Quantum cryptography should not be confused with post-quantum cryptography (PQC). Unlike PQC and conventional cryptography, which rely on mathematical approaches, the security of quantum cryptography is based on the laws of quantum physics.
Investigating Potential Physical Attacks on QKD Systems
One of the main quantum cryptography protocols currently in use is Quantum Key Distribution (QKD). This method enables two users to exchange encryption keys, allowing them to securely encrypt and decrypt the data they share while preserving confidentiality and integrity.
“In theory, quantum cryptography guarantees absolute security, but practical implementations can introduce vulnerabilities," explains Mikael Carmona, Head of the Hardware Security Department at CEA-Leti. “For example, if an attacker gains access to a QKD system, there is a risk that the confidentiality of generated keys could be compromised through physical attacks."
This was precisely the focus of the three-year Carnot SEQUANCES project, led by CEA-Leti since early 2023. Its primary objective was to characterize potential physical attacks targeting the optical-to-digital interface of QKD systems, with the goal of advancing knowledge of the technology and contributing to its maturity.
“The support provided by the Carnot program was fundamental to this project," emphasizes Mikael Carmona. “It enabled us to conduct long-term research and helped finance the acquisition of a quantum cryptography system, which was essential for our study."
Side-Channel Attacks at the Optical-to-Digital Interface
What exactly is the optical-to-digital interface?
“In every key distribution system, quantum communication is carried out using photons transmitted through optical fibers," explains Loïc Mangin, Research Engineer at CEA-Leti and evaluator for the institute's ITSEF* laboratory. “At each end of the communication link, detectors capture these photons and analyze their properties before converting them into signals used to establish the encryption key."
The question was whether this interface could represent a vulnerability exploitable by attackers.
The project therefore investigated whether photon detection and processing could be subject to so-called side-channel observation attacks.
“For example, can information about the transmitted data be inferred from variations in power consumption?" continues Loïc Mangin. “Likewise, photon manipulation generates electromagnetic emissions. Is it possible to establish a correlation between these emissions and the secret information being transmitted?"
These questions had received very limited attention in the scientific literature until now.
Strengthening CEA-Leti's Expertise in Quantum Cryptography
The SEQUANCES project delivered important results for understanding the optical-to-digital interface of QKD systems. It has significantly strengthened CEA-Leti's expertise in quantum cryptography, complementing another initiative, QCommTestbed, funded by the French National Research Agency (ANR) through the Quantum PEPR program.
QCommTestbed brings together nine partners, including CEA-Leti, with the objective of establishing a coordinated national testing platform for quantum technologies in France.
“The knowledge developed through these two projects represents a major contribution to both the industrial and institutional quantum cryptography communities," concludes Mikael Carmona. “Thanks to this expertise, CEA-Leti, in its role as a ITSEF laboratory, is prepared to evaluate QKD systems as soon as the technology reaches a sufficient level of maturity."