What are the main differences between intercept-resend attacks and photon number splitting attacks in the context of QKD systems?

/ / Published in Cybersecurity, EITC/IS/QCF Quantum Cryptography Fundamentals, Practical Quantum Key Distribution, Quantum hacking - part 1, Examination review

Quantum Key Distribution (QKD) systems represent a significant advance in the field of cybersecurity, leveraging the principles of quantum mechanics to enable secure communication. Within this domain, understanding the nuances of different attack vectors is important for developing robust defenses. Two prominent types of attacks that target QKD systems are intercept-resend attacks and photon number splitting (PNS) attacks. These attacks exploit different aspects of quantum communication protocols, and a detailed examination of their mechanisms, implications, and countermeasures is essential for a comprehensive understanding of QKD security.

Intercept-Resend Attacks

Intercept-resend attacks are among the most straightforward forms of attack on QKD systems. They exploit the fundamental process of quantum key exchange, typically exemplified by the BB84 protocol. In a BB84 protocol, the sender (Alice) transmits qubits in one of two bases (rectilinear or diagonal) to the receiver (Bob). Each bit of the key is encoded in the polarization state of a photon, and the security of the key relies on the fact that measuring a quantum state disturbs it.

In an intercept-resend attack, an eavesdropper (Eve) intercepts the photons sent by Alice, measures them, and then sends new photons to Bob based on her measurement results. The attack proceeds as follows:

1. Interception and Measurement: Eve intercepts each photon sent by Alice and measures it in a randomly chosen basis (rectilinear or diagonal). This step introduces a disturbance since the choice of basis by Eve may not match the basis used by Alice.
2. Resending: After measuring the photon, Eve resends a new photon to Bob, prepared in the state that she measured.
3. Detection and Error Rates: Bob receives these photons and measures them in a basis he randomly chooses. Due to the disturbance introduced by Eve’s measurement, there will be an increase in the error rate of the key bits when Alice and Bob compare a subset of their key bits to check for eavesdropping.

The primary indicator of an intercept-resend attack is an increased quantum bit error rate (QBER). In the absence of an eavesdropper, the QBER should be relatively low, typically around 25% for randomly chosen bases. However, if Eve is intercepting and resending photons, the QBER will rise significantly, alerting Alice and Bob to the presence of an eavesdropper.

Photon Number Splitting (PNS) Attacks

Photon number splitting attacks take advantage of the imperfections in practical QKD systems, particularly those that use weak coherent pulses rather than single-photon sources. Weak coherent pulses, used in many real-world QKD implementations, often contain multiple photons, even though the mean photon number per pulse is kept low.

The PNS attack exploits this by selectively interacting with multi-photon pulses. The attack proceeds as follows:

1. Splitting: When Alice sends a weak coherent pulse, Eve intercepts it and performs a non-demolition measurement to determine the number of photons in the pulse. If the pulse contains more than one photon, Eve can split off one photon and allow the remaining photons to continue to Bob, leaving the quantum state of the pulse largely undisturbed.
2. Storage and Measurement: Eve stores the split-off photon and waits until Alice and Bob publicly announce their basis choices for key reconciliation. Once the bases are known, Eve measures her stored photon in the correct basis, gaining information about the key without introducing errors.
3. Detection and Error Rates: Since Eve only interacts with multi-photon pulses and does not disturb the single-photon pulses, the QBER remains low, making the attack more difficult to detect compared to intercept-resend attacks.

The effectiveness of PNS attacks is mitigated by the use of decoy states, a technique where Alice randomly varies the intensity of the pulses. By comparing the detection rates of different intensity pulses, Alice and Bob can detect the presence of an eavesdropper performing a PNS attack.

Comparative Analysis

The primary difference between intercept-resend and PNS attacks lies in their mechanisms and the type of QKD systems they target.

1. Mechanism of Attack:
Intercept-Resend Attack: Directly measures and resends photons, causing detectable disturbances.
PNS Attack: Exploits multi-photon pulses in weak coherent states, causing minimal disturbance.

2. Targeted Systems:
Intercept-Resend Attack: Applicable to any QKD system, including those using single-photon sources.
PNS Attack: Specifically targets systems using weak coherent pulses.

3. Detection:
Intercept-Resend Attack: Results in a higher QBER, making it easier to detect.
PNS Attack: Maintains a low QBER, making it harder to detect without additional countermeasures like decoy states.

4. Countermeasures:
Intercept-Resend Attack: Detection through monitoring QBER and implementing error correction and privacy amplification.
PNS Attack: Use of decoy states to detect and mitigate the attack.

Examples and Practical Implications

Consider a practical QKD system implementing the BB84 protocol with weak coherent pulses. In such a system, intercept-resend attacks would manifest as an increased QBER. For instance, if Alice sends a series of photons, and Eve intercepts and resends them, Bob's measurements will show a higher error rate when Alice and Bob compare their bases. This increased error rate would signal the presence of an eavesdropper, prompting Alice and Bob to discard the compromised key bits and attempt a new key exchange.

In contrast, a PNS attack on the same system would be more insidious. Suppose Alice sends pulses with a mean photon number of 0.1. Some pulses will contain multiple photons. Eve, using a photon number splitting device, could split off one photon from these multi-photon pulses and store it. After Alice and Bob announce their bases, Eve measures her stored photons in the corresponding bases, gaining information about the key without introducing detectable errors. To counter this, Alice and Bob would use decoy states, sending pulses with varying intensities and comparing detection rates to identify discrepancies indicative of a PNS attack.Understanding the distinctions between intercept-resend and photon number splitting attacks is vital for enhancing the security of QKD systems. While intercept-resend attacks are more straightforward and easier to detect due to the increased QBER, PNS attacks exploit the practical limitations of weak coherent pulses, requiring more sophisticated countermeasures like decoy states. By comprehensively analyzing these attack vectors and implementing appropriate defenses, the robustness of QKD systems can be significantly improved, ensuring secure quantum communication.

Other recent questions and answers regarding EITC/IS/QCF Quantum Cryptography Fundamentals:

View more questions and answers in EITC/IS/QCF Quantum Cryptography Fundamentals

More questions and answers:

Tagged under: , , , , ,