Extended analysis of the Trojan-horse attack in quantum key distribution

The discrete-variable quantum key distribution protocols based on the 1984 protocol of Bennett and Brassard (BB84) are known to be secure against an eavesdropper, Eve, intercepting the flying qubits and performing any quantum operation on them. However, these protocols may still be vulnerable to side-channel attacks. We investigate the Trojan-horse side-channel attack where Eve sends her own state into Alice's apparatus and measures the reflected state to estimate the key. We prove that the separable coherent state is optimal for Eve among the class of multimode Gaussian attack states, even in the presence of thermal noise. We then provide a bound on the secret key rate in the case where Eve may use any separable state.

Figure 1

A phase shift between an early and a late mode, parametrized by $\theta$, encodes the quantum bit.

Figure 2

Top: Schematic diagram illustrating the physical mechanisms that produce Bob and Eve's states. The dotted line outlines the “legitimate” part of the protocol, comprising the signal and the thermal noise (dashed line). Bottom: Circuit diagram showing the mathematical mechanisms that produce Eve's final state. Shown from left to right are the effects of Eve's squeezing, Eve's state displacement, Alice's attenuator, picking up the phase information, and adding the thermal noise. Double horizontal lines represent taking a partial trace over the relevant mode.

Figure 3

Upper bounds on the distinguishability, with average returned photon number $\mu$. Dotted lines show the distinguishability for a coherent-state attack with thermal noise, of thermal photon number ${\mu }_T$. The upper dotted line (blue) shows ${\mu }_T=1$, and the lower dotted line (green) shows ${\mu }_T=5$. The black dashed line is the distinguishability for coherent-state attacks found by Lucamarini et al. The solid line is the bound for separable states, which, as expected, is always greater than the other bounds.