Quantum Hacking on an Integrated Continuous-Variable Quantum Key Distribution System via Power Analysis

Abstract

In quantum key distribution (QKD), there are some security loopholes opened by the gaps between the theoretical model and the practical system, and they may be exploited by eavesdroppers (Eve) to obtain secret key information without being detected. This is an effective quantum hacking strategy that seriously threatens the security of practical QKD systems. In this paper, we propose a new quantum hacking attack on an integrated silicon photonic continuous-variable quantum key distribution (CVQKD) system, which is known as a power analysis attack. This attack can be implemented by analyzing the power originating from the integrated electrical control circuit in state preparation with the help of machine learning, where the state preparation is assumed to be perfect in initial security proofs. Specifically, we describe a possible power model and show a complete attack based on a support vector regression (SVR) algorithm. The simulation results show that the secret key information decreases with the increase of the accuracy of the attack, especially in a situation with less excess noise. In particular, Eve does not have to intrude into the transmitter chip (Alice), and may perform a similar attack in practical chip-based discrete-variable quantum key distribution (DVQKD) systems. To resist this attack, the electrical control circuit should be improved to randomize the corresponding power. In addition, the power can be reduced by utilizing the dynamic voltage and frequency scaling (DVFS) technology.

1. Introduction

Quantum key distribution is an unconditionally secure quantum communication technology that promises that the authorized sender (Alice) and receiver (Bob) can share common keys through an insecure quantum channel in the presence of a potential eavesdropper (Eve) [1,2]. At present, discrete-variable quantum key distribution (DVQKD) and continuous-variable quantum key distribution (CVQKD) are two main categories of QKD systems that have been proved to be secure against general attacks (e.g., photon number splitting attacks on DVQKD and collective attacks on CVQKD) based on some basic assumptions [2,3,4,5]. Moreover, fiber-based QKD has been implemented by many research groups in laboratories and in field environments [6,7,8,9,10], and free-space QKD has been also studied experimentally. To further establish quantum communication networks, it is essential to explore high-performance and cost-effective QKD systems. Therefore, the implemented optical components of QKD systems were integrated on a silicon photonic chip by researchers in order to realize stable, miniaturized, and low-cost systems [11,12,13,14,15,16]. In particular, CVQKD with Gaussian-modulated coherent states (GMCS) is a widely studied protocol that has been integrated and realized [16]. Here, we focus on the exploration of chip-based GMCS CVQKD systems.

In the initial security proofs of QKD systems, the involved devices are modeled as secure and perfect. However, there are some imperfections in real-world QKD implementations that might open security loopholes for Eves to successfully steal secret key information [17,18]. These kinds of attacks are an effective quantum hacking strategy. For example, in practical DVQKD systems, an Eve may exploit some vulnerabilities in the single photon detector to launch a time-shift attack [19], an after-gate attack [20], a blinding attack [21], etc. Similarly, there are some quantum hacking attacks in practical CVQKD systems, such as the local oscillator (LO) fluctuation attack [22], LO calibration attack [23], wavelength attack [24,25], and saturation attack [26]. In addition, laser damage attacks and laser seeding attacks on the senders of QKD systems have been proposed [27,28,29,30]. It is important to note that these proposed quantum hacking attacks have corresponding countermeasures. The research on quantum attack and defense has effectively promoted commercial applications of QKD.

There is no doubt that chip-based QKD systems are also assumed to be perfect in security proofs. However, there are some new imperfections in practical chip-based QKD systems. For example, it is inevitable that the integrated electrical control circuit of a transmitter chip in a state preparation produces power associated with key information [31], which may open a new security loophole for Eves. In this work, we mainly investigate a possible quantum hacking attack exploited by this loophole in a chip-based GMCS CVQKD system. Based on the state preparation process in the transmitter of the system, we first modeled the power. The potential relation between the power and key information can be found by using some classical machine learning algorithms. Then, we exploited a support vector regression (SVR) algorithm to show the attack [32], which was composed of on-line and off-line stages. In the off-line stage, the same system was utilized by the Eve to collect power data in different periods. By using the SVR model to train these data, the aforementioned correlation could be obtained by the Eve, and could be exploited to analyze key information in a real-time chip-based GMCS CVQKD system. These analyses show a complete quantum hacking attack, which is named a power analysis attack. The simulation results indicate that the attack seriously destroys the practical security of the system. In particular, in low-noise environments, this impact is more obvious. Of course, a similar power analysis attack may be launched in practical chip-based DVQKD systems. Importantly, the power can be randomized by improving the electrical control circuit to effectively resist this attack. The dynamic voltage and frequency scaling (DVFS) technology can also be adopted to reduce the power to resist this attack. This study is of significance in promoting the establishment of quantum communication networks.

This paper is organized as follows: In Section 2, the power analysis attack is described and modeled. Then, we analyze the secret key rates of chip-based GMCS CVQKD systems under the effects of this attack in Section 3. To close the loophole opened by the power, some countermeasures are discussed in Section 4. Finally, conclusions are presented in Section 5.

2. Description of the Power Analysis Attack

Figure 1a shows the transmitter (Alice) of an integrated silicon photonic CVQKD system, where the involved optical components (except the laser source) are integrated on a silicon photonic chip [16]. In the chip, the first and last modulators serve attenuators to adjust the intensity of the optical signal. The other modulators (an amplitude modulator and a phase modulator) are exploited by Alice to generate a series of Gaussian-modulated coherent states $|{\alpha }_A{\rangle }_u(u=1,2,\dots ,N)$ loaded with key information, where N is the total number of the generated states [7,16]. Based on the phase space, $|{\alpha }_A{\rangle }_u$ can be represented as

$$\begin{array}{cc}\hfill & |{\alpha }_A{\rangle }_u={\left|{\alpha }_A\right|}_u{e}^{i{\theta }_u}=x_{A,u}+i{p}_{A,u},\hfill \\ \hfill & x_{A,u}=|{\alpha }_A{|}_{u}cos{\theta }_u,p_{A,u}={\left|{\alpha }_A\right|}_{u}sin{\theta }_u,\hfill \end{array}$$

(1)

where $|{\alpha }_A{\rangle }_u$ and ${\theta }_u$ are the amplitudes and phases of these Gaussian-modulated states, respectively. In particular, $x_{A_u}$ and $p_{A_u}$ are random numbers that obey a Gaussian distribution $N(0,V_A{N}_0+N_0)$. Here, $N_0$ is the variance of shot noise.

In security proofs, the above state preparation is assumed to be perfect. However, it is inevitable that the integrated electrical control circuit of the transmitter chip generates power in the Gaussian modulation of practical chip-based CVQKD systems [31]. Here, the power produced by the integrated electrical circuit includes dynamic power $P_{dy}$ and static power $P_{st}$, where the dynamic power can be further divided into two parts: switching power $P_{sw}$ and short-circuit power $P_{sh}$. Moreover, $P_{sw}=C_L{V}_{dd}^2{H}_t{f}_c$, $P_{sh}=L{(V_{dd}-2V_T)}^3\tau f_c{H}_t$, $P_{st}=V_{dd}{I}_{leakage}$, where $C_L$ is the load capacitance, $V_{dd}$ is the supply voltage, $H_t$ is a trns factor, $f_c$ is the clock frequency, L is a technical parameter, $V_T$ is the threshold voltage, $\tau$ is the rise and fall time of the input signal, and $I_{leakage}$ is the leakage current [33]. In particular, the leakage current mainly includes the gate-induced drain leakage current, gate leakage current, reverse bias junction leakage current, and sub-threshold leakage current. These formulas for power indicate that the power is different when the operation statuses of the integrated control circuit are different. For the encoding of different key information, the required modulation voltages are different. Therefore, the power generated by the integrated electrical control circuit in the preparation process of these transmitted states should be different. Figure 1b depicts a possible power model during intensity modulation, where the power may decrease with the increase of the amplitude of the Gaussian-modulated coherent states. Figure 1c reveals a possible power model for phase modulation, where the power may be enhanced with the increase in the phase of the Gaussian-modulated states. According to Equation (1), the total power $P_u$ originating from the integrated electrical control circuit during Gaussian modulation should be hidden with a relation with random numbers $x_{A_u}$ or $p_{A_u}$, which is revealed in Figure 2. In particular, this relation is ambiguous in practical systems, and may be found by Eve through a classical machine learning algorithm. Therefore, the power originating from the integrated electrical control circuit of the transmitter of the practical chip-based CVQKD system may open a security loophole for Eve to successfully obtain key information, which seriously destroys the practical security of the system.

Figure 3 clearly introduces a complete power analysis attack, which includes two steps. The first step is off-line analysis. The purpose of this step is to explore the potential relationship between the key information and the power produced by the integrated electrical control circuit in state preparation. Specifically, Eve first utilizes an identical chip and a power meter to collect a series of power data originating from the integrated electrical control circuit in the preparation processes of different Gaussian-modulated coherent states, where Eve does not need to use some means to enter the transmitter chip. Then, some classical machine learning algorithms may be exploited by Eve to analyze the acquired data and get

$$\begin{array}{cc}\hfill & P=f\left(x_A\right),\hfill \\ \hfill & P=g\left(p_A\right),\hfill \end{array}$$

(2)

where P is the power variable and $x_A$ and $p_A$ are two quadrature variables of the Gaussian-modulated optical signal. The above correlation may be nonlinear. Therefore, a support vector regression (SVR) algorithm may be exploited by Eve to analyze data, which can be modeled as [32]

$$f\left(x_A\right)={\mathbf{W}}^T\mathsf{\Phi }\left(x_A\right)+b,$$

(3)

where $\mathsf{\Phi }(·)$ is a function that maps the input data into a higher dimensional space, $\mathbf{W}$ is the weight vector, and b is the bias. In order to achieve the optimal parameters $\mathbf{W}$ and b, the SVR model can be simplified as

$$min\frac{1}{2}{\Vert \mathbf{W}\Vert }^2+C\sum _{u=1}^N({\xi }_u+{\xi }_u^{*}),C>0,$$

(4)

subject to

$$\begin{array}{cc}\hfill & f\left(x_{A,u}\right)-P_u\le ϵ+{\xi }_u,\hfill \\ \hfill & P_u-f\left(x_{A,u}\right)\le ϵ+{\xi }_u^{*},\hfill \\ \hfill & {\xi }_u\ge 0,{\xi }_u^{*}\ge 0,ϵ>0,\hfill \end{array}$$

(5)

where C is a regularization parameter, and ${\xi }_u$ and ${\xi }_u^{*}$ respectively represent the upper and lower constraints in the outputs. In particular, $ϵ$ is the permissible error. Then, $\mathbf{W}$ can be calculated as

$$\mathbf{W}=\sum _{u=1}^N({\lambda }_u-{\lambda }_u^{*})\mathsf{\Phi }\left(x_{A,u}\right).$$

(6)

Here, ${\lambda }_u$ is the Lagrange multiplier. In addition, parameter b can also be calculated after $\mathbf{W}$ is obtained. According to Equations (3) and (6), the SVR model can be expressed by

$$\begin{array}{cc}\hfill f\left(x_A\right)& =\sum _{u=1}^N({\lambda }_u-{\lambda }_u^{*}){\mathsf{\Phi }}^T\left(x_{A,u}\right)\mathsf{\Phi }\left(x_A\right)+b\hfill \\ \hfill & =\sum _{u=1}^N({\lambda }_u-{\lambda }_u^{*})k(x_{A,u},x_A)+b,\hfill \end{array}$$

(7)

where $k(·,·)$ is a kernel function that includes three basic kernels: a polynomial kernel, linear kernel, and radial basis function (RBF). In general, the RBF kernel is a reasonable choice, as it is has low complexity and can solve the nonlinear relation. Here, the corresponding kernel function in Equation (7) should also be the RBF kernel, which is as follows:

$$k(x_{A,u},x_A)=exp\{-\gamma |x_A-x_{A,u}{|}^2\}.$$

(8)

Here, $\gamma$ indicates the scale parameter of the RBF kernel and determines model performance. In particular, the data collected by Eve in other time periods can serve as the test data. Based on the test data, the mean squared error ($MSE$) can be calculated as

$$MSE=\frac{1}{n_t}\sum _{i=1}^{n_t}{[f\left(x_{t,i}\right)-P_{t,i}]}^2,$$

(9)

where $n_t$ is the amount of the test data, and $x_{t,i}$ and $P_{t,i}$ are the values in test data. Here, $MSE$ reflects the performance of the SVR algorithm. The smaller the value of the $MSE$, the better the performance of the algorithm. It is important to note that the potential relation between $p_A$ and the power P can also be explored by using the SVR model presented by Equations (3)–(8). When Equation (2) is acquired by Eve, she can further get

$$\begin{array}{cc}\hfill & x_A=f^{-1}\left(P\right),\hfill \\ \hfill & p_A=g^{-1}\left(P\right).\hfill \end{array}$$

(10)

In a practical chip-based CVQKD system, Eve can exploit the acquired Equation (10) to steal key information by analyzing the power originating from the integrated electrical control circuit in state preparation, which is on-line analysis. This step is the core of the power analysis attack. Here, we define $P_a=1-MSE(0\le MSE<1)$ as the accuracy of the power analysis attack that reflects the attack strength. In addition, when $MSE\ge 1$, the performance of the algorithm is poor, which indicates that the attack is ineffective. In particular, a similar attack can also be implemented in practical chip-based DVQKD systems.

3. Security Analysis

The performance of a chip-based CVQKD system can be measured by the secret key rate and the maximal transmission distance of the system. Given the parameters $V_A$, T, $\epsilon$, $\eta$, and ${\nu }_{\mathrm{el}}$, the information shared by Alice and Bob can be calculated, as well as the maximal bound on the information available to the eavesdropper. Here, T and $\epsilon$ respectively represent the transmittance and excess noise of the quantum channel, which can be evaluated through parameter estimation. In addition, $\eta$ and ${\nu }_{\mathrm{el}}$ are the detector’s fixed parameters, which respectively indicate the working efficiency and electronic noise. The secret key rate K with n received pulses used for key establishment against collective attacks is expressed as [18,22,27,34]

$$K=\frac{n}{N}\left[\beta I_{AB}-S_{\mathrm{BE}}^{{ϵ}_{\mathrm{PE}}}-\Delta \left(n\right)\right],$$

(11)

where reverse reconciliation and a finite-size effect are considered, $n=N-m$, N is the total number of the received pulses, m gives the values used for parameter estimation, $\beta \in \left(0,1\right)$ is the reconciliation efficiency, $S_{\mathrm{BE}}^{{ϵ}_{\mathrm{PE}}}$ represents the maximal value of the Holevo information compatible with the statistics except for probability ${ϵ}_{\mathrm{PE}}$, and $I_{AB}$ represents the Shannon mutual information between Alice and Bob. Moreover, $\Delta \left(n\right)$ is a linear function of n that is related to the security of the privacy amplification. It can be given by [18,34]

$$\Delta \left(n\right)=7\sqrt{\frac{{log}_2\left(1/\phantom{1\overline{ϵ}}\overline{ϵ}\right)}{n}}+\frac{2}{n}{log}_2\frac{1}{{ϵ}_{\mathrm{PA}}},$$

(12)

where $\overline{ϵ}$ and ${ϵ}_{\mathrm{PA}}$, which are virtual parameters and can be optimized in the computation, denote the smoothing parameter and the failure probability of the privacy amplification, respectively. In addition, $\overline{ϵ}$ and ${ϵ}_{\mathrm{PA}}$ are usually set to be equal to ${ϵ}_{\mathrm{PE}}$ because the value of $\Delta \left(n\right)$ mainly depends on n. It is important to note that the power analysis attack does not affect the transmitted states and the measurement of the received states. Therefore, the attack does not affect the parameter estimation, which indicates that Equations (11) and (12) cannot be destroyed by the attack.

According to the above analysis, the secret key rate of a system under a power analysis attack should be given by

$$K_P=(1-P_a)\frac{n}{N}\left[\beta I_{AB}-S_{\mathrm{BE}}^{{ϵ}_{\mathrm{PE}}}-\Delta \left(n\right)\right].$$

(13)

Here, $I_{AB}$ can be derived from Bob’s measured variance $V_B$ and the conditional variance $V_{B|A}$ as

$$I_{AB}=\frac{1}{2}{log}_2\frac{V_B}{V_{B|A}}=\frac{1}{2}{log}_2\frac{V_A+1+{\chi }_{\mathrm{tot}}}{1+{\chi }_{\mathrm{tot}}},$$

(14)

where ${\chi }_{\mathrm{tot}}={\chi }_{\mathrm{line}}+{\chi }_{\mathrm{hom}}/T$ represents the total noise referred to the channel input, ${\chi }_{\mathrm{line}}=1/T-1+\epsilon$, and ${\chi }_{\mathrm{hom}}=[\left(1-\eta \right)+{\nu }_{\mathrm{el}}]/\eta$. In particular, $S_{\mathrm{BE}}^{{ϵ}_{\mathrm{PE}}}$ is determined by the following covariance matrix between Alice and Bob with a finite-size effect:

$$\begin{array}{cc}\hfill & {\mathsf{\Gamma }}_{AB}=\hfill \\ \hfill & \left[\begin{array}{cc}\left(V_A+1\right)\mathbb{I}& \sqrt{T_{min}\left(V_A^2+2V_A\right)}{\sigma }_z\\ \sqrt{T_{min}\left(V_A^2+2V_A\right)}{\sigma }_z& \left[T_{min}\left(V_A+{\epsilon }_{max}\right)+1\right]\mathbb{I}\end{array}\right],\hfill \end{array}$$

(15)

where matrices $\mathbb{I}=\left[\begin{array}{cc}1& 0\\ 0& 1\end{array}\right]$ and ${\sigma }_z=\left[\begin{array}{cc}1& 0\\ 0& -1\end{array}\right]$. Here, $T_{min}$ and ${\epsilon }_{max}$ respectively correspond to the lower bound of T and the upper bound of $\epsilon$, which are defined as

$$\begin{array}{cc}\hfill & T_{\min }={\left(t_{\min }\right)}^2,\hfill \\ \hfill & {\epsilon }_{\max }=\frac{{\sigma }_{\max }^2-1}{T}.\hfill \end{array}$$

(16)

According to Refs. [18,34], when m is large enough (e.g., $m>{10}^6$), $t_{min}$ and ${\sigma }_{\max }^2$ can be calculated as

$$\begin{array}{cc}\hfill & t_{\min }\approx \sqrt{T}-z_{{ϵ}_{\mathrm{PE}}/2}\sqrt{\frac{1+T\epsilon }{m{V}_A}},\hfill \\ \hfill & {\sigma }_{\max }^2\approx 1+T\epsilon +z_{{ϵ}_{\mathrm{PE}}/2}\frac{(1+T\epsilon )\sqrt{2}}{\sqrt{m}},\hfill \end{array}$$

(17)

where $z_{{ϵ}_{\mathrm{PE}}/2}$ follows $1-\frac{1}{2}\mathrm{erf}(z_{{ϵ}_{\mathrm{PE}}/2}/\sqrt{2})=\frac{1}{2}{ϵ}_{\mathrm{PE}}$, and $\mathrm{erf}(·)$ is the error function defined as $\mathrm{erf}\left(x\right)=\frac{2}{\sqrt{\pi }}{\int }_0^x{e}^{-t^2}dt$. Then, $S_{\mathrm{BE}}^{{ϵ}_{\mathrm{PE}}}$ can be acquired by

$$S_{\mathrm{BE}}^{{ϵ}_{\mathrm{PE}}}=\sum _{i=1}^{2}G\left(\frac{{\lambda }_i-1}{2}\right)-\sum _{i=3}^{5}G\left(\frac{{\lambda }_i-1}{2}\right),$$

(18)

where $G\left(x\right)=\left(x+1\right){log}_2\left(x+1\right)-x{log}_{2}x$, ${\lambda }_i\ge 1$ are symplectic eigenvalues derived from covariance matrices, which can be written as

$$\begin{array}{cc}\hfill {\lambda }_{1,2}^2=& \frac{1}{2}(A\pm \sqrt{A^2-4B}),\hfill \\ \hfill {\lambda }_{3,4}^2=& \frac{1}{2}(C\pm \sqrt{C^2-4D}),\hfill \\ \hfill {\lambda }_5=& 1,\hfill \end{array}$$

(19)

where

$$\begin{array}{cc}\hfill A& ={(V_A+1)}^2-2T_{\min }(V_A^2+2V_A)\hfill \\ \hfill & +{[T_{\min }(V_A+{\epsilon }_{max})+1]}^2,\hfill \\ \hfill B& ={[(T_{\min }{\epsilon }_{max}+1)(V_A+1)-T_{\min }{V}_A]}^2,\hfill \\ \hfill C& =\frac{A{\chi }_{\mathrm{hom}}+(V_A+1)\sqrt{B}+T_{\min }(V_A+{\epsilon }_{max})+1}{\eta T_{\min }(V_A+{\epsilon }_{max})+1+{\nu }_{\mathrm{el}}},\hfill \\ \hfill D& =\frac{\sqrt{B}(V_A+1)+B{\chi }_{\mathrm{hom}}}{\eta T_{\min }(V_A+{\epsilon }_{max})+1+{\nu }_{\mathrm{el}}}.\hfill \end{array}$$

(20)

Eventually, based on Equations (12)–(20), one can evaluate the secret key rate of a system under a power analysis attack.

Figure 4 depicts the relationship between the secret key rate and the transmission distance for a practical chip-based CVQKD system under the effects of a power analysis attack when $P_a=0,0.3,0.5,0.7$. In particular, $P_a=0$ indicates that the attack was not carried out, i.e., the ideal case. The fixed parameters for the simulation are set as [16]: $V_A=7.07$ (in shot-noise units), $\eta =0.498$, ${\nu }_{\mathrm{el}}=0.0691$ (in shot-noise units), $\beta =98\%$, $\epsilon =0.0934$ (in shot-noise units), and $ϵ={10}^{-10}$, $m=0.5\times N$, respectively. It is obvious that the secret key rate $K_P$ evaluated by Alice and Bob under the effects of the power analysis attack are reduced compared with the ideal value. The difference between the attacked secret key rate and the ideal value indicates the key information obtained by Eve.

Figure 5 describes the secret key rate versus the transmission distance under different excess noise levels (i.e., $\epsilon =0.0934,0.01$) when $P_a=0.7$. The other simulation parameters remain unchanged. We find that Eve can acquire more secret key information in the case of less excess noise under the same attack strength.

More importantly, defending against power analysis attacks is a key task for establishing a quantum communication network, which is discussed in the next section.

4. Countermeasures

A complete power analysis attack is shown in the above analysis. The potential relation between key information and the power produced by the integrated electrical control circuit in state preparation is a security loophole exploited by Eve in the attack. Therefore, the electrical control circuit can be improved by randomizing the power to close this loophole, thus effectively resisting this attack. In addition, the pipeline structure and parallel structure can be adopted to optimize the electrical control circuit to reduce the power.

Apart from the above countermeasures, dynamic voltage and frequency scaling (DVFS) technology can be applied to reduce the dynamic power. The workflow of DVFS is as follows [35]:

Step 1: The signal related to system load is collected to calculate the current system load for the integrated electrical control circuit;

Step 2: Based on the current system load, the required performance is predicted for the control circuit system;

Step 3: The prediction performance is converted into the required frequency to adjust the clock setting of the integrated control circuit;

Step 4: According to the acquired frequency, the corresponding voltage can be obtained. Then, based on the acquired voltage, the central processing unit (CPU) voltage can be adjusted.

Figure 6 shows a flowchart of a fast DVFS algorithm, where the judged condition is that the integrated control circuit sends data. As shown above, steps 1 to 4 have been described. In particular, the principle of the power produced by the integrated electrical control circuit in chip-based DVQKD systems is similar to that of integrated CVQKD systems. Therefore, these countermeasures can also be applied to resist similar attacks in chip-based DVQKD systems.

5. Conclusions

We have proposed a quantum hacking attack—namely, the power analysis attack—on an integrated silicon photonic CVQKD system. We first modeled the possible power originating from the integrated electrical control circuit in state preparation in the transmitter of the system, which clearly shows the correlation between the key information and the power. This correlation can be explored by Eve through some classical machine learning algorithms to steal key information, which indicates that the power produced by the electrical control circuit in state preparation can open a security loophole. Then, based on the SVR model, we showed a complete power analysis, which included off-line analysis and on-line real-time stealing. We found that Eve can acquire more key information in an environment with less excess noise through numerical analysis. In particular, a similar security loophole may also exist in chip-based DVQKD systems. Finally, electrical control circuits can be improved to effectively resist power analysis attacks. In addition, DVFS technology can also be applied to weaken the power. These countermeasures promote the application of QKD and the establishment of quantum communication networks.