While in principle unbreakable, quantum cryptography is known to have weaknesses in practice. One shortcoming has now been graphically illustrated by physicists in Singapore and Norway, who have been able to copy a secret quantum key without revealing their presence to either sender or receiver. The researchers are now working to remove the loophole they have exposed.

Quantum cryptography involves encoding messages using a key that is rendered secret by a quantum-mechanical principle – that the act of measuring affects the system being measured. In one popular scheme, the sender "Alice" sends a key in the form of a series of polarized single photons to the receiver "Bob". Alice polarizes each photon at random using either a horizontal–vertical polarizer or a polarizer with two diagonal axes. Bob detects each photon by also randomly selecting one of the two different polarizers.

If Bob happens to pick the same polarizer as Alice, then he will definitely measure the correct polarization of a given photon. Otherwise, as the uncertainty principle dictates, there is a 50% chance he will get it wrong. Once he has made all the measurements, Bob asks Alice over an open channel which polarizers she used for each photon and he only keeps the results for those measurements where he happened to pick the correct polarizer, and this series of results becomes the secret key.

Catching Eve

An eavesdropper, "Eve", who seeks to measure the polarization of the photons sent by Alice would reveal her presence because, given a long enough string of photons, the probability of her correctly guessing Alice's sequence of polarizers becomes practically zero. When she makes incorrect measurements, she randomizes the polarization. This means that in some of the cases where Bob should make a correct measurement, he makes a wrong one. So, again speaking openly with Alice and comparing a small subset of the key, Bob realizes there is an intruder if that subset contains errors.

Now Christian Kurtsiefer and colleagues at the National University of Singapore and researchers at the University of Trondheim have found a way to hide Eve's eavesdropping by exploiting a weakness in the single-photon detectors used in many commercially available quantum-cryptographic receivers. This involves Eve using a bright light to "blind" the four avalanche photodiodes that Bob uses to detect photons in each of the four different polarization states.

The blinded photodiodes are no longer sensitive to single photons, but instead behave like classical detectors that generate a current proportional to the intensity of the incoming light and respond to pulses of light above a certain intensity threshold. "The detectors are like human eyes, which at night can almost distinguish single photons but during the day are unable to do so because they are flooded with light," says Vadim Makarov of the Trondheim team.

Alice and Bob are oblivious

Eve intercepts each of the photons sent by Alice and measures them using randomly chosen polarizers. With each measurement Eve sends a bright pulse of light, above the intensity threshold and with the same polarization as the photon measured, to Bob's detectors. This removes Bob's ability to randomly assign polarizers for each measurement. Instead he is constrained to the same sequence of polarizations as obtained by Eve. This means that when Bob and Alice publicly compare the subset of the key, they find no errors. In other words, Eve has found out the key and has remained hidden while doing so.

Kurtsiefer and colleagues attacked an existing 290 m-long fibre link on the campus of the National University of Singapore. Using equipment that fits inside a suitcase, they intercepted single photons travelling along the fibre and then re-emitted the corresponding bright light pulses. During a 5 min interval they intercepted more than eight million photons and then forwarded the corresponding bright pulses, with every single pulse being registered by Bob in the correct detector.

Now we have shown that that vulnerability can be practically exploitedVadim Makarov, University of Trondheim

This is not the first experiment to reveal that a quantum key can be surreptitiously copied. In the past three years Hoi-Kwong Lo of the University of Toronto and colleagues have demonstrated a number of loopholes in a commercial quantum-cryptographic system, while last year Makarov's research group showed that commercial systems can be disabled using bright light. But, says Makarov, this latest work represents the first time that anyone has built a complete quantum eavesdropper and actually stolen a key. "Previously, we showed that quantum-cryptography systems were vulnerable," he explains, "and now we have shown that this vulnerability can be practically exploited."

However, Makarov, believes this vulnerability could be corrected. One possible solution, he says, is to place a small single-photon source just in front of Bob's detectors and switching it on at random intervals to ensure that the detectors can still register individual photons. If the detectors repeatedly fail, then the operators would be alerted to Eve.

"The whole purpose of our research is to try and make quantum cryptography more secure," says Makarov. "All security technologies go through this proving phase."

Nicolas Gisin, a physicist at the University of Geneva in Switzerland and co-founder of quantum-cryptographic manufacturer ID Quantique, welcomes the latest research, pointing out that his company has now developed counter-measures to deal with such attacks. "The only way to guarantee good implementation of quantum cryptography is by independent tests," he says. "In this sense, quantum hackers do a very useful job."

The research is published in the online journal Nature Communications 10.1038/ncomms1348.