Title: Quantum Cryptography
1Quantum Cryptography
Alice
Bob
Eve
Ranveer Raaj Joyseeree Andreas Fognini
2Classical Algorithms
1. Asymmetrical (public-key) cryptosystems
Message
Message
Encrypted message
Public
Private
- First implementationnn RSA (Ronald Rivest, Adi
Shamir, and Leonard Adleman) 1978 - Very
convenient, Internet - Idea is based on
computational complexity f(x) y, x ?. - rely
on unproven assumptions
3Classical Algorithms
Classical Algorithms
2. Symmetrical (secret-key) cryptosystems
Distribute key over secure channel
M
M
S
M 1 0 1 0 1 0 1 0
K 1 0 0 0 1 1 1 0
S 0 0 1 0 0 1 0 0
S 0 0 1 0 0 1 0 0
K 1 0 0 0 1 1 1 0
M 1 0 1 0 1 0 1 0
XOR
XOR
- only provably secure cryptosystem known today -
not handy, key as long as message - key only
valid for one transmission - how to send the key
in a secure manner?
4Quantum Cryptography The BB84 Portocol
Ingredients 1) One photon no
copying, 2) Two non orthonormal bases sets
3) Insecure classical channel Internet What it
does Secure distribution of a key, can't be
used to send messages How it works
50 correlated
Physikalische Blätter 55, 25 (1999)
5Eve's copy machine
Copy machine
e.g.
50 decrease in correlation!
Alice and Bob recognize attack from error rate!
6Conclusion
- Quantum cryptography means just the exchange of
keys - Actual transmission of data is done with
classical algorithms - Alice Bob can find out when Eve tries to
eavesdrop.
7Hacking Quantum Key Distribution systems
- QKD systems promise enhanced security.
- In fact, quantum cryptography is proveably
secure. - Surely one cannot eavesdrop on such systems,
right?
8Hacking QKD systems
- Security is easy to prove while assuming perfect
apparatus and a noise-free channel. - Those assumptions are not valid for practical
systems e.g. Clavis2 from ID Quantique and QPN
5505 from MagiQ Technologies. - Vulnerabilities thus appear.
9Hacking by tailored illumination
- Lydersen et al. (2010) proposed a method to
eavesdrop on a QKD system undetected. - The hack exploits a vulnerability associated with
the avalanche photo diodes (APDs) used to detect
photons.
10Avalanche photo diodes
- Can detect single photons when properly set.
- However, they are sensitive to more than just
quantum states.
11Modes of operation of APDs
12Geiger mode
- VAPD is usually fixed and called bias voltage and
in Geiger mode, Vbias gt Vbr. - An incident photon creates an electron-hole pair,
leading to an avalanche of carriers and a surge
of current IAPD beyond Ith. That is detected as a
click. - Vbias is then made smaller than Vbr to stop flow
of carriers. Subsequently it is restored to its
original value in preparation for the next photon.
13Linear mode
- Vbias lt Vbr.
- Detected current is proportional to incident
optical power Popt. - Clicks again occur when IAPD gt Ith.
14Operation in practical QKD systems
- Vbias is varied as shown such that APD is in
Geiger mode only when a photon is expected - That is to minimize false detections due to
thermal fluctuations. - However, it is still sensitive to bright light in
linear mode.
15The hack in detail
- Eve uses an intercept-resend attack.
- She uses a copy of Bob to detect states in a
random basis. - Sends her results to Bob as bright light pulses,
with peak power gt Pth, instead of individual
photons. - She also blinds Bobs APDs to make them operate
as classical photodiodes only at all times to
improve QBER.
16The hack in detail
- C is a 5050 coupler used in phase-encoded QKD
systems. - When Eves and Bobs bases match, trigger pulse
from Eve constructively interferes and hits
detector corresponding to what Eve detected. - Otherwise, no constructive interference and both
detectors hit with equal energy. - Click only observed if detected current gt Ith.
17The hack in detail
- Clicks also only observed when Eve and Bob have
matching bases. - This means Eve and Bob now have identical bit
values and basis choices, independently of
photons emitted by Alice. - However, half the bits are lost in the process of
eavesdropping.
18Performance issues?
- Usually, transmittance from Alice to Bob lt 50.
- APDs have a quantum efficiency lt 50.
- However, trigger pulses cause clicks in all
cases. - Loss of bits is thus compensated for and Eve
stays undetected
19Other methods
- Method presented is not the only known exploit.
- Zhao et al. (2008) attempted a time-shift attack.
- Xu et al. (2010) attempted a phase remapping
attack.
20Conclusion
- QKD systems are unconditionally secure, based on
the fundamental laws of physics. - However, physical realisations of those systems
violate some of the assumptions of the security
proof. - Eavesdroppers may thus intercept sent messages
without being detected.
21Used Material
- Rev Mod Phys 74, 145 (2002)
- Physikalische Blätter 55, 25 (1999)
- Nature Photonics 4, 686 (2010)
- Experimental demonstration of phase-remapping
attack in a practical quantum key distribution
system. Xu et al. (2010) - Hacking commercial quantum cryptography systems
by tailored bright illumination. Lydersen et al.
(2010) - Quantum hacking Experimental demonstration of
time-shift attack against practical
quantum-key-distribution systems. Zhao et al.
(2008).