Trojan-horse attacks threaten the security of practical quantum cryptography

A quantum key distribution (QKD) system may be probed by an eavesdropper Eve by sending in bright light from the quantum channel and analyzing the back-reflections. We propose and experimentally demonstrate a setup for mounting such a Trojan-horse attack. We show it in operation against the quantum...

Full description

Saved in:
Bibliographic Details
Published in:New journal of physics 2014-12, Vol.16 (12), p.123030-21
Main Authors: Jain, Nitin, Anisimova, Elena, Khan, Imran, Makarov, Vadim, Marquardt, Christoph, Leuchs, Gerd
Format: Article
Language:English
Subjects:
Bit error rate
Channels
Computer simulation
Computer systems
Cryptography
Detectors
Eavesdropping
Horses
Photons
Physics
Quantum cryptography
quantum hacking
quantum key distribution
Qubits (quantum computing)
reflectometry
Security
security proofs
Strategy
Trojan horse
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:A quantum key distribution (QKD) system may be probed by an eavesdropper Eve by sending in bright light from the quantum channel and analyzing the back-reflections. We propose and experimentally demonstrate a setup for mounting such a Trojan-horse attack. We show it in operation against the quantum cryptosystem Clavis2 from ID Quantique, as a proof-of-principle. With just a few back-reflected photons, Eve discerns Bobʼs (secret) basis choice, and thus the raw key bit in the Scarani-Acín-Ribordy-Gisin 2004 protocol, with higher than 90% probability. This would clearly breach the security of the cryptosystem. Unfortunately, Eveʼs bright pulses have a side effect of causing a high level of afterpulsing in Bobʼs single-photon detectors, resulting in a large quantum bit error rate that effectively protects this system from our attack. However, in a Clavis2-like system equipped with detectors with less-noisy but realistic characteristics, an attack strategy with positive leakage of the key would exist. We confirm this by a numerical simulation. Both the eavesdropping setup and strategy can be generalized to attack most of the current QKD systems, especially if they lack proper safeguards. We also propose countermeasures to prevent such attacks.
ISSN:1367-2630
1367-2630
DOI:10.1088/1367-2630/16/12/123030