Hacking Quantum Cryptography Just Got Harder
With quantum encryption, in which a message gets encoded in bits represented by particles in different states, a secret message can remain secure even if the system is compromised by a malicious hacker.
Credit: margita | Shutterstock

VANCOUVER, British Columbia — No matter how complex they are, most  secret codes turn out to be breakable. Producing the ultimate secure code may require encoding a secret message inside the quantum relationship between atoms, scientists say.

Now cryptographers have taken "quantum encryption" a step further by showing how a secret message can remain secure even if the system is compromised by a malicious hacker.

Artur Ekert, director of the Center for Quantum Technologies at the National University of Singapore, presented the new findings here at the annual meeting of the American Association for the Advancement of Science.

Ekert, speaking Saturday (Feb. 18), described how  decoders can adjust for a compromised encryption device, as long as they know the degree of compromise.

First cryptography

The subject of subatomic particles is a large step away from the use of papyrus, the ancient writing material employed in the first known cryptographic device. That device, called a scytale, was used in 400 B.C. by Spartan military commanders to send coded messages to one another. The commanders would wrap strips of papyrus around a wooden baton and write the message across the strips so that it could be read only when the strips were wrapped around a baton of matching size. [The Coolest Quantum Particles Explained]

Later, the technique of substitution was developed, in which the entire alphabet would be shifted, say, three characters to the right, so than an "a" would be replaced by "d," and "b" replaced by "e," and so on. Only someone who knew the substitution rule could read the message. Julius Caesar employed such a cipher scheme in the first century B.C.

Over time, ciphers became more and more complicated, so that they were harder and harder to crack. Harder, but not impossible.

"When you look at the history of cryptography, you come up with a system, and sooner or later someone else comes up with a way of breaking the system," Ekert said. "You may ask yourself: Is it going to be like this forever? Is there such a thing as the perfect cipher?"

The perfect cipher

The closest thing to a perfect cipher involves what's called a one-time pad.

"You just write your message as a sequence of bits and you then add those bits to a key and obtain a cryptogram," Ekert said."If you take the cryptogram and add it to the key, you get plain text. In fact, one can prove that if the keys are random and as long as the messages, then the system offers perfect security."

In theory, it's a great solution, but in practice, it has been hard to achieve. [10 Best Encryption Software Products]

"If the keys are as long as the message, then you need a secure way to distribute the key," Ekert said.

The nature of physics known as quantum mechanics seems to offer the best hope of knowing whether a key is secure.

Quantum cryptography

Quantum mechanics says that certain properties of subatomic particles can't be measured without disturbing the particles and changing the outcome. In essence, a particle exists in a state of indecision until a measurement is made, forcing it to choose one state or another. Thus, if someone made a measurement of the particle, it would irrevocably change the particle.

If an encryption key were encoded in bits represented by particles in different states, it would be immediately obvious when a key was not secure because the measurement made to hack the key would have changed the key.

This, of course, still depends on the ability of the two parties sending and receiving the message to be able to independently choose what to measure, using a truly random number generator — in other words, exercising free will — and using devices they trust.

But what if a hacker were controlling one of the parties, or tampering with the encryption device?

Ekert and his colleagues showed that even in this case, if the messaging parties still have some free will, their code could remain secure as long as they know to what degree they are compromised.

In other words, a random number generator that is not truly random can still be used to send an undecipherable secret message, as long as the sender knows how random it is and adjusts for that fact.

"Even if they are manipulated, as long as they are not stupid and have a little bit of free will, they can still do it," Ekert said.

You can follow LiveScience senior writer Clara Moskowitz on Twitter @ClaraMoskowitz. For more science news, follow LiveScience on twitter @livescience.