Vulnerability in commercial quantum cryptography

(29.08.2010)The Norwegian University of Science and Technology (NTNU) and the University of Erlangen-Nürnberg together with the Max Planck Institute for the Science of Light in Erlangen have recently developed and tested a technique exploiting imperfections in quantum cryptography systems to implement an attack. Countermeasures were also implemented within an ongoing collaboration with leading manufacturer ID Quantique.
NTNU 'hackers' at work
Quantum cryptography is a technology that allows one to distribute a cryptographic key across an optical network and to exploit the laws of quantum physics to guarantee its secrecy. It makes use of the Heisenberg uncertainty principle – observation causes perturbation – to reveal eavesdropping on an optical fiber. The technology was invented in the mid-eighties, with first demonstration less than a decade later and the launch of commercial products during the first years of the century.

Although the security of quantum cryptography relies in principle only on the laws of quantum physics, it is also dependent on the lack of loopholes in specific implementations, just like any other security technology. “The security of quantum cryptography relies on quantum physics but not only… It must also be properly implemented. This fact was often overlooked in the past,” explains Prof. Gerd Leuchs of the University of Erlangen-Nürnberg and the Max Planck Institute for the Science of Light.

Recently, NTNU in collaboration with the team in Erlangen has found a technique to remotely control a key component of most of today’s quantum cryptography systems, the photon
detector, which is reported today in Nature Photonics advance online publication doi:10.1038/nphoton.2010.214. “Unlike previously published attempts, this attack is implementable with current off-the-shelf components,” says Dr. Vadim Makarov, a researcher in the Quantum Hacking group at NTNU, who adds: “Our eavesdropping method worked both against MagiQ Technology's QPN 5505 and ID Quantique Clavis2 systems.” The effort has also been described in a news article in Nature magazine, and in a webpage by the 'hackers' themselves.

In the framework of a collaboration initiated with ID Quantique, the researchers shared their results with the company prior to publication. ID Quantique has then, with a help of NTNU, developed and tested a countermeasure. Academic researchers of the two laboratories will continue testing security aspects of quantum cryptography solutions from ID Quantique. “Testing is a necessary step to validate a new security technology and the fact that this process is applied today to quantum cryptography is a sign of maturity for this technology,” explains Grégoire Ribordy, CEO of ID Quantique.

About the Quantum Hacking group
The Quantum Hacking group at the Department of Electronics and Telecommunications, Norwegian University of Science and Technology, works in the field of quantum cryptography, with the main goal to make quantum cryptosystems secure in practice. This is done by playing the role of the evil eavesdropper, and hacking practical systems by exploiting imperfections. Using these results, we propose modifications to the systems and new security proofs which take imperfections into account.
 
About the QIV group

The Quantum Information Processing group in Erlangen represents a close collaboration in the field of quantum communication between the University of Erlangen-Nürnberg and the Max Planck Institute for the Science of Light. One of the group's research focuses is research in quantum key distribution and operating a free-space link transmitting continuous-variables quantum information.

About ID Quantique
ID Quantique is a global leader shaping the evolution of network security through the development and commercialization of Quantum Key Distribution and high-speed encryption products. In 2001, the company was the first to bring this new technology to the market. In 2007, it was able to announce the first public application of this technology to secure a network used for vote counting in an election in Geneva. In addition to its strong technology focus on Quantum Key Distribution, ID Quantique has also developed expertise in the area of high-speed encryption and has a broad portofolio of solutions for layer 2 encryption. A privately held company headquartered in Geneva, Switzerland, ID Quantique is a spin-off from the University of Geneva and has close ties with leading academic institutions.

For further information, contact:
Vadim Makarov, postdoctoral researcher, Department of Electronics and
Telecommunications, Norwegian University of Science and Technology
Email: makarov@vad1.com,  tel. +47 73592733, mobil: +47 46795898
Quantum Hacking group:  www.iet.ntnu.no/groups/optics/qcr/

Christoffer Wittmann, Max Planck Institute for the Science of Light,
Günther-Scharowsky-Str. 1/Bau 24, 91058 Erlangen, Germany
Email: christoffer.wittmann@mpl.mpg.de,  tel. +49 9131 6877129

QIV-group:  mpl.mpg.de/mpf/php/abteilung1/index.php?lang=en

Grégoire Ribordy, CEO, ID Quantique SA
Tel. +41 22 301 83 71
Mobil: +41 79 784 70 79

Email: gregoire.ribordy@idquantique.com        www.idquantique.com