In a paper presented at the 26th Chaos Communication Congress (On December 27 in Berlin, Germany), the Quantum Hacking group at the Norwegian University of Science and Technology (NTNU; Trondheim, Norway) described "How you can build an eavesdropper for a quantum cryptosystem." The group says that it has demonstrated the first experimental implementation of this eavesdropper for a quantum cryptosystem by exploiting physical imperfections of the single-photon detectors used in these systems.
The intercept-resend attack and eavesdropping is performed under realistic conditions on an installed fiber-optic quantum key distribution line.
Because single-photon detectors based on passively quenched avalanche photodiodes are used in a number of quantum key distribution experiments, a vulnerability has been found in which these detectors can be temporarily blinded and then forced to produce a click in which an attack exploiting this vulnerability against a free-space polarization based quantum cryptosystem is feasible. By controlling the polarization of a bright beam the eavesdropper Eve can force any detector of her choice to fire in the legitimate receiver Bob, such that she gets full control of it without introducing additional errors. This allows Eve to run an intercept-resend attack without getting caught, and obtain a full copy of the transmitted secret key.
The system uses polarization encoding over 290 m of optical fiber spanning four buildings. A complete eavesdropper has been built, inserted at a mid-way point in the fiber line, and 100% of the secret key information has been recorded. Under attack, no significant changes in the system operating parameters have been observed by the legitimate users, which have happily continued to generate their 'secret' key.
For more information, go to events.ccc.de/congress/2009/Fahrplan/events/3576.en.html.