Jian Wang,Xing-tong Liu

DOI: https://doi.org/10.1088/1572-9494/abeedc

2021-01-01

Communications in Theoretical Physics

Abstract:Trusted relays are the main state-of-the-art way to realize quantum key distribution networks. However, it is hard to require that all nodes in the network are fully trusted. In a multipath key-transmission mechanism, the nodes can be weakly trusted because the secret key can be split into many parts and each part is transmitted to the receiver through a different path. However, if the capacity of a node's quantum key pool is poorly designed, an attacker, Eve may eavesdrop on the communicating parties' secret message by initiating a redirection attack. In this paper, we show that Eve can trigger a cascading collapse effect by collapsing one of the edges in the network and forcing the communication parties to transmit the message through the nodes controlled by Eve. The influence of the traffic transfer ratio and the control parameters of the edge load on the breakdown probability of the edge are analyzed using a simulation. In order to effectively defend against the cascading attack, it is important for the designer to handle the relationship between the traffic and the capacity of the quantum key pool of each node in the network.

Peng-Yong Kong

DOI: https://doi.org/10.1109/jiot.2024.3349476

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Cyber-physical systems rely heavily on communication networks for remote monitoring and control. It is crucial to protect the communication networks from cyberattacks because an attack on the physical subsystem can be indirectly launched from a compromised cyber subsystem. Since remote control devices have limited computational power, we ensure communication confidentiality and integrity using one-time-pad (OTP) symmetric cryptography, which despite simple is unconditionally secure. To provide OTP with secret keys, we use quantum key distribution (QKD) across multiple hops, where each intermediate relay is a trusted node. These nodes can be weak points in cyberattacks. Hence, this paper focuses on routing in multi-hop QKD networks that reduces the required number of trusted nodes. We formulate and solve an optimization problem to find the set of QKD routes that minimizes the number of activated trusted nodes while satisfying the secret key rate requirements of multiple communicating pairs. Extensive evaluation results confirm that the proposed scheme can indeed has fewer activated trusted nodes as compared to a benchmark scheme that finds only the shortest paths for communicating pairs.

computer science, information systems,telecommunications,engineering, electrical & electronic

P. Gonzalez,L. Rebon,T. Ferreira da Silva,M. Figueroa,C. Saavedra,M. Curty,G. Lima,G. B. Xavier,W. A. T. Nogueira

DOI: https://doi.org/10.1103/PhysRevA.92.022337

2015-08-19

Abstract:Side-channel attacks currently constitute the main challenge for quantum key distribution (QKD) to bridge theory with practice. So far two main approaches have been introduced to address this problem, (full) device-independent QKD and measurement-device-independent QKD. Here we present a third solution that might exceed the performance and practicality of the previous two in circumventing detector side-channel attacks, which arguably is the most hazardous part of QKD implementations. Our proposal has, however, one main requirement: the legitimate users of the system need to ensure that their labs do not leak any unwanted information to the outside. The security in the low-loss regime is guaranteed, while in the high-loss regime we already prove its robustness against some eavesdropping strategies.

Quantum Physics

Yi Luo,Qiong Li,Haokun Mao,Nan Chen

DOI: https://doi.org/10.48550/arxiv.2302.07688

2023-01-01

Abstract:Quantum key distribution (QKD) networks are expected to enable information-theoretical secure (ITS) communication over a large-scale network. Most researches on relay-based QKD network assume that all relays or nodes are completely trustworthy. However, the malicious behavior of any single node can undermine security of QKD networks. Current research on Quantum Key Distribution (QKD) networks primarily addresses passive attacks, such as eavesdropping, conducted by malicious nodes. Although there are proposed solutions like majority voting and secret sharing for point-to-point QKD systems to counter active attacks, these strategies are not directly transferable to QKD network research due to different security requirements. We propose the a new paradigm for the security requirements of QKD networks and addresses the active attack by collaborate malicious nodes. Firstly, regarding security, we introduce the ITS distributed authentication scheme, which additionally offers two crucial security properties to QKD networks: identity unforgeability and non-repudiation. Secondly, concerning correctness, we propose an ITS fault-tolerant consensus scheme based on our ITS distributed authentication to ensure global consistency, enabling participating nodes to collaborate correctly in a more practical manner. Through our simulation, we have shown that our scheme exhibits a significantly lower growth trend in key consumption compared to the original pre-shared keys scheme. For instance, in larger networks such as when the nodes number is 80, our scheme's key consumption is only 13.1\% of the pre-shared keys scheme.

Adomas Baliuka,Markus Stöcker,Michael Auer,Peter Freiwang,Harald Weinfurter,Lukas Knips

DOI: https://doi.org/10.1103/PhysRevApplied.20.054040

2023-10-21

Abstract:Quantum key distribution (QKD) protocols are proven secure based on fundamental physical laws, however, the proofs consider a well-defined setting and encoding of the sent quantum signals only. Side channels, where the encoded quantum state is correlated with properties of other degrees of freedom of the quantum channel, allow an eavesdropper to obtain information unnoticeably as demonstrated in a number of hacking attacks on the quantum channel. Yet, also classical radiation emitted by the devices may be correlated, leaking information on the potential key, especially when combined with novel data analysis methods. We here demonstrate a side-channel attack using a deep convolutional neural network to analyze the recorded classical, radio-frequency electromagnetic emissions. Even at a distance of a few centimeters from the electronics of a QKD sender employing frequently used electronic components we are able to recover virtually all information about the secret key. Yet, as shown here, countermeasures can enable a significant reduction of both the emissions and the amount of secret key information leaked to the attacker. Our analysis methods are independent of the actual device and thus provide a starting point for assessing the presence of classical side channels in QKD devices.

Quantum Physics

Marcos Curty,Hoi-Kwong Lo

DOI: https://doi.org/10.1038/s41534-019-0131-5

IF: 10.758

2019-02-06

npj Quantum Information

Abstract:The existing paradigm for the security of quantum key distribution (QKD) suffers from two fundamental weaknesses. First, covert channels have emerged as an important threat and have attracted a lot of attention in security research in conventional information and communication systems. Covert channels (e.g. memory attacks) can fatally break the security of even device-independent quantum key distribution (DI-QKD), whenever QKD devices are re-used. Second, it is often implicitly assumed that the classical post-processing units of a QKD system are trusted. This is a rather strong assumption and is very hard to justify in practice. Here, we propose a new paradigm for the security of QKD that addresses these two fundamental problems. Specifically, we show that by using verifiable secret sharing and multiple optical devices and classical post-processing units, one could re-establish the security of QKD. Our techniques are rather general and they apply to both DI-QKD and non-DI-QKD.

physics, condensed matter, applied, atomic, molecular & chemical,quantum science & technology

Davide Li Calsi,Sumit Chaudhary,JinHyeock Choi,Marc Geitz,Janis Nötzel

2024-11-27

Abstract:Quantum Key Distribution (QKD) systems are infamously known for their high demand on hardware, their extremely low key generation rates and their lack of security resulting from a need for trusted nodes which is implied by the absence of quantum repeaters. While they theoretically offer unlimited security, they are therefore practically limited in several regards. In this work we focus on the lack of options to guarantee an end-to-end security service with the currently available technology and infrastructure and propose a novel protocol. We find that one of the stumbling stones on the path towards an end-to-end security service guaranteed by quantum key distribution may be removed by using this protocol. Our proposal combines several parallel instances of twinfield QKD followed by classical postprocessing and communication to allow Alice and Bob to share a secret key. This hybrid approach improves the key rate and range w.r.t. to previous QKD approaches at a contained cost in security. We show that a coalition of intermediary nodes between Alice and Bob is needed to break the new scheme, sharply outperforming the trusted node approach in terms of security. Furthermore, the protocols do not require complex quantum measurements on Alice and Bob's sides, thus being truly end-to-end.

Quantum Physics,Cryptography and Security

Yi Luo,Qiong Li,Hao-Kun Mao

2024-02-01

Abstract:Quantum key distribution (QKD) networks are expected to enable information-theoretical secure (ITS) communication over a large-scale network. Most researches on relay-based QKD network assume that all relays or nodes are completely trustworthy. However, the malicious behavior of any single node can undermine security of QKD networks. Current research on QKD networks primarily addresses passive attacks conducted by malicious nodes such as eavesdropping. We suggest a novel paradigm, inspired by distributed systems, to address the active attack by collaborate malicious nodes in QKD networks. Firstly, regarding security, we introduce the ITS distributed authentication scheme, which additionally offers two crucial security properties to QKD networks: identity unforgeability and non-repudiation. Secondly, concerning correctness, our ITS fault-tolerant consensus method, ensures ITS and global consistency with fixed classical broadcast rounds, contrasting with the exponentially message-intensive Byzantine agreement method. Through our simulation, we have shown that our scheme exhibits a significantly lower growth trend in authentication key consumption compared to the original end-to-end pre-shared keys scheme.

Quantum Physics

Bing Qi,Chi-Hang Fred Fung,Yi Zhao,Xiongfeng Ma,Kiyoshi Tamaki,Christine Chen,Hol-Kwong Lo

DOI: https://doi.org/10.1103/physreva.75.032314

2007-01-01

Abstract:Quantum key distribution (QKD) can, in principle, provide unconditional security based on the fundamental laws of physics. Unfortunately, a practical QKD system may contain overlooked imperfections and violate some of the assumptions in a security proof. Here, we report two types of eavesdropping attacks against a practical QKD system. The first one is "time-shift" attack, which is applicable to QKD systems with gated single photon detectors (SPDs). In this attack, the eavesdropper, Eve, exploits the time mismatch between the open windows of the two SPDs. She can acquire a significant amount of information on the final key by simply shifting the quantum signals forwards or backwards in time domain. Our experimental results in [9] with a commercial QKD system demonstrate that, under this attack, the original QKD system is breakable. This is the first experimental demonstration of a feasible attack against a commercial QKD system. This is a surprising result. The second one is "phase-remapping" attack [10]. Here, Eve exploits the fact that a practical phase modulator has a finite response time. In principle, Eve could change the encoded phase value by time-shifting the signal pulse relative to the reference pulse.

jingzheng huang,sebastien kunzjacques,paul jouguet,christian weedbrook,zhenqiang yin,shuang wang,wei chen,guangcan guo,zhengfu han

DOI: https://doi.org/10.1103/PhysRevA.89.032304

IF: 2.971

2014-01-01

Physical Review A

Abstract:Imperfect devices in commercial quantum key distribution systems open security loopholes that an eavesdropper may exploit. An example of one such imperfection is the wavelength-dependent coupling ratio of the fiber beam splitter. Utilizing this loophole, the eavesdropper can vary the transmittances of the fiber beam splitter at the receiver's side by inserting lights with wavelengths different from what is normally used. Here, we propose a wavelength attack on a practical continuous-variable quantum key distribution system using homodyne detection. By inserting light pulses at different wavelengths, this attack allows the eavesdropper to bias the shot-noise estimation even if it is done in real time. Based on experimental data, we discuss the feasibility of this attack and suggest a prevention scheme by improving the previously proposed countermeasures.

Hong-fu Chou,Thang X. Vu,Ilora Maity,Luis M. Garces-Socarras,Jorge L. Gonzalez-Rios,Juan Carlos Merlano-Duncan,Sean Longyu Ma,Symeon Chatzinotas,Bjorn Ottersten

2024-10-15

Abstract:Quantum key distribution (QKD) is a cryptographic technique that leverages principles of quantum mechanics to offer extremely high levels of data security during transmission. It is well acknowledged for its capacity to accomplish provable security. However, the existence of a gap between theoretical concepts and practical implementation has raised concerns about the trustworthiness of QKD networks. In order to mitigate this disparity, we propose the implementation of risk-aware machine learning techniques that present risk analysis for Trojan-horse attacks over the time-variant quantum channel. The trust condition presented in this study aims to evaluate the offline assessment of safety assurance by comparing the risk levels between the recommended safety borderline. This assessment is based on the risk analysis conducted. Furthermore, the proposed trustworthy QKD scenario demonstrates its numerical findings with the assistance of a state-of-the-art point-to-point QKD device, which operates over optical quantum channels spanning distances of 1m, 1km, and 30km. Based on the results from the experimental evaluation of a 30km optical connection, it can be concluded that the QKD device provided prior information to the proposed learner during the non-existence of Eve's attack. According to the optimal classifier, the defensive gate offered by our learner possesses the capability to identify any latent Eve attacks, hence effectively mitigating the risk of potential vulnerabilities. The Eve detection probability is provably bound for our trustworthy QKD scenario.

Quantum Physics

Wei Li,Víctor Zapatero,Hao Tan,Kejin Wei,Hao Min,Wei-Yue Liu,Xiao Jiang,Sheng-Kai Liao,Cheng-Zhi Peng,Marcos Curty,Feihu Xu,Jian-Wei Pan

DOI: https://doi.org/10.1103/physrevapplied.15.034081

IF: 4.6

2021-03-29

Physical Review Applied

Abstract:The fabrication of quantum key distribution (QKD) systems typically involves several parties, thus providing Eve with multiple opportunities to meddle with the devices. As a consequence, conventional hardware and/or software hacking attacks pose natural threats to the security of practical QKD. Fortunately, if the number of corrupted devices is limited, the security can be restored by using redundant apparatuses. Here, we report on the demonstration of a secure QKD setup with optical devices and classical postprocessing units possibly controlled by an eavesdropper. We implement a 1.25 GHz chip-based measurement-device-independent QKD system secure against malicious devices on both the measurement and the users’ sides. The secret key rate reaches 137 bps over a 24 dB channel loss. Our setup, benefiting from a high clock rate, miniaturized transmitters, and a cost-effective structure, provides a promising solution for widespread applications requiring uncompromising communication security.

physics, applied

Antonio Acín,Daniel Cavalcanti,Elsa Passaro,Stefano Pironio,Paul Skrzypczyk

DOI: https://doi.org/10.1103/PhysRevA.93.012319

2016-01-28

Abstract:In recent years, several hacking attacks have broken the security of quantum cryptography implementations by exploiting the presence of losses and the ability of the eavesdropper to tune detection efficiencies. We present a simple attack of this form that applies to any protocol in which the key is constructed from the results of untrusted measurements performed on particles coming from an insecure source or channel. Because of its generality, the attack applies to a large class of protocols, from standard prepare-and-measure to device-independent schemes. Our attack gives bounds on the critical detection efficiencies necessary for secure quantum distribution, which show that the implementation of most partly device independent solutions is, from the point of view of detection efficiency, almost as demanding as fully device-independent ones. We also show how our attack implies the existence of a form of bound randomness, namely non-local correlations in which a non-signalling eavesdropper can find out a posteriori the result of any implemented measurement.

Quantum Physics

Mina Doosti,Lucas Hanouz,Anne Marin,Elham Kashefi,Marc Kaplan

2023-04-04

Abstract:We show the security of multi-user key establishment on a single line of quantum communication. More precisely, we consider a quantum communication architecture where the qubit generation and measurement happen at the two ends of the line, whilst intermediate parties are limited to single-qubit unitary transforms. This network topology has been previously introduced to implement quantum-assisted secret-sharing protocols for classical data, as well as the key establishment, and secure computing. This architecture has numerous advantages. The intermediate nodes are only using simplified hardware, which makes them easier to implement. Moreover, key establishment between arbitrary pairs of parties in the network does not require key routing through intermediate nodes. This is in contrast with quantum key distribution (QKD) networks for which non-adjacent nodes need intermediate ones to route keys, thereby revealing these keys to intermediate parties and consuming previously established ones to secure the routing process. Our main result is to show the security of key establishment on quantum line networks. We show the security using the framework of abstract cryptography. This immediately makes the security composable, showing that the keys can be used for encryption or other tasks.

Quantum Physics,Cryptography and Security

Michal Krelina

2023-10-13

Abstract:Quantum communication, particularly quantum key distribution, is poised to play a pivotal role in our communication system in the near future. Consequently, it is imperative to not only assess the vulnerability of quantum communication to eavesdropping (one aspect of quantum hacking), but also to scrutinise the feasibility of executing a denial-of-service attack, specifically, stopping quantum communication from working. Focusing primarily on the free-space quantum channel, the investigation of possible denial-of-service attacks from a strategic perspective is performed. This encompasses the analysis of various scenarios, numerical modelling, risk estimation and attack classification. The out-of-FOV (field of view) attack emerges as a particularly severe threat across nearly all scenarios. This is accompanied by proposed counter-countermeasures and recommendations.

Quantum Physics

Adrian Harkness,Walter O. Krawec,Bing Wang

DOI: https://doi.org/10.1088/2058-9565/ad7882

IF: 6.568

2024-09-10

Quantum Science and Technology

Abstract:Quantum Key Distribution allows two parties to establish a secret key that is secure against computationally unbounded adversaries. To extend the distance between parties, quantum networks are vital. Typically, security in such scenarios assumes the absolute worst case: namely, an adversary has complete control over all repeaters and fiber links in a network and is able to replace them with perfect devices, thus allowing her to hide her attack within the expected natural noise. In a large-scale network, however, such a powerful attack may be infeasible. In this paper, we analyze the case where the adversary can only corrupt a subset of the repeater network connecting Alice and Bob, while some portion of the network near Alice and Bob may be considered safe from attack (though still noisy). We derive a rigorous finite key proof of security assuming this attack model, and show that improved performance and noise tolerances are possible. Our proof methods may be useful to other researchers investigating partially corrupted quantum networks, and our main result may be beneficial to future network operators.

physics, multidisciplinary,quantum science & technology

Xiao-Ling Pang,Ai-Lin Yang,Chao-Ni Zhang,Jian-Peng Dou,Hang Li,Jun Gao,Xian-Min Jin,and Xian-Min Jin

DOI: https://doi.org/10.1103/PhysRevApplied.13.034008

IF: 4.6

2020-03-04

Physical Review Applied

Abstract:Unconditionally secure communication, which has been pursued for thousands of years hasn't, however, yet been reached due to a continuous competition between encryption and hacking. Quantum key distribution (QKD), harnessing the quantum mechanical nature of superposition and noncloning, may promise ... [Phys. Rev. Applied 13, 034008] Published Tue Mar 03, 2020

physics, applied

Nitin Jain,Birgit Stiller,Imran Khan,Vadim Makarov,Christoph Marquardt,Gerd Leuchs

DOI: https://doi.org/10.1109/JSTQE.2014.2365585

2014-12-19

Abstract:An eavesdropper Eve may probe a quantum key distribution (QKD) system by sending a bright pulse from the quantum channel into the system and analyzing the back-reflected pulses. Such Trojan-horse attacks can breach the security of the QKD system if appropriate safeguards are not installed or if they can be fooled by Eve. We present a risk analysis of such attacks based on extensive spectral measurements, such as transmittance, reflectivity, and detection sensitivity of some critical components used in typical QKD systems. Our results indicate the existence of wavelength regimes where the attacker gains considerable advantage as compared to launching an attack at 1550 nm. We also propose countermeasures to reduce the risk of such attacks.

Quantum Physics

Quoc-Cuong Le,Patrick Bellot

DOI: https://doi.org/10.48550/arXiv.0803.3699

2008-03-26

Abstract:We investigate Quantum Key Distribution (QKD) relaying models. Firstly, we propose a novel quasi-trusted QKD relaying model. The quasi-trusted relays are defined as follows: (i) being honest enough to correctly follow a given multi-party finite-time communication protocol; (ii) however, being under the monitoring of eavesdroppers. We develop a simple 3-party quasi-trusted model, called Quantum Quasi-Trusted Bridge (QQTB) model, to show that we could securely extend up to two times the limited range of single-photon based QKD schemes. We also develop the Quantum Quasi-Trusted Relay (QQTR) model to show that we could securely distribute QKD keys over arbitrarily long distances. The QQTR model requires EPR pair sources, but does not use entanglement swapping and entanglement purification schemes. Secondly, we show that our quasi-trusted models could be improved to become untrusted models in which the security is not compromised even though attackers have full controls over some relaying nodes. We call our two improved models the Quantum Untrusted Bridge (QUB) and Quantum Untrusted Relay (QUR) ones. The QUB model works on single photons and allows securely extend up to two times the limited QKD range. The QUR model works on entangled photons but does not use entanglement swapping and entanglement purification operations. This model allows securely transmit shared keys over arbitrarily long distances without dramatically decreasing the key rate of the original QKD schemes.

Quantum Physics

Matt Young,Marco Lucamarini,Stefano Pirandola

2024-09-03

Abstract:Side-channel attacks allow an Eavesdropper to use insecurities in the practical implementation of QKD systems to gain an advantage that is not considered by security proofs that assume perfect implementations. In this work we specify a side-channel capability for Eve that has yet to be considered, before then going on to discuss a scheme to autonomously detect such an attack during an ongoing QKD session, and the limits as to how fast a detection can be made. The side-channel capability is very general and covers a wide variety of possible implementations for the attack itself. We present how Alice and Bob can put in place a countermeasure to continue use of the QKD system, once a detection is made, regardless of the ongoing side-channel attack. This prevents downtime of QKD systems, which in critical infrastructure could pose severe risks. We then extend Eves side-channel capability and present a modified attack strategy. This strengthened attack can be detected under certain conditions by our scheme, however intelligent choices of parameters from Eve allow her strengthened attack to go undetected. From this, we discuss the implications this has on Privacy Amplification, and therefore on the security of QKD as a whole. Finally, consideration is given as to how these types of attacks are analogous to certain types of faults in the QKD system, how our detection scheme can also detect these faults, and therefore how this adds autonomous fault detection and redundancy to implementations of QKD.

Quantum Physics,Cryptography and Security