Improved finite-key security analysis of quantum key distribution against Trojan-horse attacks

Most security proofs of quantum key distribution (QKD) disregard the effect of information leakage from the users' devices, and, thus, do not protect against Trojan-horse attacks (THAs). In a THA, the eavesdropper injects strong light into the QKD apparatuses, and then analyzes the back-reflected light to learn information about their internal setting choices. Only a few recent works consider this security threat, but predict a rather poor performance of QKD unless the devices are strongly isolated from the channel. Here, we derive finite-key security bounds for decoy-state-based QKD schemes in the presence of THAs, which significantly outperform previous analyses. Our results constitute an important step forward to closing the existing gap between theory and practice in QKD.