Candidate: Anqi Huang
Title: Quantum hacking after measurement-device-independent quantum cryptography.
Date: March 26, 2018
Time: 12:30 PM
Place: EIT 3142
Supervisor(s): Makarov, Vadim (Physics and Astronomy) - Wilson, Christopher C.M.
Abstract:
Cryptography is essential for secure communication in this era of digital information and networks. Today, the widely employed public-key cryptography relies on mathematical theory, and its security is based on the assumptions of computational hardness with current computing capability. Unfortunately, a powerful quantum computer in the future could break these public-key systems. In contrast, quantum cryptography, which is based on quantum physics instead of mathematical assumptions, is able to achieve information-theoretic security.
However, in practice, imperfect devices threaten the security of quantum cryptographic systems. The gap between the perfect theory and imperfect practice has been studied most in the field of quantum key distribution (QKD). An eavesdropper can exploit the practical loopholes in implementations to compromise the theory-proved security. The QKD community has been making efforts to strengthen the practical security of QKD systems for more than a decade. Among all the countermeasures against quantum hacking, the protocol of measurement-device-independent (MDI) QKD is promising, because this protocol is immune to all the side-channel attacks on measurement devices. Nevertheless, there are some limitations of the MDI QKD protocol. Technically, the MDI scheme is not compatible with the existing QKD systems, and produces a low key rate. Theoretically, the security of MDI QKD is also based on the trusted source stations. Thus, this protocol is not a universal solution. This thesis further investigates the practical security of quantum cryptography in and beyond MDI quantum cryptography.
To overcome the technical limitations of MDI QKD, I first scrutinize other two countermeasures against imperfect detections. As an industrial patch, ID Quantique implemented the countermeasure with random detection efficiency in the commercial Clavis2 QKD system. Unfortunately, my testing shows that this countermeasure is not sufficient to defeat the detector blinding attack.
Another countermeasure, detector-device-independent (DDI) QKD protocol, aims to achieve a higher key rate than MDI QKD, and keep the same security property. However, our research has proven that the security of DDI QKD is not equivalent to that of MDI QKD. Our study also indicates that DDI QKD is insecure against detector side-channel attacks.
On the other hand, the vital assumption about trustable source stations in MDI QKD cannot be always satisfied in practice. I find several side-channels of the source devices. The first side-channel is disclosed from the implementation of the decoy-state protocol which is widely used in QKD systems with weak coherent sources. The pump-current-modulated intensities result in a timing mismatch between signal and decoy states, violating the key assumption in the decoy-state QKD protocol. Moreover, the basic assumption about the photon numbers in the QKD system can be broken by an active Eve. I have experimentally demonstrated a laser seeding attack on the laser source, which shows that Eve has a chance to increase the emission power of the laser diode.
Furthermore, by shining a high-power laser on the optical attenuators, a stronger Eve is able to decrease the attenuation values. The increase of a laser's emission power and the decrease of attenuation lead to the rise of mean photon numbers.
I also analyze the implementation vulnerabilities in wider quantum cryptography beyond QKD. I have surveyed five quantum cryptography primitives: quantum digital signature (QDS), quantum secret sharing (QSS), source-independent quantum random number generation (SI QRNG), quantum secure direct communication (QSDC), and blind quantum computing (BQC). Similarly to QKD, my survey shows that the imperfections in practice potentially threaten the security properties of these quantum cryptographic primitives.
In summary, MDI QKD is a milestone in quantum cryptography. However, this thesis indicates the importance of continued practical security investigation into MDI QKD systems and other quantum cryptographic systems. The analysis of practical security should be extended to other countermeasures against side-channel attacks, the source stations in MDI QKD system, and other quantum cryptographic primitives beyond QKD. Practical quantum hacking and security analysis promote the development of quantum cryptography systems, which will eventually achieve the unconditional security claimed in theory.