Vadim Makarov

Full-field implementation of a perfect eavesdropper on a quantum cryptography system

Quantum key distribution (QKD) allows two remote parties to grow a shared secret key. Its security is founded on the principles of quantum mechanics, but in reality it significantly relies on the physical implementation. Technological imperfections of QKD systems have been previously explored, but no attack on an established QKD connection has been realized so far. Here we show the first full-field implementation of a complete attack on a running QKD connection. An installed eavesdropper obtains the entire secret key, while none of the parameters monitored by the legitimate parties indicate a security breach. This confirms that non-idealities in physical implementations of QKD can be fully practically exploitable, and must be given increased scrutiny if quantum cryptography is to become highly secure.

Effects of detector efficiency mismatch on security of quantum cryptosystems

We suggest a type of attack on quantum cryptosystems that exploits variations in detector efficiency as a function of a control parameter accessible to an eavesdropper. With gated single-photon detectors, this control parameter can be the timing of the incoming pulse. When the eavesdropper sends short pulses using the appropriate timing so that the two gated detectors in Bobs setup have different efficiencies, the security of quantum key distribution can be compromised. Specifically, we show for the Bennett-Brassard 1984 (BB84) protocol that if the efficiency mismatch between 0 and 1 detectors for some value of the control parameter gets large enough (roughly 15:1 or larger), Eve can construct a successful faked-states attack causing a quantum bit error rate lower than 11%. We also derive a general security bound as a function of the detector sensitivity mismatch for the BB84 protocol. Experimental data for two different detectors are presented, and protection measures against this attack are discussed.

Controlling passively quenched single photon detectors by bright light

Single photon detectors (SPDs) based on passively quenched avalanche photodiodes can be temporarily blinded by relatively bright light, of intensity less than 1nW. A bright-light regime suitable for attacking a quantum key distribution system containing such detectors is described in this paper. In this regime, all SPDs in the receiver Bob are uniformly blinded by continuous illumination coming from the eavesdropper Eve. When Eve needs a certain detector in Bob to produce a click, she modifies the polarization (or other parameters used to encode quantum states) of the light she sends to Bob such that the target detector stops receiving light, while the other detector(s) continue to be illuminated. The target detector regains single photon sensitivity and, when Eve modifies the polarization again, produces a single click. Thus, Eve has full control of Bob and can perform a successful intercept-resend attack. To check the feasibility of the attack, three different models of passively quenched detectors have been tested. In the experiment, I have simulated the intensity diagrams the detectors would receive in a real QKD system under attack. Control parameters and side effects are considered. It appears that the attack could be practically possible.

Device calibration impacts security of quantum key distribution.

Characterizing the physical channel and calibrating the cryptosystem hardware are prerequisites for establishing a quantum channel for quantum key distribution (QKD). Moreover, an inappropriately implemented calibration routine can open a fatal security loophole. We propose and experimentally demonstrate a method to induce a large temporal detector efficiency mismatch in a commercial QKD system by deceiving a channel length calibration routine. We then devise an optimal and realistic strategy using faked states to break the security of the cryptosystem. A fix for this loophole is also suggested.

Faked states attack on quantum cryptosystems

A new type of attack on quantum cryptography systems is proposed. In this attack, Eve utilizes various optical imperfections in Bobs scheme and constructs light pulses so that Bob does not distinguish his detection results from normal, whereas they give Bob the basis and bit value chosen at Eves discretion. Applying this attack to systems with passive basis choice on Bobs side is considered. Also, a general workflow of breaking into a running quantum cryptolink using this or Trojan horse attack is discussed.

After-gate attack on a quantum cryptosystem

We present a method to control the detection events in quantum key distribution systems that use gated single-photon detectors. We employ bright pulses as faked states, timed to arrive at the avalanche photodiodes outside the activation time. The attack can remain unnoticed, since the faked states do not increase the error rate per se. This allows for an intercept-resend attack, where an eavesdropper transfers her detection events to the legitimate receiver without causing any errors. As a side effect, afterpulses, originating from accumulated charge carriers in the detectors, increase the error rate. We have experimentally tested detectors of the system id3110 (Clavis2) from ID Quantique. We identify the parameter regime in which the attack is feasible despite the side effect. Furthermore, we outline how simple modifications in the implementation can make the device immune to this attack.

Thermal blinding of gated detectors in quantum cryptography.

It has previously been shown that the gated detectors of two commercially available quantum key distribution (QKD) systems are blindable and controllable by an eavesdropper using continuous-wave illumination and short bright trigger pulses, manipulating voltages in the circuit [Nat. Photonics 4, 686 (2010)]. This allows for an attack eavesdropping the full raw and secret key without increasing the quantum bit error rate (QBER). Here we show how thermal effects in detectors under bright illumination can lead to the same outcome. We demonstrate that the detectors in a commercial QKD system Clavis2 can be blinded by heating the avalanche photo diodes (APDs) using bright illumination, so-called thermal blinding. Further, the detectors can be triggered using short bright pulses once they are blind. For systems with pauses between packet transmission such as the plug-and-play systems, thermal inertia enables Eve to apply the bright blinding illumination before eavesdropping, making her more difficult to catch.

Large pulse attack as a method of conventional optical eavesdropping in quantum cryptography

Abstract In this paper so-called ‘large pulse attack’ is investigated. This attack is one of the possible methods of conventional optical eavesdropping, a new strategy of eavesdropping on quantum cryptosystems, which eliminates the need of immediate interaction with transmitted quantum states. It allows the eavesdropper to avoid inducing transmission errors that disclose her presence to the legal users. As an object of the eavesdropping, phase-state fibre optic schemes are considered. With large pulse attack, settings of transmitting and/ or receiving apparatus are interrogated by external high-power light pulses. Applicability conditions of this method are given. Type and amount of information learned by the eavesdropper is estimated, depending on parameters of the interrogating pulse and apparatus. An experimental set-up for an eavesdropping experiment is proposed and results of successful preliminary measurements are presented. It is concluded that additional protection is necessary for currently implemented quantum key distribution systems. The paper suggests several security measures against this kind of attack.

Controlling an actively-quenched single photon detector with bright light

We control using bright light an actively-quenched avalanche single-photon detector. Actively-quenched detectors are commonly used for quantum key distribution (QKD) in the visible and near-infrared range. This study shows that these detectors are controllable by the same attack used to hack passively-quenched and gated detectors. This demonstrates the generality of our attack and its possible applicability to eavsdropping the full secret key of all QKD systems using avalanche photodiodes (APDs). Moreover, the commercial detector model we tested (PerkinElmer SPCM-AQR) exhibits two new blinding mechanisms in addition to the previously observed thermal blinding of the APD, namely: malfunctioning of the bias voltage control circuit, and overload of the DC/DC converter biasing the APD. These two new technical loopholes found just in one detector model suggest that this problem must be solved in general, by incorporating generally imperfect detectors into the security proof for QKD.

Controlling a superconducting nanowire single-photon detector using tailored bright illumination

We experimentally demonstrate that a superconducting nanowire single-photon detector is deterministically controllable by bright illumination. We found that bright light can temporarily make a large fraction of the nanowire length normally conductive, can extend deadtime after a normal photon detection, and can cause a hotspot formation during the deadtime with a highly nonlinear sensitivity. As a result, although based on different physics, the superconducting detector turns out to be controllable by virtually the same techniques as avalanche photodiode detectors. As demonstrated earlier, when such detectors are used in a quantum key distribution system, this allows an eavesdropper to launch a detector control attack to capture the full secret key without this being revealed by too many errors in the key.