Hacking commercial quantum cryptography systems by tailored bright illumination

TL;DR

This paper demonstrates that commercial quantum key distribution systems can be compromised remotely through tailored bright illumination, exposing a critical security loophole in detectors that could allow eavesdroppers to access secret keys.

Contribution

The study experimentally shows that detectors in commercial QKD systems can be fully controlled remotely using bright light, revealing a significant security vulnerability.

Findings

Detectors in two commercial QKD systems can be fully controlled remotely.

A practical eavesdropping method using off-the-shelf components is demonstrated.

Most QKD systems with avalanche photodiodes are vulnerable to this attack.

Abstract

The peculiar properties of quantum mechanics allow two remote parties to communicate a private, secret key, which is protected from eavesdropping by the laws of physics. So-called quantum key distribution (QKD) implementations always rely on detectors to measure the relevant quantum property of single photons. Here we demonstrate experimentally that the detectors in two commercially available QKD systems can be fully remote-controlled using specially tailored bright illumination. This makes it possible to tracelessly acquire the full secret key; we propose an eavesdropping apparatus built of off-the-shelf components. The loophole is likely to be present in most QKD systems using avalanche photodiodes to detect single photons. We believe that our findings are crucial for strengthening the security of practical QKD, by identifying and patching technological deficiencies.