Attacking the quantum information channel

[Brother]

What are we talking about?​

Quantum information is a mixture of quantum physics and information technology. Quantum information consists of quantum computing, quantum teleportation and exchange, quantum key distribution, quantum authentication, quantum bits, and more. It has attracted considerable attention, especially quantum key distribution (English the Quantum Key Distribution.:, Of QKD ). QKD is considered to be unconditionally safe. But it turns out when QKD is used in practice, it can be vulnerable to attacks, "man in the middle" (Engl.: man-in-the-middle).

How do we attack?​

Man-in-the-middle attacks are well known in the security industry. A man-in-the-middle attacker (Mallory) is in the middle of two objects (Alice and Bob) that are being tricked by information. In other words, Mallory deceives Alice that he is Bob, and also deceives Bob that he is Alice. To achieve his goals, Mallory intercepts information coming from Alice and Bob and sends this information to another object.

Mallory = Man-in-the-middle

What are we attacking?​

There are several schemes for quantum key distribution, but we will only consider the man-in-the-middle attack on the BB84 protocol, which is well studied and described in many places. The man-in-the-middle attack can be used in a similar way to other schemes.

According to the BB84 protocol, two entities (Alice and Bob) begin a series of messages to share a quantum cryptographic key. But the man in the middle (Mallory) plays the role of Alice and Bob, because Alice and Bob have no way of verifying that they are talking to exactly the person they really want.

Footsteps attack​

Photon polarization

1. Alice sends a random series of bits, each bit encodes one of the four possible polarizations of the photon .
2. According to the BB84 protocol, Bob must randomly select a series of photon detectors to detect bits from Alice. During this time, Mallory intercepts photons from Alice and mimics Alice to send another random burst of bits to Bob. Bob randomly selects a series of photon detectors to detect the bits from Mallory, but Bob assumes the bits are from Alice.
3. Bob must tell Alice the series of detectors he was using. But Mallory intercepts what Bob said to Alice. The attacker then tells Alice a series of detectors that he used.
4. Also according to the BB84 protocol, Alice must tell Bob which of Bob's variants correctly detected her photons. But Mallory intercepts what Alice said to Bob and tells Bob which of Bob's variants correctly detected his photons.
5. Bob and Alice should only store the bits that were correctly detected and use them as their cryptographic key . But due to Mallory's attack, they don't have the same cryptographic key. In fact, Mallory uses different cryptographic keys with Alice and Bob, respectively.
6. According to the BB84 protocol, Bob and Alice must tell each other a small part of their code to check if there is an interceptor, since eavesdropping attempts can introduce errors into the code of Bob and Alice. If there is no interceptor, they can be sure to provide a shared cryptographic key.
7. However, Mallory intercepts what Alice tells Bob and tells Bob the code he shared with Bob. In the same way, Mallory can intercept what Bob tells Alice and tell Alice the code he shared with Alice. Alice and Bob may conclude that they have a secure shared key. But this is wrong!
8. Finally, Alice and Bob use a cryptographic key to encrypt and decrypt information. Mallory can intercept what Bob is saying to Alice, decrypt the information with the key shared with Bob, and send Alice the information encrypted with the key that Mallory shared with Alice.

Thus, the BB84 quantum cryptographic protocol is easily attacked using the well-known man-in-the-middle. It sounds creepy, but let's not panic ahead of time.

How do we defend ourselves?​

The man-in-the-middle attack works because the interacting objects have no way of making sure they are talking to the very person they really want to talk to. If communication is not noticeably delayed, then the two entities will not know if someone is reading all of their supposedly secret messages.

There are the following protection methods:

• Alice and Bob can use electronic signatures or other public key infrastructure components to verify that the sender is an authenticated person.
• Alice and Bob share a security key (or other protected information). One of the entities uses this key to encrypt the authentication message and sends the encrypted information to the other.
• Alice and Bob can share some Einstein-Podolsky-Rosen (EPR) pairs, and Alice inserts her part of the EPR pairs into the random bitstream sent in step 1 , and then informs Bob of the entangled EPR state. Bob can detect both interconnected RCS pairs from Alice and from himself in the same way and can determine if the pairs are correlated. If they don't match, there might be an interceptor. Therefore, they should discard the shared key.
• At step 6, Bob and Alice can tell each other a small part of their code ways to check, in one or more reliable ways, if there is an interceptor. This can be done via phone or email. This is how we know if there is eavesdropping.
• In step 6, Bob and Alice can release a small portion of their code for some time to make sure they can receive and verify information about each other. And it will not leak information in the BB84 protocol. If both parties can confirm that there is no error, the shared cryptographic key can be used to encrypt the information.
• Fortunately, in practice, a man-in-the-middle attack is difficult to implement, since Mallory is difficult to intercept information at every step. If Mallory cannot achieve this, the two entities may find that someone is eavesdropping on them or that Mallory is unable to launch the attack.

What are the prospects?​

The security of quantum cryptography is based on fundamental laws of physics such as the no-cloning quantum theorem and the uncertainty principle in quantum mechanics. The no-cloning quantum theorem also plays a very important role in quantum computing.
Man's cognition of natural phenomena is gradually increasing. When we learn more about the microcosmic properties of a quantum state, we can measure the quantum state without visible disturbances. When we know the structure of a quantum state, we can understand if there is a quantum state "gene" that can be used to clone it. And does the separation of this "gene" cause any interference?

As we know, it used to be considered impossible to clone humans or animals. With the development of science, people have learned to do this too.

Cloning humans and animals

But there are some difficulties in cloning, which are similar to the proof of the no-cloning theorem. Even if we can copy every part or cell of the body, we cannot combine them into a living being. If the theorem is wrong and we can copy many of the same quantum states, then there will be controversy in the field of quantum mechanics, especially quantum information. Then the quantum information channel (BB84 protocol in particular) can be attacked by cloning the quantum state.

Conclusion​

In this article, we looked at the quantum key distribution vulnerabilities based on the BB84 protocol. Science has proven that QKD is protected from many attacks. On the other hand, it is vulnerable to the common man-in-the-middle attack. However, scientists believe that quantum cryptography can be ideal when combined with classical cryptography, which has a myriad of ways to defend against various attacks.
Thank you for the attention