Quantifying the Upper Limit of Backflash Attack in Quantum Key Distribution

TL;DR

This paper investigates the maximum potential of backflash attacks on quantum key distribution systems, combining experimental demonstration and theoretical analysis to assess security vulnerabilities and quantify information leakage.

Contribution

It introduces a comprehensive framework to quantify the maximum distinguishability of backflash photons, providing a practical assessment of QKD system security against passive side-channel attacks.

Findings

Eve can extract up to 95.7% of information from backflash photons.

Backflash attack has limited ability to distinguish quantum states.

The study offers a methodology to evaluate QKD security vulnerabilities.

Abstract

Quantum key distribution (QKD) provides information-theoretic security grounded in the fundamental laws of physics. Nevertheless, practical imperfections can introduce side channels that expose QKD systems to quantum hacking, especially passive attacks that are inherently difficult to detect. In this study, we experimentally and theoretically investigate the upper limit of the backflash attack-a representative passive side-channel threat. Using a fully equipped fiber-based QKD receiver, we demonstrate the feasibility of the attack and reveal its limited capability in distinguishing quantum states. We further develop a theoretical framework to quantify the maximum distinguishability achievable by an eavesdropper, taking into account the broadband spectral nature of backflash photons. The analysis shows that Eve can extract effective key information from at most 95.7% of the backflash photons. Based on these findings, we evaluate the secure key rate of a decoy-state BB84 QKD system under backflash attack. Our results provide a quantitative assessment of the vulnerability of QKD systems to backflash emissions and offer a general methodology to evaluate the practical security of QKD systems.