Quantum Hacking group. Breaking quantum cryptography

Quantum Hacking

News

February 2012. Our group has split: Vadim Makarov and all experimental activity have moved to the Institute for Quantum Computing, Waterloo, Canada. Johannes Skaar and two PhD students remain in Norway. We will continue the fruitful collaboration.
November 2011. We have written an introductory chapter on quantum cryptography for a new textbook about information security.
October 2011. Our Physical Review Letters article has been highlighted: Synopsis: Eve fools Alice and Bob. Press: Physics Today | Nature News | PhysOrg.com | Ars Technica | The Register | pro-physik.de.
September 15, 2011. You can watch online Vadim Makarov’s talk about loopholes in implementations of quantum cryptography, given at the QCRYPT conference. (Or you can download 418 MiB video of higher quality.)
July 14, 2011. Our full eavesdropping experiment has been published in Nature Communications. For the first time ever, a complete eavesdropper was built, installed in a running quantum cryptography link, and actually extracted the full ‘secret’ key unnoticed. Quantum cryptography is secure in principle; the hardware problem this demo exploits is patchable. But developers should be beware of undiscovered implementation loopholes! We hope this work will focus their attention on implementation security and make the next generation of quantum cryptography systems stronger. See picture gallery and some comments on this experiment. Selected press coverage in English: Physics World | BBC | InformationWeek | Slashdot | The Register | computing.co.uk | Photonics Spectra | in Norwegian: digi.no | ABC Nyheter | in Spanish: ALT1040 | in Polish: Gazeta.pl | in Russian: Компьюлента | Лента.Ру.

Pictures from the experiment
January 2011. Video abstract for our paper “After-gate attack on a quantum cryptosystem,” filmed by our German colleagues:

See older news...

Our research

The Quantum Hacking group works in the field of quantum cryptography and quantum information. In quantum information science the information unit is not a bit, but rather a quantum bit – qubit. A qubit may not only be zero or one, but also zero and one simultaneously! In our work, we use photons as physical representation of qubits.

Quantum cryptography is a method of secure communication using qubits. Such communication is based on the Heisenberg uncertainty principle. If an eavesdropper listens to qubits, she changes them, which is inevitably noticed by the legitimate users. That is, any attempt of eavesdropping will be caught (in theory).

Our task is to make sure eavesdropping also gets caught in practice. In our daily work, we scrutinize implementations of quantum cryptography. First, we play the role of the eavesdropper and try to hack quantum cryptosystems by taking advantage of non-ideal behavior of the present-day quantum cryptographic hardware. Naturally, we often do find security problems. Then, we suggest countermeasures, either practically by modifying the setups, or theoretically by modifying the way of communicating. This is an iterative process. It should eventually make quantum cryptosystems harder to crack, ultimately approaching the goal of absolute security.

Hacking cryptographic hardware

Practical implementations of quantum cryptography are quite complicated, and often leave loopholes to the eavesdropper. During the last few years, we have studied several hardware loopholes:

Controllability of single-photon detectors by bright light, for different types of detectors: gated, passively-quenched, actively-quenched, superconducting. The attack may also apply when the light is quite dim, < 100 photons.
Detector efficiency mismatch, which turned out to be a common vulnerability affecting virtually all quantum cryptosystems.
Trojan-horse attack, in which the eavesdropper Eve interrogates the sender Alice and the receiver Bob by external bright pulses mixed into the optical channel.

We introduced a faked-state attack, a general type of attack that exploits imperfections in Bob’s optical scheme, and in one case fully implemented it on an installed quantum cryptography link.

Security proofs

How can we make a system secure when there are imperfections? With the rules of quantum mechanics, we can prove security even in the presence of non-ideal equipment. We try to incorporate different kinds of imperfections into the security proofs. Our ultimate goal is a completely secure system, where all imperfections that cannot be eliminated are taken into account.

Team of researchers after completing a joint experiment in Singapore

Current collaborations

Institute for quantum computing in Waterloo, Canada
ID Quantique

In addition, we are a member of the topical team Space-QUEST.

Dress rehearsal of eavesdropping experiment in Singapore lab

Testing eavesdropping experiment in lab

Assembling equipment for eavesdropping experiment

Vadim Makarov works with PerkinElmer detector. Image ©adressa.no

Hacking single-photon detector

Clavis2 quantum key distribution system made by id Quantique

Inside commercial quantum cryptosystem

Artem Vakhitov tunes up eavesdropper’s setup

Master student tunes up eavesdropper’s setup for Trojan-horse attack

Part of our fiber-optic quantum key distribution system

Our group in Trondheim, November 2008