Galicia Quantum Technologies Hub

Pushing quantum communication systems to the limit over and over again. Such is the mission of quantum hackers at the service of science, experts capable of designing attacks on the most secure communication exchange protocols in our history in order to provide protection measures against potential intrusions with criminal intent. The quantum hacking group of the Vigo Quantum Communication Center (VQCC) collaborates with universities and businesses worldwide to contribute to this great challenge

Is there such a thing as a good hacker? Between the 1980s and the 1990s, a young Californian named Kevin Mitnick caused a stir among U.S. authorities with his ability to break into the security of computer systems that had hitherto seemed fail-safe. What began as a prank at the age of 16 with his school’s administrative system took on a much larger dimension. His infiltrations into the databases of businesses and government agencies landed him in jail several times and, after several years on the FBI’s most wanted list, he was arrested for the last time in 1995. After becoming a legend on the dark side, Mitnick went over to the other side as a white hat, the term used to refer to ethical hackers who work within the law to strengthen security in computer systems.

As quantum communication continues to advance as the promise of perfect security for information exchange in the future, it is important to stay ahead of those who already consider it an exciting challenge to break into the new protocols. The early state of this technology and, above all, its complexity mean that only a few people in the world are capable of jeopardizing communications based on the laws of quantum mechanics, and some of them are in Galicia.

The quantum hacking group of the Vigo Quantum Communication Center (VQCC)works to “break into the unbreakable,” in the words of one of its members, Konstantin Kzaitsev. Their task as good hackers is to don the disguise of villains to anticipate the tactics of would-be intruders and help create protective shields. In less metaphorical terms, they are engaged in testing evolving quantum communication systems to explore potential cracks and facilitate the design of countermeasures capable of preempting attacks by hackers with criminal intent.

The researcher at the VQCC illustrates in a few words why the skills of geniuses like Kevin Mitnick are useless in this new environment. “Classical hacking is a program-based activity; it’s all about mathematics. Quantum hacking is experiment-based; it’s all about physics. To hack a quantum communication system, you have to know it better than its developer,” he asserts.

Putting QKD to the test

Quantum key distribution (QKD) is the leading paradigm of perfect communication security, providing a theoretically inviolable environment for the sender and receiver to share a key over long distances to protect their information delivery. Typically, this is done using photons (particles of light) as vehicles, as they are particularly effective at maintaining their quantum properties over relatively long distances.

This is the context in which Kzaitsev and his colleagues work. “The quantum hacking that we perform consists of two parts. The boring part is a set of test routines for QKD configurations. We get a configuration that is a copy of a commercially available device on the market and try to launch quantum attacks on it. There are about twenty known attacks in the literature, so we check them one by one,” he explains. The fun part is inventing new assaults. “In general, one attack is added to the list every year. We also help prepare new security standards for QKD, a task that takes two to three years and they need to be updated once they are published,” he adds.

His work goes between deploying problems (quantum attacks) and potential solutions (countermeasures). As an example of a problem, Kzaitsev raises the possibility of disrupting the operation of a machine capable of measuring single photons –indispensable for QKD-based quantum communication– by sending a flash of bright light that will interfere with the exchange of secure keys, making it vulnerable. “It’s the same as what happens to your eyes when you go into the kitchen in the dark at night and someone suddenly turns on the light. For a few seconds, while your eyes don’t adapt, you’re blinded and you don’t know what’s going on. The same thing happens with single-photon detectors, we can blind them for a short period of time.”

To bring forward potential countermeasures, following the same analogy, the researcher proposes to enter the kitchen wearing sunglasses to avoid the blinding effect when someone turns on the light. “In quantum communication, an equivalent to these sunglasses was suggested. It’s called an optical limiter. Are sunglasses the best solution in such a situation? No, because when you wear them you can’t see anything while the kitchen is dark. Similarly, the optical limiter decreases the sensitivity of single-photon detectors, so it’s a poor countermeasure.”

In his work, the next step when a countermeasure fails is to look for alternatives. “When they turn on the light suddenly when I walk into the kitchen, I am startled. My temperature and my heartbeat increase. So, if I wear a fitness wristband, it detects the reaction. In the case of single-photon detectors, they react to a disturbance such as a beam of light from an intruder by increasing the current. This countermeasure is called a current detector and it does work,” says Kzaitsev.

An essential part of his project is precisely to help design a completely safe single-photon detector for quantum communication. “We have ideas for testing quantum random number generators and even quantum satellites,” he asserts.

An increasingly sophisticated game

In Kzaitsev’s experience, quantum hacking is becoming increasingly sophisticated, “because all the easy attacks are already known and it’s hard to come up with new ideas. But we do.”

In his view, the creators of quantum codes and those who seek to break them play a game from different sides. “It’s like chess. They create an a priori unbreakable system and we break it. They apply some countermeasures to nullify our attacks and we modify them to break their countermeasures. And so on and so forth,” he says.

One might think that disseminating the results of his work is a double-edged knife but, for Kzaitsev, the crime is to generate new knowledge and stow it away in a lab. “We do science and our sole purpose is to create and share ideas,” he says.

“Quantum cryptography still has too small an effect. To set up a quantum attack, even one well described in the literature, you would have to build a quantum lab and hire quantum hackers, and there are only between ten and twenty of them in the world now. In the years it may take you to set up that criminal operation, more secure algorithms will simply have been adopted.”

The project by the team at VQCC continues to develop within the framework of the Complementary Quantum Communications Plan (PCCC) and the project on quantum standards in cryptography led by Deutsche Telekom, in which they collaborate with scientists from other European countries, such as Germany, Austria, and Denmark.