量子通讯有多安全？

Quantum communication systems offer the promise of virtually unbreakable encryption（加密）. Unlike classical encryption, which is used to send secure data over networks today and whose security depends on the difficulty of solving mathematical problems like the factoring of large numbers, most quantum encryption schemes keep the encryption key separate from the data. This approach ensures that an eavesdropper¹（偷听者） with access only to the data could not decipher the key. However, researchers have recently demonstrated that even quantum encryption may be susceptible ² to hacking ³. In a presentation next month at the Conference on Lasers and Electro-Optics (CLEO: 2013) in San Jose, Calif., Renato Renner of the Institute for Theoretical Physics in Zurich will discuss how he and his team of theoretical physicists ⁴ are working on new ways to calculate the failure probability of certain quantum encryption schemes. The numbers would allow users to estimate how likely it would be that an adversary ⁵ could read their secret messages -- information that is critical for ensuring the overall security of quantum communications., ,Quantum key distribution (QKD) is a kind of quantum encryption in which a secret password is shared between two distant parties (usually named Alice and Bob in thought experiments). The secret password, or key, is distributed as bits of quantum data, so that if an eavesdropper (usually named Eve) tries to intercept ⁶ the message, the bits will be disturbed and Alice and Bob will know the transmission has been compromised. If the key is not disturbed, it can be used to encode messages that are sent over an insecure channel., ,"The security of Quantum Key Distribution systems is never absolute," says Renner. He notes that the security of QKD systems depends on three assumptions: the initial secrecy ⁷ of the password, the correctness and completeness of quantum theory, and the reliability ⁸ of the devices in the quantum communication system., ,Recent work by other research groups has illustrated ⁹ how real-world devices that are not 100 percent reliable can leave weaknesses in quantum communication schemes that may be exploited by a clever hacker ¹⁰. For example, the photon detectors ¹¹ used in QKD should click with a certain probability whenever a photon is detected, but in practice the devices can be "blinded" by a strong light pulse and not click. "In fact, an adversary（对手） may use strong light pulses to 'remotely control' the detector," says Renner., ,Since such bright light hacking techniques were first demonstrated in 2010, physicists have been keen to find ways to calculate the security of quantum encryption schemes without making assumptions about the reliability of the devices. The quest has generated a lot of interest in a field called device-independent cryptography（密码学）., ,"In device-independent cryptography, the proof of security is based solely ¹² on directly observable correlations ¹³ between sender and receiver, and it does not matter how these correlations have been established," says Renner. "Even if the detectors were blinded, for instance, as long as they produce the right correlations, a secret key can be extracted from them." This differs from the traditional approach to calculating quantum encryption security, which is only valid ¹⁴ in the nearly impossible case of the devices working exactly according to theoretical specifications ¹⁵.