QUANTA team at National University of Defense Sciences proposes new practical security standard for single-photon detectors in quantum key distribution systems
Recently, the QUANTA team at the Institute of Quantum Information and State Key Laboratory of High Performance Computing, School of Computer Science and Technology, National University of Defense has studied the behavior of the self-differential avalanche photodiode (SD APD, a single-photon detector enabling high-speed detection) used in high-speed quantum key distribution systems under strong pulsed light, and found that the SD APD detector, protected by existing practice standards, is potentially blinding by pulsed light. Based on the reasons for the blinding of SD APD, the team has improved the practice standard - proposing a new set of practice standards to protect the actual safety of SD APD.
The research results were published on September 29 in the journal Physical Review A under the title "The ability of strong-pulse illumination to break self-discrepant avalanche photodiode detectors in high-speed quantum key distribution systems" [1].
01What is a Self-Differential Avalanche Photodiode (SD APD)?
Quantum key distribution (QKD, quantum key distribtuion) allows two remote legitimate users to share a pair of keys, and its security is based on the basic principles of quantum mechanics. Nowadays, in order to improve the security key rate of the system, QKD systems usually use ready-to-measure QKD protocols (e.g. BB84 QKD protocol), and the detection side of such actual QKD systems may have potential security vulnerabilities. To achieve high speed detection of single photons in QKD systems, conventional gated avalanche photodiode (APD) detectors may no longer be suitable, due to the fact that conventional gated APD detectors typically require a long period of dead time to suppress the post-pulse noise generated by the APD avalanche effect. To increase the detection speed, the ability of the detector to sense weak avalanche signals can be improved by using self-differencing (SD, self-differencing), which enables high-speed detection of single photons. Therefore, SD APD detectors are commonly used in high-speed QKD systems.
The principle circuit of the SD APD detector. A DC bias voltage combined with a periodic gating signal is loaded backwards onto the APD. When the reverse bias voltage is higher than the breakdown voltage, a photon in the APD can lead to a detectable macroscopic avalanche current. However, the gating frequency loaded on both ends of the APD is so fast that the weak avalanche signal is often buried in the capacitive response generated by the APD. In order to remove the capacitive response, the SD APD detector uses the SD technique: first the read out APD response is divided into two sets of signals with the same amplitude halved by the SD circuit, and then one set of signals is subtracted from the other set by extending the gating period by a time delay circuit (1.6 ns for the tested SD APD detector), resulting in the elimination of the strong capacitive response of the weak avalanche signal and the residual capacitive response.
Although QKD has been shown to be theoretically information-theoretically secure, the actual physical implementation may have potential security vulnerabilities due to possible flaws in the actual device that do not fully satisfy the assumptions of the security proof. For example, the single photon detector (SPD) is the core device of the BB84 QKD system, which can be blinded by an eavesdropper using strong continuous light. In order to defend against such blinding attacks on detection devices, researchers have already proposed corresponding countermeasures for defense and implemented them in existing QKD systems.
In the case of SD APD, previous studies have found that it is also possible to be blinded. For this reason researchers have studied the behavior of SD APD detectors under strong continuous light and proposed a set of practice criteria to protect the practical safety of SD APD [2]. Under the protection of the practice criteria, once Eve uses strong continuous light to blind the SD APD detector, the blinding photocurrent generated by the APD exposes the presence of Eve. In addition, the increase in BER caused by the residual capacitive response helps Bob to detect Eve.Therefore, with the protection of this practice standard, the SD APD detector can effectively resist the strong continuous light blinding attack.
However, the effectiveness of this practice standard under strong pulsed light has not been fully investigated. By designing experiments for strong pulsed light blinding attacks, the QUANTA team of National Defense University of Science and Technology has tested the effectiveness of the practice standard.
02Intense pulsed light blinding attack against SD APD detectors
In the strong pulse light blinding attack, Eve's attack operation is divided into two steps. The light pulse used to achieve blinding of the SD APD detector is the blinding light pulse, and the light pulse used to control the SD APD detector in response after blinding is achieved is the triggering light pulse. In the first step, Eve prepares the blinding light pulses with the same frequency as the SD APD detector gating frequency and sends them to Bob. when the SD APD detector receives the blinding light pulses, each blinding light pulse may trigger the SD APD detector to generate a stable periodic avalanche signal because of the high energy contained in the blinding light pulses. After SD processing, the differential amplitude of this signal may be significantly reduced below the threshold voltage set by the SD APD detector, thus achieving blinding of the SD APD detector. After the blinding is completed, Eve triggers the SD APD detector by selecting a trigger light pulse with a specific energy in the second step of the operation. The energy level needs to be such that the SD APD detector will respond when Bob's base selection is consistent with Eve's, and the detector will not respond when the base selection is not consistent.
Flowchart of strong pulse light blinding attack
In this experiment, the QUANTA team at the National University of Defense Technology experimentally demonstrated that the SD APD detector in the QKD system protected by existing practice standards can be directly blinded by strong pulsed light with the same repetition frequency as the gating frequency of the detector; after the SD APD detector is blinded, the detection probability of the blinded SD APD detector is achieved from 0% to 100% by combining with the pseudo-state attack. 100% control. This study shows that SD APD detectors can be successfully compromised by pulsed light blinding attacks, which may compromise the security of high-speed QKD systems that use SD APD detectors.
Schematic diagram of the experimental setup. The red line represents the optical signal and the blue line represents the electrical signal. AWG, arbitrary wave generator; LD, laser diode; VOA, variable optical attenuator; EDFA, erbium-doped fiber amplifier; BS, beam splitter; OPM, optical power meter; SD APD, self-differentiating avalanche photodiode detector.
The detection probability as a function of trigger pulse energy for different numbers of blinding pulse energies, which shows that the detection probability can vary from 0% to 100% as the trigger pulse energy increases.
03Proposed improved safety practice standards
Based on the differences between the experimental results and the existing practice standards, the QUANTA team at the National Defense University of Science and Technology proposes a new set of practice standards for SD APD detectors to defend against pulsed light blinding attacks on SD APD detectors.
The specific criteria are as follows.
a) Use a bias resistor of suitable resistance. The bias resistor should be limited to slightly reducing the reverse bias bias voltage to help stop the avalanche effect, without rapidly pulling down the reverse bias voltage at both ends of the APD, which helps prevent the SD APD detection from being blinded.
b) Use an optical power limiter or optical fuse at the detection end. Add a special passive component, such as an optical power limiter or optical fuse, to the input of the SD APD detector to sense and resist transient strong pulses of light, which can prevent strong pulses of light from entering the SD APD detector.
If filters are to be used, be sure to use a filter with a suitable passband. The filter used should only be used to filter out electrical noise within the SD APD and not the residual capacitive response, which ensures that the SD APD detector performance is not degraded while resisting strong blinding pulsed light attacks.
Set a suitable threshold voltage. A suitable threshold voltage not only reduces the interference of the SD APD detector by the temperature variations of the operating environment and the noise generated by the long operation time, but also senses a significant reduction of the reverse bias voltage by the residual capacitive response.
Carefully monitor the transient characteristics of the avalanche signal before and after SD processing after the filtering circuit. Carefully design the monitor to sense the transient changes in the signal and verify that doing so does not introduce other vulnerabilities.
04Improving the practical security of high-speed QKD systems
In this experiment, the research team of National Defense University studied the behavior of SD APD detectors under strong pulsed light. Based on the test results, the team found that strong pulsed light exhibits blinding stability and can help eavesdropper Eve steal keys without introducing additional QBER, which can be an effective way for eavesdroppers to blind SD APD detectors.
In addition, the team proposes a novel set of practice criteria to protect the practical security of SD APD detectors to enhance the practical security of SD APD detectors. This work contributes significantly to improving the security of practical high-speed QKD systems.
Reference links:
[1]https://journals.aps.org/pra/abstract/10.1103/PhysRevA.106.033713
[2]https://journals.aps.org/prapplied/abstract/10.1103/PhysRevApplied.9.044027
