We consider error correction in quantum key distribution. To avoid that Alice and Bob unwittingly end up with different keys precautions must be taken. Before running the error correction protocol, Bob and Alice normally sacrifice some bits to estima
te the error rate. To reduce the probability that they end up with different keys to an acceptable level, we show that a large number of bits must be sacrificed. Instead, if Alice and Bob can make a good guess about the error rate before the error correction, they can verify that their keys are similar after the error correction protocol. This verification can be done by utilizing properties of Low Density Parity Check codes used in the error correction. We compare the methods and show that by verification it is often possible to sacrifice less bits without compromising security. The improvement is heavily dependent on the error rate and the block length, but for a key produced by the IdQuantique system Clavis^2, the increase in the key rate is approximately 5 percent. We also show that for systems with large fluctuations in the error rate a combination of the two methods is optimal.
We control using bright light an actively-quenched avalanche single-photon detector. Actively-quenched detectors are commonly used for quantum key distribution (QKD) in the visible and near-infrared range. This study shows that these detectors are co
ntrollable by the same attack used to hack passively-quenched and gated detectors. This demonstrates the generality of our attack and its possible applicability to eavsdropping the full secret key of all QKD systems using avalanche photodiodes (APDs). Moreover, the commercial detector model we tested (PerkinElmer SPCM-AQR) exhibits two new blinding mechanisms in addition to the previously observed thermal blinding of the APD, namely: malfunctioning of the bias voltage control circuit, and overload of the DC/DC converter biasing the APD. These two new technical loopholes found just in one detector model suggest that this problem must be solved in general, by incorporating generally imperfect detectors into the security proof for QKD.
This is a chapter on quantum cryptography for the book A Multidisciplinary Introduction to Information Security to be published by CRC Press in 2011/2012. The chapter aims to introduce the topic to undergraduate-level and continuing-education student
s specializing in information and communication technology.
This is a comment on the publication by Yuan et al. [Appl. Phys. Lett. 98, 231104 (2011); arXiv:1106.2675v1 [quant-ph]].
We experimentally demonstrate that a superconducting nanowire single-photon detector is deterministically controllable by bright illumination. We found that bright light can temporarily make a large fraction of the nanowire length normally-conductive
, can extend deadtime after a normal photon detection, and can cause a hotspot formation during the deadtime with a highly nonlinear sensitivity. In result, although based on different physics, the superconducting detector turns out to be controllable by virtually the same techniques as avalanche photodiode detectors. As demonstrated earlier, when such detectors are used in a quantum key distribution system, this allows an eavesdropper to launch a detector control attack to capture the full secret key without being revealed by to many errors in the key.
We introduce the concept of a superlinear threshold detector, a detector that has a higher probability to detect multiple photons if it receives them simultaneously rather than at separate times. Highly superlinear threshold detectors in quantum key
distribution systems allow eavesdropping the full secret key without being revealed. Here, we generalize the detector control attack, and analyze how it performs against quantum key distribution systems with moderately superlinear detectors. We quantify the superlinearity in superconducting single-photon detectors based on earlier published data, and gated avalanche photodiode detectors based on our own measurements. The analysis shows that quantum key distribution systems using detector(s) of either type can be vulnerable to eavesdropping. The avalanche photodiode detector becomes superlinear towards the end of the gate, allowing eavesdropping using trigger pulses containing less than 120 photons per pulse. Such an attack would be virtually impossible to catch with an optical power meter at the receiver entrance.
Characterizing the physical channel and calibrating the cryptosystem hardware are prerequisites for establishing a quantum channel for quantum key distribution (QKD). Moreover, an inappropriately implemented calibration routine can open a fatal secur
ity loophole. We propose and experimentally demonstrate a method to induce a large temporal detector efficiency mismatch in a commercial QKD system by deceiving a channel length calibration routine. We then devise an optimal and realistic strategy using faked states to break the security of the cryptosystem. A fix for this loophole is also suggested.
Several attacks have been proposed on quantum key distribution systems with gated single-photon detectors. The attacks involve triggering the detectors outside the center of the detector gate, and/or using bright illumination to exploit classical pho
todiode mode of the detectors. Hence a secure detection scheme requires two features: The detection events must take place in the middle of the gate, and the detector must be single-photon sensitive. Here we present a technique called bit-mapped gating, which is an elegant way to force the detections in the middle of the detector gate by coupling detection time and quantum bit error rate. We also discuss how to guarantee single-photon sensitivity by directly measuring detector parameters. Bit-mapped gating also provides a simple way to measure the detector blinding parameter in security proofs for quantum key distribution systems with detector efficiency mismatch, which up until now has remained a theoretical, unmeasurable quantity. Thus if single-photon sensitivity can be guaranteed within the gates, a detection scheme with bit-mapped gating satisfies the assumptions of the current security proofs.
This is a reply to the comment by Yuan et al. [arXiv:1009.6130v1] on our publication [arXiv:1008.4593].
We present a method to control the detection events in quantum key distribution systems that use gated single-photon detectors. We employ bright pulses as faked states, timed to arrive at the avalanche photodiodes outside the activation time. The att
ack can remain unnoticed, since the faked states do not increase the error rate per se. This allows for an intercept-resend attack, where an eavesdropper transfers her detection events to the legitimate receiver without causing any errors. As a side effect, afterpulses, originating from accumulated charge carriers in the detectors, increase the error rate. We have experimentally tested detectors of the system id3110 (Clavis2) from ID Quantique. We identify the parameter regime in which the attack is feasible despite the side effect. Furthermore, we outline how simple modifications in the implementation can make the device immune to this attack.
