HANCOCK, N.H. Is absolute data security achievable? That's a question much on the minds of national security officials as quantum cryptology moves out of the labs and into commercial systems that leverage advanced optical-networking technology.
Three companies Quantique SA (Geneva), MagiQ Technologies Inc. (Somerville, Mass.) and Tokyo-based NEC Ltd. have brought out encryption systems for optical networks that rely on fundamental physical laws to block eavesdropping. Meanwhile, a group based at Austria's University of Vienna is quickly moving toward a commercial quantum-encryption system based on a novel photon entanglement approach.
Even as these products find their way into the arsenal of IT professionals, however, some quantum-information experts are questioning whether the Heisenberg uncertainty principle the bedrock of quantum-encryption schemes is the absolute barrier to data theft claimed by proponents of the approach.
Indeed, quantum encryption appears to be following a familiar pattern experienced by past encryption technologies: A new approach that is viewed as "uncrackable" works its way into practice, only to be defeated by a clever attack unsuspected by its creators.
The accepted wisdom driving the recent surge in quantum-encryption schemes posits that physical laws cannot be violated, and thus the quantum properties of photons offer an absolute level of security to optical networks. But Richard Kuhn, a computer security expert at the National Institute of Standards and Technology (Gaithersburg, Md.), has published a method for defeating several quantum-encryption schemes, although Kuhn's method will not work with the BB84 protocol used in commercial systems.
Using a classic gambit called a man-in-the-middle attack, Kuhn shows that an eavesdropper could intercept the photons representing an encrypted sequence of qubits-binary data encoded in the quantum state of single photons-and resend the information without detection.
Such data interception was thought to be impossible since any attempt to observe information encoded in quantum states would randomly perturb the data, leading inevitably to detection of the observation. But Kuhn has come up with variations through which an attacker could use quantum entanglement of photons to extract information without being detected.
In order for this attack to work, the encryption scheme would have to use quantum entanglement as part of secret-key generation. Several proposed encryption schemes are based on entanglement, which is attractive because it produces robust single-photon transmission capabilities.