The thing about quantum encryption is that it still involves actual physical signals. And being actual physical things, signals originate in hardware. Quantum encryption keys aren't just conjured out of the air, nor do they materialize from mystical black boxes.
This opens a vulnerability that's necessarily exterior to the quantum encryption itself. Neither the key nor the lock can defend against a compromised locksmith.
This attack would come in the form of a Trojan horse, a method of slipping around quantum encryption protocols that's been known and fretted about for some time. Physicists from Toshiba's Cambridge Research Laboratory offer some good news this week, however, via a study published in the Physical Review Letters describing a passive three-stage anti-Trojan security protocol.
First, let's recall the canonical quantum encryption scheme. Message-sender Alice prepares an encryption key and encodes it using quantum particles—photons, usually. Being a quantum system, any measurement performed on the particles results in a disturbance to the system. This is fundamental: Measuring a quantum anything forces it to cease being a probabilistic wave-like blur and to become instead a fully defined particle-point. The result is that the message recipient, Bob, will always know if some measurement has been done between him and Alice.
Someone looking to peek in on an encryption key (Eve) has another option beyond just intercepting it somewhere in the middle, at least in cases where the key is encoded using the property of phase shift. Alice, the message sender, sends along two photons, one of which has been shifted ever so slightly so that it's a bit out of phase with the other. Bob is looking for this out of phase-ness on the far end and basically reverses the process Alice used to prepare the particle pair. Being able to differentiate among phase shifts is the essence of the encryption scheme.
Eve's trick is to take a really bright light and shine it directly at Alice's phase-shifting apparatus—which depends on bouncing photons around using mirrors&mdasdh;the reflection from which should hold information as to the phase shift being used.
"The light pulse reaches the encoding device and is encoded with the same information as the photon normally prepared by Alice and then sent to Bob," the current paper explains. "The information is meant to be private. However, some of the Trojan photons are reflected back, and they deliver the information to Eve, thus compromising the security of the system."
The security scheme cooked up by the Toshiba group is really a trio of different devices. The first is an attenuator, which sharply limits the amount of outgoing light to the point that messages are being transmitted using just single photons. The second is an isolator, which limits the communication channel to pass light in only one direction, while the third blocks all light in any direction that's not within the same designated wavelengths as the quantum channel.
The crucial thing about the group's method is that it's passive. Other mechanisms for foiling Trojan horse attacks exist, but they require active components. For example, Alice might use a phase randomizer together with a "watchdog detector" to limit Eve's interception abilities. The catch is that not only do active defenses require continuous power input, they add complexity to the encryption system, which has the side effect of offering new potential hacking opportunities.
"The resulting protection measure against the THA is entirely passive," the paper concludes, "thus preventing the loop holes inherent to active, more sophisticated countermeasures. We believe it will become a standard tool in all quantum-secured optical systems that need to guarantee the protection of a private space."