Detection Efficiency Mismatch and Finite-Key-Size Attacks on Practical Quantum Cryptography Systems

Security verification for the physical implementation of a cryptography system is an important step to ensure the security level promised by theory. As has been shown many times, any physical device has characteristics and behavior that deviate from theoretical expectations. Frequently, those lead to new security loopholes. This thesis presents three experimental studies of attacks on quantum key distribution (QKD) systems. The first is the detection efficiency mismatch on free-space systems, which takes advantage of alignment imperfections in Bob's detector to control detection efficiencies. The experiment was done on a polarization-encoding free-space receiver to find the detection efficiencies of each detector for different spatial modes of an incoming photon. Those results were put into an optimization program, which modeled an intercept-and-resend attack on a non-decoy Bennett-Brassard 1984 (BB84) protocol. The result shows that an adversary is able to gain information about the key without being detected by Alice and Bob. The second study is an experimental test of reliability of a spatial filter (a pinhole), which is proposed as a countermeasure for the previous attack. The result shows that, by sending a high-power laser beam focused on the pinhole, the pinhole can be widened without affecting other components in the receiver. Thus, the ability to perform a spatial mode detection efficiency-mismatch attack is recovered. The last experiment is a demonstration of Eve's ability to force a commercial system to distill a key from a raw key of a short length, where the asymptotic assumption of security claimed by the manufacturer might not hold. It was shown that this could be done by inducing transmission loss in the channel at an appropriate time

Toward standardization of Quantum Key Distribution

Information security becomes an inseparable part of our everyday life. An encryption method widely used today is public-key encryption. The security of this method is based on a hard to solve mathematical problems against an adversary with limited computational power. Such an assumption could be broken as our understanding of the mathematics being improved or new computation tools being developed. One such tool that poses a threat to the public key encryption is a quantum computer. As a result, a new encryption method with a new security assumption is required. Quantum key distribution is a point-to-point symmetric key distribution method with security based on the law of physics. In theory, the key generated by QKD is informationtheoretic secured. However, in practice, physical devices could have flaws or possess some behaviors deviated from the theoretical model. These imperfections could open security loopholes for an adversary to exploit, compromising the security. Thus the security verification and system characterization of practical implementation of QKD are necessary. The necessity of this verification is further emphasized as several QKD systems are being commercialized and used in several discrete communication links today. To extend this new encryption system’s practical implementation on a wider network scale requires a set of standards or common practices for developers and service providers to follow. This set of rules is set to ensure the compatibility of different device models in the network and ensure the security of each component in the system, which would affect the security of the system as a whole. To fulfill standardization and certification criteria, a record of best practice on security analysis, system design, device characterization, and security verification of QKD implementation is required. The research projects throughout my Ph.D. study contribute toward this practice. These studies also address some issues and provide possible solutions to the development of a standard for QKD. This thesis is a collection of six experimental studies on performance evaluation and security verification of different components of practical quantum key distribution systems. The first study is a comparison between the performance of the QKD system with quantum dot (QD) as a single-photon source and the performance of QKD with weakcoherent pulsed (WCP) source. The result shows that the QKD with QD could generate the key at higher channel loss than WCP QKD using the same laser source. This result shows the potential of QKD with a single-photon source as a candidate for secret key distribution over high channel loss, such as up-link satellite-based QKD. The second study is a theoretical study on the method to characterize the QKD system against the Trojan-horse attack being considered as a standard for the QKD system. The result shows a possible loophole of this method against a more powerful adversary than assumed in the previously proposed model. An improved version of characterization against a more general form of Trojan-horse attack has been proposed. The third experiment is on the information leakage from a free-space QKD receiver due to detector backflash, a photon produced by the detector upon detection. The result shows that the backflash photons carry the information of the ’clicked’ detector that could be transmitted back to the channel and discriminated by Eve. An experimental demonstration of this attack has been performed. Countermeasure both in theory and practical setup has been proposed. The next experiment is on the effect of atmospheric turbulence on Eve’s spatial-mode detection efficiency mismatch attack on the free-space QKD system. We show that, by using a phase-only spatial light modulator (SLM) and hologram created by Zernike polynomials, atmospheric turbulence with various strength covered from sea level to upper atmosphere can be experimentally emulated in the lab environment. We then use that setup to show the limit of the distance that Eve’s attack is successful. The theoretical limit of the attack distance also shown. In the fifth study, we use the SLM and Zernike polynomial holograms to characterize a free-space QKD system against spatial mode attack. The result shows that, with higherorder spatial modes and finer control of wavefront intensity distribution, Eve could bypass the countermeasure proposed in our previous study. We proposed a more robust version of countermeasure against spatial mode attack. The new countermeasure is verified by the SLM setup. The last study is on the fake-state attack on the transition edge sensor (TES). The result shows that TES’s voltage response can be deterministically controlled by Eve using bright laser through the input channel. It also shows that the photon number result from TES can be controlled by Eve. An attack model exploiting this imperfection has been shown. In addition to the contribution to the standardization of the QKD system, I hope that the result of this thesis would emphasize the necessity of security verification of the QKD system and the verification of countermeasure and characterization method against more general attack model. Although the unconditional security, promised in theory, could not yet be achieved, this loop of hacking and patching should provide us information and insight on which security level could be claimed from the practical QKD devices implementing today

Testing random-detector-efficiency countermeasure in a commercial system reveals a breakable unrealistic assumption

In the last decade, efforts have been made to reconcile theoretical security with realistic imperfect implementations of quantum key distribution (QKD). Implementable countermeasures are proposed to patch the discovered loopholes. However, certain countermeasures are not as robust as would be expected. In this paper, we present a concrete example of ID Quantique's random-detector-efficiency countermeasure against detector blinding attacks. As a third-party tester, we have found that the first industrial implementation of this countermeasure is effective against the original blinding attack, but not immune to a modified blinding attack. Then, we implement and test a later full version of this countermeasure containing a security proof [C. C. W. Lim et al., IEEE Journal of Selected Topics in Quantum Electronics, 21, 6601305 (2015)]. We find that it is still vulnerable against the modified blinding attack, because an assumption about hardware characteristics on which the proof relies fails in practice.Comment: 12 pages, 12 figure

Creation of backdoors in quantum communications via laser damage

Practical quantum communication (QC) protocols are assumed to be secure provided implemented devices are properly characterized and all known side channels are closed. We show that this is not always true. We demonstrate a laser-damage attack capable of modifying device behaviour on-demand. We test it on two practical QC systems for key distribution and coin-tossing, and show that newly created deviations lead to side channels. This reveals that laser damage is a potential security risk to existing QC systems, and necessitates their testing to guarantee security.Comment: Changed the title to match the journal version. 9 pages, 5 figure

Eavesdropping and countermeasures for backflash side channel in quantum cryptography

Quantum key distribution (QKD) promises information theoretic secure key as long as the device performs as assumed in the theoretical model. One of the assumptions is an absence of information leakage about individual photon detection outcomes of the receiver unit. Here we investigate the information leakage from a QKD receiver due to photon emission caused by detection events in single-photon detectors (backflash). We test commercial silicon avalanche photodiodes and a photomultiplier tube, and find that the former emit backflashes. We study the spectral, timing and polarization characteristics of these backflash photons. We experimentally demonstrate on a free-space QKD receiver that an eavesdropper can distinguish which detector has clicked inside it, and thus acquire secret information. A set of countermeasures both in theory and on the physical devices are discussed.Comment: 9 pages, 7 figure

Preparing a commercial quantum key distribution system for certification against implementation loopholes

A commercial quantum key distribution (QKD) system needs to be formally certified to enable its wide deployment. The certification should include the system's robustness against known implementation loopholes and attacks that exploit them. Here we ready a fiber-optic QKD system for this procedure. The system has a prepare-and-measure scheme with decoy-state BB84 protocol, polarisation encoding, qubit source rate of 312.5 MHz, and is manufactured by QRate in Russia. We detail its hardware and post-processing. We analyse the hardware for any possible implementation loopholes and discuss countermeasures. We then amend the system design to address the highest-risk loopholes identified. We also work out technical requirements on the certification lab and outline its possible structure.Comment: 33 pages, 11 figures, 2 table