Controlling a superconducting nanowire single-photon detector using tailored bright illumination

We experimentally demonstrate that a superconducting nanowire single-photon detector is deterministically controllable by bright illumination. We found that bright light can temporarily make a large fraction of the nanowire length normally-conductive, can extend deadtime after a normal photon detection, and can cause a hotspot formation during the deadtime with a highly nonlinear sensitivity. In result, although based on different physics, the superconducting detector turns out to be controllable by virtually the same techniques as avalanche photodiode detectors. As demonstrated earlier, when such detectors are used in a quantum key distribution system, this allows an eavesdropper to launch a detector control attack to capture the full secret key without being revealed by to many errors in the key.


I. INTRODUCTION
Quantum key distribution (QKD) allows two parties, Alice and Bob, to generate a secret random key at a distance [1][2][3][4]. The key is protected by quantum mechanics: an eavesdropper Eve must disturb the signals between Alice and Bob, and therefore reveal her presence. QKD using perfect devices has been proven secure [5,6].
Implementations of QKD have to use components available with current technology, which are usually imperfect. While there are numerous security proofs considering more realistic devices [7][8][9][10][11][12][13][14][15], these proofs assume that the imperfections are quantified in terms of certain source and detector parameters. Due to the difficulty of characterizing or upper bounding these parameters owing to limitations of these security proofs, it is common to use the more established security proofs for ideal systems also in practical implementations. With actual devices deviating from the ideal models, numerous security loopholes have therefore been identified and usually experimentally confirmed [16][17][18][19][20][21][22][23][24][25][26][27], and in some cases exploited in eavesdropping experiments with full secret key extraction by Eve [28,29]. Finding and eliminating loopholes in implementations is crucial to obtain provable practical security.
As an example, several recent attacks have been based on bright-light control of avalanche photodiodes (APDs) [24,25,[28][29][30][31][32][33][34]. Superconducting nanowire single-photon detectors (SNSPDs) studied in this paper are based on different physics. However, as we will see, the principles of attacks on QKD systems using SNSPDs are broadly * lars.lydersen@iet.ntnu.no † makarov@vad1.com similar to attacks on QKD systems using APDs: Eve uses a faked-state attack [35], can blind the detectors [24,25], make them click with a classical threshold using a bright pulse [25] or let one detector temporarily recover from blinding [24]; also, detector's response to multiphoton pulses can be superlinear [34]. We refer to these principles through the paper.
Although SNSPDs have been used in several QKD experiments [36][37][38][39][40], this detector technology is still in its infancy. No automated unattended operation of systems containing SNSPDs has been reported. Technical aspects of SNSPD operation, such as handling the latching behavior and converting the nanowire analog response into a digital detection signal, have only been studied in the normal single-photon counting regime. So far, no attempt has been reported to consider SNSPD's nonidealities in order to attack a QKD system. This study thus serves as an early warning. Although we have done our experiments on only one detector sample, we show that control by bright light can be achieved through two separate mechanisms, and may thus be applicable to different detector designs [41]. Regardless of whether the control mechanisms we have identified apply to other detector designs, our experiment shows that the bright illumination response of the SNSPD is deviating from the detector model in the simple security proofs for QKD. Therefore, theoretical and/or experimental effort is required to re-establish security for QKD systems using SNSPDs.
The paper is organized as follows. In Sec. II, we describe the SNSPD under test. Sections III and IV deal with the SNSPD in the latched and non-latched states; in each section we present the physics behind detector's reaction to bright-light illumination, then how it can be exploited to attack QKD. We discuss our findings and conclude in Sec. V.   1. (Color online) Detector circuit. The SNSPD is biased from a battery-powered direct current (DC) source, an equivalent circuit diagram of which is shown. Pulses produced by the SNSPD travel through ∼ 1 m coaxial cable, bias tee (0.1-6000 MHz, Mini-Circuits ZFBT-6GW+), radio-frequency (RF) amplifier (voltage gain 100, 0.1-1500 MHz, Phillips Scientific 6954-S-100), ∼ 1.5 m coaxial cable, and RF splitter (Mini-Circuits ZN2PD-9G-S+), to the counter and oscilloscope. Inside the oscilloscope box: normal single-photon response after the RF amplifier and splitter, shown as a single-shot trace with 2 GHz bandwidth (green solid line) and averaged over many pulses (red dashed line). Features appearing 12 ns after the leading edge are attributed to reflections due to impedance mismatch in the RF circuits.

II. DETECTOR DESIGN AND OPERATION
We performed our tests on an SNSPD of a fairly standard configuration, which has been characterized in previous publications [42][43][44]. The SNSPD chip was manufactured by Scontel, Moscow, and consists of a 4 nm thick, 120 nm wide NbN nanowire on sapphire substrate, laid out in a 10 × 10 µm meander pattern with 60% filling ratio. The chip is packaged and installed in a ∼ 1 m long dipstick assembly (see Ref. [43] for details), lowered into a Dewar flask. During detector operation, the chip is immersed into liquid helium at 4.2 K. It is optically accessible through a single-mode fibre. The chip is connected to a room-temperature bias tee and wideband radio-frequency (RF) amplifier via a 50 Ω coaxial cable (Fig. 1). A battery-powered current source biases the superconducting nanowire with I b = 22.5 µA which is ≈ 0.85 of its critical current I c (this I b value provides the highest ratio of photon detection probability at 1550 nm to dark count rate, for this particular SNSPD sample). The signal from the output of the RF amplifier is split to a 16 GHz single-shot oscilloscope (Tektronix DSA 71604) and a counter (Stanford Research Systems SR400). Detection efficiency for single photons at 1550 nm was 2.2 × 10 −5 and the dark count rate was < 1 Hz, which is a typical performance for this SNSPD model (higher detection efficiency can be obtained at the expense of much higher dark count rate; while this SNSPD was not optimised for high detection efficiency, the effects we have observed should qualitatively be the same as with efficiency-optimised designs [45]). The detector sensitivity was polarization-dependent; in all ex-periments in this paper polarization was aligned to maximize the detection efficiency, using a fiber polarization controller.
One aspect of detector operation is how the analog pulse produced by a transient hotspot (see inset in Fig. 1) is converted into a detection event and assigned a particular timing. The analog pulse is well-defined, its magnitude and shape being nearly constant from one photon detection to another. Therefore almost any discriminator design would work for single-photon detection, and its implementation details (bandwidth, hysteresis, whether it is a threshold discriminator or a constant-fraction discriminator, etc.) are often omitted in the literature on SNSPDs. However, as previously discussed for APDs [46,47], these details become more important for demonstration of detector control by bright light. We assume in this study that the analog pulse is sensed by a high-speed voltage comparator, and the detection event timing is registered by pulse's leading edge crossing a pre-set comparator threshold. Indeed this is how our SR400 counter operates: it has an adjustable threshold set with 0.2 mV resolution. In our setup, the counter works correctly (registering one count per one single-photon analog pulse) in a wide range of threshold settings, +4.4 to +37 mV. A detail not mentioned in the literature is what threshold level the comparator should be set at, within this working range. While the setting may not affect normal detector operation, only a part of this voltage range is reachable under bright-light control described in the following section.
Another interesting aspect of detector operation is latching. In single-photon detection regime, the hotspot after formation shrinks quickly and the nanowire returns to the superconducting state [48]. However the detector also has a stable latched state, when a larger selfheating hotspot persists indefinitely, at a steady current I latched which is a fraction of I b , and a large voltage across the SNSPD. The detector is blind to single photons and does not produce dark counts in this regime. A properly designed SNSPD does not enter the latched state after a single-photon detection [48,49]. However it can still latch after an electromagnetic interference (which in our experiment was easily caused by switching on and off lights and other mains-powered electrical equipment in the same building). Latching also occurs after a brief bright illumination: as little as 50 nW, 5 ms long single light pulse at 1550 nm reliably latches the device. Increasing the bias current I b very close to I c also leads to latching. The only way to return the detector from the latched state into the normal regime is to temporarily reduce I b below I latched . In our experiment, and supposedly in most other experiments reported in the literature, this was performed manually.

A. Physics
In the latched state, the Joule heat generated in the normally-conductive fraction of the nanowire exactly balances the cooling. The length of the normally-conductive fraction changes with the voltage applied across the SNSPD. We investigated this by replacing the batterypowered bias source with an external bias source consisting of a constant-current source limited at a certain maximum voltage. Since the SNSPD enters and maintains latching at a current lower than the normal bias current, this bias source automatically turns into a voltage source once the device latches. In our experiment, I latched was roughly 7 µA regardless of the voltage across the device, up to 10 V (we did not apply higher voltages to reduce the chance of electrical breakdown). At 10 V, the nanowire resistance was thus ∼ 1.4 MΩ. Above the superconducting transition temperature the resistance of the entire device is approximately constant, and is ≈ 2.3 MΩ [44]. Therefore we concluded that slightly over half its length was normally-conductive at 10 V. During the experiment, I latched would randomly assume a value in the 6 to 8 µA range, which could correspond to the normally-conductive region shifting and "locking" to the local variations of nanowire thermal characteristics along its length.
Next, we investigated what happened when bright continuous-wave (CW) light was applied in the latched state. Under illumination, current I through the device dropped, with a different sensitivity at different voltages ( Fig. 2(a)). When recalculated into device resistance ( Fig. 2(b)), we see that at low source voltages the resistance increased by about the same amount (350-400 kΩ per 20 mW), while at 10 V the increase was smaller (∼110 kΩ). Note that depending on optical coupling, illumination may be unevenly distributed along the nanowire. Implementation and maximum voltage of the bias source is yet another detail that varies between setups and is rarely specified in the literature. In our detector it is implemented as a ≈ 0.1 V voltage source in series with ≈ 4.5 kΩ resistor (see Fig. 1), with both voltage and resistance being trimmable in a small range to set precise I b in the normal (non-latched) regime. When the SNSPD resistance is zero, this bias circuit acts as a current source. However, in the latched state the SNSPD resistance becomes larger than the circuit output impedance, thus it acts as a voltage source. Measurements done with this battery-powered bias circuit closely match the 0.1 V curve in Fig. 2.

B. Exploit
The eavesdropper Eve can latch the device by applying sufficient illumination at the SNSPD, for instance a single > 50 nW, 5 ms long light pulse at 1550 nm. The latching causes a number of random detection events, depending on the discriminator setting and optical power of the latching pulse. However, for intense illumination, it is possible for Eve to latch the device with only a few random events (for instance using 5 mW optical power for some ms at 20 mV discriminator threshold). Also note that Eve only have to latch the device once.
In the latched state, the SNSPD is insensitive to single photons and produces no dark counts (similarly to blinding of APDs [24,25]). However, the nanowire's response to bright CW illumination detailed in Sec. III A also holds on a nanosecond scale for bright pulses, and can be used to produce an electrical pulse after the RF amplifier and splitter (Fig. 3) [50]. The response is caused by a larger piece of the nanowire becoming normally conductive during the bright illumination, therefore causing an abrupt change in the resistance, just as a single photon causes an abrupt change in the resistance in the normal operating regime. Note that the electrical response to a bright trigger pulse saturates at ∼ 20 mV when optical power > 15 mW is applied, because at this power the current through the nanowire is reduced to almost zero.
Since this analog electrical pulse is sensed by a comparator, the detector has a highly superlinear detection probability of bright pulses [34]. By simulating an ideal bandwidth-limited comparator on recorded wideband long oscilloscope traces, we find that the detection probability would depend strongly on the comparator threshold (Fig. 4). With the comparator threshold in the 5-20 mV range, the detection probability is highly superlinear and increases quickly from negligible to a substantial value for a 3 dB increase in the optical power. A sufficient condition for a detector control attack is a large ratio of detection probabilities over a 3 dB change in the trigger pulse power [25,34] (or 6 dB change in the trigger pulse power for distributed-phase-reference protocols [30]). Then Eve can intercept the quantum states from Alice, and resend bright trigger pulses corresponding to her detection to Bob [25,34]. If Eve used a measurement basis not matching Bob's, she wants her pulse to remain undetected. Indeed when the pulse is measured by Bob in a different basis, it will be split to both detectors, corresponding to 3 dB reduction in its power, and almost never cause a click. Due to the large difference in detection probability for 3 dB change in the trigger pulse amplitude, a detector control attack would cause negligible errors and not expose eavesdropping, for the comparator threshold settings 20 mV. Above ∼ 20 mV the trigger pulses stop causing clicks at all, and this attack method no longer works. However, it may be possible to reach higher threshold settings using a different attack method described in the next section.

A. Physics
In this section we consider a non-latched, single-photon sensitive normally operating detector. The attack is based on detector's ability to form a hotspot in response to bright light when the current I through the SNSPD is low. In addition, the hotspot formation probability at a low current is strongly superlinear. It is wellknown that at relatively low values of the bias current I b , multiphoton processes dominate the detector sensitivity [34,51,52]. Here we demonstrate that this effect becomes extreme during the normal recovery time after a photon detection.
In normal detector operation, after the hotspot formation, I drops to a fraction of I b [48]. Then, I exponentially recovers to I b at a slow rate, owing to a relatively large kinetic inductance of the superconducting nanowire (see dashed trace in Fig. 5). During the initial part of this recovery, the SNSPD remains insensitive to single photons, but it can react to a bright illumination by forming another hotspot, with a higher illumination power being able to form a hotspot earlier in the recovery. This is illustrated in Fig. 5, which shows electrical response to  a 48 ns long bright pulse. At 0.25 mW pulse power, the single-shot trace clearly shows that the SNSPD forms a hotspot on average every 6 ns. At 0.5 mW, the period reduces to ∼ 2.7 ns. At higher optical powers separate hotspot formations are no longer distinguishable, but the whole electrical pulse gets higher, indicating a lower average current through the nanowire during the optical pulse. Thus, during a sufficiently bright optical pulse, the electrical signal will stay above the comparator threshold. This allows Eve to extend the detector deadtime after the first photon detection, up to 500 ns with this detector setup, without causing latching. We further quantify the hotspot formation probability during the recovery, by applying a 53 ps FWHM trigger pulse after the closing edge of the 48 ns, 2.5 mW pulse. (The recovery after the bright pulse should be similar to the recovery after a single-photon detection, however we focus on the former for reasons that will become apparent in the next subsection.) As far as we can see, response to this trigger pulse is probabilistic and binary: the hotspot either forms, or it does not (Fig. 6). In the former case the recovery resets and starts anew from a certain current value, in the latter case the recovery continues undisturbed. The probability that the trigger pulse causes a hotspot is plotted in Fig. 7. The measurement shows that the detection probability is reduced for at least 40 ns. It also shows that the detector is highly superlinear in at least the first 10 ns. During this time, a hotspot can be formed with unity probability using a sufficiently highenergy trigger pulse (∼ 150 fJ), while the same trigger pulse attenuated by 20 dB (i.e., 100 times lower pulse energy) is very unlikely to cause a hotspot formation.

B. Exploit
Extendability of SNSPD's deadtime can be exploited in the earlier described attack [24] on the Bennett-Brassard 1984 (BB84) and similar protocols. We remark that the superlinearity is not required for this attack, but is helpful and makes it easier. Here we propose a version of this attack for differential-phase-shift QKD (DPS-QKD) systems [37,53]. We explain the key component of the attack: how Eve can control Bob's SNSPDs in the DPS-QKD system. Bob consists of an unbalanced Mach-Zehnder interferometer, and two detectors D 0 and D 1 (Fig. 8(a)). We assume that a properly implemented Bob will not accept clicks from both detectors for the duration of recovery after a click in one of the detectors, in order to avoid the detector deadtime and efficiency mismatch loopholes [18,29]. As illustrated above, the expected recovery is ∼ 40 ns long. Eve begins by applying to both detectors a laser pulse longer than the recovery time ( Fig. 8(b)), with phase ϕ changing in steps along the pulse such that its power splits equally to the two detectors. This pulse produces a double click at the beginning, which however can be timed to fall in between the bit slots and be discarded by Bob (the extra clicks may affect routines that adjust timing of Bob's acceptance windows, but note that attacks on such calibration routines are also possible [26]). Immediately after this long pulse, Eve applies a sequence of short pulses. Their phases are chosen to steer them primarily to one of the two detectors (similarly to [30,54]) and form hotspots in that detector only, keeping the comparator input voltage above the threshold. In the other detector, the voltage is allowed to fall below the comparator threshold. Then a pulse is applied and causes a click only in the detector that has recovered. Eve can end her control diagram here, or repeat the long pulse (as shown in Fig. 8(b)) and then make another controlled click. The total length of such chained control diagram producing several controlled clicks is limited by low-frequency cutoff of the RF components, and in the case of our setup can be up to 500 ns. We remark that the short-pulsed parts of the diagram could in principle be replaced by a single phase-modulated long pulse, however short pulses may be easier to steer between Bob's detectors in case of subnanosecond ∆t used in the modern DPS-QKD systems [37].
Interferometers used for DPS-QKD are of a sufficiently good quality to allow Eve an extinction ratio of at least 20 dB when routing her short pulses between the two Bob's detectors [37]. Examination of the recovery traces in Fig. 6 and hotspot formation probabilities in Fig. 7 suggests that the above control diagram will work. It should allow Eve to make clicks in Bob deterministically, or close to deterministically, in a wide range of comparator threshold voltages and ∆t, even for ∆t = 100 ps [37] or/and a threshold voltage above 20 mV. Eve should be able to vary the number of short pulses during the recovery to suit these system parameters, and still induce clicks in the correct detector most of the time.
While we did not have access to a complete DPS-QKD system to fully verify this Bob control method, we tested it experimentally by reproducing the expected power diagrams (optical power at D 0 and D 1 in Fig. 8(b)) at the single detector. We used ∆t = 5 ns, and threshold setting of 11.6 mV at the SR400 counter. We applied to the detector 2 mW peak power, 53 ns long optical pulse, followed by 53 ps FWHM short optical pulses of varying energy. Measurement of the click probability while varying the short pulse energy showed that nearly perfect detector control (< 0.005% click probability in the wrong detector) would be achievable if Bob's interferometer in the DPS-QKD system had a reasonable 20 dB extinction ratio, and good control (< 1% click probability in the wrong detector) would be possible at a very poor 10 dB extinction ratio. The extinction ratio of Bob's interferometer determines how well Eve can suppress her short pulses from reaching the wrong detector, while making the target detector click with nearly unity probability. Jitter of the controllable click caused by the short pulse in the target detector was 250 ps FWHM, while that of the double click caused by the long pulse's leading edge was 170 ps FWHM.
One can notice that Eve would need to know Bob's detector parameters rather precisely to execute this attack. In modern cryptography, according to Kerckhoffs' principle [55], properties of equipment are assumed to be fully known to Eve. In practice, to learn the detector parameters, Eve might at first try to attack intermittently a few bits at a time (which would not raise the error rate noticeably) while varying her attack parameters, and watch the public discussion between Alice and Bob [35]. One can also notice that Eve's intercept-andresend equipment would introduce an insertion delay of at least some tens of ns. However, photon's time-of-flight is not authenticated in today's implementations of QKD, and is not a part of the practical QKD protocols. Furthermore, in a fiber-optic line, Eve can easily cancel this insertion delay by shortcutting a part of the line between her intercept and resend units with a line-of-sight radiofrequency classical link [28,35].

V. DISCUSSION AND CONCLUSION
The experimental results show that the control of this SNSPD is nearly perfect. Therefore, if this SNSPD were used in a QKD system, an eavesdropper could use bright illumination to capture the full raw and secret key, while introducing negligible errors. Installation of the eavesdropper is fully reversible: The detector survived the ∆t (a) bright illumination with no signs of damage or deterioration [41].
While the SNSPD is based on different physics than the APD single-photon detector, the similarity in how they can be controlled is startling. Latching the SNSPD using bright illumination can be considered as permanently blinding it, without the need for additional illumination to keep it blind. In the latched/blind state, the SNSPD exhibits the same superlinear response to bright trigger pulses as a blind APD. Likewise, controlling the SNSPD using deadtime extension is nearly identical to controlling the APD using deadtime extension: the only difference is that for this SNSPD the low-frequency cut-off of the RF components (and on a longer time scale the latching phenomenon) limits how long the deadtime can be extended.
Countermeasures against bright illumination attacks have been discussed extensively [24,25,28,33,46,47,[56][57][58], and the conclusions are equally applicable to SNSPDs. The difference between public-key cryptography and QKD is that for the latter there exist security proofs. However, when the security is proved for sys-tems with imperfections, models are used for the devices in the implementations. Even if this experiment is only performed on one device, the results show that the response deviates considerably from the models in the simple security proofs that are usually employed [5,6,10]. There are more advanced security proofs that could allow such a response under certain conditions [15,34], but this would require discarding large amounts of the raw key to remove Eve's knowledge about the final key. For gated APD-based detectors, there is a proposal to bound the detector parameters by including a calibrated light source inside Bob, randomly testing, and thereby guaranteeing the single-photon sensitivity at random times [56]. Another approach suggests to move detectors outside the secure devices and thus outside the security proof [59,60].
If one only wants to avoid these specific attacks, proposals for APD-based detectors [24,25,28,33,46,47,[56][57][58] should be equally efficient on SNSPDs, for instance an optical power meter at the entrance of Bob. In an installed QKD system, latching should be avoided either by an automated reset, or by including a shunt resistor in parallel with the nanowire [61], but this does not guarantee that latching is precluded for all types of external input. Developing such specific countermeasures effective against specific, known attacks is less than satisfactory, because this introduces an unproven extra assumption into the QKD security model that the countermeasure also eliminates all unknown attacks exploiting the same loophole. Meanwhile, the difference between the device and its model in the QKD security proof remains. This approach would downgrade the level of QKD security model to that of public-key cryptography, which also includes unproven assumptions (of computational complexity).
As mentioned in the introduction, SNSPDs are still in their infancy, and therefore our findings might not apply to other detector designs. However, our findings clearly demonstrate that unless detector control is specially considered during design, SNSPDs may be controllable using bright illumination, just as their APD-based cousins. Furthermore, it could be possible to design the SNSPDs to be compliant with security proofs for QKD. The early stage of SNSPD technology is an excellent opportunity to avoid detector control vulnerability for future generations of SNSPDs. Designing hack-proof detectors will be crucial for the success of QKD.