Prisoners of their own device: Trojan attacks on device-independent quantum cryptography

Device-independent cryptographic schemes aim to guarantee security to users based only on the output statistics of any components used, and without the need to verify their internal functionality. Since this would protect users against untrustworthy or incompetent manufacturers, sabotage or device degradation, this idea has excited much interest, and many device-independent schemes have been proposed. We point out here a critical weakness of device-independent quantum cryptography for tasks, such as key distribution, that rely on public communication between secure laboratories. Untrusted devices may record their inputs and outputs and reveal encoded information about them in their outputs during later runs. Reusing devices thus compromises the security of a protocol and risks leaking secret data. Possible solutions include securely destroying used devices or isolating them until previously generated data need no longer be kept secret. However, such solutions are costly and impose severe constraints on the practicality of many device-independent quantum cryptographic schemes.

No comments:

Post a Comment