One-Pixel Attack for Continuous-Variable Quantum Key Distribution Systems

Abstract

Deep neural networks (DNNs) have been employed in continuous-variable quantum key distribution (CV-QKD) systems as attacking detection portions of defense countermeasures. However, the vulnerability of DNNs leaves security loopholes for hacking attacks, for example, adversarial attacks. In this paper, we propose to implement the one-pixel attack in CV-QKD attack detection networks and accomplish the misclassification on a minimum perturbation. This approach is based on the differential evolution, which makes our attack algorithm fool multiple DNNs with the minimal inner information of target networks. The simulation and experimental results show that, in four different CV-QKD detection networks, 52.8%, 26.4%, 21.2%, and 23.8% of the input data can be perturbed to another class by modifying just one feature, the same as one pixel for an image. We carry out this success rate in the context of the original accuracy reaching up to nearly 99% on average. Further, by enlarging the number of perturbed features, the success rate can be raised to a satisfactory higher level of about 80%. According to our experimental results, most of the CV-QKD detection networks can be deceived by launching one-pixel attacks.