Quantum hacking: Saturation attack on practical continuous-variable quantum key distribution

Abstract

We identify and study a new security loophole in continuous-variable quantum key distribution (CV-QKD) implementations, related to the imperfect linearity of the homodyne detector. By exploiting this loophole, we propose an active side-channel attack on the Gaussian-modulated coherent state CV-QKD protocol combining an intercept-resend attack with an induced saturation of the homodyne detection on the receiver side (Bob). We show that an attacker can bias the excess noise estimation by displacing the quadratures of the coherent states received by Bob. We propose a saturation model that matches experimental measurements on the homodyne detection and use this model to study the impact of the saturation attack on parameter estimation in CV-QKD.We demonstrate that this attack can bias the excess noise estimation beyond the null key threshold for any system parameter, thus leading to a full security break. If we consider an additional criteria imposing that the channel transmission estimation should not be affected by the attack, then the saturation attack can only be launched if the attenuation on the quantum channel is sufficient, corresponding to attenuations larger than approximately 6 dB. We moreover discuss the possible counter-measures against the saturation attack and propose a new counter- measure based on Gaussian post-selection that can be implemented by classical post-processing and may allow to distill secret key when the raw measurement data is partly saturated.