基于弱相干光的实际QKD系统的安全性研究

实际量子密钥分发系统使用的单光子源主要是由弱激光脉冲经衰减得到。它不是理想单光子源而是服从泊松分布的准单光子源。每个非空光脉冲中包含多光子的概率不为零,强大的窃听者可利用此获得一些关于最终密钥的信息。因此,有必要研究实际QKD系统的安全性。采用对多光子进行分束窃听、单光子最佳攻击相结合的方案,用Shannon信息理论分析了基于弱相干光的实际QKD系统的安全性。研究结果表明实际QKD系统对于分束窃听和最佳攻击是安全的,并给出合法通信双方在该攻击方案下所容忍的误码率上限。     

Quantum Hacking on an Integrated Continuous-Variable Quantum Key Distribution System via Power Analysis

In quantum key distribution (QKD), there are some security loopholes opened by the gaps between the theoretical model and the practical system, and they may be exploited by eavesdroppers (Eve) to obtain secret key information without being detected. This is an effective quantum hacking strategy that seriously threatens the security of practical QKD systems. In this paper, we propose a new quantum hacking attack on an integrated silicon photonic continuous-variable quantum key distribution (CVQKD) system, which is known as a power analysis attack. This attack can be implemented by analyzing the power originating from the integrated electrical control circuit in state preparation with the help of machine learning, where the state preparation is assumed to be perfect in initial security proofs. Specifically, we describe a possible power model and show a complete attack based on a support vector regression (SVR) algorithm. The simulation results show that the secret key information decreases with the increase of the accuracy of the attack, especially in a situation with less excess noise. In particular, Eve does not have to intrude into the transmitter chip (Alice), and may perform a similar attack in practical chip-based discrete-variable quantum key distribution (DVQKD) systems. To resist this attack, the electrical control circuit should be improved to randomize the corresponding power. In addition, the power can be reduced by utilizing the dynamic voltage and frequency scaling (DVFS) technology.     

Countermeasure against probabilistic blinding attack in practical quantum key distribution systems

In a practical quantum key distribution(QKD) system, imperfect equipment, especially the single-photon detector,can be eavesdropped on by a blinding attack. However, the original blinding attack may be discovered by directly detecting the current. In this paper, we propose a probabilistic blinding attack model, where Eve probabilistically applies a blinding attack without being caught by using only an existing intuitive countermeasure. More precisely, our countermeasure solves the problem of how to define the bound in the limitation of precision of current detection, and then we prove security of the practical system by considering the current parameter. Meanwhile, we discuss the bound of the quantum bit error rate(QBER) introduced by Eve, by which Eve can acquire information without the countermeasure.     

Device calibration impacts security of quantum key distribution

Characterizing the physical channel and calibrating the cryptosystem hardware are prerequisites for establishing a quantum channel for quantum key distribution (QKD). Moreover, an inappropriately implemented calibration routine can open a fatal security loophole. We propose and experimentally demonstrate a method to induce a large temporal detector efficiency mismatch in a commercial QKD system by deceiving a channel length calibration routine. We then devise an optimal and realistic strategy using faked states to break the security of the cryptosystem. A fix for this loophole is also suggested.     

Quantum key distribution system against the probabilistic faint after-gate attack

In practical quantum key distribution (QKD) systems, a single photon-detector (SPD) is one of the most vulnerable components. Faint after-gate attack is a universal attack against the detector. However, the original faint after-gate attack can be discovered by monitoring the photocurrent. This paper presents a probabilistic generalization of the attack, which we refer to as probabilistic faint after-gate attack, by introducing probability control modules. Previous countermeasures for photocurrent monitoring may fail in detecting the eavesdropper under some specific probabilities. To mitigate this threat, we provide a method to determine the detectable boundary in the limitation of precision of photocurrent monitoring, and investigate the security of QKD systems under such boundaries using the weak randomness model.     

Attacking a high-dimensional quantum key distribution system with wavelength-dependent beam splitter

The unconditional security of quantum key distribution(QKD) can be guaranteed by the nature of quantum physics.Compared with the traditional two-dimensional BB84 QKD protocol, high-dimensional quantum key distribution(HDQKD) can be applied to generate much more secret key.Nonetheless, practical imperfections in realistic systems can be exploited by the third party to eavesdrop the secret key.The practical beam splitter has a correlation with wavelength,where different wavelengths have different coupling ratios.Using this property, we propose a wavelength-dependent attack towards time-bin high-dimensional QKD system.What is more, we demonstrate that this attacking protocol can be applied to arbitrary d-dimensional QKD system, and higher-dimensional QKD system is more vulnerable to this attacking strategy.     

Long-distance decoy-state quantum key distribution in optical fiber

The theoretical existence of photon-number-splitting attacks creates a security loophole for most quantum key distribution (QKD) demonstrations that use a highly attenuated laser source. Using ultralow-noise, high-efficiency transition-edge sensor photodetectors, we have implemented the first version of a decoy-state protocol that incorporates finite statistics without the use of Gaussian approximations in a one-way QKD system, enabling the creation of secure keys immune to photon-number-splitting attacks and highly resistant to Trojan horse attacks over 107 km of optical fiber.     

复合量子密钥分发系统双速协议及其安全性分析

基于真空光速c是极限信号速度这一基本假设,提出了复合量子密钥分发(QKD)系统和双速协议,并证明双速协议的安全性与原BB84协议的安全性相同.结果表明,双速协议在将量子密钥生成效率从50%提高到100%的同时,还降低了窃听者Eve可能得到的信息量.双速协议由于打破了公开讨论之前Bob和Eve的对等地位,使QKD在概念上有了明显的改进,使协议基的选择空间有了本质性的扩充.具体给出了三个双速协议的实例,并详细分析了它们在截取重发攻击下的安全性 关键词： 量子密码 光纤量子密钥分发 双速协议     

实际量子密钥分配扩展BB84协议窃听下的安全性分析

考虑强衰减激光脉冲技术实现的准单光子源和量子信道损耗以及窃听者Eve窃听能力有限等实际情况， 提出了一种窃听装置；同时对扩展BB84协议的各种窃听做了全面分析，计算得出发送者Alice/窃听者Eve所获得的交互信息量和发送者Alice/接收者Bob所能容忍的误码率上限，以此作为检测量子信道安全性的标准，同时得出Breidbart基/分束攻击相结合的方法是比截取/重发更为有效的窃听方案.     

Fluctuations of Internal Transmittance in Security of Measurement-Device-Independent Quantum Key Distribution with an Untrusted Source

Measurement-device-independent quantum key distribution(MDI-QKD) is immune to detector side channel attacks, which is a crucial security loophole problem in traditional QKD. In order to relax a key assumption that the sources are trusted in MDI-QKD, an MDI-QKD protocol with an untrusted source has been proposed. For the security of MDI-QKD with an untrusted source, imperfections in the practical experiment should also be taken into account. In this paper, we analyze the effects of fluctuations of internal transmittance on the security of a decoy-state MDI-QKD protocol with an untrusted source. Our numerical results show that both the secret key rate and the maximum secure transmission distance decrease when taken fluctuations of internal transmittance into consideration. Especially, they are more sensitive when Charlie's mean photon number per pulse is smaller. Our results emphasize that the stability of correlative optical devices is important for practical implementations.     

A generalized complexity measure based on Rényi entropy

Phase drift is an inherent problem in one-way phase-encoded quantum key distribution (QKD) systems. Although combining passive with active phase compensation (APC) processes can effectively compensate for the phase drift, the security problems brought about by these processes are rarely considered. In this paper, we point out a security hole in the APC process and put forward a corresponding attack scheme. Under our proposed attack, the quantum bit error rate (QBER) of the QKD can be close to zero for some conditions. However, under the same conditions the ratio r of the key “0” and the key “1” which Bob (the legal communicators Alice and Bob) gets is no longer 1:1 but 2:1, which may expose Eve (the eavesdropper). In order to solve this problem, we modify the resend strategy of the attack scheme, which can force r to reach 1 and the QBER to be lower than the tolerable QBER.     

一种高效量子密钥分发系统主动相位补偿方法

针对相位编码量子密钥分发系统相位漂移的实际问题,详细分析了目前解决相位漂移的主要方案,提出了一种"五点法"快速相位漂移参数的扫描方法.该方法只需对五个相位点进行单光子水平的相位扫描,即可得出满足精度要求的相位漂移参数.通过将该方法和其他两种主要相位补偿方法的对比分析,表明该方法可以在更短的扫描时间内有效得到量子密钥分发的相位漂移参数并对相位漂移进行实时补偿.该方法适用于目前常用的相位编码系统,为量子密码系统提供了一种有实际应用价值的主动相位补偿方案.     

Quick single-photon detector with many avalanche photo diodes working on the time division

Due to the limit of response speed of the present single-photon detector, the code rate is still too low to come into practical use for the present quantum key distribution (QKD) system.A new idea is put up to design a quick single-photon detector.This quick single-photon detector is composed of a multi-port optic-fiber splitter and many avalanche photo diodes (APDs).Au of the ports with APDs work on the time division and cooperate with a logic discriminating and deciding unit driven by the clock signal.The operation frequency lies on the number N of ports, and can reach N times of the conventional single-photon detector.The single-photon prompt detection can come true for high repetition-rate pulses.The applying of this detector will largely raise the code rate of the QKD, and boost the commercial use.     

FPGA based digital phase-coding quantum key distribution system

Quantum key distribution(QKD) is a technology with the potential capability to achieve information-theoretic security. Phasecoding is an important approach to develop practical QKD systems in fiber channel. In order to improve the phase-coding modulation rate, we proposed a new digital-modulation method in this paper and constructed a compact and robust prototype of QKD system using currently available components in our lab to demonstrate the effectiveness of the method. The system was deployed in laboratory environment over a 50 km fiber and continuously operated during 87 h without manual interaction. The quantum bit error rate(QBER) of the system was stable with an average value of 3.22% and the secure key generation rate is 8.91 kbps. Although the modulation rate of the photon in the demo system was only 200 MHz, which was limited by the FaradayMichelson interferometer(FMI) structure, the proposed method and the field programmable gate array(FPGA) based electronics scheme have a great potential for high speed QKD systems with Giga-bits/second modulation rate.     

光子数分束攻击对星地量子密钥分配系统安全的影响

由于仪器设备性能的不完美和信道传输损耗的存在,光子数分束(PNS)攻击对采用弱相干脉冲(WCP)光源的量子密钥分配(QKD)系统的安全性构成重大威胁.以基于WCP光源的星地QKD系统为研究对象,推导了在PNS攻击者采用最佳窃听策略进行窃听时,保证密钥绝对安全的最大天顶角和可采用的平均光子数之间的关系.理论分析和计算结果表明,星地QKD系统的最大安全传输天顶角和可使用的平均光子数等重要系统参数的取值上限均受PNS攻击的限制,最终系统的密钥交换速率和系统容量受到限制.对星地QKD系统的传输容量来说,天顶角和平均光子数是一对矛盾的影响因素.提供了一种对实际星地QKD系统的天顶角和平均光子数参数进行估算的方法.     

Phase-matching quantum key distribution with light source monitoring

The transmission loss of photons during quantum key distribution (QKD) process leads to the linear key rate bound for practical QKD systems without quantum repeaters. Phase matching quantum key distribution (PM-QKD) protocol, an novel QKD protocol, can overcome the constraint with a measurement-device-independent structure, while it still requires the light source to be ideal. This assumption is not guaranteed in practice, leading to practical secure issues. In this paper, we propose a modified PM-QKD protocol with a light source monitoring, named PM-QKD-LSM protocol, which can guarantee the security of the system under the non-ideal source condition. The results show that our proposed protocol performs almost the same as the ideal PM-QKD protocol even considering the imperfect factors in practical systems. PM-QKD-LSM protocol has a better performance with source fluctuation, and it is robust in symmetric or asymmetric cases.     

The queueing model for quantum key distribution network

This paper develops a QKD (quantum key distribution)-based queueing model to investigate the data delay on QKD link and network, especially that based on trusted relays. It shows the mean packet delay performance of the QKD system. Furthermore, it proposes a key buffering policy which could effectively improve the delay performance in practice. The results will be helpful for quality of service in practical QKD systems.     

Experimental quantum-key distribution with an untrusted source

The photon statistics of a quantum-key-distribution (QKD) source are crucial for security analysis. We propose a practical method, with only a beam splitter and a photodetector, to monitor the photon statistics of a QKD source. By implementing in a plug and play QKD system, we show that the method is highly practical. The final secure key rate is 52 bit/s, compared to 78 bit/s when the source is treated as a trusted source.     

一种K分布强湍流下的测量设备无关量子密钥分发方案

研究了K分布强湍流下自由空间测量设备无关量子密钥分发协议模型,采用阈值后选择方法来减少大气湍流对密钥生成率的影响,对比分析了使用阈值后选择方法前后协议的密钥率和湍流强度之间的关系.仿真结果表明,使用阈值后选择方法可以有效地提高协议的密钥生成率,尤其是在高损耗和强湍流区域,而且其最佳阈值与湍流强度、信道平均损耗有关,对实际搭建性能较好的自由空间测量设备无关量子密钥分发协议系统具有一定的参考价值.     

Proof-of-principle experimental demonstration of quantum secure imaging based on quantum key distribution

We present a quantum secure imaging(QSI) scheme based on the phase encoding and weak+vacuum decoy-state BB84 protocol of quantum key distribution(QKD). It allows us to implement a computational ghost imaging(CGI) system with more simplified equipment and reconstructed algorithm by using a digital micro-mirror device(DMD) to preset the specific spatial distribution of the light intensity. What is more, the quantum bit error rate(QBER) and the secure key rate analytical functions of QKD are used to see through the intercept-resend jamming attacks and ensure the authenticity of the imaging information. In the experiment, we obtained the image of the object quickly and efficiently by measuring the signal photon counts with a single-photon detector(SPD), and achieved a secure key rate of 571.0 bps and a secure QBER of 3.99%, which is well below the lower bound of QBER of 14.51%. Besides, our imaging system uses a laser with invisible wavelength of 1550 nm, whose intensity is as low as single-photon, that can realize weak-light imaging and is immune to the stray light or air turbulence, thus it will become a better choice for quantum security radar against intercept-resend jamming attacks.