[Show abstract][Hide abstract] ABSTRACT: We propose a class of attacks on quantum key distribution (QKD) systems where an eavesdropper actively engineers new loopholes by using damaging laser illumination to permanently change properties of system components. This can turn a perfect QKD system into a completely insecure system. A proof-of-principle experiment performed on an avalanche photodiode-based detector shows that laser damage can be used to create loopholes. After ∼1 W illumination, the detectors' dark count rate reduces 2-5 times, permanently improving single-photon counting performance. After ∼1.5 W, the detectors switch permanently into the linear photodetection mode and become completely insecure for QKD applications.
[Show abstract][Hide abstract] ABSTRACT: We consider error correction in quantum key distribution. To avoid that Alice
and Bob unwittingly end up with different keys precautions must be taken.
Before running the error correction protocol, Bob and Alice normally sacrifice
some bits to estimate the error rate. To reduce the probability that they end
up with different keys to an acceptable level, we show that a large number of
bits must be sacrificed. Instead, if Alice and Bob can make a good guess about
the error rate before the error correction, they can verify that their keys are
similar after the error correction protocol. This verification can be done by
utilizing properties of Low Density Parity Check codes used in the error
correction. We compare the methods and show that by verification it is often
possible to sacrifice less bits without compromising security. The improvement
is heavily dependent on the error rate and the block length, but for a key
produced by the IdQuantique system Clavis^2, the increase in the key rate is
approximately 5 percent. We also show that for systems with large fluctuations
in the error rate a combination of the two methods is optimal.
IET Information Security 10/2012; 8(5). DOI:10.1049/iet-ifs.2012.0333 · 0.75 Impact Factor
[Show abstract][Hide abstract] ABSTRACT: We control using bright light an actively-quenched avalanche single-photon detector. Actively-quenched detectors are commonly used for quantum key distribution (QKD) in the visible and near-infrared range. This study shows that these detectors are controllable by the same attack used to hack passively-quenched and gated detectors. This demonstrates the generality of our attack and its possible applicability to eavsdropping the full secret key of all QKD systems using avalanche photodiodes (APDs). Moreover, the commercial detector model we tested (PerkinElmer SPCM-AQR) exhibits two new blinding mechanisms in addition to the previously observed thermal blinding of the APD, namely: malfunctioning of the bias voltage control circuit, and overload of the DC/DC converter biasing the APD. These two new technical loopholes found just in one detector model suggest that this problem must be solved in general, by incorporating generally imperfect detectors into the security proof for QKD.
[Show abstract][Hide abstract] ABSTRACT: Characterizing the physical channel and calibrating the cryptosystem hardware are prerequisites for establishing a quantum channel for quantum key distribution (QKD). Moreover, an inappropriately implemented calibration routine can open a fatal security loophole. We propose and experimentally demonstrate a method to induce a large temporal detector efficiency mismatch in a commercial QKD system by deceiving a channel length calibration routine. We then devise an optimal and realistic strategy using faked states to break the security of the cryptosystem. A fix for this loophole is also suggested.
[Show abstract][Hide abstract] ABSTRACT: This is a chapter on quantum cryptography for the book "A Multidisciplinary
Introduction to Information Security" to be published by CRC Press in
2011/2012. The chapter aims to introduce the topic to undergraduate-level and
continuing-education students specializing in information and communication
[Show abstract][Hide abstract] ABSTRACT: We experimentally demonstrate that a superconducting nanowire single-photon
detector is deterministically controllable by bright illumination. We found
that bright light can temporarily make a large fraction of the nanowire length
normally-conductive, can extend deadtime after a normal photon detection, and
can cause a hotspot formation during the deadtime with a highly nonlinear
sensitivity. In result, although based on different physics, the
superconducting detector turns out to be controllable by virtually the same
techniques as avalanche photodiode detectors. As demonstrated earlier, when
such detectors are used in a quantum key distribution system, this allows an
eavesdropper to launch a detector control attack to capture the full secret key
without being revealed by to many errors in the key.
New Journal of Physics 06/2011; 13(11). DOI:10.1088/1367-2630/13/11/113042 · 3.56 Impact Factor
[Show abstract][Hide abstract] ABSTRACT: We introduce the concept of a superlinear threshold detector, a detector that
has a higher probability to detect multiple photons if it receives them
simultaneously rather than at separate times. Highly superlinear threshold
detectors in quantum key distribution systems allow eavesdropping the full
secret key without being revealed. Here, we generalize the detector control
attack, and analyze how it performs against quantum key distribution systems
with moderately superlinear detectors. We quantify the superlinearity in
superconducting single-photon detectors based on earlier published data, and
gated avalanche photodiode detectors based on our own measurements. The
analysis shows that quantum key distribution systems using detector(s) of
either type can be vulnerable to eavesdropping. The avalanche photodiode
detector becomes superlinear towards the end of the gate, allowing
eavesdropping using trigger pulses containing less than 120 photons per pulse.
Such an attack would be virtually impossible to catch with an optical power
meter at the receiver entrance.
Physical Review A 06/2011; 84(3). DOI:10.1103/PhysRevA.84.032320 · 2.81 Impact Factor
[Show abstract][Hide abstract] ABSTRACT: We propose and experimentally demonstrate a method to induce a large temporal detector efficiency mismatch in a commercial quantum key distribution system, paving the path for a successful faked-state attack.
[Show abstract][Hide abstract] ABSTRACT: Detector control attacks on quantum key distribution systems exploit the linear mode of avalanche photodiode in single photon detectors. So far, the protocols under consideration have been the BB84 protocol and its derivatives. Here we present how bright tailored illumination exploiting the linear mode of detectors can be used to eavesdrop on distributed-phase-reference protocols, such as differential-phase-shift and coherent-one-way.
Journal of Modern Optics 05/2011; 58(8-8):680-685. DOI:10.1080/09500340.2011.565889 · 1.01 Impact Factor
[Show abstract][Hide abstract] ABSTRACT: Several attacks have been proposed on quantum key distribution systems with
gated single-photon detectors. The attacks involve triggering the detectors
outside the center of the detector gate, and/or using bright illumination to
exploit classical photodiode mode of the detectors. Hence a secure detection
scheme requires two features: The detection events must take place in the
middle of the gate, and the detector must be single-photon sensitive. Here we
present a technique called bit-mapped gating, which is an elegant way to force
the detections in the middle of the detector gate by coupling detection time
and quantum bit error rate. We also discuss how to guarantee single-photon
sensitivity by directly measuring detector parameters. Bit-mapped gating also
provides a simple way to measure the detector blinding parameter in security
proofs for quantum key distribution systems with detector efficiency mismatch,
which up until now has remained a theoretical, unmeasurable quantity. Thus if
single-photon sensitivity can be guaranteed within the gates, a detection
scheme with bit-mapped gating satisfies the assumptions of the current security
Physical Review A 01/2011; 83(3). DOI:10.1103/PhysRevA.83.032306 · 2.81 Impact Factor
[Show abstract][Hide abstract] ABSTRACT: It has previously been shown that the gated detectors of two commercially available quantum key distribution (QKD) systems are blindable and controllable by an eavesdropper using continuous-wave illumination and short bright trigger pulses, manipulating voltages in the circuit [Nat. Photonics 4, 686 (2010)]. This allows for an attack eavesdropping the full raw and secret key without increasing the quantum bit error rate (QBER). Here we show how thermal effects in detectors under bright illumination can lead to the same outcome. We demonstrate that the detectors in a commercial QKD system Clavis2 can be blinded by heating the avalanche photo diodes (APDs) using bright illumination, so-called thermal blinding. Further, the detectors can be triggered using short bright pulses once they are blind. For systems with pauses between packet transmission such as the plug-and-play systems, thermal inertia enables Eve to apply the bright blinding illumination before eavesdropping, making her more difficult to catch.
[Show abstract][Hide abstract] ABSTRACT: We present a method to control the detection events in quantum key
distribution systems that use gated single-photon detectors. We employ bright
pulses as faked states, timed to arrive at the avalanche photodiodes outside
the activation time. The attack can remain unnoticed, since the faked states do
not increase the error rate per se. This allows for an intercept-resend attack,
where an eavesdropper transfers her detection events to the legitimate receiver
without causing any errors. As a side effect, afterpulses, originating from
accumulated charge carriers in the detectors, increase the error rate. We have
experimentally tested detectors of the system id3110 (Clavis2) from ID
Quantique. We identify the parameter regime in which the attack is feasible
despite the side effect. Furthermore, we outline how simple modifications in
the implementation can make the device immune to this attack.
New Journal of Physics 09/2010; 13(1). DOI:10.1088/1367-2630/13/1/013043 · 3.56 Impact Factor
[Show abstract][Hide abstract] ABSTRACT: The peculiar properties of quantum mechanics allow two remote parties to
communicate a private, secret key, which is protected from eavesdropping by the
laws of physics. So-called quantum key distribution (QKD) implementations
always rely on detectors to measure the relevant quantum property of single
photons. Here we demonstrate experimentally that the detectors in two
commercially available QKD systems can be fully remote-controlled using
specially tailored bright illumination. This makes it possible to tracelessly
acquire the full secret key; we propose an eavesdropping apparatus built of
off-the-shelf components. The loophole is likely to be present in most QKD
systems using avalanche photodiodes to detect single photons. We believe that
our findings are crucial for strengthening the security of practical QKD, by
identifying and patching technological deficiencies.
[Show abstract][Hide abstract] ABSTRACT: We consider the security of the Bennett-Brassard 1984 (BB84) protocol for Quantum Key Distribution (QKD), in the presence of bit and basis dependent detector flaws. We suggest a powerful attack that can be used in systems with detector efficiency mismatch, even if the detector assignments are chosen randomly by Bob. A security proof is provided, valid for any basis dependent, possibly lossy, linear optical imperfections in the channel/receiver/detectors. The proof does not assume the so-called squashing detector model.
Quantum information & computation 01/2010; 10:60-76. · 1.39 Impact Factor
[Show abstract][Hide abstract] ABSTRACT: We consider the security of the Bennett-Brassard 1984 (BB84) protocol for Quantum Key Distribution (QKD), with arbitrary individual imperfections simultaneously in the source and detectors. We provide the secure key generation rate, and show that only two parameters must be bounded to ensure security; the basis dependence of the source and a detector blinding parameter. The system may otherwise be completely uncharacterized and contain large losses.
Physical Review A 03/2009; 82(3). DOI:10.1103/PhysRevA.82.032337 · 2.81 Impact Factor