Abstract
We present a method to control the detection events in quantum key distribution systems that use gated single-photon detectors. We employ bright pulses as faked states, timed to arrive at the avalanche photodiodes outside the activation time. The attack can remain unnoticed, since the faked states do not increase the error rate per se. This allows for an intercept–resend attack, where an eavesdropper transfers her detection events to the legitimate receiver without causing any errors. As a side effect, afterpulses, originating from accumulated charge carriers in the detectors, increase the error rate. We have experimentally tested detectors of the system id3110 (Clavis2) from ID Quantique. We identify the parameter regime in which the attack is feasible despite the side effect. Furthermore, we outline how simple modifications in the implementation can make the device immune to this attack.
Export citation and abstract BibTeX RIS
GENERAL SCIENTIFIC SUMMARY Introduction and background. Quantum key distribution (QKD) systems provide communication with proven unconditional security and have recently become commercial products. Security proofs have been provided for different scenarios, assuming idealized models of these systems.
Main results. We present a new method to exploit a discrepancy between the model assumptions and the real device properties of single-photon detectors. The vulnerability is based on the fact that telecommunication avalanche photodiodes operate in a gated mode. Outside of the activation time, they operate as linear classical photodiodes with a classical sensitivity threshold. Launching a bright light pulse just after the gate causes a controllable detection. This allows one to execute an intercept-resend attack, delivering a full secret key to the eavesdropper. However, the bright pulses produce a side effect in the form of random detection events (afterpulses) in subsequent gates. The resulting increase in the quantum bit error rate (QBER) might reveal the eavesdropper. Nevertheless, we show that the QBER caused by our attack is sufficiently small to allow for undetected eavesdropping in some parameter ranges (see figure).
Wider implications. In the future, it will be necessary to extend security proofs to more general and realistic scenarios, carefully including deviations from implementations from the model.
Figure. The figure shows simulated QBER for a quantum key distribution system under after-gate attack. We have analyzed a range of operation frequencies and fiber channel lengths (assuming 0.2 dB/km attenuation). The commercial system Clavis2 is insecure below 50 km channel length.