Wide-spectrum security of quantum key distribution

TL;DR

The paper addresses spectral vulnerabilities in quantum key distribution (QKD) arising from wavelength-dependent device transmittance and channel transparency. It introduces a wide-spectrum security evaluation methodology that combines a spectral transmittance testbench with a broadband bandpass filter to bound information leakage via $\gamma(\lambda)$ and target susceptibility $S(\lambda)$, yielding a secure-key-rate function $R = K[S(\lambda), \gamma(\lambda)]$. Through Trojan-horse, induced-photorefraction, and detector-backflash analyses, the authors demonstrate how to quantify leakage and identify protection strategies, notably showing that a fiber-Bragg-grating based filter can enable secure BB84 and MDI-QKD across 400–2300 nm. The approach supports system certification and standardization, providing a practical path toward full-spectrum resistance against optical attacks in QKD systems.

Abstract

Implementations of quantum key distribution (QKD) need vulnerability assessment against loopholes in their optical scheme. Most of the optical attacks involve injecting or receiving extraneous light via the communication channel. An eavesdropper can choose her attack wavelengths arbitrarily within the quantum channel passband to maximise the attack performance, exploiting spectral transparency windows of system components. Here we propose a wide-spectrum security evaluation methodology to achieve full optical spectrum safety for QKD systems. This technique requires transmittance characterisation in a wide spectral band with a high sensitivity. We report a testbench that characterises insertion loss of fiber-optic components in a wide spectral range of 400 to 2300 nm and up to 70 dB dynamic range. To illustrate practical application of the proposed methodology, we give a full Trojan-horse attack analysis for some typical QKD system configurations and discuss briefly induced-photorefraction and detector-backflash attacks. Our methodology can be used for certification of QKD systems.

Figures (13)

• Figure 1: General structure of a cryptographic module from Eve's point of view. An optical component $T$ is the target of attack. It is separated from the quantum channel by other optical components $P_1$ to $P_N$ and a broadband bandpass physical filter $F$ that blocks very short and very long wavelengths. For some attacks, a backreflection $M$ behind $T$ should be taken into account.
• Figure 2: Scheme of the spectral characterisation testbench. DUT, device under test.
• Figure 3: Spectral performance of the testbench. (a) Spectrum of the light source (measured with the DUT replaced with a patchcord) and the analyser's dark noise, at 1 nm resolution. (b) The resulting dynamic range of the transmittance measurement. This data is at about $0.5$ W at the DUT; the dynamic range will be narrower at a lower power.
• Figure 4: Transmittance of a 2-m long single-mode fiber patchcord coiled for its entire length with different radii. The fiber is Corning SMF-28e+ with $242~µm$ diameter coating inside a 0.9-mm outer diameter loose jacket, made into the patchcord with FC/UPC connectors (Optizone Technology P-55-R-11-L-F-2).
• Figure 5: Source configurations. The fiber coil is used as the broadband physical filter. The passive protection components in configuration (a) are VOAs and isolators. In configuration (b), we add a dense wavelength division multiplexer (DWDM). In configuration (c), the DWDM is replaced with a fiber Bragg grating (FBG) filter. Arrows indicates the direction of attack light transmission. Arrows in the isolator and circulator symbols indicate their forward transmission direction.