Security of QKD-systems with detector efficiency mismatch

Abstract

The rules of quantum mechanics makes it possible to exchange a secret key at a distance. This is called quantum key distribution (QKD). In theory the key exchange can be made completely secure. Real QKD implementations however, has numerous imperfections. Luckily one has also been able to prove the security of QKD with a large variety of imperfections. The field of QKD has matured over the recent years, and it has now reached commercial applications with photons as the quantum bits, and optical fibers as the quantum channel. Today there are at least three commercial vendors of QKD-systems. We live in the times of quantum hacking. Researchers has begun the task of breaking the security of QKD-systems. Many new imperfections has been discovered, some of which might be used to break the security of QKD. This thesis is a study of the detector efficiency mismatch loophole. Most QKD-systems require two detectors, and it is virtually impossible to make two identical detectors with the exact same efficiency. What is worse, it turns out that the eavesdropper can often control the relative efficiencies of the two detectors trough some domain, for instance by controlling the timing, the frequency or the spacial mode of the photons. This can in turn be used by the eavesdropper to gain information about the secret key. Previously the best known attack would compromise security if the detector efficiency mismatch of about 1:15. Here the current attacks on systems with detector efficiency mismatch are improved to compromise security for a mismatch of about 1:4. This is less than the mismatch found in a commercial QKD-system, so the attack could in principle be used to eavesdrop on this QKD-system. One might try to close the loophole by modifying the implementation. One suggestion is the four state Bob. The problem is that this patch will in turn open other loopholes, and one of these loopholes reopen the detector efficiency mismatch loophole. One can remove Eves information about the key by doing a sufficient amount of extra privacy amplification. Here a general security bound is presented, quantifying the required amount of extra privacy amplification to remove Eve's information about the key. The proof is more general than the previous security proof, and is valid for any basis dependent, possibly lossy, linear optical imperfections in the channel and receiver/detectors. Since this is more realistic assumptions for a QKD-implementation, the proof represents a major step of closing the loophole in real devices.