We explore the interplay between security and quantum information, along several axes, that range from quantum information theory to hardware security and standardization.
Hybrid Quantum Computational Cryptography
We develop new quantum cryptographic primitives in hybrid security model that consists in assuming limited-time quantum storage and short-term computational security of one-way functions. This models enables a novel construction, that we call Quantum Computational Timelock [QCT20], capable of offering everlasting security - inaccessible with computational-only techniques - while presenting higher versatility, better performances and lower implementation complexity than what can be achieved in the unconditional setting, for example when using QKD to perform key establishment.
[QCT20] Vyas, Nilesh, and Romain Alléaume. “Everlasting Secure Key Agreement with performance beyond QKD in a Quantum Computational Hybrid security model.” arXiv preprint arXiv:2004.10173 (2020).
Quantum Cryptographic Hardware Security
Quantum cryptography can guarantee security against a computationally unbounded adversary. However, when real-world implementations of quantum cryptographic protocols may still possess side channels, i.e. security vulnerabilities, if their implementation deviates significantly from the idealized models used in the security analysis. We have in particular identified novel vulnerabilities of continuous-variable QKD, and discovered the so-called quantum saturation [CVSatAttack16] and blinding attacks [CVBlinding18] , as well as effective counter-measures.
Within the ETSI QKD-Industry Standardization Group, and the European project OPENQKD, we are working at writing the first Protection Profile for a QKD system, following the Common Criteria methodology. In parallel, we are also working on defining a framework for attack rating: i.e. a classification of attacks that relates to a cost-benefit analysis, and can therefore serve as a guideline towards the prioritization of counter-measures. These actions pave the way towards evaluation security and certification of quantum cryptographic hardware.
[CVSatAttack16] Hao Qin, Rupesh Kumar, and Romain Alléaume, Quantum hacking: Saturation attack on practical continuous-variable quantum key distribution, Phys. Rev. A 94, 012325 (2016)
[CVBlinding18] Hao Qin, Rupesh Kumar, Vadim Makarov and Romain Alléaume, Homodyne detector blinding attack in continuous-variable quantum key distribution, Phys. Rev. A 98, 012312, (2018).