Homodyne-detector-blinding attack in continuous-variable quantum key distribution

TL;DR

This paper introduces a homodyne detector blinding attack on CV-QKD systems, exploiting detector saturation with incoherent bright pulses, which can compromise security without requiring phase locking, and discusses potential countermeasures.

Contribution

It presents a new, practical attack method on CV-QKD detectors that does not need phase locking, highlighting a significant security vulnerability and proposing countermeasures.

Findings

The attack can bias excess noise to conceal eavesdropping.

It does not require phase locking between attacker and receiver.

The attack demonstrates a feasible security breach in CV-QKD systems.

Abstract

We propose an efficient strategy to attack a continuous-variable quantum key distribution (CV-QKD) system, that we call homodyne detector blinding. This attack strategy takes advantage of a generic vulnerability of homodyne receivers: a bright light pulse sent on the signal port can lead to a saturation of the detector electronics. While detector saturation has already been proposed to attack CV-QKD, the attack we study in this paper has the additional advantage of not requiring an eavesdropper to be phase locked with the homodyne receiver. We show that under certain conditions, an attacker can use a simple laser, incoherent with the homodyne receiver, to generate bright pulses and bias the excess noise to arbitrary small values, fully comprising CV-QKD security. These results highlight the feasibility and the impact of the detector blinding attack. We finally discuss how to design countermeasures in order to protect against this attack.