Implementation vulnerabilities in general quantum cryptography

Quantum cryptography is information-theoretically secure owing to its solid basis in quantum mechanics. However, generally, initial implementations with practical imperfections might open loopholes, allowing an eavesdropper to compromise the security of a quantum cryptographic system. This has been shown to happen for quantum key distribution (QKD). Here we apply experience from implementation security of QKD to several other quantum cryptographic primitives. We survey quantum digital signatures, quantum secret sharing, source-independent quantum random number generation, quantum secure direct communication, and blind quantum computing. We propose how the eavesdropper could in principle exploit the loopholes to violate assumptions in these protocols, breaking their security properties. Applicable countermeasures are also discussed. It is important to consider potential implementation security issues early in protocol design, to shorten the path to future applications.Comment: 13 pages, 8 figure

Controlling single-photon detector ID210 with bright light

We experimentally demonstrate that a single-photon detector ID210 commercially available from ID Quantique is vulnerable to blinding and can be fully controlled by bright illumination. In quantum key distribution, this vulnerability can be exploited by an eavesdropper to perform a faked-state attack giving her full knowledge of the key without being noticed. We consider the attack on standard BB84 protocol and a subcarrier-wave scheme, and outline a possible countermeasure.Comment: 6 pages, 5 figure

Insecurity of detector-device-independent quantum key distribution

Detector-device-independent quantum key distribution (ddiQKD) held the promise of being robust to detector side-channels, a major security loophole in QKD implementations. In contrast to what has been claimed, however, we demonstrate that the security of ddiQKD is not based on post-selected entanglement, and we introduce various eavesdropping strategies that show that ddiQKD is in fact insecure against detector side-channel attacks as well as against other attacks that exploit device's imperfections of the receiver. Our attacks are valid even when the QKD apparatuses are built by the legitimate users of the system themselves, and thus free of malicious modifications, which is a key assumption in ddiQKD.Comment: 7 pages, 5 figures, 1 tabl

Testing random-detector-efficiency countermeasure in a commercial system reveals a breakable unrealistic assumption

In the last decade, efforts have been made to reconcile theoretical security with realistic imperfect implementations of quantum key distribution (QKD). Implementable countermeasures are proposed to patch the discovered loopholes. However, certain countermeasures are not as robust as would be expected. In this paper, we present a concrete example of ID Quantique's random-detector-efficiency countermeasure against detector blinding attacks. As a third-party tester, we have found that the first industrial implementation of this countermeasure is effective against the original blinding attack, but not immune to a modified blinding attack. Then, we implement and test a later full version of this countermeasure containing a security proof [C. C. W. Lim et al., IEEE Journal of Selected Topics in Quantum Electronics, 21, 6601305 (2015)]. We find that it is still vulnerable against the modified blinding attack, because an assumption about hardware characteristics on which the proof relies fails in practice.Comment: 12 pages, 12 figure

ニワトリ卵管における精子貯蔵機構に関する研究

内容の要約広島大学(Hiroshima University)博士(農学)Doctor of Agriculturedoctora

Quantum Hacking in the Age of Measurement-Device-Independent Quantum Cryptography

Cryptography is essential for secure communication in the digital era. Today, public-key cryptography is widely employed, and has provided an efficient method for encrypting content and ensuring both confidentiality and authenticity of electronic communications. However, the security of these systems is based on assumptions of computational hardness within the constraints of current computing capability. Thus, as quantum computing becomes a reality, public-key algorithms will be genuinely vulnerable to attack. By contrast, quantum cryptography, which is based on quantum physics instead of mathematical assumptions, is able to achieve information-theoretic security. Advances in practical quantum cryptographic systems have not kept pace with theory, where an eavesdropper can relatively easily exploit loopholes in practical implementations to compromise theory-proved security. Bridging the gap between perfect theory and imperfect practice has become a priority for the growing field of quantum key distribution (QKD), which has strived to strengthen the practical security of QKD systems. Among all the countermeasures against quantum hacking, the measurement-device-independent (MDI) QKD protocol is promising because it is immune to all side-channel attacks on measurement devices. However, the MDI QKD protocol has some limitations that critically restrict its practical usefulness. Technically, the MDI scheme is not compatible with existing QKD systems, and produces a low key rate. In addition, the theory underlying MDI QKD security is based on the use of trusted source stations. Thus, this protocol is not a universal solution. This thesis further investigates the practical security of quantum cryptography in and beyond MDI quantum cryptography. To overcome the technical limitations of MDI QKD, we first evaluate two other countermeasures against imperfect detections. The first is an industrial patch based on random detection efficiency, recently implemented by ID Quantique in the commercial Clavis2 QKD system. While powerful, experimental testing shows that this countermeasure is not sufficient to defeat the detector blinding attack. The second countermeasure aims to achieve a higher key rate than MDI QKD while maintaining the same security properties. However, our research shows that detector-device-independent (DDI) QKD security is not equivalent to that of MDI QKD and, further, that DDI QKD is insecure against detector side-channel attacks. While this initial work points to the superior performance of MDI QKD systems, core challenges remain. The fundamental security assumption adopted for MDI QKD systems, regarding the exclusive use of trustable source stations, cannot always be satisfied in practice. Our study revealed several side channels of source devices. The first is disclosed from the implementation of a decoy-state protocol, which is widely used in QKD systems with weak coherent sources. The pump-current-modulated intensities result in a timing mismatch between the signal and decoy states, violating the key assumption in the decoy-state QKD protocol. Moreover, an active Eve can break the basic assumption about photon numbers in the QKD system. In this work, we experimentally demonstrate a laser seeding attack on the laser source, which shows that Eve can increase the emission power of the laser diode. Furthermore, by shining a high-power laser into an optical attenuator, Eve can decrease the attenuation values. The increase in laser emission power and the decrease in attenuation leads to an increase in mean photon numbers. In summary, MDI QKD is a milestone in quantum cryptography. However, this thesis indicates the importance of continued investigations into the practical security of MDI QKD. The analysis of practical security should be extended to other countermeasures against side-channel attacks and the source stations in MDI QKD systems. Practical quantum hacking and security analysis promote the development of quantum cryptographic systems, which will eventually achieve the unconditional security claimed in theory

Designing for Appropriate Reliance: The Roles of AI Uncertainty Presentation, Initial User Decision, and User Demographics in AI-Assisted Decision-Making

Appropriate reliance is critical to achieving synergistic human-AI collaboration. For instance, when users over-rely on AI assistance, their human-AI team performance is bounded by the model's capability. This work studies how the presentation of model uncertainty may steer users' decision-making toward fostering appropriate reliance. Our results demonstrate that showing the calibrated model uncertainty alone is inadequate. Rather, calibrating model uncertainty and presenting it in a frequency format allow users to adjust their reliance accordingly and help reduce the effect of confirmation bias on their decisions. Furthermore, the critical nature of our skin cancer screening task skews participants' judgment, causing their reliance to vary depending on their initial decision. Additionally, step-wise multiple regression analyses revealed how user demographics such as age and familiarity with probability and statistics influence human-AI collaborative decision-making. We discuss the potential for model uncertainty presentation, initial user decision, and user demographics to be incorporated in designing personalized AI aids for appropriate reliance.Comment: Accepted to CSCW202