Proof-of-principle experiment of a modified photon-number-splitting attack against quantum key distribution

Any imperfections in a practical quantum key distribution (QKD) system may be exploited by an eavesdropper to collect information about the key without being discovered. We propose a modified photon-number-splitting attack scheme against QKD systems based on weak laser pulses taking advantage of possible multiphoton pulses. Proof-of-principle experiments are demonstrated. The results show that the eavesdropper can get information about the key generated between the legitimate parties without being detected. Since the equivalent attenuation introduced by the eavesdropper for pulses of different average photon numbers are different, the decoy-state method is effective in fighting against this kind of attack. This has also been proven in our experiments.

Figure 1

A schematic diagram of the modified PNS attack. Eve splits the pulse from Alice into two parts with a beamsplitter (BS) and keeps one of them, on which she performs quantum nondemolition detection (QND). In the case of obtaining an empty pulse, she blocks the quantum channel with an optical switch. Otherwise, she sends the other part of the pulse to Bob via a channel of lower loss or a lossless channel. After the legitimate parties announce the bases, Eve performs measurements on the pulses she kept and thus gets the information. Beamsplitting will introduce no error between Alice and Bob, and Eve can keep the count rate at Bob’s side unchanged by adjusting the transmitting efficiency of BS; therefore, Eve will not be discovered.

Figure 2

Experimental arrangements. The system is based on polarization encoding and only one basis is used for each run of quantum communication due to the lack of quantum memory in our laboratory. Only when one of Eve’s detectors clicks will Eve turn on the optical switch, thus the pulse passes on to Bob. An optical fiber of 400 m is used as optical delay line to match the electrical signal. An acousto-optic modulator (AOM) serves as an optical switch. For experiments without attack, a variable attenuator is inserted into the channel to simulate the loss. LD1 and LD2 are the sources for signal states, while LD3 and LD4 are sources for decoy states.

Figure 3

The qubit error rate between legitimate parities and the information Eve obtains. The experiments are carried out at different intensities of photon sources. Stars and circles show the qubit error rate between Alice and Bob, with and without attack, respectively. Squares represent the information Eve obtains, measured with mutual information between Eve and Alice. Since only one basis is employed for each run of quantum communication, Eve’s information will be cut by half due to random choosing of bases between the legitimate parties in practice with no quantum memory. Error bars in the figure show the statistical errors and systematic errors are not included.

Figure 4

The count rates at Bob’s side. The lines show the theoretical results while the dots show experimental results. The diamonds represent the count rates under attack, which appear approximately as a quadratic function of average photon number of photon source. The circles show the count rates without attack, which display linear variation with average photon number. For the data of without attack, the variable attenuator is fixed such that the count rate of with and without attack will be the same when the average photon number is 0.3. Error bars in the figure show the statistical errors and systematic errors are not included.

Figure 5

The secure key rate calculated with GLLP formula. The dots show the experimental results. Two decoy states are used in the experiments, namely, vacuum and another decoy state with an average photon number of $\nu$. The average photon number of signal state is fixed at $\mu =0.3$. The lines show the theoretical results. All those necessary parameters are obtained from the experiments. Error bars of the experimental data are not shown here because systematic errors were not quantitatively analyzed.