Photon-number-splitting versus cloning attacks in practical implementations of the Bennett-Brassard 1984 protocol for quantum cryptography

In practical quantum cryptography, the source sometimes produces multiphoton pulses, thus enabling the eavesdropper Eve to perform the powerful photon-number-splitting (PNS) attack. Recently, it was shown by Curty and Lütkenhaus [Phys. Rev. A 69, 042321 (2004)] that the PNS attack is not always the optimal attack when two photons are present: if errors are present in the correlations Alice-Bob and if Eve cannot modify Bob’s detection efficiency, Eve gains a larger amount of information using another attack based on a 2→3 cloning machine. In this work, we extend this analysis to all distances Alice-Bob. We identify a new incoherent 2→3 cloning attack which performs better than those described before. Using it, we confirm that, in the presence of errors, Eve’s better strategy uses 2→3 cloning attacks instead of the PNS. However, this improvement is very small for the implementations of the Bennett-Brassard 1984 (BB84) protocol. Thus, the existence of these new attacks is conceptually interesting but basically does not change the value of the security parameters of BB84. The main results are valid both for Poissonian and sub-Poissonian sources.