Preventing Calibration Attacks on the Local Oscillator in Continuous-Variable Quantum Key Distribution

TL;DR

This paper identifies a security loophole in continuous-variable quantum key distribution caused by local oscillator calibration manipulation, demonstrating an attack that biases shot noise estimation and proposing countermeasures.

Contribution

The paper introduces an experimental attack on local oscillator calibration in CV-QKD systems and discusses methods to prevent such calibration-based security breaches.

Findings

The attack successfully biases shot noise estimation.

Manipulating local oscillator pulses enables intercept-resend attacks.

Countermeasures can mitigate the calibration loophole.

Abstract

Establishing an information-theoretic secret key between two parties using a quantum key distribution (QKD) system is only possible when an accurate characterization of the quantum channel and proper device calibration routines are combined. Indeed, security loopholes due to inappropriate calibration routines have been shown for discrete-variable QKD. Here, we propose and provide experimental evidence of an attack targeting the local oscillator calibration routine of a continuous-variable QKD system. The attack consists in manipulating the classical local oscillator pulses during the QKD run in order to modify the clock pulses used at the detection stage. This allows the eavesdropper to bias the shot noise estimation usually performed using a calibrated relationship. This loophole can be used to perform successfully an intercept-resend attack. We characterize the loophole and suggest possible countermeasures.