(Portswigger) Implementation flaws in quantum key distribution systems can undermine claims of ‘unhackable’ cryptographic security, one expert warns. This follows the announcements from academics at the University of Bristol who recently claimed to have made a breakthrough in making quantum key distribution (QKD) systems commercially viable at scale. Using a technique known as ‘multiplexing’, the UofBristol eam has developed a prototype system that relies on fewer receiver boxes, potentially slashing the cost of building quantum key distribution systems currently used by only governments and large multinational banks.
However, Taylor Hornby, senior security engineer at Electric Coin Company, cautions that comparable systems have been broken in the past because of implementation problems. “If they’re claiming higher security than standard cryptography, they need evidence they’re less likely to have implementation flaws,” Hornby has written.
Hornby’s comments include:
It’s technically correct that when “implemented correctly”, quantum key distribution leverages the laws of physics to ensure that “data being transmitted cannot be intercepted and hacked”.
However, that “implemented correctly” is a pretty big assumption. Similar systems in the past have been broken through implementation flaws, so if the researchers are claiming higher security than standard cryptography, they need evidence they’re less likely to have implementation flaws.
Everyone’s almost certainly better off using normal crypto that’s post-quantum secure and paying (a fraction of) the £300,000 cost to people to audit it.
Horby warns, “Quantum systems. . . can have physical vulnerabilities that come from the fact that real single-photon detectors and other components don’t behave exactly as their theoretical models predict.”
He continues, “QKD systems can have their own kinds of physical flaws, and the risk they introduce needs to be balanced against the benefits of moving away from reliance on computational hardness assumptions. The burden is on QKD proponents to argue that their physical devices are less likely to contain vulnerabilities than software implementations of conventional cryptography systems.”