Quantum Cryptography

Alice

Eve Bob

Ranveer Raaj Joyseeree & Andreas Fognini

Classical Algorithms

1. Asymmetrical (public-key) cryptosystems:

Message Encrypted message Message

Private Public

- First implementationnn RSA (Ronald Rivest, Adi Shamir, and Leonard Adleman) 1978
- Very convenient, Internet
- Idea is based on computational complexity f(x) = y, x = ?.
- rely on unproven assumptions
 Classical Algorithms

2. Symmetrical (secret-key) cryptosystems:

Distribute key over secure channel

M S M

S: 0 0 1 0 0 1 0 0 M: 1 0 1 0 1 0 1 0
XOR K: 1 0 0 0 1 1 1 0 XOR K: 1 0 0 0 1 1 1 0
M: 1 0 1 0 1 0 1 0 S: 0 0 1 0 0 1 0 0

- only provably secure cryptosystem known today

- not handy, key as long as message
- key only valid for one transmission
- how to send the key in a secure manner?
Quantum Cryptography: The BB84 Portocol
Ingredients: 1) One photon no copying,
2) Two non orthonormal bases sets
3) Insecure classical channel; Internet
What it does: Secure distribution of a key, can't be used to send messages
How it works:

50% correlated
Physikalische Blätter 55, 25 (1999)
 Eve's copy machine

Copy machine: e.g.

50% decrease
in correlation!

Alice and Bob recognize

attack from error rate!
Conclusion

 Quantum cryptography means just the

exchange of keys
 Actual transmission of data is done with
classical algorithms
 Alice & Bob can find out when Eve tries to
eavesdrop.
Hacking Quantum Key Distribution systems

 QKD systems promise enhanced security.

 In fact, quantum cryptography is proveably

secure.

 Surely one cannot eavesdrop on such systems,

right?
Hacking QKD systems

 Security is easy to prove while assuming

perfect apparatus and a noise-free channel.

 Those assumptions are not valid for practical

systems e.g. Clavis2 from ID Quantique and
QPN 5505 from MagiQ Technologies.

 Vulnerabilities thus appear.

Hacking by tailored illumination

 Lydersen et al. (2010) proposed a method to

eavesdrop on a QKD system undetected.

 The hack exploits a vulnerability associated with

the avalanche photo diodes (APD‘s) used to
detect photons.
Avalanche photo diodes

 Can detect single photons when properly set.

 However, they are sensitive to more than just

quantum states.
Modes of operation of APD’s

 Geiger and linear modes

Geiger mode

 VAPD is usually fixed and called bias voltage and in Geiger mode, Vbias > Vbr.

 An incident photon creates an electron-hole pair, leading to an avalanche of carriers

and a surge of current IAPD beyond Ith. That is detected as a click.

 Vbias is then made smaller than Vbr to stop flow of carriers. Subsequently it is restored
to its original value in preparation for the next photon.
Linear mode

 Vbias < Vbr.

 Detected current is proportional to incident optical power Popt.

 Clicks again occur when IAPD > Ith.

Operation in practical QKD systems

 Vbias is varied as shown such that APD is in Geiger mode only

when a photon is expected

 That is to minimize false detections due to thermal fluctuations.

 However, it is still sensitive to bright light in linear mode.

The hack in detail

 Eve uses an intercept-resend attack.

 She uses a copy of Bob to detect states in a random basis.

 Sends her results to Bob as bright light pulses, with peak power
> Pth, instead of individual photons.

 She also blinds Bob‘s APD‘s to make them operate as classical

photodiodes only at all times to improve QBER.
The hack in detail

 C is a 50:50 coupler used in phase-encoded QKD systems.

 When Eve‘s and Bob‘s bases match, trigger pulse from Eve constructively interferes
and hits detector corresponding to what Eve detected.

 Otherwise, no constructive interference and both detectors hit with equal energy.

 Click only observed if detected current > Ith.

The hack in detail

 Clicks also only observed when Eve and Bob have

matching bases.

 This means Eve and Bob now have identical bit values
and basis choices, independently of photons emitted
by Alice.

 However, half the bits are lost in the process of

eavesdropping.
Performance issues?

 Usually, transmittance from Alice to Bob < 50%.

 APDs have a quantum efficiency < 50%.

 However, trigger pulses cause clicks in all cases.

 Loss of bits is thus compensated for and Eve stays

undetected
Other methods

 Method presented is not the only known exploit.

 Zhao et al. (2008) attempted a time-shift attack.

 Xu et al. (2010) attempted a phase remapping attack.

Conclusion

 QKD systems are unconditionally secure, based on

the fundamental laws of physics.

 However, physical realisations of those systems

violate some of the assumptions of the security proof.

 Eavesdroppers may thus intercept sent messages

without being detected.
Used Material

 Rev Mod Phys 74, 145 (2002)

 Physikalische Blätter 55, 25 (1999)
 Nature Photonics 4, 686 (2010)
 Experimental demonstration of phase-remapping attack in a
practical quantum key distribution system. Xu et al. (2010)
 Hacking commercial quantum cryptography systems by tailored
bright illumination. Lydersen et al. (2010)
 Quantum hacking: Experimental demonstration of time-shift
attack against practical quantum-key-distribution systems. Zhao
et al. (2008).