| dc.description.abstract | Cryptography is essential for secure communication in the digital era. Today, public-key cryptography is widely employed, and has provided an efficient method for encrypting content and ensuring both confidentiality and authenticity of electronic communications. However, the security of these systems is based on assumptions of computational hardness within the constraints of current computing capability. Thus, as quantum computing becomes a reality, public-key algorithms will be genuinely vulnerable to attack. By contrast, quantum cryptography, which is based on quantum physics instead of mathematical assumptions, is able to achieve information-theoretic security.
Advances in practical quantum cryptographic systems have not kept pace with theory, where an eavesdropper can relatively easily exploit loopholes in practical implementations to compromise theory-proved security. Bridging the gap between perfect theory and imperfect practice has become a priority for the growing field of quantum key distribution (QKD), which has strived to strengthen the practical security of QKD systems. Among all the countermeasures against quantum hacking, the measurement-device-independent (MDI) QKD protocol is promising because it is immune to all side-channel attacks on measurement devices. However, the MDI QKD protocol has some limitations that critically restrict its practical usefulness. Technically, the MDI scheme is not compatible with existing QKD systems, and produces a low key rate. In addition, the theory underlying MDI QKD security is based on the use of trusted source stations. Thus, this protocol is not a universal solution. This thesis further investigates the practical security of quantum cryptography in and beyond MDI quantum cryptography.
To overcome the technical limitations of MDI QKD, we first evaluate two other countermeasures against imperfect detections. The first is an industrial patch based on random detection efficiency, recently implemented by ID Quantique in the commercial Clavis2 QKD system. While powerful, experimental testing shows that this countermeasure is not sufficient to defeat the detector blinding attack. The second countermeasure aims to achieve a higher key rate than MDI QKD while maintaining the same security properties. However, our research shows that detector-device-independent (DDI) QKD security is not equivalent to that of MDI QKD and, further, that DDI QKD is insecure against detector side-channel attacks.
While this initial work points to the superior performance of MDI QKD systems, core challenges remain. The fundamental security assumption adopted for MDI QKD systems, regarding the exclusive use of trustable source stations, cannot always be satisfied in practice. Our study revealed several side channels of source devices. The first is disclosed from the implementation of a decoy-state protocol, which is widely used in QKD systems with weak coherent sources. The pump-current-modulated intensities result in a timing mismatch between the signal and decoy states, violating the key assumption in the decoy-state QKD protocol. Moreover, an active Eve can break the basic assumption about photon numbers in the QKD system. In this work, we experimentally demonstrate a laser seeding attack on the laser source, which shows that Eve can increase the emission power of the laser diode. Furthermore, by shining a high-power laser into an optical attenuator, Eve can decrease the attenuation values. The increase in laser emission power and the decrease in attenuation leads to an increase in mean photon numbers.
In summary, MDI QKD is a milestone in quantum cryptography. However, this thesis indicates the importance of continued investigations into the practical security of MDI QKD. The analysis of practical security should be extended to other countermeasures against side-channel attacks and the source stations in MDI QKD systems. Practical quantum hacking and security analysis promote the development of quantum cryptographic systems, which will eventually achieve the unconditional security claimed in theory. | en |
