Trojan-horse attacks threaten the security of practical quantum cryptography

Eve launches a Trojan-horse pulse (THP) into Bob at time ${{t}_{E\to B}}$ chosen so that the onward pulse and/or one of its back-reflections (from some component or interface inside Bob) travel through Bobʼs PM while he is applying a voltage on it. As will be explained below, the back-reflected pulse coming out from Bob onto the quantum channel then carries an imprint of whatever random phase shift ${{\varphi }_{B}}$ had been applied by Bob. The time ${{t}_{E\to B}}$ is of course relative to events inside Bob repeating at ${{f}_{B}}=5\;{\rm MHz}$. To be synchronized to the clock in Bob, Eve may steal a few photons from the bright pulses traveling to Alice using a tap coupler, as shown in figure 1(a). She can extract information such as timing and polarization from the measurement of these photons and use it in the preparation of the THPs.

As illustrated in figure 1(b), Bob comprises of a miscellany of fiber-optical components. This offers several interfaces from where (measurable) back-reflections could arise. Also, due to the asymmetric interferometer, there may be two different paths traversable in either directions, i.e., for the arrival of the THP into Bob, and departure of a given reflection to the quantum channel. In essence, for a single THP sent into Bob, multiple reflections varying in time and amplitude can be expected. By means of repetitive measurements, a reflection-map for Bob—temporal distribution of the back-reflection levels—can be constructed. This is a task perhaps best suited for an optical time domain reflectometry (OTDR) device [28]. We obtained OTDR traces, or reflection-maps for Bob, for three different wavelengths: 806, 1310 and 1550 nm. Figure 2 illustrates two of them; the traces for $1310$ and $1550\;{\rm nm}$ were found to be quite similar. Due to the polarizing beamsplitter at Bobʼs entrance (the PBS in the PBS-BS-C assembly), most of the reflection levels depend greatly on the polarization of the probe light. This polarization was set to maximize the reflection from the closest connector of the PM (see star-like shape). As indicated, the back-reflected pulse would exit Bob around 43 ns after the arrival of the THP into Bob; ${{t}_{B\to E}}-{{t}_{E\to B}}\sim 43$ ns. The corresponding back-reflection level is around $-57\;{\rm dB}$. By sending a THP, say with a mean photon number ${{\mu }_{E\to B}}=2\times {{10}^{6}}$, Eve would get a back-reflection ${{\mu }_{B\to E}}\approx 4.0$, i.e., with just four photons on average.

Zoom In Zoom Out Reset image size

Per se, any physical property in the back-reflected pulse that provides a clue of Bobʼs modulation suffices, and governs Eveʼs measurement technique. If Eve uses a coherent laser operating at wavelength ${{\lambda }_{E}}$ to prepare the THP, the state of light in the back-reflected pulse can be approximated by a weak coherent state $\left| \alpha \right\rangle$. The phase ${{\varphi }_{E}}$ of this state (relative to a reference) depends on ${{\lambda }_{E}}$, e.g., if ${{\lambda }_{E}}={{\lambda }_{AB}}\sim 1550$ nm, and Eve launches the THP so that both the onward and back-reflected pulse make a pass through the PM while it is active, then ${{\varphi }_{E}}\cong 2{{\varphi }_{B}}=0$ or $\pi$. The objective then simplifies to discriminating between two weak coherent states having the same amplitude $|\alpha |$ but opposite phase, which can succeed with a probability $1-{{{\rm e}}^{-|\alpha {{|}^{2}}}}$ at most (which is the probability that the state $\left| \pm \alpha \right\rangle$ is not projected onto the vacuum state). Assuming the aforementioned case with $|\alpha {{|}^{2}}\equiv {{\mu }_{B\to E}}\approx 4.0$, the maximal success probability is $98.2\%$. The phase reference to probe whether ${{\varphi }_{E}}=0$ or π may either be a bright local oscillator of a homodyne detector, or an attenuated coherent state (the same level as ${{\mu }_{B\to E}}$) and a pair of single-photon detectors.

Raising ${{\mu }_{E\to B}}$ would yield more photons for the measurement, allowing for a better phase discrimination, but how do these bright pulses affect the other components in the QKD system in general? An oddly-behaving component is a signature that could lead to Eveʼs discovery, so this issue is quite central to the success of Eveʼs attack.

Bob uses a pair of single-photon avalanche diodes (SPADs) operated in gated mode⁵ to detect the legitimate photonic qubits from Alice. Eveʼs bright pulses, even if timed to arrive outside the detection gate, tend to populate carrier traps [7, 29] in the SPAD. This ensues in an afterpulsing effect: traps exponentially decay by releasing charge carriers that may stimulate avalanches of current, or afterpulses, in the onward gates. These afterpulses increase the dark count rate, i.e., result in a higher number of false clicks in the SPADs. Due to this, the quantum bit error rate (QBER) incurred by Alice and Bob at the conclusion of the key exchange will naturally be higher. Eveʼs objective is to make sure that the QBER does not cross the 'abort threshold' (e.g., around 8% in Clavis2 [8]) as that would fail her eavesdropping attempt. Moreover, as characterized in the so called after-gate attack [7], if the brightness ${{\mu }_{E\to B}}$ exceeds a certain threshold, then for a THP arriving a few ns after the gate, the SPAD may register a click with high probability for that particular slot. Since Eve wants to merely read the state of the PM via a THP, she must constrain the brightness of this pulse to avoid an undesired click in Bobʼs SPADs in the attacked slot. This imposes an upper limit on ${{\mu }_{E\to B}}$, which is $\sim 2\times {{10}^{6}}$ for our system [7].

Since the afterpulsing is strongly dependent on the brightness ${{\mu }_{E\to B}}$, Eve would like to attack with the dimmest-possible THPs. The lower limit is mainly decided by the success probability in discerning Bobʼs modulation as ${{\mu }_{B\to E}}$ falls in the few-photon regime. Reducing the frequency of attack ${{f}_{E{\rm att}}}$ also decreases afterpulses but implies that Eve probes only a fraction of the slots: she can then obtain only a partial knowledge of the raw key. This must therefore be high enough to ensure a positive leakage of information at the end of the protocol, i.e., after Alice and Bob have distilled the secret key by estimating Eveʼs information and destroying it by means of privacy amplification.

The properties of most optical components, such as attenuation through fibers or back-reflectance of connectors, varies with wavelength. The notable differences between the OTDR traces at $808$ and $1550\;{\rm nm}$, shown in figure 2, is a testimony to this fact.

Ideally speaking, to characterize a QKD system, one should perform individual OTDR measurements over a large spectral range that could prove feasible for mounting Trojan-horse attacks. However, identifying such a range is not easy. Moreover, it requires an OTDR system with a tunable source as well as a detector with a high sensitivity over the complete range. This may not be possible in practice.

Alternatively, one may spectrally characterize individual optical/optoelectronic components that could play a critical role in preventing or (inadvertently) helping Trojan-horse attacks. To that end, we recently made some spectral measurements on components such as optical isolators with broadband sources to analyze the risks of Trojan attacks at wavelengths other than $1550\;{\rm nm}$ [13]. We also made some simple measurements on the Bob subsystem to examine the spectral behavior of the PM (in conjunction with its input and output connectors) and the sensitivity of the SPADs. Fortunately for Clavis2, we did not find any reflection peaks at wavelengths far from $1550\;{\rm nm}$ that could have aided Eve in the attack. Based on figure 2 here and figures 6 and 7 in [13], the optimum attack wavelength seems to be $\sim 1550\;{\rm nm}$.⁶

Here we describe our implementation of a proof-of-principle Trojan-horse attack. Figure 3 shows the schematic of the apparatus used for reading out the unknown phase by means of homodyne detection. For this, we disconnected Bob from Alice. A pulse & delay generator (Highland Technology P400) was synchronized to Bob and drove Eveʼs laser at a repetition rate ${{f}_{E{\rm att}}}=5$ MHz. An optical isolator was employed to protect Eveʼs laser from reflections. Using a $1/99$ coupler, the THPs were directed into Bob from port 3. The polarization of these THPs was optimized using PC1 so that the power at the FC/PC connector (port 9, inside Bob) after the PM was maximum.

Zoom In Zoom Out Reset image size

A long fiber patchcord of an appropriate length was spliced and added to the other arm of the coupler at port 4. The relative path difference between the back-reflected pulse (signal path) and the local oscillator pulse (control path), as observed at the $50/50$ BS of the homodyne detector, was adjusted to achieve the maximum interference visibility. The polarization of the signal (control) pulses at the outcoupler FC1 (FC2) could be controlled by PC2 (PC3). Using P400, the laser delay, i.e., ${{t}_{E\to B}}$ was changed so that the input pulse traveled through Bobʼs PM while the PM was activated. The optical pulse width, and therefore the mean photon number per pulse, could be fine-tuned by changing the driving pulse width in P400.

We adjusted the power of the laser so that ${{\mu }_{{\rm LO}}}\gt {{10}^{8}}$ and ${{\mu }_{E\to B}}\leqslant 1.5\times {{10}^{6}}$ (resulting in a mean photon number ${{\mu }_{{\rm sig}}}\approx 3$ for the homodyne detection) was obtained. We separately confirmed that a slot attacked with such a THP never experienced a click (except due to a dark count) [7]. As mentioned before, Clavis2 operates the quantum key exchange in frames that are $215\;$μs long, containing N_f = 1075 modulations or slots repeating every $0.2\;$μs. We configured the oscilloscope to capture the output voltage of the homodyne detector and the PM voltage (obtained via an electronic tap placed inside Bob) in a single-shot acquisition mode lasting $250\;\mu {\rm s}$.

Figure 4(a) shows the time traces of Bobʼs randomly-chosen phase modulations and the output of Eveʼs homodyne detector for five arbitrarily chosen slots. A direct discrimination may not be evident by eye, however, after integrating the homodyne pulses over a suitably chosen time-window every slot, the result illustrated in figure 4(b) is obtained. Figure 4(c) shows these integrated values for an entire frame with the adjacent table showing the number of instances of success/failure in discrimination. In $(501+518)/(528+547)=94.8\%$ of all the slots, Eveʼs bits match with those of Bob.

Zoom In Zoom Out Reset image size

In general, we find that Eve can discriminate $\gt 90\%$ Bobʼs secret bits in all the processed frames. Note that this success rate is conditioned on choosing an appropriate threshold (black horizontal line) which may vary on a frame-to-frame basis due to global phase drifts. However, Eve can always set a reference to ${{\varphi }_{B}}=0$ by simply crafting the LO pulse train to detect another back-reflected pulse that did a double pass through Bobʼs PM when it was inactive; see sections 2.1 and 2.2. In section 5 we shall discuss a few techniques that can increase the discrimination probability in practice. To simplify our simulation, we assume from here on that a THP with ${{\mu }_{E\to B}}\sim \lt 2\times {{10}^{6}}$ can always accurately read the state of Bobʼs PM in each slot.

In appendix, we describe a specific construction of Eveʼs strategy using fast optical switches [30] and low-loss channels for manipulating the QKD frame as explained above. Due to this manipulation, Bob receives photons from Alice only during the attack bursts and substitution sequences. This is apparent in figure 5(b); see the thick yellow and green segments. Also, due to the afterpulses emanating from the attack burst slots, the dark noise is not uniform throughout the frame. The overall noise probability in the lth slot is given by ${{n}_{j}}(l)={{d}_{j}}+{{a}_{j}}(l)-{{d}_{j}}\times {{a}_{j}}(l)$ for j = 0 and 1, and is shown in figure 5(c). In this expression, ${{d}_{0/1}}$ represents the dark noise probability per gate for D0/D1. The function a_j(l) is computed by summing together the contributions of all previous afterpulses until the lth slot; this is explained in more detail in [7]. Table A1 lists all the parameters for calculating the function n_j(l).

Table A1.  Various detection-related parameters in Clavis2. The numerical parameters for the exponential decay due to afterpulses were estimated in [7]. The cumulative probability to get a random click after ${{N}_{{\rm dt}}}=50$ gates from afterpulses alone surpasses 80%. The subscript $j=0/1$ in a variable affiliates it to D0/D1.

	D0	D1
Single-photon detection efficiency, ${{\eta }_{j}}$	0.12	0.10
Dark noise probability, dj	$1.16\times {{10}^{-4}}$	$3.63\times {{10}^{-4}}$
Afterpulse probability amplitude, A1j	$3.572\times {{10}^{-2}}$	$10.68\times {{10}^{-2}}$
Afterpulse decay constant, ${{\tau }_{1j}}$ ($\mu s$)	1.159	0.705
Afterpulse probability amplitude, A2j	$2.283\times {{10}^{-2}}$	$5.054\times {{10}^{-2}}$
Afterpulsing decay constant, ${{\tau }_{2j}}$ ($\mu s$)	4.277	3.866

After considering both the photonic input and noise figure, we can evaluate the final detection probabilities ${{p}_{j}}(l)={{s}_{j}}(l)+{{n}_{j}}(l)-{{s}_{j}}(l)\times {{n}_{j}}(l)$ for the entire frame, as shown in figure 5(d). We explain the derivation of s_j(l) and modeling of the click events in D0 and D1 based on Bernoulli trials in appendix. Figure 5(e) illustrates the clicked gates found after taking double clicks and deadtime imposition into account. Note that while Eve attacked only 20 out of 1075 slots, she knows Bobʼs basis choice in 4 out of 9 slots that are going to be used in the formation of the raw key.

The QBER incurred by Alice and Bob is strongly dependent on the combination $\{{{N}_{{\rm ab}}}$, N_ss, ${{N}_{{\rm el}}}\}$ used by Eve during the operation of the QKD protocol. The quantum channel transmission T and low-loss line transmission ${{T}_{{\rm LL}}}$ directly influence the photon number statistics ${{\mu }_{{\rm SARG}04}}$ in Alice and the observed detection rate ${{\gamma }_{B}}$ in Bob, and also indirectly affect both the QBER and Eveʼs actual knowledge $I_{E}^{{\rm act}}$ of the key shared by Alice and Bob after error correction (EC). For instance, long and frequent attacks (larger N_ab and smaller N_ss, in a relative sense) yield high $I_{E}^{{\rm act}}$ but also high QBER. Similarly, a large N_el preceding an attack burst may effectively increase $I_{E}^{{\rm act}}$ as the attacked slots have lesser chances of being inside a deadtime period, but this may also decrease ${{\gamma }_{B}}$. And a high ${{T}_{{\rm LL}}}$ naturally implies higher ${{\gamma }_{B}}$, and perhaps lower QBER because the dark noise is effectively decreased, however ${{T}_{{\rm LL}}}$ cannot exceed 1.

Let us first briefly recapitulate some essential information from the previous pages. In section 3, we experimentally demonstrated the readout of Bobʼs PM with a high accuracy. However, we also found that frequent THPs would result in a huge afterpulsing in Bobʼs SPADs which would reveal Eveʼs presence easily. In this section, we devised an intuitive strategy in which Eve manipulates the frame-based communication of Clavis2 and attacks (with THPs) only a small but carefully-chosen subset of the slots in a frame. If Eve simultaneously ensures that

• (i)  
  the QBER q does not cross the abort threshold ($q\lt {{q}_{{\rm abort}}}$),
• (ii)  
  the portion of the error-corrected key Eve actually knows is more than whatever Alice and Bob estimate based on the security proof ($I_{E}^{{\rm act}}\gt I_{E}^{{\rm est}}$), and
• (iii)  
  the deviation of the observed detection rate $\gamma _{B}^{{\rm obs}}$ from the expected value in Bob $\gamma _{B}^{{\rm exp} }$, given by ${{\delta }_{B}}=\left| 1-\frac{\gamma _{B}^{{\rm obs}}}{\gamma _{B}^{{\rm exp} }} \right|$, is within tolerable limit (${{\delta }_{B}}\leqslant \delta _{B}^{{\rm max} }$),

then her strategy succeeds. For satisfying these requirements, one needs to find an optimal attack combination. We simulated different combinations $\{r$, N_ab, N_ss, ${{N}_{{\rm el}}}\}$; with the new variable $r\leqslant 1$ denoting the fraction of frames subjected to the Trojan-horse attack. To elaborate, if r = 0.8, Eve randomly chose 80 out of 100 frames to attack with the pattern imposed by a specific triad $\{{{N}_{{\rm ab}}}$, N_el, ${{N}_{{\rm ss}}}\}$ in the manner shown in figure 5, while the remaining 20 passed to Bob normally (in the manner shown in figure A1).

Zoom In Zoom Out Reset image size

Due to probabilistic elements in the simulation, each run was performed for ${{n}_{{\rm sim}}}=10\;000$ frames to minimize stochastic fluctuations. In each run, slots that yielded clicks were collated and the average number of clicks per frame $\gamma _{B}^{{\rm obs}}=$ (total clicks)/${{n}_{{\rm sim}}}$ was calculated. A basis reconciliation procedure, as per the specifications of SARG04 [18, 19], was then performed on the collated slots. This provided us with the incurred QBER q and the fraction of valid slots⁷ in which Eve knows the secret bit. From the former, we can calculate the leak due EC $lea{{k}_{{\rm EC}}}$ then use it with the latter to bind Eveʼs knowledge $I_{E}^{{\rm act}}$ of the error-corrected key. In particular, we assumed EC to work in the Shannon limit, i.e., $lea{{k}_{{\rm EC}}}=h(q)$, with $h(x)=-x{{{\rm log} }_{2}}(x)-(1-x){{{\rm log} }_{2}}(1-x)$ being the binary entropy.

To calculate the amount of privacy amplification that Alice and Bob do in SARG04 protocol, we evaluated the expression $I(A:E)$ derived in [19] (equation (88) therein); this provides $I_{E}^{{\rm est}}$ essentially. The derivation considers eavesdropping strategies applicable against SARG04 when Alice employs an attenuated laser instead of a single-photon source. The final expression is obtained while optimizing and lower-bounding the secret key fraction attained by Alice and Bob.

One element considered in the calculation of $I_{E}^{{\rm act}}=I(A:E)$ is preprocessing: a classical operation performed by Alice at the commencement of QKD that reduces both Bobʼs and Eveʼs information, but in a more inimical manner for the latter than the former [19, 31]. Although [19] concludes that preprocessing in SARG04 helps Alice and Bob only in a very specific regime, it does not explicitly state that preprocessing should be avoided in other regimes. Since security proofs generally consider attacks that maximize $I(A:E)$ instead of $I(B:E)$, the use of preprocessing by Alice may expose a vulnerability exploitable via Trojan-horse attacks on Bob. Although preprocessing is not implemented in Clavis2, we consider a case here to highlight the vulnerability.

Indicating the degree of preprocessing with y, and using all the relevant source, channel, and detector parameters introduced thus far, we calculate $I_{E}^{{\rm est}}=0.4844$ for y = 0. This implies that Alice and Bob compress almost half of their error-corrected key during privacy amplification. If however, Alice were to use the maximum preprocessing (y = 0.5), then $I_{E}^{{\rm est}}=0.1106$. Note that the value of $I_{E}^{{\rm est}}$ is independent of the incurred QBER. This is due to the fact that the attacks found optimal in the security proof [19] are 'zero-error' attacks [3]. However, $I_{E}^{{\rm est}}$ depends on the channel transmission, as also shown in [19]. The values here are calculated at a fixed transmission (T = 0.25).

An optimization over the complete space of all parameters that define the attack strategy is out of the scope of this work, but a powerful adversary can easily do so and is likely to find a new set of parameters with better attack performance. A possible extension of the strategy is to manipulate the frames from Bob to Alice as well: more precisely, to replace the legitimate bright pulses in the slots chosen for the attack burst with even brighter ones. This would increase the chances that these slots eventually yield valid detections in Bob. Unfortunately, an increased optical power, even if only for a few pulses in the frame, portends a risk for Eve because the monitoring detectors in Alice may raise an alarm. However, if the monitoring system in Alice either does not function properly, or can be fooled [14], then this method holds a lot of promise.

Yet another attack optimization is non-demolition measurement [37] of the photon numbers of the WCPs exiting Alice. Using it, Eve can simply withhold her attack in the slots that contain 0 photons. This would reduce the dark counts (from afterpulsing), yet effectively increase her knowledge of the key. Finally, with regards to the attack setup shown in figure 3, Eve could:

• gather more information (per phase modulation) by suitably tweaking her LO to homodyne multiple back-reflections and improve the quality of the phase readout,
• periodically track the phase drift in her setup and adjust the relative phase between the signal and LO, e.g., by using an extra PM in the LO arm, to always read out at an optimal phase difference, and/or
• enhance the success rate of discrimination by using better quantum measurement strategies [38] and post-processing techniques, e.g., taking the difference of consecutive pulses and then integrating over the properly-chosen time window.

These methods would increase Eveʼs discrimination probability to $\sim 100\%$ (see figure 4) while relaxing the brightness requirement, i.e., ${{\mu }_{E\to B}}$ may be lowered, thus bringing down the afterpulsing probability. Another way to achieve the same goal would be to employ longer wavelengths to attack (as the afterpulsing response of the SPADs is conjectured to be lower) and/or to depopulate the traps by means of photoionization. Eve could try to use $\sim 1700\;{\rm nm}$ for her THPs to reduce afterpulsing. A CW illumination at a longer wavelength $\sim 1950\;{\rm nm}$ may depopulate the traps (created due to the THPs at some other wavelength) by means of photoionization [36].

The attack setup shown in figure 3 can be used virtually against any kind of QKD system, including CVQKD devices [23, 24]; it only needs a careful delay and polarization control and interferometric stability. It can even be made portable by integrating a variable optical delay line, a low-loss ${{90}^{{}^\circ }}$ optical hybrid, etc. [27]. Finally, the strategy detailed above can also be attuned to attack entanglement-based QKD systems that may not have proper safeguards against Trojan-horse attacks. More significantly, it may be used even to break the BB84 protocol in such cases.

Experimentally speaking, isolators and wavelength filters have been the most suitable countermeasures against Trojan-horse type attacks for one-way QKD systems [12]. While the former cannot be used in a two-way QKD system like Clavis2, the latter can certainly be useful. In a related context, one must also scrutinize (high and unwarranted) back-reflections from the interfaces inside the QKD system that could pose risks as explained in section 2. With such analysis, it might be possible to incorporate Trojan-horse attacks into theoretical security proofs and neutralize them by correct levels of privacy amplification. Moreover, security proofs should also carefully examine and quell the undesired effects of preprocessing. Some technical countermeasures specifically for the Clavis2 system could be:

• installing a watchdog detector with a switch at the entrance of Bob that randomly routes a small fraction of incoming signals to this detector,
• opening the door for Eve for a smaller time duration, i.e., reducing the width of phase modulation voltage pulse, and
• monitoring Bobʼs SPADs in real time [39].

Except the watchdog detector countermeasure, all others require modifications only in the electronic control system and hence are recommended.

Note that Bobʼs vulnerability to the Trojan-horse attack only arises because the SARG04 protocol is used. For BB84 (including its decoy-state version), interrogating Bobʼs modulator gives Eve no advantage [12], except when this is used to counterattack the four-state patch to the detector efficiency mismatch attacks [20, 40]. However both BB84 and SARG04 are vulnerable to interrogating Aliceʼs modulator.

Here we simulate the operation of the QKD system. A Clavis2 frame consists of N_f = 1075 slots spaced $0.2\;$μs apart. This implies N_f optical signals are sent by Bob to Alice in the forward path of the plug-and-play scheme, N_f detection gates are opened by Bob to measure the N_f WCPs coming back from Alice. Note that in practice, Bob has an asymmetric interferometer as shown in figure 1(b) so an optical signal actually consists of two (unequally bright) pulses; as it does not affect our analysis, we use 'signal' and 'pulse' interchangeably to keep the explanation simple. Alice attenuates these optical signals properly so that the mean photon number of the WCPs (in the quantum channel) is as dictated by the protocol; for SARG04 the optimal value is ${{\mu }_{{\rm SARG}04}}=2\sqrt{T}$, where T is the channel transmission [19].

By means of a Monte Carlo simulation based on experimental parameters, we modeled the frame-based QKD operation from here on. We created an array of random positive integers that are Poisson-distributed to mimic (the photon numbers of) a Clavis2 frame exiting Alice. Each pulse in the frame was stochastically subjected to all the relevant transmission or detection events; to be precise, they were modeled by a sequence of Bernoulli trials. For example, if the transmission of the quantum channel is denoted by T, then each of the n photons in a pulse at Aliceʼs exit undergoes a Bernoulli trial yielding success/1 (failure/0) with a probability of T $\left[ 1-T \right]$. The total number of photons in a pulse reaching Bob can then be evaluated as the sum of the outcomes of all n trials. Similarly, for a pulse containing m photons impinging on an SPAD with single-photon detection efficiency $\eta$, a detection click (success) is obtained if at least one of the m Bernoulli trials yielded a 1.

Table A1 lists the various parameters of the detectors in Clavis2 used for the numerical simulation. Figure A1 charts the different events in Bob: right from the arrival of a photonic frame to the registration of clicks, taking the withdrawal of ${{N}_{{\rm dt}}}=50$ gates (due to deadtime) into account. The transmission of the quantum channel connecting Alice and Bob is assumed to be T = 0.25 (with channel attenuation $\alpha =0.2$ dB km⁻¹, this would imply ∼30 km long channel). The transmission inside Bob is T_B = 0.45. The total detection probabilities in figure A1(c) are calculated using ${{p}_{j}}(l)={{s}_{j}}(l)+{{d}_{j}}-{{s}_{j}}(l)\times {{d}_{j}}$ for each slot $l\in \left[ 1,{{N}_{{\rm f}}} \right]$ and for j = 0 and 1. In this expression, ${{d}_{0/1}}$ represents the dark count probability per gate for D0/D1. The photonic detection probability is ${{s}_{j}}(l)=1-{{\left( 1-{{\eta }_{j}} \right)}^{m(l)}}$ for j = 0 and 1; here m(l) is the number of photons impinging on a specific detector in the lth slot (shown in figure A1(b)), and ${{\eta }_{0}}$ and ${{\eta }_{1}}$ are the single-photon detection efficiencies of D0 and D1, respectively.

Figure A2 (a) shows a possible full implementation of the Trojan-horse attack described in section 4, by using off-the-shelf optical switches [30] and a low-loss line. The switches are connected by two lines: the quantum channel containing an optical tap additionally, and a highly-transmissive channel (with transmission ${{T}_{{\rm LL}}}$). If a slot $l\in \left[ 1,{{N}_{{\rm f}}} \right]$ diverted by Eve on the highly-transmissive channel had n photons at Aliceʼs exit, then it has a high chance of having n photons at Bobʼs entrance too. The low-loss line with the characteristics we model (${{T}_{{\rm LL}}}=0.9$ instead of 0.25 for the normal line) currently does not exist. However, its implementation can in principle be possible in the future, by using an improved optical fiber or high-efficiency quantum teleportation.

Zoom In Zoom Out Reset image size

When Bob sends a frame to Alice, the switches are in crossed positions (FOSb: $1\to 4$ and FOSa: $2\to 3$) so that the frame essentially traverses the quantum channel undisturbed. The tap is used for obtaining polarization information and synchronization, required later in preparation of the THPs. Since the pulses in the forward path are relatively bright, a few photons stolen would not be noticed by Alice.

For the return path, i.e., from Alice to Bob, Eve manipulates the slots as determined by the attack pattern of figure A2(b). This pattern is essentially a repetition of the triad $\{{{N}_{{\rm ab}}}$, N_el, ${{N}_{{\rm ss}}}\}$ imposed in the reverse direction (i.e., going from N_f to 1) on an entire QKD frame. The number of unbroken triads that can fit inside a frame is $k=\left \lfloor {{N}_{{\rm f}}}/\left( {{N}_{{\rm ab}}}+{{N}_{{\rm el}}}+{{N}_{{\rm ss}}} \right)\right \rfloor$, where $\left \lfloor \cdot \right \rfloor$ denotes the floor operation. This leaves exactly ${{N}_{{\rm u}}}={{N}_{{\rm f}}}-k\left( {{N}_{{\rm ab}}}+{{N}_{{\rm el}}}+{{N}_{{\rm ss}}} \right)$ unaccounted slots in the beginning of the frame; if ${{N}_{{\rm u}}}\gt {{N}_{{\rm ab}}}$, then we add yet another attack burst N_ab and extinguish the remaining ${{N}_{{\rm el}0}}={{N}_{{\rm u}}}-{{N}_{{\rm ab}}}$ slots, as also shown in figure A2(a) with k = 4 and N_u = 151. Otherwise, we simply extinguish ${{N}_{{\rm el}0}}={{N}_{{\rm u}}}$ slots.

Using this pattern, Eve physically manipulates the frame in the following way: slots up to N_el0 are extinguished by being directed onto a beam dump (FOSa: $3\to 2$ and FOSb $4\to 2$). The next ${{N}_{{\rm ab}}}+{{N}_{{\rm ss}}}$ slots pass through the low-loss line (both FOSa and FOSb in positions $3\to 1$) to Bob. Using the Trojan-horse attack apparatus (see figure 3), Eve reads Bobʼs PM settings for the attack burst, i.e., the first N_ab of these slots. The remaining N_ss slots, or the substitution sequence, simply travel to Bob via the low-loss line. The switches then flip again for an extinguished length of N_el slots. This sequence is repeated until the end of the frame is reached with the last N_ab gates always attacked. Attacking the last few slots causes less afterpulsing, because the detector gates are not applied after the frame end.