Decoy-state quantum key distribution with a leaky source

In recent years, there has been a great effort to prove the security of quantum key distribution (QKD) with a minimum number of assumptions. Besides its intrinsic theoretical interest, this would allow for larger tolerance against device imperfections in the actual implementations. However, even in this device-independent scenario, one assumption seems unavoidable, that is, the presence of a protected space devoid of any unwanted information leakage in which the legitimate parties can privately generate, process and store their classical data. In this paper we relax this unrealistic and hardly feasible assumption and introduce a general formalism to tackle the information leakage problem in most of existing QKD systems. More specifically, we prove the security of optical QKD systems using phase and intensity modulators in their transmitters, which leak the setting information in an arbitrary manner. We apply our security proof to cases of practical interest and show key rates similar to those obtained in a perfectly shielded environment. Our work constitutes a fundamental step forward in guaranteeing implementation security of quantum communication systems.


Introduction
It is well-known that two spatially separated users (Alice and Bob) can secretly communicate over a public channel if they own two identical random keys unknown to any third party.They can use their keys to enable symmetric-key encryption.When the symmetric-key algorithm is the so-called "one-time pad" [1], the security of the resulting communication is independent of the computational capability of an eavesdropper (Eve) [2].The only provably secure way known to date to distill secret random keys at remote locations is quantum key distribution (QKD) [3,4,5,6].While the theoretical security of QKD has been convincingly proven in recent years [5], in practice a QKD realisation cannot typically perfectly satisfy the requirements imposed by the theory.Therefore it is crucial that security proofs are extended to accommodate the imperfections of the real QKD devices.Any unaccounted imperfection constitutes a so-called "side-channel", which can be exploited by Eve to compromise the security of the system [7,8,9,10,11,12,13,14,15,16,17].
To close the gap between theory and practice, various approaches have been proposed so far, with two most prominent examples being "device-independent QKD" [18,19,20,21] and decoy-state "measurement-device-independent QKD" (mdiQKD) [22].Device-independent QKD does not require a complete knowledge of how QKD apparatuses operate, being its security based on the violation of a Bell inequality.However, its experimental complexity is unsuitable for practical applications, as its ultimate form demands that Alice and Bob perform a loophole-free Bell test [23,24,25] in every QKD session.Also, its secret key rate is very poor with current technology [26,27].Decoy-state mdiQKD, on the other hand, permits to remove any assumption of trustfulness from the measurement device, which is arguably the weakest part of QKD realisations [7,8,9,10,11,12,13,14].Under the only additional requirement that Alice and Bob know their state preparation process [28], mdiQKD with decoy-states allows to bring QKD theory closer to practice [29] without frustrating the key rate [22,30].Most importantly, its practical feasibility has been already experimentally demonstrated both in laboratories and in field trials [31,32,33,34,35,36,37,38], with a key rate comparable to that of standard QKD protocols [37].
However, it is important to notice that the security of any form of QKD, including the two solutions above, relies on the assumption that Alice and Bob's devices do not leak any unwanted information to the outside.That is, their apparatuses must be inside private spaces that are well-shielded and inaccessible to Eve (see, e.g., [39]).This assumption is very hard, if not impossible, to guarantee in practice.The behaviour of real devices is affected by the environmental conditions and can depend on their response to external signals, unawarely triggered by a legitimate user, or maliciously injected into the QKD system by Eve.This could open new side-channels, of which the so-called Trojan-Horse attack (THA) [40,41,42] is a meaningful example.While mdiQKD relieves QKD from the burden of characterising the measuring devices, the THA deals with the important question of guaranteeing a protected boundary between the transmitting devices, assigned with the preparation of the initial quantum states, and the outside world.
In a THA, Eve injects bright light pulses into the users' devices and analyse the back-reflected light, with the aim of extracting more information from the signals travelling in the quantum channel.Recently, [42] considered a feasible THA targeting the phase modulator (PM) of a QKD transmitter.There, security was proven under the assumption that this specific THA only affects the PM in the transmitter and leaves the other devices untouched.Therefore this result cannot be exported to decoystate QKD and mdiQKD, where an additional method to modulate the intensity of the prepared signals is required.This is very often achieved via an intensity modulator (IM) inserted in series with the PM.Hence it can happen that partial information about the IM is leaked to Eve, similarly to what happens for the PM.This problem is common to any scheme using devices like PM and IM, such as the decoy-state BB84 protocol [43,44,45,46,47,48,49,50,51], bit commitment, oblivious transfer, secure identification [52], blind quantum computing [53] as well as device-independent QKD.
Here we introduce a general formalism to prove the security of most of the optical QKD systems using a PM and an IM in their transmitters that can leak the setting information in an arbitrary manner.As a specific example, we address the optical implementation of the standard decoy-state BB84 QKD protocol with three intensity settings [43,44,45] due to its extensive use of devices like PM and IM.However, our results can be straightforwardly adapted to any number of settings and to all the protocols mentioned above.Importantly, our approach is solely based on how the users' devices operate.For a given model of PM and IM, one could readily use our technique to calculate the resulting secret key rate of the system.This constitutes a fundamental step forward to guaranteeing the security of quantum cryptographic schemes using a PM, an IM or other analogous devices, in presence of information leakage.
To illustrate how our formalism applies to real QKD systems, we investigate a particular form of information leakage, i.e., a THA that is feasible with current technology.In particular, we consider that Eve injects a probe for each phase and intensity setting selected by the legitimate user and the back-reflected light is composed of coherent states of limited intensity.
The paper is organised as follows.In Sec. 2 we review the main concepts of decoystate QKD.In Sec. 3 we present a general formalism to prove its security in the presence of any information leakage from both the PM and the IM.This formalism is then used in Sec. 4 to study various THA that are feasible with current technology and to evaluate their effect on the system performance.Finally, Sec. 5 includes a short discussion and Sec.6 concludes the paper with a summary.The paper also contains Appendixes with calculations that are needed to derive the results in the main text.

Decoy-state quantum key distribution
In decoy-state QKD, Alice prepares mixtures of Fock states with different photon number statistics, selected independently at random for every signal that is sent to Bob.These states can be prepared with practical light sources such as attenuated laser diodes, heralded spontaneous parametric downconversion sources and other practical single-photon sources.They can be formally described as: Here, p γ n is the photon number statistics, represented by the conditional probability that Alice emits a pulse with n photons when she chooses the intensity setting γ.The ket |n denotes an n-photon Fock state.If Alice uses a source emitting phase-randomised weak coherent pulses (WCP), the photon number statistics is the Poisson distribution, p γ n = e −γ γ n /n!, with γ being the mean photon number.
For each intensity setting γ, there are two quantities which can be directly observed in the experiment: the gain Q γ = N γ click /N γ , where N γ click represents the number of events where Bob observes a click in his measurement device given that Alice prepared the state ρ γ , and N γ is the number of signals sent by Alice in the state ρ γ , and the quantum bit error rate (QBER) E γ = N γ error /N γ click , where N γ error denotes the number of errors observed by Bob given that Alice prepared the state ρ γ .In the asymptotic limit of large N γ both quantities can be written as a function of the yield Y n and the error rate e n of the n-photon signals as: for any value of γ.The unknown parameters in this set of linear equations are Y n and e n , and they can be estimated by solving Eq. ( 2).Indeed, whenever Alice uses an infinite number of settings γ, any finite set of parameters Y n and e n can be estimated with arbitrary precision.If Alice and Bob are only interested in the value of Y 0 , Y 1 , and e 1 , as is the case in QKD, it is possible to obtain a tight estimation of these three parameters with only a few different intensity settings [54].A fundamental implicit requirement in the decoy-state analysis is that the variables Y n and e n are independent of the intensity setting γ.That is, the analysis assumes that Eve does not have any information about Alice's intensity setting choice at each given time.If Eve performs a THA against Alice's source, however, this necessary condition might not be longer satisfied and the security analysis of decoy-state QKD needs to be revised.This is done in the next section.

Trojan horse attacks against decoy-state quantum key distribution
In this section we present a general formalism to evaluate the security of decoy-state QKD against any information leakage from both the IM, which is used to generate decoy-states, and the PM employed to encode the bit and the basis information.Below we assume that such information leakage is due to an active Eve who launches a THA against the decoy-state transmitter.Note, however, that our analysis could be applied as well to any passive information leakage scenario.
In a THA Eve injects bright light pulses into Alice's device and measures the backreflected light.This way she might obtain useful information about Alice's intensity and phase choices for each generated signal.This situation is illustrated in Fig. 1.As a first consequence, the yields Y n and the error rates e n might now become dependent on the intensity setting γ, and we will denote them as Y γ n and e γ n , respectively.The goal of this section is mainly to evaluate how much can these quantities differ from each other depending on the information leaked to Eve.

THA against the IM
Here we focus on the most widely used choice of intensity settings for the standard decoy-state BB84 protocol, where Alice randomly selects one of three possible intensities, denoted as γ s , γ v , and γ w , with probability p s , p v , and p w , respectively.However, our technique can be straightforwardly adapted to cover any number of decoy settings.We will denote as γ i ∈ {γ s , γ v , γ w } the intensity setting selected by Alice in the i th instance of the protocol.
Eve's goal is to learn the value of γ i for all instances i.For this, her most general THA can be described as follows.Eve first prepares a probe system E p , which might be entangled with an ancilla system E also in Eve's hands, and sends this system to Alice while she keeps E in a quantum memory.The system E p may consist of many different pulses, each of them used to probe Alice's intensity setting each given time.Afterwards, Eve performs a joint measurement on all the pulses emitted by Alice together with the systems E and the back-reflected light from E p , which is denoted as E p .
Let us consider first the i th n-photon pulse emitted by Alice.Later on we will generalise this case to cover all her n-photon pulses.For this, let ρ n,γ i denote the joint state of Alice's i th n-photon pulse and the systems E and E p ‡.The state of E p may depend on all the intensity choices made by Alice, so does ρ n,γ i .Now, Eve's task for the i th pulse is to behave as different as possible according to Alice's intensity choice γ i given the state ρ n,γ i .Therefore, we are interested in how well can Eve distinguish ‡ For example, if the emission of an n-photon pulse by Alice is independent of Eve's systems E and E p , then ρ n,γ i = P (|n ) ⊗ ρ γ i , where the operator P (|φ ) is defined as P (|φ ) := |φ φ| and ρ γ i represents the state of E and E p .This is the typical situation that one expects in practice.
the intensity setting γ i j from γ i k and γ i l , with j, k, l ∈ {s,v,w} and j = k, l (note that here k might be equal to l).This can be solved using the trace distance argument [55], which says that the trace distance between probability distributions arising from any measurement on the states ρ n,γ i j and q nkl ρ n, where Ω is a set of physical events that fulfills ω∈Ω Pr(ω) = 1, d(ρ, σ) := Tr |ρ − σ| /2 denotes the trace distance between ρ and σ, Pr(ω|ρ) is the conditional probability to obtain the event ω given the state ρ, and q nkl := p k p γ k n /(p k p γ k n +p l p γ l n ), with k, l ∈ {s,v,w}, is the conditional probability to have selected the intensity setting γ k (among only γ k and γ l ) given that the pulse contains n photons §.
To prove the security of the decoy-state QKD system, we need to determine Bob's detection rates.This means that we are interested in the set Ω = {click, no click}, where "click" ("no click") represents a detection (no detection) outcome at Bob's side.That is, Eve must decide which of Alice's pulses will produce (or not produce) a "click" at Bob's side before the quantum part of the protocol finishes.Here, Pr(click|ρ n,γ i j ) is the conditional probability that Bob obtains a "click" given ρ n,γ i j .This probability may depend on the detection pattern observed by Bob in all the previous i − 1 pulses.By combining Eq. ( 3) with the fact that Pr(click) + Pr(no click) = 1 we find that Now, in order to relate the conditional probabilities that appear in Eq. ( 4) with the corresponding actual numbers, we first convert these probabilities into joint probabilities and then we take the sum over i ∈ {1, 2, • • • , N }, being N the number of trials.In particular, let Pr(click, n, γ i j ) denote the joint probability that Eve observes the state ρ n,γ i j in the instance i and Bob obtains a "click".Then, from Eq. ( 4) we obtain that where D n,j,k,l := 1/N N i=1 D i n,j,k,l .Importantly, by using Azuma's inequality [56] (see Appendix A), each term on the LHS of Eq.( 5) approaches the actual numbers of the corresponding events except for a probability exponentially small in N .That is, we have that N i=1 Pr(click, n, γ i j ) approaches the number of events, N click,n,γ j , within N runs where Alice selects the intensity setting j, she emits an n-photon state, and Bob obtains a "click" in his measurement device.This means that § Note that when k = l Eq. ( 3) implies that ω∈Ω |Pr(ω|ρ n,γ except for a probability exponentially small in N , where the yields Y γ j n are defined as and similarly for Y γ k n and Y γ l n .Note that in the special case where there is no information leakage about Alice's intensity choices, we have that D n,j,k,l = 0 and, therefore, Y which is the key assumption in the standard decoy-state method (see Sec. 2).
The analysis for the error rates e γ j n , with j ∈ {s, v, w}, is analogous.In particular, here we consider the set Ω = {click ∧ error, no click ∨ (click ∧ no error)}, where "click ∧ error" represents a detection outcome at Bob's side associated with an error, and "no click ∨ (click ∧ no error)" denotes a no detection outcome or a detection one associated with no error.Now, taking into account that Pr(click ∧ error) + Pr[no click ∨ (click ∧ no error)] = 1, and using a similar analysis as above, we find that where the parameter D n,j,k,l is equal to that given in Eq. ( 6) ¶, and e n is defined as and similarly for e γ k n and e γ l n .Here, N click∧error,n,γ j represents the number of events, within N runs, where Alice selects the intensity setting j, she emits an n-photon state, and Bob obtains a "click" associated to an error in his measurement device.
The formalism above is general in the sense that it can be applied to any THA against Alice's IM.However, to be able to evaluate Eqs. ( 6)-( 8) one needs to characterise the states ρ n,γ i j that are accessible to Eve, and this might be difficult in general.These states are required to calculate the coefficients D i n,j,k,l and, thus, the parameters D n,j,k,l .In the next subsection we show that these parameters can in principle be estimated based solely on the behaviour of the IM.

Estimation of D i
n,j,k,l .In order to upper bound the value of D i n,j,k,l based only on how the IM operates, we consider the unitary operator that describes the action of Alice's IM when she selects a certain intensity setting γ i j for an instance i. Importantly, we assume that this operator characterises the behaviour of the IM on all the optical modes that it supports.That is, in general it acts on Alice's photonic system A p (i.e., the signal states emitted by her laser), on some additional ancillary system A a also in Alice's hands + , and on Eve's probe system E p .Therefore, we will denote it as Û γ i j Ap,Aa,Ep .
Note that when k = l Eq. ( 6) implies that The system A a can account for the effect of the loss in Alice's transmitter.That is, we consider that the unitary operator describing her IM includes as well, together with its intrinsic loss, the effect of any optical attenuator, isolator and filter used by Alice to reduce the energy of the back-reflected light that goes to Eve.
Let |Ψ Ap,Aa,E,Ep be the joint state that describes Alice's and Eve's systems before the action of the IM.After applying the IM, the state |Ψ Ap,Aa,E,Ep evolves according to the unitary transformation 1E ⊗ Û γ i j Ap,Aa,Ep .Importantly, in order for the decoy-state method to work, this unitary transformation should produce an output signal with the system A p (which will be sent to Bob through the quantum channel once the bit and basis information are also encoded) prepared in a state that is diagonal in the Fock basis.This is guaranteed if Eve's probing light does not alter the photon distribution of Alice's light source or her phase-randomisation process.Note here that the physical system corresponding to A p might not be the same as the one for the input system A p .This means, in particular, that Here, p γ i j n denotes the probability of emitting an n-photon pulse in the i th instance of setting γ j , and {|φ } n forms an orthonormal basis, i.e., we have that Moreover, the physical systems for A a and E p might be different from those for A a and E p , respectively.Also, note that in Eq. (10) we have made the general assumption that the photon mode of the n-photon state |n γ i j A p might be dependent on the setting γ i j .Now, we focus on those joint states |n γ i j Ap |φ γ i j n,Ψ A a ,E,E p that contain n photons on Alice's photonic system A p .Eve's task is to behave as differently as possible according to the intensity setting.We find, therefore, that D i n,j,k,l can be upper bounded as Tr A a q nkl P (|n where the operator P (|φ ) := |φ φ|.This confirms that the description of Alice's IM is enough to guarantee security.Of course, the formalism above can readily accept any particular assumption on the THA performed by Eve.For instance, in practical situations it may be over-pessimistic to take the supremum given in Eq. ( 11) over all possible states |Ψ Ap,Aa,E,Ep .Instead, one might only consider signals of the form |Ψ Ap,Aa,E,Ep = |φ Ap |ϕ Aa |χ E,Ep , where |φ Ap , |ϕ Aa and |χ E,Ep are pure states of the different systems.Indeed, this seems to be a natural assumption because Alice's systems A p and A a are typically independent from each other and also independent from those of Eve.In so doing, Eq. ( 11) might deliver tighter bounds for D i n,j,k,l .In general, however, one cannot assume that Eve's state |χ E,Ep is in a tensor product form.That is, it is not enough to just consider the system E p that Eve sends to Alice (together with the back-reflected one) in order to guarantee security.This is so because when the supremum given in Eq. ( 11) is taken over all joint states |χ E,Ep it usually results in a larger trace distance than that obtained when one considers product states.To improve the system performance, Alice might include additional optical elements to force |χ E,Ep to be of product form.For example, she could perform a phase-randomisation on the system E p (see, e.g., [58,59]).This way all the offdiagonal elements of the state |χ E,Ep in the Fock basis would vanish, and one could completely disregard system E.Moreover, mathematically, to remove all the off-diagonal elements leads to a significant decrease of the trace distance and, therefore, one expects a significant improvement of the secure key rate, as is confirmed in Sec.4.3.

THA against the PM
In this section, we review and extend the analysis of the THA against the PM carried out in [42].The central observation is that the THA allows Eve to partially know Alice's choice of the basis.In other terms, the information leakage is in the form of basis information leaked out to the eavesdropper.This might cause the density matrices that describe Alice's output states to be basis dependent.Below, we provide a formalism to prove the security of the BB84 protocol in the presence of the most general THA against the PM.
We will assume that Alice's choice is random, independent of the IM and of the previous preparation instances.We define the Z basis by the orthogonal vectors {|0 , |1 } and the X basis by {|+ , |− }, where |± := (|0 ± |1 )/ √ 2. We denote as |Ψ i Z Aq,Ap,Aa,E,E p (|Ψ i X Aq,Ap,Aa,E,E p ) the joint state that describes Alice's system and Eve's system for the THA given that Alice selected the Z (X) basis.Here, the superscript i refers to the i th signal generated by Alice, and the system A q refers to a virtual qubit that is stored in Alice's lab.Examples of the states |Ψ i Z Aq,Ap,Aa,E,E p and |Ψ i X Aq,Ap,Aa,E,E p are the following Here, |Ψ i jα Ap,Aa,E,E p (with j ∈ {0, 1} and α ∈ {Z, X}) represents the state of systems A p , A a , E and E p for Alice's bit value j in her α basis.We have, therefore, that Alice's state preparation process can be equivalently described as follows.First, she decides which state (|Ψ i Z Aq,Ap,Aa,E,E p or |Ψ i X Aq,Ap,Aa,E,E p ) she prepares.Afterwards, she measures the virtual qubit A q using the Z or the X basis, depending on the choice of the state.As long as the state preparation is expressed this way, one can consider any possible purification of the states ) being a global phase.Note that we can consider this state because the reduced density operator for systems A p , A a , E and E p is the same as that of Eq. ( 13).The optimal solution is the purification that maximises the key generation rate.
In a security proof, it is essential to determine the phase error rate, which is the parameter needed in the privacy amplification step of the protocol.The phase error rate is the fictitious bit error rate that Alice and Bob would have obtained if Alice had measured the system A q with the X basis and Bob had used the X basis given the preparation of |Ψ i Z Aq,Ap,Aa,E,E p .Intuitively, if the states |Ψ i Z Aq,Ap,Aa,E,E p and |Ψ i X Aq,Ap,Aa,E,E p are close enough to each other, then the phase error rate should be close to the X basis error rate which is obtained in the actual experiment.Below, we make this argument more rigorous by using the analysis presented in [61].For this, we will assume that the basis choice is done in a coherent manner, i.e., Alice first prepares the joint system where the system A c is the so-called "quantum coin" [60].Importantly, the phase error rate is related to the X basis measurement on the quantum coin.To derive the formula for the estimation of the phase error rate, we consider the following fictitious protocol.In particular, for the i th trial of the protocol, Alice and Eve prepare their systems in the state |Ψ i Ac,Aq,Ap,Aa,E,E p , Alice keeps systems A a , A q and A c in her hands, and sends system A p to Bob.At the reception side, Bob receives some optical systems after Eve's intervention, and he performs the X basis measurement.In addition, Alice performs the X basis measurement on the system A q .Then, Alice randomly chooses between the Z or the X basis with equal probability to measure her quantum coin A c .Here, note that, from Eq. ( 14), when Alice chooses the Z basis to measure the coin and the result is "0" ("1"), this is equivalent to Alice and Eve directly preparing the state |Ψ i Z Aq,Ap,Aa,E,E p (|Ψ i X Aq,Ap,Aa,E,E p ). Next, we apply the Bloch sphere bound [62] for probability distributions to those instances where Bob obtained a click event.In particular, we first apply this bound separately to the events with the X basis error and to those with no X basis error.We obtain the following two inequalities Here, Pr i (X Ac = −|X − Error) is the conditional probability of observing the outcome "−" when performing the X basis measurement on the quantum coin given that there is a X basis error; Pr i (Z Ac = 1|X − Error) is the conditional probability of observing the outcome "1" when performing the Z basis measurement on the quantum coin given that there is a X basis error; and the other probabilities are defined similarly.Next, we multiply both inequalities by the term Pr i (click), which is the probability that Bob obtains a "click" in his measurement apparatus, and after combining Eqs. ( 15)-( 16) we obtain [61] Pr where Pr i (X Ac = −) is the probability that the measurement result on the quantum coin is "−", Pr i (X, X − Error) is the joint probability of selecting the Z basis to measure the quantum coin and obtaining the result "1" (which implies the preparation of the state |Ψ i X Aq,Ap,Aa,E,E p ), and observing a bit error in Alice's and Bob's X basis measurement.The probability Pr i (Z, X − Error) is the fictitious joint probability of selecting the Z basis to measure the quantum coin, and obtaining the result "0" (which implies the preparation of the state |Ψ i Z Aq,Ap,Aa,E,E p ), and observing a bit error in Alice's and Bob's X basis measurement.Actually, this last probability is the phase error rate.The probabilities Pr i (X, No X − Error) and Pr i (Z, No X − Error) are defined in a similar way (see [61] for further details).Note that in order to obtain Eq. ( 17) from Eqs. ( 15)-( 16) we have used the fact that Pr i (X Ac = −, click) ≤ Pr i (X Ac = −), where Pr i (X Ac = −, click) represents the joint probability that the measurement result on the quantum coin is "−" and Bob obtains a "click" event with his measurement.Importantly, the probability Pr i (X Ac = −) characterises how close are the states |Ψ i Z Aq,Ap,Aa,E,E p and |Ψ i X Aq,Ap,Aa,E,E p .Specifically, by choosing an appropriate global phase for |Ψ i X Aq,Ap,Aa,E,E p , from Eq. ( 14) we have that The term | Aq,Ap,Aa,E,E p Ψ i Z |Ψ i X Aq,Ap,Aa,E,E p | can be upper-bounded by the fidelity between the Z basis state and the X basis state.This means that Eq. (17) gives us the phase error probability taking into account the "closeness" between the two basis states.To relate the probabilities with the actual number of the corresponding events, we first use the concavity of the square root function and we take the sum over i ∈ {1, 2, • • • , N }, with N being the number of pulses sent in the fictitious protocol.In so doing, we find that Next, we apply Azuma's inequality [56] (see Appendix A).We obtain, therefore, that except for a probability exponentially small in N each sum of the probability distributions approaches the actual number of the corresponding events in N trials.That is, where N g denotes the number of instances associated to the event g.Importantly, here N Z,X−Error /N click is related to the phase error rate, that is, the rate of choosing the Z basis and having the phase error, and N X,X−Error /N click is the observed ratio of choosing the X basis and having a bit error.As for N X Ac =− , we have that except for a probability exponentially small in N the following inequality is satisfied.
This is so because we can directly calculate the probability Pr i (X Ac = −) from Eq. ( 14).Therefore, if Alice and Bob know the minimum overlap between the states |Ψ i X Aq,Ap,Aa,E,E p and |Ψ i Z Aq,Ap,Aa,E,E p they can estimate the value of the phase error rate even if Eve performs the most general THA against the PM.The estimation of such overlap, however, might be difficult in general as one would need to know Eve's ancilla state.To overcome this problem, we proceed like in the previous section and we reformulate the formalism above based only on how the PM operates.
For this, note that |Ψ i Z Aq,Ap,Aa,E,E p and |Ψ i X Aq,Ap,Aa,E,E p can be expressed as which is independent of the state.Note that here we have used the infimum because the unitary operator could support a mode in a Hilbert space containing an arbitrary number of photons.Therefore, Eq. ( 20) can be written as Finally, we use where N Z (N X ) is the number of events where Alice's Z-basis measurement outcome on the quantum coin is "0" ("1").That is, Alice prepares the Z-basis (X-basis) state and Bob detects signals in the Z basis (X basis) in the actual protocol (recall that the virtual protocol concentrates only on the basis matched events).Then, by taking into account that x(1 − x) ≤ 1/2 for 0 ≤ x ≤ 1, we obtain the following modified inequality Remember that N click represents the number of detected events by Bob in the actual protocol since the quantum coins have been measured along the Z basis, which corresponds to the case in the actual protocol.Therefore, we have that the RHS of this equation is consistent with the results presented in [61].Like in the previous section, note that the formalism above can readily accept any assumption on the THA.For example, if one considers a specific THA against the PM where Alice and Bob know the fidelity F X,Z between the two density matrices describing the output states for the X and Z bases, we have that which is essentially the result obtained in [42].This means in particular that with the estimation of the fidelity given for an explicit THA, as the one considered in the next section, one can readily obtain the phase error rate and therefore the secure key rate of a QKD system endowed with a leaky PM.Until now we have discussed the scenario where the THA against the IM and the PM acts independently on these two devices.However, in general, the IM and the PM might present correlations which could be exploited by Eve in a joint THA.More specifically, the leaked information might be dependent on both the intensity setting and the bit and basis choices.This situation is addressed in Appendix B, where we discuss how to adapt the formalism above to also cover this case.

Simulation of the key generation rate
In order to apply the theoretical description to a practical case, we treat the THA as a particular form of information leakage, actively caused by the eavesdropper.We draw a realistic worst-case scenario following the line of Ref. [42], where a THA targeting the PM placed in Alice's box was studied.Here, we review this argument and employ it to any other device that is actively modulated in the transmitting unit, in particular to the IM that is commonly employed to run a decoy-state protocol.We assume that Eve uses a continuous-wave (CW) high-power laser to probe a QKD transmitter.The suitability of a CW laser for the THA is due to a twofold reason.Firstly, it is less destructive than a pulsed laser [63], so it is less easily detectable by Alice and Bob.Secondly, a CW laser is not less efficient than a pulsed laser in probing devices that are modulated according to a non-return-to-zero (NRZ) logic, and assuming NRZ modulation for the transmitter's devices is a conservative choice [42].Also, it is apparent that the THA is enhanced if the power of Eve's laser is as large as possible, because this maximises the amount of back-reflected light for any fixed reflectivity of the transmitting unit.Therefore we can think that Eve's laser is operated well above threshold.
A consequence of these preliminary considerations is that it is not too restrictive in practice to consider a THA performed with a CW laser operated well above threshold.In turn, such a laser emits light in a state that is closely approximated by a singlemode coherent state [64].We will therefore assume in this section that Eve uses highintensity single-mode coherent states to perform the THA.Formally, we write the input coherent state as |β e iθ , where β is a real number representing the amplitude of the input light and θ is an arbitrary phase that can be set equal to zero without loss of generality.Notice that even if Eve's laser is CW, it still makes sense to use the expression "light pulse" for Eve's light, as a light pulse is temporally defined by Eve to match the modulation period of the transmitter's devices.When a coherent state of light enters the QKD transmitter, it undergoes transformations that are linear and cannot change its photon statistics.So the light back-reflected to Eve will still be in a coherent state, which we indicate as: In this case, the real numbers β γ j and θ γ j are amplitude and phase, respectively, of the light back-reflected to Eve, which can depend on the intensity setting of the transmitter, γ j .Notice though that they are assumed not to depend on the particular instance i of the preparation.Moreover, in writing Eq. ( 28), we assume that there is no entanglement between Alice's system A p and Eve's probe system E p .Therefore we term "individual" this particular class of THA.
In the next sections, we will simulate the secure key rate of a typical decoy-state QKD system against the individual THA, in three different cases of practical interest, with the aim to provide security guidelines of immediate use in QKD experiments.The three cases correspond to different assumptions about the state in Eq. ( 28), which will be described in detail in the next Secs.4.1, 4.2 and 4.3.These cases will be also schematically summarised in Fig. 5, at the end of this section.However, Fig. 5 could even be used as an introductory scheme to our models instead, as it conveniently displays the assumptions underlying the simulations.
To draw the simulations, the main ingredient is the characterisation of the transmitters' modulators, which, as discussed in the previous section, leads to upper bound the trace distance between the different settings of the modulators in the presence of leaked information, as described by Eq. ( 11) (see also Appendix C and Appendix D).In practice, this often translates into defining the modes transmitted by the modulators and their attenuation coefficients.Then, a specific protocol can be considered and its secure key rate estimated.In the simulations, we will consider the following lower bound to the asymptotic secure key rate of the decoy-state BB84 protocol [3]: where Γ A and Γ E are the spaces of the parameters controlled by Alice and by Eve, respectively.In the simulation, we will use Γ A = {γ s , γ v } and Γ E = {θ γ j }, and assume without loss of generality that γ s ≥ γ v ≥ γ w and θ γs = 0, Here, as for γ w and β γ j , we will fix them to particular constant values in the simulation.In Eq. ( 29), the key is distilled only from the signal states; q is the efficiency of the protocol; p γs 0 = e −γs and p

Individual THA -Case 1
As mentioned in Sec. 3, Eve's goal in a THA is to maximise the difference between the states leaked out of the transmitter.Because these are represented by the coherent state in Eq. ( 28), Eve's task is simpler when the intensity of the relevant states is larger, as this makes the states more orthogonal.Therefore, the first scenario we consider is one in which we over-estimate the intensity of the leaked states so to draw a consistent worst-case scenario for the individual THA.Suppose that the users characterise their apparatus and find that the intensity of the leaked signals is always upper bounded by a certain value I max .This could be the result of an experiment aimed at characterising the worst-case reflectivity of the transmitter as a whole, without specifically addressing the individual devices inside the transmitting unit.Because in the estimation of the secure key rate, Eq. ( 29), we assume that the parameters θ γ j are entirely controlled by Eve, it is conservative to set the intensities of the states leaked out from the transmitter as follows: The detailed calculation of the trace distance terms D n,j,k,l for the leaked states under the settings of Eq. ( 30) is given in Appendix D.1.Then, the key rate in Eq. ( 29) is numerically simulated and the result is plotted in Fig. 2 as a function of the distance between the users.The colours correspond to different values of the parameter I max .The  Secure key rate versus distance in presence of a THA targeting the modulating devices of a QKD transmitter.Each colour corresponds to a different value of the intensity of the leaked light, I max .The depicted key rate is for the worstcase of a single value of I max bounding all the intensity settings in the transmitter, see Eq. (30) in the main text.The solid lines are for a leakage due only to the IM, while the dashed lines, visible for I max equal to 10 −6 , 10 −7 and 10 −8 , are for the total leakage coming from IM and PM simultaneously.For every distance, the key rate is minimised over the angles θ γj , controlled by Eve, and maximised over the amplitudes γ s and γ v , controlled by Alice.All the parameters used in the simulation are listed in Table 1.
black solid line represents the ideal case of no information leakage.When the information leakage intensity is lower than 10 −6 photons/pulse, it is always possible to distill a secure quantum key, even in presence of the THA.When I max = 10 −6 , the key rate distilled from our security proof remains positive up to distances of about 30 km.This can be compared with implementation without decoy states, where a single unmodulated intensity is used.In this case, the so-called GLLP security proof [60] applies, and the corresponding key rate is depicted in Fig. 2 as a dashed black line.When I max is smaller than 10 −12 , the key rate in presence of a THA approaches closely that of a perfectly shielded system over short and medium-range distances, whereas it deviates from ideal over longer distances.In this latter case, a non-negligible amount of additional privacy amplification is required to protect the system against the THA.In the same figure, we also include dashed coloured lines to represent the secure key rate in presence of a THA that targets simultaneously the IM and the PM enclosed in a QKD transmitter.For that, we conservatively assumed that Eve gets the same amount of back-reflected light, I max , from the IM and the PM separately, so to maximise her information gain about each modulator.As it is apparent from Fig. 2, the lines corresponding to this case are almost perfectly overlapping with the lines corresponding to having only the IM attacked by the THA.This suggests that protecting the IM of a decoy-state QKD transmitter against the THA is more challenging than protecting the PM alone.In fact, an optical isolation is required for the IM that is orders of magnitudes larger than the one for the PM.Even so, this difference is not larger than about 60 dB [42].This roughly corresponds to the optical isolation displayed by an inexpensive commercially available component like a dual-stage optical isolator.Hence this solution is well within the feasibility range of current technology.

Individual THA -Case 2
In the previous section, we considered a worst-case assumption for the amount of light leaked out of the QKD transmitter, Eq. ( 30).In that model, the leaked intensity was independent of the inner setting of the transmitter.On the one hand, this permits to bypass the precise characterisation of the QKD setup.On the other hand, it neglects a few physical considerations that can considerably improve the key rate.For example, the fraction of Eve's light that is back-reflected by a component that precedes the modulators in the transmitter's architecture does not contribute to the THA.A second important consideration is that, according to the initial worst-case scenario drawn for the individual THA, the modulators are driven with a NRZ logic.This entails that most of the time during the encoding process the modulators' medium is non-reflective, as its refractive index is homogeneous and constant between two consecutive NRZ modulation values.Hence, the THA has to be executed exploiting not the reflectivity of the IM (or PM), but that of the interfaces coming after it in the transmitter's architecture instead.Specifically, the THA would run as follows : Eve's light passes through the IM a first We explicitly consider the IM in this description but the argument also applies to the PM.time; it hits an interface placed after the IM and is reflected back from it towards the IM; it passes through the IM a second time and is finally leaked out of the QKD system into Eve's hands.During this two-way trip through the IM, Eve's light undergoes the same changes as the signals prepared by the transmitter for a normal QKD session.Therefore the leaked light is now highly informative of the inner settings of the transmitter.
In principle, a two-way round trip through a NRZ-modulated IM entails a double attenuation of Eve's light.However, because attenuation plays against Eve in a THA, it is conservative to assume that Eve's light is attenuated only once by the IM.To fix the ideas we can think that it passes unattenuated through the IM on the forward path and then is attenuated on the backward path in exactly the same way as the legitimate signals are.In this new scenario, the settings for the amplitudes of the leaked light are: Hence, differently from the previous case, Alice's modulation of the intensity directly affects now the information leaked to the eavesdropper for any fixed value of I max .The detailed calculation of the trace distance terms D n,j,k,l for the leaked states under Eq.( 31) is given in Appendix D.2.Secure key rate versus distance in presence of a THA targeting the modulating devices of a QKD transmitter.Each colour corresponds to a different value of I max .The depicted key rate is obtained when the intensity of the leaked light is modulated in the same way as for the standard light pulses in decoy-state QKD, see Eq. (31) in the main text.The solid lines are for a leakage due only to the IM, while the dashed lines, visible for I max equal to 10 −6 , 10 −7 and 10 −8 , correspond to the total leakage coming from the IM and the PM of the transmitter simultaneously.For every distance, the key rate is minimised over the angles θ γj , controlled by Eve, and maximised over the amplitudes γ s and γ v , controlled by Alice.All the parameters used in the simulation are listed in Table 1.
In Fig. 3, we plot the secure key rate as a function of the distance between the users, varying the parameter I max .The key rate has improved with respect to that in Fig. 2. For the largest intensity of the leakage in the figure, I max = 10 −6 , the key rate derived from our security proof reaches about 60 km distance and is always better than the one attained with the GLLP approach.Moreover, for a leakage intensity I max = 10 −12 , the key rate is nearly indistinguishable from the rate of an ideally shielded system (black solid line in Fig. 3) up to about 100 km, that is 70% of the maximum transmission distance.
As in the previous case, we include in the figure the simulation of the key rate under a THA simultaneously run against the IM and the PM (dashed coloured lines in Fig. 3).Again, the THA against the PM only marginally affects the overall key rate.Therefore the countermeasure to information leakage based on readily available optical isolators, discussed in the previous Sec.4.1, still applies here.Indeed, this solution becomes even more effective in the realistic scenario described in the present section, due to the better secure key rate shown in Fig. 3 in comparison with the worst-case key rate presented in Fig. 2.

Individual THA -Case 3
In this section, we further improve the key rate under a THA by considering the phase randomisation of Eve's signal, as discussed in Sec.3.1.1.Phase randomisation can drastically reduce the dangerousness of the THA as it removes any residual entanglement with the eavesdropper's probes, and we can expect higher key with the phase randomisation due to the non-existence of the off-diagonal elements.However, on the other hand, one has to be very careful about how phase randomisation is implemented, as this could open new loopholes.For example, if it is realised by adding a supplementary modulator to the system, Eve could first direct the THA against this new device to learn the phase information, and then address the PM and the IM as in the non-phase-randomised case, thus suppressing all the benefits due to the randomisation of the phase.
However, we showed in the previous sections that the THA against the PM is less effective than the one against the IM.Therefore, in order to improve the performance of the system against the THA, it is more important to randomise the phase of Eve's light directed against the IM than the one against the PM.This offers an alternative, possibly more robust, way to implement phase randomisation.Specifically, we can avoid using an additional ad-hoc module and focus rather on the working mechanism of the IM, which is part already of the transmitting unit.A common technique to modulate intensity is via a symmetric Mach-Zehnder interferometer (MZI).The light entering the MZI is first split into two beams and then recombined with a suitable phase.This will generate interference and therefore intensity modulation at the output ports of the MZI.By blocking one of the output ports, intensity modulation is obtained from the unblocked port as a result of the destructive or constructive interfering process.To modulate the relative phase between the two arms of the MZI, it is sufficient to control the refractive index of only one of the two MZI arms, and this is the most commonly used configuration.However, if a 'dual-drive' IM is used instead, both the arms in the MZI can be independently controlled, so to gain simultaneous control over the relative phase as well as the global phase of the signals traversing the IM respect to an external reference phase.If the global phase in the dual-drive IM is randomised, by encoding in each time slot a different phase value, Eve's probing signal will be phase randomised too and its phase will become uninformative to Eve.In this case, the state of the leaked signals seen by Eve will not be the one in Eq. ( 28) any more and will be replaced by the following one: We simulate the secure key rate for this situation using the detailed calculation of the trace distance terms D n,j,k,l given in Appendix D.3 and setting the intensities β 2 γ j as in Eq. (31).That is, we still consider a THA where Eve's light crosses the IM first and is back-reflected to Eve from an interface placed after the IM in the transmitter architecture.32) in the main text.The solid lines are for a leakage due only to the IM while the dashed lines, corresponding to a much lower rate, are for the total leakage due to IM and PM simultaneously.For every distance, the key rate is maximised over the amplitudes γ s and γ v .All the parameters used in the simulation are listed in Table 1.
The result of the simulation is reported in Fig. 4. It is apparent that the key rate has vastly improved with respect to Figs. 2 and 3.Even for a leakage intensity as large as I max = 10 −2 , the key rate remains positive up to about 40 km.For an intensity smaller than I max = 10 −6 , the resulting key rate is indistinguishable from the ideal one (solid black line) over almost the whole distance range.This shows the beneficial effect of phase randomisation, which was expected from the discussion in Sec.3.1.1.Differently from previous cases, the simultaneous information leakage from IM and PM (dashed lines in the figure) leads now to a key rate that is apparently lower than for a leakage due to the IM only (solid lines in the figure).For example, when I max = 10 −3 and the leakage is due to the IM only, the key rate remains positive for more than 85 km, while it falls below 50 km for a simultaneous leakage from PM and IM.
Given the benefit of phase randomisation, a natural question arises if sending only an n-photon Fock state, rather than its classical mixture, is beneficial to Eve.In Appendix F, we discuss this point, and we show that the benefit of employing this attack Eve obtains is negligibly small, i.e., this attack can enlarge the trace distance only by the order of the transmission rate of Alice's device, which is negligible given the proper installation of optical isolators and filters.By recalling that phase randomisation transforms any state into a classical mixture of Fock states, we can conclude that the results presented in this section are essentially the secure key rate with the most general THA against IM assuming the phase randomisation.
From a practical perspective, phase randomisation makes the IM as robust against information leakage as a non-phase-randomised PM.This, in combination with the enhanced security due to the removal of any residual entanglement with Eve as well as that of all the off-diagonal elements, promotes phase randomisation as a relevant countermeasure to prevent the THA and the information leakage in general from the transmitter of decoy-state QKD and mdiQKD.
Before concluding this section, it is useful to summarise the physical models and the assumptions underlying our simulations.This is done with the help of Fig. 5.
In Sec.4.1, we considered the scenario depicted in Fig. 5(a), leading to Eq. (30).In this case, the coherent state of light back-reflected by the IM carries in its phase θ γ j the information about the intensity settings of the IM, γ j .Its amplitude is the maximum allowed by any physical mechanism used to limit Eve's input light, irrespective of the IM settings, thus making the states outputted by Alice more distinguishable to Eve.This, together with the choice of the angles θ γ j , chosen to be most favourable to Eve, let us draw the worst-case key rate lines shown in Fig. 2.
In Sec.4.2, we devised a more realistic scenario, depicted in Fig. 5(b).Typically, Eve's light is reflected by an interface placed after the IM (double line in the figure) rather than by the IM itself.During the THA, Eve's light can pass through the IM when it is fully transmissive, to be reflected by the interface and pass through the IM again when the intensity settings are on.This way, Eve's light is modulated with exactly the same settings γ j used by Alice for her own states, leading to Eq. ( 31) and Fig. 3.
Finally, in Sec.4.3, we applied phase randomisation to any light emerging from Alice's module, as shown in Fig. 5(c).For the intensity of the light back-reflected to Eve, we considered the same scenario as in Fig. 5(b).The ideal phase randomiser shown in the figure is a powerful resource as it removes any phase information from the output states, see Eq. ( 32), leading to better key rates, as reported in Fig. 4.
The model used to draw the lines for the PM is not explicitly described, as it is similar to the IM one and is detailed in [42].Although the cases described in this section do not constitute an exhaustive list, they represent useful practical cases and can be used as guidelines for the secure implementation of real QKD systems.

Discussion
In this work, we have presented a general formalism to calculate the secret key rate of decoy-state QKD and mdiQKD under any THA directed against the transmitter's modulators.It is useful to give some insight into this formalism, in particular the one for IM, and discuss why the THA affects the standard theory of decoy states.
In the analysis of the decoy-state method without the THA, a fictitious protocol is considered where Alice delays her decision on the intensity settings after Bob detects a pulse.That is, after the detection of the pulse, Alice randomly decides the intensity setting γ s , γ v and γ w [30].For simplicity, let us consider the discrimination between the signal state s and the first decoy state v only.By using the relation Pr(γ i s |click, n) + Pr(γ i v |click, n) = 1 and the Bayes's rule, we can rewrite Eq. ( 4) as: where D n,s,v := max i D i n,s,v .From this equation, we see that in the case of no THA, D n,s,v = 0 and Pr(γv) Pr(γs)+Pr(γv) = Pr(γ i v |click, n) for any i and n.This entails that Alice's assignment of the intensities in the fictitious protocol can be made identical and independent of the instance i over the detected instances.This allows us to use probability inequalities, such as the Multiplicative Chernoff bound [30], which applies to independent trials.However, when the THA is on the line, D n,s,v = 0 and the bound to the L.H.S. of Eq. ( 33) becomes dependent on the instance i.To solve this problem, we make use of Azuma's inequality [56].Because we are in the asymptotic scenario, the technical details related to the inequality are unnecessary and we will not write them here explicitly.
Our formalism does not require any knowledge of Eve's measurement for the THA or the detailed specification of the state used.Instead, a detailed characterisation of the modulators is needed.This is important because while the full characterisation of Alice's modulators over many modes is doable at least in principle, the characterisation of Eve's THA is impossible even in principle.However, the full characterisation of Alice's modulators might be challenging in practice and further research needs to be done in this direction.We remark that our formalism is a powerful tool in this context because it can readily accept any mathematical model that describes the behaviour of the modulators.
As we have discussed in Sec.3.1.1and practically demonstrated in Sec.4.3, it is important to perform phase randomisation of Eve's signals to defeat the THA exploiting entanglement and to enhance the key rate.However, on the other hand, it is important to perform the randomisation without opening additional loopholes.Also, the question remains of whether this solution is more practical than the one based on a series of optical isolators.Active phase randomisation requires precise synchronisation and a sequence of random numbers in the input.Even if correctly performed, a certain level of optical isolation is always needed to shield a system from the external environment.The total amount of required isolation clearly depends on phase randomisation, as seen by comparing Figs. 3 and 4.However, these figures also show that the difference in the values of I max amounts roughly to 60 dB, which can be achieved with a single entirely passive component like a dual-stage optical isolator.Hence even high isolation levels can be inexpensively achieved through a series of such isolators.

Conclusion
In this paper, we have quantified the secure key rate of decoy-state-based QKD in presence of leaky transmitters.This allowed us to suggest quantitative countermeasures to restore security even in this more general scenario.A real setup is typically leaky in practice, due to the presence of side channels hidden in the preparation of the communication signals, or due to the active intervention of an eavesdropper.The analysis of this case is then of immediate practical interest.Our analysis applies to any decoy-state system that uses an intensity modulator or a phase modulator to distill a quantum key.It includes in fact the most general attack based on the extra information possibly leaked from such devices.
We have employed our formalism to analyse particular examples of THA, where Eve exploits coherent states of light to probe the intensity and phase modulators in the transmitter.Our results show that it is possible to distill a key from leaky transmitters that approach the ideal rate of a perfectly shielded system.For that, two main solutions play a crucial role.On one hand, optical isolation has to be guaranteed for any system through an adequate number of attenuators and optical isolators.On the other hand, active phase randomisation can further enhance the protection, removing any residual entanglement from Eve's probing signals.
Given the generality of our approach and its applicability to cases of practical interest, we believe that it will become a fundamental tool to analyse the security of realworld quantum communication systems, including those for standard QKD, mdiQKD and the device-independent QKD where phase modulators and/or intensity modulators are used.
1 represents the conditional probability that Bob obtains a "click" event given that Alice selects the signal setting and sends him a single-photon state encoding a bit value ξ A in the basis ζ A .To estimate this yield, Alice can declare Bob (over the authenticated public channel) all the bit and basis information associated to those instances where she used a decoy setting and Bob obtained a "click" event.With this information, Alice and Bob can estimate Y γs,ξ A ,ζ A 1 by using a modified version of Eq. ( 6) given by Here, the parameter D ξ A ,ζ A n,j,k,l is a modified version of D n,j,k,l that refers solely to the set of choices {ξ A , ζ A }. Note that this modification is needed because now the decoy-state method is bit-and-basis-dependent.Similarly, one can obtain the single-photon bit error rate for the signal setting by estimating the yields Y γs,ξ A ,ζ A ,ξ B ,ζ B 1 .Here, ξ B denotes the bit value obtained by Bob and ζ B is his measurement basis choice.That is, Y γs,ξ A ,ζ A ,ξ B ,ζ B 1 is the conditional probability that Bob obtains the bit value ξ B conditioned on the fact that Alice emits a single-photon pulse that encodes the bit value ξ A in the ζ A basis with the setting γ s and Bob chooses the ζ B basis for his measurement.In other words, note that Y γs,ξ A ,ζ A ,ξ B ,ζ B 1 also depends on Bob's basis choice and on his bit value.After obtaining the single-photon yield as well as the associated error rate, Alice and Bob generate a secret key from those instances where Alice emitted a single-photon pulse prepared in the Z basis and using the signal setting, and Bob obtained a "click" event when he measured the pulse in the Z basis.Note that all the statistics associated to such instances are estimated through the bit-and-basis-dependent decoy-state method.
Likewise, one can readily obtain the single-photon yield associated to those events where Alice emits a single-photon pulse prepared in the X basis and using the signal setting, and Bob obtains a "click" event when he uses the X basis.Now, to generate a key, one follows the technique explained in Sec.3.2 except from a small modification.In particular, one has to replace Û ζ,i Ap,Aa,Ep in Eq. ( 22) with Û ζ,i,γs,1 Ap,Aa,Ep , which is a restricted version of Û ζ,i Ap,Aa,Ep that only considers the single-photon emission part in the signal setting.That is, Alice and Bob have to characterise the behaviour of the PM depending on their bases choice when they select the signal setting.
With the modifications above, one can obtain the phase error rate δ X−Error|Z from Eq. ( 26) because the bit-and-basis-dependent decoy-state method allows us to evaluate all the parameters needed to solve this equation, all of which are now restricted only to the single-photon emission events.Then, in the asymptotic limit of a large number of transmitted signals, we have that the secure key rate is given by where p γs,i,Z 0 is the probability that Alice emits the vacuum state given that she chooses γ s and the bit value i in the Z basis.The other parameters which appear in Eq. (B.2) are defined in a similar manner (see also Eq. ( 29)).Therefore, we conclude that one can apply our formalism to analyse also the case where there are arbitrary correlations between the IM and the PM, and prove security in the most general case, given that a full description of the behaviour of these two devices is available.

Appendix C. Estimation of Y γs
0L , Y γs 1L and e γs

1U
In this Appendix we show that these parameters can be estimated using linear programming.Such instances of optimisation problems can be solved efficiently in polynomial time [66].Although the estimation method presented here is valid for any number of decoy states used by Alice, we will assume, like in the main text, that Alice employs three different intensity settings: γ s , γ v and γ w .Our starting point is Eq. ( 6).Let us consider first the case k = l.As shown in Appendix D, the parameters D n,j,k do not depend on the photon number n, at least for the examples considered in Sec. 4. This means, in particular, that this equation can be rewritten as or, equivalently, the yields Y Since Alice uses three different intensity settings, we have the following six conditions By combining the first and the third one, we find, for example, that ∆ sv = −∆ vs .Similarly, we obtain ∆ sw = −∆ ws and ∆ vs − ∆ ws = ∆ vw = −∆ wv .By using this last condition we find, therefore, that That is, we can express the yields Y γv n and Y γw n as a function of Y γs n and the parameters ∆ ws and ∆ vw .
Next, we consider the case k = l.In this scenario, Eq. ( 6) can be rewritten as for all n, where ∆ njkl ∈ [−D n,j,k,l , D n,j,k,l ].We have, therefore, the following three conditions: If we substitute in these equations the value of Y γv n and Y γw n given by Eq. (C.4) we obtain the following three equality constraints: Finally, by taking into account that ∆ njkl ∈ [−D n,j,k,l , D n,j,k,l ] for all n and for all j, k, l ∈ {s, v, w} with j = k = l, we have that to satisfy Eq. (C.7) we must fulfill the following conditions: Here we present a linear program to estimate the parameter Y γs 0L .We will assume that all the quantities below refer to events where both Alice and Bob use the same basis (e.g., the Z basis), which will be considered as the key generation basis.We start by calculating the gain associated to the different intensity settings selected by Alice in this scenario.If we combine Eqs. ( 2) and (C.4) we have that That is, all the gains can be written as a function of the yields Y γs n together with the additional terms ∆ ws and ∆ vw .
Eq. (C.9) contains an infinite number of unknown parameters Y γs n .Next, we reduce it to a finite set.For this, we derive a lower and upper bound for the gains Q γ that only depend on a finite number, S cut + 1, of yields Y γs n .In particular, since 0 ≤ Y γs n ≤ 1 and p γs n ≥ 0 for all n, we have that for any S cut ≥ 0.Here the parameter Γ γs is defined as Γ γs = ∞ n=Scut+1 p γs n = 1− Scut n=0 p γs n .By using a similar procedure, one can obtain as well a lower and upper bound for Q γv and Q γw .
Based on the foregoing, we find that Y γs 0L can be calculated using the following linear program: for all n.In this scenario, the parameters D n,j,k do not depend on the photon number n and we will denote them as D j,k .Next, we calculate these quantities for the different cases.
Appendix D.1.Individual THA -Case 1: In this example, the states ρ γ j are of the form ρ γ j = P (|βe iθγ j ).We have, therefore, that Here we can assume, without loss of generality, that θ γs = 0.Moreover, we will denote β 2 := I max .This implies, in particular, that D w,s and D v,w are given by The parameters D n,j,k,l have the form In order to calculate these quantities we use the following Claim, which requires to obtain the eigenvalues of a 3 × 3 matrix.Claim.Let {|α i } i={1,2,3} , be three normalised but not necessarily orthogonal vectors, and let λ i be the eigenvalues of a 3 × 3 matrix A defined as with 1 ≥ p ≥ 0 and where δ i,j is the Kronecker delta.Then where {|i } i={1,2,3} is an orthonormal basis, and |ᾱ i represent unnormalised vectors satisfying ᾱi |α j = δ i,j .With these definitions, we can use V and |ᾱ i to relate the matrix elements of V −1 ρV defined in the orthogonal basis {|i } i to those of ρ defined in the nonorthogonal basis {|α i } i .In particular, we have that with (A) i,j given by Eq. (D.5).
This means, in particular, that the parameters D w,s and D v,w are given by These expressions involve an infinite number of terms.However, one can easily upper bound them with a finite sum.For instance, it can be shown that when I max ≤ log 2 and γ s ≥ γ v ≥ γ w (which is always satisfied in the simulation results shown in Sec. 4) D w,s and D v,w can be upper bounded as ).The upper bounds for D n,v,s,w and D n,w,s,v can be obtained in a similar manner.

Appendix E. Toolbox for Alice and Bob, and channel model
In this Appendix we introduce a simple mathematical model to characterise Alice's and Bob's devices, together with the behaviour of a typical quantum channel.This model is used to simulate the observed experimental data Q γ j and E γ j , with j ∈ {s, v, w}, which is needed to evaluate the examples considered in Sec. 4.Here we will consider that Q γ j and E γ j do not depend on the basis setting, i.e., they are equal for both the Z and the X basis.
In particular, we assume the standard decoy-state BB84 protocol with phaseencoding.In each time slot, Alice prepares two WCP, the signal and the reference pulse, whose joint phase is perfectly randomised.Then, she selects at random a phase modulation φ ∈ {0, π/2, π, 3π/2} and applies it to the signal pulse.The values 0 and π (π/2 and 3π/2) correspond to the Z (X) basis.In addition, Alice uses an intensity modulator to randomly choose the intensity γ ∈ {γ s , γ v , γ w } of both the signal and the reference pulse following the prescriptions of the decoy-state method.As a result, Alice sends Bob states of the form where the subscript s (r) identifies the signal (reference) pulse and θ ∈ [0, 2π) is a random phase.On the receiving side, Bob uses a Mach-Zehnder interferometer to divide the incoming pulses into two possible paths.Then he applies a phase shift φ ∈ {0, π/2} together with a one-pulse delay to one of them, and he recombines both pulses at a 50 : 50 beamsplitter.This beamsplitter has on its ends two single-photon detectors, which we denote as D 0 and D 1 .Whenever the relative phase between the two interfering pulses is 0 (±π) only the detector D 0 (D 1 ) can produce a "click", which indicates that at least one photon has been detected.In case that both detectors "click" Bob uses the standard post-processing step where he assigns a random value to the raw bit [67].Given that both detectors have the same quantum efficiency and assuming for the moment that there is no side-channel in Bob's measurement unit, this data post-processing guarantees the so-called basis independent detection efficiency condition.That is, Bob's detection efficiency is the same for both BB84 bases.Each detector is described by a positive operator value measure with two elements, Fnoclick and Fclick .The outcome of Fnoclick corresponds to a "no click" event, whereas the operator Fclick gives one detection "click".These operators are given by where α is the loss coefficient of the channel measured in dB/km and d is the transmission distance measured in km.In addition, we assume that the QKD setup has an intrinsic error rate e d due to misalignment and instability of the optical system.
In the examples considered in Sec. 4 the parameters η γ j are typically very small (of the order of 10 −13 − 10 −18 for a 1 GHz-clocked QKD system) for all j ∈ {s, v, w}.This means, in particular, that d(σ γ j , σ γ k ) ≈ D j,k and, therefore, the results presented in Sec. 4 (see case 3) are also valid for the scenario where Eve injects n-photon Fock states into Alice's device.

Figure 1 .
Figure 1.The users Alice and Bob run a QKD protocol with apparatuses that can have leakages (thin arrow in the figure).Any such leaked signal could be captured by Eve and used to steal private information.Eve can even actively shine high-power electromagnetic fields on the system (thick arrow in the figure) to trigger the emission of side-channel signals.

Figure 2 .
Figure 2.Secure key rate versus distance in presence of a THA targeting the modulating devices of a QKD transmitter.Each colour corresponds to a different value of the intensity of the leaked light, I max .The depicted key rate is for the worstcase of a single value of I max bounding all the intensity settings in the transmitter, see Eq.(30) in the main text.The solid lines are for a leakage due only to the IM, while the dashed lines, visible for I max equal to 10 −6 , 10 −7 and 10 −8 , are for the total leakage coming from IM and PM simultaneously.For every distance, the key rate is minimised over the angles θ γj , controlled by Eve, and maximised over the amplitudes γ s and γ v , controlled by Alice.All the parameters used in the simulation are listed in Table1.

Figure 3 .
Figure 3. Secure key rate versus distance in presence of a THA targeting the modulating devices of a QKD transmitter.Each colour corresponds to a different value of I max .The depicted key rate is obtained when the intensity of the leaked light is modulated in the same way as for the standard light pulses in decoy-state QKD, see Eq.(31) in the main text.The solid lines are for a leakage due only to the IM, while the dashed lines, visible for I max equal to 10 −6 , 10 −7 and 10 −8 , correspond to the total leakage coming from the IM and the PM of the transmitter simultaneously.For every distance, the key rate is minimised over the angles θ γj , controlled by Eve, and maximised over the amplitudes γ s and γ v , controlled by Alice.All the parameters used in the simulation are listed in Table1.

Figure 4 .
Figure 4.Secure key rate versus distance in presence of a THA targeting the modulating devices of a QKD transmitter.Each colour corresponds to a different value of the leaked intensity I max .The phase of the leaked light is randomised, see Eq.(32) in the main text.The solid lines are for a leakage due only to the IM while the dashed lines, corresponding to a much lower rate, are for the total leakage due to IM and PM simultaneously.For every distance, the key rate is maximised over the amplitudes γ s and γ v .All the parameters used in the simulation are listed in Table1.

Figure 5 .
Figure 5. Models and states used in the simulation of individual THA targeting the IM.(a) The intensity of the back-reflected light is independent of the intensity settings (Case 1, Sec. 4.1).(b) The intensity of the back-reflected light depends on the intensity settings (Case 2, Sec.4.2).(c) Eve's back-reflected light is phase randomised and it is represented by the classical mixture of Fock states (Case 3, Sec.4.3).

Fnoclick = ( 1 −( 1 −
p d ) ∞ n=0 η det ) n P (|n ), Fclick = 1 − Fnoclick .(E.2)Here p d denotes the detector's dark count rate and η det is its detection efficiency.The quantum channel introduces loss that can be parametrised by the transmission efficiency η channel given by η channel = 10 −αd 10 , (E.3) It supports Alice's photonic system A p and her ancilla A a , and Eve's ancilla E together with her probe system E p .With this unitary transformation, the overlap between |Ψ i Z Aq,Ap,Aa,E,E p and |Ψ i X Aq,Ap,Aa,E,E p for the i th instance can be lower-bounded as where ζ ∈ {X, Z}, and Û ζ,i Ap,Aa,Ep * is the i th unitary transformation associated to the PM.

Table 1 .
γs) is the efficiency of the error correction protocol; h(x) = −x log 2 (x) − (1 − x) log 2 (1 − x)is the binary Shannon entropy function.All the parameters used in the simulation are listed in Table 1 and the associated physical model for the quantum transmission is described in Appendix E. The calculation of K passes through the estimation of Y γs 0L , Y γs 1L and e γs 1U , which is performed by numerical constrained optimisation as explained in Appendix C. Experimental parameters used in the simulation of the secure key rate.The associated physical model is explained in Appendix E. The values reported in the table are commonly met in a fibre-based QKD setup, see e.g.[65].The intensity parameters γ γs 1 = γ s e −γs ; Y γs 0L and Y γs 1L (e γs 1U ) are lower (upper) bounds for Y γs 0 and Y γs 1 , respectively, (e γs 1 ) is defined in Sec.3; f (E s and γ v are not displayed in the table as they are optimised numerically at every distance.The parameter γ w is set equal to a constant value to reduce the parameter space of the simulation.Its effect on the key rate is marginal.