Burning Things With Big Lasers In The Name Of Security

Several fields of quantum research have made their transition from research labs into commercial products, accompanied by grandiose claims. Are they as good as they say? We need people like Dr. Sarah Kaiser to independently test those claims, looking for flaws in implementation. At the 2019 Hackaday Superconference she shared her research on attacking commercially available quantum key distribution (QKD) hardware.

Don’t be scared away when you see the term “quantum” in the title. Her talk is very easy to follow along, requiring almost no prior knowledge of quantum research terminology. In fact, that’s the point. Dr. Kaiser’s personal ambition is to make quantum computing an inviting and accessible topic for everyone, not just elite cliques of researchers in ivory towers. You should hear her out in the video below, and by following along with the presentation slide deck (.PPTX).

Quantum Key Distribution

So why is QKD is so enticing? Unlike existing methods, the theoretical foundation is secure against any attacker constrained by the speed of light and the laws of physics.

Generally speaking, if your attacker is not bound by those things, we have a much bigger problem.

But as we know well, there’s always a difference between the theoretical foundation and the actual implementation of cryptography. That difference is where exploits like side-channel attacks thrive, so she started investigating components of a laser QKD system.

As a self-professed “Crazy Laser Lady”, part of this investigation examined how components held up to big lasers delivering power far outside normal operating range. This turned up exciting effects like a fiber fuse (~17:30 in the video) which is actually a plasma fire propagating through the fiber optic. It looks cool, but it’s destructive and useless for covert attacks. More productive results came when lasers were used to carefully degrade select components to make the system vulnerable.

If you want to learn more from Dr. Kaiser about quantum key distribution, she has a book chapter on the topic. (Free online access available, but with limitations.) This is not the first attempt to hack quantum key distribution, and we doubt it would be the last. Every generation of products will improve tolerance to attacks, and we’ll need researchers like our Crazy Laser Lady to find the reality behind advertised claims.