Quantum hacking: saturation attack on practical continuous-variable quantum key distribution

TL;DR

This paper reveals a new security vulnerability in continuous-variable quantum key distribution caused by detector saturation, demonstrating how an attacker can bias parameter estimation and compromise security, and proposes counter-measures to mitigate this risk.

Contribution

The authors identify a saturation-based side-channel attack on CV-QKD and propose a practical counter-measure using Gaussian post-selection to preserve security.

Findings

The saturation attack can bias excess noise estimation beyond the null key threshold.

The attack is effective for channel attenuations greater than approximately 6 dB.

Gaussian post-selection can mitigate the attack and help distill secret keys.

Abstract

We identify and study a new security loophole in continuous-variable quantum key distribution (CV-QKD) implementations, related to the imperfect linearity of the homodyne detector. By exploiting this loophole, we propose an active side-channel attack on the Gaussian-modulated coherent state CV-QKD protocol combining an intercept-resend attack with an induced saturation of the homodyne detection on the receiver side (Bob). We show that an attacker can bias the excess noise estimation by displacing the quadratures of the coherent states received by Bob. We propose a saturation model that matches experimental measurements on the homodyne detection and use this model to study the impact of the saturation attack on parameter estimation in CV-QKD.We demonstrate that this attack can bias the excess noise estimation beyond the null key threshold for any system parameter, thus leading to a full security break. If we consider an additional criteria imposing that the channel transmission estimation should not be affected by the attack, then the saturation attack can only be launched if the attenuation on the quantum channel is sufficient, corresponding to attenuations larger than approximately 6 dB. We moreover discuss the possible counter-measures against the saturation attack and propose a new counter- measure based on Gaussian post-selection that can be implemented by classical post-processing and may allow to distill secret key when the raw measurement data is partly saturated.