Saturation Attack on Continuous-Variable Quantum Key Distribution System

Introduction Quantum key distribution (QKD) [1] enables two remote parties Alice and Bob to share common secure keys which are unknown to a potential eavesdropper. Unconditional security of QKD is based on the fundamental laws of quantum mechanics, but in reality, securities of practical QKD systems could be jeopardized by physical implementations. In discretevariable (DV) QKD system, due to devices imperfections, various quantum hacking strategies have been proposed and some of them are demonstrated in experiments [2–4]. Most of the practical attacks that have been demonstrated up to now are targeting the detection part of the QKD systems. Continuous-variable (CV) QKD, as another approach, is proven secure against collective attacks and recent works have shown progress in proving its security against arbitrary attacks [5]. However, practical CV QKD systems also face the security problems linked to imperfect implementations. The validity of security proofs relies on assumptions that may be violated in practical setup, opening loopholes that may be exploited by Eve to mount attacks. For example direct [6] or indirect [7] manipulation of local oscillator (LO) intensity can fully compromise the security. This imposes to monitor LO intensity and to use filters to forbid wavelength-dependent LO intensity manipulations. In this work, we have identified a new loophole and shown that it can be used to attack a practical CV QKD system implementing Gaussian-modulated coherent state (GMCS) protocol [8]. Instead of attacking LO, we aim at the homodyne detection located on Bob side, specifically, the electronics of the homodyne detection. We propose an attack consisting in a full interceptresend attack [9] combined with the exploitation of the nonlinear response of homodyne detection, namely saturation attack. Under this saturation attack, we can show that Eve can manipulate the measurement results on Bob’s side and get information without being discovered. Importantly, our attack is practical that can be realistically launched against existing implementations.