Attacks exploiting deviation of mean photon number in quantum key distribution and coin tossing

Shihan Sajeed, Igor Radchenko, Sarah Kaiser, Jean Philippe Bourgoin, Anna Pappa, Laurent Monat, Matthieu Legré, Vadim Makarov

Research output: Contribution to journalArticlepeer-review

50 Citations (Scopus)


The security of quantum communication using a weak coherent source requires an accurate knowledge of the source's mean photon number. Finite calibration precision or an active manipulation by an attacker may cause the actual emitted photon number to deviate from the known value. We model effects of this deviation on the security of three quantum communication protocols: the Bennett-Brassard 1984 (BB84) quantum key distribution (QKD) protocol without decoy states, Scarani-Acín-Ribordy-Gisin 2004 (SARG04) QKD protocol, and a coin-tossing protocol. For QKD we model both a strong attack using technology possible in principle and a realistic attack bounded by today's technology. To maintain the mean photon number in two-way systems, such as plug-and-play and relativistic quantum cryptography schemes, bright pulse energy incoming from the communication channel must be monitored. Implementation of a monitoring detector has largely been ignored so far, except for ID Quantique's commercial QKD system Clavis2. We scrutinize this implementation for security problems and show that designing a hack-proof pulse-energy-measuring detector is far from trivial. Indeed, the first implementation has three serious flaws confirmed experimentally, each of which may be exploited in a cleverly constructed Trojan-horse attack. We discuss requirements for a loophole-free implementation of the monitoring detector.

Original languageEnglish
Article number032326
Pages (from-to)032326-1-032326-13
Number of pages13
JournalPhysical Review A - Atomic, Molecular, and Optical Physics
Issue number3
Publication statusPublished - 26 Mar 2015
Externally publishedYes

Bibliographical note

This paper was published online on 26 March 2015 with an incorrect source. Reference [7] should read as “C. H. Bennett,
F. Bessette, L. Salvail, G. Brassard, and J. Smolin, J. Cryptol. 5, 3 (1992).” Reference [36], as it is now a duplicate of Ref. [7],
should be deleted and subsequent references renumbered. Affected citations in text should be renumbered as well. The references
and text citations have been corrected as of 1 April 2015. The references and text citations are correct in the printed version of
the journal.


Dive into the research topics of 'Attacks exploiting deviation of mean photon number in quantum key distribution and coin tossing'. Together they form a unique fingerprint.

Cite this