Contributed Talk 4b

Abstract: Recent studies have revealed critical source-side vulnerabilities in practical quantum key distribution systems. Despite their demonstrated risks, these threats receive limited attention in both academic discussions and practical implementations. To highlight the urgency of addressing source-side vulnerabilities, we will report two widespread but overlooked loopholes: the induced-photorefractive effect and the pattern effect, including a report of the first-time system-level attack against a running MDI-QKD. Except for the attack, we will also report countermeasures against the loopholes, including a fully-passive QKD architecture resistant to encoding side-channels and a correlation-immune QKD protocol mitigating the pattern effect. These works provide essential insights and solutions for advancing the practical deployment of secure QKD systems.

Abstract: Quantum key distribution (QKD) protocol has been proven to be informationally-theoretical security. Unfortunately, due to device imperfections in practice, QKD systems have exposed various vulnerabilities that are exploited by an eavesdropper to conduct quantum hackings, such as laser-seeding attacks, blinding attacks, etc. Most of these attacks currently remain only at the stage of possibility verification or white-box testing. In this paper, we propose and implemented plug-and-play attack on a QKD system as a black box, whose interface and access for the public are the only known information. Through this attack, we actively modified the gate positions and synchronization parameters of the QKD system during the calibration procedure, allowing the attack operate during the whole lifetime of the system running without being noticed. Furthermore, the implemented hacking system only connects to the quantum channel but has no access to the inside of QKD engine, which takes minutes to optimize the hacking parameters to start the eavesdropping. This work illustrates Eve's capability to successfully eavesdrop on keys from QKD systems under current conditions in a more intuitive and concrete way.

Abstract: In the recent breakthrough result (Mastel and Slofstra, STOC24), the authors show that there is a two-player one-round perfect zero-knowledge MIP* protocol for RE. We build on their result to show that there exists a succinct two-player one-round perfect zero-knowledge MIP* protocol for RE with polylog question size and O(1) answer size, or with O(1) question size and polylog answer size. To prove our result, we analyze the four central compression techniques underlying the MIP*=RE proof (Ji et al., arXiv:2001.04383) --- question reduction, oracularization, answer reduction, and parallel repetition --- and show that they all preserve the perfect (as well as statistical and computational) zero-knowledge properties of the original protocol. Furthermore, we complete the study of the conversion between constraint-constraint and constraint-variable binary constraint system (BCS) nonlocal games, which provide a quantum information characterization of MIP* protocols. While Paddock (arXiv:2203.02525) established that any near perfect strategy for a constraint-variable game can be mapped to a constraint-constraint version, we prove the converse, fully establishing their equivalence.

Abstract: In this work, we derive the first lifting theorems for establishing security in the quantum random permutation and ideal cipher models. These theorems relate the success probability of an arbitrary quantum adversary to that of a classical algorithm making only a small number of classical queries. By applying these lifting theorems, we improve previous results and obtain new quantum query complexity bounds and post-quantum security results. Notably, we derive tight bounds for the quantum hardness of the double-sided zero search game and establish the post-quantum security for the preimage resistance, one-wayness, and multi-collision resistance of constant-round sponge, as well as the collision resistance of the Davies-Meyer construction.