Making quantum cryptography truly secure: paper in Nature Communications

CQT physicists-turned-hackers and their collaborators have published details of work that led to tightened security for quantum key distribution (QKD) systems.

In the 14 June issue of Nature Communications, the researchers describe the first full field-implemented hack of a quantum cryptography system, in which an eavesdropper acquired a secret key transmitted between the two legitimate parties without being noticed. With this key, the eavesdropper would be able to decipher messages sent openly between the parties after being scrambled.

In principle the security of QKD is guaranteed by physics, and the attack did not target the QKD protocol but a practical behaviour of the detectors used to implement it. Open discussion and publication of the results contributed to researchers quickly demonstrating schemes to close this loophole, highlighting the importance of identifying imperfections in QKD systems as a first step towards fixing them.

"Quantum key distribution has matured into a true competitor to classical key distribution. This attack highlights where we need to pay attention to ensure the security of this technology," says Christian Kurtsiefer, CQT Principal Investigator and NUS Professor. He did the work with former CQT members Antía Lamas-Linares and Ilja Gerhardt, in collaboration with Vadim Makarov, Qin Liu and Johannes Skaar of the Norwegian University of Science and Technology in Trondheim, Norway

Researchers at work: Dr Ilja Gerhardt, Prof. Antía Lamas-Linares and Prof. Christian Kurtsiefer set up a quantum cryptography system. Image © 2009 Vadim Makarov www.vad1.com

In the setup that was tested, the researchers demonstrated their eavesdropping attack in realistic conditions over a 290-m fibre link between a transmitter called "Alice" and a receiver called "Bob". Alice transmits light to Bob one photon at a time, and the two build up their secret key by measuring properties of the photons. During multiple QKD sessions over a few hours, the perfect eavesdropper "Eve" obtained the same secret key as Bob, while the usual parameters monitored in the QKD exchange were not disturbed — meaning that Eve remained undetected.

The researchers were able to circumvent the quantum principles that in theory provide QKD its strong security by making the photon detectors in Bob behave in a classical way. The detectors were blinded, essentially overriding the system's ability to detect a breach of security.

The Quantum Hacking group in Norway followed up with investigation of commercial QKD systems (more at the group's website here). Christian and his colleagues, who built the QKD system on which the eavesdropper was tested, had initiated engagement with the hacking communities when they took their QKD system to the Chaos Communication Congress in Berlin in 2007. They also collaborated in 2008 with the United State's National Institute of Standards and Technology in Gaithersburg, Maryland, to exhibit the system at two hackers conferences, Black Hat and DEFCON, in Las Vegas. Since testing the hack proposed by Vadim, however, CQT's QKD system has been dismantled to make way for new experiments.

For further details of this work, see the paper "Full-field implementation of a perfect eavesdropper on a quantum cryptography system", Nat. Commun. 2, 349 (2011); arXiv:1011.0105. The Norwegian University of Science and Technology, the University Graduate Center in Kjeller, Norway and CQT at the National University of Singapore issued this press release (pdf).

Selected coverage in the media:

• Physics World: Hackers steal quantum code
• InformationWeek: Eavesdropper steals quantum crypto keys
• New Scientist: Ciphercrime

Hacker's suitcase: Mobile toolkit for eavesdropping on a quantum cryptography link, containing optical and electronic equipment. Image © 2010 NTNU Info / Geir Mogen