We report here a new side channel attack on a practical continuous-variable (CV) quantum key distribution (QKD) system.
Inspired by blinding attack in discrete-variable QKD, we formalize an attack strategy by inserting an external light into
a CV QKD system implemented Gaussian-modulated coherent state protocol and show that our attack can compromise
its practical security. In this attack, we concern imperfections of a balanced homodyne detector used in CV QKD. According
to our analysis, if one inserts an external light into Bob’s signal port, due to the imperfect subtraction from the
homodyne detector, the leakage of the external light contributes a displacement on the homodyne signal which causes
detector electronics saturation. In consequence, Bob’s quadrature measurement is not linear with the quadrature sent by
Alice. By considering such vulnerability, a potential Eve can launch a full intercept-resend attack meanwhile she inserts an
external light into Bob’s signal port. By selecting proper properties of the external light, Eve actively controls the induced
displacement value from the inserted light which results saturation of homodyne detection. In consequence, Eve can bias
the excess noise due to the intercept-resend attack and the external light, such that Alice and Bob believe their excess noise
estimation is below the null key threshold and they can still share a secret key. Our attack shows that the detector loopholes
also exist in CV QKD, and it seems influence all the CV QKD systems using homodyne detection, since all the practical
detectors have finite detection range.
Continuous-variable quantum key distribution is proven in theory secure against general attacks, but side channel is still a crucial problem for practical setup, since security proofs do not take into account all possible experimental imperfections. In this paper, we consider a loophole that links to electronics limitation of homodyne detection. By using this loophole, we propose a saturation attack combined with intercept-resend attack on the practical continuous-variable quantum key distribution using Gaussian-modulated coherent state protocol. Under this attack, Eve can launch a full intercept-resend attack and further influence the excess noise estimated by Alice and Bob. We analyse this saturation attack with operating protocol and show that our attack could render secret key without being discovered. We also propose a countermeasure against such saturation attack.