This invention relates generally to the field of quantum cryptography, and more particularly to an apparatus and method for allowing the detection of attacks either taking control of the single photon detectors of a quantum cryptography apparatus or reading the measurement bases used by the receiver of quantum cryptography apparatus to analyze the qubit. Both attacks are performed by sending bright light into the receiver through the quantum channel.
The theoretical security of quantum cryptography (“QC”) has been formally proven for an ideal implementation. A detailed discussion of QC is provided in the background of the US provisional patent application incorporated above by reference herein and is useful for full understanding of the invention. Practical implementations of QC systems attempt to be as close as possible to the model described in security proofs, but there always remain discrepancies between model and implementation.
Recently, researchers have attempted to take advantage of these discrepancies to break the security of QC systems. Different strategies have been proposed and tested, and they have been generally targeted at the single photon detectors. The first class of attacks takes advantage of the temporal mismatch between the two detectors of Bob. It should be noted that QC systems have in general two single-photon detectors (SPDs). In the case of the BB84 protocol, each detector is assigned to a bit value. Hence, if a spy knows which detector fires, he knows what the bit value exchanged between the emitter and the receiver is. Y. Zhao, C. F. Fung, B. Qi, C. Chen, and H. Lo have described an implementation of this attack in Physical Review A vol. 78 (2008), the content of the technical description of which is incorporated herein by reference thereto (any claims of success are not herein incorporated by reference). The presence of a small temporal mismatch between the two detectors may be able to be exploited to send light at a time when detector 1 is active and detector 2 is not, and vice versa. This means that if a spy makes the photon arrive at a specific time, it is possible that he can impose the detection to be only on detector 1 or on detector 2.
The latest class of attacks performed on the SPDs of a QC system purports to allow one to take control of the detectors totally. The first demonstration has been performed on a Si avalanche photodiode (“APD”) based SPD by V. Makarov. A description of this first method is given in New Journal of Physics Vol. 11 (2009), the content (excluding any claims of success) of the technical disclosure of which is incorporated herein by reference thereto. The main idea of this attack is to blind the Si APD based SPD by sending intense continuous wave (“CW”) light onto it. Indeed, when the light amount is too large for the single photon detector, it enters into a saturation regime where the number of detections starts to decrease until it eventually reaches zero. If the light intensity is further increased, and the number of detections remains equal to zero: the detector can be blinded. The explanation for this phenomenon relies on the large number of detections due to the large number of photons of the bright light. The number of avalanches is so significant that the potential difference on the APD drops down to a value close to the breakdown voltage. This drop can easily be understood by the fact that a large number of avalanches means that a large current flows constantly through the APD. Considering the resistances which are mounted in series with the APD in a passive quenching circuit, the current going through the APD goes through the resistances too. Because the total voltage applied on all the components in series is fixed, the increase of the voltage on the resistances—due to this current—causes a decrease of the potential difference on the APD. If this drop is high enough, the APD remains in the Geiger mode but the avalanches which occur due to photon absorption are too small to be detected by the discriminator of the electrical circuit. Thanks to the bright light, the SPD may be blinded. When the bright light is turned off, the SPD becomes active again after only few microseconds. Launching the intense light again makes it possible to generate a detection and then blind the SPD again. By controlling the sequence of the bright light pulses, a spy may be able to blind the SPD for a certain period of time and then to force detection at the time he is interested in. In other words, the spy may be able to gain significant control on the single photon detection module. In more recent work, V. Makarov has presented another way which purports to control Si APD based SPDs (information can be found in his presentation given in Quantum Communication Workshop 2010 (see World Wide Web, under “sarafelloni” dot com domain, in the subfolder /QIW/QCW2010/infodownload/qcw2010-presentations), the content of the technical disclosure of which is incorporated herein by reference thereto (any claims of success are not herein incorporated by reference). This new method consists in blinding the SPD with CW light again, but in this case, the intensity of the CW light is larger that in the previous demonstration, so that the APD does not work in the Geiger mode any longer, but stays in the linear mode all the time. Then, when the spy sends a bright optical pulse, its detection in linear mode results in an electrical pulse at the output of the APD. If the intensity of the optical pulse is large enough, this method asserts that the amplitude of the electrical pulse can be high enough to be detected by the discriminator of the SPD. A spy may then be able to gain some degree of control on the SPD by first blinding the detector, then sending bright optical pulse which will be detected in linear mode. In this way, an eavesdropper can force the QC receiver to detect what the eavesdropper wants him to detect. If the eavesdropper can take control of the receiver single-photon detectors, he may have enough information to guess the final secret key.
Another class of attacks, called Trojan horse attacks, can be performed on QC systems by sending bright light into the QC system through the quantum channel. The main idea of Trojan horse attack is to analyze the light which comes back from the QC system in order to extract some information about the state of the QC system. In this case, the light which is sent into the QC system is used as a probe signal. Two examples of this class of attacks are demonstrated by A. Vakhitov, V. Makarov and D. R. Hjelme in Journal of Modern optics, vol. 48, 2023-2038 (2001), the content (excluding any claims of success) of the technical disclosure of which is incorporated herein by reference thereto, and by N. Gisin, S. Fasel, B. Kraus, H. Zbinden and G. Ribordy in Physical Review A, vol. 73, 022320 (2006), the content of the technical disclosure of which is incorporated herein by reference thereto. In both examples, the authors performed their attack on implementations of BB84 using phase coding as proposed by Paul Townsend et al. in “Single-photon interference in a 10 km long optical fiber interferometer”, Electron. Lett. 29, 634-639 (1993), the content of which is incorporated by reference hereto. In this case of implementations, the quantum state is defined by the phase of the single-photon. In the QC emitter, this phase can be changed from one photon to another with the use of a phase modulator. Furthermore, a similar phase modulator is used in the QC receiver for the choice of the measurement basis for the analysis of the quantum state sent by the emitter. The authors of those attacks purport to be able to measure the phase value applied by the phase modulator by sending bright light into the QC system through the quantum channel and analyzing a portion of the light coming back from this QC device. The demonstrations have been performed mainly on the QC emitter, but can, in theory, also be performed on the QC receiver. By knowing the phase value used for encoding the bit value—in the case of an attack on the emitter, an eavesdropper may be able to gain the needed information to know the final secret key. By knowing the phase value used for measuring the quantum state—in the case of an attack on the receiver, depending on the QC protocol which is used—e.g. SARG described by V Scarani, A Acin, G Ribordy and N Gisin in Physical Review Letters vol. 92, 057901 (2004), the content of the technical disclosure of which is incorporated herein by reference thereto—, an eavesdropper may be able to gain all the needed information to know the final secret key. When a Trojan horse attack is performed on the receiver, one expects the attack to be easily detected thanks to the single-photon detectors which are very sensitive light detectors. However, in order to reduce the impact of the detection noise, the single-photon detectors are not continuously active or the detections are taken into account only during specified time periods of acceptance. If the Trojan horse attack is performed when the detectors are not active or outside of those acceptance periods, the attack does not generate any detection recorded by the receiver. Hence, the QC system is not able to detect this Trojan horse attack. E.g. in the case of phase coding implementation, a Trojan horse attack can be performed during the whole time when the state of the modulator remains in the state of the modulation of the quantum state. For practical reasons, the time when the state of the modulator is set in the state of modulation of the quantum state is quite large compare to the time during which SPDs are active or detections are accepted.
To summarize, Quantum Cryptography is a powerful method to exchange secret keys in a secure way. Theoretical security proofs of such a technology have been established considering perfect models. However, because practical implementations of QC are slightly different from the considered ideal models, it may be possible that, at least theoretically, side-channel attacks could be made. Two recent examples of these side-channel attacks are based on sending intense light into the QC receiver through the quantum channel. The result of one example is the purported total control of single-photon detectors. The result of the second example is the purported knowledge on the quantum state used for the coding of the bit value, or the measurement basis chosen for the quantum analysis.
What is needed therefore, to eliminate these security loopholes, is a system and method which help reveal these kinds of attacks.