Optimised quantum hacking of superconducting nanowire single-photon detectors

We explore bright-light control of superconducting nanowire single-photon detectors (SNSPDs) in the shunted configuration (a practical measure to avoid latching). In an experiment, we simulate an illumination pattern the SNSPD would receive in a typical quantum key distribution system under hacking attack. We show that it effectively blinds and controls the SNSPD. The transient blinding illumination lasts for a fraction of a microsecond and produces several deterministic fake clicks during this time. This attack does not lead to elevated timing jitter in the spoofed output pulse, and hence does not introduce significant errors. Five different SNSPD chip designs were tested. We consider possible countermeasures to this attack.


I. INTRODUCTION
Quantum communication technologies offer information processing power having no analogues in the classical world. For example, quantum key distribution (QKD) [1] has been commercialised [2]; secret sharing, quantum teleportation [3], entanglement swapping, bit commitment, and blind quantum computation [4] have been demonstrated. To achieve quantum communications at high speed and over long distance in optical fibre, singlephoton detectors with high timing resolution and low noise are essential. Superconducting nanowire singlephoton detectors (SNSPDs) [5] achieve the best combination of these parameters at 1550 nm.
The first proof-of-principle demonstration using SNSPDs in QKD was carried out on a phase encoding system operating the Bennett-Brassard 1984 (BB84) protocol [1,6]. A high bit rate, short wavelength (λ = 850 nm) demonstration was then reported based on the Bennett 1992 (B92) protocol with polarization encoding [7,8]. A high bit rate long distance demonstration at λ = 1550 nm was carried out at Stanford University [9] using the differential phase shift (DPS) QKD protocol [10]. This first QKD demonstration in excess of 200 km (40 dB transmission loss) was achieved with SNSPDs with 0.7% efficiency at 1550 nm, with 10 Hz dark count rate and 60 ps full-width at half-magnitude (FWHM) jitter [9]. Record bit rates were also achieved at shorter distances -a significant improvement on the best QKD results achieved at that time with InGaAs single-photon avalanche photodiodes (SPADs) [11].
Since that study, many further QKD demonstrations have been reported using SNSPDs: the maximum range has been extended to 250 km using low loss fibre and implementing the coherent one-way (COW) protocol [12,13], decoy-state protocols [14] have been demon- * Michael.Tanner@glasgow.ac.uk strated [15,16], entanglement-based QKD has been demonstrated over long distance [17] and SNSPDs have been implemented in QKD field trials in installed fibre networks [18][19][20]. A detailed comparison between SNSPDs and Si SPADs for short haul high bit rate QKD has also been published [21]. Since this time SNSPD technology has advanced rapidly [5] and near-unity efficiency coupled with low dark count rates is now achievable [22]. This in principle would make QKD over up to 60 dB channel loss feasible.
Information security is an intrinsic feature of quantum communication protocols, guaranteed in principle by the underlying laws of physics [23,24]. However, the limitations of components lead to vulnerability. Practical attacks breaking security of QKD have been proposed and successfully demonstrated, by exploiting imperfections and behaviour of real hardware not accounted for in the theoretical treatment of security. Several of these attacks exploit imperfections of single-photon detectors, which have mostly been demonstrated on SPAD-based detectors [25,26]. It has been shown by Lydersen et al. [27] that an SNSPD also has exploitable imperfections, allowing bright-light blinding and deterministic control. A Japanese team is currently applying this technique to explore the vulnerability of DPS-QKD systems and investigate countermeasures [28,29].
Here we extend the basic technique of detector control by testing and demonstrating this vulnerability in several different SNSPD devices, using a realistic electronic bias and readout that has been employed in QKD demonstrations [6]. We also discuss and test countermeasures to this attack. Although we have only tested stand-alone detectors, our findings apply to the security of any QKD system that would employ them.

II. EXPERIMENT
We have tested five SNSPD devices, summarised in Table I. The majority of data presented here was obtained from device 1. This detector is of the superconducting nanowire avalanche photon detector (SNAP) type with sections of nanowires connected in parallel [30][31][32]. This configuration is advantageous for reducing nanowire dimensions, in order to increase device efficiency while maintaining usable current levels in the detector and for reducing reset times for achieving higher count rates. This detector implementation is likely to be used in future high speed and detector efficiency QKD systems. However for completeness a representative range of detector types were tested. These included traditional meander-patterned ones on a variety of substrates, such as those used in several practical demonstrations of QKD (device 3) [20,21]. Next-generation optical cavity enhanced detectors were included as well (devices 4 & 5) [33], which are now becoming available for QKD implementations. The same blinding attack technique was successful with all detector types.
Our experimental setup ( Fig. 1) represents a typical detector configuration used in QKD experiments [6]. The SNSPD device is biased at about 0.9 of its critical current (specific device properties such as critical current at the operating temperature are listed in Table I  prevents latching (typically 50 Ω resistor) [34]. This resistor creates a low-impedance mismatch point ∼ 1 m away from the SNSPD along the 50 Ω coaxial radio-frequency (RF) cable. A reverse-polarity pulse reflected from this impedance mismatch reaches the SNSPD about 10 ns after hotspot formation, and lowers the voltage across the device. If the hotspot has failed to dissipate and persists by Joule self-heating, this reflected pulse removes electrical power from it and allows it to dissipate. In this circuit configuration, SNSPD can be reliably operated at a higher bias current and higher photon detection efficiency than in the configuration without R shunt . The pulse readout circuit consists of AC-coupled amplifiers with combined gain of 56 dB and 10-580 MHz frequency range. The detector output signal is observed with an electronic counter and an oscilloscope. The SNSPD is illuminated via single-mode fibre connected to the output of a faked-state generator. The faked-state generator allows the formation of arbitrary illumination diagrams with two distinct optical power levels at the SNSPD, in addition to zero power level. This is achieved with a pulse pattern generator powering two 1550 nm laser diodes, followed by optical variable attenuators to set the power levels. The output of the faked-state generator simulates illumination diagrams that the SNSPD would receive if it were a part of a QKD system under attack [27].
A typical output pulse from this setup is shown in Fig. 2, triggered by the incidence of a single photon. The normal character of an SNSPD output pulse includes a sharp leading edge as the detector becomes resistive and the current is forced out, followed by a slower recovery as the current returns to the detector. The shape of the observed recovery signal is highly dependent on amplifier bandwidths and reflections from components (such as the shunt resistor used in this setup). The oscilloscope trace seen is rarely an accurate representation of the current flow returning to the device. The critical part of the pulse is the sharp clean leading edge on which counting electronics is normally triggered, providing the advantageous timing properties of SNSPDs. The observed leading edge is also dependent on amplifier bandwidth and hotspot resistance [35]. Hotspot growth time (typically < 100 ps [36,37]) is normally short in comparison to the observed pulse rise time. In our experimental setup, the latter is limited by the first 580 MHz bandwidth amplifier (Fig. 1).
Lydersen et al. considered artificially generating pulses in SNSPDs through two methods [27]. The first involved latching the detector into the resistive state, through a short bright-light illumination, from which the detector does not recover. Fake detector pulses were generated through subsequent bright pulses causing variation of the device resistance. However, this attack is effectively defeated by the inclusion of a shunt resistor [34] (or other reset circuit) as implemented in our standard experimental setup (Fig. 1), and also in some QKD demonstrations [6] in order to allow stable long-term detector operation.
In this paper we describe the extension of the second method put forward by Lydersen et al. of blinding the detectors to incoming single photons through continuous bright-light illumination (of the order of 1 to 100 µW in this study depending on individual SNSPD characteristics). We find that with careful control it is possible to generate fake detector output signals reliably on-demand with timing properties better than in the single-photon case.

III. DETECTOR CONTROL
A. On-demand fake pulse generation When illuminated with a bright 'blinding' pulse of light, the detector becomes resistive over a larger area than the single hotspot generated by single photon absorption. In the single-photon detection case, the resistive region, or hotspot, grows due to Joule heating with the energy I 2 L, where I is the bias current and L is the kinetic inductance of the detector. In the bright-light case, the resistive region is maintained through the direct absorption of the incident laser power in excess of the rethermalisation or cooling power of the SNSPD environment. In this case, current is diverted from the de-tector causing an output pulse [see pulse at t ∼ −200 ns in Fig. 3(b) and (e)]. If the bright illumination continues, the detector remains in the resistive state and is no longer sensitive to incident photons. However, if the bright illumination is stopped (or its power is decreased sufficiently) for a short period of time (e.g., < 50 ns), the nanowire rethermalises, once more becomes superconducting, and the current starts to return to the detector at a rate defined by the superconducting kinetic inductance of the SNSPD L and the circuit resistance. If the majority of the bias current was allowed to return to the detector, it would once more become single-photon sensitive (after time τ recovery ), and would also exhibit dark counts. However, if the bright illumination is re-applied after τ OFF < τ recovery , the proportion of the current that had already returned to the detector is again forced out as the nanowire returns to the resistive state. This elicits another controlled fake output pulse from the detector while maintaining the SNSPD in a 'blinded' state. An example of this fake pulse is shown in Fig. 2. This is the basis of the detector attack described in this paper.
In the manner described above, an attacker can blind an SNSPD and elicit 'fake' output pulses on-demand. This is shown explicitly in the top half of Fig. 3. An initial output pulse occurs when the blinding illumination is initiated at t ∼ −200 ns, and subsequent controlled pulses are generated on-demand through brief reductions in the blinding illumination for time τ OFF < τ recovery (in this case τ OFF = 20 ns). A fake output pulse occurs with 100% probability. In order to achieve successful manipulation of the variety of SNSPDs tested in this work, some variation of parameters was observed, primarily blinding power and τ recovery (see Table I). Devices were biased and operated as the authors would normally use them in experiments; only blinding attack parameters were optimised. In practice it may seem impractical to determine the correct blinding parameters to attack a system. However we assume, in accordance with Kerckhoffs' principle [38] (a cryptosystem should be secure even if everything about the system except the key is public knowledge), that the attacker knows all details of the devices, settings and protocols used. In practice, as detectors and commercial QKD systems develop, it becomes realistic to analyse a sample of a commercial product to obtain these parameters in advance of attacking a QKD implementation.

B. Pulse and recovery characteristics
The characteristics of the fake pulse seen in Fig. 2 are qualitatively similar to those of the real pulse: a sharp leading edge followed by a slow recovery. Amplitude of the fake pulse is reduced, because only a fraction of the full device current has returned to the detector before the fake pulse is triggered. If a longer pause is left before resuming the full blinding laser power, the fake pulse amplitude is increased. However, with pauses of duration closely approaching τ recovery , there is a finite probability of a count occurring during the recovery from the blinded state, which is undesirable for full detector control. These counts during recovery from the blinded state are common, and can occur after the blinding pulse is stopped (e.g., t > 400 ns in Fig. 3), occurring with a probability 10-15% when the detector is blinded 1-10% of the time, shown in Fig. 4. The recovery of the detector from the blinded state is different from normal single-photon detection recovery, as in the blinded case the detector must rethermalise to the base temperature before the system fully returns to normal operation. If carefully applied, the blinding power need not heat the detector excessively and the thermalisation time does not significantly extend the recovery, which is still dominated by the current return time to the detector. However the dy- namics of this recovery are affected by the temperature from which the SNSPD is rethermalising, hence the dependence of afterpulsing probability on blinding duty cycle as in Fig. 4. An additional contribution to afterpulses may be single-photon detection of photons delayed in the optical scheme via multiple back-and-forth reflections of the bright blinding pulse. The observed output signal during recovery from the blinded state is most clearly seen in Fig. 3(e) after t = 350 ns.

C. Jitter
For good detector control, the timing jitter of the fake electrical output pulses must be comparable or better than that of the real response. This is shown in Fig. 5. As long as the pause in the blinding pulse is kept below τ recovery , the jitter achieved is as good or better than for single-photon response, for all detectors tested. While normal SNSPDs suffer from some variation in timing response over the detector area due to varying hotspot resistance of ∼ 1 kΩ [35], in the case of the blinding attack the SNSPD switches to a very high resistance every time, giving a sharper leading edge to the pulse and improved timing jitter.
Additionally, for the real single-photon case shown in Fig. 5 a tail is observed on the jitter histogram, characteristic of the avalanche process for parallel wire (SNAP) detectors [30][31][32]. This tail is not present in the fake jitter histogram, as the higher power of the blinding pulse ensures immediate cascade of the detector into the resistive state. Improved characteristics of the faked detector response offers the Eve extra leeway in her hacking attack: improved error rate here may be used to compensate for any increased errors due to afterpulses.  Fig. 1. Timing distribution due to single-photon illumination (red circles) and manipulation through bright-light illumination (black squares) is shown, together with Gaussian fits. FWHM time widths are 160 and 141 ps, respectively. Jitter is measured at a fixed threshold level set at 50% of the amplitude of a single-photon detection pulse.

D. Full multiple-detector control
Discriminators in real QKD systems are commonly set to 50% of the output peak height. With this condition, the fake pulse train in Fig. 3(b) is converted to the logic trace in Fig. 3(c).
If a real QKD system is to be attacked with this blinding method, the attacker must be able to manipulate multiple detectors in the system [25,27,39]. For example, in the case of a polarization-encoding QKD scheme, Eve can send differently polarized bright light to direct varying levels of blinding laser power to each detector, commonly with up to 20 dB extinction ratio achieved between the detectors [39]. As such, the data in the top half of Fig. 3 shows a detector successfully manipulated with only 20 dB variation in blinding power. In this case, the second detector in the system will receive +3 dB extra blinding power for short periods during the attack. It is shown in the lower half of the figure (d-f) that the second detector produces no logic pulses in this scenario. As such, it is possible to elicit pulses in only the detector of choice in this manner, offering the eavesdropper full control of the system. We remark that if the QKD system were set to randomly switch between measurement bases on a timescale shorter than τ recovery , this would complicate the picture, but would not make the attack impossible.

IV. COUNTERMEASURES
An attack such as that described in this paper will always be dependent on the exact configuration of the QKD system. This paper attempts to demonstrate that vulnerability to attack exists in stand-alone SNSPDs of all configurations available to the authors, with only minor adjustment of parameters (see last two rows in Table I). A further investigation would have to target a complete QKD system containing SNSPDs. This would be a level of effort outside the scope of this paper, especially as no commercial QKD systems using SNSPDs are yet available as a benchmark. However, it is worth considering countermeasures that may remove this vulnerability in the future.
There are two main forms of countermeasure available to eliminate the security loophole demonstrated here. The preferred action is to include the equipment imperfections in the security model, as for example is done in the measurement-device-independent QKD scheme [40][41][42] where the detector system is moved outside of the security proof. However, in practice, patches to rule out already demonstrated attacks on existing systems are often considered first, while not offering any guarantee that the vulnerability can be eliminated [43][44][45][46]. Below we give some ideas for the latter kind of 'band-aid' countermeasures.
The first countermeasure uses the feature that if the detector under blinding attack from bright-light illumination is under DC electrical monitoring, a small increase in the average resistance can be observed, limited by R shunt . This manifests itself as a measurable average voltage drop across the DC bias port (measured by voltmeter V2 in Fig. 1), dependent on the duty cycle of the blinding attack. The reading on V2 increased linearly from 0.2 mV to 0.5 mV with blinding duty cycle varying from 0 to 50%. This is at the limit of the resolution of the standard voltmeter used here. While the fractional change in measured resistance was slight in this demonstration especially at short blinding pulse duration (or blinding duty cycle), it can be imagined that more sensitive device monitoring of the correct bandwidth may enable easier detection of attacks that put the detector into a resistive state for a greater time than expected in normal operation. However, it should be noted that in high bit rate QKD the detector will be running at close to its maximum count rate. After each count, during detector recovery, a finite resistance would also be measured on V2. The wise hacker injecting high bit rate fake detector pulses will be aware of this and may be able to keep the blinding duty cycle low, keeping variation on V2 comparable to that caused by high bit rate QKD. It can be imagined that attacks may be limited to short periods of detector blinding.
A second countermeasure could be implemented as follows: The shape of the fake output pulses in this attack are highly dependent on the amplifiers used in the system. The setup used here is the standard arrangement employed in the majority of the authors' work. Real and fake pulses demonstrated here have the same important features (see Fig. 2), suitable for triggering a discriminator in a QKD system. However, we also tested other configurations of amplifiers. If DC-coupled amplifiers are used (instead of the AC-coupled 10 MHz low frequency cut-off standard amplifier chain in Fig. 1), a different characteristic is seen. While the detector is in the blinded state, a constant output level is observed, only relaxing during the recovery phase. A pulse is still observed when the detector is switched to the blinding state, but the recovery does not match that of a real pulse. This would still be suitable for triggering many types of discriminators, but there is potential to monitor pulse characteristics as a countermeasure.
Further countermeasures of this type may also be possible. However the authors believe that the type of attack described here is less dependent on the precise electrical circuit than the latched-state attack originally described by Lydersen et al. [27], and could be developed further by potential hackers in response to simple countermeasures.

V. CONCLUSION
In this paper, we have demonstrated further vulnerabilities in SNSPDs used in QKD systems. This brightlight blinding attack has been successfully demonstrated on a range of detectors of different types on a variety of substrates. The attack has been shown to produce fake pulses and pulse trains on-demand with timing characteristics better than the detector's normal response. It has been shown that multiple detectors in a polarizationencoding QKD scheme could be controlled individually. As such, it is suggested that careful consideration of the full QKD system and security model including detectors is needed in the development of commercial apparatus, before security claims are made.