Abstract
The security of quantum key distribution (QKD) can easily be obscured if the eavesdropper can utilize technical imperfections in the actual implementation. Here, we describe and experimentally demonstrate a very simple but highly effective attack that does not need to intercept the quantum channel at all. Only by exploiting the dead time effect of single-photon detectors is the eavesdropper able to gain (asymptotically) full information about the generated keys without being detected by state-of-the-art QKD protocols. In our experiment, the eavesdropper inferred up to 98.8% of the key correctly, without increasing the bit error rate between Alice and Bob significantly. However, we find an even simpler and more effective countermeasure to inhibit this and similar attacks.
Export citation and abstract BibTeX RIS
GENERAL SCIENTIFIC SUMMARY Introduction and background. Quantum key distribution (QKD, or quantum cryptography) is a provably secure method for generating cryptographic keys. Unfortunately, real QKD devices do not usually fully match the models in the theoretic proofs, enabling potential eavesdroppers to gain information about the exchanged keys without tripping any alarms. One of these critical experimental imperfections is the 'dead time' of single photon detectors: after the registration of a photon, the detector needs some time before it becomes ready to detect the next one. This can be used to selectively blind the receiver's detectors by shining dim pulses into the receiver. For the first time, the adversary does not even have to intercept the photon stream to gain full information about the key, making this attack technologically very simple.
Main results. We have experimentally demonstrated such an attack with our free space optical QKD system, using different blinding pulse intensities. On average, the eavesdropper needed fewer than 20 photons per binding pulse to gather over 98% of the key information. The error between the legitimate parties did not increase during the attack, thus leaving the legitimate parties ignorant of the danger.
Wider implications. On the one hand, our technologically very simple attack threatens many present QKD-systems; on the other hand, we have also presented a simple, yet effective, countermeasure. If the receiver ensures that his detectors have been active at the moment of detection, ours and many other attacks employing light pulses fed into the system will be rendered ineffective.
Figure. Results of the experimental demonstration of the attack with low (left), medium and high (right) blinding pulse intensities. The message was reconstructed using the information obtained from the attack. Without countermeasures, the eavesdropper can gain asymptotically full information about the secret key, without being detected.