Preventing Calibration Attacks on the Local Oscillator
in Continuous-Variable Quantum Key Distribution
Establishing an information-theoretic secret key between two parties using a quantum key distribution (QKD) system is only possible when an accurate characterization of the quantum channel and proper device calibration routines are combined. Indeed, security loopholes due to inappropriate calibration routines have been shown for discrete-variable QKD. Here, we propose and provide experimental evidence of an attack targeting the local oscillator calibration routine of a continuous-variable QKD system. The attack consists in manipulating the classical local oscillator pulses during the QKD run in order to modify the clock pulses used at the detection stage. This allows the eavesdropper to bias the shot noise estimation usually performed using a calibrated relationship. This loophole can be used to perform successfully an intercept-resend attack. We characterize the loophole and suggest possible countermeasures.
pacs:03.65.Ud, 03.67.-a, 03.67.Dd
The two communicating parties of a quantum key distribution (QKD) protocol Scarani et al. (2009), Alice and Bob, can in principle share an information-theoretic secret key after the exchange of a large number of quantum signals through a physical channel, known as quantum channel, which is subject to eavesdropping, and additional information sent on a public but authenticated classical channel. After Alice and Bob have agreed on a set of non-commuting quantum operators, they can safely encode the key into these variables: any eavesdropping attempt disturbs the transmitted quantum states and is discovered after random sampling of a fraction of Alice and Bob’s correlated data. However, deviations of the practical implementation of a QKD protocol from the underlying theoretical model can be exploited by an eavesdropper.
In most commonly used QKD systems, the key information is encoded on discrete variables, such as the polarization of a single photon, and thus specific components for single-photon detection are required. Exploiting imperfections of such devices has led to powerful attacks, namely the time-shift attack Zhao et al. (2008), the phase-remapping attack Xu et al. (2010), and the remote control of single-photon detectors using tailored bright illumination Lydersen et al. (2010). Other attacks proposed against discrete-variable QKD systems include Trojan horse Gisin et al. (2006), device calibration Jain et al. (2011), and wavelength dependent beamsplitter Li et al. (2011) attacks. The latter have also been adapted to continuous-variable QKD (CVQKD), where the key information is encoded on continuous variables Weedbrook et al. (2012), such as the quadratures of coherent states Grosshans and Grangier (2002). In CVQKD systems, measurements are performed using standard coherent detection techniques, in particular homodyne detection when the protocol requires the measurement of a single quadrature of the electromagnetic field or heterodyne detection when both quadratures need to be measured. Wavelength dependent beamsplitter attacks targeting CVQKD schemes using heterodyne detection have recently been studied Huang et al. (2013); Ma et al. (2013a). Finally, attacks specific to CVQKD Ferenczi et al. (2007); Ma et al. (2013b) typically involve manipulation of the power of the local oscillator, which is the phase reference classical signal required for the coherent detection and is usually sent from Alice to Bob together with the quantum signal Jouguet et al. (2013).
Here, we consider device calibration attacks against continuous-variable QKD. These attacks arise from a subtle link between the local oscillator calibration procedure and the clock generation procedure in practical CVQKD setups using Gaussian modulation of coherent states and homodyne detection. We show that combining this security loophole with intercept-resend attacks can compromise the security of continuous-variable QKD in the absence of appropriate countermeasures. With recent advances in this technology, which allows for long-distance key distribution using standard telecommunication components and with strong security guarantees Jouguet et al. (2013), assuring the practical security of all aspects of the implementation, and specifically of the ubiquitous calibration procedure, is of great importance.
Ii Security assumptions and calibration techniques
A standard assumption when designing and implementing a CVQKD system is that the local oscillator cannot be manipulated by an eavesdropper. This cannot, however, be verified in practice since the local oscillator is a classical, and therefore intense, signal, and thus the no-cloning theorem does not apply. This means that the local oscillator can be measured and regenerated, or directly amplified, without adding any additional disturbance.
Current security proofs do not explicitly take into account the local oscillator, which is not required at a theoretical level to define the exchanged states and the performed measurements Navascués et al. (2006); García-Patrón and Cerf (2006); Leverrier et al. (2013). In particular, all the quantities that are used in the calculation of the secret key generation rate are expressed in shot noise units. Knowledge of the shot noise is therefore required. In principle, the shot noise variance can be evaluated using a balanced homodyne detector, as the variance of the interference between the local oscillator and the vacuum mode. This measurement method incurs some statistical uncertainty due to the finite size of the data, as was studied in Jouguet et al. (2012a). Alternatively, the linear relationship between the variance of this measurement and the input power of the local oscillator signal on the homodyne detector can be used to estimate the shot noise during the quantum transmission, provided that the local oscillator power is known.
A standard calibration technique, used for instance in Jouguet et al. (2012b), consists in establishing in a secure laboratory, before the QKD run, the aforementioned linear relationship between the shot noise and the local oscillator power. During the QKD run, the local oscillator power is measured either with a power meter or with a photodiode followed by an integration circuit, at the input of Bob’s site. In either case, a signal proportional to the intensity of the local oscillator over a time period that should be equal to the homodyne detection integration window is available. The previously established linear relationship can then be used to deduce the shot noise level used for the secret key rate calculation. This approach, however, has two shortcomings. First, it is not possible to trust the power of the signal entering Bob’s device, since an eavesdropper can easily add another classical signal (for instance, at a different wavelength) into the quantum channel. Second, in a practical CVQKD system, the local oscillator is not only used as an intense signal coherent with the weak quantum signal and therefore allowing to measure its quadratures; it is also used to generate the clock signal that is necessary to perform the measurements, as shown in Fig. 1. Therefore, the local oscillator signal can be suitably modified by an eavesdropper such that the trigger signal generated by the clock circuit is also altered.
In the following, we describe how the interplay between the local oscillator calibration and the clock generation procedures can be exploited to perform an eavesdropping attack.
Iii Description of the local oscillator calibration attack
The basic principle of the attack is illustrated in Figs. 2 and 3. In particular, as shown in Fig. 2, the clock circuit is usually designed to output a rising trigger signal when the intensity entering the photodiode is above a certain threshold. Subsequently, this trigger is delayed such that the value of the signal at the output of the homodyne detection is maximized. A potential attack for an eavesdropper consists in attenuating the beginning of the local oscillator pulse, which induces a delay of the trigger used for the measurements. Note that this was also suggested in Chi et al. (2011) as a potential source of loophole. Figure 3 shows experimental results illustrating the relationship between the variance of the measurement on the homodyne detection and the local oscillator power for different trigger signals. These results were obtained using the setup of Fig. 1, which corresponds to a simplified version of Bob’s setup employed for long-distance continuous-variable QKD using Gaussian modulation of coherent states Jouguet et al. (2013). The experiment shows that a delayed trigger results in a decrease of the detection response slope. This is because a homodyne measurement is usually performed by integrating the differential photocurrent during a period using an integrator circuit: after this period , the capacitor discharges exponentially, which implies that the maximum measurement variance is obtained when the trigger coincides with the end of the period , as shown in Fig. 2. As a result, if Alice and Bob use the previously calibrated relationship to evaluate the shot noise based on the measured local oscillator power, they will use a false value, if the trigger signal has been delayed during the QKD run. In particular, they will overestimate the value of the shot noise, and consequently underestimate the excess noise present in the setup. This creates an important loophole in the security of the implementation.
Based on this loophole, we propose the following practical attack. It is important to note that this attack can be implemented with current technology, without any need, for instance, for a quantum memory.
The eavesdropper, Eve, introduces a phase-independent attenuator in the quantum channel and applies an attenuation factor () on a fraction () of the local oscillator pulses in order to modify their shape. The trigger used to perform the homodyne measurement relative to these pulses is delayed by .
Eve introduces a beam splitter in the quantum channel and for a fraction () of the input signal pulses she measures both quadratures and prepares the appropriate quantum state, whereas for a fraction of the input signal pulses she just eavesdrops using the beamsplitter. This so called partial intercept-resend attack was implemented experimentally in Lodewyck et al. (2007).
When Eve increases the fraction of signal pulses over which she performs an intercept-resend attack, she introduces more noise, which lowers the amount of secret key that Alice and Bob can extract from the quantum transmission. The fraction of local oscillator pulses attenuated by Eve and the attenuation factor are two free parameters that play the same role: they scale the variance of the measurements made by Bob while his shot noise estimation remains unchanged. This leads Alice and Bob to conclude that no noise has been introduced in the quantum channel and hence they establish a key without detecting the presence of Eve.
Iv Analysis of the excess noise
To assess the impact of our attack on the security of continuous-variable QKD, we detail the parameter estimation procedure that is necessary for the derivation of the secret key and how this procedure is altered when the attack is implemented. In a practical CVQKD setup, Alice and Bob estimate the quantities required to compute the secret key rate by sampling couples of correlated variables , where is the total number of quantum signals sent through the quantum channel and is the number of signals used for the key establishment. Since for CVQKD it is sufficient to estimate the covariance matrix of the state shared by Alice and Bob, the only parameters that need to be estimated are the variance on Alice’s and Bob’s sites, and , respectively, and the covariance between Alice and Bob, namely (assuming here that and are centered variables, that is, that ). Then, the following estimators are used during the QKD run:
In the above expressions, is the quantum channel transmittance, is the modulation variance, is the excess noise, is the shot noise, is the efficiency of the homodyne detector, and is the electronic noise (all expressed in their respective units).
Here we assume that the electronic noise does not change between the QKD run and the calibration procedure. In theory, an eavesdropper may also try to modify the value of the electronic noise, for example by changing the temperature operating conditions of the electronic circuit of the homodyne detection between the calibration and the QKD run. However, the impact of such an attack would be less significant since the value of the electronic noise is typically between 10 and 20 dB below the shot noise.
In order to compute confidence intervals for these parameters, we consider a normal model for Alice and Bob’s correlated variables , namely , where , and follows a centered normal distribution with unknown variance . Note that this normal model is an assumption justified in practice but not by current proof techniques, which show that the Gaussian assumption is valid once the covariance matrix is known Leverrier et al. (2013).
Maximum-Likelihood estimators , and are known for the normal linear model:
These are independent estimators with distributions:
where , and are the true values of the parameters. Using the previous estimators and their confidence intervals together with the shot noise value from the calibration , it is then possible to estimate and .
If the eavesdropper can change the slope of the homodyne detection response as previously explained, the equality is not verified. This leads to the following estimation for the excess noise when a calibration attack occurs:
where is the estimate without the attack. In order to compute a secret key rate, the excess noise must be expressed in shot noise units, hence we have:
Next, we consider the excess noise introduced by a partial intercept-resend (PIR) attack alone. According to the analysis of Lodewyck et al. (2007), in this case, the probability distribution of Bob’s measurements is the weighted sum of two Gaussian distributions with a weight of for the intercepted and resent data and a weight of for the transmitted data:
where is the technical excess noise of the system. The excess noise introduced by this attack can then be computed as:
In practice, when a full intercept-resend attack is implemented (), the excess noise is dominated by the second term in the above expression due to the noise introduced by Eve’s measurements.
If, additionally, the eavesdropper performs the local oscillator calibration attack, then the excess noise introduced by the partial intercept-resend attack is computed, in shot noise units, as:
V A quantitative example
When the eavesdropper implements a full intercept-resend attack (), and with a typical value of , we find from Eq. (7) that the noise introduced by the attack is . This noise value is above the entanglement breaking limit, hence no secret key can be exchanged, independently of the communication distance. However, if Eve implements additionally the local oscillator calibration attack, then Alice and Bob will estimate the excess noise using Eq. (8). For example, for a transmission and a homodyne detection efficiency , we find:
Then, for , which is a realistic value as shown in Fig. 3, the excess noise estimated by Alice and Bob will be close to zero, hence they will conclude they can share a secret key. The security of the protocol is thus entirely compromised.
Vi Countermeasure: real-time shot noise measurement techniques
In practice, it is possible to show that a calibrated linear relationship between the shot noise level and local oscillator power cannot be used in the presence of an eavesdropper (see Appendix for a detailed analysis). Therefore, a countermeasure for the proposed attack consists in devising techniques allowing to measure the shot noise in real time. One such technique consists in applying a strong attenuation on Bob’s signal path to a randomly chosen set of pulses, using, for instance, an optical switch or an amplitude modulator. Alternatively, an additional homodyne detector dedicated to the real-time shot noise measurement can be used: a beam splitter is introduced in Bob’s local oscillator path and the relative sensitivity of the two homodyne detectors is calibrated. A schematic representation of the two techniques is shown in Fig. 4. In both methods, two noise measurements on two sets of pulses alow to extract the shot noise and the signal noise by inverting a linear system. To the best of our knowledge, none of these techniques has been proposed or implemented in CVQKD.
In Fig. 5, we compare the theoretical secret key rates against collective attacks Navascués et al. (2006); García-Patrón and Cerf (2006) for a CVQKD system that does not implement any countermeasure against the local oscillator calibration attack we proposed and for a system that uses the countermeasure of Fig. 4(a) with an optical switch on Bob’s signal path. In the latter case, the impact of the countermeasure on the secret key rate is twofold. First, the number of pulses that can be used to extract a secret key is diminished by the fraction of pulses chosen at random to compute an estimate of the shot noise; in our numerical analysis, we chose to discard 10% of the pulses. Second, the efficiency of Bob’s measurement apparatus is reduced because of the 2.7 dB losses introduced by the optical switch. For realistic values of all the parameters, we find that the maximum secure distance drops from 80 km to 70 km when implementing this countermeasure.
We propose a powerful and realistic calibration attack for continuous-variable QKD systems, by which an eavesdropper can make Alice and Bob negotiate a key even for an introduced noise that is above the entanglement breaking limit at which no secret key can be exchanged at any distance. Preventing this attack involves real-time measurement of the shot noise, which is possible but not trivial. Given the relevance of CVQKD technology for high-performance secure communications, this work highlights the importance of rigorously testing the practical security of current implementations.
This research was supported by the French National Research Agency, through the HIPERCOM (2011-CHRI-006) project, by the DIRECCTE Ile-de-France through the QVPN (FEDER-41402) project, and by the European Union through the Q-CERT (FP7-PEOPLE-2009-IAPP) project. P. Jouguet acknowledges support from the ANRT (Agence Nationale de la Recherche et de la Technologie).
- Scarani et al. (2009) V. Scarani, H. Bechmann-Pasquinucci, N. Cerf, M. Dušek, N. Lütkenhaus, and M. Peev, Rev. Mod. Phys. 81, 1301 (2009).
- Zhao et al. (2008) Y. Zhao, C.-H. F. Fung, B. Qi, C. Chen, and H.-K. Lo, Phys. Rev. A 78, 042333 (2008).
- Xu et al. (2010) F. Xu, B. Qi, and H.-K. Lo, New J. Phys. 12, 113026 (2010).
- Lydersen et al. (2010) L. Lydersen, C. Wiechers, C. Wittmann, D. Elser, J. Skaar, and V. Makarov, Nature Photonics 4, 686 (2010).
- Gisin et al. (2006) N. Gisin, S. Fasel, B. Kraus, H. Zbinden, and G. Ribordy, Phys. Rev. A 73, 022320 (2006).
- Jain et al. (2011) N. Jain, C. Wittmann, L. Lydersen, C. Wiechers, D. Elser, C. Marquardt, V. Makarov, and G. Leuchs, Phys. Rev. Lett. 107, 110501 (2011).
- Li et al. (2011) H.-W. Li, S. Wang, J.-Z. Huang, W. Chen, Z.-Q. Yin, F.-Y. Li, Z. Zhou, D. Liu, Y. Zhang, G.-C. Guo, et al., Phys. Rev. A 84, 062308 (2011).
- Weedbrook et al. (2012) C. Weedbrook, S. Pirandola, R. García-Patrón, N. J. Cerf, T. Ralph, J. Shapiro, and S. Lloyd, Rev. Mod. Phys. 84, 621 (2012).
- Grosshans and Grangier (2002) F. Grosshans and P. Grangier, Phys. Rev. Lett. 88, 057902 (2002).
- Huang et al. (2013) J.-Z. Huang, C. Weedbrook, Z.-Q. Yin, S. Wang, H.-W. Li, W. Chen, G.-C. Guo, and Z.-F. Han, Arxiv preprint arXiv:1302.0090 [quant-ph] (2013).
- Ma et al. (2013a) X.-C. Ma, S.-H. Sun, M.-S. Jiang, and L.-M. Liang, Arxiv preprint arXiv:1303.6039 [quant-ph] (2013a).
- Ferenczi et al. (2007) A. Ferenczi, P. Grangier, and F. Grosshans, in IQEC Conf. Digest (2007), vol. IC 13.
- Ma et al. (2013b) X.-C. Ma, S.-H. Sun, M.-S. Jiang, and L.-M. Liang, Arxiv preprint arXiv:1303.6043 [quant-ph] (2013b).
- Jouguet et al. (2013) P. Jouguet, S. Kunz-Jacques, A. Leverrier, P. Grangier, and E. Diamanti, Nature Photonics 7, 378 (2013).
- Navascués et al. (2006) M. Navascués, F. Grosshans, and A. Acín, Phys. Rev. Lett. 97, 190502 (2006).
- García-Patrón and Cerf (2006) R. García-Patrón and N. J. Cerf, Phys. Rev. Lett. 97, 190503 (2006).
- Leverrier et al. (2013) A. Leverrier, R. García-Patrón, R. Renner, and N. J. Cerf, Phys. Rev. Lett. 110, 030502 (2013).
- Jouguet et al. (2012a) P. Jouguet, S. Kunz-Jacques, E. Diamanti, and A. Leverrier, Phys. Rev. A 86, 032309 (2012a).
- Jouguet et al. (2012b) P. Jouguet, S. Kunz-Jacques, T. Debuisschert, S. Fossier, E. Diamanti, R. Alléaume, R. Tualle-Brouri, P. Grangier, A. Leverrier, P. Pache, et al., Opt. Express 20, 14030 (2012b).
- Chi et al. (2011) Y.-M. Chi, B. Qi, W. Zhu, L. Qian, H.-K. Lo, S.-H. Youn, A. I. Lvovsky, and L. Tian, New J. Phys. 13, 013003 (2011).
- Lodewyck et al. (2007) J. Lodewyck, T. Debuisschert, R. García-Patrón, R. Tualle-Brouri, N. J. Cerf, and P. Grangier, Phys. Rev. Lett. 98, 030503 (2007).
Appendix A Local oscillator power measurement and clock signal generation
Here, we discuss the feasibility of measuring the local oscillator power and generating a trigger signal from the local oscillator without compromising the security of the system.
Reasonable trigger generation functions are of the following form:
The function outputs a positive value at time if and only if the signal measurement is above the threshold value at time . This corresponds to detecting the beginning of a pulse (when its value is above the threshold ) and then delaying the trigger with a chosen delay . The function outputs a positive value at time if and only if the difference between the signal and the signal delayed of one pulse duration is positive. This presents the advantage of being independent from the signal level but requires to know the pulse duration . This cannot be assumed in the context of an active eavesdropper. Both and are of the form where is a linear functional of the signal.
Reasonable power measurement functions are of the following form:
where is some nonnegative integration constant. is a linear form of the local oscillator signal. Since is not a multiple of for the trigger examples above, there are signals that can be added to the local oscillator signal that do not change the output of but that change . A closer look to this problem shows that it is indeed possible to change , or , without changing .
A simple example is given in Fig. 6. Both local oscillator pulses have the same energy but the rising time of the trigger does not coincide with the end of the pulse.
This analysis shows that, in practice, a calibrated linear relationship between the shot noise level and local oscillator power cannot be used in the presence of an eavesdropper, who will always be able to modify the linear relationship during the QKD run.