Cache-Side-Channel Analysis of QKD Software

Quantum cryptography is a promising approach to protect secret communication. It is based on the laws of quantum physics, which ensure that an attacker will be detected if he intercepts the communication. A prominent example of quantum crypto is Quantum Key Distribution (QKD). QKD is a promising candidate for post-quantum key exchange.
QKD consists of a physical part and a software part. In the physical part, the key material on Alice’s side is encoded into quantum properties of particles, usually photons. The particles are transmitted to Bob via a so-called quantum channel, and Bob measures their properties to recover the key material. In the software part, the key material on both sides is converted into a shared key.
Information leakage during the physical part can be quantified based on traces that an attacker inevitably leaves in intercepted particles. It is mitigated by privacy amplification, which increases the number of particles and compresses the resulting key in the software part. Information leakage during the software part can be quantified using Quantitative Information Flow (QIF) and mitigated by privacy amplification or, more traditionally, by program rewriting.When the physical and software parts are combined, new threats arise. For instance, an attacker might combine attacks on the physical part with cache-side-channel attacks, which exploit that a software unintentionally uses a shared cache in a secret-dependent way.
To assess the danger of cache-side-channel attacks on QKD-software implementations, our program analysis computes upper bounds on the cache-side-channel leakage of such implementations. The main novelty of our analysis is that it supports x86 binaries with floating-point instructions. As QKD software inherently deals with probabilities, e.g., to postprocess and correct imperfect measurements made during the particle transmission, floating-point support is crucial in this domain.
With our analysis, we assessed the cache-side-channel leakage of a QKD software that is in practical use for QKD setups at the department of physics at TU Darmstadt. We focus on simplified versions of two security-critical steps in the implementation, called error correction and privacy amplification. During our evaluation, we detected and mitigated a cache-side-channel vulnerability in the error-correction step, which might leak the entire secret key if unmitigated.


Downloads and Supplementary Material

  • Implementation of the program analysis: Download
  • Original QKD software: Download
  • Simplified functions for cache-side-channel analysis: Download
  • Functions hardened with the cache-side-channel mitigation: Download

A A A | Print | Imprint | Sitemap | Contact
zum Seitenanfang