Secure communication is a fundamental resource for modern society. Each
time we make an “online” purchase with our credit cards, conduct
financial transactions using Internet banking or transmit medical or
genetic data, we should be concerned about secure communication. The
security of classical cryptographic solutions is often based on unproven
computational assumptions. That is, these solutions are vulnerable to
both algorithms and hardware advances and, therefore, they cannot
provide long-term security. Indeed, the tremendous progress made
recently in the development of a quantum computer seriously jeopardizes
the security of all public-key classical cryptography—the most
widely-used technique to protect our communications nowadays.

Quantum key distribution (QKD), on the other hand, holds the promise of
achieving the Holy Grail of cryptography—absolute security in
communications despite the computational capability of an adversary,
which is only limited by the laws of Physics—and thus it is a perfect
solution to assure long-term security. Unfortunately, however, this
statement is only true in theory, and the security of QKD
implementations is seriously threatened by quantum hacking. This is so
because typical experimental QKD realizations do not satisfy the
requirements imposed by the theory to guarantee security. For instance,
real devices behave differently from the theoretical models assumed in
the security proofs. Also, security proofs usually consider the
existence of a protected space devoid of any unwanted information
leakage in which the legitimate parties can privately generate, process
and store their classical data. That is, they assume that the QKD
systems are free of covert channels and all their optical/electronic
devices, as well as their classical post-processing units are honest and
located in perfectly shielded labs. However, all these assumptions are
very hard (if not impossible) to guarantee in practice. Indeed, the
behaviour of real devices is affected by the environmental conditions
and can depend on their response to external signals, unawarely
triggered by a legitimate user, or maliciously injected into the QKD
system by the adversary. Also, the adversary could modify the hardware
of the QKD setup, or infect its software with malware, to make it fail
at a crucial time, or to hide a backdoor that leaks crucial data to the
channel. Note that this type of attacks is a fundamental problem even in
conventional cryptographic systems.

In this ambitious project we aim to relax these unrealistic and hardly
feasible assumptions and develop security proof techniques which could
be used to prove the security of existing practical QKD implementations.
That is, the goal is to develop a general formalism, which will include
typical imperfections of real devices, to prove the security of
practical QKD setups when some of its optical/electronic devices and
classical post-processing units could be corrupted. Also, here we will
evaluate the realistic situation where the optical devices which are
honest do not lie inside private spaces inaccessible to the adversary
but they could leak part of its internal information to the channel.
Importantly, the results of this project would apply to conventional
QKD, “device-independent” QKD and “measurement-device- independent” QKD.
The achievement of these goals would represent a fundamental step
forward in bridging the gap between the theory and practice of QKD.