• The single photon detection efficiency of the detector unit is crucial for the security of common quantum key distribution protocols like Bennett-Brassard 1984 (BB84). A low value for the efficiency indicates a possible eavesdropping attack that exploits the photon receiver's imperfections. We present a method for estimating the detection efficiency, and calculate the corresponding secure key generation rate. The estimation is done by testing gated detectors using a randomly activated photon source inside the receiver unit. This estimate gives a secure rate for any detector with non-unity single photon detection efficiency, both inherit or due to blinding. By adding extra optical components to the receiver, we make sure that the key is extracted from photon states for which our estimate is valid. The result is a quantum key distribution scheme that is secure against any attack that exploits detector imperfections.
  • We propose an efficient strategy to attack a continuous-variable quantum key distribution (CV-QKD) system, that we call homodyne detector blinding. This attack strategy takes advantage of a generic vulnerability of homodyne receivers: a bright light pulse sent on the signal port can lead to a saturation of the detector electronics. While detector saturation has already been proposed to attack CV-QKD, the attack we study in this paper has the additional advantage of not requiring an eavesdropper to be phase locked with the homodyne receiver. We show that under certain conditions, an attacker can use a simple laser, incoherent with the homodyne receiver, to generate bright pulses and bias the excess noise to arbitrary small values, fully comprising CV-QKD security. These results highlight the feasibility and the impact of the detector blinding attack. We finally discuss how to design countermeasures in order to protect against this attack.
  • Quantum key distribution (QKD) promises information theoretic secure key as long as the device performs as assumed in the theoretical model. One of the assumptions is an absence of information leakage about individual photon detection outcomes of the receiver unit. Here we investigate the information leakage from a QKD receiver due to photon emission caused by detection events in single-photon detectors (backflash). We test commercial silicon avalanche photodiodes and a photomultiplier tube, and find that the former emit backflashes. We study the spectral, timing and polarization characteristics of these backflash photons. We experimentally demonstrate on a free-space QKD receiver that an eavesdropper can distinguish which detector has clicked inside it, and thus acquire secret information. A set of countermeasures both in theory and on the physical devices are discussed.
  • Models of quantum systems on curved space-times lack sufficient experimental verification. Some speculative theories suggest that quantum properties, such as entanglement, may exhibit entirely different behavior to purely classical systems. By measuring this effect or lack thereof, we can test the hypotheses behind several such models. For instance, as predicted by Ralph and coworkers [T C Ralph, G J Milburn, and T Downes, Phys. Rev. A, 79(2):22121, 2009, T C Ralph and J Pienaar, New Journal of Physics, 16(8):85008, 2014], a bipartite entangled system could decohere if each particle traversed through a different gravitational field gradient. We propose to study this effect in a ground to space uplink scenario. We extend the above theoretical predictions of Ralph and coworkers and discuss the scientific consequences of detecting/failing to detect the predicted gravitational decoherence. We present a detailed mission design of the European Space Agency's (ESA) Space QUEST (Space - Quantum Entanglement Space Test) mission, and study the feasibility of the mission schema.
  • Single-photon detectors in space must retain useful performance characteristics despite being bombarded with sub-atomic particles. Mitigating the effects of this space radiation is vital to enabling new space applications which require high-fidelity single-photon detection. To this end, we conducted proton radiation tests of various models of avalanche photodiodes (APDs) and one model of photomultiplier tube potentially suitable for satellite-based quantum communications. The samples were irradiated with 106 MeV protons at doses approximately equivalent to lifetimes of 0.6 , 6, 12 and 24 months in a low-Earth polar orbit. Although most detection properties were preserved, including efficiency, timing jitter and afterpulsing probability, all APD samples demonstrated significant increases in dark count rate (DCR) due to radiation-induced damage, many orders of magnitude higher than the 200 counts per second (cps) required for ground-to-satellite quantum communications. We then successfully demonstrated the mitigation of this DCR degradation through the use of deep cooling, to as low as -86 degrees C. This achieved DCR below the required 200 cps over the 24 months orbit duration. DCR was further reduced by thermal annealing at temperatures of +50 to +100 degrees C.
  • A security evaluation against the finite-key-size effect was performed for a commercial plug-and-play quantum key distribution (QKD) system. We demonstrate the ability of an eavesdropper to force the system to distill key from a smaller length of sifted-key. We also derive a key-rate equation that is specific for this system. This equation provides bounds above the upper bound of secure key under finite-key-size analysis. From this equation and our experimental data, we show that the keys that have been distilled from the smaller sifted-key size fall above our bound. Thus, their security is not covered by finite-key-size analysis. Experimentally, we could consistently force the system to generate the key outside of the bound. We also test manufacturer's software update. Although all the keys after the patch fall under our bound, their security cannot be guaranteed under this analysis. Our methodology can be used for security certification and standardization of QKD systems.
  • We demonstrate the experimental feasibility of a Trojan-horse attack that remains nearly invisible to the single-photon detectors employed in practical quantum key distribution (QKD) systems, such as Clavis2 from ID Quantique. We perform a detailed numerical comparison of the attack performance against Scarani-Acin-Ribordy-Gisin (SARG04) QKD protocol at 1924nm versus that at 1536nm. The attack strategy was proposed earlier but found to be unsuccessful at the latter wavelength, as reported in N.~Jain et al., New J. Phys. 16, 123030 (2014). However at 1924nm, we show experimentally that the noise response of the detectors to bright pulses is greatly reduced, and show by modeling that the same attack will succeed. The invisible nature of the attack poses a threat to the security of practical QKD if proper countermeasures are not adopted.
  • Satellite-based quantum terminals are a feasible way to extend the reach of quantum communication protocols such as quantum key distribution (QKD) to the global scale. To that end, prior demonstrations have shown QKD transmissions from airborne platforms to receivers on ground, but none have shown QKD transmissions from ground to a moving aircraft, the latter scenario having simplicity and flexibility advantages for a hypothetical satellite. Here, we demonstrate QKD from a ground transmitter to a receiver prototype mounted on an airplane in flight. We have specifically designed our receiver prototype to consist of many components that are compatible with the environment and resource constraints of a satellite. Coupled with our relocatable ground station system, optical links with distances of 3-10 km were maintained and quantum signals transmitted while traversing angular rates similar to those observed of low-Earth-orbit satellites. For some passes of the aircraft over the ground station, links were established within 10 s of position data transmission, and with link times of a few minutes and received quantum bit error rates typically 3-5%, we generated secure keys up to 868 kb in length. By successfully generating secure keys over several different pass configurations, we demonstrate the viability of technology that constitutes a quantum receiver satellite payload and provide a blueprint for future satellite missions to build upon.
  • Avalanche photodiodes (APDs) are a practical option for space-based quantum communications requiring single-photon detection. However, radiation damage to APDs significantly increases their dark count rates and reduces their useful lifetimes in orbit. We show that high-power laser annealing of irradiated APDs of three different models (Excelitas C30902SH, Excelitas SLiK, and Laser Components SAP500S2) heals the radiation damage and substantially restores low dark count rates. Of nine samples, the maximum dark count rate reduction factor varies between 5.3 and 758 when operating at minus 80 degrees Celsius. The illumination power to reach these reduction factors ranges from 0.8 to 1.6 W. Other photon detection characteristics, such as photon detection efficiency, timing jitter, and afterpulsing probability, remain mostly unaffected. These results herald a promising method to extend the lifetime of a quantum satellite equipped with APDs.
  • In the last decade, efforts have been made to reconcile theoretical security with realistic imperfect implementations of quantum key distribution (QKD). Implementable countermeasures are proposed to patch the discovered loopholes. However, certain countermeasures are not as robust as would be expected. In this paper, we present a concrete example of ID Quantique's random-detector-efficiency countermeasure against detector blinding attacks. As a third-party tester, we have found that the first industrial implementation of this countermeasure is effective against the original blinding attack, but not immune to a modified blinding attack. Then, we implement and test a later full version of this countermeasure containing a security proof [C. C. W. Lim et al., IEEE Journal of Selected Topics in Quantum Electronics, 21, 6601305 (2015)]. We find that it is still vulnerable against the modified blinding attack, because an assumption about hardware characteristics on which the proof relies fails in practice.
  • Practical quantum communication (QC) protocols are assumed to be secure provided implemented devices are properly characterized and all known side channels are closed. We show that this is not always true. We demonstrate a laser-damage attack capable of modifying device behaviour on-demand. We test it on two practical QC systems for key distribution and coin-tossing, and show that newly created deviations lead to side channels. This reveals that laser damage is a potential security risk to existing QC systems, and necessitates their testing to guarantee security.
  • Detector-device-independent quantum key distribution (ddiQKD) held the promise of being robust to detector side-channels, a major security loophole in QKD implementations. In contrast to what has been claimed, however, we demonstrate that the security of ddiQKD is not based on post-selected entanglement, and we introduce various eavesdropping strategies that show that ddiQKD is in fact insecure against detector side-channel attacks as well as against other attacks that exploit device's imperfections of the receiver. Our attacks are valid even when the QKD apparatuses are built by the legitimate users of the system themselves, and thus free of malicious modifications, which is a key assumption in ddiQKD.
  • In free-space quantum key distribution (QKD), the sensitivity of the receiver's detector channels may depend differently on the spatial mode of incoming photons. Consequently, an attacker can control the spatial mode to break security. We experimentally investigate a standard polarization QKD receiver, and identify sources of efficiency mismatch in its optical scheme. We model a practical intercept-and-resend attack and show that it would break security in most situations. We show experimentally that adding an appropriately chosen spatial filter at the receiver's entrance is an effective countermeasure.
  • Decoy-state quantum key distribution (QKD) is a standard technique in current quantum cryptographic implementations. Unfortunately, existing experiments have two important drawbacks: the state preparation is assumed to be perfect without errors and the employed security proofs do not fully consider the finite-key effects for general attacks. These two drawbacks mean that existing experiments are not guaranteed to be secure in practice. Here, we perform an experiment that for the first time shows secure QKD with imperfect state preparations over long distances and achieves rigorous finite-key security bounds for decoy-state QKD against coherent attacks in the universally composable framework. We quantify the source flaws experimentally and demonstrate a QKD implementation that is tolerant to channel loss despite the source flaws. Our implementation considers more real-world problems than most previous experiments and our theory can be applied to general QKD systems. These features constitute a step towards secure QKD with imperfect devices.
  • The security of quantum communication using a weak coherent source requires an accurate knowledge of the source's mean photon number. Finite calibration precision or an active manipulation by an attacker may cause the actual emitted photon number to deviate from the known value. We model effects of this deviation on the security of three quantum communication protocols: the Bennett-Brassard 1984 (BB84) quantum key distribution (QKD) protocol without decoy states, Scarani-Acin-Ribordy-Gisin 2004 (SARG04) QKD protocol, and a coin-tossing protocol. For QKD, we model both a strong attack using technology possible in principle, and a realistic attack bounded by today's technology. To maintain the mean photon number in two-way systems, such as plug-and-play and relativistic quantum cryptography schemes, bright pulse energy incoming from the communication channel must be monitored. Implementation of a monitoring detector has largely been ignored so far, except for ID Quantique's commercial QKD system Clavis2. We scrutinize this implementation for security problems, and show that designing a hack-proof pulse-energy-measuring detector is far from trivial. Indeed the first implementation has three serious flaws confirmed experimentally, each of which may be exploited in a cleverly constructed Trojan-horse attack. We discuss requirements for a loophole-free implementation of the monitoring detector.
  • An eavesdropper Eve may probe a quantum key distribution (QKD) system by sending a bright pulse from the quantum channel into the system and analyzing the back-reflected pulses. Such Trojan-horse attacks can breach the security of the QKD system if appropriate safeguards are not installed or if they can be fooled by Eve. We present a risk analysis of such attacks based on extensive spectral measurements, such as transmittance, reflectivity, and detection sensitivity of some critical components used in typical QKD systems. Our results indicate the existence of wavelength regimes where the attacker gains considerable advantage as compared to launching an attack at 1550 nm. We also propose countermeasures to reduce the risk of such attacks.
  • A quantum key distribution system may be probed by an eavesdropper Eve by sending in bright light from the quantum channel and analyzing the back-reflections. We propose and experimentally demonstrate a setup for mounting such a Trojan-horse attack. We show it in operation against the quantum cryptosystem Clavis2 from ID~Quantique, as a proof-of-principle. With just a few back-reflected photons, Eve discerns Bob's secret basis choice, and thus the raw key bit in the Scarani-Ac\'in-Ribordy-Gisin 2004 protocol, with higher than 90% probability. This would clearly breach the security of the cryptosystem. Unfortunately in Clavis2 Eve's bright pulses have a side effect of causing high level of afterpulsing in Bob's single-photon detectors, resulting in a high quantum bit error rate that effectively protects this system from our attack. However, in a Clavis2-like system equipped with detectors with less-noisy but realistic characteristics, an attack strategy with positive leakage of the key would exist. We confirm this by a numerical simulation. Both the eavesdropping setup and strategy can be generalized to attack most of the current QKD systems, especially if they lack proper safeguards. We also propose countermeasures to prevent such attacks.
  • We explore bright-light control of superconducting nanowire single-photon detectors (SNSPDs) in the shunted configuration (a practical measure to avoid latching). In an experiment, we simulate an illumination pattern the SNSPD would receive in a typical quantum key distribution system under hacking attack. We show that it effectively blinds and controls the SNSPD. The transient blinding illumination lasts for a fraction of a microsecond and produces several deterministic fake clicks during this time. This attack does not lead to elevated timing jitter in the spoofed output pulse, and hence does not introduce significant errors. Five different SNSPD chip designs were tested. We consider possible countermeasures to this attack.
  • We propose a class of attacks on quantum key distribution (QKD) systems where an eavesdropper actively engineers new loopholes by using damaging laser illumination to permanently change properties of system components. This can turn a perfect QKD system into a completely insecure system. A proof-of-principle experiment performed on an avalanche photodiode-based detector shows that laser damage can be used to create loopholes. After about 1 W illumination, the detectors' dark count rate reduces 2 to 5 times, permanently improving single-photon counting performance. After about 1.5 W, the detectors switch permanently into the linear photodetection mode and become completely insecure for QKD applications.
  • The influence of bright light on a single-photon detector has been described in a number of recent publications. The impact on quantum key distribution (QKD) is important, and several hacking experiments have been tailored to fully control single-photon detectors. Special attention has been given to avoid introducing further errors into a QKD system. We describe the design and technical details of an apparatus which allows to attack a quantum-cryptographic connection. This device is capable of controlling free-space and fiber-based systems and of minimizing unwanted clicks in the system. With different control diagrams, we are able to achieve a different level of control. The control was initially targeted to the systems using BB84 protocol, with polarization encoding and basis switching using beamsplitters, but could be extended to other types of systems. We further outline how to characterize the quality of active control of single-photon detectors.
  • Quantum teleportation [1] is a quintessential prerequisite of many quantum information processing protocols [2-4]. By using quantum teleportation, one can circumvent the no-cloning theorem [5] and faithfully transfer unknown quantum states to a party whose location is even unknown over arbitrary distances. Ever since the first experimental demonstrations of quantum teleportation of independent qubits [6] and of squeezed states [7], researchers have progressively extended the communication distance in teleportation, usually without active feed-forward of the classical Bell-state measurement result which is an essential ingredient in future applications such as communication between quantum computers. Here we report the first long-distance quantum teleportation experiment with active feed-forward in real time. The experiment employed two optical links, quantum and classical, over 143 km free space between the two Canary Islands of La Palma and Tenerife. To achieve this, the experiment had to employ novel techniques such as a frequency-uncorrelated polarization-entangled photon pair source, ultra-low-noise single-photon detectors, and entanglement-assisted clock synchronization. The average teleported state fidelity was well beyond the classical limit of 2/3. Furthermore, we confirmed the quality of the quantum teleportation procedure (without feed-forward) by complete quantum process tomography. Our experiment confirms the maturity and applicability of the involved technologies in real-world scenarios, and is a milestone towards future satellite-based quantum teleportation.
  • Quantum key distribution (QKD) allows two remote parties to grow a shared secret key. Its security is founded on the principles of quantum mechanics, but in reality it significantly relies on the physical implementation. Technological imperfections of QKD systems have been previously explored, but no attack on an established QKD connection has been realized so far. Here we show the first full-field implementation of a complete attack on a running QKD connection. An installed eavesdropper obtains the entire 'secret' key, while none of the parameters monitored by the legitimate parties indicate a security breach. This confirms that non-idealities in physical implementations of QKD can be fully practically exploitable, and must be given increased scrutiny if quantum cryptography is to become highly secure.
  • We report an automated characterization of a single-photon detector based on commercial silicon avalanche photodiode (PerkinElmer C30902SH). The photodiode is characterized by I-V curves at different illumination levels (darkness, 10 pW and 10 uW), dark count rate and photon detection efficiency at different bias voltages. The automated characterization routine is implemented in C++ running on a Linux computer.
  • We experimentally demonstrate that a superconducting nanowire single-photon detector is deterministically controllable by bright illumination. We found that bright light can temporarily make a large fraction of the nanowire length normally-conductive, can extend deadtime after a normal photon detection, and can cause a hotspot formation during the deadtime with a highly nonlinear sensitivity. In result, although based on different physics, the superconducting detector turns out to be controllable by virtually the same techniques as avalanche photodiode detectors. As demonstrated earlier, when such detectors are used in a quantum key distribution system, this allows an eavesdropper to launch a detector control attack to capture the full secret key without being revealed by to many errors in the key.
  • Entanglement witnesses such as Bell inequalities are frequently used to prove the non-classicality of a light source and its suitability for further tasks. By demonstrating Bell inequality violations using classical light in common experimental arrangements, we highlight why strict locality and efficiency conditions are not optional, particularly in security-related scenarios.