Insider Brief
- Russia is preparing its first quantum key distribution (QKD) system, developed by QRate, for formal certification, a crucial step before commercialization to ensure protection against known security loopholes and attacks.
- The study details the evaluation and testing of QRate’s fiber-optic system, using the BB84 protocol with decoy states, identifying several hardware vulnerabilities like detector attacks and proposing countermeasures such as photocurrent measurement.
- The certification process follows Russia’s national cryptographic standards, highlighting the growing importance of QKD technology in securing sensitive communications in geopolitical contexts.
One of Russia’s first certified quantum key distribution systems (QKD) system is ready to undergo formal certification to ensure its resilience against known security loopholes and attacks, a critical step before commercialization.
In a study on arXiv, the Russian-led international research team reports it prepared a fiber-optic QKD system for this certification process with a battery of tests, concluding that the system seems secure. This QKD system, which appears to be domestically produced, could be used to securely exchange encryption keys between two parties by leveraging the principles of quantum mechanics. This technology ensures that any attempt to eavesdrop on the key transmission can be detected, providing an unprecedented level of security for sensitive communications, such as in financial transactions or government communications.
The study focused on preparing a QKD system by the Russian company QRate for formal certification. The system, which uses the BB84 protocol with decoy states, explained below, is designed to transmit quantum keys through fiber optics with high levels of security. The study provides an in-depth evaluation of the system, focusing on identifying potential vulnerabilities and the measures required to close security loopholes.
According to the paper, the certification of QKD systems is a critical step in the technology’s development, enabling wider deployment by ensuring that they are resistant to known attacks. International standards for QKD are still evolving, but QRate’s system has undergone rigorous scrutiny as it prepares for Russia’s own certification procedures.
The team writes: “Preparing a QKD system for certification involves (i) documenting the system in sufficient detail for it to be analysed, analyzing it, patching the security loopholes found Sajeed et al. (2021), and proposing the requirements for future certification tests. These four steps should be completed by the developer of the QKD system and possibly involve an external security analysis team. Here we perform them for a commercial system from QRate, utilising the latest developments in vulnerabilities, countermeasures, and security proofs.”
Although Russian cryptographic standards are classified, the findings and processes outlined in the paper also offers a glimpse into those standards, as well as provided useful insights into the challenges faced in securing these advanced cryptographic systems.
The QRate System and BB84 Protocol
QRate’s QKD system employs a prepare-and-measure scheme based on the BB84 protocol with decoy states — a well-established quantum key distribution method that is widely regarded as secure. The system transmits polarized light pulses through optical fibers to securely share cryptographic keys between two parties, often named Alice and Bob, while preventing potential eavesdroppers, referred to as Eve, from accessing the information.
The study explains that the BB84 protocol’s use of decoy states — a method for detecting attempts to intercept or manipulate quantum keys — makes it particularly robust. In the QRate system, light pulses are encoded with information at a rate of 312.5 MHz, a notable speed that highlights its potential for real-world applications. Yet, even with this proven protocol, the authors of the study point out several potential vulnerabilities in the system’s hardware and optical components, which could be exploited if not addressed.
Identifying and Addressing Vulnerabilities
The researchers write that the certification process for QKD systems is not just about checking the encryption protocols; it also involves identifying hardware flaws that could open the door to attacks. The QRate system was found to have several potential vulnerabilities that could be exploited, such as weaknesses in the single-photon detectors (SPDs). SPDs, which are crucial for detecting the quantum bits (qubits) used in the transmission, can be vulnerable to attacks that manipulate the detection process.
The team also discusses “superlinear detector control,” a type of attack where an eavesdropper can overwhelm the system’s detectors with strong light pulses, effectively blinding them and making the system vulnerable. They propose countermeasures such as photocurrent measurement, which would detect when the system is being overloaded, to prevent such attacks.
In addition to SPD vulnerabilities, the system could be exposed to “after-gate attacks” and “falling-edge attacks,” both of which involve manipulating the timing of light pulses to exploit the system’s gating mechanisms. Addressing these timing-related vulnerabilities is complex, requiring precise engineering of the detectors and the quantum pulses.
The Russian Certification Process
As with most cryptographic systems, certification is essential for QKD systems to ensure their reliability and security. However, in Russia, the certification process for quantum technologies remains largely classified. The study points out that while the system has undergone rigorous internal analysis, the final certification will be carried out under Russia’s national cryptographic standards, which are not publicly available.
Despite this, the study offers an extensive outline of how QRate is preparing its system for certification, providing insights into the types of tests and evaluations required. The system will need to be tested for various optical vulnerabilities, detector mismatches, and potential side-channel attacks — where an attacker could gain information indirectly through flaws in the system’s implementation.
To mitigate the risks, QRate has implemented several hardware and software countermeasures. For example, the company has designed its system to be resistant to detector blinding attacks, a common vulnerability in QKD systems. They have also strengthened the system’s ability to handle timing mismatches in its detectors.
QKD’s National Importance
The study suggests that QRate’s system is being developed in a geopolitical context where the certification of QKD systems is becoming a matter of national importance. While international standards for quantum key distribution are still evolving, Russia is moving forward with its own certification process. This comes amid growing concerns over securing national communications infrastructure, particularly as quantum computing threatens to break traditional encryption methods in the future.
Quantum key distribution is seen as a critical technology in securing communications, not just for individuals and companies but also for governments. Scientists from China — represented on this team — have already made significant strides in deploying QKD in their communication networks, and Russia appears to be positioning itself to develop a domestic QKD systems like QRate’s.
- Research institutions involved in this include scientists from Russia, China, Thailand, Spain and Canada:
- Russia: Russian Quantum Center, Skolkovo; NTI Center for Quantum Communications, National University of Science and Technology MISiS; Steklov Mathematical Institute, Russian Academy of Sciences; QRate; National Research University Higher School of Economics
- Spain: Vigo Quantum Communication Center, University of Vigo; atlanTTic Research Center, University of Vigo
- Thailand: Department of Physics, Faculty of Science, Mahidol University; Quantum Technology Foundation, Bangkok
- Canada: Institute for Quantum Computing, University of Waterloo; Department of Physics and Astronomy, University of Waterloo
- China: Institute for Quantum Information & State Key Laboratory of High Performance Computing, National University of Defense Technology
While not officially labeled in the paper, the QKD system appears mostly domestically produced. However, the global makeup of the team at least suggests that it benefits some international expertise.
For a deeper, more technical look at the research, including details on a list of tests implemented by the team that we did not have space to cover in this summary article, please see the paper on arXiv.