Full-field implementation of a perfect eavesdropper on a quantum cryptography system

TL;DR

This paper demonstrates a full-field attack on a quantum key distribution system, revealing that practical imperfections can be exploited to compromise security without detection, highlighting the need for improved implementation security.

Contribution

It presents the first complete real-world attack on an active QKD system, exposing vulnerabilities due to physical imperfections.

Findings

Eavesdropper obtains the entire secret key

Attack remains undetected by monitored parameters

Physical implementation flaws are practically exploitable

Abstract

Quantum key distribution (QKD) allows two remote parties to grow a shared secret key. Its security is founded on the principles of quantum mechanics, but in reality it significantly relies on the physical implementation. Technological imperfections of QKD systems have been previously explored, but no attack on an established QKD connection has been realized so far. Here we show the first full-field implementation of a complete attack on a running QKD connection. An installed eavesdropper obtains the entire 'secret' key, while none of the parameters monitored by the legitimate parties indicate a security breach. This confirms that non-idealities in physical implementations of QKD can be fully practically exploitable, and must be given increased scrutiny if quantum cryptography is to become highly secure.