RULING OUT A MAN-IN-THE-MIDDLE ATTACK IN QUANTUM CRYPTOGRAPHY” AYSAJAN ABIDIN and JAN-ÅKE LARSSON

Quantum Cryptography, or more accurately Quantum Key Distribution (QKD), is an unconditionally secure key growing technique based on the principles of quantum mechanics. It is unconditionally secure because no quantum state can be copied or measured without disturbing it. However, the practical implementation of QKD protocols requires an immutable public channel. In case the public channel is not immutable, the eavesdropper (Eve) can easily mount a “man-in-the-middle attack”, since Eve is in control of both the quantum and the public channels. For the attack to be successful Eve needs, among other things, to substitute the classical message from one legitimate user (Alice) to the other (Bob) without being noticed. To prohibit such an attack on QKD, proper message authentication is needed. Therefore, QKD is secure only if it is combined with an unconditionally secure message authentication scheme. In this paper we will review a recently proposed authentication protocol1 and point out that it is not secure. It has earlier been shown2 that an attack is possible against the “privacy amplification” step in a QKD protocol using the proposed authentication, but the attack presented here is more serious and enables a full man-in-the-middle attack on the whole system.