quantum cryptography & quantum hackingquantum cryptography & quantum hacking hacking the...
Post on 17-Mar-2021
18 Views
Preview:
TRANSCRIPT
Quantum Cryptography & Quantum Hacking
Hacking the „un-hackable“
Lecturer: Vinzenz Vogel, Viola Hansjakob
QSIT (FS 2015) Students' Presentations
• Paper by Lars Lydersen et. al. 2010: Hacking commercial quantum cryptography systems by tailored bright illumination
• Two commercial systems hacked: Clavis2 (ID Quantique), QPN 5505 (MagiQ Technologies)
• Trojan Horse attack
• Introduction
• A basic QKD protocol: BB84
• How can QKD be hacked?
• Example: The Trojan Horse attack
• Conclusion
Outline
Introduction
• Cryptography is totally safe if one-time-pad is used to encrypt the message
Introduction
• Cryptography is totally safe if one-time-pad is used to encrypt the message
Introduction
• Cryptography is totally safe if one-time-pad is used to encrypt the message
Example: One-time-pad
D O O Z Y Message
Introduction
• Cryptography is totally safe if one-time-pad is used to encrypt the message
Example: One-time-pad
D O O Z Y Message
3 (D) 14 (O) 14 (O) 25 (Z) 24 (Y) Message
Introduction
• Cryptography is totally safe if one-time-pad is used to encrypt the message
Example: One-time-pad
D O O Z Y Message
3 (D) 14 (O) 14 (O) 25 (Z) 24 (Y) Message
+ 23 12 2 10 11 Key
Introduction
• Cryptography is totally safe if one-time-pad is used to encrypt the message
Example: One-time-pad
D O O Z Y Message
3 (D) 14 (O) 14 (O) 25 (Z) 24 (Y) Message
+ 23 12 2 10 11 Key
= (mod 26)
0 (A) 0 (A) 16 (Q) 9 (J) 10 (K) Message + Key
Introduction
• Cryptography is totally safe if one-time-pad is used to encrypt the message
Example: One-time-pad
D O O Z Y Message
3 (D) 14 (O) 14 (O) 25 (Z) 24 (Y) Message
+ 23 12 2 10 11 Key
= (mod 26)
0 (A) 0 (A) 16 (Q) 9 (J) 10 (K) Message + Key
A A Q J K cipher text
• Problem: Safe distribution of key
• Solution: Quantum key distribution (QKD)
Introduction
• Cryptography is totally safe if one-time-pad is used to encrypt the messageExample: One-time-pad
D O O Z Y Message
3 (D) 14 (O) 14 (O) 25 (Z) 24 (Y) Message
+ 23 12 2 10 11 Key
= (mod 26)
0 (A) 0 (A) 16 (Q) 9 (J) 10 (K) Message + Key
A A Q J K cipher text
A basic QKD protocol: BB84
• Proposed in 1984 by Charles H. Bennett and Gilles Brassard
• Works by sending single photons from Alice to Bob
• Security check with simple photon statistics
http://www.weltderphysik.de/gebiet/technik/quanten-technik/quanten-kryptographie/
A basic QKD protocol: BB84
PBS
V (0)
λ/2
50/50 22.5° PBS
H (1)
- 45° (0)
+ 45° (1)
Bob´s perfectly random basis choice:
A basic QKD protocol: BB84
PBS
V (0)
λ/2
Vertically polarized single photon
50/50 22.5° PBS
H (1)
- 45° (0)
+ 45° (1)
Bob´s perfectly random basis choice:
A basic QKD protocol: BB84
PBS
V (0)
λ/2
Vertically polarized single photon
The basis of the photon is rotated into „+45°/-45°“ basis.
50/50 22.5° PBS
H (1)
- 45° (0)
+ 45° (1)
Bob´s perfectly random basis choice:
A basic QKD protocol: BB84
PBS
V (0)
λ/2
Vertically polarized single photon
50/50 22.5° PBS
H (1)
- 45° (0)
+ 45° (1)
Click!
Bob´s perfectly random basis choice:
A basic QKD protocol: BB84
http://www.weltderphysik.de/gebiet/technik/quanten-technik/quanten-kryptographie/
A basic QKD protocol: BB84
• True random basis choice of Alice/Bob
• No one knows the basis choice of Alice/Bob
• Random choice of bits
• Use single photons
Secure under the following assumptions:
A basic QKD protocol: BB84
How can QKD be hacked?
How can QKD be hacked?
QKD can´t be hacked in theory…
How can QKD be hacked?
QKD can´t be hacked in theory…
…but in practice, if the security assumptions are violated!
How can QKD be hacked?
Exploit loopholes to violate assumptions!
• Photon number splitting (violation: non-single photon sources are used)
• Trojan Horse attack (violation: Bob´s basis choice is known/dictated by Eve)
How can QKD be hacked?
• Photon number splitting (violation: non-single photon sources are used)
• Trojan Horse attack (violation: Bob´s basis choice is known/dictated by Eve)
How can QKD be hacked?
Example: The Trojan Horse attack
• Goal:
• Eve interferes the communication and makes a measurement
• Eve is able to dictate what Bob measures
Basic idea of the attack:
Example: The Trojan Horse attack
• Goal:
• Eve interferes the communication and makes a measurement
• Eve is able to dictate what Bob measures
• Approach:
• Technical loophole: Bob´s photon detector (Avalanche photo diode, APD)
Basic idea of the attack:
Basic scheme:
BB84
Alice
Bob
1
V/H
-45°/+45°
0
QM
Example: The Trojan Horse attack
http://arxiv.org/pdf/1008.4593v2.pdf
Basic scheme:
BB84
Alice
Bob
0
1
V/H
-45°/+45°
0
QM
Example: The Trojan Horse attack
http://arxiv.org/pdf/1008.4593v2.pdf
Basic scheme:
BB84
Alice
Bob
0
1
V/H
-45°/+45°
0
1
QM
Example: The Trojan Horse attack
http://arxiv.org/pdf/1008.4593v2.pdf
Alice′Bob′
Plug-and-play EveOptical amplifier
Alice Bob
Detection result Bit in
Blinding laser
Basis Basis
Basic scheme:
BB84
0
1
V/H
-45°/+45°
0
1
QM Classical
Example: The Trojan Horse attack
http://arxiv.org/pdf/1008.4593v2.pdf
Alice′Bob′
Plug-and-play EveOptical amplifier
Alice Bob
Detection result Bit in
Blinding laser
Basis Basis1
Basic scheme:
BB84
0
1
V/H
-45°/+45°
0
1
QM Classical
Example: The Trojan Horse attack
http://arxiv.org/pdf/1008.4593v2.pdf
Alice′Bob′
Plug-and-play EveOptical amplifier
Alice Bob
Detection result Bit in
Blinding laser
Basis Basis1
Basic scheme:
BB84
0
1
V/H
-45°/+45°
0
11
QM Classical
Example: The Trojan Horse attack
http://arxiv.org/pdf/1008.4593v2.pdf
The only question remaining:
How can Eve take control of Bob´s detectors?
Example: The Trojan Horse attack
Bob´s APDs (photon detectors) have two operating modes:
Example: The Trojan Horse attack
1. Linear mode (gives signal linear to incoming intensity, click if incoming signal power is over a threshold; basically it behaves like a normal photo diode)
Bob´s APDs (photon detectors) have two operating modes:
Example: The Trojan Horse attack
1. Linear mode (gives signal linear to incoming intensity, click if incoming signal power is over a threshold; basically it behaves like a normal photo diode)
2. Geiger mode (counting single photons, click if single photon comes in, efficiency <50%)
Bob´s APDs (photon detectors) have two operating modes:
Example: The Trojan Horse attack
Linear mode: Vbias < Vbr
software controlled
I (p-) p+pn+
Vbias
RL
Example: The Trojan Horse attack
http://www.globalspec.com/reference/21446/160210/chapter-14-4-1-avalanche-photodiode
Linear mode: Vbias < Vbr
software controlled
I (p-) p+pn+
Vbias
RL
Example: The Trojan Horse attack
http://www.globalspec.com/reference/21446/160210/chapter-14-4-1-avalanche-photodiode
Linear mode: Vbias < Vbr
software controlled
I (p-) p+pn+
Vbias
RL
Example: The Trojan Horse attack
http://www.globalspec.com/reference/21446/160210/chapter-14-4-1-avalanche-photodiode
I (p-) p+pn+
RL
Geiger mode: Vbias > Vbr
Vbias
Example: The Trojan Horse attack
http://www.globalspec.com/reference/21446/160210/chapter-14-4-1-avalanche-photodiode
I (p-) p+pn+
RL
Geiger mode: Vbias > Vbr
Vbias
Example: The Trojan Horse attack
http://www.globalspec.com/reference/21446/160210/chapter-14-4-1-avalanche-photodiode
I (p-) p+pn+
RL
Geiger mode: Vbias > Vbr
Vbias
Example: The Trojan Horse attack
http://www.globalspec.com/reference/21446/160210/chapter-14-4-1-avalanche-photodiode
I (p-) p+pn+
RL
Geiger mode: Vbias > Vbr
Vbias
Example: The Trojan Horse attack
http://www.globalspec.com/reference/21446/160210/chapter-14-4-1-avalanche-photodiode
Vbr
Example: The Trojan Horse attack
n+ I (p-) p+p
VB
RL
0time
VAPD
Vbias
http://www.globalspec.com/reference/21446/160210/chapter-14-4-1-avalanche-photodiodehttp://arxiv.org/pdf/1008.4593v2.pdf
What Eve needs to do:
Get Bob´s APDs into linear mode
Example: The Trojan Horse attack
0time
Vbias
Vbr
VAPD
n+ I (p-) p+p
VB
RL
Example: The Trojan Horse attack
http://arxiv.org/pdf/1008.4593v2.pdf http://www.globalspec.com/reference/21446/160210/chapter-14-4-1-avalanche-photodiode
+-
0time
Vbias
Vbr
VAPD
n+ I (p-) p+p
VB
RL
Example: The Trojan Horse attack
http://arxiv.org/pdf/1008.4593v2.pdf http://www.globalspec.com/reference/21446/160210/chapter-14-4-1-avalanche-photodiode
+-
0time
Vbias
Vbr
VAPD
n+ I (p-) p+p
VB
RL
Example: The Trojan Horse attack
http://arxiv.org/pdf/1008.4593v2.pdf http://www.globalspec.com/reference/21446/160210/chapter-14-4-1-avalanche-photodiode
0time
Vbias
Vbr
VAPD
n+ I (p-) p+p
VB
RL
Example: The Trojan Horse attack
http://arxiv.org/pdf/1008.4593v2.pdf http://www.globalspec.com/reference/21446/160210/chapter-14-4-1-avalanche-photodiode
Pth
Vbias
Bobs output
Eves input
Example: The Trojan Horse attack
constant illumination to keep APD in linear mode
peek pulse, information is encoded in here
http://arxiv.org/pdf/1008.4593v2.pdf
PBS
λ/2
50/50 22.5° PBS
APSs in linear mode, click if incoming power is over Pth.
V (0)
H (1)
- 45° (0)
+ 45° (1)
Example: The Trojan Horse attack
PBS
λ/2
Eve´s bright light pulse, e.g. „V“ in the basis „V/H“ >2*Pth
50/50 22.5° PBS
APSs in linear mode, click if incoming power is over Pth.
V (0)
H (1)
- 45° (0)
+ 45° (1)
Example: The Trojan Horse attack
PBS
λ/2
Eve´s bright light pulse, e.g. „V“ in the basis „V/H“
>Pth
>Pth50/50 22.5° PBS
APSs in linear mode, click if incoming power is over Pth.
V (0)
H (1)
- 45° (0)
+ 45° (1)
Example: The Trojan Horse attack
PBS
λ/2
Eve´s bright light pulse, e.g. „V“ in the basis „V/H“
50/50 22.5° PBS
APSs in linear mode, click if incoming power is over Pth.
1*Pth > P > 0.5*Pth
>Pth
Click!V (0)
H (1)
- 45° (0)
+ 45° (1)
Example: The Trojan Horse attack
Conclusion
• QKD can be hacked in practice
• There is no prove, excluding any loophole
• The battle between encrypter and hacker still goes on
Questions?
Questions?
http://www.vad1.com/lab/hacking-commercial-quantum-cryptography-2010/
top related