Abstract
The existing paradigm for the security of quantum key distribution (QKD) suffers from two fundamental weaknesses. First, covert channels have emerged as an important threat and have attracted a lot of attention in security research in conventional information and communication systems. Covert channels (e.g. memory attacks) can fatally break the security of even device-independent quantum key distribution (DI-QKD), whenever QKD devices are re-used. Second, it is often implicitly assumed that the classical post-processing units of a QKD system are trusted. This is a rather strong assumption and is very hard to justify in practice. Here, we propose a new paradigm for the security of QKD that addresses these two fundamental problems. Specifically, we show that by using verifiable secret sharing and multiple optical devices and classical post-processing units, one could re-establish the security of QKD. Our techniques are rather general and they apply to both DI-QKD and non-DI-QKD.
Similar content being viewed by others
Introduction
There has been much interest in the subject of quantum key distribution (QKD) in recent years because it holds the promise of providing information-theoretically secure communications based on the laws of quantum physics.1,2 There is, however, a big gap between the theory3,4 and the practice5,6,7,8 of QKD, and the security of QKD implementations is seriously threatened by quantum hacking.9,10,11,12,13 To solve this problem, the ultimate solution is device-independent (DI)-QKD,14,15,16,17 which allows the legitimate users of the system (typically called Alice and Bob) to treat their quantum devices as “black boxes”. The security of DI-QKD is based on a loophole-free Bell test.18,19 Although no experimental implementation of DI-QKD has been realised yet, the recent demonstrations of loophole-free Bell tests20,21,22,23,24 might bring DI-QKD closer to experimental realisation.
Despite its conceptual beauty, DI-QKD is however not foolproof. Indeed, one cannot expect that all QKD users will have expertise in experimental quantum optics and electronics. So, unless Alice and Bob manufacture their own QKD devices themselves, it could be very hard for them to guarantee that the QKD “black boxes” bought from a vendor are indeed honest, as it is assumed in the security proofs. For instance, it was shown in ref. 25 that DI-QKD is highly vulnerable to the so-called memory attacks, where a hidden memory device (planted by the eavesdropper, Eve, in say Alice’s setup) stores up the key material generated in each QKD session and then leaks this information to Eve in subsequent QKD runs. This situation is illustrated in Fig. 1. Obviously, this is a fatal loss of security for DI-QKD. Whenever a QKD system is reused for subsequent QKD sessions, the security of the keys generated in previous QKD runs might be compromised. Note that this is particularly problematic in a network setting with multiple users (who may not all be trustworthy) due to the impostor attack.25
Moreover, we remark that, in principle, memory attacks also work against non-DI-QKD. This is so because, in practice, it could be quite challenging to check whether or not a purchased QKD setup contains such memory. In the following, whenever we refer to a QKD system, it will be implicitly understood that it could be either DI-QKD or non-DI-QKD; our results apply to both frameworks.
The existence of memory attacks in DI-QKD shows that quantum mechanics alone is not enough to guarantee security. Indeed, in the presence of malicious devices, the resulting secret key is fundamentally insecure due to causality. The only reliable way to assure that covert communication is not happening is for the legitimate QKD users and Eve to be space-like separated. Once a key is generated in a QKD session, it is a classical object and thus is subject to copying. Once copied, QKD modules and classical post-processing units have plenty of time and opportunities to covertly leak the key to Eve.
More generally, covert channels26 have attracted massive attention in conventional security of computing and communication systems.27,28,29 With covert channels, seemingly innocent communications in a protocol could leak crucial information that is fatal to its security. Indeed, there are plenty of covert ways of leaking information to Eve in QKD. Even if Alice and Bob’s devices are shielded in a Faraday’s cage, it could be hard for them to find a perfect Faraday’s cage in practice. In fact, industrial-grade electromagnetic shielding can provide only about say 100 dB shielding for a certain wavelength range of electromagnetic emissions.30 Also, these shields are ineffective against covert channels that exploit for example low-frequency magnetic fields, low-energy acoustic or ultrasonic emissions, gamma rays, neutrons, not to mention multiplexing a covert signal onto the device’s unavoidable electricity consumption and heat generation. Note that memory attacks are simply one example of covert channels. One main motivation of our work is indeed to find a new and general paradigm of security that can reduce the risk due to not only memory attacks, but also due to any type of covert channels in QKD.
Another key weakness in standard QKD security proofs is that they all implicitly assume that the classical post-processing units are trusted. These units are supposed to distil a secure secret key from the raw data generated by the QKD modules by applying techniques, such as post-selection of data (or so-called sifting), parameter estimation, error correction, error verification and privacy amplification. However, in view of the many hardware31,32,33,34 and software35 Trojan Horse attacks that have been performed recently in conventional cryptographic systems, such trust is a very strong and unjustified assumption. This scenario is illustrated in Fig. 2. Hardware and software Trojans constitute today a key threat to the security of conventional cryptographic devices34,36 and this threat is expected to only rise with time, so it cannot be neglected when analysing the security of a QKD implementation.
In summary, the current paradigm for the security of QKD essentially relies on Alice and Bob trusting all their devices including both their quantum communication components and classical post-processing units and all ancillary components, such as, for example, power regulators. Since even trusted vendors often do not build their chips and power regulators themselves, but rely on secondary and tertiary supplies, it is a fact of life that no one could possibly check and verify the security of all components in QKD. Even the US military does not have the time or capability to check the security of every component used in its hardware.31,37 How could one expect any vendor to have such a capability? This seems like an impossible situation for the security of practical QKD systems. So, here comes the key question: How do we address covert channels and prove security in QKD with untrusted classical post-processing units?
In this paper, we address the above key question directly. We propose a simple, but important paradigm shift in the field of QKD. Instead of the standard approach of buying a QKD “black-box” from vendors (which is purged by many aforementioned real-life security pitfalls due to covert channels and untrusted classical post-processing units), we propose that it is important for Alice and Bob to employ redundancies.
For this, we draw inspiration from classical error correction via redundancy, where one can correct up to a certain amount of errors by adding enough redundant information to the messages. In so doing, it is possible to achieve reliable data transmission through noisy channels given that the noise is not too high. Analogously, due to the difficulty of verifying whether or not a device can be trusted, we might assume that, for Eve, it might be more difficult to tamper with several devices from different vendors than corrupting just one QKD device from a single vendor. While this is an assumption, it is probably the best Alice and Bob can hope for, as it is clear that if they cannot trust any of their devices, no security is possible, while to simply trust all the devices is very risky. Then, assuming that the number of corrupted devices is limited, and given that Alice and Bob have enough redundant devices, it might be possible for them to achieve secure secret key distribution.
More formally, we use the idea of secure multiparty computation.38,39,40,41 In conventional cryptography, an important question is how to achieve unconditional security in the presence of cheaters. Clearly, if everyone is a cheater, security is impossible to achieve. However, it is still good to achieve security when the number of cheaters is bounded. Verificable secret sharing (VSS)42,43 is an important primitive in multiparty secure computation. It allows a dealer to split a message between several parties such that only authorised groups of parties can collaborate and reconstruct the message. Importantly, VSS ensures that even if the dealer is malicious there is a well-defined message that the parties can later reconstruct (see Methods section). We remark that secret sharing (SS) is commonly deployed in most modern hardware secure modules,44,45,46 and is the current strategy employed to stop hardware Trojans in conventional hardware design.31 Since the QKD application is supposed to provide the strongest link of security, our view is that it is very natural for QKD to employ ideas in SS. Also, we note that the use of SS schemes to split the secret information in shares seems to be unavoidable to prevent the malicious devices to have full information about the key to begin with.
The price that we pay is that now Alice and Bob have to use a redundant number of QKD modules and classical post-processing units. Fortunately, however, with the recent development of measurement-device-independent QKD (MDI-QKD),47,48,49,50,51 and chip-based QKD,52,53,54 as well as low-cost laptops, it is reasonable to expect that the cost of QKD modules and classical post-processing units might decrease dramatically over time (see Fig. 3). So, it is not unrealistic to consider that each of Alice and Bob could possess a few QKD modules and classical post-processing units, each of them purchased from a different vendor.
Moreover, as the interest in building a Quantum Internet55,56 grows exponentially over time, more quantum networks are currently built in the world.57,58,59,60,61,62 In a quantum network, it may be natural that two users are connected by multiple QKD paths. In this case, it is rather natural to employ SS schemes to enhance communication security in quantum networks.
Now, provided that the majority of the vendors (or QKD paths) are honest and careful in the manufacturing of their devices, it might not be entirely unreasonable to assume that at least one pair of QKD modules (or QKD paths) is honest/reliable and the number of malicious classical post-processing units is strictly less than one-third of the total number of them. Like in the classical error correction scenario, in standard conventional cryptography it is up to Alice and Bob to determine their security policy and to decide in advance how many corrupt parties they want to be secure against.
With these assumptions in place, we can then prove security in different QKD scenarios with malicious devices by applying privacy amplification techniques63 in combination with VSS42,43 from secure multiparty computation38 in conventional cryptography.39,40,41 Importantly, if we disregard the cost of authenticating the classical communications, our protocols are optimal with respect to the resulting secret key rate. Moreover, the operations involved are based on simple functions in linear algebra, such as bit-wise XOR and multiplication of matrices. So, they are conceptually simple and easy to implement.
We remark that naive solutions based on directly taking the XOR between various keys suffer from two main drawbacks, as we show later. First, they cannot guarantee the correctness of the resulting key. And, second, if the classical post-processing unit that performs this operation is malicious, the secrecy of the key is not guaranteed either. In contrast to this naive approach, our solution can guarantee both the correctness and the secrecy of the final key.
Results
Let us start by describing in more detail the general scenario that we consider. It is illustrated in Fig. 4a. Alice and Bob have n pairs of QKD modules, and say Alice (Bob) has s (r) classical post-processing units at their disposal. Alice’s modules QKDAi, with i = 1,…,n, are connected to the classical post-processing units CPAi′, with i′ = 1,…,s, via secure channels (i.e., channels that provide both secrecy and authentication). Also, all the units CPAi′ are connected to each other via secure channels. The same applies to Bob. Importantly, since all these secure channels are located only within Alice and Bob’s labs, in practice they could be implemented, for instance, by using physically protected paths (e.g., physical wires that are mechanically and electrically protected against damage and intrusion) which connect only the prescribed devices. Furthermore, each QKDAi is connected to its partner QKDBi via a quantum channel, and each CPAi′ is connected to all CPBi′′, with i′′ = 1,…,r, via authenticated classical channels.64,65
Moreover, for simplicity, we shall consider a so-called threshold active adversary structure. That is, we will assume that up to t < n pairs of QKD modules, up to t′ < s/3 units CPAi′ and up to t′′ < r/3 units CPBi′′ could be corrupted. We say that a pair of QKD modules is corrupted when at least one of them is corrupted. Also, we conservatively assume that corrupted devices do not necessarily follow the prescriptions of the protocol but their behaviour is fully controlled by Eve, who could access all their internal information. We refer the reader to the Supplementary Notes 3 and 4 for the definition of general mixed adversary structure66 and the security analysis of QKD against this type of general adversary. Also, we note that less conservative adversarial models like e.g., those studied in ref. 25 might be also valid in certain scenarios.
The final goal is to generate a composable ε-secure key, kA and kB. That is, kA and kB should be identical except for a minuscule probability εcor, and say kA should be completely random and decoupled from Eve except for a minuscule probability εsec, with εcor + εsec ≤ε .67,68 Importantly, since now some QKD modules and classical post-processing units could be corrupted, the secrecy condition also implies that kA and kB must be independent of any information held by the corrupted devices after the execution of the protocol. Otherwise, such corrupted devices could directly leak that information to Eve. Obviously, at the end of the day, some parties might need to have access to the final key, and thus one necessarily must assume that such parties are trusted and located in secure labs. In this regard, our work suggests that when the classical post-processing units at the key distillation layer are untrusted, they should not output the final key kA and kB but they should output shares of it to the key management layer.58,59 There, kA and kB could be either reconstructed by say Alice and Bob in secure labs, or their shares could be stored in distributed memories for later use, or they could be employed for instance for encryption purposes via say the one-time pad. Importantly, however, all the key generation process at the key distillation layer can be performed with corrupted devices. Also, we note that, if necessary, operations like storage or encryption at the key management layer could also be performed in the presence of corrupted devices by using techniques from secure multiparty computation.38 The actual management and storage of the shares of kA and kB generated by the key distillation layer is responsibility of the key management layer and depends on the particular application. We remark, however, that such layer structure is introduced here mainly for illustrative purposes, as in this paper we consider the key distillation problem, which is the task of the key distillation layer. Our results are rather general and similar techniques could be applied as well to other applications without the need of any particular layer structure.
Before we go to the specifics of our result. We remark that our idea is general and does not depend on the specific verifiable SS scheme used. This is an important strength of our idea. Let us start by providing an overview of the general strategy that we follow to achieve our goal, which uses as main ingredients VSS schemes41,42,43 and privacy amplification techniques63 (see Methods section). The former is employed to defeat corrupted classical post-processing units. Indeed, given that t′ < s/3 and t′′ < r/3, the use of VSS schemes allows to post-process the raw keys generated by the QKD modules in a distributed setting by acting only on raw key shares. Obviously, if a pair of QKD modules is corrupted, the generated raw key shares could be known to Eve. Importantly, however, we can prove security also in this scenario mainly because VSS does not require the dealer to be honest, and the use of privacy amplification techniques can remove any information about the final key which could be known to the corrupted pairs of QKD modules (as it is explained in more detail below). In addition, we remark that the post-processing of raw key shares can be performed such that no set of corrupted classical post-processing units can reconstruct kA and kB. Also, VSS guarantees that kA and kB is a correct key independently of the misbehaviour of the corrupted QKD modules and classical post-processing units which might wish to purposely introduce errors. Another key insight of our paper is to show that, since all the classical post-processing techniques that are typically applied in QKD are “linear” in nature (i.e., they involve simple functions in linear algebra, such as bit-wise XOR and multiplications of matrices), they are easily implementable in a distributed setting.
Let us illustrate this last point with a simple example. In particular, let us consider, for instance, the error correction step in QKD. Here, say Bob wants to correct a certain bit string, kB,key, to match that of Alice, which we shall denote by kA,key. In general, this process requires that both Alice and Bob first apply certain error correction matrices, MEC, to kA,key and kB,key to obtain the syndrome information sA = MECkA,key and sB = MECkB,key, respectively. Afterward, if sA ≠ sB Bob modifies kB,key accordingly. This process might be repeated a few times until it is guaranteed that kB,key = kA,key with high probability. Let us now consider again the same procedure but now acting on shares, kAj,key and kBj,key, of kA,key and kB,key, respectively. That is, say \(k_{{\mathrm{A,key}}} = \oplus _j^qk_{{\mathrm{A}}j,{\mathrm{key}}}\) and \(k_{{\mathrm{B}},{\mathrm{key}}} = \oplus _j^qk_{{\mathrm{B}}j,{\mathrm{key}}}\), with q being the total number of shares. For this, Alice and Bob first apply MEC to kAj,key and kBj,key to obtain sAj = MECkAj,key and sBj = MECkBj,key, respectively, for all j. Next, Alice sends sAj to Bob who obtains \(s_{\mathrm{A}} = \oplus _{j = 1}^qs_{{\mathrm{A}}j}\) and \(s_{\mathrm{B}} = \oplus _{j = 1}^qs_{{\mathrm{B}}j}\). This is so because \(\oplus _{j = 1}^qs_{{\mathrm{A}}j} = \oplus _{j = 1}^qM_{{\mathrm{EC}}}k_{{\mathrm{A}}j,{\mathrm{key}}} = M_{{\mathrm{EC}}} \oplus _{j = 1}^qk_{{\mathrm{A}}j,{\mathrm{key}}} = M_{{\mathrm{EC}}}k_{{\mathrm{A}},{\mathrm{key}}} = s_{\mathrm{A}}\), and a similar argument applies to sB. Finally, if sA ≠ sB Bob corrects kB,key by acting on its shares kBj,key. Note that to flip certain bits in kB,key is equivalent to flip the corresponding bits in one of its shares kBj,key. That is, error correction in QKD can be easily performed in a distributed setting by acting only on shares of kA,key and kB,key. The same argument applies as well to the other classical post-processing techniques in QKD, as all of them involve only linear operations.
To defeat corrupted QKD modules, on the other hand, we use privacy amplification techniques. Suppose, for instance, that each pair QKDAi and QKDBi outputs a raw key, \(k_{{\mathrm{A}}i}^\prime\) and \(k_{{\mathrm{B}}i}^\prime\). Moreover, suppose for the moment that the classical post-processing units are trusted and they distil a supposedly (εcor/n)-correct and (εsec/n)-secret key, \(k_{{\mathrm{A}}i}^{\prime\prime}\) and \(k_{{\mathrm{B}}i}^{\prime\prime}\), of length N bits from each pair \(k_{{\mathrm{A}}i}^\prime\) and \(k_{{\mathrm{B}}i}^\prime\). Then, the n × N bit strings \(k_{\mathrm{A}}^\prime = \left[ {k_{{\mathrm{A}}1}^{\prime\prime} , \ldots ,k_{{\mathrm{A}}n}^{\prime\prime} } \right]\) and \(k_{\mathrm{B}}^\prime = [k_{{\mathrm{B}}1}^{\prime\prime} , \ldots ,k_{{\mathrm{B}}n}^{\prime\prime} ]\) are for certain εcor-correct. The secrecy condition, however, only holds if all the QKD modules are trusted. If say the pair QKDAi′ and QKDBi′ is corrupted then the key strings \(k_{{\mathrm{A}}i^\prime }^{\prime\prime}\) and \(k_{{\mathrm{B}}i^\prime }^{\prime\prime}\) are compromised. So, given that t < n the classical post-processing units can apply privacy amplification to \(k_{\mathrm{A}}^\prime\) and \(k_{\mathrm{B}}^\prime\) to extract two shorter (n − t) × N bit strings, kA and kB, which are εsec-secret and thus ε-secure. In the presence of untrusted classical post-processing units, this process can be performed in a distributed manner by acting on data shares.
In short, the general strategy can be decomposed in three main steps, which are illustrated in Fig. 4b. First, each pair of QKD modules generates a raw key and the protocol information and sends them to the CP units. Second, the CP units distil a supposedly (εcor/n)-correct and (εsec/n)-secret key from each raw key received and concatenate the resulting keys to form a longer key bit string, which, in the absence of malicious QKD modules, would be then ε-secure. Finally, in the third step, the CP units apply privacy amplification to this longer bit string to remove any information that could be known to Eve due to the presence of malicious QKD modules. If the CP units are untrusted, these steps are performed in a distributed setting by acting on data shares produced by a VSS scheme.
Next we evaluate three different scenarios of practical interest in this context. For concreteness, in these examples we use the VSS scheme introduced in ref. 41 and which is described in the Methods section.
QKD with malicious QKD modules
We begin by analysing the situation where Alice and Bob have n pairs of QKD modules and up to t < n of them could be corrupted, and each of Alice and Bob has one honest classical post-processing unit. This scenario is illustrated in Fig. 5 and corresponds to the case s = r = 1 and t′ = t′′ = 0 in Fig. 4a.
A possible solution to this scenario is rather simple; see Protocol 1 below. This protocol follows the spirit of “countermeasure 3” in ref. 25 However, in contrast to ref.,25 which is restricted to measurement devices in a DI-QKD setting, Protocol 1 applies to both DI-QKD and non-DI-QKD, and considers the whole QKD key generation devices, which include the sources.
Protocol 1:
-
1.
Generation of raw keys and protocol information: Each pair QKDAi and QKDBi outputs, respectively, the bit strings \(k_{{\mathrm{A}}i}^\prime\) and pAi,info, and \(k_{{\mathrm{B}}i}^\prime\) and pBi,info, or the abort symbol ⊥i, ∀i = 1,…,n.
-
2.
Generation of an εcor-correct key: The units CPA and CPB use the key distillation procedure prescribed by the QKD protocol to generate an (εcor/n)-correct and (εsec/n)-secret key, \(k_{{\mathrm{A}}i}^{\prime\prime}\) and \(k_{{\mathrm{B}}i}^{\prime\prime}\), from each pair \(k_{{\mathrm{A}}i}^\prime\) and \(k_{{\mathrm{B}}i}^\prime\), or they generate the abort symbol ⊥i, ∀i = 1,…,n. Afterward, CPA (CPB) concatenates the M ≤ n keys \(k_{{\mathrm{A}}i}^{\prime\prime}\) \(\left( {k_{{\mathrm{B}}i}^{\prime\prime} } \right)\) which are different from ⊥i to form the bit string \(k_{\mathrm{A}}^\prime = [k_{{\mathrm{A}}1}^{\prime\prime} , \ldots ,k_{{\mathrm{AM}}}^{\prime\prime} ]\) \(\left( {k_{\mathrm{B}}^\prime = [k_{{\mathrm{B}}1}^{\prime\prime} , \ldots ,k_{{\mathrm{BM}}}^{\prime\prime} ]} \right)\). Since by assumption CPA and CPB are trusted, \(k_{\mathrm{A}}^\prime\) and \(k_{\mathrm{B}}^\prime\) are for certain εcor-correct. The secrecy condition only holds if all \(k_{{\mathrm{A}}i}^{\prime\prime}\) and \(k_{{\mathrm{B}}i}^{\prime\prime}\) originate from raw keys output by honest QKD modules. For simplicity, let the length of \(k_{{\mathrm{A}}i}^{\prime\prime}\) and \(k_{{\mathrm{B}}i}^{\prime\prime}\) be N bits ∀i.
-
3.
Generation of an ε-secure key: CPA and CPB apply a randomly selected universal2 hash function to \(k_{\mathrm{A}}^\prime\) and \(k_{\mathrm{B}}^\prime\) to extract two bit strings, kA and kB, of length (M − t) × N bits. kA and kB are by definition εsec-secret, and thus, from step 2, they are ε-secure.
Note that in step 3 of Protocol 1 we consider the worst-case scenario where all \(k_{{\mathrm{A}}i}^{\prime\prime}\) and \(k_{{\mathrm{B}}i}^{\prime\prime}\) generated by corrupted QKD modules contribute to \(k_{\mathrm{A}}^\prime\) and \(k_{\mathrm{B}}^\prime\), respectively, as Alice and Bob cannot discard this case. Most importantly, Protocol 1 allows Alice and Bob to defeat any covert channel (including, e.g., memory attacks) from the QKD modules, as this protocol guarantees that none of the malicious QKD modules can access kA or kB. Our results are summarised in the following Claim, whose proof is directly from the definition of Protocol 1.
Claim 1.
Suppose that Alice and Bob have n pairs of QKD modules and up to t < n of them could be corrupted. Also, suppose that they have one trusted classical post-processing unit each. Let M ≤ n denote the number of pairs of QKD modules that do not abort and whose raw key could in principle be transformed into an (ε/n)-secure key, and let N bits be the length of such supposedly secure key. Protocol 1 allows Alice and Bob to distil an ε-secure key of length (M − t) × N bits. Moreover, the re-use of the devices does not compromise the security of the keys distilled in previous QKD runs.
Importantly, we remark that Protocol 1 is basically optimal with respect to the resulting secret key rate, in the sense that there is no protocol which can deliver a higher key rate in the scenario considered. This is so because of the following. If no pair of QKD modules aborts and its raw data could in principle be transformed into a secure key we have, by definition, that the maximum total final key length is at most n × N bits. Also, we know that up to t × N bits of such key could be compromised by the t pairs of corrupted QKD modules. That is, the maximum secure key length is at most (n − t) × N bits. Moreover, as discussed above, if some pairs of QKD modules abort we must necessarily assume the worst-case scenario where they are honest. This is so because through her interaction with the quantum signals in the channel, Eve could always force honest QKD modules to abort by simply increasing the resulting QBER or phase error rate. That is, in this scenario it is not possible to distil a key length greater than (M − t) × N bits.
QKD with malicious classical post-processing units
We now consider the situation where Alice and Bob have one trusted QKD module each, and Alice (Bob) has s (r) classical post-processing units CPAi (CPBi′), with i = 1,…,s (i′ = 1,…,r), and up to t′ < s/3 (t′′ < r/3) of them could be corrupted. This is illustrated in Fig. 6 and corresponds to the case n = 1 and t = 0 in Fig. 4a.
Since now the units CPAi and CPBi′ could be malicious, we aim to generate shares of an ε-secure key, kA and kB. A possible solution to this scenario is given by Protocol 2, which is described in detail in the Methods section. The main result is summarised in the following Claim, whose proof is directly from the description of Protocol 2:
Claim 2.
Suppose that Alice and Bob have one trusted QKD module each, and each of them has, respectively, s and r classical post-processing units. Also, suppose that up to t′ < s/3 of Alice’s units and up to t′′ < r/3 of Bob’s units could be corrupted. Then, if we disregard the cost of authenticating the classical channels between Alice and Bob’s classical post-processing units, Protocol 2 allows them to distil an ε-secure key of the same length as would be possible in a completely trusted scenario. Moreover, the re-use of the devices does not compromise the security of the keys distilled in previous QKD runs.
That is, if we ignore the cost of authenticating the classical channels between the units CPAi and CPBi′, Claim 2 implies that Protocol 2 is optimal with respect to the resulting secret key length, in the sense that there is no protocol which can deliver a higher key rate in the scenario considered. This is so because this protocol allows Alice and Bob to obtain a secret key of the same length as it would be possible if all devices are trusted. We refer the reader to the Supplementary Note 2 for a simpler but less efficient protocol to achieve the same task.
Also, we remark that in Protocol 2 the cost due to authenticating the classical channels is relatively small even when s and r are reasonable large. Indeed, if we assume for simplicity the symmetric scenario where s = r and t′ = t′′ (i.e., each of Alice and Bob has s CP units and up to t′ < s/3 of them are malicious), it can be shown that this authentication cost is basically s(2t′ + 1)kau bits, where kau denotes the authentication cost in the trusted scenario (i.e., when s = 1 and t′ = 0). That is, the overall cost of authentication is only s(2t′ + 1) times that of a standard QKD scheme with honest devices. This is so because in the untrusted scenario, for any message that has to be authenticated (say for instance from Alice), it is enough that 2t′ + 1 units CPAi send that message authenticated to all the s CPBi′ units at Bob’s side. In so doing, it is guaranteed that Bob’s units can reconstruct the message correctly by using say majority voting. Importantly, the parameter kau is logarithmic in the size of the messages sent, which assures that the cost of authentication in Protocol 2 is small.
QKD with malicious QKD modules and classical post-processing units
Finally, here we consider the situation where Alice and Bob have n pairs of QKD modules, QKDAi and QKDBi with i = 1,…,n, and Alice (Bob) has s (r) classical post-processing units CPAi′ (CPBi′′), with i′ = 1,…,s (i′′ = 1,…,r), and up to t < n pairs of QKD modules, up to t′ < s/3 units CPAi′ and up to t′′ < r/3 units CPBi′′ could be corrupted. This scenario is illustrated in Fig. 7 and corresponds to the most general case considered in Fig. 4a.
For illustrative purposes, let us discuss first a naive protocol that fails to achieve the goal. In particular, suppose for simplicity that s = r = n, and, moreover, we have that up to t < n groups of devices Gi ≡ {QKDAi, QKDBi, CPAi, CPBi} could be corrupted, where we say that a group Gi is corrupted if at least one of its elements is corrupted. Then, if one disregards efficiency issues, a straightforward solution to this scenario might appear to be as follows. Each Gi generates a supposedly ε-secure key, kAi and kBi, and then this key is simply considered as the ith share of the final key, kA and kB. That is, \(k_{\mathrm{A}} = \oplus _{i = 1}^nk_{{\mathrm{A}}i}\) and \(k_{\mathrm{B}} = \oplus _{i = 1}^nk_{{\mathrm{B}}i}\). Indeed, given that t < n, kA and kB is for certain εsec-secret. However, the main problem of this naive approach is that kA and kB might not be correct because a corrupted Gi could output kAi ≠ kBi and thus kA ≠ kB.
Below we provide a simple solution (Protocol 3) to the general scenario. It builds on Protocols 1 and 2, and it consists of three main steps.
Protocol 3:
-
1.
Generation and distribution of shares of (ε/n)-secure keys: Each pair QKDAi and QKDBi uses say Protocol 2 to distribute shares of an (ε/n)-secure key, kAi and kBi, or the abort symbol ⊥i, between CPAi′ and CPBi′′, respectively. Let \(\tilde k_{{\mathrm{A}}i^{\prime}ij}\) \(( {\tilde k_{{\mathrm{B}}i^{\prime\prime}ij^{\prime}}} )\) be the jth (j′th) share of kAi (kBi) obtained by CPAi′ (CPBi′′). For simplicity, we will suppose that the length of kAi and kBi is N bits ∀i.
-
2.
Generation of shares of an εcor-correct key: Let \(\vec {0}\) be the N-bit zero vector, and M be the number of kAi and kBi which are different from ⊥i. Each CPAi′ defines \(k_{{\mathrm{A}}i^{\prime} ij}^{{\prime}{\prime}} = \left[ {\vec 0_{1}, \ldots ,\vec 0_{i - 1},\tilde k_{{\mathrm{A}}i^{\prime}ij},\vec 0_{i + 1}, \ldots ,\vec 0_{M}} \right]\). Likewise, the CPBi′′ form \(k_{{\mathrm{B}}i^{\prime\prime} ij^{\prime} }^{\prime\prime}\) from \(\tilde k_{{\mathrm{B}}i^{\prime\prime} ij^{\prime} }\). \(k_{{\mathrm{A}}i^{\prime} ij}^{\prime\prime}\) and \(k^{\prime\prime}_{{\mathrm{B}}i^{\prime\prime} ij^{\prime} }\) are by definition shares of an εcor-correct key. The secrecy condition only holds if all kAi and kBi originate from honest QKD modules.
-
3.
Generation of shares of an ε-secure key: The CPAi′ use the RBS scheme (see Methods section) to randomly select a universal2 hash function, hP. Next, they obtain shares, \(k_{{\mathrm{A}}i^{\prime}ij} = h_{\mathrm{P}}(k_{{\mathrm{A}}i^{\prime}ij}^{\prime\prime} )\) of length (M − t) × N bits of a final key kA, and say the first 2t′ + 1 CPAi' send hP to all CPBi′′, which use majority voting to determine hP from the information received, and then obtain shares \(k_{{\mathrm{B}}i^{\prime\prime}ij^{\prime}} = h_{\mathrm{P}}(k_{{\mathrm{B}}i^{\prime\prime}ij^{\prime}}^{\prime\prime} )\) of the final key kB.
Indeed, given that t′ < MAi/3 and t′′ < MBi/3 for all i = 1,…,M, where MAi (MBi) denotes the number of CPAi′ (CPBi′′) that do not produce ⊥i but output post-processed shares, kAi′ij (kBi′′ij′), from kAi (kBi), then the final key, kA and kB, is ε-secure. Also, Alice (Bob) could obtain kA (kB) by using the reconstruct protocol of a VSS (see Methods section). That is, Alice (Bob) could use majority voting to obtain the shares kAij and kBij′ of kA (kB) from kAi′ij (kBi′′ij′) for all i = 1,…,M and j = 1,…,q (j′ = 1,…,q′), and she (he) calculates \(k_{\mathrm{A}} = \oplus _{i = 1}^M \oplus _{j = 1}^qk_{{\mathrm{A}}ij}\) \(( {k_{\mathrm{B}} = \oplus _{i = 1}^M \oplus _{j^{\prime} = 1}^{q^{\prime}}k_{{\mathrm{B}}ij^{\prime}}} )\) where q (q′) is the total number of shares of kAi (kBi) for each i.
Our results are summarised in the following Claim, whose proof is directly from the definition of Protocol 3:
Claim 3.
Suppose that Alice and Bob have n pairs of QKD modules and Alice (Bob) has s (r) classical post-processing units. Suppose that up to t < n pairs of QKD modules, up to t′ < s/3 classical post-processing units of Alice, and up to t′′ < r/3 classical post-processing units of Bob could be corrupted. Let M ≤ n denote the number of pairs of QKD modules that do not abort and whose raw key can be transformed into a supposedly (ε/n)-secure key, and let N bits be the length of such key. Then Protocol 3 allows Alice and Bob to distil an ε-secure key of length (M − t) × N bits. Moreover, the re-use of the devices does not compromise the security of the keys distilled in previous QKD runs.
We remark that if we disregard the cost of authenticating the classical channels between Alice and Bob’s classical post-processing units, Protocol 3 is optimal with respect to the resulting secret key length, in the sense that no other protocol can deliver a higher key rate for the scenario considered. The argument follows directly from that used in the subsection above that evaluates QKD with malicious QKD modules, where we showed that if the classical post-processing units are trusted the secret key rate is upper bounded by (M − t) × N bits. So, in the presence of corrupted classical post-processing units this upper bound also trivially holds.
Moreover, we note that, like in the case of Protocol 2, the cost of authenticating the classical channels between the units CPAi′ and CPBi′′ in Protocol 3 is also relatively small even when n, s and r are fairly large. Indeed, if we assume again the symmetric scenario where s = r and t′ = t′′, it can be shown that this authentication cost is now roughly \(\approx s(2t^\prime + 1)(nk_{{\mathrm{au}}} + k_{{\mathrm{pa}}}^\prime )\) bits, where kau denotes again the authentication cost in the trusted scenario (i.e., when n = s = 1 and t = t′ = 0). The term ns(2t′ + 1)kau comes mainly because here we run n times Protocol 2, each time for a different pair of modules QKDAi and QKDBi. The term s(2t′ + 1)\(k_{{\mathrm{pa}}}^\prime\), on the other hand, considers the authentication cost of step 3 in Protocol 3. This step requires that 2t′ + 1 units CPAi' send the function hP to all the s CPBi'′′, being the term \(k_{{\mathrm{pa}}}^\prime\) logarithmic in the size of the message sent. That is, the overall cost of authentication of Protocol 3 is only about ≈ns(2t′ + 1) times that of a standard QKD scheme with honest devices, which demonstrates the practical feasibility of our approach.
Discussion
Security proofs of QKD typically assume that all devices are honest and there are no covert channels that leak information to Eve. Unfortunately, however, these assumptions are very hard, if not impossible, to guarantee in practice. Indeed, our work highlights the folly of bringing an untrusted device into a trusted lab, which has been known since the time of the Trojans.
Memory attacks25 constitute an example of how covert channels can severely jeopardise the security of both DI-QKD and non-DI-QKD. These attacks demonstrate that quantum mechanics alone is not enough to guarantee the security of practical QKD realisations but, for this, one needs to resort to additional assumptions. Also, recent results on Trojan Horse attacks31,32,33,34,35,36,69,70 against conventional cryptography underline the vulnerabilities of the classical post-processing units in QKD, and this threat is expected to only rise with time.
In this paper, we have introduced a simple method to reduce the risk due to this type of attacks; it is based on the idea of classical error correction via redundancy. We use the assumption that, for Eve, it might be more difficult to tamper with several devices from different vendors than corrupting just one QKD device from a single vendor, which indeed is probably the best Alice and Bob can hope for. With this assumption in place, and given that there is at least one pair of honest QKD modules and that the number of corrupted classical post-processing units is less than one-third of them, we have shown how VSS schemes, together with privacy amplification techniques, could be used to reliable distribute a secret key in the presence of malicious devices and thus re-establish the security of QKD.
VSS and SS techniques have been used previously in quantum information.71,72,73 For instance, the authors of refs. 71,72 proposed a quantum version of VSS to achieve secure multiparty quantum computation, while in ref. 73 classical SS schemes are combined with QKD to achieve information-theoretically secure distributed storage systems.
A key insight of our paper is very simple yet potentially very useful: the typical classical post-processing in QKD involves only operations which are “linear” in nature, and thus they could be easily implemented in a distributed setting by acting on data shares from say a linear VSS scheme. Also, our results suggest that the way QKD is sometimes envisioned commercially (e.g., as a single “box” which directly outputs the final keys),74 should perhaps be replaced with a “modular design”, where one divides up a QKD system into various modules (e.g., purely quantum modules and classical post-processing units) and use them to cross-check each other for security, which can be done in an independent manner as we have shown above.
To illustrate our results, we have proposed specific protocols for three scenarios of practical interest. They assume that either the QKD modules, the classical post-processing units, or both of them together could be corrupted. Remarkably, if we disregard the cost of classical authentication, all these protocols are optimal with respect to the secret key rate. They use the VSS scheme introduced in ref. 41 which is very simple to implement. Its main drawback is, however, that, for a given number of corrupted parties, the number of shares grows exponentially with the total number of parties. Nevertheless, for a small number of parties (which is the scenario that we are interested in QKD), the protocol is efficient in terms of computational complexity. Also, we remark that there exist efficient three-round VSS protocols where the computation and communication required is polynomial in the total number of parties.75 Moreover, these schemes use a minimum number of communication rounds,76 and they could also be used here. It would be interesting to further investigate the most resource efficient protocols to be used in the QKD framework.
Finally, we would like to emphasise that our approach does not jeopardise the potential practical advantages of QKD over classical competitors in any way. Indeed, as we have already mentioned previously, covert channels constitute a fundamental problem for conventional cryptography as well. To foil covert channels is therefore equally essential for both frameworks. This means that redundancy will be needed in both scenarios and, thus, our work does not shift the balance of power between them in any sense.
Methods
Secure multiparty computation toolbox
Here we briefly introduce some definitions and cryptographic protocols that are used in the main text; they are mainly taken from refs. 38,41
We consider a scenario with a dealer and n parties, and we suppose a threshold active adversary structure where Eve can actively corrupt the dealer and up to t of the parties. Active corruption means that Eve can fully control the corrupted parties whose behaviour can deviate arbitrarily from the protocol’s prescriptions. We refer the reader to the Supplementary Note 3 for the modelling of more general adversary structures. For simplicity, we assume that all messages are binary strings and the symbol ⊕ below denotes bit-wise XOR or bit-wise addition modulo 2. We remark, however, that the the protocols below work as well over any finite field or ring.
In this scenario, a n-out-of-q threshold SS scheme77,78 is a protocol that allows the dealer to split a message m between n parties such that, if he is honest, any group of q or more parties can collaborate to reconstruct m but no group with less than q parties can obtain any information about m. If n = q, this could be achieved by splitting m into a random sum of q shares mi. That is, one selects the first q − 1 shares mi of m at random, and then chooses mq = m ⊕ m1 ⊕…⊕ mq−1.38
A drawback of SS schemes is that they do not guarantee the consistency of the shares, which is essential to assure the correctness of the keys delivered by the QKD protocols in the main text. That is, during the reconstruct phase of a SS scheme, corrupted parties could send different mi to the honest parties such that they obtain different values for m. This problem can be solved with VSS schemes,42,43 which distribute mi in a redundant manner such that the honest parties can use error correction to obtain the correct values. Indeed, provided that the necessary and sufficient conditon t < n/3 is satisfied, a VSS scheme guarantees that there exists a well-defined m that all honest parties obtain from their shares.39,40,41
The share and reconstruct protocols of a VSS scheme satisfy three conditions. First, independently of whether or not the dealer is honest, if the share protocol is successful then the reconstruct protocol delivers the same m to all the honest parties. Second, if the dealer is honest, the value of the reconstructed m coincides with that provided by the dealer. And third, if the dealer is honest, the information obtained by any set of t or less parties after the share (reconstruct) protocol is independent of any previous information that they held before the protocol (is just the reconstructed bit string m). Below we present a simple VSS scheme that builds on the q-out-of-q threshold SS protocol above,41 and which we use in Protocols 2 and 3. Importantly, given that t < n/3, this scheme provides information-theoretic security.41 See the Supplementary Note 1 and the Supplementary Figure 1 for a graphical representation of its share and reconstruct protocols.
Share protocol:
-
1.
The dealer uses a q-out-of-q SS scheme to split m into \(q = \left( {\begin{array}{*{20}{c}} n \\ {n - t} \end{array}} \right)\) shares mi, with i = 1,…,q.
-
2.
Let {σ1,…,σq} denote all (n − t)-combinations of the set of n parties. Then, for each i = 1,…,q, the dealer sends mi over a secure channel (i.e., a channel that provides secrecy and authentication) to each party in σi. If a party does not receive his share, he takes as default share say a zero bit string.
-
3.
All pairs of parties in σi send each other their shares mi over a secure channel to check if they are indeed equal. If an inconsistency is found, they complain using a broadcast channel.
-
4.
If a complaint is raised in σi, the dealer broadcasts mi to all parties and they accept the share received. Otherwise, the protocol aborts.
Reconstruct protocol:
-
1.
All pairs of parties send each other their shares over an authenticated channel.
-
2.
Each party uses majority voting to reconstruct the shares mi ∀i, and then obtains \(m = \oplus _{i = 1}^qm_i\).
From the description above, it is guaranteed that when the share protocol is successful (i.e., it does not abort), all the honest parties who received the ith share of m obtain exactly the same bit string mi. Also, this protocol assures that any share mi of m is distributed to at least 2t + 1 different parties. This is so because this is the minimum size of any set σi. This means, in particular, that, since the number of corrupted parties is at most t, the use of a decision rule based on majority voting in the reconstruct protocol permits all the honest parties to obtain the same fixed mi for all i. Moreover, it is straightforward to show that when the dealer is honest, the reconstructed message m is equal to his original message. Furthermore, we have that m is only revealed to the parties once the reconstruct phase ends. This is so because at least one bit string mi is only shared by honest parties since there is at least one set σi which does not contain any corrupted party. Also, note that if a complaint is raised in a certain σi during the share protocol, the fact that the dealer broadcast mi to all parties does not violate secrecy. This is so because a complaint can only occur if either the dealer is corrupted or σi contains at least one corrupted player, hence the adversary knew mi already.
We remark that the broadcast channel which is required in steps 3 and 4 of the share protocol can be a simulated channel. Indeed, given that t < n/3, there exist efficient poly(n) protocols that can simulate a broadcast channel with information-theoretic security in an optimal number of t + 1 communication rounds.79,80 Furthermore, if a physical broadcast channel is actually available, there exist efficient information-theoretically secure VSS schemes that only require a majority of honest parties (i.e., t < n/2) and which could also be used in this context.43
Next we present a simple scheme to generate a common perfectly unbiased random l-bit string (RBS) r between n parties when up to t < n/3 of them could be corrupted. It follows directly from VSS.39,40,41 For convenience, we call it the RBS protocol. We use it to randomly select universal2 hash functions in Protocols 2 and 3 in the main text, where we cannot assume the existence of an external honest dealer which provides them to the QKD devices. The RBS scheme allows mutually untrusted parties to generate and share random numbers through discussions.
RBS protocol:
-
1.
Say each of the first t + 1 parties produces locally a random l-bit string ri and sends it to all the other parties using the share protocol above.
-
2.
Each party uses a broadcast channel to confirm that they have received all their shares from the first t + 1 parties. Otherwise, the protocol aborts.
-
3.
All parties use the reconstruct protocol above to obtain ri for all i = 1,…,t + 1. Afterward, each of them calculates locally \(r = \oplus _{i = 1}^{t + 1}r_i\).
It is straightforward to show that this protocol guarantees that all honest parties share a perfectly unbiased random bit string r. The use of the share and the reconstruct protocols of a VSS scheme assures that all honest parties reconstruct the same ri ∀i and thus the same r. In addition, step 2 of the protocol guarantees that the first t + 1 parties generate and distribute their strings ri before knowing the strings of the other parties. Moreover, since the number of corrupted parties is at most t, we have that at least one honest party generates a truly random bit string ri, and thus r is also random.
Protocol 2
Here we present the different steps of Protocol 2 in detail. For concreteness, whenever we refer to the share and reconstruct protocols of a VSS scheme we mean those presented in the previous section, which have been introduced in ref. 41 but in principle any VSS scheme could be used.
Also, to simplify the discussion, in Protocol 2 we consider the case where pA,info and pB,info determine the sifting procedure of the QKD scheme in a deterministic way. That is, there is no random post-selection of data from the raw key. In addition, we assume that Alice and Bob do not estimate the actual QBER but they apply error correction for a pre-fixed QBER value followed by an error verification step. However, we remark that Protocol 2 could be straightforwardly adapted to cover also these two scenarios.
-
1.
Generation and distribution of shares of raw keys and protocol information: QKDA and QKDB obtain, respectively, the raw keys \(k_{\mathrm{A}}^\prime\) and \(k_{\mathrm{B}}^\prime\) and the protocol information pA,info and pB,info, or the abort symbol ⊥. If the result is different from ⊥, QKDA uses the share protocol of a VSS scheme to create \(q = \left( {\begin{array}{*{20}{c}} s \\ {s - t^{\prime} } \end{array}} \right)\) shares of \(k_{\mathrm{A}}^\prime\) and distributes them among the CPAi, with i = 1,…,s. Likewise, QKDB creates \(q^\prime = \left( {\begin{array}{*{20}{c}} r \\ {r - t^{\prime\prime} } \end{array}} \right)\) shares of \(k_{\mathrm{B}}^\prime\) and distributes them among the CPBi′, with i′ = 1,…,r. Let \(k_{{\mathrm{A}}ij}^\prime\) (\(k_{{\mathrm{B}}i^\prime j^{\prime} }^\prime\)) be the jth (j′th) share of \(k_{\mathrm{A}}^\prime\) \(\left( {k_{\mathrm{B}}^\prime } \right)\) received by CPAi (CPBi′), with j = 1,…,q (j′ = 1,…,q′). Also, QKDA (QKDB) sends pA,info (pB,info) to all CPAi (CPBi′). Since by assumption QKDA (QKDB) is honest, all CPAi (CPBi′) receive the same pA,info (pB,info) and the shares \(k_{{\mathrm{A}}ij}^\prime\) \(( {k_{{\mathrm{B}}i^\prime j^\prime }^\prime } )\) are equal for all i (i′). Next, say the first 2t′′ + 1 CPBi′ send pB,info to all CPAi. Likewise, say the first 2t′ + 1 CPAi send pA,info (for the detected events) to all CPBi′. Each CPAi (CPBi′) uses majority voting to determine pB,info (pA,info) from the information received. Note that since by assumption the number of corrupted units CPAi (CPBi′) is at most t′ (t′′), 2t′ + 1 (2t′′ + 1) copies of pA,info (pB,info) is enough for the honest parties to be able to reconstruct the correct value of these bit strings by using majority voting.
-
2.
Sifting Each CPAi uses pA,info and pB,info to obtain two bit strings, kAij,key and kAij,est, from \(k_{{\mathrm{A}}ij}^\prime\). The former (latter) bit string is the part of \(k_{{\mathrm{A}}ij}^\prime\) that is used for key generation (parameter estimation). Likewise, Bob’s CPBi′ do the same with k′Bi′j′ and obtain kBi′j′,key and kBi′j′,est.
-
3.
Parameter estimation: All CPAi (CPBi′) use the reconstruct protocol of a VSS scheme to obtain kA,est (kB,est), which is the part of \(k_{\mathrm{A}}^\prime\) \(\left( {k_{\mathrm{B}}^\prime } \right)\) that is used for parameter estimation. For this, they send each other their shares kAij,est (kBi′j′,est), and each of them uses majority voting to obtain kAj,est (kBj′,est) for all j = 1,…,q (j′ = 1,…,q′). Afterward, they calculate \(k_{{\mathrm{A}},est} = \oplus _{j = 1}^qk_{{\mathrm{A}}j,est}\) (\(k_{{\mathrm{B}},est} = \oplus _{j^{\prime} = 1}^{q^{\prime}}k_{{\mathrm{B}}j^{\prime},est}\)). Next, say the first 2t′′ + 1 CPBi′ send kB,est to all CPAi. Likewise, say the first 2t′ + 1 CPAi send kA,est to all CPBi′. Finally, by using majority voting each CPAi (CPBi′) determines kB,est (kA,est). With pA,info, pB,info, kA,est and kB,est, each CPAi and CPBi′ performs locally the parameter estimation step of the protocol (e.g., they estimate the phase error rate). If the estimated values exceed certain tolerated values, they abort.
-
4.
Error correction: The CPAi and CPBi′ perform error correction (for a pre-fixed QBER value) on the parts of \(k_{\mathrm{A}}^\prime\) and \(k_{\mathrm{B}}^\prime\) that are used for key distillation, which we denote by kA,key and kB,key, by acting on their shares kAij,key and kBi′j′,key respectively. For this, each CPAi (CPBi′) applies certain matrices MEC to kAij,key (kBi′j′,key) to obtain sAij = MECkAij,key (sBi′j′ = MECkBi′j′,key). Afterward, the CPAi (CPBi′) use the reconstruct protocol of a VSS scheme to obtain sA = MECkA,key (sB = MECkB,key). That is, all CPAi (CPBi′) first send to each other the bit strings sAij (sBi′j′), and each of them uses majority voting to reconstruct locally sAj (sBj′) ∀j (j′) from sAij (sBi′j′). Then, each CPAi (CPBi′) obtains \(s_{\mathrm{A}} = \oplus _{j = 1}^qs_{{\mathrm{A}}j}\) \(\left( {s_{\mathrm{B}} = \oplus _{j^{\prime} = 1}^{q^{\prime}}s_{{\mathrm{B}}j^{\prime}}} \right)\). Next, say the first 2t′ + 1 CPAi send sA to all CPBi′, and each CPBi′ uses majority voting to determine sA from the information received. Finally, Bob corrects kB,key. For this, say all CPBi′ which have the j′th share kBi′j′,key for a pre-fixed index j′ = 1,…,q′, flip certain bits of this share depending on the actual values of sA and sB. This whole process is repeated until the error correction procedure ends. Let \(\hat k_{{\mathrm{A}}ij,{\mathrm{key}}}\) and \({\hat k}_{{\mathrm{B}}i^{\prime}j^{\prime},{\mathrm{key}}}\) denote the shares kAij,key and kBi′j′,key after error correction, and let leakEC bits be the syndrome information interchanged between Alice and Bob during this step. That is, \(\hat k_{{\mathrm{A}}ij,{\mathrm{key}}}\) and \({\hat k}_{{\mathrm{B}}i^{\prime}j^{\prime},{\mathrm{key}}}\) are actually equal to kAij,key and kBi′j′,key except for the bit strings kBi′j′,key whose bits have been flipped during error correction.
-
5.
Error verification: All CPAi and CPBi′ check that the error correction step was indeed successful. For this, the CPAi use the RBS scheme introduced in the previous section to randomly select a universal2 hash function, hV. Then, they compute a hash \(h_{{\mathrm{A}}ij} = h_{\mathrm{V}}(\hat k_{{\mathrm{A}}ij,{\mathrm{key}}})\) of length [log2 (1/εcor)] bits, and each CPAi uses the reconstruct protocol of a VSS scheme to obtain \(h_{\mathrm{A}} = \oplus _{j = 1}^qh_{{\mathrm{A}}j}\) from hAij. That is, they send each other hAij and they use majority voting to determine hAj ∀j from hAij. Next, say the first 2t′ + 1 CPAi send hV and hA to all CPBi′, which determine the correct values of these two quantities by means of majority voting. Also, the units CPBi′ use the reconstruct protocol of a VSS scheme to obtain \(h_{\mathrm{B}} = \oplus _{j^{\prime} = 1}^{q^{\prime}}h_{{\mathrm{B}}j^{\prime}}\). Finally, each unit CPBi′ checks locally whether or not hA = hB. If they are not equal, the protocol aborts. If they are equal, it is guaranteed that the bit strings \(\hat k_{{\mathrm{A}},{\mathrm{key}}} = \oplus _{j = 1}^q\hat k_{{\mathrm{A}}j,{\mathrm{key}}}\) and \(\hat k_{{\mathrm{B}},{\mathrm{key}}} = \oplus _{j^{\prime} = 1}^{q^{\prime}}\hat k_{{\mathrm{B}}j^{\prime},{\mathrm{key}}}\) are equal except for a minuscule probability εcor, where \(\hat k_{{\mathrm{A}}j,{\mathrm{key}}}\) \(( {\hat k_{{\mathrm{B}}j^{\prime},{\mathrm{key}}}})\) are obtained from \(\hat k_{{\mathrm{A}}ij,{\mathrm{key}}}\) \(( {\hat k_{{\mathrm{B}}i^{\prime}j^{\prime},{\mathrm{key}}}} )\) by using majority voting.
-
6.
Generation of shares of an ε-secure key: All CPAi and CPBi′ extract from \(\hat k_{{\mathrm{A}},{\mathrm{key}}}\) and \(\hat k_{{\mathrm{B}},{\mathrm{key}}}\) the shares of an εsec-secret key, kA and kB. For this, the CPAi use the RBS scheme to randomly select a proper universal2 hash function, hP. Next, they obtain \(k_{{\mathrm{A}}ij} = h_{\mathrm{P}}(\hat k_{{\mathrm{A}}ij,{\mathrm{key}}})\) and say the first 2t′ + 1 CPAi send hP to all CPBi′. Bob’s CP units use majority voting to determine hP from the information received and they calculate \(k_{{\mathrm{B}}i^{\prime}j^{\prime}} = h_{\mathrm{P}}(\hat k_{{\mathrm{B}}i^\prime j^\prime ,{\mathrm{key}}})\). The function hP removes Eve’s information from \(\hat k_{{\mathrm{A}},{\mathrm{key}}}\), which includes the syndrome information leakEC disclosed during error correction, the hash value of length [log2 (1/εcor)] bits disclosed during error verification, and Eve’s information about the key according to the estimated phase error rate.
From the description of Protocol 2 we have that when t′ < MA/3 and t′′ < MB/3, where MA (MB) denotes the number of CPAi (CPBi′) that do not abort, then the final key, kA and kB, is ε-secure. This is so because the condition t′ < MA/3 (or, equivalently, s − t′ − (s − MA) > 2t′) guarantees that for all j = 1,…,q, there are at least 2t′ + 1 units CPAi which send shares kAij to Alice. To see this, note that each share kAj, for all j, is held by s − t′ units CPAi, and by assumption we have that at most s − MA of them could have aborted. A similar argument applies to the condition t′′ < MB/3.
Data availability
Data sharing not applicable to this article as no datasets were generated or analysed during the current study.
References
Gisin, N., Ribordy, R., Tittel, W. & Zbinden, H. Quantum cryptography. Rev. Mod. Phys. 74, 145–195 (2002).
Lo, H.-K., Curty, M. & Tamaki, K. Secure quantum key distribution. Nat. Photon. 8, 595–604 (2014).
Bennett, C. H. & Brassard, G. Quantum cryptography: public key distribution and coin tossing. In Proc. IEEE International Conference on Computers, Systems & Signal Processing 175–179 (IEEE, NY, Bangalore, India, 1984).
Ekert, A. K. Quantum cryptography based on Bell’s theorem. Phys. Rev. Lett. 67, 661–663 (1991).
Peng, C.-Z. et al. Experimental long-distance decoy-state quantum key distribution based on polarization encoding. Phys. Rev. Lett. 98, 010505 (2007).
Rosenberg, D. et al. Long-distance decoy-state quantum key distribution in optical fiber. Phys. Rev. Lett. 98, 010503 (2007).
Yuan, Z. L., Sharpe, A. W. & Shields, A. J. Unconditionally secure one-way quantum key distribution using decoy pulses. Appl. Phys. Lett. 90, 011118 (2007).
Ursin, R. et al. Entanglement-based quantum communication over 144 km. Nat. Phys. 3, 481–486 (2007).
Zhao, Y., Fung, C.-H. F., Qi, B., Chen, C. & Lo, H.-K. Quantum hacking: experimental demonstration of time-shift attack against practical quantum-key-distribution systems. Phys. Rev. A 78, 042333 (2008).
Nauerth, S., Fürst, M., Schmitt-Manderbach, T., Weier, H. & Weinfurter, H. Information leakage via side channels in freespace BB84 quantum cryptography. New J. Phys. 11, 065001 (2009).
Xu, F., Qi, B. & Lo, H.-K. Experimental demonstration of phase-remapping attack in a practical quantum key distribution system. New J. Phys. 12, 113026 (2010).
Lydersen, L. et al. Hacking commercial quantum cryptography systems by tailored bright illumination. Nat. Photon. 4, 686–689 (2010).
Weier, H. et al. Quantum eavesdropping without interception: an attack exploiting the dead time of single-photon detectors. New J. Phys. 13, 073024 (2011).
Mayers, D. & Yao, A. Quantum cryptography with imperfect apparatus. In Proc. of the 39th Annual Symposium on Foundations of Computer Science (FOCS'98) 503–509 (IEEE Computer Society, Los Alamitos, California, 1998).
Acín, A. et al. Device-independent security of quantum cryptography against collective attacks. Phys. Rev. Lett. 98, 230501 (2007).
Vazirani, U. & Vidick, T. Fully device independent quantum key distribution. Phys. Rev. Lett. 113, 140501 (2014).
Braunstein, S. L. & Pirandola, S. Side-channel-free quantum key distribution. Phys. Rev. Lett. 108, 130502 (2012).
Bell, J. S. On the Einstein–Podolsky–Rosen paradox. Physics 1, 195–200 (1964).
Clauser, J. F., Horne, M. A., Shimony, A. & Holt, R. A. Proposed experiment to test local hidden-variable theories. Phys. Rev. Lett. 23, 880–884 (1969).
Hensen, B. et al. Loophole-free Bell inequality violation using electron spins separated by 1.3 kilometres. Nature 526, 682–686 (2015).
Shalm, L. K. et al. A strong loophole-free test of local realism. Phys. Rev. Lett. 115, 250402 (2015).
Giustina, M. et al. Significant-loophole-free test of Bell’s theorem with entangled photons. Phys. Rev. Lett. 115, 250401 (2015).
Hensen, B. et al. Loophole-free Bell test using electron spins in diamond: second experiment and additional analysis. Sci. Rep. 6, 30289 (2016).
Rosenfeld, W. et al. Event-ready Bell-test using entangled atoms simultaneously closing detection and locality loopholes. Phys. Rev. Lett. 119, 010402 (2017).
Barrett, J., Colbeck, R. & Kent, A. Memory attacks on device-independent quantum cryptography. Phys. Rev. Lett. 110, 010503 (2013).
Zander, S., Armitage, G. & Branch, P. A survey of covert channels and countermeasures in computer network protocols. IEEE Commun. Surv. Tutor. Arch. 9, 44–57 (2007).
Lampson., B. W. A note on the confinement problem. Commun. ACM 16, 613–615 (1973).
United States Government Department of Defense. Trusted Computer System Evaluation Criteria. Standard 5200.28-STD. National Computer Security Center. http://csrc.nist.gov/publications/history/dod85.pdf (1985).
Gligor, V. D. A Guide to Understanding Covert Channel Analysis of Trusted Systems (Light Pink Book). National Computer Security Center, NCSC-TG-030 edition. http://www.dtic.mil/dtic/tr/fulltext/u2/a276418.pdf (1993).
The Raymond EMC Modular R.F. Shielded Enclosure System. http://raymondemc.ca/products/products1.htm#5
Mitra, S., Wong, H.,-S. P. & Wong, S. Stopping Hardware Trojans in Their Tracks. IEEE Spectrum. http://spectrum.ieee.org/semiconductors/design/stopping-hardware-trojans-in-their-tracks (2015)
Yang, K., Hicks, M., Dong, Q., Austin, T. & Sylvester, D. A2: analog malicious hardware. In Proc. IEEE Symposium on Security and Privacy (SP’2016), 18–37 (IEEE Computer Society, Los Alamitos, California, 2016).
Becker, G. T., Regazzoni, F., Paar, C. & Burleson, W. P. Stealthy Dopant-level Hardware Trojans. Proc. of the 15th international conference on Cryptographic Hardware and Embedded Systems (CHES'13) (pp. 197–214. Springer-Verlag Berlin, Heidelberg, 2013).
Robertson, J. & Riley, M. The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies. Bloomberg LP. http://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies (2018).
Prevelakis, V. & Spinellis, D. The Athens Affair. IEEE Spectrum. http://spectrum.ieee.org/telecom/security/the-athens-affair (2007).
Shrout, R. Intel Suffers an Epic Security Fail, Offering a Big Opportunity for AMD. MarketWatch: Stock Market News—Financial News. https://www.marketwatch.com/story/intel-suffers-an-epic-security-fail-offering-a-big-opportunity-for-amd-2018-01-03 (2018).
Adee, S. The Hunt for the Kill Switch. IEEE Spectrum. https://spectrum.ieee.org/semiconductors/design/the-hunt-for-the-kill-switch (2008).
Cramer, R., Damgård, I. B. & Nielsen, J. B. Secure Multiparty Computation and Secret Sharing (Cambridge University Press, New York, USA, 2015).
Ben-Or, M., Goldwasser, S. & Wigderson, A. Completeness theorems for non-cryptographic fault-tolerant distributed computation. Proc. of the 20th ACM Symposium on the Theory of Computing (STOC'88) (pp. 1–10. ACM, New York, USA, 1988).
Chaum, D., Crépeau, C. & Damgård, I. Multi-party unconditionally secure protocols. Proc. of the 20th ACM Symposium on the Theory of Computing (STOC'88) (pp. 11–19. ACM, New York, USA, 1988).
Maurer, U. Secure multi-party computation made simple. Discret. Appl. Math. 154, 370–381 (2006).
Chor, B., Goldwasser, S., Micali S. & Awerbuch, B. Verifiable secret sharing and achieving simultaneity in the presence of faults. in Proc. of the 26th Annual Symposium on Foundations of Computer Science (FOCS'85) 383–395 (IEEE Computer Society, Los Alamitos, California, 1985).
Rabin, T. & Ben-Or, M. Verifiable secret sharing and multiparty protocols with honest majority. Proc. of the 21st ACM Symposium on the Theory of Computing (STOC'89) (pp. 73–85. ACM, New York, USA, 1989).
nShield Solo HSMs, Thales Group. https://www.thalesesecurity.com/products/general-purpose-hsms/nshield-solo.
Hardware Security Modules, Gemalto. https://safenet.gemalto.com/data-encryption/hardware-security-modules-hsms/.
AWS CloudHSM, Amazon Web Services. https://aws.amazon.com/cloudhsm/.
Lo, H.-K., Curty, M. & Qi, B. Measurement-device-independent quantum key distribution. Phys. Rev. Lett. 108, 130503 (2012).
Rubenok, A., Slater, J. A., Chan, P., Lucio-Martinez, I. & Tittel, W. Real-world two-photon interference and proof-of-principle quantum key distribution immune to detector attacks. Phys. Rev. Lett. 111, 130501 (2013).
Tang, Z. et al. Experimental demonstration of polarization encoding measurement-device-independent quantum key distribution. Phys. Rev. Lett. 112, 190503 (2014).
Tang, Y.-L. et al. Measurement-device-independent quantum key distribution over untrustful metropolitan network. Phys. Rev. X 6, 011024 (2016).
Comandar, L. C. et al. Quantum key distribution without detector vulnerabilities using optically seeded lasers. Nat. Photon. 10, 312–315 (2016).
Ma, C. et al. Integrated silicon photonic transmitter for polarization-encoded quantum key distribution. Optica 3, 1274–1278 (2016).
Sibson, P. et al. Chip-based quantum key distribution. Nat. Commun. 8, 13984 (2017).
Sibson, P. et al. Integrated silicon photonics for high-speed quantum key distribution. Optica 4, 172–177 (2017).
Kimble, H. J. The quantum internet. Nature 453, 1023–1030 (2008).
Castelvecchi, D. The quantum internet has arrived (and it hasn’t). Nature 554, 289–292 (2018).
Elliott, C. et al. Current status of the DARPA quantum network. In Proc. SPIE, Quantum Information and Computation III, Vol. 5815 (eds. Donkor, E. J., Pirich, A. R. & Brandt, H. E.) 138–149 (SPIE Press, Washington, USA, 2005).
Peev, M. et al. The SECOQC quantum key distribution network in Vienna. New J. Phys. 11, 075001 (2009).
Sasaki, M. et al. Field test of quantum key distribution in the Tokyo QKD network. Opt. Express 19, 10387–10409 (2011).
Stucki, D. et al. Long-term performance of the SwissQuantum quantum key distribution network in a field environment. New J. Phys. 13, 123001 (2011).
Chen, T.-Y. et al. Metropolitan all-pass and inter-city quantum communication network. Opt. Express 18, 27217–27225 (2010).
CORDIS. China to Launch World’s First Quantum Communication Network. Phys.org—News and Articles on Science and Technology. https://phys.org/news/2017-08-china-world-quantum-network.html (2017).
Bennett, C. H., Brassard, G. & Robert, J. M. Privacy amplification by public discussion. SIAM J. Comput. 17, 210–229 (1988).
Carter, J. L. & Wegman, M. N. Universal classes of hash functions. J. Comput. Syst. Sci. 18, 143–154 (1979).
Wegman, M. N. & Carter, J. L. New hash functions and their use in authentication and set equality. J. Comput. Syst. Sci. 22, 265–279 (1981).
Fitzi, M, Hirt, M. & Maurer, U. in General adversaries in unconditional multi-party computation Proc. of the International Conference on the Theory and Applications of Cryptology and Information Security (ASIACRYPT'99). Lecture Notes in Computer Science. (232–246 Springer: Berlin, 1999).
Renner, R. Security of Quantum Key Distribution. Ph.D. thesis, ETH Zurich (2005).
Müller-Quade, J. & Renner, R. Composability in quantum cryptography. New J. Phys. 11, 085006 (2009).
Tehranipoor, M. & Koushanfar, F. A survey of hardware Trojan taxonomy and detection. IEEE Des. Test. Comput. 27, 10–25 (2010).
Skorobogatov, S. & Woods, C. Breakthrough silicon scanning discovers backdoor in military chip. In Proc. of the 14th International Conference on Cryptographic Hardware and Embedded Systems (CHES'12) 23-40 (Springer-Verlag Berlin, Heidelberg, 2012).
Ben-Or, M., Crépeau, C., Gottesman, D., Hassidim, A. & Smith, A. secure multiparty quantum computation with (only) a strict honest majority. In Proc. of the 47th Annual Symposium on Foundations of Computer Science (FOCS'06) 249–260 (IEEE Computer Society, Los Alamitos, California, 2006).
Crépeau, C., Gottesman, D. & Smith, A. Secure multi-party quantum computing. Proc. 34th Annual ACM Symposium on Theory of Computing (STOC'02) (pp. 643–652. ACM, New York, NY, USA, 2002).
Fujiwara, M. et al. Unbreakable distributed storage with quantum key distribution network and password-authenticated secret sharing. Sci. Rep. 6, 28988 (2016).
IdQuantique, Geneve (Switzerland), http://www.idquantique.com.
Fitzi, M., Garay, J., Gollakota, S., Pandu Rangan, C. & Srinathan, K. Round-optimal and efficient verifiable secret sharing. Proc. 3rd Conference on Theory of Cryptography (TCC'06) (pp. 329–342. Springer-Verlag, Berlin, Heidelberg, 2006).
Gennaro, R., Ishai, Y., Kushilevitz, E. & Rabin, T. The round complexity of verifiable secret sharing and secure multicast. Proc. 33rd Annual ACM Symposium on Theory of Computing (STOC'01) (pp. 580–589. ACM, New York, NY, USA, 2001).
Shamir, A. How to share a secret. Commun. ACM 22, 612–613 (1979).
Blakley, G. R. Safeguarding cryptographic keys. In Proc. of the AFIPS 1979 National Computer Conference (NCC'79) 313–317 (AFIPS Press, New Jersey, 1979). R. E. Merwin, Editor and Program Chairman.
Garay, J. A. & Moses, Y. Fully polynomial Byzantine agreement in t+1 rounds. Proc. of the 25th ACM Symposium on the Theory of Computing (STOC'93) (pp. 31–41. ACM, New York, USA, 1993).
Fischer, M. J. & Lynch, N. A. A lower bound for the tieme to assure interactive consistency. Inf. Proc. Lett. 14, 183–186 (1982).
Hwang, W.-Y. Quantum key distribution with high loss: toward global secure communication. Phys. Rev. Lett. 91, 057901 (2003).
Lo, H.-K., Ma, X. & Chen, K. Decoy state quantum key distribution. Phys. Rev. Lett. 94, 230504 (2005).
Wang, X.-B. Beating the photon-number-splitting attack in practical quantum cryptography. Phys. Rev. Lett. 94, 230503 (2005).
Acknowledgements
We thank Charles Bennett and Christian Schaffner for very interesting discussions on the topics of this paper. We acknowledge support from the Galician Regional Government (consolidation of Research Units: AtlantTIC), the Spanish Ministry of Economy and Competitiveness (MINECO), the Fondo Europeo de Desarrollo Regional (FEDER) through Grant Nos. TEC2014-54898-R and TEC2017-88243-R, the European Union’s Horizon 2020 research and innovation programme under the Marie Skłodowska-Curie grant agreement No. 675662 (project QCALL), NSERC, CFI and ORF.
Author information
Authors and Affiliations
Contributions
All authors researched, collated, and wrote this paper.
Corresponding author
Ethics declarations
Competing interests
The authors declare no competing interests.
Additional information
Publisher’s note: Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Supplementary information
Rights and permissions
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made. The images or other third party material in this article are included in the article’s Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/.
About this article
Cite this article
Curty, M., Lo, HK. Foiling covert channels and malicious classical post-processing units in quantum key distribution. npj Quantum Inf 5, 14 (2019). https://doi.org/10.1038/s41534-019-0131-5
Received:
Accepted:
Published:
DOI: https://doi.org/10.1038/s41534-019-0131-5
This article is cited by
-
Secure quantum key distribution with a subset of malicious devices
npj Quantum Information (2021)
-
Measurement-device-independent quantum key distribution with leaky sources
Scientific Reports (2021)
-
Long-distance device-independent quantum key distribution
Scientific Reports (2019)