Multiphoton and side-channel attacks in mistrustful quantum cryptography

TL;DR

This paper analyzes multiphoton and side-channel attacks in practical quantum cryptography, revealing vulnerabilities in current implementations and evaluating countermeasures through theoretical, experimental, and analytical methods.

Contribution

It provides a comprehensive theoretical framework for multiphoton attacks, introduces new attack strategies, and assesses the effectiveness of countermeasures in mistrustful quantum cryptography.

Findings

Multiphoton attacks can compromise protocol security.

Countermeasures based on selective reporting are inadequate.

Experimental demonstrations are vulnerable to these attacks.

Abstract

Mistrustful cryptography includes important tasks like bit commitment, oblivious transfer, coin flipping, secure computations, position authentication, digital signatures and secure unforgeable tokens. Practical quantum implementations presently use photonic setups. In many such implementations, Alice sends photon pulses encoding quantum states and Bob chooses measurements on these states. In practice, Bob generally uses single photon threshold detectors, which cannot distinguish the number of photons in detected pulses. Also, losses and other imperfections require Bob to report the detected pulses. Thus, malicious Alice can send and track multiphoton pulses and thereby gain information about Bob's measurement choices, violating the protocols' security. Here, we provide a theoretical framework for analysing such multiphoton attacks, and present known and new attacks. We illustrate the power of these attacks with an experiment, and study their application to earlier experimental demonstrations of mistrustful quantum cryptography. We analyse countermeasures based on selective reporting and prove them inadequate. We also discuss side-channel attacks where Alice controls further degrees of freedom or sends other physical systems.