Skip to main content

Thank you for visiting nature.com. You are using a browser version with limited support for CSS. To obtain the best experience, we recommend you use a more up to date browser (or turn off compatibility mode in Internet Explorer). In the meantime, to ensure continued support, we are displaying the site without styles and JavaScript.

Hacking commercial quantum cryptography systems by tailored bright illumination

Abstract

The peculiar properties of quantum mechanics allow two remote parties to communicate a private, secret key, which is protected from eavesdropping by the laws of physics1,2,3,4. So-called quantum key distribution (QKD) implementations always rely on detectors to measure the relevant quantum property of single photons5. Here we demonstrate experimentally that the detectors in two commercially available QKD systems can be fully remote-controlled using specially tailored bright illumination. This makes it possible to tracelessly acquire the full secret key; we propose an eavesdropping apparatus built from off-the-shelf components. The loophole is likely to be present in most QKD systems using avalanche photodiodes to detect single photons. We believe that our findings are crucial for strengthening the security of practical QKD, by identifying and patching technological deficiencies.

Access options

Rent or Buy article

Get time limited or full article access on ReadCube.

from$8.99

All prices are NET prices.

Figure 1: APD as a single-photon detector.
Figure 2: How Eve's trigger pulses are detected by Bob.
Figure 3: Bias voltage at T1 versus c.w. laser power for Clavis2.
Figure 4: Detector control.
Figure 5: Proposed plug-and-play Eve.

References

  1. 1

    Mayers, D. Advances in cryptology. in Proceedings of Crypto '96, Vol. 1109 (ed. Koblitz, N.) 343–357 (Springer, 1996).

  2. 2

    Lo, H.-K. & Chau, H. F. Unconditional security of quantum key distribution over arbitrarily long distances. Science 283, 2050–2056 (1999).

    ADS  Article  Google Scholar 

  3. 3

    Shor, P. W. & Preskill, J. Simple proof of security of the BB84 quantum key distribution protocol. Phys. Rev. Lett. 85, 441–444 (2000).

    ADS  Article  Google Scholar 

  4. 4

    Bennett, C. H. & Brassard, G. Quantum cryptography: public key distribution and coin tossing, in Proceedings of IEEE International Conference on Computers, Systems, and Signal Processing, 175–179 (IEEE Press, 1984).

  5. 5

    Scarani, V. et al. The security of practical quantum key distribution. Rev. Mod. Phys. 81, 1301–1350 (2009).

    ADS  Article  Google Scholar 

  6. 6

    Stucki, D. et al. High rate, long-distance quantum key distribution over 250 km of ultra low loss fibres. New J. Phys. 11, 075003 (2009).

    ADS  Article  Google Scholar 

  7. 7

    Gottesman, D., Lo, H.-K., Lütkenhaus, N. & Preskill, J. Security of quantum key distribution with imperfect devices. Quant. Inf. Comp. 4, 325–360 (2004).

    MathSciNet  MATH  Google Scholar 

  8. 8

    Fung, C.-H.F., Tamaki, K., Qi, B., Lo, H.-K. & Ma, X. Security proof of quantum key distribution with detection efficiency mismatch. Quant. Inf. Comp. 9, 131–165 (2009).

    MathSciNet  MATH  Google Scholar 

  9. 9

    Lydersen, L. & Skaar, J. Security of quantum key distribution with bit and basis dependent detector flaws. Quant. Inf. Comp. 10, 60–76 (2010).

    MathSciNet  MATH  Google Scholar 

  10. 10

    Lamas-Linares, A. & Kurtsiefer, C. Breaking a quantum key distribution system through a timing side channel. Opt. Express 15, 9388–9393 (2007).

    ADS  Article  Google Scholar 

  11. 11

    Nauerth, S., Fürst, M., Schmitt-Manderbach, T., Weier, H. & Weinfurter, H. Information leakage via side channels in freespace BB84 quantum cryptography. New J. Phys. 11, 065001 (2009).

    ADS  Article  Google Scholar 

  12. 12

    Lütkenhaus, N. Security against individual attacks for realistic quantum key distribution. Phys. Rev. A 61, 052304 (2000).

    ADS  Article  Google Scholar 

  13. 13

    Hwang, W. Y. Quantum key distribution with high loss: toward global secure communication. Phys. Rev. Lett. 91, 057901 (2003).

    ADS  Article  Google Scholar 

  14. 14

    Scarani, V., Acin, A., Ribordy, G. & Gisin, N. Quantum cryptography protocols robust against photon number splitting attacks for weak laser pulse implementations. Phys. Rev. Lett. 92, 057901 (2004).

    ADS  Article  Google Scholar 

  15. 15

    Qi, B., Fung, C.-H.F., Lo, H.-K. & Ma, X. Time-shift attack in practical quantum cryptosystems. Quant. Inf. Comp. 7, 73–82 (2007).

    MathSciNet  MATH  Google Scholar 

  16. 16

    Makarov, V., Anisimov, A. & Skaar, J. Effects of detector efficiency mismatch on security of quantum cryptosystems. Phys. Rev. A 74, 022313 (2006); erratum ibid. 78, 019905 (2008).

    ADS  Article  Google Scholar 

  17. 17

    Zhao, Y., Fung, C.-H.F., Qi, B., Chen, C. & Lo, H.-K. Quantum hacking: experimental demonstration of time-shift attack against practical quantum-key- distribution systems. Phys. Rev. A 78, 042333 (2008).

    ADS  Article  Google Scholar 

  18. 18

    Cova, S., Ghioni, M., Lotito, A., Rech, I. & Zappa, F. Evolution and prospects for single-photon avalanche diodes and quenching circuits. J. Mod. Opt. 51, 1267–1288 (2004).

    ADS  Article  Google Scholar 

  19. 19

    Makarov, V. & Hjelme, D. R. Faked states attack on quantum cryptosystems. J. Mod. Opt. 52, 691–705 (2005).

    ADS  Article  Google Scholar 

  20. 20

    Makarov, V., Anisimov, A. & Sauge, S. Quantum hacking: adding a commercial actively-quenched module to the list of single-photon detectors controllable by Eve. Preprint at <http://arXiv:quant-ph/0809.3408v2>.

  21. 21

    Makarov, V. Controlling passively quenched single photon detectors by bright light. New J. Phys. 11, 065003 (2009).

    ADS  Article  Google Scholar 

  22. 22

    Takesue, H. et al. Differential phase shift quantum key distribution experiment over 105 km fibre. New J. Phys. 7, 232 (2005).

    ADS  Article  Google Scholar 

  23. 23

    Stucki, D., Brunner, N., Gisin, N., Scarani, V. & Zbinden, H. Fast and simple one-way quantum key distribution. Appl. Phys. Lett. 87, 194108 (2005).

    ADS  Article  Google Scholar 

  24. 24

    Muller, A. et al. ‘Plug and play’ systems for quantum cryptography. Appl. Phys. Lett. 70, 793–795 (1997).

    ADS  Article  Google Scholar 

  25. 25

    Boneh, D. Twenty years of attacks on the RSA cryptosystem. Notices Am. Math. Soc. 46, 203–213 (1999).

    MathSciNet  MATH  Google Scholar 

  26. 26

    Scarani, V. & Kurtsiefer, C. The black paper of quantum cryptography: real implementation problems. Preprint at <http://arXiv:quant-ph/0906.4547v1>.

Download references

Acknowledgements

This work was supported by the Research Council of Norway (grant no. 180439/V30). The authors acknowledge the overall cooperation and assistance of the Max Planck Institute for the Science of Light, Erlangen, and G. Leuchs personally. L.L. and V.M. thank the Group of Applied Physics at the University of Geneva, ID Quantique and armasuisse Science and Technology for their hospitality, discussions, cooperation and loan of equipment. The Service of Radiology of the Cantonal Hospital of Geneva is thanked for their quick help in revealing the internal layers in the multilayer printed circuit board of a commercial detector.

Author information

Affiliations

Authors

Contributions

V.M. conceived the idea and planned the study. L.L. and V.M. conducted the Clavis2 experiment with the help of C. Wiechers, D.E. and C. Wittmann. L.L. and V.M. conducted the QPN 5505 experiment. L.L. and J.S. wrote the paper and Supplementary information, with input from all authors. J.S. and V.M. supervised the project.

Corresponding author

Correspondence to Lars Lydersen.

Ethics declarations

Competing interests

The authors declare no competing financial interests.

Supplementary information

Supplementary information

Supplementary information (PDF 253 kb)

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Lydersen, L., Wiechers, C., Wittmann, C. et al. Hacking commercial quantum cryptography systems by tailored bright illumination. Nature Photon 4, 686–689 (2010). https://doi.org/10.1038/nphoton.2010.214

Download citation

Further reading

Search

Quick links

Nature Briefing

Sign up for the Nature Briefing newsletter — what matters in science, free to your inbox daily.

Get the most important science stories of the day, free in your inbox. Sign up for Nature Briefing