Quantum Hacking group. Breaking quantum cryptography

Quantum Hacking

Announcements

Next demonstrations of our hacking kit (see picture below) take place at id Quantique 2nd winter school on practical quantum cryptography and at one of the GAP-optique Friday seminars this February.
Presentations from the Quantum communication workshop 2010 in Oslo are now online.
In July 2009, we have completed a full-scale eavesdropping experiment on a quantum cryptosystem built at the Centre for quantum technologies, Singapore. Under realistic conditions, we have eavesdropped 100% of the secret key without alerting legitimate users. More information is available in two different conference presentations: one given at Hacking at Random, a recording of which you can watch on YouTube (52 min long lecture), and another given at Chaos Communication Congress, a recording of which you can too watch on YouTube (52 min long lecture).

Scheme of experiment

Our research

The Quantum Hacking group works in the field of quantum cryptography and quantum information. In quantum information science the information unit is not a bit, but rather a quantum bit – qubit. A qubit may not only be zero or one, but also zero and one simultaneously! In our work, we use photons as physical representation of qubits.

Quantum cryptography is a method of secure communication using qubits. Such communication is based on the Heisenberg uncertainty principle. If an eavesdropper listens to qubits, she changes them, which is inevitably noticed by the legitimate users. That is, any attempt of eavesdropping will be caught (in theory).

Our task is to make sure eavesdropping also gets caught in practice. In our daily work, we scrutinize implementations of quantum cryptography. First, we play the role of the eavesdropper and try to hack quantum cryptosystems by taking advantage of non-ideal behavior of the present-day quantum cryptographic hardware. Naturally, we often do find security problems. Then, we suggest countermeasures, either practically by modifying the setups, or theoretically by modifying the way of communicating. This is an iterative process. It should eventually make quantum cryptosystems harder to crack, ultimately approaching the goal of absolute security.

Hacking cryptographic hardware

Practical implementations of quantum cryptography are quite complicated, and often leave loopholes to the eavesdropper. During the last few years, we have studied several hardware loopholes:

Controllability of single-photon detectors by bright light: both passively-quenched and actively-quenched.
Detector efficiency mismatch, which turned out to be a common vulnerability affecting virtually all quantum cryptosystems.
Trojan-horse attack, in which the eavesdropper Eve interrogates the sender Alice and the receiver Bob by external bright pulses mixed into the optical channel.

We also introduced faked-state attack, a general type of attack that exploits imperfections in Bob’s optical scheme.

Security proofs

How can we make a system secure when there are imperfections? With the rules of quantum mechanics, we can prove security even in the presence of non-ideal equipment. We try to incorporate different kinds of imperfections into the security proofs. Our ultimate goal is a completely secure system, where all imperfections that cannot be eliminated are taken into account.

Quantum key distribution system

Since other research groups and commercial manufacturers alike do such a poor job at producing hack-proof systems (as we see so far :), we have to take this task ourselves. In our lab, we are building our own quantum cryptosystem, with the explicit goal to address all known loopholes and security issues.

Distinguishing quantum states

Non-orthogonal quantum states cannot be reliably distinguished by a measurement. This uncertainty limits the amount of information Alice can send Bob using non-orthogonal qubits. We are trying to find measurements which distinguish non-orthogonal states with the smallest probability of error, and measurements which optimize Alice’s and Bob’s mutual information.