Hao Qin, Telecom ParisTech
We report a quantum hacking strategy on a Continuous-Variable (CV) Quantum Key Distribution (QKD) system by inserting an external light. In the implementations of CV QKD systems, transmitting openly local oscillator pulses is a potential vulnerability for an eavesdropper to launch side channel attacks. In this work, other than targeting on local oscillator, we concern two imperfections in a balanced homodyne detector used in CV QKD system: the imbalance in the beam splitter and the finite linear detection limit. Inspired by blinding attack in discrete-variable QKD, we formalize an attack strategy by inserting an external laser into a CV QKD system with Gaussian-modulated coherent state protocol and show that this attack can compromise its practical security. According to our analysis, if one inserts an external laser into homodyne detector’s signal port, due to the imbalance of the beam splitter, the external laser contributes a displacement on homodyne output signal which can cause detector electronics saturation. In consequence, Bob’s quadrature measurement is not linear with the quadrature sent by Alice. By considering such vulnerability, a potential Eve can launch a full intercept-resend attack meanwhile she inserts an external laser into Bob’s signal port. By selecting proper properties of the external laser, Eve actively controls the induced displacement value from the inserted laser which results saturation of homodyne detection. In consequence, Eve can bias the excess noise estimation due to the intercept-resend attack and the external laser, such that Alice and Bob believe their excess noise estimation is below the null key threshold and they can still share a secret key. This attack shows that the detector loopholes also exist in CV QKD, and it seems influence all the CV QKD systems using homodyne detections, since all the practical detectors have finite detection range.