Skip to Content

Cracking commercial quantum cryptography


Quantum cryptography, unbreakable in principle, can currently be hacked through implementation loopholes.  I present a loophole recently explored by researchers from the Norwegian University of Science and Technology (Trondheim, Norway) and Max Planck Institute for the Science of Light (Erlangen, Germany).

Most of today's quantum cryptography systems use single-photon detectors based on avalanche photodiodes.  These detectors operate part-time in the linear regime, in which they respond deterministically to a short bright-light pulse producing a click when the pulse peak power exceeds a certain threshold.  Furthermore, these detectors can be blinded to single photons by bright-light illumination, through several different mechanisms connected to detector electronic and thermal properties.  We show how this killer superposition of loopholes can be used to launch a perfect attack against a quantum key distribution system, eavesdropping the complete secret key without alerting the legitimate users.  We have shown experimentally that this vulnerability is fully present in commercial quantum cryptosystems, Clavis2 from ID Quantique and QPN 5505 from MagiQ Technologies.  We propose how to build a plug-and-play eavesdropper for both cryptosystems, using off-the-shelf components.  In a separate experiment on an entanglement-based research cryptosystem, we have built a full eavesdropper and actually demonstrated 100% eavesdropping of the 'secret' key.  This class of loopholes should be patchable, but how to do it in practice remains an open question.

The talk will include an equipment demonstration of full detector control by an eavesdropper.