Zihao Chen

Quantum key distribution (QKD) protocol has been proven to be informationally-theoretical security. Unfortunately, due to device imperfections in practice, QKD systems have exposed various vulnerabilities that are exploited by an eavesdropper to conduct quantum hackings, such as laser-seeding attacks, blinding attacks, etc. Most of these attacks currently remain only at the stage of possibility verification or white-box testing. In this paper, we propose and implemented plug-and-play attack on a QKD system as a black box, whose interface and access for the public are the only known information. Through this attack, we actively modified the gate positions and synchronization parameters of the QKD system during the calibration procedure, allowing the attack operate during the whole lifetime of the system running without being noticed. Furthermore, the implemented hacking system only connects to the quantum channel but has no access to the inside of QKD engine, which takes minutes to optimize the hacking parameters to start the eavesdropping. This work illustrates Eve's capability to successfully eavesdrop on keys from QKD systems under current conditions in a more intuitive and concrete way.

High-speed quantum key distribution (QKD) systems have achieved repetition frequencies above gigahertz through advanced technologies and devices, laying an important foundation for the deployment of high-key-rate QKD system. However, these advancements may introduce unknown security loopholes into the QKD system. For an eavesdropper Eve, it is challenging to exploit these security loopholes performing the intercept-and-resend attacks due to the limited time window under the high repetition frequency. Here, we propose a muted attack that does not require intercept-and-resend operation, which is applicable to high-speed QKD systems. By exploiting the security loophole of the width discriminator on the single photon avalanche detector (SPAD), Eve can control whether Bob’s detector is capable of receiving photons from Alice, allowing her to learn nearly all the keys. Additionally, we verified through experimental tests that Eve only needs to match the period of the hacking pulse with the dead time of the SPAD and ensure that each pulse contains hundreds of photons. This study reveals the security loopholes introduced by the state-of-the-art devices in high-speed QKD systems.