Abstract
Quantum key distribution (QKD) can, in principle, provide unconditional security based on the fundamental laws of physics. Unfortunately, a practical QKD system may contain overlooked imperfections and may thus violate some of the assumptions in the security proofs of QKD. It is important to explore these assumptions. One key assumption is that the sender (Alice) can prepare the required quantum states without errors. However, such an assumption may be violated in a practical QKD system. In this paper, we perform a proof-of-principle experiment to demonstrate a technically feasible 'intercept- and-resend' attack that exploits such a security loophole in a commercial 'plug & play' QKD system. The resulting quantum bit error rate is 19.7%, which is substantially lower than the well-known 25% error rate for an intercept-and-resend attack in BB84. The attack we utilize is the phase-remapping attack (Fung et al 2007 Phys. Rev. A 75 32314) proposed by our group.
Export citation and abstract BibTeX RIS
GENERAL SCIENTIFIC SUMMARY Introduction and background. With the rise of the Internet, the importance of secure communication is of continually increasing importance. In theory, quantum cryptography can provide perfect security for communication based on the laws of quantum physics. It is generally impossible to measure a quantum system without disturbing it. Therefore, two users, Alice and Bob, can use quantum physics to share a secure encryption key with the assurance that no third party, Eve, can access information about it.
Main results. In practice, the security of a quantum cryptographic system rests on numerous assumptions in its security model. We have experimentally demonstrated with a commercial quantum cryptographic system how Eve may tamper the system and violate a fundamental assumption in the security model, namely the correct encoding of quantum signals by Alice, without Alice and Bob becoming aware. Our work shows how easily Eve may nullify a security proof by violating its assumptions.
Wider implications. Our result highlights the importance of battle-testing quantum cryptographic systems. Moreover, it shows that it is important to build security proofs with testable assumptions. Quantum hacking and counter-measures are an increasingly hot topic in the field of quantum cryptography.
Figure. An example of a quantum cryptographic system.