Vadim Makarov

Hao Qin, Rupesh Kumar, Vadim Makarov et al.

We propose an efficient strategy to attack a continuous-variable quantum key distribution (CV-QKD) system, that we call homodyne detector blinding. This attack strategy takes advantage of a generic vulnerability of homodyne receivers: a bright light pulse sent on the signal port can lead to a saturation of the detector electronics. While detector saturation has already been proposed to attack CV-QKD, the attack we study in this paper has the additional advantage of not requiring an eavesdropper to be phase locked with the homodyne receiver. We show that under certain conditions, an attacker can use a simple laser, incoherent with the homodyne receiver, to generate bright pulses and bias the excess noise to arbitrary small values, fully comprising CV-QKD security. These results highlight the feasibility and the impact of the detector blinding attack. We finally discuss how to design countermeasures in order to protect against this attack.

Shihan Sajeed, Igor Radchenko, Sarah Kaiser et al.

The security of quantum communication using a weak coherent source requires an accurate knowledge of the source's mean photon number. Finite calibration precision or an active manipulation by an attacker may cause the actual emitted photon number to deviate from the known value. We model effects of this deviation on the security of three quantum communication protocols: the Bennett-Brassard 1984 (BB84) quantum key distribution (QKD) protocol without decoy states, Scarani-Acin-Ribordy-Gisin 2004 (SARG04) QKD protocol, and a coin-tossing protocol. For QKD, we model both a strong attack using technology possible in principle, and a realistic attack bounded by today's technology. To maintain the mean photon number in two-way systems, such as plug-and-play and relativistic quantum cryptography schemes, bright pulse energy incoming from the communication channel must be monitored. Implementation of a monitoring detector has largely been ignored so far, except for ID Quantique's commercial QKD system Clavis2. We scrutinize this implementation for security problems, and show that designing a hack-proof pulse-energy-measuring detector is far from trivial. Indeed the first implementation has three serious flaws confirmed experimentally, each of which may be exploited in a cleverly constructed Trojan-horse attack. We discuss requirements for a loophole-free implementation of the monitoring detector.