† Corresponding author. E-mail:
Project supported by the National Natural Science Foundation of China (Grant Nos. 61605248 and 61505261).
GHz single-photon detector (SPD) is a crucial part in the practical high speed quantum key distribution (QKD) system. However, any imperfections in a practical QKD system may be exploited by an eavesdropper (Eve) to collect information about the key without being discovered. The sine wave gating SPD (SG-SPD) based on InGaAs/InP avalanche photodiode, one kind of practical high speed SPD, may also contain loopholes. In this paper, we study the principle and characteristic of the SG-SPD and find out the filtering loophole of the SG-SPD for the first time. What is more, the proof-of-principle experiment shows that Eve could blind and control Bob’s SG-SPD by exploiting this loophole. We believe that giving enough attention to this loophole can improve the practical security of the existing QKD system.
Quantum key distribution (QKD)[1–4] with high speed has already been put into use in recent years, and the single-photon detector (SPD) plays an important role in the quantum key distribution system,[5–10] but there are many kinds of attacks aimed at the SPD threaten the quantum key distribution system.[11–18] Finding and eliminating loopholes in the single-photon detector is crucial to obtain provable practical security. The sine wave gating single-photon detector (SG-SPD)[19–21] is one kind of high speed single-photon detector based on InGaAs/InP avalanche photodiode (APD), but the research on the security of the sine wave gating single-photon detector is still incomplete. In this paper, we analyze the working principle of the sine wave gating single-photon detector firstly, then we find a filtering loophole of the sine wave gating single-photon detector and propose a kind of attack, which can experimentally blind the sine wave gating single-photon detector in principle. What is more, by adding a controlling laser pulse with suitable light intensity, we can control the response of the sine wave gating single-photon detector. Finally, we discuss the countermeasures of this attack, so as to improve the security of the quantum key distribution system.
The SG-SPD has been investigated for about ten years. Here, we would like to review the operation principle of the SG-SPD. As shown in Fig.
Since the SG-SPD has a simple suppression circuit with excellent performance in noise suppression, it is widely used in high speed QKD systems. In the practical QKD system, the average intensity of incident light arrived at the SG-SPD is very weak. Therefore, the generation of the avalanche signal is random, sudden, and independent, resulting a broadband distribution in spectrum. Thus, the avalanche signal can be extracted by filtering the sine-wave noise based on the BSF and the LPF, which has been mentioned in former section. However, with the incident flux rising, the light pulse with the same frequency of the SG-SPD gating will trigger an avalanche signal in each gating pulse. And the spectrum of the avalanche signal will behave discrete spectral lines, with the gating frequency and its higher harmonics, just like the spectrum of the capacitive noise. Actually, we indeed demonstrate this phenomenon when we test our homemade SG-SPD. As shown in Fig.
So in practical QKD system with SG-SPD, when the incident light reaches to a certain intensity, the output avalanche signal from the APD will become periodic, which will be filtered when passing through the BSF and LPF, with none response to the incident light. In other words, the SG-SPD has be blinded in this situation. Here, we point out that this loophole is introduced directly by the operating principle of the SG-SPD, and we call this loophole the filtering loophole of the SG-SPD.
To confirm our hypothesis about the blind effect of the SG-SPD, we test our homemade SG-SPD shown in Fig.
We can see that, the count rate of the SD-SPD will first increase and then decrease with the increase of the incident flux. Actually, when the incident flux is low, the count rate is proportional to μb, but when μb is larger than 103 photons/pulse, the count rate starts to fall. Specially, when the μb reaches to 106, the count rate is close to dark count rate, which is meet our expectation that the SG-SPD can ba blinded by a bright pulse laser with frequency of 1 GHz, the same as the sine-wave gating. It is no doubt that if μb keeps increasing, the count rate could decrease below the dark count rate.
Since the SG-SPD can be blinded in certain condition, Eve can insert another pulse with low frequency to control Bob’s SG-SPD, then she can get all the secret keys without being discovered by the legitimate parties. As shown in Fig.
In our paper, without loss the generality, we simplify Bob’s equipment and make the blinding pulse and the control pulse enter into the SG-SPD directly, in which the intensity of the blinding pulse is 106 photons/pulse, and the control pulse uses the periodic light pulse with 1-MHz repetition frequency. Then we can gain the count rate of the sine-wave gating SPD by changing the controlling pulse intensity, as shown in Fig.
Since Eve could control the SG-SPD of Bob, she can make an intercept and resent attack just like the conventional gate mode SPD’s blinding attack,[23] which can be realized by the following steps. First, Eve intercepts the pulse on the quantum channel and imitates Bob’s behavior, she demodulates and detects the photons from Alice, then she resends the detection results and controls Bob’s detection events, in which she uses a blinding pulse to blind Bob’s SG-SPDs, and a controlling pulse to control Bob’s SG-SPDs which has already been blinded. Under Eve’s attack, Bob will certainly have a detection event when his active basis choice coincides with that of Eve, otherwise, the detection probability of Bob’s SG-SPDs is only 15%, which decreases the error rate introduced by Eve.
Here we point out that there are some imperfections in our experiment. Firstly, in our theory analysis, when the blinding laser pulse is periodic strictly with very small jitter both in time and amplitude, the avalanche signal could be triggered periodically by increasing of the blinding laser pulse, and the SG-SPD could be blinded completely. However, there is a gap between our existing experimental conditions and the ideal conditions, our blinding laser pulse’s jitter cannot be ignored, which affects our experimental results obviously, resulting in incomplete blinding and controlling of the SG-SPD.
Secondly, in theory, under a blind light with a certain jitter, the count rate of the SG-SPD should be reduce first and then increase with the increasing of the intensity of the blinding pulse, and there is a minimum point of the count rate curve, which could gain the best effect of blinding. Unfortunately, in our experiment, our equipment cannot generate a blinding laser pulse larger than 106 photons/pulse, so we cannot reduce the count rate lower than the dark count rate (see Fig.
In addition, the blinding results are affected by the discrimination level of the avalanche signal, which is closely related to the performance of the SG-SPD. In general, the better the filtering effect is, the lower the discrimination level could be set, then the SG-SPD could distinguish the avalanche signal with a lower amplitude, and resulting in a lower after pulse rate. In this case, the dead time of the SG-SPD could be shorter, and the maximum count rate of the SG-SPD will be higher. However, in order to achieve better blinding effect, we need the avalanche signal to be very periodic, in other words, the standard deviation of the avalanche signal should be much lower than the discrimination level. In a word, the discrimination level is lower, the SG-SPD will be more difficult to be blinded.[24] In our experiment, the discrimination level is only 66 mV to get a higher count rate, with such a low discrimination level, the SG-SPD is relatively difficult to be blinded.
We also point out that the filtering loophole of the SG-SPDs is introduced directly by the working principle of the SG-SPD, and it can even be controlled completely under certain specific parameters. We believe that this loophole is threatening in existing QKD system using SG-SPDs. In order to apply the SG-SPD safely, some countermeasures should be taken, such as photocurrent monitoring or setting parameters more carefully. For example, we can add another APD to monitor part of the laser pulse, in this case, we could observe the change of optical signal, which can discover the potential Eve. What is more, other countermeasures are put up in recent years, such as setting appropriate discrimination level to prevent the SG-SPD from being blinded,[24] using an explicit random number generator to prevent the SG-SPD from being blinded by the bright laser pulse,[25] or using a coupler with asymmetric splitting ratio to monitor the bright light attack.[26] Further, the measurement-device-independent (MDI) QKD attracts a lot of attention now, it can fill the loophole caused by the imperfections of measurement devices especially the SPD,[27–29] maybe years later, MDI-QKD could put into use in practical.
At the end of this paper, let us review our experiment simply. Firstly, we obtain an idea of blinding the SG-SPD from its working principle. Secondly, we observed the blinding effect in the experiment when the blinding pulse with incident photon number μb exceeds 105. And then, we realize the controlling the count rate of Bob’s SG-SPD, which could be exploited by Eve to control Bob’s SG-SPD. Finally, we analyze the imperfections in our experiment and discuss the countermeasures of this loophole in QKD system using the SG-SPD.
[1] | |
[2] | |
[3] | |
[4] | |
[5] | |
[6] | |
[7] | |
[8] | |
[9] | |
[10] | |
[11] | |
[12] | |
[13] | |
[14] | |
[15] | |
[16] | |
[17] | |
[18] | |
[19] | |
[20] | |
[21] | |
[22] | |
[23] | |
[24] | |
[25] | |
[26] | |
[27] | |
[28] | |
[29] |