A dispute has emerged between experts in quantum cryptography over the effectiveness of a recently discovered attack that takes advantage of implementation flaws in high-security key exchange systems.
A paper published in September's Nature Photonics explained how the avalanche photo-detectors used in some commercial quantum cryptography rigs might be blinded, essentially causing equipment to go wrong without generating an error indicating that a key exchange might have been compromised. The ruse – akin in very simplistic terms to bright light in a guard's face so he doesn't see someone sneaking past him – might allow an eavesdropper to gain at least snippets of a secret encryption key being exchanged over a supposedly super-secure link.
Commercial systems from MagiQ Technology and ID Quantique were demonstrated as potentially vulnerable by a team from the Norwegian University of Science and Technology (NTNU), the University of Erlangen-Nürnberg and the Max Planck Institute for the Science of Light in Erlangen. The attack relied on the use of off-the-shelf commercial, albeit expensive ($50K), kit. The German and Norwegian computer scientists worked with manufacturers to address and develop countermeasures against the attack, which involved subverting the link error compensation features necessary to getting practical systems to work.
A follow-up paper in December's Nature Photonicsby scientists at Toshiba’s Cambridge Research Laboratory concluded the attack would fail to work against properly operated single photon detectors. Straightforward adaptations on potentially vulnerable avalanche photo-detector systems would also blunt the attack.
That, or so we thought, was that.
However, since publishing a story about Toshiba's follow-up research, a member of the original team of quantum-crypto boffins has been in touch to dispute Toshiba's conclusions.
Vadim Makarov, a researcher in the Quantum Hacking group at NTNU, said the Norwegian / German team have published three variations of their original attack (including an after-gate attack, a thermal binding attack and a sinkhole attack), which might work against Toshiba's kit.
However Andrew Shields, assistant managing director at Toshiba Research Europe, has turned down requests from the Norwegian / German team to test the revised attack on their kit, according to Makarov.
"These three attacks are variations of the attack we published in Nature Photonics," Makarov told El Reg. "Two of these three will probably work perfectly on Shield's 'hack-proofed' detector (I wanted to come to his lab with our equipment and test this but was not given a chance). Shields is aware of these attacks yet he carefully avoids to mention them when he brags about his 'easy fix' to the detector."
The German / Norwegian team have published a detailed response to Toshiba's paper here, discussing the possible remaining vulnerabilities in Toshiba's "hack-proofed" detector.
We asked Toshiba for a response to Makarov's contention that a variant of the original attack might be successful. In a statement, Shields said the after-gate attack and sinkhole discussed by the Norwegian / German team would also be ineffective against a properly operated system.
We always welcome feedback in this area, as it helps to uncover any security loopholes and to devise appropriate countermeasures. However, when we repeated the Trondheim group’s tests, exactly as they described, their results could only recreated if the detector was set up incorrectly. In particular, we could only get the attack to work if there was a large resistor in series with the avalanche photodiode and if the discriminator level was set to a very high (and inappropriate) level.
Another known attack on QKD systems is called the ‘after-gate attack’. This involves Eve blocking the signals from Alice and then sending bright pulses after the avalanche photodiode (APD) gate when the APD is in linear mode. This attack is not a detector blinding attack, but seeks to exploit a potential deficiency in the QKD system, rather than the detector. However this attack does not work on our QKD system, because Bob only accepts detection events that occur during the detector gate and rejects all those after the detector gate. Furthermore, Bob only modulates the arriving photon during the duration of the detector gate which also renders the attack ineffective. The attack also does not work because the bright pulses create afterpulse noise resulting in a very high error rate, altering Alice and Bob to the attack.
Only if the detector can be ‘blinded’ (and we have proven that it cannot be blinded, provided it is operated correctly) is it possible to avoid this telltale noise. Thus the after-gate attack does not work. The thermal blinding and sinkhole attacks are also ineffective on our system. We are happy to test any other attack that is proposed, as testing and improvement is a crucial element to the continued development of QKD systems. Indeed it is a central element to the work we are doing with European Telecommunications Standards Institute (ETSI) on the standardisation of QKD.
We sense this may not be the final word on the difference of opinion and that Makarov will only be satisfied if he is allowed to test the effectiveness of the revised attack himself. Failing that, perhaps a light-sabre battle might provide satisfaction. The dispute does involve extremely clever people expert with the intricacies of lasers and quantum physics, after all.
Leaving aside questions about their potency, the detector blinding attack or its variants are not the first implementation weakness to be discovered in quantum cryptography systems, which find a place in high value banking and government communications. All parties agree that the theoretical basis of these systems is rock solid - it's just real life and engineering difficulties getting in the way of absolute security. ®