Cache-Side-Channel Quantification and Mitigation for Quantum Cryptography

Quantum cryptography allows one to transmit secret information securely, based on the laws of quantum physics. It consists of (1) the transmission of physical particles like photons and (2) the software-based processing of measurements during the transmission. Quantum key distribution (QKD), e.g., transmits material for establishing a shared crypto key in this way. The key material is encoded into the particles in a way that leakage can be detected and mitigated via so-called privacy amplification. In this article, we investigate the role of the software implementation for the security of quantum cryptography. More concretely, we quantify the security of QKD software against cache side channels and show how to integrate cache-side-channel mitigation with the privacy amplification in QKD. We evaluate our approach at one variant of a QKD software that is in practical use. During our evaluation, we detect a cache-side-channel vulnerability, for which we develop a parametric mitigation that combines privacy amplification and program rewriting. We propose a cost model for the combined mitigation, which allows one to optimize the interaction between privacy amplification and program rewriting for the mitigation.