Quantum man-in-the-middle attack on the calibration process of quantum key distribution

TL;DR

This paper reveals a quantum man-in-the-middle attack on the calibration process of QKD systems, demonstrating how it can induce detector efficiency mismatches and compromise security, and proposes countermeasures to mitigate this risk.

Contribution

It introduces a novel attack exploiting calibration vulnerabilities in QKD, highlighting a previously underappreciated security risk and suggesting effective countermeasures.

Findings

Calibration process can be exploited to induce detector mismatches.

The attack can compromise the security of BB84 QKD systems.

Countermeasures can effectively mitigate the security risk.

Abstract

Quantum key distribution (QKD) protocol has been proved to provide unconditionally secure key between two remote legitimate users in theory. Key distribution signals are transmitted in a quantum channel which is established by the calibration process to meet the requirement of high count rate and low error rate. All QKD security proofs implicitly assume that the quantum channel has been established securely. However, the eavesdropper may attack the calibration process to break the security assumption of QKD and provide precondition to steal information about the final key successfully. Inspired by N. Jain et al., Phys. Rev. Lett.107,110501(2011), we reveal the security risk of the calibration process of a passive-basis-choice BB84 QKD system by launching a quantum man-in-the-middle attack which intercepts all calibration signals and resends faked ones. Large temporal bit-dependent or basis-dependent detector efficiency mismatch can be induced. Then we propose a basis-dependent detector efficiency mismatch (BEM) based faked states attack on a single photon BB84 QKD to stress the threat of BEM. Moreover, the security of single photon QKD systems with BEM is studied simply and intuitively. Two effective countermeasures are suggested to remove the general security risk of the calibration process.