Trojan-horse attacks threaten the security of practical quantum cryptography

A quantum key distribution (QKD) system may be probed by an eavesdropper Eve by sending in bright light from the quantum channel and analyzing the back-reflections. We propose and experimentally demonstrate a setup for mounting such a Trojan-horse attack. We show it in operation against the quantum cryptosystem Clavis2 from ID Quantique, as a proof-of-principle. With just a few back-reflected photons, Eve discerns Bobʼs (secret) basis choice, and thus the raw key bit in the Scarani–Acin–Ribordy–Gisin 2004 protocol, with higher than 90% probability. This would clearly breach the security of the cryptosystem. Unfortunately, Eveʼs bright pulses have a side effect of causing a high level of afterpulsing in Bobʼs single-photon detectors, resulting in a large quantum bit error rate that effectively protects this system from our attack. However, in a Clavis2-like system equipped with detectors with less-noisy but realistic characteristics, an attack strategy with positive leakage of the key would exist. We confirm this by a numerical simulation. Both the eavesdropping setup and strategy can be generalized to attack most of the current QKD systems, especially if they lack proper safeguards. We also propose countermeasures to prevent such attacks.

[1]  M. Fejer,et al.  Experimental measurement-device-independent quantum key distribution. , 2012, Physical review letters.

[2]  Chun-Yan Li,et al.  Wavelength-selected photon-number-splitting attack against plug-and-play quantum key distribution systems with decoy states , 2012 .

[3]  M.A. Krainak Photoionization of trapped carriers in avalanche photodiodes to reduce afterpulsing during Geiger-mode photon counting , 2005, (CLEO). Conference on Lasers and Electro-Optics, 2005..

[4]  Nicolas Gisin,et al.  Free-running InGaAs single photon detector with 1 dark count per second at 10% efficiency , 2013, 1312.2636.

[5]  N. Gisin,et al.  Quantum key distribution over 67 km with a plug , 2002 .

[6]  Gilles Brassard,et al.  Quantum cryptography: Public key distribution and coin tossing , 2014, Theor. Comput. Sci..

[7]  Eleni Diamanti,et al.  Experimental demonstration of long-distance continuous-variable quantum key distribution , 2012, Nature Photonics.

[8]  F. Khalili,et al.  Quantum nondemolition measurements: the route from toys to tools , 1996 .

[9]  Dong Liu,et al.  Attacking a practical quantum-key-distribution system with wavelength-dependent beam-splitter and multiwavelength sources , 2011, 1110.4574.

[10]  Xiongfeng Ma,et al.  ar X iv : q ua ntp h / 05 12 08 0 v 2 1 1 A pr 2 00 6 TIMESHIFT ATTACK IN PRACTICAL QUANTUM , 2005 .

[11]  Lan Yang,et al.  Quantum nondemolition measurement of photon number via optical Kerr effect in an ultra-high-Q microtoroid cavity. , 2008, Optics express.

[12]  A. Lacaita,et al.  Trapping phenomena in avalanche photodiodes on nanosecond scale , 1991, IEEE Electron Device Letters.

[13]  Gerd Leuchs,et al.  Device calibration impacts security of quantum key distribution. , 2011, Physical review letters.

[14]  Nathan Killoran,et al.  Optimal working points for continuous-variable quantum channels , 2013, 1301.6051.

[15]  Jean Pierre von der Weid,et al.  Real-time monitoring of single-photon detectors against eavesdropping in quantum key distribution systems. , 2012, Optics express.

[16]  N. Gisin,et al.  Trojan-horse attacks on quantum-key-distribution systems (6 pages) , 2005, quant-ph/0507063.

[17]  Pascal Junod,et al.  A fast and versatile quantum key distribution system with hardware key distillation and wavelength multiplexing , 2013, 1309.2583.

[18]  J. Skaar,et al.  Effects of detector efficiency mismatch on security of quantum cryptosystems , 2005, quant-ph/0511032.

[19]  V. Scarani,et al.  The security of practical quantum key distribution , 2008, 0802.4155.

[20]  Nicolas Gisin,et al.  Sine gating detector with simple filtering for low-noise infra-red single photon detection at room temperature , 2012, 1205.3084.

[21]  Nicolas Gisin,et al.  Quantum cryptography protocols robust against photon number splitting attacks for weak laser pulse implementations. , 2004, Physical review letters.

[22]  H. Bechmann-Pasquinucci,et al.  Quantum cryptography , 2001, quant-ph/0101098.

[23]  J. Skaar,et al.  After-gate attack on a quantum cryptosystem , 2010, 1009.2683.

[24]  J. F. Dynes,et al.  Gigacount/second photon detection with InGaAs avalanche photodiodes , 2012 .

[25]  D. Bethune,et al.  An autocompensating fiber-optic quantum cryptography system based on polarization splitting of light , 2000, IEEE Journal of Quantum Electronics.

[26]  R. Haitz Mechanisms Contributing to the Noise Pulse Rate of Avalanche Diodes , 1965 .

[27]  B Kraus,et al.  Lower and upper bounds on the secret-key rate for quantum key distribution protocols using one-way classical communication. , 2004, Physical review letters.

[28]  T. F. D. Silva,et al.  Proof-of-principle demonstration of measurement-device-independent quantum key distribution using polarization qubits , 2012, 1207.6345.

[29]  Masahide Sasaki,et al.  Demonstration of near-optimal discrimination of optical coherent states. , 2008, Physical review letters.

[30]  Sanders,et al.  Limitations on practical quantum cryptography , 2000, Physical review letters.

[31]  V. Scarani,et al.  Security of two quantum cryptography protocols using the same four qubit states (18 pages) , 2005, quant-ph/0505035.

[32]  Dag Roar Hjelme,et al.  Large pulse attack as a method of conventional optical eavesdropping in quantum cryptography , 2001 .

[33]  Alan L. Migdall,et al.  Single-photon detection efficiency up to 50% at 1310 nm with an InGaAs/InP avalanche diode gated at 1.25 GHz , 2013 .

[34]  J. Skaar,et al.  Hacking commercial quantum cryptography systems by tailored bright illumination , 2010, 1008.4593.