Laser seeding attack in quantum key distribution (1902.09792v3)

Abstract: Quantum key distribution (QKD) based on the laws of quantum physics allows the secure distribution of secret keys over an insecure channel. Unfortunately, imperfect implementations of QKD compromise its information-theoretical security. Measurement-device-independent quantum key distribution (MDI-QKD) is a promising approach to remove all side channels from the measurement unit, which is regarded as the "Achilles' heel" of QKD. An essential assumption in MDI-QKD is however that the sources are trusted. Here we experimentally demonstrate that a practical source based on a semiconductor laser diode is vulnerable to a laser seeding attack, in which light injected from the communication line into the laser results in an increase of the intensities of the prepared states. The unnoticed increase of intensity may compromise the security of QKD, as we show theoretically for the prepare-and-measure decoy-state BB84 and MDI-QKD protocols. Our theoretical security analysis is general and can be applied to any vulnerability that increases the intensity of the emitted pulses. Moreover, a laser seeding attack might be launched as well against decoy-state based quantum cryptographic protocols beyond QKD.