OSA's Digital Library

Spotlight on Optics

Spotlight on Optics


  • February 2011

Optics InfoBase > Spotlight on Optics > Thermal blinding of gated detectors in quantum cryptography

Thermal blinding of gated detectors in quantum cryptography

Published in Optics Express, Vol. 18 Issue 26, pp.27938-27954 (2010)
by Lars Lydersen, Carlos Wiechers, Christoffer Wittmann, Dominique Elser, Johannes Skaar, and Vadim Makarov

Source article Abstract | Full Text: XHTML | Full Text: PDF

Spotlight summary: “The discovery of security loopholes does not prove that Quantum Key Distribution (QKD) is insecure, but rather that principles of QKD are not sufficiently well implemented” After this reassuring statement, Lydersen et al. describe their blinding attack, one that happens to be so far the only one, implementable with current technology, capable of eavesdropping the whole secret key without being detected.

One of the fundamental features of QKD is that an eavesdropper (Eve), performing measurements over single photon states, always leaves a signature of her presence, causing the Quantum Bit Error Rate (QBER) to increase. By constantly measuring the QBER and assuming that all of it is due to Eve, it is possible to estimate the amount of information that Eve might have collected. Knowing this, privacy amplification algorithms can be applied over the raw key to obtain a final key on which Eve’s knowledge can be made negligible. However, every imperfection in the detectors or sources provides Eve with additional side channels to collect an extra amount of information without being noticed. Nonidealities don’t make QKD insecure provided that the maximum amount of information that Eve can collect can still be precisely estimated or, even better, minimized with countermeasures. Over the years, QKD security proofs have been extended to incorporate the behavior of real sources and detectors and to close all the known loopholes—until a new loophole is found.

Blinding attacks exploit an important and previously unconsidered loophole: the behavior under strong illumination of a particular class of single photon detectors used for QKD: Single Photon Avalanche Diodes (SPAD). To detect single photons, SPADs have to be biased above their breakdown voltage. If strongly illuminated, their photocurrent is expected to saturate, making them blind to single photons. Blinding can certainly be used to cause a denial of service in a QKD link, but the authors discovered that in particular conditions, blinded detectors keep a residual sensitivity to light, and by sending them an intense light pulse it is possible to modulate their current to mimic their response to a single photon.

In the blinding attack, Eve has an exact replica of Bob’s measurement apparatus connected to Alice, and she sends strong light pulses to Bob to blind all of the apparatus’ detectors. Once the detectors are blinded, their state can be fully controlled and Eve has only to reproduce inside Bob’s hardware the exact clicking sequence registered by her detectors. The result is that Eve achieves complete knowledge of the raw key without being detected, since her action doesn’t increase the QBER. A similar behavior in Bob’s hardware cannot be obtained in any way by sending Bob single photon states.

Blinding attacks over commercial systems have been reported before by the same group, but in this paper the authors extend the applicability of their techniques to circuit configurations that have been suggested as a countermeasure for blinding attacks. In particular, they show that a SPAD can be blinded and controlled in at least two additional ways, namely, thermal blinding and sinkhole blinding. In the first method the breakdown voltage of the detector is increased by a temperature rise. In sinkhole blinding the device doesn’t even need to exit the single photon-detection regime. The two new techniques are described in detail in the paper together with a clear introduction to the principles behind blinding attacks.

At the end of their article, the authors propose some solutions to prevent a blinding attack. Among them, they suggest using an additional linear detector to monitor the optical power entering the system, but they point out that the implementation of this approach might not be trivial and could expose the system to further loopholes: the detector, despite being extremely sensitive, would have to be nonblindable, and its presence would need to be incorporated as well in a security proof.

-- Alessandro Restelli

Technical Division: Light–Matter Interactions
ToC Category: Quantum Optics
OCIS Codes: (040.5570) Detectors : Quantum detectors
(270.5570) Quantum optics : Quantum detectors
(040.1345) Detectors : Avalanche photodiodes (APDs)
(270.5568) Quantum optics : Quantum cryptography

Posted on February 02, 2011

Add Comment
You must log in to add comments.

Browse Journals / Lookup Meetings

Browse by Journal and Year


Lookup Conference Papers

Close Browse Journals / Lookup Meetings

Previous Spotlights