The Manipulate-and-Observe Attack on Quantum Key Distribution

TL;DR

This paper introduces a novel Manipulate-and-Observe attack on quantum key distribution, exploiting parity-leakage during reconciliation to drastically reduce security and potentially recover secret keys.

Contribution

It presents the first holistic threat model and attack method targeting parity-based reconciliation protocols in quantum key distribution.

Findings

The attack can fully recover keys in simulations of BB84 and Cascade protocols.

Parity-leakage can be exploited to reduce the search space from 2^n to as low as a single candidate.

The attack significantly lowers the security bounds of current quantum key distribution methods.

Abstract

Quantum key distribution is often regarded as an unconditionally secure method to exchange a secret key by harnessing fundamental aspects of quantum mechanics. Despite the robustness of key exchange, classical post-processing reveals vulnerabilities that an eavesdropper could target. In particular, many reconciliation protocols correct errors by comparing the parities of subsets between both parties. These communications occur over insecure channels, leaking information that an eavesdropper could exploit. Currently there is no holistic threat model that addresses how parity-leakage during reconciliation might be actively manipulated. In this paper we introduce a new form of attack, namely the Manipulate-and-Observe attack in which the adversary (1) partially intercepts a fraction $\rho$ of the qubits during key exchange, injecting the maximally tolerated amount of errors up to the 11 percent error threshold whilst remaining undetected and (2) probes the maximum amount of parity-leakage during reconciliation, and exploits it using a vectorised, parallel brute force filter to shrink the search space from 2n down to as few as a single candidate, for an n-bit reconciled key. We perform simulations of the attack, deploying it on the most widely used protocol, BB84, andthe benchmark reconciliation protocol, Cascade. Our simulation results demonstrate that the attack can significantly reduce the security below the theoretical bound and, in the worst case, fully recover the reconciled key material. The principles of the attack could threaten other parity-based reconciliation schemes, like Low Density Parity Check, which underscores the need for urgent consideration of the combined security of key exchange and post-processing.