CEA-Leti has deepened its understanding of quantum cryptography’s vulnerabilities by focusing on a frequently overlooked point of attack: the interface between light and digital signals. The three-year Carnot SEQUENCES project specifically investigated physical attacks targeting the optical-to-digital interface of Quantum Key Distribution (QKD) systems. Unlike conventional and post-quantum cryptography, the security of QKD relies on the laws of quantum physics, meaning its weaknesses are physical, not mathematical. “In theory, quantum cryptography guarantees absolute security, but practical implementations can introduce vulnerabilities,” explains Mikael Carmona, Head of the Hardware Security Department at CEA-Leti. Funding from the Carnot program was fundamental to acquiring the quantum cryptography system essential for characterizing these potential attacks, highlighting the need for specialized infrastructure in this emerging field.
SEQUENCES Project: Investigating QKD System Vulnerabilities
The SEQUENCES project aimed to characterize potential physical attacks on QKD systems, specifically examining whether side-channel observation attacks could compromise key confidentiality. Researchers questioned if variations in power consumption or electromagnetic emissions during photon detection and processing could reveal transmitted data. Loïc Mangin, Research Engineer at CEA-Leti and evaluator for the institute’s ITSEF laboratory, detailed the core inquiry, which strengthens CEA-Leti’s capability to evaluate QKD systems as the technology matures and contributes significantly to both industrial and institutional quantum cryptography communities.
In theory, quantum cryptography guarantees absolute security, but practical implementations can introduce vulnerabilities.
Mikael Carmona, Head of the Hardware Security Department at CEA-Leti
Side-Channel Attacks Targeting Optical-to-Digital Interfaces
The increasing deployment of Quantum Key Distribution (QKD) systems has prompted investigation into potential vulnerabilities beyond the mathematical foundations of cryptography. This interface, where photons are converted into signals for key establishment, presents a unique attack surface distinct from conventional cryptographic weaknesses. Researchers explored whether side-channel observation attacks, exploiting unintended physical emissions, could compromise key confidentiality, specifically investigating if power consumption fluctuations or electromagnetic emissions during photon detection correlated with the transmitted data. “For example, can information about the transmitted data be inferred from variations in power consumption?” Mangin asked, highlighting the novel approach to security assessment. This line of inquiry received limited prior attention in scientific literature, underscoring the importance of the SEQUENCES project’s contribution. The results from SEQUENCES complement the QCommTestbed initiative, establishing a coordinated national testing platform for quantum technologies in France.
For example, if an attacker gains access to a QKD system, there is a risk that the confidentiality of generated keys could be compromised through physical attacks.
Mikael Carmona, Head of the Hardware Security Department at CEA-Leti
The project’s success was significantly enabled by funding from the Carnot program, which Carmona described as fundamental to acquiring a quantum cryptography system, a crucial piece of equipment for characterizing potential physical attacks. Loïc Mangin, Research Engineer at CEA-Leti, explains that in every key distribution system, quantum communication is carried out using photons transmitted through optical fibers, creating a potential point of vulnerability during photon detection and processing.
In every key distribution system, quantum communication is carried out using photons transmitted through optical fibers.
Loïc Mangin, Research Engineer at CEA-Leti and evaluator for the institute’s ITSEF* laboratory
