Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Recovery-Induced Erasure Attack on QKD Systems

Hashir Kuniyil, Asad Ali, Syed M. Arslan, Muhammad Talha Rahim, Artur Czerwinski, Saif Al Kuwari

Abstract

Detector dead time is typically treated as a fixed parameter in quantum key distribution (QKD) security analyses. In practice, however, the effective recovery time of single-photon avalanche photodiodes (SPADs) depends on the incident count rate. In this work, we demonstrate that this count-rate-dependent recovery nonlinearity constitutes a distinct attack primitive. We experimentally characterize the dead time shift of a free-running SPAD under controlled broadband loading and observe a substantial increase in effective recovery time as the detected rate rises into the high photon count regime. We show that recovery-induced availability reduction can be modeled as an adversarial erasure channel and derive a conservative bound on the signal detection probability under loading. Unlike previously studied detector-control or efficiency mismatch attacks, the proposed mechanism does not rely on deterministic blinding or timing discrimination. Instead, count-rate-dependent recovery asymmetry induces basis-dependent suppression of detection probabilities ($p_\perp<p_\parallel$), converting mismatch-induced errors into loss. Particularly, we show in active-basis BBM92 systems, this effect reduces the observed quantum bit error rate (QBER) below the abort threshold while increasing erasure probability. Using experimentally measured detector recovery data, we quantify the parameter regime in which such stealth suppression is achievable. These results establish count-rate-dependent detector recovery as a security-relevant vulnerability and show that countermeasures designed for timing-based efficiency mismatch do not directly address recovery-induced erasure (RIE) attack. Our findings underscore the need to incorporate detector recovery dynamics explicitly into practical QKD security models.

Recovery-Induced Erasure Attack on QKD Systems

Abstract

Detector dead time is typically treated as a fixed parameter in quantum key distribution (QKD) security analyses. In practice, however, the effective recovery time of single-photon avalanche photodiodes (SPADs) depends on the incident count rate. In this work, we demonstrate that this count-rate-dependent recovery nonlinearity constitutes a distinct attack primitive. We experimentally characterize the dead time shift of a free-running SPAD under controlled broadband loading and observe a substantial increase in effective recovery time as the detected rate rises into the high photon count regime. We show that recovery-induced availability reduction can be modeled as an adversarial erasure channel and derive a conservative bound on the signal detection probability under loading. Unlike previously studied detector-control or efficiency mismatch attacks, the proposed mechanism does not rely on deterministic blinding or timing discrimination. Instead, count-rate-dependent recovery asymmetry induces basis-dependent suppression of detection probabilities (), converting mismatch-induced errors into loss. Particularly, we show in active-basis BBM92 systems, this effect reduces the observed quantum bit error rate (QBER) below the abort threshold while increasing erasure probability. Using experimentally measured detector recovery data, we quantify the parameter regime in which such stealth suppression is achievable. These results establish count-rate-dependent detector recovery as a security-relevant vulnerability and show that countermeasures designed for timing-based efficiency mismatch do not directly address recovery-induced erasure (RIE) attack. Our findings underscore the need to incorporate detector recovery dynamics explicitly into practical QKD security models.
Paper Structure (7 sections, 29 equations, 4 figures, 1 table)

This paper contains 7 sections, 29 equations, 4 figures, 1 table.

Table of Contents

  1. Introduction
  2. Eve's attacking scheme
  3. rate-dependent detector dead time for tailoring the attack
  4. Information leakage in recovery induced erasure attack
  5. Experiment
  6. discussion
  7. Conclusion

Figures (4)

  • Figure 1: Schematic of the RIE attack, where Eve employs an apparatus identical to Bob’s. Based on the probabilistic measurement, Eve directs a combination of a pre-pulse and a weak pulse according to the attacking strategy.
  • Figure 2: Mutual information $I(A;E)$ (Alice--Eve) and $I(A;B)$ (Alice--Bob) as a function of basis ratio $r$. The shaded region indicates where Eve is detected, assuming detection if $e_B>0.11$. The vertical dashed line is at the threshold $r_{th} = 0.282$.
  • Figure 3: The response of detector SPCM-AQRH-14-FC in various count rate. (a) Measured effective detector dead time $t_d$ as a function of the observed count rate. The solid curve shows a fit to the recovery model presented in Ref kuniyil2025optimizing. (b) Detector busy fraction $\lambda t_d(\lambda)$ as a function of the observed count rate $\lambda$, calculated from the measured dead time data. The busy fraction represents the proportion of time the detector is unavailable due to recovery.
  • Figure 4: Conservative bound on the ratio $R_{\text{bound}}$ as a function of the orthogonal-basis loading rate $\lambda_\perp$ computed using the measured dead-time dependence $t_d(\lambda)$.