Energy-time attack on detectors in quantum key distribution

Abstract

Quantum key distribution is unbreakable in theory but may be hacked via imperfections in its hardware implementations. While many imperfections have been mitigated by countermeasures and advanced security proofs, several remain unsolved. One of these is a superlinear behaviour in single-photon detectors, when the click probability rises faster with the photon number of an incoming light pulse than expected from individual independent photon detections. Here we test an avalanche single-photon detector sinusoidally-gated at 312.5 MHz for superlinearity. Its click probability is moderately superlinear. However, we notice that the click timing depends strongly on the incoming pulse energy. The click occurs progressively earlier, shifting more than 2 ns as the energy rises over a wide 50-dB range. An attacker might use this energy-time effect to conditionally toggle the click between adjacent key bit slots, violating an implicit assumption in the security proofs and rendering them inapplicable. We propose two attacks that exploit this flaw.