A new way to hack quantum-cryptography systems has been unveiled by physicists in Canada. The method involves using a powerful laser to physically damage the optical equipment used to send and receive secret keys in “quantum key distribution” (QKD) systems. QKD systems are already in commercial use, and this latest disruption comes as quantum-cryptography experts have already modified their systems to make them immune to other eavesdropping techniques.
QKD uses the laws of quantum mechanics to guarantee complete security when two people exchange a cryptographic key. This secret key then allows them to exchange information using conventional communications. The sender and receiver – usually called Alice and Bob, respectively – share a secret key made up of a series of quantum states that an eavesdropper, Eve, is in principle unable to intercept without altering those states and thereby revealing her presence.
Unconditional security?
In practice, however, the security of QKD is impaired by physical limitations of the sources, receivers and other hardware used to implement it. According to Vadim Makarov of the University of Waterloo and colleagues, many scientists assume that as long as the technical shortcomings of this equipment are properly characterized, then QKD can “provide unconditional security”. But the team has shown that even in perfectly understood systems, an eavesdropper can create “loopholes on demand” to steal quantum keys.
Makarov and colleagues have worked out how to create such loopholes in two kinds of QKD system: those using fibre-optic cables and others that send quantum information through free space. The fibre system was based on equipment manufactured by Swiss company ID Quantique, and the team subjected it to a “Trojan horse” attack. This involves Eve shining a bright light at Alice and then measuring the reflected light to try and work out how Alice is encoding a series of photons sent to her by Bob that will constitute the secret key.
Burning bright
Trojan-horse attacks can be prevented if Alice sets up a detector to measure the energy of the incoming photons, which sounds an alarm if the energy is too great. To get around this measure, the team shone an infrared laser at Alice’s photodetector for up to 30 s after disconnecting the fibre channel, which they it during one of the system’s several extended periods of recalibration. The researchers discovered that they could burn a hole in the photodiode detector and render it either partially or completely insensitive to light – the latter requiring at least 1.7 W of laser power. They repeated the experiment using six detectors, and found that in each case “the damage was sufficient to permanently open the system up to the Trojan-horse attack,” although they add that only in half of those trials did QKD continue uninterrupted after reconnecting the fibre between Alice and Bob.
The group also used the same laser to weaken the security of “quantum coin tossing”, which allows two mutually distrustful people to make a decision by metaphorically tossing a coin, even when physically separated. In this case, the impaired sensitivity of the photodetector can increase Bob’s odds of being able to successfully cheat above what is possible with classical technology, so rendering the quantum system redundant.
Faking states
In the case of free-space cryptography, Makarov and colleagues showed that they could enable a “faked-state attack”. Alice and Bob share a key encoded using photon polarization, while Eve inserts a device into the polarized beam that very slightly tilts the beam so that it misses the core of three of the four fibres leading to Bob’s polarization detectors. This allows Eve to control which detectors are used to measure which photons, and by doing so to steal the key unnoticed.
This attack can be prevented by placing a pinhole inside Bob’s receiver – an arrangement that limits the angles over which the incoming beam can enter the device. But Makarov and colleagues were able to enlarge the size of the pinhole by exposing it to a 10 second pulse from a 3.6 W near-infrared laser. Enlarging the hole’s diameter from 25 μm to about 150 μm, the researchers were able to tilt the beam enough to enable any eavesdroppers to steal the secret key.
This work goes further than an experiment reported last year by Makarov and an international group of scientists, because it targets two complete systems and does so without impeding their operation (the earlier research, in contrast, damaged a single isolated component). The Canadian group says that the new results should force scientists to “think again” about how to assess the security of quantum-cryptographic devices, arguing that testing against laser damage and other optical attacks will become “an obligatory part of security assurance for future quantum communications”. It adds that related technologies, such as a type of cloud computing to share the processing power of future quantum computers, might also be vulnerable to laser damage.
Better detectors
Norbert Lütkenhaus of the University of Waterloo, who was not involved in the current work, says this idea of actively damaging QKD components was “not previously on the radar screen” of scientists working on quantum-communication technologies. He believes that countermeasures are possible, suggesting that an additional detector could be installed to register the light from any damaging laser beams. But he points out that manufacturers will need to ensure that their new detectors are themselves resistant to any potential attack, arguing that improving “best engineering practice” is the way to do that. As with other cryptographic technologies, he says, the development of QKD is “always a cat and mouse game”.
A paper describing the research has been uploaded to the arXiv server.