Zero-error attacks on a quantum key distribution FSO system

Judy Kupferman; Shlomi Arnon

doi:10.1364/OSAC.1.001079

1. Introduction

Quantum key distribution (QKD) is a method of transferring a secret key between two parties with the aid of quantum mechanics in order to achieve secure communication. Practical QKD systems have been explored for over a decade and are used commercially [1]. However, while QKD is theoretically secure, actual physical devices have weak points that can be exploited by a third party [2–4]. A promising implementation of QKD is free space optical communication over ground (FSO) [5,6] or with satellite or ground-air communication [7–11]. This adds complications due to stochastic jitter and vibration of the pointing direction of the optical system, and this must be taken into account when designing a system in order to reduce the probability of attacks.

One such vulnerability is backflash [12–16]. QKD systems typically use single photons to convey the information. The most common method of detection today is single photon avalanche photodiodes (SPADs). In order to count single photons the SPAD diode is operated in Geiger mode; that is, reverse-biased above the breakdown voltage. As a result the signal photoelectron can create an avalanche. The sender, Alice, sends a photon to the receiver, Bob, which is detected with his SPAD. However, as a result of the avalanche caused by the incoming photon, the SPAD can emit a secondary photon which could be detected by a third party, Eve, who could gain information from it. This secondary emission, called backflash, is quenched along with the avalanche itself when the detector bias is lowered below the breakdown voltage. Thus, the backflash intensity strongly depends on the parameter settings of the quenching electronics [3,12]. From previous measurements [12,16] a lower bound for the probability of detecting backflash was found to be 0.4%. Given that these APDs have a nominal detection efficiency of about 10%, the backflash could contain at least 0.04 photons emerging from the devices. This may result in a considerable amount of information leakage that has to be considered in practical QKD implementations. Information may be obtained regarding detector type as well as other optical components through which the photons pass, which could contain information about the signal. The performance of FSO communication through the atmosphere could degrade due to atmospheric turbulence [17–19] and pointing error [20–25]. Here in this paper, we analyze the effect of pointing error on the performance of information leakage due to backflash.

2. Scenario under consideration

In this work we assume that Alice is located on a static platform on the ground, while Bob is located on a less stable platform such as a laser satellite system [21] or skyscraper [22] and suffers from jitter and vibration. First we analyze the probability for Eve to detect a backflash photon in a free space configuration. Till now these calculations have been made for table top configurations. However, real FSO suffer from jitter and vibration of the optical system pointing direction. Therefore, we also calculate the probability as affected by pointing loss assuming that Bob is on a vibrating platform. Figure 1

Fig. 1 QKD scheme with eavesdropper. Alice sends a signal to Bob, and Bob’s detector releases backflash photons that are intercepted by Eve.

Download Full Size | PDF

shows the general scenario under consideration. Alice sends a message to Bob through free space over a distance Z₁. Eve, who is at a distance of Z₂ from Bob, tries to intercept backflash photons.

3. Theory

We assume that Bob is on a vibrating platform and as a result there will be a random pointing error. The vibration and jitter of the pointing angle are typical of an FSO system such as laser satellite communication [21] or urban FSO [22]. In a satellite system the vibrations have internal and external causes. The external sources are structure deformations due to gradients of temperature, and inhomogeneities of gravitational force through the satellite orbit. The internal sources are electronic noise in the tracking and pointing system, and operation of subsystem on the satellite such as antenna pointing system, thruster operation, and solar array driver. In urban FSO, the causes can include building sway as a result of strong winds, thermal expansion, and weak earthquakes [22].

The probability for Bob to receive a photon which Alice transmitted as a function of θ, the pointing direction error angle, and of Z₁, the distance between Alice and Bob, is given [21–23] by

P_{B o b} (θ) {=K}_{1} L (θ) G_{B o b},

where K₁ is a constant, L(ϑ) the pointing loss factor, and G_Bob is the gain of Bob’s telescope. G_Bob is equal to (π d_Bob/λ)² [24] where d_Bob is the unobscured circular aperture diameter of Bob’s telescope, and λ is the wavelength. K₁ is given by

K_{1} = η_{q} P_{A l i c e} G_{A l i c e} η_{Alice} η_{B o b} \frac{L_{A} (Z_{1})}{Z_{1}^{2}} {(\frac{λ}{4 π})}^{2}

where P_Alice is the probability to transmit a photon, η_q is quantum efficiency, η_Alice, η_Bob are optical efficiencies, G_Alice is Alice’s telescope gain, and L_A is atmospheric loss. G_Alice is equal to (π d_Alice/λ)² [24] where d_Alice is the unobscured circular aperture diameter of Alice’s telescope.

The pointing loss factor is [22]

L_{} (θ) = \exp (- G_{B o b} \cdot θ_{}^{2}) .

To find the average probability for Bob to detect a photon, we calculate the effect of the pointing loss, as follows. The azimuth and elevation pointing error angle θ_H and θ_V are normally distributed, with probability density function

f_{θ_{V}} (θ_{V}), f_{θ_{H}} (θ_{H})

. The radial pointing error angle is the root square sum of the azimuth and elevation angles

θ_{} = \sqrt{θ_{V}^{2} + θ_{H}^{2}} .

Based on symmetry we can assume that,

σ_{V} = σ_{H} = σ_{} .

In our model Bob is on a mobile platform such as a satellite. σ describes the vibration amplitude of the pointing system of the satellite. We assume that the azimuth and elevation processes are independent and identically distributed so the radial pointing error angle model is Rayleigh distributed with probability density [22,23]

f_{θ} (θ_{}) = \frac{θ_{}}{σ_{}^{2}} \exp (- \frac{θ_{}^{2}}{2 σ_{}^{2}}) .

In this case the average probability for Bob to absorb a photon is

\bar{P_{B o b}} = \int_{0}^{\infty} P_{B o b} (θ) f (θ) d θ .

From Eqs. (1), (6), and (7) integration gives

\bar{P_{B o b}} = \frac{G {}_{B o b}K_{1}}{1 + 2 G_{B o b} σ^{2}},

The probability for Eve to receive a photon due to backflash as a function of pointing direction error angle α and of Z₂, the distance between Bob and Eve, is

P_{E v e} (α, θ_{V}, θ_{H}^{}, θ) = K_{2} P_{B o b} (θ) L (\sqrt{{(θ_{V} + α)}^{2} + θ_{H}^{2}}) G_{B o b}

where the constant K₂ is given by

K_{2} = η_{B a c k f l a s h} η_{q} η_{Bob} G_{E v e} η_{E v e} \frac{L_{A} (Z_{2})}{Z_{2}^{2}} {(\frac{λ_{B}}{4 π})}^{2}

and η_backflash is the probability of backflash due to absorption of photon, η_Eve and G_Eve are Eve’s optical efficiency and telescope gain respectively and λ_b is the backflash wavelength. (We assume that λ_B is equal to λ due to the receiver optical filter).

\bar{P_{E v e}} (α) = \int_{- \infty}^{\infty} \int_{- \infty}^{\infty} P_{E v e} (α, θ_{V}, θ_{H}^{}) f_{θ_{V}} (θ_{V}) f_{θ_{H}} (θ_{H}) d θ_{V} d θ_{H} .

In order to obtain a closed form expression, we assume that α -> 0. In practical terms this means that the eavesdropper on the ground is close to Alice. Plugging in Eqs. (4) and (9), we expand as follows:

\bar{P_{E v e}} = lim_{α \to 0} K_{3} G_{B o b}^{2} \int_{0}^{\infty} \exp {(- G_{B o b} \cdot θ_{}^{2})}^{2} \frac{θ}{σ_{}^{2}} \exp (- \frac{θ_{}^{2}}{2 σ_{}^{2}}) d θ

where

K_{3} = K_{1} K_{2} .

Then we integrate

\bar{P_{E v e}} (G_{B o b}) = K_{3} \int_{0}^{\infty} θ_{} G_{B o b}^{2} \exp (- θ_{}^{2} a) d θ

where we have defined

a = (2 G_{B o b} + \frac{1}{2 σ_{}^{2}}) .

Integration gives

\bar{P_{E v e}} = \frac{G_{B o b}^{2} K_{3}}{1 + 4 G_{B o b} σ^{2}} .

From Eqs. (8) and (16) the ratio between the detection probability of Eve and Bob is given by

\frac{\bar{P_{E v e}}}{\bar{P_{B o b}}} = K_{2} G_{B o b} \frac{1 + 2 G_{B o b} σ^{2}}{1 + 4 G_{B o b} σ^{2}} .

The two probabilities are at different scales but the trend is clear. Obviously as Bob's gain increases his probability of detection increases, but for increased security it could be better not to strive for maximum gain but for a point where gain is sufficient for communication purposes while Eve's probability for backflash detection is minimal.

4. Numerical calculation

A numerical simulation was performed, with typical parameters of the system described in Table 1

Table 1. Simulation Parameters

View Table

. In Fig. 2

Fig. 2 Bob's probability to detect a photon as a function of Bob's telescope gain.

Download Full Size | PDF

it is easy to see that Bob's probability is saturated quickly. It is also clear from a physical point of view (energy conservation) that this value cannot increase without bound. Figure 4 depicts the ratio

\frac{\bar{P_{E v e}}}{\bar{P_{B o b}}}

. From this figure it is clear that the increase of

\bar{P_{E v e}}

cannot be restrained by the increase of

\bar{P_{B o b}}

. One conclusion is that the appropriate strategy is to use the minimum gain that provides the acceptable performance for Bob's probability to detect a photon. In Fig. 3

Fig. 3 Eve's probability to detect a photon as a function of Bob's telescope gain.

Download Full Size | PDF

Fig. 4 Probability ratio $\frac{\bar{P_{E v e}}}{\bar{P_{B o b}}}$ as a function of Bob's telescope gain.

Download Full Size | PDF

it is easy to see that Eve's probability continues to grow exponentially.

5. Summary and conclusion

In conclusion, we have analyzed the probability for an eavesdropper to detect backflash photons emitted from a receiver on a moving platform. This analysis can benefit system design, as follows. The probability for the eavesdropping increases with Bob’s gain, but as we have shown, this probability is not a linear function and the region of leakage has been identified: the probability begins to increase steeply only at a gain of about 10¹³ for Bob, and zooming in to examine the ratio of probabilities between Eve and Bob, one finds a steep increase at 2*10¹³. This should be taken into account in system design, constraining Bob’s gain to provide maximal efficiency within the range that will minimize the possibility of information leakage.

Funding

NATO, Science for Peace and Security program, project G5263, “Analysis, design and implementation of an end-to-end 400 km QKD link.”

References

1. P. W. Shor and J. Preskill, “Simple proof of security of the BB84 quantum key distribution protocol,” Phys. Rev. Lett. 85(2), 441–444 (2000). [CrossRef] [PubMed]

2. L. Lydersen, C. Wiechers, C. Wittmann, D. Elser, J. Skaar, and V. Makarov, “Hacking commercial quantum cryptography systems by tailored bright illumination,” Nat. Photonics 4(10), 686–689 (2010). [CrossRef]

3. A. Meda, I. P. Degiovanni, A. Tosi, Z. L. Yuan, G. Brida, and M. Genovese, “Quantum key distribution security threat: the backflash light case.” in Quantum Technologies 2018, vol. 10674, p. 1067418. International Society for Optics and Photonics, 2018.

4. K. Wei, H. Liu, H. Ma, X. Yang, Y. Zhang, Y. Sun, J. Xiao, and Y. Ji, “Feasible attack on detector-device-independent quantum key distribution,” Sci. Rep. 7(1), 449 (2017). [CrossRef] [PubMed]

5. P. V. Trinh and A. T. Pham, “Design and secrecy performance of novel two-way free-space QKD protocol using standard FSO systems.” In Communications (ICC), 2017 IEEE International Conference on, pp. 1–6. IEEE, 2017. [CrossRef]

6. W. S. Rabinovich, R. Mahon, M. S. Ferraro, P. G. Goetz, M. Bashkansky, R. E. Freeman, J. Reintjes, and J. L. Murphy, “Free space quantum key distribution using modulating retro-reflectors,” Opt. Express 26(9), 11331–11351 (2018). [CrossRef] [PubMed]

7. J. A. Grieve, R. Bedington, Z. Tang, R. C. M. R. B. Chandrasekara, A. Ling, C. M. R. B. Chandrasekara, and A. Ling, “SpooQySats: CubeSats to demonstrate quantum key distribution technologies,” Acta Astronaut. 151, 103–106 (2018). [CrossRef]

8. G. Vallone, D. Bacco, D. Dequal, S. Gaiarin, V. Luceri, G. Bianco, and P. Villoresi, “Experimental satellite quantum communications,” Phys. Rev. Lett. 115(4), 040502 (2015). [CrossRef] [PubMed]

9. J. G. Rarity, P. R. Tapster, P. M. Gorman, and P. Knight, “Ground to satellite secure key exchange using quantum cryptography,” New J. Phys. 4(1), 82 (2002). [CrossRef]

10. X. Han, H.-L. Yong, P. Xu, W.-Y. Wang, K.-X. Yang, H.-J. Xue, W.-Q. Cai, J.-G. Ren, C.-Z. Peng, and J.-W. Pan, “Point-ahead demonstration of a transmitting antenna for satellite quantum communication,” Opt. Express 26(13), 17044–17055 (2018). [CrossRef] [PubMed]

11. S.-K. Liao, W.-Q. Cai, W.-Y. Liu, L. Zhang, Y. Li, J.-G. Ren, J. Yin, Q. Shen, Y. Cao, Z.-P. Li, F.-Z. Li, X.-W. Chen, L. H. Sun, J.-J. Jia, J.-C. Wu, X.-J. Jiang, J.-F. Wang, Y.-M. Huang, Q. Wang, Y.-L. Zhou, L. Deng, T. Xi, L. Ma, T. Hu, Q. Zhang, Y.-A. Chen, N.-L. Liu, X.-B. Wang, Z.-C. Zhu, C.-Y. Lu, R. Shu, C.-Z. Peng, J.-Y. Wang, and J.-W. Pan, “Satellite-to-ground quantum key distribution,” Nature 549(7670), 43–47 (2017). [CrossRef] [PubMed]

12. A. Meda, I. P. Degiovanni, A. Tosi, Z. Yuan, G. Brida, and M. Genovese, “Quantifying backflash radiation to prevent zero-error attacks in quantum key distribution,” Light Sci. Appl. 6(6), e16261 (2017). [CrossRef] [PubMed]

13. P. V. P. Pinheiro, P. Chaiwongkhot, S. Sajeed, R. T. Horn, J.-P. Bourgoin, T. Jennewein, N. Lütkenhaus, and V. Makarov, “Eavesdropping and countermeasures for backflash side channel in quantum cryptography.” arXiv preprint arXiv:1804.10317 (2018).

14. Y. Shi, J. Z. J. Lim, H. S. Poh, P. K. Tan, P. A. Tan, A. Ling, and C. Kurtsiefer, “Breakdown flash at telecom wavelengths in InGaAs avalanche photodiodes,” Opt. Express 25(24), 30388–30394 (2017). [CrossRef] [PubMed]

15. P. V. P. Pinheiro, P. Chaiwongkhot, S. Sajeed, R. T. Horn, J.-P. Bourgoin, T. Jennewein, N. Lütkenhaus, and V. Makarov, “Eavesdropping and countermeasures for backflash side channel in quantum cryptography.” arXiv preprint arXiv:1804.10317 (2018).

16. A. Lacaita, S. Cova, A. Spinelli, and F. Zappa, “Photon‐assisted avalanche spreading in reach‐through photodiodes,” Appl. Phys. Lett. 62(6), 606–608 (1993). [CrossRef]

17. M. Gabay and S. Arnon, “Quantum key distribution by a free-space MIMO system,” J. Lightwave Technol. 24(8), 3114–3120 (2006). [CrossRef]

18. M. Li, Y. Hong, Y. Song, and X. Zhang, “Effect of controllable parameter synchronization on the ensemble average bit error rate of space-to-ground downlink chaos laser communication system,” Opt. Express 26(3), 2954–2964 (2018). [CrossRef] [PubMed]

19. M. Gabay and S. Arnon, “Effect of turbulence on a quantum-key distribution scheme based on transformation from the polarization to the time domain: laboratory experiment,” Opt. Eng. 44(4), 045002 (2005). [CrossRef]

20. J. Yin, Y. Cao, Y.-H. Li, S.-K. Liao, L. Zhang, J.-G. Ren, W.-Q. Cai, W.-Y. Liu, B. Li, H. Dai, G.-B. Li, Q.-M. Lu, Y.-H. Gong, Y. Xu, S.-L. Li, F.-Z. Li, Y.-Y. Yin, Z. Q. Jiang, M. Li, J. J. Jia, G. Ren, D. He, Y. L. Zhou, X. X. Zhang, N. Wang, X. Chang, Z. C. Zhu, N. L. Liu, Y. A. Chen, C. Y. Lu, R. Shu, C. Z. Peng, J. Y. Wang, and J. W. Pan, “Satellite-based entanglement distribution over 1200 kilometers,” Science 356(6343), 1140–1144 (2017). [CrossRef] [PubMed]

21. S. Arnon and N. S. Kopeika, “Laser satellite communication network-vibration effect and possible solutions,” Proc. IEEE 85(10), 1646–1661 (1997). [CrossRef]

22. S. Arnon, “Effects of atmospheric turbulence and building sway on optical wireless-communication systems,” Opt. Lett. 28(2), 129–131 (2003). [CrossRef] [PubMed]

23. F. Yang, J. Cheng, and T. A. Tsiftsis, “Free-space optical communication with nonzero boresight pointing errors,” IEEE Trans. Commun. 62(2), 713–725 (2014). [CrossRef]

24. C.-C. Chen and C. S. Gardner, “Impact of random pointing and tracking errors on the design of coherent and incoherent optical intersatellite communication links,” IEEE Trans. Commun. 37(3), 252–260 (1989). [CrossRef]

25. J. G. Ren, P. Xu, H. L. Yong, L. Zhang, S. K. Liao, J. Yin, W. Y. Liu, W. Q. Cai, M. Yang, L. Li, K. X. Yang, X. Han, Y. Q. Yao, J. Li, H. Y. Wu, S. Wan, L. Liu, D. Q. Liu, Y. W. Kuang, Z. P. He, P. Shang, C. Guo, R. H. Zheng, K. Tian, Z. C. Zhu, N. L. Liu, C. Y. Lu, R. Shu, Y. A. Chen, C. Z. Peng, J. Y. Wang, and J. W. Pan, “Ground-to-satellite quantum teleportation,” Nature 549(7670), 70–73 (2017). [CrossRef] [PubMed]

Definition	Symbol	value
The probability to transmit a photon by Alice	P_Alice	1
Alice’s telescope gain (aperture of 7.85cm)	G_Alice	10¹¹
Alice’s optical efficiencies	η_Alice	0.9
Bob’s optical efficiencies	η_Bob	0.9
Bob’s and Eve receiver quantum efficiency	η_q	0.1
Average atmospheric loss (3dB)	L_A	0.5
The distance between Alice and Bob ^{21, 25}	Z₁	900km
Optical wave length	λ	780nm
Constant	K₁	1.92 10⁻¹⁷
The distance between Bob and Eve^{21, 25}	Z₂	900km
Eve’s telescope gain (aperture of 7.85cm)	G_Eve	10¹¹
Eve’s optical efficiencies	Η_Eve	0.9
The probability of backflash due to photon absorption	η_Backflash	0.04
Constant	K₂	8.56 10⁻²⁰
Variance of the pointing angle error	σ²	1.44 10⁻¹²
Constant	K₃	1.14 10⁻²⁴

Zero-error attacks on a quantum key distribution FSO system

Abstract

1. Introduction

2. Scenario under consideration

3. Theory

4. Numerical calculation

5. Summary and conclusion

Funding

References

Cited By

Figures (4)

Tables (1)

Equations (17)

OSA Continuum