Security analysis of practical continuous-variable quantum key distribution systems under laser seeding attack

Here, we investigate the security of the practical one-way CVQKD and CV-MDI-QKD systems under laser seeding attack. In particular, Eve can inject a suitable light into the laser diodes of the light source modules in the two kinds of practical CVQKD systems, which results in the increased intensity of the generated optical signal. The parameter estimation under the attack shows that the secret key rates of these two schemes may be overestimated, which opens a security loophole for Eve to successfully perform an intercept-resend attack on these systems. To close this loophole, we propose a real-time monitoring scheme to precisely evaluate the secret key rates of these schemes. The analysis results indicate the implementation of the proposed monitoring scheme can effectively resist this potential attack.


I. INTRODUCTION
Quantum key distribution (QKD) is a promising technology, which enables two authorized communication parties Alice and Bob to share a string of secret keys through an insecure quantum channel in the presence of a potential eavesdropper Eve [1][2][3][4].In theory, the basic laws of quantum physics guarantee the unconditional security of this technology [5][6][7].At present, QKD technology can be implemented by two kinds of different means, i.e., discrete-variable quantum key distribution (DVQKD) and continuous-variable quantum key distribution (CVQKD).Different from DVQKD systems, CVQKD systems rely on continuous modulation of the light field quadratures, which can be measured by utilizing the mature coherent detection technique instead of single-photon detection [3,4].Therefore, CVQKD systems can be well compatible with the classical optical communication systems.In particular, CVQKD with the Gaussian-modulated coherent states (GMCS) is one well-known protocol, which has been proven to be secure against the collective and coherent attacks [7].Over the past years, the GMCS CVQKD scheme has been experimentally implemented by many research groups in laboratories and in field environment [8][9][10][11].In this work, we also focus on the investigation of the GMCS CVQKD schemes.
As we all known that the implemented devices (e.g., laser, modulators, detetors) of the GMCS CVQKD schemes is assumed to be secure and perfect in the security proofs [7].In fact, however, there are some direct or indirect imperfections in practical GMCS CVQKD systems [12].These imperfections can be divided into two categories.First, some imperfec-tions may open several security loopholes.In particular, Eve can exploit these loopholes to steal key information without being detected, which seriously threatens the practical security of the systems.This is an effective quantum hacking strategy, such as the local oscillator (LO) fluctuation attack [13], the LO calibration attack [14], the wavelength attack [15][16][17], the saturation attack [18], finite sampling bandwidth effects [19], homodyne detector blinding attack [20], jitter in clock synchronization [21], and the polarization attack [22].Second, the other imperfections can simply deteriorate the performance of the systems, such as imperfect phase compensation [23], finite-size effects [24], and the noisy coherent states [25][26][27][28][29].These imperfections hinder the commercial application of CVQKD.
Subsequently, several strategies have been designed to remove these imperfections.For the first imperfections that can open security loopholes, countermeasures are proposed to improve existing systems.For example, a real-time shotnoise measurement (RTSNM) scheme is used to resist the attacks originating from the local oscillator (LO) signal [14,30].Then, a local LO (LLO) CVQKD scheme is designed and implemented experimentally, which can fundamentally close the security loophole originates from LO [31][32][33][34][35]. Another attractive approach is to improve GMCS CVQKD protocol directly, i.e., continuous-variable measurement-deviceindependent quantum key distribution with the Gaussianmodulated coherent states (GMCS CV-MDI-QKD) protocol, which is immune to all detector side-channel attacks [36][37][38][39][40][41].To remove the second imperfections, the reasonable noise models are needed to precisely evaluate the performance of the system.It is important to note that the above countermeasures do not close all potential loopholes, and new proposed attacks may defeat the CVQKD system.Therefore, the discoveries and preventions of the concealed security loopholes are vital to the commercial application of CVQKD.
Light source is one of key devices for the implementation of QKD systems, which is assumed to be trusted in previous research.For instance, in CVQKD, the noisy Gaussian source is well studied and modeled [28,29].However, the parameters of the light source may be actively tampered by Eve [42][43][44].In particular, based on the framework of GMCS CV-MDI-QKD, the sources become the final battlefield between the authorized communication parties and Eve.Therefore, the effects of the tampered source should be considered for the security analysis of practical CVQKD systems, which has not been well studied.
More recently, Huang et al .proposed an efficient quantum hacking strategy related with light source to attack the DVQKD systems, which is called as laser seeding attack [42].In this quantum hacking scheme, Eve can inject bright light into the laser diode of the systems to actively open a loophole.In this paper, inspired by this quantum hacking attack in DVQKD, we study the security of practical CVQKD systems under the laser seeding attack.Here, we focus on several well-known CVQKD protocols, i.e., the standard one-way GMCS CVQKD and GMCS CV-MDI-QKD schemes.More specifically, we first reveal that Eve can exploit the laser seeding attack to make the intensity of the transmitted Gaussianmodulated coherent states increased.Then, we find that the laser seeding attack makes the quantum channel excess noises of these two systems underestimated.Subsequently, we show that the secret key rates of these two systems are overestimated by Alice and Bob under the attack.These imperfect evaluative results are coincident with the security analysis results of CVQKD under the effects of the reduced optical attenuation caused by the laser damage attack [45][46][47], which indicates that the laser seeding attack can also open a security loophole for Eve to perform an intercept-resend attack on these two kinds of CVQKD systems without being detected.In particular, although the CV-MDI-QKD protocols can remove all side channels originate from measurement unit, we observe that it is more vulnerable than the one-way CVQKD schemes to the laser seeding attack.Finally, we design a countermeasure to resist the laser seeding attack, where the intensity of optical signal generated by light source is monitored by the authorized communication parties in real time.The analysis result indicates that the legitimate communication parties can precisely evaluate the channel parameters to accurately calculate the secret key rate of these two systems through this scheme.
This paper is organized as follows.In Sec.II, the laser seeding attack is described and modeled.Then, the security of various CVQKD systems under the laser seeding attack is studied in Sec.III.In Sec.IV, we investigate the countermeasure to resist the laser seeding attack.Finally, conclusions are presented in Sec.V.

II. PRINCIPLE OF THE LASER SEEDING ATTACK
A. Scheme of laser seeding attack In Ref. [42], Huang et al .proposed the laser seeding attack and demonstrated that Eve may perform the attack in the light source of a practical DVQKD system to steal key information without being detected, which seriously destroys the practical security of the system.Fig. 1 shows the scheme of the laser seeding attack clearly according to the experimental results in Ref. [42].Specifically, Eve can utilize a tunable continuouswave laser to inject a bright light with a proper wavelength into the semiconductor laser diode of a DVQKD system via quantum channel, where the semiconductor laser diode generates the optical signals driven by the electrical signals.In particular, a polarization controller is used for adjusting the polarization of the injected light signal to maximize the injection efficiency.According to the analyses in Ref. [42], we describe the two curves of power of the optical signal generated by the laser diode varying with time in the laser seeding attack case and ideal case, respectively.The laser seeding attack will cause two main effects on the ideal curve, which are shown in Fig. 1.The first impact is that the curve becomes wider with a much higher and longer tail.The other influence is that the peak of the curve shifts to earlier compared with the ideal situation.Here, we use P (t) and P (t) to represent the power of the output optical signal in ideal situation and with the attack, respectively.Then, the intensity of the optical signal prepared by light source without the laser seeding attack can be calculated as where T is the period of the optical pulse emitted by laser diode, µ is a certain coefficient related with detection.Here, we assume that the parameters T and µ are fixed and unaffected by the laser seeding attack.Correspondingly, the intensity I of the optical signal generated by the attacked light source can also be acquired by Eq. (1).It is obvious that the intensity of the optical signal prepared by the light source gets larger under the effects of the laser seeding attack.For simplicity, we assume that I = gI(g > 1) in the following analysis.Here, g reflects the power of the laser seeding attack.Similarly, in practical CVQKD systems, light source is also a key device, which can be used for generating information carrier signal and LO signal in the transmitter Alice.In particular, light source is also used in Bob's side for a CV-MDI-QKD system.In implementations of CVQKD, the semiconductor laser diode is also widely used to generate the optical signals driven by the electrical signals.For example, 100 ns coherent light pulses can be prepared for CVQKD by using a 1550 nm laser diode at a repetition rate of 1 Mhz [10].Therefore, Eve may perform the laser seeding attack in a CVQKD system.In the following sections, we will focus on the theoretical security research of various CVQKD systems under the laser seeding attack.

B. The effects of the laser seeding attack in a CVQKD system
In the practical implementation of a standard one-way GMCS CVQKD system, Alice modulates the random key information to the pulse signal A, which can result in a series of Gaussian-modulated coherent states |α [3].After optical attenuation, we use |α A0 to indicate the transmitted coherent states.Based on the phase space, |α A0 can be written as where |α A0 | and θ indicate the amplitude and phase of the transmitted Gaussian-modulated optical signal A 0 , respectively.In particular, x A0 and p A0 are two independent quadratures variables with identical variance V A0 and zero mean [3,4].However, the generated optical signal A can change under the laser seeding attack.Therefore, x A0 , p A0 , and V A0 may deviate from their ideal values due to the influences of the attack, which is revealed in Fig. 2 based on the phase space.Since I ∝ |α A0 |, the changes of x A0 , p A0 , and V A0 are as follows: where x A0 and p A0 are two independent quadratures variables of the transmitted quantum signal A 0 with the attack, V A0 are the variance of x A0 or p A0 .Similarly, the effects also exist in a CV-MDI-QKD system.In addition, it is important to note that the intensity of LO signal can also become large with the increase of the intensity of the generated optical signal A. In a practical CVQKD system, there are many reasons for the increase of the intensity of LO signal, such as the decrease of optical attenuation [45].Although the origin of the change is ambiguous for Alice and Bob, the real-time shot-noise measurement technique can eliminate the impact.Therefore, we do not have to consider the influences of the increased intensity of the LO signal in the following analysis.

III. SECURITY ANALYSIS
A. Security of a one-way GMCS CVQKD system under the laser seeding attack The analyses in Sec.II indicate that the laser seeding attack will lead to the increased intensity of the transmitted Gaussian-modulated coherent states, which is the same as the influences of the reduced optical attenuation caused by the laser damage attack [45][46][47][48][49]. Therefore, based on the analyses in Ref. [45], it is feasible that Eve can unconsciously steal key information shared by Alice and Bob in a one-way GMCS CVQKD system by using the laser seeding attack.The analysis result indicates that the enhancement of the transmitted Gaussian-modulated coherent states can open a security loophole for Eve to attack a one-way GMCS CVQKD system without trace.Further, whatever the reason for the increased intensity of the transmitted Gaussian-modulated coherent states, we can use the analysis method presented in [45] to investigate the practical security of the system under this loophole.Thus, we no longer describe the calculation process of the secret key rate for the system under the laser seeding attack.Fig. 3 depicts the relationship between the secret key rate and the transmission distance for the one-way GMCS CVQKD system under the laser seeding attack when ε = 0.01, 0.05.The fixed parameters for the simulation are set as: V A0 = 4, η = 0.5, ν el = 0.01, β = 95%, = 10 −10 , m = 0.5 × N , respectively.
It is clear that the evaluative secret key rate K e under the laser seeding attack are overestimated compared with the practical secret key rate K p in the same situation.These results also demonstrate that the laser seeding attack can open a security loophole for Eve to perform an intercept-resend attack in a practical one-way CVQKD system.In particular, the gap between the estimated secret key rate and the corresponding practical secret key rate represents the key information that can be acquired by Eve through the intercept-resend attack.We find that the leaking of the secret key information ascends with the power of the laser seeding attack.In addition, Eve can acquire more secret key information in the case of a larger excess noise ε under the same attack power of laser seeding attack.

B. Security of GMCS CV-MDI-QKD systems under the laser seeding attack
In GMCS CV-MDI-QKD systems, the two sources become the only region that can be exploited by Eve.Here, these sources are the same as the source of one-way GMCS CVQKD systems.Therefore, it is possible that Eve attacks these sources actively.In the following analysis, we will investigate the practical security of CV-MDI-QKD systems under the laser seeding attack in detail.

The estimated channel parameters under the laser seeding attack
Although CV-MDI-QKD can remove all known or unknown side-channel attacks on detectors, Eve may perform the laser seeding attack on the light source module in a practical CV-MDI-QKD system.Therefore, it is essential that the practical security of a CV-MDI-QKD system under the laser seeding attack is investigated.In Fig. 4  It is obvious that there are two quantum channels which satisfy with linear model in a CV-MDI-QKD system.Here, the excess noise and transmittance of the quantum channel between Alice (Bob) and Charlie are expressed by ε AC (ε BC ) and T AC (T BC ).Since the transmission of the Gaussianmodulated quantum coherent states before the interference in Charlie's apparatus is the same with the one-way GMCS CVQKD systems, the involved two quantum channels can also be modeled as a normal linear model with the following relations: where x A0 (p A0 ), x A 0 (p A 0 ), x B0 (p B0 ) and x B 0 (p B 0 ) are the values of the quadrature variables of mode A 2 , A , B 2 and B , respectively.Here, t AC = √ T AC , t BC = √ T BC , z AC and z BC are the total noises in the two quantum channels that obeys two centered normal distribution with variance σ 2 AC = T AC ξ AC +N 0 and σ 2 BC = T BC ξ BC +N 0 , respectively.These variances include shot noise N 0 , channel excess noises ξ AC and ξ BC .
Based on the above analyses, we can obtain the following relations [37][38][39][40]: According to Eq. ( 5), we can further get In particular, we here assume that these detectors located in Charlie's side have identical detection efficiency η and electronic noise V el .Moreover, in the evaluation of the secret key rate, the above parameters V x A 0 , V x B 0 , ξ AC , ξ BC and V el must be calculated in shot-noise unit, i.e., V A N 0 , V B N 0 , ε AC N 0 , ε BC N 0 and ν el N 0 , respectively.By using Eqs.( 5) and ( 6), the channel parameters T AC , T BC , ε AC and ε BC can be estimated by It is important to note that the quadrature variable p C of mode C or quadrature variable x D of mode D needs also to be measured for estimating these channel parameters.Therefore, we should use a heterodyne detector to replace one of the two homodyne detectors.More importantly, the above investigations are based on the fact that the CV-MDI-QKD can remove all side-channel attacks on detectors.Therefore, we consider that the precision of the estimated parameters are not limited by the detectors in Charlie's side.However, the analyses of Sec.II indicate that the estimated values may be affected by the laser seeding attack.In order to clearly show this influence, we here consider the worst case, which is that the two light source modules of the system is simultaneously attacked.For simplicity, we assume that the attack power is the same (i.e., g 1 = g 2 = g) and do not consider the other attack situations.Therefore, these quadrature variable x A0 (p A0 ), x B0 (p B0 ), x C (p C ) and x D (p D ) will become In a practical CV-MDI-QKD system, if Alice and Bob are not aware of the laser seeding attack, they still use x A0 and p B0 to estimate the channel parameters.Therefore, these relations in Eq. ( 7) kept by Alice, Bob and Charlie become There are some obvious deviations caused by the laser seeding attack between Eq. ( 7) and Eq. ( 9).It is obvious that these channel excess noises are underestimated under the laser seeding attack.Therefore, Eve may perform a classical interceptresend attack to collect key information without trace under the shield of the laser seeding attack, which illustrates that a loophole will occurs in a practical CV-MDI-QKD system.In order to clearly show the loophole, we cite a specific partial intercept-resend (PIR) attack to analyze the security of a practical CV-MDI-QKD system in presence of the laser seeding attack in the next section.

A quantitative example
The intercept-resend attack plays an important role as one part of most quantum hacking strategies.In the quantum hacking scheme based on the laser seeding attack, Eve may also exploit the classical intercept-resend attack to collect key information.Therefore, we first investigate the PIR attack between Alice and Charlie under the laser seeding attack.In the PIR attack, the probability distribution of quadrature variable of mode A in Charlie's apparatus is weighted sum of two Gaussian distributions, i.e., the distribution of the intercepted resend data with a weight of u and the distribution of the transmitted data with a weight of 1 − u [14,50].Further, the extra excess noise caused by Eve in the implementation of the PIR attack can be expressed by 2uN 0 .In principle, the total excess noise estimated by Alice and Charlie under the PIR attack can be represented as where ξ t,AC = ε t,AC N 0 is the technical excess noise.Expressed in shot-noise, the estimated excess noise ξ P IR,AC can be computed as With loss of generality, we assign 0.1 to u. Correspondingly, the excess noise ε P IR,AC estimated by Alice and Charlie can become ε t,AC + 0.2.In this case, the estimated excess noise under the laser seeding attack should be rewritten as In the practical implementation of a CV-MDI-QKD system, we assume that the technical excess noise ε t,AC = 0.1.Therefore, when Eve performs the PIR attack, the estimated total excess noise under the laser seeding attack can be calculated as ε P IR,AC = 0.3 g .Before the execution of the laser seeding attack, the noise value is 0.3, which obviously exceeds the ideal value.Accordingly, the process of key distribution is interrupted to guarantee the security of the system.However, we find that the estimated total excess noise can be reduced by Eve with the help of the laser seeding attack.When g = 3, the estimated total excess noise ε P IR,AC = 0.1, i.e., the ideal noise value without attack.It has been experimentally demonstrated that g can equal 3 under the control of Eve [42].The result indicates that Eve can perform the laser seeding attack to make the PIR attack hidden.In particular, Eve can perform a full intercept-resend (FIR) attack in the case of u = 1.Although the FIR attack is the most powerful, it can also be hidden when Eve makes g exceeds 21.These analysis results fully demonstrate that the extra excess noise induced by the intercept-resend attack can be completely concealed by Eve through the laser seeding attack.Similarly, the excess noise induced by the intercept-resend attack between Bob and Charlie can also be concealed by Eve with the help of the laser seeding attack.Therefore, the laser seeding attack will open a loophole for Eve to successfully hide her attacks, which seriously destroys the security of the practical CV-MDI-QKD system.

Secret key rate under the laser seeding attack
In this section, we mainly focus on the secret key rate of a CV-MDI-QKD scheme under one-mode collective Gaussian attack, where Bob performs reverse reconciliation.We here point out that this one-mode attack is not the optimal strategy.In particular, the two-mode attack is demonstrated to be the optimal attack [36].More concretely, Eve performs correlated two-mode coherent Gaussian attack on two quantum channels by employing their interactions.However, in a practical CV-MDI-QKD system, the correlation of the two quantum channels can become very weak when they come from different directions.Therefore, the quantum channel of CV-MDI-QKD can be reduced to one-mode channel in this context.Here, Eve can efficiently perform the one-mode attack.
It has been demonstrated that the CV-MDI-QKD schemes is equivalent to the one-way CVQKD protocols using coherent states and heterodyne detection when the preparation of Bob's EPR states and the displacement operation of Bob are assumed to be untrusted [38].Therefore, the calculation process of secret key rate of CV-MDI-QKD protocols is the same with the one-way GMCS CVQKD.In the following analysis, we assume that the heterodyne detection is perfect and do not consider the finite-size effect, which does not affect our analysis results.Here, the shannon mutual information between Alice and Bob becomes [51] where AB between Alice and Bob can be expressed as where In order to minimize ε m , we adopt k = According to Refs.[24,51], the Holevo bound can be obtained as Here, where Eventually, the secret key rate against collective attacks for the CV-MDI-QKD schemes is calculated as The analysis indicates that the secret key rate of the system can be expressed as K m = K(V A , V B , T m , ε m ).When Alice and Bob are not aware of the laser seeding attack, the evaluative secret key rate is expressed as K m,e = K(V A , V B , T m , ε m ).However, the practical secret key rate of the system should be computed as K m,p = K(V A , V B , T m , ε m ).Here, Next, we simulate the secret key rate versus transmission distance in the symmetric and extreme asymmetric case when Eve performs the laser seeding attack in the two light source modules of a practical CV-MDI-QKD system.Fig. 5 shows the secret key rate versus transmission distance in the symmetric case under different excess noise environment when the attack power g = 1.02.In the simulation analysis, the involved parameters are fixed as follows.V A = V B = 40, η = 0.6, ε AC = ε BC = 0.01, 0.05, β = 95%, respectively.We observe that there is an obvious gap between the secret key rate estimated by Alice and Bob and the practical secret key rate.The results indicate that Eve can perform the intercept-resend attack without trace to steal key information in a practical CV-MDI-QKD system.Transmission Distance(km) Fig. 6 reveals the secret key rate of the system as a function of the transmission distance from Alice to Bob in the extreme asymmetric case when the excess noise ε AC and ε BC are assumed to be 0.01 or 0.05.Here, the attack power g = 1.02, and the other parameters for the simulation are fixed values that has been confirmed in the analysis of the symmetric case.It is obvious that the secret key rate calculated by Alice and Bob is overestimated compared with the practical secret key rate.In particular, we find that the CV-MDI-QKD systems are more sensitive to the laser seeding attack than the one-way GMCS CVQKD system.A slight attack power can have a major impact on the evaluative value of secret key rate of the CV-MDI-QKD systems, especially in the extreme asymmetric case.
The above investigations demonstrate that the laser seeding attack opens a security loophole for Eve to obtain information about secret key without trace in a practical CV-MDI-QKD system, which seriously destroys the practical security of the system.

IV. COUNTERMEASURE AGAINST THE LASER SEEDING ATTACK
The above investigations show that the laser seeding attack affects the parameter estimation and the evaluative secret key rate.To resist this attack, we can exploit an appropriate isolator to prevent the injected light.However, it is important to note that Eve might reduce the performance of the isolator by laser damage attack.Therefore, we here propose a real-time monitoring scheme for the intensity of output optical signal in light source module to prevent the incorrect estimation of channel parameters.According to the analysis of Section.II, we find that the intensity of the LO signal can simultaneously change under the effects of the laser seeding attack.Therefore, the attack can be directly found by monitoring the intensity of the LO signal in real time before attenuation.The structure of the real-time monitoring scheme against the laser seeding attack in Alice's apparatus for the one-way CVQKD stsyems.AM, amplitude modulator; PM, phase modulator; BS, beam splitter; PBS, polarizing beam splitter; FM, faraday mirror; DL, delay line; LO, local oscillator; VOA, variable optical attenuator; PD, photodiode.Fig. 7 shows the countermeasure against the laser seeding attack for the one-way CVQKD systems in Alice's apparatus.Specifically, Alice first splits a fraction of the undiminished LO signal to measure its intensity by using a photodiode.Here, the practical value of the intensity of the undiminished LO signal is I p , which can also be automatically predicted by using machine learning [52].Then, Alice can calculate the value of g by comparing the difference between the measured value and the preset value I 0 of the separated LO signal, i.e.,

Light
. Eventually, according to Ref. [45], Alice and Bob can precisely evaluate the secret key rate of the system, i.e., K m = K(gV A0 , T g , gε , ν el ) = K p .These analyses demonstrate that the real-time monitoring scheme can help Alice and Bob to precisely estimate the channel parameters of the system.Finally, the secret key rate of the CVQKD systems under the laser seeding attack can be precisely evaluated with the help of this scheme.The accurate evaluation of secret key rate can effectively close this security loophole.In particular, in a LLO CVQKD system, Alice can split a fraction of undiminished reference signal to monitor its intensity in real-time to close this loophole.In addition, the loss of the LO signal in the above scheme can be completely compensated by properly adjusting the preset value of the attenuation level of the VOA in the light path of LO.
It is important to note that this real-time monitoring scheme can equally remove the loophole induced by the laser seeding attack in a practical CV-MDI-QKD system.Here, the two light sources of the system should be simultaneously monitored by adding the monitoring module which is shown in Fig. 7.More concretely, the monitoring scheme also makes the secret key rate evaluated precisely to resist the laser seeding attack.For example, in the case of the same attack power, the parameter g can be acquired by g = g 1 = g 2 = Next, the secret key rate of the system can be evaluated as K m,e = K(gV A , gV B , T m , ε m ) = K m,p .The analysis result indicates that the proposed real-time monitoring scheme can effectively resist the laser seeding attack to close this security loophole.

V. CONCLUSION
In this work we have studied the security of several practical CVQKD systems under the laser seeding attack.More specifically, we have studied the standard one-way GMCS CVQKD protocols in reverse reconciliation, and GMCS CV-MDI-QKD schemes in the symmetric case and extreme asymmetric case.Here, we consider that Eve can carry out the laser seeding attack in the laser sources of the two kinds of CVQKD systems.We show that the intensity of the transmitted Gaussianmodulated quantum optical signals can become large with the increase of the intensity of optical signals prepared by the light source module under the attack.
For the practical one-way CVQKD systems, we observe that the effects of the laser seeding attack are similar with the influences of the reduced optical attenuation caused by laser damage attack.Therefore, the laser seeding attack opens a loophole for Eve in the system.We further show that the laser seeding attack makes the secret key rate of the system overestimated, which also demonstrates the attack can help Eve to hide herself.In particular, Eve can obtain more key information for the case of a larger channel excess noise in the same attack power.In order to close this loophole, we propose a real-time monitoring scheme for the intensity of the optical signal generated by the light source module by measuring the intensity of the LO signal before attenuation.This scheme can make Alice and Bob precisely evaluate the channel parameters to accurately analyse the performance of the system.
Apart from this, we mainly investigate the laser seeding attack for the effects of the security of a practical CV-MDI-QKD system.We find that these channel excess noises of the system are underestimated under the laser seeding attack, which indicates that the attack can open a security loophole for Eve to successfully perform an intercept-resend attack.Although the CV-MDI-QKD system can remove all side channels from the measurement unit, Eve can also successfully perform the laser seeding attack in the two light source modules of the system to steal key information without being detected.We also find that the CV-MDI-QKD schemes are more sensitive to the laser seeding attack compared with the one-way CVQKD protocols.It is notable that the proposed real-time monitoring scheme can also close this loophole in a practical CV-MDI-QKD system.

FIG. 2 :
FIG. 2:The expression of the transmitted Gaussian-modulated coherent states in the phase space under the lase seeding attack.
, we describe the equivalent entanglement-based (EB) model of the CV-MDI-QKD schemes.Specifically, Alice and Bob first generate one two-mode squeezed state with variance V A + 1 and V B + 1, respectively.Here, the mode A 1 (B 1 ) is retained by Alice (Bob), the other mode A 2 (B 2 ) is sent to an untrusted third party Charlie through the quantum channel with length L AC (L BC ).The total transmission distance L AB is equal to L AC + L BC .Subsequently, Charlie interferes two modes A and B at a beam splitter (BS) with two output modes C and D.Then, both the quadrature variable x C of mode C and quadrature variable p D of mode D are measured by Charlie through homodyne detection, and he announces the measurement results {x C , p D } through a public channel [36, 37].Finally, Bob modifies mode B 1 to B 1 by displacement operation D (β), where β = g m (x C + ip D ), and g m represents the gain of the displacement operation.After through these procedures, mode A 1 and B 1 become entangled.Accordingly, Alice and Bob will share a group correlated vectors X = {(x A0 i , x B0 i ) |i = 1, 2, . . ., N } or P = {(p A0 i , p B0 i ) |i = 1, 2, . . ., N } after the quadratures of mode B 1 and mod A 1 are measured by employing heterodyne detection.It is notable that Alice and Bob implement information reconciliation and privacy amplification to obtain a string of secret key.

FIG. 5 :
FIG. 5:Secret key rate as a function of the transmission distance from Alice to Bob for different excess noise in the symmetric case, where LAC = LBC .Solid curves from top to bottom represent the relations between the evaluated secret key rate Km,e and the transmission distance when εAC = εBC = 0.01, 0.05.Dotted curves show the corresponding practical secret key rate Km,p versus transmission distance.The fiber loss is 0.2 dB/km.
FIG. 7:The structure of the real-time monitoring scheme against the laser seeding attack in Alice's apparatus for the one-way CVQKD stsyems.AM, amplitude modulator; PM, phase modulator; BS, beam splitter; PBS, polarizing beam splitter; FM, faraday mirror; DL, delay line; LO, local oscillator; VOA, variable optical attenuator; PD, photodiode.

Laser Seeding Attack circulator injected light Alice
FIG. 6:Secret key rate vs the transmission distance from Alice to Bob for different excess noise environments in the extreme asymmetric case, where LBC = 0. Solid curves from top to bottom represent the relations between the evaluated secret key rate Km,e and the transmission distance when εAC = εBC = 0.01, 0.05.Dotted curves show the corresponding practical secret key rate Km,p versus transmission distance.