This is a brief comment on the Letter by Balygin and his coworkers [Laser Phys. Lett. 15, 095203 (2018)]. We point out an error that invalidates the Letters conclusions.
Counterfactual quantum key distribution protocols allow two sides to establish a common secret key using an insecure channel and authenticated public communication. As opposed to many other quantum key distribution protocols, part of the quantum state used to establish each bit never leaves the transmitting side, which hinders some attacks. We show how to adapt detector blinding attacks to this setting. In blinding attacks, gated avalanche photodiode detectors are disabled or forced to activate using bright light pulses. We present two attacks that use this ability to compromise the security of counterfactual quantum key distribution. The first is a general attack but technologically demanding (the attacker must be able to reduce the channel loss by half). The second attack could be deployed with easily accessible technology and works for implementations where single photon sources are approximated by attenuated coherent states. The attack is a combination of a photon number splitting attack and the first blinding attack which could be deployed with easily accessible technology. The proposed attacks show counterfactual quantum key distribution is vulnerable to detector blinding and that experimental implementations should include explicit countermeasures against it.
The work by Christandl, Konig and Renner [Phys. Rev. Lett. 102, 020504 (2009)] provides in particular the possibility of studying unconditional security in the finite-key regime for all discrete-variable protocols. We spell out this bound from their general formalism. Then we apply it to the study of a recently proposed protocol [Laing et al., Phys. Rev. A 82, 012304 (2010)]. This protocol is meaningful when the alignment of Alices and Bobs reference frames is not monitored and may vary with time. In this scenario, the notion of asymptotic key rate has hardly any operational meaning, because if one waits too long time, the average correlations are smeared out and no security can be inferred. Therefore, finite-key analysis is necessary to find the maximal achievable secret key rate and the corresponding optimal number of signals.
We investigate the performance of Gaussianmodulated coherent-state QKD protocols in the presence of canonical attacks, which are collective Gaussian attacks resulting in Gaussian channels described by one of the possible canonical forms. We present asymptotic key rates and then we extend the results to the finite-size regime using a recently-developed toolbox for composable security.
In a two-way deterministic quantum key distribution (DQKD) protocol, Bob randomly prepares qubits in one of four states and sends them to Alice. To encode a bit, Alice performs an operation on each received qubit and returns it to Bob. Bob then measures the backward qubits to learn about Alices operations and hence the key bits. Recently, we proved the unconditional security of the final key of this protocol in the ideal device setting. In this paper, we prove that two-way DQKD protocols are immune to all detector side channel attacks at Bobs side, while we assume ideal detectors at Alices side for error testing. Our result represents a step forward in making DQKD protocols secure against general detector side channel attacks.
Modern single-photon detectors based on avalanche photodiodes offer increasingly higher triggering speeds, thus fostering their use in several fields, prominently in the recent area of Quantum Key Distribution. To reduce the probability of an afterpulse, these detectors are usually equipped with a circuitry that disables the trigger for a certain time after a positive detection event, known as dead time. If the acquisition system connected to the detector is not properly designed, efficiency issues arise when the triggering rate is faster than the inverse of detectors dead-time. Moreover, when this happens with two or more detectors used in coincidence, a security risk called self-blinding can jeopardize the distribution of a secret quantum key. In this paper we introduce a trigger-disabling circuitry based on an FPGA-driven feedback loop, so to avoid the above-mentioned inconveniences. In the regime of single-photon-attenuated light, the electronics dynamically accept a trigger only after detectors complete recovery from dead-time. This technique proves useful to work with detectors at their maximum speed and to increase the security of a quantum key distribution setup.