Counteracting a Saturation Attack in Continuous-Variable Quantum Key Distribution Using an Adjustable Optical Filter Embedded in Homodyne Detector

A saturation attack can be employed for compromising the practical security of continuous-variable quantum key distribution (CVQKD). In this paper, we suggest a countermeasure approach to resisting this attack by embedding an adjustable optical filter (AOF) in the CVQKD system. Numerical simulations illustrate the effects of the AOF-enabled countermeasure on the performance in terms of the secret key rate and transmission distance. The legal participants can trace back the information that has been eavesdropped by an attacker from the imperfect receiver, which indicates that this approach can be used for defeating a saturation attack in practical quantum communications.

In practical implementations of CVQKD, the coherent detector becomes vulnerable.Currently, the saturation attack has been performed while eavesdropping imperfect electronics in a homodyne detector [2,28].It can be used for attacking the actual devices of the system, and thus it wakens the practical security because the coherent detector has a finite linearity domain that could be driven (if not being monitored) outside by displacing the mean value of the received quadratures.In addition, Eve may perform heterodyne detection to measure both quadratures X and P intercepted, and hence prepare for a faked coherent state [28,29].In order to counteract such an attack, we may employ an embedded adjustable optical filter (AOF) in homodyne detectors that can be used to compensate for the potential saturation led by the strong received optical power in real time.The AOF-enabled detection, which is an actual gain adjustment of the avalanche photo-diode (APD), can be used for counteracting this saturation attack, based on the feedback of the response of detection.This paper is organized as follows.In Section 2, we suggest an AOF-embedded CVQKD system to counteract the saturation attack.In Section 3, we perform numerical simulations to show effects of the AOF-enabled detection on the practical security of the CVQKD system.Finally, we conclude in Section 4.

The AOF-Embedded CVQKD
An eavesdropper can bias the excess noise estimation beyond the null key threshold by using the saturation attack, thus leading to a potential security loophole.In order to counteract this attack, an off-the-shelf detector has been employed at the receivers while performing data post-processing [28].In this section, we consider an AOF-embedded CVQKD system that counteracts the saturation attack on-line, as shown in Figure 1a.The structure of the AOF-embedded CVQKD system is described in Appendix A. In addition, the AOF-enabled scheme is designed in Appendix B and the parameter estimation is derived in Appendix C, respectively.The tunable AOF is employed for counteracting the saturation attack in CVQKD, where the data post-processing involves evaluation of attenuation (α tt ), which can be used for saturation compensation [28].In Figure 1c, we illustrate the results of the saturationinvolved attenuation evaluation, where abscissa X A is prepared for Alice, the ordinate X Bsat is Bob's measurement results, and the red pots represent Eve's measurement results.There are values of the saturation data X Bsat sat , the maximum data X A max , and the saturation point (X A smin , X Bsat sat ), where X A smin is the minimum value sent by Alice when the measurement results are saturated.It is noted that X Bsat max is the value corresponding to X A max in the blue line, which is derived by connecting the saturation point with the zero point.While making the measurement results in a finite linearity domain, we regulate the initial line from the black line after attenuation.Subsequently, we obtain the relationship of the blue line and the black line given by with the constraint k 2 = α tt k 1 , where α tt is the attenuation with α tt = X Bsat sat (X Bsat max ) −1 .We note that α tt is an operation that should be performed at the receiver for data-processing with measurement results.
In what follows, we perform the data-processing for the operation α tt , which is an algorithm for measurement results in essence.The initial attenuation α tt is assumed to be one.When the first data block is performed, the resulting attenuation α tt is updated on the initial one.The AOF is then performed for attenuation on the second data block according to the feedback of the previous attenuation.After that, the second block needs to derive the attenuation value.When there is no attenuation evaluated, the data block can be used to estimate the excess noise.Otherwise, the attenuation evaluated by the second data block is updated to attenuate the following block, and it has to repeat the aforementioned procedures.

Security Analysis
To demonstrate the effects of the AOF-enabled counteraction approach on the performance of system, we perform the saturation attack in CVQKD, which is illustrated in Appendix B. This strategy can be implemented by regulating the displacement ∆ and the gain g.The effects of a saturation attack on parameter estimation are shown in Appendix C. We take into account measurements of data block size N, which is the number of coherent states prepared by Alice.In Figure 2, we show the effects of block size N on estimated excess noise with N ∈ {10 6 , 10 7 , 10 8 }.We find that the large block size N may result in small excess noise.Without loss of generality, we consider numerical simulations of the AOF-embedded CVQKD system for N = 10 7 .In this section, all of the excess noises in numerical simulations are described in terms of shot-noise units.

Effects on Excess Noise
In Figure 3, we show measurement results under the saturation attack, where red dots, blue dots, and light dots denote measurement results for the saturation attack, the infinite linearity domain, and the attenuation, respectively.Due to the saturation attack, Alice and Bob may achieve the counterfeited information.However, as eavesdropping may increase the excess noise that make the generation of a secret key forbidden, Alice and Bob can detect the saturation attack in the traditional system, where the secret key rate may be decreased.In order to illustrate the effect of the AOF-enabled counteraction on the excess noise, we consider effects of the parameter displacement ∆x on the attacked CVQKD system.As shown in Figure 4, after performing the AOF-enabled counteraction scheme, the estimated excess noises fall in the finite linearity domain, which can lead to the performance improvement in terms of secret key rate.

Effects on the Secret Key Rate
The secret key rate using reverse reconciliation for the AOF-embedded CVQKD can be expressed as [28,29] where β denotes the reconciliation efficiency, I AB is the mutual information between Alice and Bob, and χ BE is the Holevo bound of Eve's knowledge.
In Appendix C, we demonstrate the effects of parameters gain g and displacement ∆x on the performance of the CVQKD system.Without loss of generality, we consider displacement ∆x in numerical simulations.As shown in Figure 5a, Alice and Bob can extract the positive secret key rate when the transmission distance is more than 45 km.The large displacement ∆x usually results in the long transmission distance.As Alice and Bob can achieve the positive secret key rate, Eve may succeed in stealing information without being discovered, leading to a security loophole.The reason is that when Eve performs the saturation attack, the secret key rate is positive, whereas the estimated excess noise is negative.However, after performing the AOF-enabled counteraction compensation, the secret key rate becomes negative, as shown in Figure 5b.As a consequence, Alice and Bob are able to detect the potential eavesdropper since there is no secret key generated from the resulting system.

Conclusions
We have proposed an AOF-embedded CVQKD to resist the saturation attack for performance improvement of the practical security.The numerical simulations show that after performing the AOF in the linear domain, the estimated excess noise is made more than zero, and the secret key rate is less than zero.The legal participants can detect Eve, who performs the saturation attack.Based on the AOF-enabled countermeasure compensation, the saturation attack can be broken to enhance the practical security, which provides a useful approach to increasing the practical security of the CVQKD system.In Cov In practice, the homodyne detection has a finite linearity domain due to the electric characteristics of the homodyne detector, such as the linearity domain of the amplifier or the range of data acquisition (DA) card.The relationship of the measured quadrature X Blin (infinite linearity domain) and the measured quadrature X Bsat in linear range [−r, r] can be expressed as As a consequence, we can deduce the relationship of Var(X Blin ) and Var(X Bsat ).The channel transmission T sat and the excess noise ξ sat can be derived as where the parameter ∆ is considered as displacement ∆ = t∆x, and A = erf( r − ∆ 2Var(X Blin ) ), B = exp(− (r − ∆) 2 2Var(X Blin ) ). (A13) In Figure A1a, we show the behaviors of T sat versus the transmission distance.As Alice and Bob monitor the channel transmission, they may detect Eve for T sat < T. Therefore, we can design a countermeasure method by regulating the gain g to make T sat = T satisfying the constraint 2 √ 2 g − 1 = erf( r − ∆ Var(X Blin ) ). (A14) In Figure A1b, we show the characteristics of the channel transmission T under the saturation attack, which approaches the linear case as the detector linearity limit X Bsat sat increases.

Figure 2 .
Figure 2. Effects of block size N on the estimated excess noise.The excess noise in numerical simulations are described in terms of shot-noise units.

Figure 4 .
Figure 4.The estimated excess noise of the CVQKD system.(a) The traditional system under saturation attack.(b) The AOF-embedded system under saturation attack.

Figure 5 .
Figure 5.The secret key rate of the CVQKD system.(a) The secret key rate of the traditional system under saturation attack.The hollow dots represent the value evaluated by the excess noise approaching to zero.(b) The secret key rate of the AOF-embedded system.