hide
Free keywords:
CRYPTOGRAPHY; SYSTEMS; ATTACKComputer Science; Remote Sensing; Optics; quantum; cryptography; key distribution; hacking; vulnerabilities;
imperfections; single-photon detector;
Abstract:
We report several vulnerabilities found in Clavis2, the flagship quantum key distribution (QKD) system from ID Quantique. We show the hacking of a calibration sequence run by Clavis2 to synchronize the Alice and Bob devices before performing the secret key exchange. This hack induces a temporal detection efficiency mismatch in Bob that can allow Eve to break the security of the cryptosystem using faked states. We also experimentally investigate the superlinear behaviour in the single-photon detectors (SPDs) used by Bob. Due to this superlinearity, the SPDs feature an actual multi-photon detection probability which is generally higher than the theoretically-modelled value. We show how this increases the risk of detector control attacks on QKD systems (including Clavis2) employing such SPDs Finally, we review the experimental feasibility of Trojan-horse attacks. In the case of Clavis2, the objective is to read Bob's phase modulator to acquire knowledge of his basis choice as this information suffices for constructing the raw key in the Scarani-Acin-Ribordy-Gisin 2004 (SARG04) protocol. We work in close collaboration with ID Quantique and for all these loopholes, we notified them in advance. Wherever possible, we or ID Quantique proposed countermeasures and they implemented suitable patches and upgrade their systems.
