Creating a "perfect eavesdropper" for computer security

(14.06.2011) Researchers in Singapore and Norway have implemented a "perfect eavesdropper" that illustrates an overlooked loophole in secure communications technology in an effort to make quantum cryptography truly secure.
  
Quantum key distribution (QKD) is an advanced tool for secure computer-based interactions, providing confidential communication between two remote parties by enabling them to construct a shared secret key during the course of their conversation.Hackers at work, photo credit: Vadim Makarov
   
QKD is perfectly secure in principle, but researchers have long been aware that loopholes may arise when QKD is put into practice. Now, for the first time, a team of researchers at the Centre for Quantum Technologies (CQT) at the National University of Singapore, the Norwegian University of Science and Technology (NTNU)and the University Graduate Center (UNIK) in Norway have created and operated a "perfect eavesdropper" for QKD that exploits just such a loophole in a typical QKD setup. 

Impossible to detect
As reported in the most recent issue of Nature Communications, this eavesdropper enabled researchers to obtain an entire shared secret key without alerting either of the legitimate parties that there had been a security breach. The results highlight the importance of identifying imperfections in the implementation of QKD as a first step towards fixing them.
    
Cryptography has traditionally relied on mathematical conjectures and thus may always be prone to being "cracked" by a clever mathematician who can figure out how to efficiently solve a mathematical puzzle, aided by the continual development of ever-faster computers.

Quantum cryptography, however, relies on the laws of physics and should be infinitely more difficult to crack than traditional approaches. While there has been much discussion of the technological vulnerabilities in quantum cryptography that might jeopardize this promise, there have been no successful full field-implemented hacks of QKD security – until now.
   
Highlights areas for more attention
"Quantum key distribution has matured into a true competitor to classical key distribution. This attack highlights where we need to pay attention to ensure the security of this technology," says Christian Kurtsiefer, a professor at the Centre for Quantum Technologies at the National University of Singapore.
   
In the setup that was tested, researchers at the three institutions demonstrated their eavesdropping attack in realistic conditions over a 290-m fibre link between a transmitter called "Alice" and a receiver called "Bob". Alice transmits light to Bob one photon at a time, and the two build up their secret key by measuring properties of the photons. During multiple QKD sessions over a few hours, the perfect eavesdropper "Eve" obtained the same "secret" key as Bob, while the usual parameters monitored in the QKD exchange were not disturbed – meaning that Eve remained undetected.
    
Off-the-shelf components were used
The researchers were able to circumvent the quantum principles that in theory provide QKD its strong security by making the photon detectors in Bob behave in a classical way. The detectors were blinded, essentially overriding the system's ability to detect a breach of security. Furthermore, this technological imperfection in QKD security was breached using off-the-shelf components.
    
"This confirms that non-idealities in the physical implementations of QKD can be fully and practically exploitable, and must be given increased scrutiny if quantum cryptography is to become highly secure," says Vadim Makarov, a postdoctoral researcher at the University Graduate Center in Kjeller, Norway and a member of NTNU's Quantum Hacking group. "We can not simply delegate the burden of keeping a secret to the laws of quantum physics; we need to carefully investigate the specific devices involved," says Kurtsiefer.

The open publication of how the "perfect eavesdropper" was built has already enabled this particular loophole in QKD to be closed. "I am sure there are other problems that might show that a theoretical security analysis is not necessarily exactly the same as a real-world situation," says Ilja Gerhardt, currently a visiting scholar at the University of British Columbia in Vancouver, Canada. "But this is the usual game in cryptography – a secure communications system is created and others try to break into it. In the end this makes the different approaches better."

For further information, contact:
Dr. Vadim Makarov, postdoctoral researcher, University Graduate Center in Kjeller, Norway

Email: makarov@vad1.com,  tel. +47 4679 5898
skype: vadim_makarov

Quantum Hacking groupwww.iet.ntnu.no/groups/optics/qcr
Dr. Christian Kurtsiefer, professor, Centre for Quantum Technologies, National University of Singapore

Email: phyck@nus.edu.sg, tel. +65 6516 1250

Centre for Quantum Technologieswww.quantumlah.org
Qin Liu, PhD candidate, Department of Electronics and Telecommunications,
Norwegian University of Science and Technology, Trondheim, Norway

Email: qin.liu@iet.ntnu.no, tel. +47 4621 1297
Dr. Ilja Gerhardt, visiting scholar, University of British Columbia, Vancouver, Canada

Email: ilja@quantumlah.org, tel: +1 604 822 5265

Journal reference:  Ilja Gerhardt, Qin Liu, Antía Lamas-Linares, Johannes Skaar, Christian Kurtsiefer, and Vadim Makarov, "Full-field implementation of a perfect eavesdropper on a quantum cryptography system," Nature Communications 2, 349 (2011).

NTNU's partner research institutions for this study were:

National University of Singapore
A leading global university centred in Asia, the National University of Singapore (NUS) offers a global approach to education and research, with a focus on Asian perspectives and expertise. The University has 15 faculties and schools, with over 36,000 students from 100 countries. NUS has three Research Centres of Excellence (RCE), 22 university-level research institutes and centres, and it is also a partner for Singapore's 5th RCE. The University is well known for its research strengths in engineering, life sciences, medicine, social sciences and natural sciences. More at www.nus.edu.sg

Centre for Quantum Technologies at the National University of Singapore
The Centre for Quantum Technologies (CQT) was established as Singapore's inaugural Research Centre of Excellence in December 2007. It brings together quantum physicists and computer scientists to explore the quantum nature of reality and quantum possibilities in information processing. CQT is funded by Singapore's National Research Foundation and Ministry of Education and is hosted by the National University of Singapore (NUS). The CQT's Quantum Optics group has developed a complete quantum key distribution system based on entangled photon pairs, which has resulted in a few firsts in the field, including providing complete open source information for the hard- and software involved in this research. More at www.quantumlah.org

University Graduate Center in Kjeller, Norway
The University Graduate Center in Kjeller (UNIK) educates master's and PhD candidates in selected technological subjects. UNIK students are usually enrolled at the University of Oslo or NTNU, but other students are also welcome. UNIK was founded in 1987 and collaborates with special and highly qualified research communities in the Kjeller area.

The Quantum Hacking Group at NTNU

The Quantum Hacking group at the Norwegian University of Science and Technology works in the field of quantum cryptography, with the main goal to make quantum cryptosystems secure in practice. This is done by playing the role of the evil eavesdropper, and hacking practical systems by exploiting imperfections. Using these results, the group proposes modifications to the systems and new security proofs which take imperfections into account.Hacker's suitcase. Photo credit: Geir Mogen, NTNU Info