has a 50/50 chance of dying based on the decay of one radioactive particle: a quantum phenomenon. You cannot check whether the cat is alive or dead, because checking changes reality, and so the cat exists in an indeterminate state, neither alive nor dead.

Above: Alice is the starting point for quantum communication

Image Credit: John Koetsier

And yet, it is still possible to hack quantum cryptography, as Vadim demonstrates every month or so.

Alice and Bob communicate via connected photons — particles of light that have been “entangled” in a process even Einstein called spooky — and that communication can’t be intercepted without the intended recipient knowing about it.

But once the message has been received, it’s another matter.

“Vadim is trying to find the implementation flaws,” LaForest told me. “This is one of the challenges right now — the protocol is secure … but its physical implementation might not be. You can have faulty detectors, or you can play tricks with the electronics.”

Which makes the work of Eve — or Vadim — very challenging indeed.

But that work, LaForest says, does not go unrewarded by commercial users of quantum encryption systems:

“It’s important to note: The commercially available boxes are secure. Most of the time, Vadim finds the problems in what they call the research system, and in the commercial system, those bugs are already fixed.”