Memory Attacks on Device-Independent Quantum Cryptography
Abstract
Device-independent quantum cryptographic schemes aim to guarantee security to users based only on the output statistics of any components used, and without the need to verify their internal functionality. Since this would protect users against untrustworthy or incompetent manufacturers, sabotage, or device degradation, this idea has excited much interest, and many device-independent schemes have been proposed. Here we identify a critical weakness of device-independent protocols that rely on public communication between secure laboratories. Untrusted devices may record their inputs and outputs and reveal information about them via publicly discussed outputs during later runs. Reusing devices thus compromises the security of a protocol and risks leaking secret data. Possible defenses include securely destroying or isolating used devices. However, these are costly and often impractical. We propose other more practical partial defenses as well as a new protocol structure for device-independent quantum key distribution that aims to achieve composable security in the case of two parties using a small number of devices to repeatedly share keys with each other (and no other party).
- Publication:
-
Physical Review Letters
- Pub Date:
- January 2013
- DOI:
- 10.1103/PhysRevLett.110.010503
- arXiv:
- arXiv:1201.4407
- Bibcode:
- 2013PhRvL.110a0503B
- Keywords:
-
- 03.67.Dd;
- 03.67.Hk;
- 03.67.Mn;
- Quantum cryptography;
- Quantum communication;
- Entanglement production characterization and manipulation;
- Quantum Physics
- E-Print:
- 6+4 pages. Title updated to match published version. Expanded discussion of countermeasures. We wish to underline (in particular, for the benefit of any readers unfamiliar with the field) that our attacks apply to quantum cryptography in the scenario where the quantum devices used are completely untrusted, and not in the usual scenario in which the device manufacturers are trusted