Quantum hacking on a practical continuous-variable quantum cryptosystem by inserting an external light
We report here a new side channel attack on a practical continuous-variable (CV) quantum key distribution (QKD) system. Inspired by blinding attack in discrete-variable QKD, we formalize an attack strategy by inserting an external light into a CV QKD system implemented Gaussian-modulated coherent state protocol and show that our attack can compromise its practical security. In this attack, we concern imperfections of a balanced homodyne detector used in CV QKD. According to our analysis, if one inserts an external light into Bob's signal port, due to the imperfect subtraction from the homodyne detector, the leakage of the external light contributes a displacement on the homodyne signal which causes detector electronics saturation. In consequence, Bob's quadrature measurement is not linear with the quadrature sent by Alice. By considering such vulnerability, a potential Eve can launch a full intercept-resend attack meanwhile she inserts an external light into Bob's signal port. By selecting proper properties of the external light, Eve actively controls the induced displacement value from the inserted light which results saturation of homodyne detection. In consequence, Eve can bias the excess noise due to the intercept-resend attack and the external light, such that Alice and Bob believe their excess noise estimation is below the null key threshold and they can still share a secret key. Our attack shows that the detector loopholes also exist in CV QKD, and it seems influence all the CV QKD systems using homodyne detection, since all the practical detectors have finite detection range.