Photon detectors have turned out to be an Achilles’ heel for quantum key distribution (QKD), inadvertently opening the door of Bob’s lab to subtle side-channel attacks, most famously
quantum hacking, in which a macroscopic light signal from Eve subverts Bob’s detectors into seeing all and only the “photons” she wants him to see. Recently Lo, Curty, and Qi (“LCQ”) have combined several preexisting ideas into what looks like an elegant solution for the untrusted detector problem, which they call measurement-device-independent QKD. In brief, they let Eve operate the detectors and broadcast the measurement results, but in a way that does not require Alice or Bob to trust anything she says.
Precursors of this approach include device-independent QKD, in which neither the light sources nor the detectors need be trusted (but unfortunately the detectors need to be impractically efficient) and time-reversed Bell-state methods, in which a Bell measurement substitutes for the Bell-state preparation at the heart of most entanglement-based QKD. It has also long been understood that quantum teleportation can serve as a filter to clean an untrusted quantum signal, stripping it of extraneous degrees of freedom that might be used as side channels. A recent eprint by Braunstein and Pirandola develops the teleportation approach into a mature form, in which side channel attacks are prevented by the fact that no quantum information ever enters Alice’s or Bob’s lab. (This paper is accompanied by an unusual “posting statement,” the academic analog of a Presidential signing statement in US politics. This sort of thing ought to be little needed and little used in our collegial profession.) Two more ingredients bring the LCQ proposal to an exciting level of practicality: weak coherent pulse sources, and decoy states. In the LCQ protocol, Alice and Bob each operate, and must trust, a local random number generator and a weak coherent source (e.g. an attenuated laser with associated polarization-control optics) which they aim at Eve, who makes measurements effectively projecting pairs of simultaneously-arriving dim light pulses onto the Bell basis. If Eve lies about which Bell state she saw, she will not be believed, because her reported results will be inconsistent with the states Alice and Bob know they sent. The final ingredient needed to keep Eve honest, the decoy-state technique introduced by W.Y. Hwang and subsequently developed by many others, prevents Eve from lying about the efficiency of her detectors, for example reporting a successful 2-photon coincidence only when she has received more than one photon from each sender. Fitting all the pieces together, it appears that the LCQ protocol would work over practical distances, with practical sources and detectors, and, if properly implemented, be secure against known attacks, short of bugging or eavesdropping on the interior of Alice’s or Bob’s lab.
Alice and Bob still need to trust their lasers, polarization and attenuation optics, and random number generators, and of course their control software. It is hard to see how Alice and Bob can achieve this trust short of custom-building these items themselves, out of mass-marketed commodity components unlikely to be sabotaged. A considerable element of do-it-yourself is probably essential in any practical cryptosystem, classical or quantum, to protect it from hidden bugs. CHB acknowledges helpful discussions with Paul Kwiat, who is however not responsible for any opinions expressed here.
The Quantum Cardinals