2010
DOI: 10.1038/nphoton.2010.214
|View full text |Cite
|
Sign up to set email alerts
|

Hacking commercial quantum cryptography systems by tailored bright illumination

Abstract: The peculiar properties of quantum mechanics allow two remote parties to communicate a private, secret key, which is protected from eavesdropping by the laws of physics(1-4). So-called quantum key distribution (QKD) implementations always rely on detectors to measure the relevant quantum property of single photons(5). Here we demonstrate experimentally that the detectors in two commercially available QKD systems can be fully remote-controlled using specially tailored bright illumination. This makes it possible… Show more

Help me understand this report
View preprint versions

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1

Citation Types

2
967
1
9

Year Published

2011
2011
2024
2024

Publication Types

Select...
4
4

Relationship

0
8

Authors

Journals

citations
Cited by 1,015 publications
(993 citation statements)
references
References 24 publications
2
967
1
9
Order By: Relevance
“…In a simulation of the attack, we have found that the system is insecure if clicks are accepted during the dead time. The presented after-gate attack can be used independently or together with the blinding attack in [16]. Although the after-gate attack in contrast to the blinding increases the QBER, it has the advantage that the optical power sent into the Bob module is weaker.…”
Section: Discussionmentioning
confidence: 99%
See 1 more Smart Citation
“…In a simulation of the attack, we have found that the system is insecure if clicks are accepted during the dead time. The presented after-gate attack can be used independently or together with the blinding attack in [16]. Although the after-gate attack in contrast to the blinding increases the QBER, it has the advantage that the optical power sent into the Bob module is weaker.…”
Section: Discussionmentioning
confidence: 99%
“…In the linear regime of the APDs, Eve can substitute the quantum states with bright coherent states [16]. Figure 2 shows examples of pulses that generate a click only if Bob's and Eve's bases match, since the comparator following the APD will only click if the input optical power (1)), which shows that an atttack is possible for delays of 4.5-10 ns with an optimal and comfortable margin of at 7.5 ns.…”
Section: Linear Mode Avalanche Photodiodesmentioning
confidence: 99%
“…In practice, however, it does not, as most practical devices behave differently from the theoretical models assumed in the security proofs. As a result, we face implementation loopholes, or so-called side channels, which may be used by adversaries without being detected, as seen in recent attacks against certain commercial QKD systems [3][4][5][6][7][8][9][10][11] .…”
mentioning
confidence: 99%
“…Its feasibility has been promptly demonstrated both in laboratories and via field tests [24][25][26][27] . It successfully removes all (existing and yet to be discovered) detector side channels 3,5,6,[9][10][11] , which, arguably, is the most critical part of most QKD implementations. Importantly, in contrast to diQKD, this solution does not require that Alice and Bob perform a loophole-free Bell test; it is enough if they prove the presence of entanglement in a quantum state that is effectively distributed between them, just like in standard QKD schemes 28 .…”
mentioning
confidence: 99%
“…Unfortunately, practical implementations of QKD protocols have in many cases fallen short of their desired goal; due to rate ceilings, current QKD systems are used only to generate keys for use with standard cryptographic protocols. Additionally, in recent years both research and commercially developed QKD systems have been successfully hacked using side-channel information [6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21].In response to these limitations, there has been an effort to develop QKD protocols which are immune to the practical limitations of the devices in which they are implemented. These protocols are called deviceindependent QKD (diQKD) protocols and are based on violation of Bell and EPR-steering inequalities [22][23][24][25][26].…”
mentioning
confidence: 99%