How We Eavesdropped 100% Percent of a Quantum Crypto Key
-
Upload
dandoxparacom -
Category
Documents
-
view
220 -
download
0
Transcript of How We Eavesdropped 100% Percent of a Quantum Crypto Key
-
8/14/2019 How We Eavesdropped 100% Percent of a Quantum Crypto Key
1/36
Vadim Makarov, Qin Liu,
Ilja Gerhardt, Anta Lamas-Linares, Christian Kurtsiefer
How we eavesdropped
100% of a quantum cryptographic
key
Lecture atHacking at Random, August 14, 2009
Centre for
Quantum
Technologies, Singapore
-
8/14/2019 How We Eavesdropped 100% Percent of a Quantum Crypto Key
2/36
Outline
Introduction to quantum cryptography
The quantum cryptosystem at CQT
Problems with photon detectors
Attack on the real system
What was a photon? Perspectives
-
8/14/2019 How We Eavesdropped 100% Percent of a Quantum Crypto Key
3/36
ca. 1970
2004 First commercial offers (20~50 km fiber links)
Concept (money physically impossible
to counterfeit)
1984 First key distribution protocol (BB84)
1989 Proof-of-the-principle experiment
1993 Key transmission over fiber optic link
2007 200 km in fiber, 144 km free-space demonstrated
Quantum cryptography timeline
2009
A quantum cryptosystem fully hacked :)
-
8/14/2019 How We Eavesdropped 100% Percent of a Quantum Crypto Key
4/36
Encoder Decoder
Public (insecure)channel BobAlice
Key
Secure channel
MessageMessage
Encoded message
Secret key cryptography requires secure channel for keydistribution
Quantum cryptography distributes the key
by transmitting quantum states in an open channel
Key distribution
-
8/14/2019 How We Eavesdropped 100% Percent of a Quantum Crypto Key
5/36
Quantum key distribution
Retained bit sequence 1 1 0 0 1 0 0 1 0
Bobs measurement 1 0 0 1 0 0 1 1 0 0 0 1 0 0
Bobs detection basis
Alices bit sequence 1 0 1 1 0 0 1 1 0 0 1 1 1 0Light source
AliceBob
Diagonaldetector basis
Horizontal-
vertical detectorbasis
Diagonalpolarization filters
Horizontal-verticalpolarization filters
Image reprinted from article: W. Tittel, G. Ribordy, and N. Gisin, "Quantum cryptography," Physics World, March 1998
-
8/14/2019 How We Eavesdropped 100% Percent of a Quantum Crypto Key
6/36
id Quantique
(Switzerland)
MagiQ
Technologies
(USA)
SmartQuantum
(France)
Commercial offers (as of August 2009)
Picture6
VPN encryptor (AES)
+quantum key
generator
VPN &
quantum key
generator
VPN &
quantum key
generator
SALE
100,000(*maybe cheaper)
-
8/14/2019 How We Eavesdropped 100% Percent of a Quantum Crypto Key
7/36
How secure is quantum key distribution (QKD) practically?
Eve lost the battle against security proofsbut
she can exploit component imperfections
(e.g., saturation and blinding behavior of passively-quenched APDs)
To build the first complete
working eavesdropping
.experiment in the world!
Motivation for attack
-
8/14/2019 How We Eavesdropped 100% Percent of a Quantum Crypto Key
8/36
The system under attack
QKD system from CQT in Singapore
Basically all systems vulnerable
Entanglement based QKD
What is entanglement?
How can it be used for QKD?
What is Bells inequality?
-
8/14/2019 How We Eavesdropped 100% Percent of a Quantum Crypto Key
9/36
-
8/14/2019 How We Eavesdropped 100% Percent of a Quantum Crypto Key
10/36
Entanglement
Spooky action at a distance
Einstein, Podolsky and Rosen, 1935
John Bell, 1964: How to measure whats going on
-
8/14/2019 How We Eavesdropped 100% Percent of a Quantum Crypto Key
11/36
Bell state measurement
So u t p u t p o r t
1
o u t p u t p o r t2
o u t p u t p o r t1
o u t p u t p o r t2
-
8/14/2019 How We Eavesdropped 100% Percent of a Quantum Crypto Key
12/36
Entanglement-based QKD
No need for random numbers
Different photons, different colors?Dimensionality of Hilbert space needs to be known for
security, measuring Bells inequality
-
8/14/2019 How We Eavesdropped 100% Percent of a Quantum Crypto Key
13/36
Entanglement-based QKD
New J. Phys. 11, 045007 (2009)
E t l t b d QKD
-
8/14/2019 How We Eavesdropped 100% Percent of a Quantum Crypto Key
14/36
Entanglement-based QKD
Pair source:
Blue photon in, two red photons out
Strong temporally correlated Spectrally broader than dimmed lasers
50 cm25 cm
-
8/14/2019 How We Eavesdropped 100% Percent of a Quantum Crypto Key
15/36
D t t
-
8/14/2019 How We Eavesdropped 100% Percent of a Quantum Crypto Key
16/36
Detector response
Ideal and real detector response:
Light in [# of photons]
Detector should seelight, but is blind
Ideal detector
Real detector
csout
Pblind
-
8/14/2019 How We Eavesdropped 100% Percent of a Quantum Crypto Key
17/36
Control intensity diagrams
-
8/14/2019 How We Eavesdropped 100% Percent of a Quantum Crypto Key
18/36
Control intensity diagrams
No click
Single click
Pbackground
Pbackground
Popt
Popt
threshold
Faked state
Pbackground Pblind
Intercept resend (faked state) attack
-
8/14/2019 How We Eavesdropped 100% Percent of a Quantum Crypto Key
19/36
Intercept-resend (faked-state) attack
Eve forces her detection result onto Bob by sending
- Background light to keep all detectors blinded (circular polarization)- Faked-state above intensity threshold to make target detectorclick
(linear polarization)
In conjugate basis, faked-state is split in half, below threshold (no click)
2I0
I0
I0/2
I0/2
0
arXiv:0809.3408
Normal QKD
QKD under attack
-
8/14/2019 How We Eavesdropped 100% Percent of a Quantum Crypto Key
20/36
Normal QKDQKD under attack
Eavesdropping on installed QKD line
-
8/14/2019 How We Eavesdropped 100% Percent of a Quantum Crypto Key
21/36
S12
Eavesdropping on installed QKD lineon campus of the National University of Singapore
290 m of fiber
AliceBob
Eve
S15
S14
S13
Satellite image Google
Eve installed and running
-
8/14/2019 How We Eavesdropped 100% Percent of a Quantum Crypto Key
22/36
Eve, installed and running
+recording all classicalcommunication AliceBob
(Wireshark)
Does Eve really have 100% key information?
-
8/14/2019 How We Eavesdropped 100% Percent of a Quantum Crypto Key
23/36
Does Eve really have 100% key information?
Clicks in Bob:
Clicks in Eve:Clicks in Eve and Bob:
Eve forcing a click in Bob: 97% probability
Eve has 100% information of the wiretappedline, because Bob has to reveal which clicks
were received
Good correlationMore clicks in Eve
doesnt matter
What about a workaround?
-
8/14/2019 How We Eavesdropped 100% Percent of a Quantum Crypto Key
24/36
What about a workaround ?
Sure... there will be a workaround
BUT:
No universal security measure, like a quantum state!
Generating arbitrary quantum states
-
8/14/2019 How We Eavesdropped 100% Percent of a Quantum Crypto Key
25/36
Generating arbitrary quantum states
Eve is able to fake an EPR source
Also interesting for other experiments
The laws of physics:
Quantum correlations:
No eavesdropper??
Applicable to schemes which expect single photons
Questions and perspectives:
-
8/14/2019 How We Eavesdropped 100% Percent of a Quantum Crypto Key
26/36
Questions and perspectives:
What is a photon?
A photon is a single click on a detector
(Anton Zeilinger)
well....
You cannot delegate security!
Dont trust security in a black box, even if its
expensive or called quantum
Our attack
-
8/14/2019 How We Eavesdropped 100% Percent of a Quantum Crypto Key
27/36
Our attack
First experimental implementation
Eve has 100% key information
Demonstrated eavesdropping underrealistic conditions (290m fiber run via
4 buildings)
-
8/14/2019 How We Eavesdropped 100% Percent of a Quantum Crypto Key
28/36
Thank you.www.iet.ntnu.no/groups/optics/qcr
www.quantumlah.org
-
8/14/2019 How We Eavesdropped 100% Percent of a Quantum Crypto Key
29/36
More technical details about the attack
that we didnt have time to show in the talk
Eve can exploit blinding of APDunder bright illumination...
-
8/14/2019 How We Eavesdropped 100% Percent of a Quantum Crypto Key
30/36
p g g
and make a single photon detector work as a classical detector!
PblindAbove Pblind, detector totally blind to
single photons, dark counts, afterpulses
EG&G SPCM-200-PQ
Entire Bob
with fourAPDs (NUS)
Do-it-yourself(MSU)
New J. Phys. 11, 065003 (2009)
Bob control efficiency
-
8/14/2019 How We Eavesdropped 100% Percent of a Quantum Crypto Key
31/36
y
Improved control intensity diagram
-
8/14/2019 How We Eavesdropped 100% Percent of a Quantum Crypto Key
32/36
100%
100%
100%
100%
0 %
0 %
Final Eves scheme
-
8/14/2019 How We Eavesdropped 100% Percent of a Quantum Crypto Key
33/36
Timing performance
-
8/14/2019 How We Eavesdropped 100% Percent of a Quantum Crypto Key
34/36
After Eve inserted
-507 -506 -505 -504
Channel No.(Alice - Bob )
1-11-21-31-4
2-12-22-32-4
3-1
3-23-33-4
4-14-24-34-4
Delay between Alice and Bob (ns)
-295 -294 -293 -292
Delay between Alice and Bob (ns)
-507 -506 -505 -504
Channel No.(Alice - Bob )
1-11-2
1-31-4
2-12-2
2-32-4
3-1
3-23-33-4
4-14-24-34-4
Delay between Alice and Bob (ns)
Normal QKD without Eve After Eves delay stages adjusted
Compare the average FWHM of 16 combinations:
FWHMavg.= 761 ps FWHMavg.= 779 ps
After Eve inserted, the FWHMs is practically unchanged
Attack also works via free-space link
-
8/14/2019 How We Eavesdropped 100% Percent of a Quantum Crypto Key
35/36
Eves faked state generatorInstruments assessing performance of th
Collimator
Bob
-
8/14/2019 How We Eavesdropped 100% Percent of a Quantum Crypto Key
36/36