Quantum Cryptography
Ranveer Raaj Joyseeree & Andreas Fognini
Alice
BobEve
Classical Algorithms
1. Asymmetrical (public-key) cryptosystems:
- First implementationnn RSA (Ronald Rivest, Adi Shamir, and Leonard Adleman) 1978- Very convenient, Internet- Idea is based on computational complexity f(x) = y, x = ?.- rely on unproven assumptions
Private Public
MessageMessage Encrypted message
Classical AlgorithmsClassical Algorithms
2. Symmetrical (secret-key) cryptosystems:
- only provably secure cryptosystem known today- not handy, key as long as message- key only valid for one transmission- how to send the key in a secure manner?
M: 1 0 1 0 1 0 1 0
K: 1 0 0 0 1 1 1 0
S: 0 0 1 0 0 1 0 0
Distribute key over secure channel
MM S
S: 0 0 1 0 0 1 0 0
K: 1 0 0 0 1 1 1 0
M: 1 0 1 0 1 0 1 0
XOR XOR
Quantum Cryptography: The BB84 Portocol
Ingredients: 1) One photon no copying, 2) Two non orthonormal bases sets 3) Insecure classical channel; Internet
What it does: Secure distribution of a key, can't be used to send messagesHow it works:
50% correlated
Physikalische Blätter 55, 25 (1999)
Copy machine: e.g.
Eve's copy machine
50% decreasein correlation!
Alice and Bob recognizeattack from error rate!
Conclusion
Quantum cryptography means just the exchange of keys
Actual transmission of data is done with classical algorithms
Alice & Bob can find out when Eve tries to eavesdrop.
Hacking Quantum Key Distribution systems
QKD systems promise enhanced security.
In fact, quantum cryptography is proveably secure.
Surely one cannot eavesdrop on such systems, right?
Hacking QKD systems
Security is easy to prove while assuming perfect apparatus and a noise-free channel.
Those assumptions are not valid for practical systems e.g. Clavis2 from ID Quantique and QPN 5505 from MagiQ Technologies.
Vulnerabilities thus appear.
Hacking by tailored illumination
Lydersen et al. (2010) proposed a method to eavesdrop on a QKD system undetected.
The hack exploits a vulnerability associated with the avalanche photo diodes (APD‘s) used to detect photons.
Avalanche photo diodes
Can detect single photons when properly set.
However, they are sensitive to more than just quantum states.
Modes of operation of APD’s
Geiger and linear modes
Geiger mode
VAPD is usually fixed and called bias voltage and in Geiger mode, Vbias > Vbr.
An incident photon creates an electron-hole pair, leading to an avalanche of carriers and a surge of current IAPD beyond Ith. That is detected as a click.
Vbias is then made smaller than Vbr to stop flow of carriers. Subsequently it is restored to its original value in preparation for the next photon.
Linear mode
Vbias < Vbr.
Detected current is proportional to incident optical power Popt.
Clicks again occur when IAPD > Ith.
Operation in practical QKD systems
Vbias is varied as shown such that APD is in Geiger mode only when a photon is expected
That is to minimize false detections due to thermal fluctuations.
However, it is still sensitive to bright light in linear mode.
The hack in detail
Eve uses an intercept-resend attack.
She uses a copy of Bob to detect states in a random basis.
Sends her results to Bob as bright light pulses, with peak power > Pth, instead of individual photons.
She also blinds Bob‘s APD‘s to make them operate as classical photodiodes only at all times to improve QBER.
The hack in detail
C is a 50:50 coupler used in phase-encoded QKD systems.
When Eve‘s and Bob‘s bases match, trigger pulse from Eve constructively interferes and hits detector corresponding to what Eve detected.
Otherwise, no constructive interference and both detectors hit with equal energy.
Click only observed if detected current > Ith.
The hack in detail
Clicks also only observed when Eve and Bob have matching bases.
This means Eve and Bob now have identical bit values and basis choices, independently of photons emitted by Alice.
However, half the bits are lost in the process of eavesdropping.
Performance issues?
Usually, transmittance from Alice to Bob < 50%.
APDs have a quantum efficiency < 50%.
However, trigger pulses cause clicks in all cases.
Loss of bits is thus compensated for and Eve stays undetected
Other methods
Method presented is not the only known exploit.
Zhao et al. (2008) attempted a time-shift attack.
Xu et al. (2010) attempted a phase remapping attack.
Conclusion
QKD systems are unconditionally secure, based on the fundamental laws of physics.
However, physical realisations of those systems violate some of the assumptions of the security proof.
Eavesdroppers may thus intercept sent messages without being detected.
Rev Mod Phys 74, 145 (2002)
Physikalische Blätter 55, 25 (1999)
Nature Photonics 4, 686 (2010)
Experimental demonstration of phase-remapping attack in a practical quantum key distribution system. Xu et al. (2010)
Hacking commercial quantum cryptography systems by tailored bright illumination. Lydersen et al. (2010)
Quantum hacking: Experimental demonstration of time-shift attack against practical quantum-key-distribution systems. Zhao et al. (2008).
Used Material