ebook img

Testing random-detector-efficiency countermeasure in a commercial system reveals a breakable unrealistic assumption PDF

1.5 MB·
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Testing random-detector-efficiency countermeasure in a commercial system reveals a breakable unrealistic assumption

Testing random-detector-efficiency countermeasure in a commercial system reveals a breakable unrealistic assumption Anqi Huang,1,2,∗ Shihan Sajeed,1,2 Poompong Chaiwongkhot,1,3 Mathilde Soucarros,4 Matthieu Legr´e,4 and Vadim Makarov1,3,2 1Institute for Quantum Computing, University of Waterloo, Waterloo, ON, N2L 3G1 Canada 2Department of Electrical and Computer Engineering, University of Waterloo, Waterloo, ON, N2L 3G1 Canada 3Department of Physics and Astronomy, University of Waterloo, Waterloo, ON, N2L 3G1 Canada 4ID Quantique SA, Chemin de la Marbrerie 3, 1227 Carouge, Geneva, Switzerland Inthelastdecade,effortshavebeenmadetoreconciletheoreticalsecuritywithrealisticimperfect implementationsofquantumkeydistribution(QKD).Implementablecountermeasuresareproposed topatchthediscoveredloopholes. However,certaincountermeasuresarenotasrobustaswouldbe expected. Inthispaper,wepresentaconcreteexampleofIDQuantique’srandom-detector-efficiency 6 countermeasure against detector blinding attacks. As a third-party tester, we have found that the 1 firstindustrialimplementationofthiscountermeasureiseffectiveagainsttheoriginalblindingattack, 0 but not immune to a modified blinding attack. Then, we implement and test a later full version of 2 this countermeasure containing a security proof [C. C. W. Lim et al., IEEE J. Sel. Top. Quantum t Electron.21,6601305(2015)]. Wefindthatitisstillvulnerableagainstthemodifiedblindingattack, c because an assumption about hardware characteristics on which the proof relies fails in practice. O 8 1 I. INTRODUCTION forcetheeffectivedetectionefficiencytozeroduringthose slots [33]. The idea is that when an eavesdropper is per- ] Currently, applied cryptography systems rely on the formingtheblindingattack,shewillproduceclickduring h p hardness of certain mathematical assumptions, which these removed gates and thus get caught. This counter- - only provides computational security [1, 2]. Once an measure has been implemented in a commercial system nt eavesdropper has enough computing power, such as a Clavis2bytwoauthorsofthispaperworkingatIDQuan- a quantumcomputer,thesecurityoftheseclassicalencryp- tique (M.S. and M.L.), then provided as-is in a form of u tion algorithms will be broken [3, 4]. However, quantum firmware update to the remaining four authors from the q key distribution (QKD) allows two parties, Alice and University of Waterloo who played the role of a third- [ Bob, to share a secret key based on the laws of quan- party testing team. The authors from ID Quantique did 3 tum mechanics [5–8]. Because of no-cloning theorem [9], notparticipateinthetest,howeverresultsofthetestpro- v an eavesdropper with arbitrary computing power can- duced by the testing team were discussed by all authors 3 not copy the information sent by Alice without leaving and agreed upon. 9 9 anytrace,whichguaranteestheunconditionalsecurityof The experimental results produced by the testing 0 communication [10–15]. team show that although this countermeasure is effec- 0 Forthisgraduallymaturingtechnology,practicalQKD tive against the original detector blinding attack [26], . systems have been realised in laboratories [16–19] and it is no longer effective if the eavesdropper modifies her 1 0 several companies have provided commercial QKD sys- attack slightly. We note here that this countermeasure 6 temstogeneralcustomers[20]. However,imperfectcom- implemented by ID Quantique is the simplest possible 1 ponents used in the implementations lead to security is- versionoftheoriginalcountermeasureproposal[33], and : sues that have attracted an increasing attention in the has already been criticised as unreliable in a later the- v i last decade [21–30]. Since increasing number of quan- oretical work [34]. Hence, the testing team has gone X tum attacks have been demonstrated, academic commu- further ahead and manually implemented a full version r nityisalreadyawareofthesecuritythreatfrompractical of the countermeasure using two non-zero detection effi- a loopholes. Therefore, the next step is to come up with ciency levels [33, 34], and tested it. Our testing shows loophole-freecountermeasures. Importantly,thesecurity that even the full countermeasure is vulnerable to the of these countermeasures should be verified. modifiedblindingattack. Specifically, weexperimentally In this paper, an example of testing the security of disprove an assumption that Bob’s detection probabil- an implemented countermeasure is given. We examine ity under blinding attack cannot be proportional to his IDQuantique’sattemptedcountermeasuretoearlierdis- single-photon detection efficiency, on which the theoreti- covered bright-light detector control attacks [26, 31, 32] cal analysis in Ref. 34 relies. that were demonstrated 6 years ago on ID Quantique’s Thepaperisorganizedasfollows. SectionIIreviewsa and MagiQ Technologies’ QKD products. The counter- hacking-and-patchingtimelineofIDQuantique’sClavis2 measure is to randomly remove some detector gates to QKDsystemandintroducesthecountermeasure. InSec- tion III, testing results of ID Quantique’s first counter- measure implementation are reported and our modified ∗ [email protected] blinding attack is introduced. Section IV theoretically 2 analysesconditionsofasuccessfulattackandshowsthat 2004-11-10 First commercial Clavis1 system is shipped to a customer the modified blinding attack satisfies them. Moreover, in Section V, based on certain assumptions about a fu- ture implementation of the full countermeasure [34], we demonstrate two possible methods to hack this full ver- sion implementation. We discuss the practicality of our attacks against installed commercial QKD lines in Sec- tion VI and conclude in Section VII. II. FROM LOOPHOLE DISCOVERY TO COUNTERMEASURE IMPLEMENTATION 2009-10-22 Original report about blinding attack sent to IDQ In2009, thevulnerabilityofthecommercialQKDsys- IDQ applies for a patent on the randomization tem Clavis2 [35] to detector blinding attacks was identi- 2010-10-08 of detector efficiency as a countermeasure fiedandaconfidentialreportwassubmittedtoIDQuan- tique (the work was published shortly afterwards [26]). After this, ID Quantique has been trying to figure out an experimental countermeasure against these attacks. The timeline of this security problem is shown in Fig. 1. In 2010, ID Quantique proposed a countermeasure that randomizes the efficiency of a gated avalanche photodi- ode (APD) by randomly choosing one out of two differ- Lim et al. upload a preprint about full implementation of countermeasure to arXiv:1408.6398 ent gate voltages, and filed this idea for a patent [33]. 2014-08-27 Simplified implementation of countermeasure delivered In this way, an eavesdropper Eve does not know the ex- 2014-11-18 by IDQ to our lab (firmware update for Clavis2) act efficiency of Bob in every gated slot and thus cannot 2015-04-17 Testing report sent to IDQ proposing a modified attack maintain his detection statistics. At the sifting phase, that works 2015-12-21 if the observed detection rates differ from the expected Testing report sent to IDQ showing full implementation of countermeasure to be unreliable values, Alice and Bob would be aware of Eve’s presence and discard their raw keys. In 2014, Lim et al. proposed a specific protocol to FIG. 1. Timeline of hacking-countermeasure-hacking for the realize this countermeasure [34], which analyses the se- bright-light detector control class of attacks. curity mathematically for blinding attacks that obey a certain assumption on their behavior. In the proto- col, Bob randomly applies two non-zero detection ef- magnetic interference may extremely infrequently lead ficiencies η > η > 0, and measures detection rates to a click without a gate. Therefore, an alarm counter 1 2 R and R conditioned on these efficiencies. The effect is used with the system lifetime limit of 15 clicks in the 1 2 of detector blinding attack is accounted via the factor absenceofthegate. Ifthislimitisreached,ittriggersthe (η R −η R )/(η −η ). Without the blinding attack, firmwaretobrickthesystemandrequirefactorymainte- 1 2 2 1 1 2 the detection rate is proportional to the efficiency, mak- nance. Thisimplementationassumesthatunderblinding ing this factor zero. The analysis makes a crucial as- attack [26], click probability should not depend on the sumption that the detection rate under blinding attack gate voltage and the attack should therefore cause clicks R = R , i.e., it will be independent of Bob’s choice of at the slots of gate absence. 1 2 η . Then, under attack the factor will be greater than 1,2 zero, and reduces the secure key rate. This solution in- tends to introduce an information gap between Eve and III. TESTING THE COUNTERMEASURE Bob, for Eve has no information about Bob’s random efficiency choice. In this section, we demonstrate that the countermea- Laterin2014,IDQuantiqueimplementedthecounter- sure presently implemented by ID Quantique is effective measure as a firmware patch. The hardware in Clavis2 against the original blinding attack [26], but not suffi- is not capable of generating two nonzero efficiency levels cient against the general class of attacks attempting to that switch randomly between adjacent detector gates. take control of Bob’s single-photon detectors. As a result, implementation is in a simple form by sup- Let us briefly remind the reader how Clavis2 and the pressing gates randomly with 2% probability. The sup- original blinding attack against it work. Clavis2 is a pressed gates represent zero efficiency η = 0, while the bidirectional phase-encoding QKD system [35, 36]. Af- 2 rest of the gates represent calibrated efficiency η = η. ter Bob sends multi-photon bright pulses to Alice, Al- 1 Ideally, in the updated system, there should be no click ice randomly modulates one of the four BB84 phase in the absence of the gate. In practice, transient electro- states [5], attenuates the pulses and sends them back to 3 Minimum energy level for e g 3 100 100% click probability in gate presence oltaV) Gate, D0 e v( No gate, D0 at Gate, D1 G 0 10−1 No gate, D1 D 1 Click probability1100−−32 al power at APP (mW)opt000...468 ptic 0.2 O 0 10−4 0 1 2 3 4 5 6 Time (ns) 0 FIG. 3. Idealized APD gate signal and real oscillogram of 660 680 700 720 740 760 780 800 optical trigger pulse. Relative time between the gate voltage Trigger pulse energy (fJ) transitions and the optical pulse is approximate. The c.w. FIG. 2. Click probability under original blinding attack [26] signalisgeneratedbya1536nmlaserdiode;thetriggerpulse versus energy of trigger pulse. The blinding power is signal is obtained by modulating pump current of a separate 1.08 mW, as the same as the power used in the published 1551 nm laser diode, using an electrical pulse generator [26]. originalattack[26]. Thetimingoftriggerpulseis0.7nslong, 3 ns after the centre of the gate signal, which should roughly reproduce the original attack [26]. alsomighttriggeraclickwithnon-zeroprobabilitywhen the gate is suppressed, which is monitored and results in an alarm. Therefore, Eve cannot hack the system with Bob. Bobrandomlychoosesoneoutoftwomeasurement full controllability. To avoid clicks in slots of gate sup- bases. Interference happens between pulses from longer pression,Evecouldintheorydecreasetheleveloftrigger andshorterpathsofaninterferometeratBob’sside,and pulse energy to trigger a click sometimes with gate pres- the outcomes of interference depend on the phase differ- ence, but never with gate absence. This also satisfies a ence between Alice’s and Bob’s modulation [37]. How- necessary condition of a successful attack which we will ever, Eve is able to control the outcomes by the follow- discuss in Section IV later. Unfortunately, in practice, ing strategy. She shines bright light to blind the detec- our testing result shows the amount of trigger pulse en- tors, and then intercepts Alice’s states [26]. According ergy required to trigger D0 without the gate is about toEve’sinterceptionresults,shere-sendsfakedstatesby 710 fJ, which is only 1.5% less than the amount of en- multi-photon pulses to Bob’s blinded detectors. If Bob ergyfor100%click(720fJ)whenthegateispresent. The chooses the same measurement basis as Eve’s, the pulses 1.5%differenceofthesetwoenergylevelsislikelynotbig interfereatBob’sinterferometer,sothatallpowerofthe enoughtoachieveareliableattackoperationthatavoids pulse goes to one detector to trigger a click. If the mea- triggeringthecountermeasure. Also,D1willalwaystrig- surement bases chosen by Bob and Eve are mismatched, gerattheseenergylevels,revealingtheattack. Evecould thereisnointerference,andthepowerofthepulseissplit target D1 using a slightly lower energy level, but the rel- equally between Bob’s two detectors. In this case, nei- ative precision required is similar there. Routine fluctu- ther detector clicks. In this attack, Eve can fully control ations of temperature and other equipment parameters Bob’sdetectorsandobtainthewholekeytracelessly[26]. mayleadtosomeinstabilityofthesetriggerpulseenergy Fortheoriginalblindingattack,Evesendsbright-light levels,causingariskforEvetotriggerafewclicksinthe continuous-wave (c.w.) laser light to blind Bob’s detec- gate absence and brick the system being attacked. From tors. Thenatriggerpulseissentslightlyafterthegateto this point of view, we think this first implementation of makeaclick. WerepeatthisattackforimprovedClavis2 countermeasure is effective against the original blinding system and test the amount of energy to trigger a click attack. which is shown in Fig. 2. From Fig. 2, we can see the Wecanslightlymodifyourblindingattacktobreakthe trigger pulse energy for gate presence (solid curves) is securityofthiscountermeasure. Similarlytotheoriginal lowerthanthatforgateabsence(dashedcurves),because blinding attack, Bob’s detectors are blinded by a bright- minute electrical fluctuations of APD voltage following light laser first. Then, instead of sending a trigger pulse the gate signal lower the click threshold slightly. slightly after the gate as in the original attacks [26], we However,ifEvetriestotriggeraclickwith100%prob- send a 0.7 ns long trigger pulse on top of the c.w. illu- ability when the gate is applied, this amount of trigger mination during the detector gate, as shown in Fig. 3. pulse energy (marked by a dotted vertical line in Fig. 2) This trigger pulse produces a click in one of Bob’s two 4 0.16 (a) (b) (c) (d) (e) (f) 0.14 0.12 0.1 0.08 V) Vth ( p,0 0.06 m o Vc 0.04 0.02 0 −0.02 −0.04 0 5 10 15 20 Time(ns) FIG. 4. Oscillograms at comparator input in the detector circuit, proportional to APD current. (a) Geiger mode. The small positive and negative pulses are due to gate signal leakage through the APD capacitance of ∼1 pF. (b) Geiger mode, single- photonavalanche. (c–f)Thedetectorisblindedwith0.56mW c.w.illumination,with(c)notriggerpulseapplied,(d)0.32pJ trigger pulse applied 5 ns after the gate, (e) 0.32 pJ trigger pulse applied in the gate, and (f) 0.16 pJ trigger pulse applied in the gate. detectorsonlyifBobappliesthegateandhisbasischoice APD depends on the voltage across it, the 3 V gate ap- matches that of Eve; otherwise there is no click. plied to the APD increases the gain factor. This larger To explain why this modified attack succeeds, let us gainduringthegatedtimeassiststheAPDingenerating remind the reader the normal operation of an avalanche a larger photocurrent than the photocurrent outside the photodiode (APD). The detectors in Clavis2 are gated gate. Thereforethegatesignalcausesapositivepulseas APDs. When the gate signal is applied, the voltage shown in Fig. 4(c). The trigger pulse applied after the acrosstheAPDV isgreaterthanitsbreakdownvolt- gate produces a second pulse, but the peak voltages of APD age V . If a single photon comes during the gated time, neither pulses exceed V [Fig. 4(d)]. However, when the br th an avalanche happens and causes a large current. This trigger pulse is shifted inside the gate, the two pulse am- current is converted into a voltage by the detector elec- plitudes add up, reach V and produce a detector click th troniccircuit. Ifthepeakvoltageislargerthanathresh- [Fig. 4(e)]. If Bob chooses a different measurement basis old V = 70 mV, the detector registers a photon detec- than Eve, only half of the trigger pulse energy arrives at th tion (a ‘click’). Fig. 4(a) and (b) show the cases of no each detector [26]. In this case, the peak voltage does photon coming and a photon introducing an avalanche. not reach V [Fig. 4(f)]. Overall, only when the trigger th Appendix A explains more details of the detector opera- pulse is applied during the gate time and Bob chooses tion principle and the blinding attack. the same basis as Eve, the detector under the blinding A bright laser is able to blind the APDs. Under c.w. attack clicks. As a result, Eve can control Bob’s detec- illumination, the APD produces constant photocurrent torstomakeBobobtainthesamemeasurementresultas that overloads the high-voltage supply and lowers V . her, and does not introduce extra errors [26]. APD Then, even when the gate signal is applied, V does Contrary to most of previously demonstrated attacks APD not exceed V and the APD remains in the linear mode attemptingtotakecontrolofsingle-photondetectors[26, br as a classical photodetector that is no longer sensitive 28, 31], in the present demonstration the timing of the to single photons. This means the detectors become triggerpulsehastobealignedwiththegate. Besidestim- blinded. ing alignment, another important factor of the attack is Under the blinding attack, Fig. 4(c–e) shows the de- the trigger pulse energy E. To test the effect of different tector voltages in different cases: when no trigger pulse triggerpulseenergy,wegraduallyincreaseitandobserve is applied and when the trigger pulse is applied either the detection outcomes. Figure 5 shows schematically in after or in the gate. Since in the linear mode the gain which order clicks appear in Clavis2 as E is increased. factor of secondary electron-hole pairs generation in the We observe three thresholds. 5 Gate signal: 0.6 Egate +3 V never, 0 (gate Egate removed) 0.5 Eannleowv gaeayr,ts e0, 0 0 Egate t never, 1 Optical power at detector Popt: y (pJ) 0.4 EEagnnleoawv tgeaeayr,ts e,1 1 g er n e >Pblind ulse 0.3 p 0 t ger g Tri0.2 Detector output: low A 0.1 gate Enever,i 0 0.1 0.15 0.2 0.25 0.3 0.35 0.4 0.45 0.5 0.55 0.6 B Blinding power (mW) gate FIG.6. Energythresholdsoftriggerpulseversusc.w.blinding Ealways,i power. Shadedareashowstherangeoftriggerpulseenergies C of the perfect attack. no gate Enever,i leads to a larger photocurrent and lower V . The de- D APD creased V leads to smaller gain and thus lower sen- APD sitivity to the trigger pulse. (Appendix B contains a more detailed investigation of the processes inside the E detector.) As can be seen, for any given blinding power, Enogate is much higher than the other click thresholds. never,i high Thiseasilyallowstheoriginaldetectorcontrolattack[26] Trigger pulse to proceed undetected by the countermeasure. A more energy E formal analysis will be stated in the next section. FIG.5. OutputofablindeddetectorinClavis2undercontrol of trigger pulses of different energy. The top graph shows a IV. CONDITIONS OF A SUCCESSFUL ATTACK gate applied at the first slot, but suppressed at the second slot. However, an optical trigger pulse is sent to the detec- tor in both slots. Graphs A–E show detector output versus Experimentalresultoftheprevioussectionshowsthat trigger pulse energy E. In graph A, the energy is insufficient the attack of Ref. 26 is possible in Clavis2. However, to produce a click. As the energy is increased above Egate , generalconditionsforasuccessfulattackshouldbeanal- never,i clicks intermittently appear in the presence of the gate, as ysedtheoretically. Inthissection,wefirstconsiderstrong shown in graph B. At the energy level above Egate , the conditions for a perfect attack, in which Eve induces a always,i gate always has a click, as shown in graph C. However, there click in Bob with 100% probability if their bases match is never a click when there is no gate. At a higher energy and the gate is applied, and 0% probability otherwise. level above Enogate, clicks in the gate absence appear inter- never,i These conditions are definitely sufficient for a successful mittently (graph D) or always (graph E). attack [26]. However, as we remark later in this section, evenifthesestrongconditionsarenotsatisfied,anattack • If E ≤ Egate (where i ∈ {0,1} is detector num- may still be possible. never,i Strong conditions. If the detection outcome varies ber), the detector never clicks when the gate is ap- as Fig. 5 with the increase of trigger pulse energy, the plied. order of the three thresholds is: • If E ≥ Eaglawteays,i, the detector always clicks when Enogate >Egate >Egate . (1) the gate is applied. never,i always,i never,i If Eve and Bob select opposite bases, half of the en- • If E ≤Enogate, the detector never clicks when the never,i ergy of trigger pulse goes to each Bob’s detector. In this gate is suppressed. case, none of the detectors should click despite the gate presence. This is achieved if [26] Figure6showsthesedetectionthresholdsmeasuredfor a range of c.w. blinding powers. All the thresholds rise 1max(cid:110)Egate (cid:111)<(cid:16)min(cid:8)Egate (cid:9)(cid:17). (2) with the blinding power, because higher blinding power 2 i always,i i never,i 6 The random gate suppression imposes additional condi- E4 E3 E2 E1 tions. Incaseofbasismismatch, halfofthetriggerpulse 1 V = 54.86 V bias, 0 energy is arriving at each detector. It should induce a 0.9 V = 55.26 V bias, 0 click in neither detector when the gate signal is absent. V = 54.30 V 0.8 bias, 1 For the target detector i, there is no click once Eq. (1) is Vbias, 1= 54.70 V satisfied. Fortheotherdetectori⊕1, noclickisachieved 0.7 y when half of the trigger pulse energy is still lower than bilit0.6 the detection threshold in the no-gate case. That is, a b o 21Eaglawteays,i <Enneovgeart,ie⊕1. (3) Click pr00..45 Ifthebasesmatch,weneedtomakesurethereisnoclick 0.3 whenthegateissuppressed,butalwaysaclickintheex- 0.2 pected detector in the gate presence. This is achieved if Egate <Enogate,whichisalreadyincludedininequal- 0.1 always,i never,i ity (1). Although inequality (3) has a physical meaning, 0 120 130 140 150 160 170 180 190 200 210 220 it mathematically follows from inequalities (1) and (2). Trigger pulse energy (fJ) Thus satisfying inequalities (1) and (2) represents the FIG. 7. Click probabilities under blinding attack versus en- strongattackconditionsandguaranteesthesameperfor- ergy of trigger pulse. Solid curves show the energy of trigger mance as in Ref. 26. The shaded area in Fig. 6 indicates pulse for original V , while dashed curves for reduced V a range of the trigger pulse energies Eve can apply for bias bias lowering photon detection efficiency by about a factor of 2. the perfect attack. The range is sufficiently wide to al- The blinding power is 0.38 mW and the timing of trigger low for a robust implementation, only requiring Eve to pulse is aligned in the middle of the gate by minimizing its set correct energy with about ±15% precision. energy required to make a click. Necessary condition. An attack may still be pos- sible even if Eve’s trigger pulse does not always cause a click in Bob when their bases match, and/or sometimes BobcouldchooserandomlybetweenP/2andP detec- causes a click when their bases do not match [38]. The tion efficiency by changing either gate voltage amplitude latter introduces some additional QBER but as long as V or high-voltage supply V [34]. Since in Clavis2 gate bias it’s below the protocol abort threshold, Alice and Bob hardware V is fixed (see Appendix A), we assume an gate may still produce key. The random gate removal coun- engineer will change V to achieve different non-zero bias termeasure imposes the condition detection efficiencies. To achieve half of original detec- tion efficiency, we lower V manually. When V of Enogate >Egate , (4) bias bias,0 never,i never,i D0 drops from −55.26 V to −54.86 V, the detection ef- which means Eve should be able to at least sometimes ficiency P0 reduces from 22.6% to 12.8%. Similarly, we causeaclickinthegatewhilenevercausingaclickwith- decrease Vbias,1 of D1 from −54.70 V to −54.40 V, lead- outthegate(lestthealarmcounterisincreased). Thisis ing to the detection efficiency P1 reduction from 18.9% anecessaryconditionforanattack. Asthepresentpaper to9.7%. Afterthat,wetestEve’scontrollabilityofthese details,therearestrongengineeringreasonswhythiscon- two detectors. dition is likely to be satisfied in a detector. Additional First, we blind the detectors and then measure the re- conditions will depend on exact system characteristics lationbetweentheenergyoftriggerpulseandprobability [38]. to cause a click. The position of trigger pulse is fixed in the middle of gate signal. Figure 7 shows the testing re- sult which indicates there is a transition range between V. WILL A FULL IMPLEMENTATION OF THE 0% and 100% click probability. COUNTERMEASURE BE ROBUST? From the measurement result, Eve can randomly se- lectdifferentlevelsoftriggerpulseenergy(shownasdot- Wehaveprovedsofarthatthecurrentcountermeasure ted lines in Fig. 7) to attack the full version of coun- with gate suppression cannot defeat the detector blind- termeasure. As we know, only when Bob chooses the ing attack. However, the paper of Lim et al. [34] claims same measurement basis as Eve, all the energy of trigger thatthefullversionofcountermeasurewithtwonon-zero pulse arrives targeted detector and achieves a click. For detection efficiencies is effective against a large class of target D0, if trigger pulse energy E is chosen, D0 al- 1 detector side-channel attacks including the blinding at- waysclicks,whileatE ,thedetectoronlyclicksifhigher 2 tack [26]. Even though this full countermeasure has not V is applied. When E and E are chosen randomly bias 1 2 beenimplementedbyIDQuantique,wehavetestedsome with the same probability P /2, the detection probabil- 0 properties of the detectors in Clavis2 to show two pos- ity for higher V is P and the detection probability bias 0 sible methods to hack the full countermeasure, based on for lower V is only P /2. Therefore, the attack re- bias 0 certain assumptions about a future implementation. produces correct detection probabilities as the protocol 7 an example. According to the result in Fig. 7, it is rea- T2 T1 T4 T3 1 sonable to extrapolate that we can find n distinct levels 0.9 VVbias, 0== 5545..8266 VV of trigger pulse energy E1 > E2 > E3 > ... > En in this bias, 0 situation. Then Eve can apply E (k = 1,...,n) with V = 54.30 V k 0.8 Vbias, 1= 54.70 V probability q to satisfy η = (cid:80)k q . This would re- bias, 1 k k i=1 i 0.7 produceeveryexpectedvalueofη andhackthesystem. k y bilit0.6 We have so far assumed that applying energy level Ek a causes zero click probability for decoy levels up to η , b k−1 pro0.5 and 100% click probability for ηk and above. However Click 0.4 tehniesrgisynEot,athneeccelsicskaryprcoobnadbiitliiotyn.foMroerffiecgieennceyrallelyv,elunηdeisr k i 0.3 βEk. To reproduce the expected efficiencies, we need to ηi 0.2 satisfy the following set of equations: 0.1 q βE1 +q βE2 +...+q βEn =η 1 η1 2 η1 n η1 1 -0 1.0 - 0.8 - 0.6 - 0.4 - 0T.2ime s0.h0ift (ns0).2 0.4 0.6 0.8 1.0 q1βηE21 +q2βηE22 +...+qnβηE2n =η2 ...... FIG.8. Clickprobabilitiesunderblindingattackversusrela- q βE1 +q βE2 +...+q βEn =η . (5) tivetimeshiftoftriggerpulse. Solidcurvesgivethedetection 1 ηn 2 ηn n ηn n probability at the original V , and dashed curves give the bias We might solve these equations to get values 0≤q <1. detection probability at lower V . Note that the latter ex- k bias A worse case would be if Eve cannot find values of all tends over a relatively narrower time window. The blinding q , which means she may only have a partial control of power is 0.38 mW. The energy of trigger pulse for D0 is k Bob’s η . However, it still breaks the assumption in the 0.22pJandforD1is0.19pJ. Theseenergylevelsaremarked k as red × in Fig. 6. securityproof[34]thatEvecannotformfakedstateswith click probability conditional on Bob’s randomly chosen efficiency. For quantitative analysis, an updated security requires. Similarly, for target D1, Eve can choose E to proof would be needed first. 3 trigger click always and choose E to get a click only if Fromtheabovetestingandanalysisoftheimplementa- 4 higher Vbias is applies. This reproduces correct detec- tion that changes Vbias, we can guess that an alternative tion probabilities, P1/2 and P1. At the same time, E1 implementation that changes Vgate [34] or adds an inten- and E remain safely below Enogate shown in Fig. 6, sity modulator in front of the detectors [39], may leave 3 never,0,1 so clicks are never produced in the absence of the gate a similar loophole. If we apply the intensity modulator, and alarm is not triggered. This allows Eve to hack the the energy of the trigger pulse arriving at the detector is countermeasure tracelessly. not constant but depends on the modulation. However, Second, we test the correlation between time shift of thiscaseissimilartogatevoltagemodulation,asweonly trigger pulse and click probability of blinded detector. consider the total energy from the gate signal and trig- The trigger pulse energy we use in this test for D1 is gerpulse. Therefore,wewillgetsimilarresultsasFigs.7 slightly lower than that of D0, but both levels of energy and 8, but the amount of trigger pulse energy and time are above Egate in Fig. 6 marked as red ×. The shift might be different. always,0,1 measurement result is shown in Fig. 8. The reason for this practical loophole is a wrong as- Thistestingresultillustratesanothermethodtoattack sumption made by Lim and his colleagues [34]. They thecountermeasure: randomlyadjustingthetimeshiftof assumeEvecannotgeneratefakedstatesthattriggerde- thetriggerpulse. ForD0,afterfixingthesuitableenergy tections with probabilities that are proportional to the level of trigger pulse, Eve can always trigger a click by originalphotondetectionefficiency. Herewehaveproved choosing time shift T , but only trigger a click at higher this is in fact possible. Therefore, the model of a practi- 1 V by choosing T . Similarly, if target detector is D1, caldetectorshouldbemorepreciseinsecurityanalysis,if bias 2 thedetectoralwaysclicksatT ,butonlyclicksathigher onewishestoclosethedetectorcontrolloopholewithout 3 V atT . Then,whenEvesendstriggerpulsetocontrol resorting to measurement-device-independent QKD. bias 4 D0,sherandomlyselectsT andT withequalprobability 1 2 P /2toreproducethecorrectdetectionefficienciesofD0. 0 Eve utilizes the same strategy for D1 to achieve correct VI. OUR ATTACKS IN A BLACK-BOX detection probabilities, P /2 and P . In this way, Eve SETTING 1 1 also hacks Clavis2 system tracelessly. Generally, a finite set of decoy detection efficiency lev- According to Kerckhoffs’ principle [40], Eve always els η < η < η < ... < η can be hacked by properly knows everything about the algorithms and hardware of 1 2 3 n setting probabilities of different attacking energy levels Alice’s and Bob’s boxes, including the precise values of or time-shifts. We take energy levels of trigger pulse as equipmentparameters. Theclassicalsecuritycommunity 8 practices Kerckhoffs’ principle since 1970’s, and widely does not raise an alarm and is recovered from automati- agrees that this is a good approach to implementation cally in Clavis2 [43, 45]. security[1]. Thisissupportedbymanyexamplesofcryp- Afulltwo-levelimplementationofthecountermeasure tographic systems that did not follow this principle and mayrequireEvetorunmoreattempts,becauseofafiner were compromised [41]. The quantum academic commu- degree of control required over the trigger pulse energy nitycertainlyagreesthatQKDshouldbemadesecurein andtiming. Yet,similarlytothefirstcountermeasureim- this setting, which is necessary for QKD being uncondi- plementation,theno-gatetriggerenergythatwouldraise tionally secure [10–15]. alarm remains safely well above the energies required for However, it is also a practically interesting question if detector control. The practicality of attack in the black- anyproposedattackcanbemountedontoday’scommer- boxsettingisthusdifficulttopredictwithouthavingthe cial QKD systems in a black-box setting, when Eve only actual industrial implementation of the full countermea- has access to the public communication lines but cannot sure, and actually demonstrating the full attack, which directlymeasuresignalsandvaluesofanalogparameters can be a future study. inside Alice’s and Bob’s boxes [42]. In this realistic sce- nario, Eve may purchase (or acquire by other means) a sample of the system hardware, open it, make internal VII. CONCLUSION measurements and rehearse her attacks on it. Then she hastoeavesdroponheractualtarget,aninstalledsystem We have tested the first implementation of the coun- sample in which she has not had physical access to the termeasure against the blinding attack in the commer- boxes. Although the latter sample can be of the same cial QKD system Clavis2. Our testing result demon- model and design, it will generally have different values stratesthatpresentlyimplementedcountermeasureisef- ofinternalanalogparameters,owingtosample-to-sample fective against the original blinding attack but not effec- variation in system components. A full implementation tive against a modified blinding attack. The modified of our attacks in this scenario remains to be tested. In attack fully controls Bob’s single-photon detectors but this setting it will be of utmost importance for Eve to does not trigger the security alarm. The modified at- avoidtriggeringclicksintheabsenceofthegate,because tackissimilartotheoriginaldetectorblindingattack[26] this would very quickly brick the system and risk reveal- with the only difference that the trigger pulses are time- ingherattackattempt. Theoriginalblindingattackthat aligned to coincide with the detector gates, instead of applies the trigger after the gate becomes very sensitive following it. We argue that this attack should be imple- to precise values of thresholds in the presence of the first mentable in practice against an installed QKD commu- version of countermeasure (Fig. 2). For this reason we nication line where Eve does not have physical access to think the countermeasure will likely be triggered by the characterising Alice and Bob, however such full demon- original attack in the realistic black-box setting. stration has not yet been done, to our knowledge. Ourmodifiedattackthatappliesthetriggerinsidethe We have also tested the full proposed implementation gate will likely avoid triggering the alarm, because the of countermeasure with two non-zero efficiency levels, no-gate threshold energies are much higher that the en- andfounditssecuritytobeunreliabledespitepredictions ergiesrequiredfordetectorcontrol(Fig.6). Italsotoler- of the theory proposal [34]. From the current testing re- ates some fluctuation in experimental parameters for de- sults, bright-pulse triggering probabilities of the blinded tector control. For example, when Eve applies 0.38 mW detectors depend on several factors including V , tim- bias blinding power, 252 fJ trigger pulse energy, and times ing and energy of the trigger pulse (see Section V). This her trigger pulse at the middle of the gate, we have veri- in principle allows Eve to compromise the full counter- fied that the attack still works perfectly for up to ±21% measure implementation. changeinthetriggerenergy(seeFig.6)orupto±1.3ns We have tested the countermeasure implemented with changeinthetriggertiming. Thismakesitrobustagainst the gated single-photon detectors (SPDs). The idea of reasonably expected fluctuations and imprecision of the randomdetectionefficiencycanbeappliedtoothertypes system parameters. In particular, the timing accuracy of SPDs that are also sensitive to the blinding attack: required for our attack in much coarser than the several free-running SPDs [46] and superconducting nanowire tens of picoseconds precision Alice and Bob use in nor- SPDs [28]. However, the countermeasure based on these mal operation [43]. The trigger energy setting precision detectors might still be hackable. Since the efficiencies is similar to the original attack that required ±16% [26]. of these types of SPDs depend on the bias voltage or Eve may need a few attempts to set a correct trigger current, varying these bias signals likely changes other energywhenattackinganewcopyofthesystem. Shecan parameters inside the SPD and its electronics. There- do this by starting at a low trigger energy and attempt- fore, when we randomize the detection efficiency, other ingseveralincreasingvaluesofenergywhilewatchingthe degrees of freedom might be changed as well. Eve has a classical traffic Alice-Bob for the success or failure of the chancetoexploitthesesidechannelstohackthecounter- QKD session she has attacked [44]. A QKD session that measure. Ofcourse, theexactoutcomecannotbeknown failsbecauseoftoolowdetectionefficiencyisanaturally until the countermeasures in different types of detectors occurring event that is part of normal system operation, are experimentally tested. 9 Accordingtoourtestingresult,thiscountermeasureis The anode of the APD is AC-coupled to a fast compara- not as reliable as would be expected in a high-security tor DA1. Since the capacitor C1 blocks the DC compo- environmentofQKD.Althoughanidealindustrialcoun- nent, only when the current flowing through the APD termeasure has not been achieved, everybody now has a changes, it generates a pulse as the input of DA1. If more clear concept about the detector loopholes. This thepeakvoltageofthispulseisgreaterthanthepositive procedure emphasizes the necessity of security testing threshold V =70 mV, the comparator produces a logic th every time practical QKD systems are developed or up- output signal indicating a click. Once a click in either of dated. We only can reach the final practical security of the two Bob’s detectors is registered, the next 50 gates any QKD system after several iterations of implementa- will not be applied to both detectors, which constitutes tion development and testing verification. Our counter- a deadtime to reduce afterpulsing. measure testing also illustrates that patching a loophole IfEvesendsabrightc.w.illuminationtothegatedde- isstilltime-consuminganddifficult. However,addressing tectors, the bright light makes the APD generate a sig- practicalvulnerabilitiesatthedesignstageofaQKDsys- nificant photocurrent that monotonically increases with temisbothcheaperandlessmessythantryingtoretrofit the optical power P . When we consider effects of this opt patches on an existing deployed solution. Addressing se- current on the whole detector circuit (Fig. 10), the most curity at the design stage should be the goal whenever useful one is a reduction of the voltage across the APD possible. V . Although the high-voltage supply V stays con- APD bias stant,thephotocurrentcausesasignificantvoltageacross R3 = 1 kΩ, thus V drops. If we apply enough illu- APD ACKNOWLEDGMENT mination power, V will be less than V even inside APD br the gate, and the APD then always stays in the linear We thank C. C. W. Lim, N. Gisin, and E. Anisi- mode. The detector becomes blind to single photons. mova for discussions. This work was supported by In- In our testing, we measure the voltage at test point T2 dustry Canada, NSERC (programs Discovery and Cryp- VT2 in Fig. 10 and refer to this voltage as VAPD in the toWorks21), CFI, Ontario MRI, US Office of Naval text. VT2 is close to real VAPD, because R1+R2 (cid:28) R3 Research, ID Quantique, European Commission’s FET [precisely, VAPD =VT2+(VT2−Vbias)(R1+R2)/R3]. QICTSIQSandEMPIR14IND05MIQC2projects. P.C. After blinding Bob’s detectors, Eve can conduct a was supported from Thai DPST scholarship. faked-state attack. Eve first intercepts all photons sent by Alice. Whenever Eve detects a photon, she sends the same state to Bob via a bright trigger pulse of a certain energy,superimposedonherblindingillumination. Only Appendix A: Background if Bob chooses the same measurement basis as Eve and applies the gate, one of Bob’s detectors will click and he In this section, we recap the operating principle of the willgetthesamebitvalueasEve. Otherwise,thereisno single-photon detector, its implementation in Clavis2, click at Bob’s side. During the sifting procedure, Alice and the original blinding attack [26]. Most available and Bob keep the bit values when they have chosen the single-photon detectors are APDs operating in Geiger same basis, and so does Eve. Therefore Eve has identi- mode, in which they are sensitive to single photons [47]. cal bit values with Bob, introduces no extra QBER, and AsshowninFig.9,whentheAPDisreverse-biasedabove does not increase the alarm counter. Eve then listens to its breakdown voltage V , a single photon can cause a br the public communication between Alice and Bob and large current I . If this current exceeds the thresh- APD performs the same error correction and privacy amplifi- old I , electronics registers this as a photon detection th cationproceduresasthem,toobtainanidenticalcopyof (a ‘click’). After that, an external circuit quenches the their secret key [26]. avalanche by lowering the bias voltage V below V , APD br and the APD comes into a linear mode. If the APD is illuminated by bright light (which does not happen in I normal single-photon operation but can happen during APD Linear mode Geiger mode aneavesdroppingattack),I inthelinearmodeispro- I APD APD portional to the incident bright optical power P . I opt th then becomes a threshold on the incident optical power P that makes a click. th I th alyFzreodmbaynitesngciinrceueirti.ngFviigeuwr,et1h0e sdheotwecstoarncaenqubivealaennt- I Pth Popt Quenching Single photon circuit diagram of the two detectors used in Clavis2. th When no gate signal is applied, the APDs are biased slightlybelowtheirVbr bythenegativehigh-voltagesup- Vbias Vbr Vbias+Vgate VAPD plyV =−55.26V,V =−54.70V[48]. Tobring bias,0 bias,1 theAPDintoGeigermode,anadditional3Vhigh,2.8ns FIG. 9. Linear-mode and Geiger-mode APD operation (reprinted from [26]). longpulseisappliedthroughalogiclevelconverterDD1. 10 T1 T3 T4 55.5 DD1 C1 DA1 SY100H842 R1 APD 1.1n MAX9601 Ignapteut 72 = cOliuctkput −VAPD,0 (PECL) R2 C2 1R540 (PECL) 55 Pblind, 0= 73.4 µW −VAPD,1 150 100n T2 1Rk3 Vth,0/1 (V)D54.5 Pblind, 1= 64.3 µW P A Vbias,0/1 −V 54 FIG. 10. Equivalent detector bias and comparator circuit, as implemented in Clavis2 (reprinted from [26]). 53.5 Appendix B: Analysis of processes in the detector 53 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 Blinding Power (mW) For further understanding of the detector behaviour under successful blinding attack, we attempt to quanti- FIG. 11. Bias voltage of APDs versus c.w. blinding power. tatively model electrical and thermal processes in it. As wementionedpreviously,thebiasvoltagedecreaseswhen the blinding power is applied. A measured relationship 103 between VAPD and continuous blinding power is shown Gain0 in Fig. 11. Detector 0 is blinded at P > P = Gain 73.4 µW and detector 1 is blinded at Popt > Pblind,0 = 102 1 opt blind,1 G = 13 64.3µW. Higherblindingilluminationleadstolowerbias voltage. This is consistent with the same measurement done for the original blinding attack [26]. W)101 A/ G = 3 In a detector blinded by c.w. laser illumination, the ( n gain factor is affected by not only the power of blind- Gai100 ing laser, but also the gate signal. When the APD is blinded and forced to work in the linear mode, it can be treated as an ordinary photodiode with a finite internal 10−1 gain. Photoelectrons and holes are accelerated by a high electric field and initiate a chain of impact ionizations that generates secondary electron-hole pairs. Thus, the 10−2 APD has an internal multiplication gain factor M > 1, 30 35 40 45 50 55 60 since one photon can yield many electrons of photocur- −VAPD(V) rent flowing in the circuit. When V is much lower APD FIG. 12. Gain versus APD bias voltage. Values of gain for than V , M will be close to 1. However, the APD may br bias voltages below 31 V were negligibly low for a practical not have any significant photosensitivity below so-called attack,andbelowthesensitivityofourmeasurementmethod. punch-through voltage, below which the electrical field doesnotextendintotheabsorptionlayerofInGaAs/InP heterostructure [49]. gate signal raises V . Thus the electrical charge gen- APD We have done a measurement of small-signal gain G erated bythe APD inresponse to atrigger pulseapplied of the APDs in Clavis2 by measuring their photocurrent in the gate is greater than when it’s applied outside the response to a short optical pulse input. The results are gate. Forexample,inFig.4(c),thegatepulsealonecon- shown in Fig. 12. There is virtually no photosensitivity tributes1.053pCextrachargeontopofthecurrentthat below the punch-through voltage of about 31 V. Above would be generated without the gate. When the trigger that voltage G starts at ∼ 0.7 A/W (corresponding to pulseisappliedafterthegate[Fig.4(d)],thetotalcharge ∼ 60% quantum efficiency assuming M = 1), then rises of the two pulses is 1.467 pC; however, when the trigger above 100 A/W closer to Vbr. The gain values measured pulse is moved into the gate [Fig. 4(e)], the total charge at Vbr−2 V are ∼7 and ∼10 A/W, which is consistent risesto1.613pC. Therefore,agreatergainfactorduring withvaluesfromdatasheetsofcommercialAPDs. From the gated time helps the pulse to cross the threshold. theabovemeasurements,weknowthatEvecanvarythe We have attempted to model the increased gain due amount of blinding power to the detectors to control the to the gate. In our model, we consider a thermal ef- bias voltage and thus the gain factor. fect and an internal resistance of the APD. On the one AfterweblindBob’sdetectorsinClavis2,thegainfac- hand, an increased temperature raises V [50]. Elec- br torisgreaterduringthe2.8nsgateduration,becausethe trical heating (V ·I ) and the absorption of the APD APD

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.