Quantum Hacking group. Breaking quantum cryptography

Quantum Hacking

News

November 2011. We have written an introductory chapter on quantum cryptography for a new textbook about information security.
September 15, 2011. You can watch online Vadim Makarov’s talk about loopholes in implementations of quantum cryptography, given at the QCRYPT conference. (Or you can download 418 MiB video of higher quality.)
July 14, 2011. Our full eavesdropping experiment has been published in Nature Communications. For the first time ever, a complete eavesdropper was built, installed in a running quantum cryptography link, and actually extracted the full ‘secret’ key unnoticed. Quantum cryptography is secure in principle; the hardware problem this demo exploits is patchable. But developers should be beware of undiscovered implementation loopholes! We hope this work will focus their attention on implementation security and make the next generation of quantum cryptography systems stronger. See picture gallery and some comments on this experiment. Selected press coverage in English: Physics World | BBC | InformationWeek | Slashdot | The Register | computing.co.uk | Photonics Spectra | in Norwegian: digi.no | ABC Nyheter | in Spanish: ALT1040 | in Polish: Gazeta.pl | in Russian: Компьюлента | Лента.Ру.

Pictures from the experiment
January 2011. Video abstract for our paper “After-gate attack on a quantum cryptosystem,” filmed by our German colleagues:
December 2010. What is the proper way to patch the detector loopholes? We reply to a comment by Yuan et al. from Toshiba Cambridge lab. See also follow-up in the press (the journalist concluded that a light-sabre duel with A. Shields may be necessary to resolve the dispute :). Update: months later, we peacefully continue the discussion.
August 29, 2010. We have hacked commercial quantum key distribution systems from both vendors active on the market today, and published it in Nature Photonics. This attack on commercial quantum cryptography is
- the first 100% efficient one, giving the eavesdropper full secret key with zero disturbance to the system,
- the first fully implementable one, using today’s technology and off-the-shelf components, and
- the first that has been responsibly disclosed, i.e., the vendors have been notified several months before publication: see our joint press release with ID Quantique (PDF).
In a nutshell, the quantum cryptography is not broken (it’s secure in principle), but its commercial implementations as of early 2010 are shown to contain a nasty technological loophole. It’s patchable of course... just a question of time. Visit a picture gallery with comments on how we cracked the systems. Watch news on NRK1 (2 min video). Selected press coverage in English: Nature News | Slashdot | International Business Times | TechRepublic | Ars Technica | PopSci | Bruce Schneier | PC Pro | Techworld | The Register | eWeek | ZDNet | GCN | InformationWeek | in German: Frankfurter Allgemeine Zeitung (PDF) | in French: Le Figaro | market.ch | in Norwegian: audio interview with Lars Lydersen on NRK Verdt å vite (MP3, 14 min) | more on studentradioen (MP3, 5 min) | forskning.no (also in Danish) | digi.no | NRK Trøndelag | Teknisk Ukeblad | Gemini | Elektronikknett | Adresseavisen | Universitetsavisa | in Russian: Компьюлента | in Chinese: 新华网.

Pictures from the hacking experiments

Our research

The Quantum Hacking group works in the field of quantum cryptography and quantum information. In quantum information science the information unit is not a bit, but rather a quantum bit – qubit. A qubit may not only be zero or one, but also zero and one simultaneously! In our work, we use photons as physical representation of qubits.

Quantum cryptography is a method of secure communication using qubits. Such communication is based on the Heisenberg uncertainty principle. If an eavesdropper listens to qubits, she changes them, which is inevitably noticed by the legitimate users. That is, any attempt of eavesdropping will be caught (in theory).

Our task is to make sure eavesdropping also gets caught in practice. In our daily work, we scrutinize implementations of quantum cryptography. First, we play the role of the eavesdropper and try to hack quantum cryptosystems by taking advantage of non-ideal behavior of the present-day quantum cryptographic hardware. Naturally, we often do find security problems. Then, we suggest countermeasures, either practically by modifying the setups, or theoretically by modifying the way of communicating. This is an iterative process. It should eventually make quantum cryptosystems harder to crack, ultimately approaching the goal of absolute security.

Hacking cryptographic hardware

Practical implementations of quantum cryptography are quite complicated, and often leave loopholes to the eavesdropper. During the last few years, we have studied several hardware loopholes:

Controllability of single-photon detectors by bright light, for different types of detectors: gated, passively-quenched, actively-quenched, superconducting. The attack may also apply when the light is quite dim, < 100 photons.
Detector efficiency mismatch, which turned out to be a common vulnerability affecting virtually all quantum cryptosystems.
Trojan-horse attack, in which the eavesdropper Eve interrogates the sender Alice and the receiver Bob by external bright pulses mixed into the optical channel.

We introduced a faked-state attack, a general type of attack that exploits imperfections in Bob’s optical scheme, and in one case fully implemented it on an installed quantum cryptography link.

Security proofs

How can we make a system secure when there are imperfections? With the rules of quantum mechanics, we can prove security even in the presence of non-ideal equipment. We try to incorporate different kinds of imperfections into the security proofs. Our ultimate goal is a completely secure system, where all imperfections that cannot be eliminated are taken into account.