We identify and study a new security loophole in continuous-variable quantumkey distribution (CV-QKD) implementations, related to the imperfect linearityof the homodyne detector. By exploiting this loophole, we propose an activeside-channel attack on the Gaussian-modulated coherent state CV-QKD protocolcombining an intercept-resend attack with an induced saturation of the homodynedetection on the receiver side (Bob). We show that an attacker can bias theexcess noise estimation by displacing the quadratures of the coherent statesreceived by Bob. We propose a saturation model that matches experimentalmeasurements on the homodyne detection and use this model to study the impactof the saturation attack on parameter estimation in CV-QKD.We demonstrate thatthis attack can bias the excess noise estimation beyond the null key thresholdfor any system parameter, thus leading to a full security break. If we consideran additional criteria imposing that the channel transmission estimation shouldnot be affected by the attack, then the saturation attack can only be launchedif the attenuation on the quantum channel is sufficient, corresponding toattenuations larger than approximately 6 dB. We moreover discuss the possiblecounter-measures against the saturation attack and propose a new counter-measure based on Gaussian post-selection that can be implemented by classicalpost-processing and may allow to distill secret key when the raw measurementdata is partly saturated.
展开▼
