Attacking quantum key distribution by light injection via ventilation openings

TL;DR

This paper demonstrates a side channel attack on quantum cryptography devices exploiting ventilation holes to inject light, potentially leaking secret keys and biasing random number generators, highlighting a new security vulnerability.

Contribution

It introduces a novel light injection attack exploiting ventilation openings, experimentally demonstrating its effectiveness on quantum key distribution and random number generators.

Findings

Light injection can leak secret key information.

Injected light biases quantum random number generator output.

Ventilation holes pose a security risk in quantum devices.

Abstract

Quantum cryptography promises security based on the laws of physics with proofs of security against attackers of unlimited computational power. However, deviations from the original assumptions allow quantum hackers to compromise the system. We present a side channel attack that takes advantage of ventilation holes in optical devices to inject additional photons that can leak information about the secret key. We experimentally demonstrate light injection on an ID~Quantique Clavis2 quantum key distribution platform and show that this may help an attacker to learn information about the secret key. We then apply the same technique to a prototype quantum random number generator and show that its output is biased by injected light. This shows that light injection is a potential security risk that should be addressed during the design of quantum information processing devices.