Quantum hacking: Experimental demonstration of time-shift attack against practical quantum-key-distribution systems

Quantum-key-distribution (QKD) systems can send quantum signals over more than $100\mathrm{km}$ standard optical fiber and are widely believed to be secure. Here, we show experimentally a technologically feasible attack—namely, the time-shift attack—against a commercial QKD system. Our result shows that, contrary to popular belief, an eavesdropper, Eve, has a non-negligible probability $(\sim 4\%)$ to break the security of the system. Eve’s success is due to the well-known detection efficiency loophole in the experimental testing of Bell’s inequalities. Therefore, the detection efficiency loophole plays a key role not only in fundamental physics, but also in technological applications such as QKD systems.

Figure 1

(Color online) Conceptual drawings. (a) Conceptual efficiency mismatch. (b) A conceptual schematic of Eve's attack. HOS, high-speed optical switch.

Figure 2

(Color online) The schematic of experimental demonstration of the time-shift attack. Inside Jr. Bob (Jr. Alice): components in Bob’s (Alice’s) package of id Quantique QKD system. Our modifications: LD, narrow pulse laser diode; OVDL, optical variable delay line; DCF, dispersion compensating fiber. Original QKD system: APD, avalanche photon diode; ${\Phi }_{A∕B}$, phase modulator; PBS, polarizing beam splitter; PD, classical photodetector; DL, delay line; FM, Faraday mirror.

Figure 3

(Color online) Efficiencies of the two detectors versus time shifts. Inset: the mismatch of detector efficiencies [defined as $\max (d_0∕d_1,d_1∕d_0)$]. The peak efficiencies of detectors are slightly different, suggesting the detection efficiency has slightly drifted since the factory setting. The data size for time shifts with large detection efficiency mismatch ($-250\mathrm{ps}$, $-200\mathrm{ps}$, $500\mathrm{ps}$, $600\mathrm{ps}$, and $650\mathrm{ps}$) is chosen to be $20.97\mathrm{Mbit}$ to acquire accurate mismatch, while the data size for other shifts is chosen to be $1.05\mathrm{Mbit}$ to speed up the experiment.