Quantifying the Upper Limit of Backflash Attack in Quantum Key Distribution

Abstract

Quantum key distribution (QKD) provides information-theoretic security grounded in the fundamental laws of physics. Nevertheless, practical imperfections can introduce side channels that expose QKD systems to quantum hacking, especially passive attacks that are inherently difficult to detect. In this study, we experimentally and theoretically investigate the upper limit of the backflash attack-a representative passive side-channel threat. Using a fully equipped fiber-based QKD receiver, we demonstrate the feasibility of the attack and reveal its limited capability in distinguishing quantum states. We further develop a theoretical framework to quantify the maximum distinguishability achievable by an eavesdropper, taking into account the broadband spectral nature of backflash photons. The analysis shows that Eve can extract effective key information from at most 95.7% of the backflash photons. Based on these findings, we evaluate the secure key rate of a decoy-state BB84 QKD system under backflash attack. Our results provide a quantitative assessment of the vulnerability of QKD systems to backflash emissions and offer a general methodology to evaluate the practical security of QKD systems.