Papers
Topics
Authors
Recent
Search
2000 character limit reached

Photon-Number-Splitting Attacks in QKD

Updated 29 May 2026
  • Photon-number-splitting attacks are quantum hacking strategies that exploit multiphoton emissions in QKD systems to stealthily extract key information.
  • They employ QND measurements and selective photon splitting to preserve expected detection statistics, thereby bypassing conventional error-checking mechanisms.
  • Countermeasures such as decoy-state protocols and advanced statistical monitoring are developed to detect and mitigate these attacks in practical QKD implementations.

A photon-number-splitting (PNS) attack is a class of quantum hacking strategies targeting quantum key distribution (QKD) systems that employ multiphoton sources, most notably weak-coherent-pulse (WCP) or spontaneous-parametric-down-conversion sources. By exploiting nonzero probabilities of two- or multi-photon emissions and leveraging quantum non-demolition (QND) measurements of photon number, an eavesdropper (Eve) can extract key information with high or perfect fidelity while introducing zero or negligible errors in the quantum channel, thereby circumventing traditional error-rate-based intrusion detection. PNS attacks and their variants set fundamental security constraints for practical QKD with imperfect photonic sources, shaping protocol design, parameter optimization, monitoring strategies, and hardware specifications.

1. The Physics and Mode of Operation of Photon-Number-Splitting Attacks

PNS attacks exploit the non-ideal nature of single-photon sources. In most implementations, Alice transmits optical pulses whose photon-number statistics follow a Poisson distribution with mean μ\mu:

P(n)=e−μμnn!,n=0, 1, 2,…P(n) = e^{-\mu} \frac{\mu^n}{n!}, \quad n = 0,\,1,\,2,\ldots

A nonzero probability exists for multiphoton pulses, Pmulti=1−e−μ(1+μ)P_{multi} = 1 - e^{-\mu}(1+\mu) (Sharma et al., 2023), even for attenuated sources.

The canonical PNS attack proceeds as follows:

  • Eve performs a QND measurement of nn on each outgoing pulse.
  • If n=0n = 0, Eve does nothing. For n=1n = 1, she may block or pass depending on the attack variant. For n≥2n \geq 2, she splits off one or more photons (retaining them in quantum memory) and forwards the remaining photons to Bob over a lossless channel, preserving Bob's expected detection statistics (Yuen, 2012, Datta, 30 Jan 2025).
  • After public basis reconciliation, Eve measures her retained photons in the correct basis, perfectly extracting the raw key bits encoded in the multiphoton pulses.

The attack leverages the fact that quantum coherence and photon polarization/basis remain undisturbed; bit-error rates (QBER) do not increase, making such attacks fundamentally stealthy against error-checking-based countermeasures (Al-kuwari et al., 16 Sep 2025).

PNS attacks also generalize to scenarios where Eve probabilistically blocks single-photon pulses to match the overall channel transmittance ("original PNS"), splits off variable photon numbers ("specific PNS" or SPNS), or correlates the manipulation across successive pulses for stronger statistical covertness (Somma et al., 2013, Yuen, 2012).

2. Impact on Key Rate and Explicit Leakage Formulas

PNS attacks compromise security by leaking a fraction φ\varphi of the sifted key that depends exclusively on source photon statistics, not on the channel loss or detector technology. For Poissonian sources:

  • Probability that Eve obtains photons from a pulse: pm=1−e−μ(1+μ)p_m = 1 - e^{-\mu}(1 + \mu).
  • Total sifted key detection probability: RB=η(p1+pm)R_B = \eta (p_1 + p_m), with P(n)=e−μμnn!,n=0, 1, 2,…P(n) = e^{-\mu} \frac{\mu^n}{n!}, \quad n = 0,\,1,\,2,\ldots0 the total transmittance.
  • Fraction of sifted key bits leaked: P(n)=e−μμnn!,n=0, 1, 2,…P(n) = e^{-\mu} \frac{\mu^n}{n!}, \quad n = 0,\,1,\,2,\ldots1 (Yuen, 2012).

For typical values (e.g., NEC QKD system with P(n)=e−μμnn!,n=0, 1, 2,…P(n) = e^{-\mu} \frac{\mu^n}{n!}, \quad n = 0,\,1,\,2,\ldots2, P(n)=e−μμnn!,n=0, 1, 2,…P(n) = e^{-\mu} \frac{\mu^n}{n!}, \quad n = 0,\,1,\,2,\ldots3, P(n)=e−μμnn!,n=0, 1, 2,…P(n) = e^{-\mu} \frac{\mu^n}{n!}, \quad n = 0,\,1,\,2,\ldots4), P(n)=e−μμnn!,n=0, 1, 2,…P(n) = e^{-\mu} \frac{\mu^n}{n!}, \quad n = 0,\,1,\,2,\ldots5--P(n)=e−μμnn!,n=0, 1, 2,…P(n) = e^{-\mu} \frac{\mu^n}{n!}, \quad n = 0,\,1,\,2,\ldots6% depending on channel loss, a value not captured in standard privacy amplification when relying on naive or incomplete models (Yuen, 2012).

A critical consequence is that the information leakage is decoupled from P(n)=e−μμnn!,n=0, 1, 2,…P(n) = e^{-\mu} \frac{\mu^n}{n!}, \quad n = 0,\,1,\,2,\ldots7 in high-loss regimes—Eve can extract a constant fraction of the key regardless of channel transmittance, as her action reproduces the exact output expected from lossy propagation.

3. Detection and Countermeasures: Decoy-State Protocols and Statistical Monitoring

The primary defense against PNS attacks is the decoy-state protocol, in which Alice varies the source intensity (P(n)=e−μμnn!,n=0, 1, 2,…P(n) = e^{-\mu} \frac{\mu^n}{n!}, \quad n = 0,\,1,\,2,\ldots8) on a pulse-by-pulse basis (signal, decoy, and vacuum pulses) and compares the resultant detection statistics (Mailloux et al., 2016, Datta, 30 Jan 2025, Sushchev et al., 21 Jul 2025). Since Eve cannot distinguish between signal and decoy pulses apart from their photon number, any manipulation that targets multiphoton pulses (or blocks single photons) will induce detectable anomalies in the conditional yields P(n)=e−μμnn!,n=0, 1, 2,…P(n) = e^{-\mu} \frac{\mu^n}{n!}, \quad n = 0,\,1,\,2,\ldots9.

Key rate and parameter estimation with decoy states proceeds by bounding the single-photon yield Pmulti=1−e−μ(1+μ)P_{multi} = 1 - e^{-\mu}(1+\mu)0 and its error rate Pmulti=1−e−μ(1+μ)P_{multi} = 1 - e^{-\mu}(1+\mu)1:

Pmulti=1−e−μ(1+μ)P_{multi} = 1 - e^{-\mu}(1+\mu)2

Pmulti=1−e−μ(1+μ)P_{multi} = 1 - e^{-\mu}(1+\mu)3

where Pmulti=1−e−μ(1+μ)P_{multi} = 1 - e^{-\mu}(1+\mu)4 is the observed gain at intensity Pmulti=1−e−μ(1+μ)P_{multi} = 1 - e^{-\mu}(1+\mu)5, Pmulti=1−e−μ(1+μ)P_{multi} = 1 - e^{-\mu}(1+\mu)6 the QBER, and Pmulti=1−e−μ(1+μ)P_{multi} = 1 - e^{-\mu}(1+\mu)7 the dark count rate (Mailloux et al., 2016, Datta, 30 Jan 2025). The asymptotic key rate is then

Pmulti=1−e−μ(1+μ)P_{multi} = 1 - e^{-\mu}(1+\mu)8

where Pmulti=1−e−μ(1+μ)P_{multi} = 1 - e^{-\mu}(1+\mu)9 is the binary entropy function, nn0 the protocol factor, and nn1 the error correction inefficiency.

Well-calibrated decoy state QKD can detect PNS attacks with high confidence (statistical significance nn2 per block), provided large enough sample sizes, precise knowledge of source mean photon numbers, and periodic calibration (Mailloux et al., 2016, Datta, 30 Jan 2025).

Nevertheless, there exist generalizations (e.g., Bayesian/SPNS or correlated attacks) where Eve can match all observable detection statistics across signal and decoy pulses, rendering the decoy-state method insufficient unless the analysis is extended to handle non-IID, correlated eavesdropping strategies (Somma et al., 2013).

4. Experimental and Protocol Design Implications

Experimental validation necessitates accurate determination of source photon statistics nn3 and nn4, ideally via multi-detector coincidence methods rather than simple single-detector counting, since ordinary threshold detectors underestimate nn5 for multiphoton pulses (Sharma et al., 2023).

Intensity fluctuations in the source must be quantified and incorporated into the security analysis, as drifting source parameters can both impact key rates and open new vulnerabilities (Sharma et al., 2023).

Advanced protocols introduce additional defenses:

  • Passive decoy-state schemes using photon-number-resolving detectors on Alice's side enable statistical separation of multi-photon and single-photon events, thwarting PNS attempts directly at the source (Krapick et al., 2014).
  • Second-order correlation (nn6) monitoring protocols detect the nonlinearity induced by PNS, as nn7 remains unchanged under linear loss but is modified by PNS attacks (Cholsuk et al., 10 Oct 2025).
  • Entanglement-enhanced BB84 leverages the noncommutativity of photon number and phase, enabling Bob to detect QND attacks (such as PNS) with very low sample complexity via hypothesis testing on interference statistics (Sabottke et al., 2011).

5. Vulnerabilities, Hybrid and Advanced Attacks

Vulnerabilities persist in practice if the source can be externally manipulated. For example, laser damage attacks can irreversibly increase the mean photon number of Alice's pulses, pushing them outside the safe regime for decoy-state analysis (Sushchev et al., 21 Jul 2025). When nn8 and nn9 are increased sufficiently by Eve, she can implement unambiguous state discrimination (USD) intercept-resend attacks that mimic all protocol statistics while obtaining full key information; these attacks evade detection once a critical threshold in mean photon number increase is reached (often 10--20 dB) (Sushchev et al., 21 Jul 2025, Sajeed et al., 2014).

Security also depends critically on the accuracy and real-time monitoring of the mean photon number. Pulse-energy-monitoring detectors must be carefully engineered to avoid saturation, bandwidth, or triggering loopholes that can be exploited for PNS or related attacks (Sajeed et al., 2014).

Sifting-less and reverse-reconciliation protocols can improve PNS resilience by altering classical post-processing, extracting more secret key from multiphoton pulses and providing key-rate scaling closer to the single-photon ideal, particularly when combined with decoy-state procedures (Grazioso et al., 2013).

6. Detection Techniques and Modern Enhancements

Detection of PNS attacks now employs both traditional statistical hypothesis testing and quantum/classical machine learning. Hybrid quantum LSTM models have been demonstrated to identify PNS attacks with superior accuracy (F1-score n=0n = 00), outperforming classical LSTM and CNN methods, by more sensitively detecting complex correlations in time-series quantum security metrics—QBER, detection rates, entropy, and loss rates—characteristic of PNS (Al-kuwari et al., 16 Sep 2025).

For sources with very small multiphoton components, new decoy-like protocols validate the invariance of intrinsic statistical parameters (e.g., n=0n = 01) and permit secure key extraction from both one- and two-photon events, achieving high performance even under high-loss regimes or with less-than-ideal single-photon sources (Cholsuk et al., 10 Oct 2025).

7. Future Directions and Ongoing Challenges

The foundational vulnerability of PNS attacks underscores the necessity for hardware and protocol-level measures: high-purity single-photon sources, real-time intensity and correlation monitoring, robust attenuation control, and attack-aware post-processing. Security proofs must explicitly encompass all variants of PNS and related attacks that reproduce legitimate receiver statistics; relying on narrow classes of attacks is insufficient for unconditional security (Yuen, 2012, Somma et al., 2013).

Ongoing research targets composable security models incorporating correlated attacks, real-world device imperfections, fluctuating source statistics, and hybrid quantum-classical detection. There is continued impetus for the development and standardization of robust pulse-energy monitors, certification procedures, and multi-metric real-time intrusion detection leveraging advanced quantum information and machine learning techniques.

In sum, photon-number-splitting attacks define a central axis of practical QKD security research, driving advances in photonic source characterization, protocol architecture, attack detection, and composable security analysis. Their study illuminates not only the technical subtleties of quantum hacking, but also the critical convergence of quantum optics, information theory, and cryptographic protocol engineering.


Representative Security and Performance Table

Protocol/Detection Scheme PNS Detection Capability Key Rate Impact Critical Experimental/Design Note
Standard BB84 (WCP, no decoy) None Severe All multiphoton bits leak under attack
Decoy-State BB84 Detectable (IID only) Optimal if n=0n = 02 tightly bounded Requires accurate intensity knowledge, honest device
Decoy-State, Correlated PNS Limited Key rate can degrade Requires extended statistical analysis
Passive Decoy (PNR-Resolved) High Near-ideal On-chip source characterization, photon-resolving needed
n=0n = 03-monitored protocols High Salvages n=2 Two-photon coincidence monitoring, high rates in high loss
EE-BB84 (phase-number) High (direct) Near-ideal Ancilla monitoring, low dephasing essential
QML-Based Real-Time Detection High N/A QLSTM models, 9+ quantum security metrics, rapid learning

This tabulation summarizes the detection strengths and practical implications for selected protocol classes and detection methods, consolidated from (Mailloux et al., 2016, Somma et al., 2013, Krapick et al., 2014, Cholsuk et al., 10 Oct 2025, Sabottke et al., 2011, Al-kuwari et al., 16 Sep 2025).


Principal References:

(Yuen, 2012, Mailloux et al., 2016, Sharma et al., 2023, Datta, 30 Jan 2025, Grazioso et al., 2013, Somma et al., 2013, Krapick et al., 2014, Sabottke et al., 2011, Cholsuk et al., 10 Oct 2025, Sajeed et al., 2014, Sushchev et al., 21 Jul 2025, Al-kuwari et al., 16 Sep 2025)

Topic to Video (Beta)

No one has generated a video about this topic yet.

Whiteboard

No one has generated a whiteboard explanation for this topic yet.

Follow Topic

Get notified by email when new papers are published related to Photon-Number-Splitting Attacks.