SINGAPORE, July 19, 2021 – Researchers at the National University of Singapore (NUS) have developed two methods to enable communication via quantum key distribution (QKD) to avoid side-channel attacks – cases in which attackers exploit weaknesses in the structure of the information system to eavesdrop on the exchange of secret keys.
QKD is a method of secure communication that uses quantum mechanics to encrypt information. Although the security of QKD is in principle unbreakable, if implemented incorrectly, attackers could steal important information.
The first method that researchers say is theoretical is an ultra-secure cryptography protocol that can be used on any communications network that needs long-term security. The second device, described as experimental, is a first of its kind that defends QKD systems against attacks with bright light pulses by creating a power threshold.
There are typically two measurement settings used in QKD – one to generate the key and the other to test the integrity of the channel. In a paper released earlier this year, the NUS team showed that its protocol allows users to independently test the other party’s encryption device by generating a secret key from two randomly chosen key generation settings instead of one. The researchers showed that introducing an additional set of key-generating measurements for users made it difficult for the eavesdropper to steal information.
“It’s a simple variation on the original protocol that started this field, but it can only be tackled now thanks to significant developments in mathematical tools,” said Professor Valerio Scarani, one of the inventors of this type of method and co-author of the Paper describing the current work. He is from the NUS Department of Physics and Center for Quantum Technologies.
Compared to the original “device-independent” QKD protocol, the researchers said the current protocol is easier to set up and more tolerant of noise and loss. It also offers users the highest level of security possible through quantum communication and allows them to independently verify their own key generation devices.
With the establishment of the team, all information systems created with “device-independent” QKD would be free of misconfigurations and incorrect implementations. “Our method enables data to be safe from attackers, even if they have unlimited quantum computing power,” says Assistant Professor Charles Lim from the NUS Department of Electrical and Computer Engineering and Center for Quantum Technologies, who led the two research projects. “This approach could result in a truly secure information system that eliminates all side-channel attacks and allows end users to easily and reliably monitor implementation security.”
A quantum power limiter device
In practice, quantum cryptography uses optical pulses with very low light intensity to exchange data via untrustworthy networks. The use of quantum effects can securely distribute secret keys, generate real random numbers and even generate banknotes that are mathematically forgery-proof.
However, experiments have shown that it is possible to inject bright pulses of light into the quantum cryptosystem in order to break its security. This side-channel attack strategy uses the way in which incident bright light is reflected to the outside environment in order to reveal the secrets of the quantum cryptosystem.
In their current work, NUS researchers developed an optical device to address this problem that relies on thermo-optic defocusing effects to limit the energy of incident light. The energy of the bright light changes the refractive index of the transparent plastic material embedded in the device and sends some of the light out of the quantum channel. This enforces a performance-limiting threshold.
The team’s power limiter can be seen as the visual equivalent of an electrical fuse, team members said, except that it’s reversible and won’t burn when the energy threshold is exceeded. It is very inexpensive and can be easily made with standard components. It also does not require electricity, so it can be easily added to any quantum cryptography system for greater implementation security.
“The rapid advances in quantum computing and algorithmic research mean that we can no longer take today’s toughest security software for granted,” said Lim. “Our two new approaches promise to ensure that the information systems we use for banks, health and use other critical infrastructures and data storage facilities to withstand possible future attacks. ”
The study was published in PRX quantum (www.doi.org/10.1103/PRXQuantum.2.030304).