Experimental vulnerability analysis of QKD based on attack ratings

TL;DR

This paper applies attack ratings to evaluate the vulnerability of continuous-variable quantum key distribution (CV-QKD) systems, demonstrating how different attack strategies impact security and guiding practical system design.

Contribution

It introduces a methodology for using attack ratings in QKD security assessment and experimentally compares two saturation attack strategies on CV-QKD systems.

Findings

High attack rating for saturation via large coherent displacement.

Low attack rating for external laser saturation, indicating a primary threat.

Combining attack ratings with security analysis improves practical QKD system design.

Abstract

Inspired by the methodology used for classical cryptographic hardware, we consider the use of attack ratings in the context of QKD security evaluation. To illustrate the relevance of this approach, we conduct an experimental vulnerability assessment of CV-QKD against saturation attacks, for two different attack strategies. The first strategy relies on inducing detector saturation by performing a large coherent displacement. This strategy is experimentally challenging and therefore translates into a high attack rating. We also propose and experimentally demonstrate a second attack strategy that simply consists in saturating the detector with an external laser. The low rating we obtain indicates that this attack constitutes a primary threat for practical CV-QKD systems. These results highlight the benefits of combining theoretical security considerations with vulnerability analysis based on attack ratings, in order to guide the design and engineering of practical QKD systems towards the highest possible security standards.