Security analysis of orthogonal state attack on a high-speed quantum key distribution system

High-speed quantum key distribution (QKD) systems have achieved repetition frequencies above gigahertz through advanced technologies and devices, laying an important foundation for the deployment of high-key-rate QKD system. Although these advanced systems may introduce potential loopholes, an eavesdropper Eve is challenging to exploit them by performing the intercept-resend attacks due to the limited time window under high repetition frequency. However, here, we propose a security analysis model of orthogonal state attacks that do not require intercept-resend operation on the key rate of a QKD system. Under this framework, we propose a muted attack and experimentally verify the feasibility of the attack using a 1 GHz single-photon avalanche detector (SPAD). By sending hundreds of photons each time, Eve can mute Bob’s SPADs to control the overall detection response of the QKD receiver, allowing her to learn nearly all the keys. Furthermore, we use this security model to simulate the overestimated key rates of the QKD system under orthogonal state attacks, including both the muted attack and the dead-time attack. This work theoretically and experimentally shows a timely case of the security vulnerability in the high-speed QKD system.

💡 Research Summary

As Quantum Key Distribution (QKD) systems transition into the gigahertz (GHz) era, the pursuit of higher repetition rates has introduced unprecedented security vulnerabilities. This paper presents a rigorous security analysis of a novel class of threats known as “Orthogonal State Attacks,” specifically focusing on the “Muted Attack” mechanism. While traditional Intercept-Resend attacks are increasingly difficult to execute in high-speed systems due to strict timing windows, the proposed orthogonal state attack bypasses these constraints by manipulating the physical response of the detectors without significantly increasing the Quantum Bit Error Rate (QBER).

The technical essence of the attack lies in exploiting the hardware-level filtering mechanism of high-speed Single-Photon Avalanche Diodes (SPADs). High-speed receivers utilize width discriminators to filter out noise by rejecting avalanche pulses that exceed a certain width threshold. The attacker, Eve, injects multi-photon pulses that are orthogonal to the signal states. These high-energy pulses trigger excessively wide avalanche currents in Bob’s detectors, causing the width discriminator to reject them as noise. By strategically injecting these pulses, Eve can effectively “mute” specific detectors, ensuring that only the detector corresponding to her desired state registers a valid click. This allows Eve to gain near-complete knowledge of the distributed keys while maintaining a QBER that remains within acceptable security thresholds.

The researchers experimentally validated this attack using a 1 GHz-gated commercial SPAD. The experimental data revealed a distinct “muting phase” when the number of photons per gate reached approximately 150, where the detection count rate plummeted to near-dark-count levels. Interestingly, the study also observed that at extremely high photon counts (above 3,000 photons/gate), the count rate increased again as the massive avalanche charge exceeded the discriminator’s threshold. This empirical evidence confirms the theoretical model’s prediction that Eve can control the receiver’s response with relatively low photon counts.

Furthermore, the paper provides a comparative simulation between the Muted Attack and the well-known Dead-time Attack. The results demonstrate that the Muted Attack is significantly more stealthy because it operates within the same temporal window as the legitimate signal and does not trigger the high QBER alarms that typically alert users to an intrusion. The study concludes that current security models, which assume random detector errors, are dangerously overestimating the achievable key rates in high-speed QKD systems. To mitigate this vulnerability, the authors emphasize the necessity of implementing advanced security countermeasures, such as real-time monitoring of multi-photon pulses, optimized discriminator threshold settings, and continuous verification of detector operational states.