Hacking commercial quantum cryptography systems by tailored bright illumination

The peculiar properties of quantum mechanics allow two remote parties to communicate a private, secret key, which is protected from eavesdropping by the laws of physics. So-called quantum key distribution (QKD) implementations always rely on detectors to measure the relevant quantum property of single photons. Here we demonstrate experimentally that the detectors in two commercially available QKD systems can be fully remote-controlled using specially tailored bright illumination. This makes it possible to tracelessly acquire the full secret key; we propose an eavesdropping apparatus built of off-the-shelf components. The loophole is likely to be present in most QKD systems using avalanche photodiodes to detect single photons. We believe that our findings are crucial for strengthening the security of practical QKD, by identifying and patching technological deficiencies.Comment: Revised version, rewritten for clarity. 5 pages, 5 figures. To download the Supplementary information (which is in open access), go to the journal web site at http://dx.doi.org/10.1038/nphoton.2010.21

Boosting up quantum key distribution by learning statistics of practical single photon sources

We propose a simple quantum-key-distribution (QKD) scheme for practical single photon sources (SPSs), which works even with a moderate suppression of the second-order correlation $g^{(2)}$ of the source. The scheme utilizes a passive preparation of a decoy state by monitoring a fraction of the signal via an additional beam splitter and a detector at the sender's side to monitor photon number splitting attacks. We show that the achievable distance increases with the precision with which the sub-Poissonian tendency is confirmed in higher photon number distribution of the source, rather than with actual suppression of the multi-photon emission events. We present an example of the secure key generation rate in the case of a poor SPS with $g^{(2)} = 0.19$, in which no secure key is produced with the conventional QKD scheme, and show that learning the photon-number distribution up to several numbers is sufficient for achieving almost the same achievable distance as that of an ideal SPS.Comment: 11 pages, 3 figures; published version in New J. Phy

Trojan-horse attacks threaten the security of practical quantum cryptography

A quantum key distribution system may be probed by an eavesdropper Eve by sending in bright light from the quantum channel and analyzing the back-reflections. We propose and experimentally demonstrate a setup for mounting such a Trojan-horse attack. We show it in operation against the quantum cryptosystem Clavis2 from ID~Quantique, as a proof-of-principle. With just a few back-reflected photons, Eve discerns Bob's secret basis choice, and thus the raw key bit in the Scarani-Ac\'in-Ribordy-Gisin 2004 protocol, with higher than 90% probability. This would clearly breach the security of the cryptosystem. Unfortunately in Clavis2 Eve's bright pulses have a side effect of causing high level of afterpulsing in Bob's single-photon detectors, resulting in a high quantum bit error rate that effectively protects this system from our attack. However, in a Clavis2-like system equipped with detectors with less-noisy but realistic characteristics, an attack strategy with positive leakage of the key would exist. We confirm this by a numerical simulation. Both the eavesdropping setup and strategy can be generalized to attack most of the current QKD systems, especially if they lack proper safeguards. We also propose countermeasures to prevent such attacks.Comment: 22 pages including appendix and references, 6+2 figure