Robust countermeasure against detector control attack in practical quantum key distribution system

In real-life implementations of quantum key distribution (QKD), the physical systems with unwanted imperfections would be exploited by an eavesdropper. Based on imperfections in the detectors, detector control attacks have been successfully launched on several QKD systems, and attracted widespread concerns. Here, we propose a robust countermeasure against these attacks just by introducing a variable attenuator in front of the detector. This countermeasure is not only effective against the attacks with blinding light, but also robust against the attacks without blinding light which are more concealed and threatening. Different from previous technical improvements, the single photon detector in our countermeasure model is treated as a blackbox, and the eavesdropper can be detected by statistics of the detection and error rates of the QKD system. Besides theoretical proof, the countermeasure is also supported by an experimental demonstration. Our countermeasure is general in sense that it is independent of the technical details of the detector, and can be easily applied to the existing QKD systems.

Recently, most attacks focus on the measurement equipment, especially on single-photon detectors (SPDs). Among which detector control attack is the most fatal one and has attracted lots of attentions [14][15][16][17][18][19][20][21][22][23][24]. To implement a detector control attack, Eve randomly chooses bases to measure the quantum states sent from Alice, then resends the results using trigger light with specific optical power. Due to the control effect of trigger pulses, the outputs of Bob's detectors are nearly identical to Eve's. This will cause zero or little extra error bits, and Eve can obtain a copy of raw keys without being revealed by legitimate users. Note that not all detectorrelated attacks belong to the detector control attack, such * wshuang@ustc.edu.cn as the detector dead time attack [29] and time-shift attack [11,12] are not within the scope of the detector control attack. In one of the most typical experiments [14], Eve first uses bright continuous-wave illumination to blind the SPDs, and converts them into linear detectors which are not sensitive to single photon. Then Eve can fully control the SPDs by sending trigger pulses that superimposed with the blinding light. There are a series of experiments using both blinding light and trigger light, such as continuous-wave blinding attack [14,15], thermal blinding attack [16,21], sinkhole blinding attack [16]. Furthermore, Eve need only send trigger light pulses to directly control SPDs, such as after-gate attack [17], faint-after-gate attack [18], detector control attack under specific laser damage [19]. These detector control attacks without blinding light are more concealed and threatening to QKD systems than the ones with blinding light. In this sense, more attentions should be paid to detector control attack without blinding light.
There are various countermeasures to defense the detector control attack. The most ideal one is deviceindependent scheme [30,31], which excludes all the imperfections of the devices, but still impractical to applications of real-world use under current techniques. The most effective one is measurement-device-independent scheme [32,33], but it requires a Bell-state measurement of two independent remote laser sources, which is experimentally challenging. The other methods are mainly focusing on the technical improvements in SPDs [34][35][36][37] or measurement devices [38][39][40][41], or passively monitoring parameters [42][43][44][45][46][47][48]. However, these countermeasures may not be provably secure because the characteristics of actual devices and implementations are not under con-sideration in the security proofs [43,49]. Furthermore, some countermeasures may be available to a kind of SPDs [50] or effective to one specific attack, but not all types of detector control attack. For example, the method of monitoring the photocurrent of the avalanche photodiode is effective to find the detector control attack with blinding light, but will fail to detect the recent avalanchetransition region attack [24]. Another lately proposed countermeasure is to randomly remove gates and check the clicks in the absence of the gates [35], while Eve can still implement traceless control of SPDs [51], since the method causes changes of both the gate signal leakage and gain factor in SPD circuits.
To defense detector control attack, we propose a robust countermeasure model by introducing a variable attenuator (VA) in front of the SPD. With the random change of attenuation of VA and the analysis of the corresponding detection events and errors, the countermeasure criteria is proven effective against the detector control attack without blinding light. An experiment is also demonstrated to support the effectiveness of the VA-SPD countermeasure. If Eve implements the detector control attack with blinding light, she would introduce new fingerprints in addition to high photocurrent, and trigger the alarm of the QKD system.

II. COUNTERMEASURE MODEL
The implementation procedure of our countermeasure model is shown in Fig. 1(a), a VA is placed in front of the SPD, and its attenuation can be randomly changed among several values. Note that the number of attenuation values is at least two, and the value difference is 3 dB (see APPENDIX A for an explanation of the necessity of 3 dB). In this paper, the number of attenuation values is two, 0 dB and 3 dB, respectively. The countermeasure model is named as VA-SPD, which is suitable for different kinds of SPDs, such as photomultiplier tubes (PMT), superconducting single-photon detector (SSPD) and semiconductor detectors (Si SPD, InGaAs/InP SPD). In the model, SPD is treated as a blackbox, which only has two ports: an optical signal input and a detection output. It is not necessary to modify the internal circuits or monitor the technical parameters in the SPD. So our countermeasure model is applicable for prepare-and-measure QKD systems, just by directly replacing the original SPD with a VA-SPD.
In order to explicitly illustrate the procedure of the proposed countermeasure model, we apply the VA-SPD to a typical polarization-encoding BB84 system with passive measurement bases selection, which has been hacked by several attacks [13,15,29,[52][53][54][55]. As shown in Fig.  1(b), Alice prepares and sends Bob a sequence of polarization states, each randomly chosen from four polarization states {H, V , +, −}, H and V are horizontal and vertical polarization states, respectively. + and − denote +45 • and −45 • linear polarization states, respectively.
For each state, Bob passively and randomly chooses one of the two measurement bases -Z (or rectilinear) basis and X (or diagonal) basis -to project the input photon into one of these four polarization states. At Bob's site, each VA-SPD corresponds to one polarization state, and the attenuation value of VA in each VA-SPD is randomly set to 0 dB or 3 dB. After the announcement of basis choices, we can get the detection rate and quantum bit error rate (QBER) for each detector. Different from the original system, two kinds of results could be obtained for two values of VA in the VA-SPD. Here, for each VA-SPD, {R 0 , R 3 } and {e 0 , e 3 } denote the detection rates and QBERs with 0 dB and 3 dB attenuation value, respectively. In almost all BB84 QKD systems, weak coherent states sources are widely used. The photon number of each pulse prepared by Alice follows a Poisson distribution [28]. Suppose the expected photon number of each pulse is µ, the overall transmission and detection efficiency between Alice and Bob is η, and the background rate is Y 0 , then the detection rate is given by which means the probability that Bob gets one detection count when Alice sends one pulse. For each detector, we can get similar expressions, the only differences are the meaning of η and Y 0 . Thus, the ratio between detection rates of one VA-SPD with 0 dB and 3 dB attenuation certainly satisfies Additionally, the QBERs with 0 dB and 3 dB attenuation should be less than the threshold to generate secure keys. We have where e th is the threshold of QBER, and is 11% for the four-state BB84 system [56][57][58].
In the BB84 QKD system employed VA-SPDs, the relationships of the detection rate Eq. (2) and QBER Eq.
(3) between 0 dB and 3 dB attenuation should be held simultaneously. Here, we prove that the relationships of Eq. (2) and Eq. (3) cannot be satisfied simultaneously if the system was hacked by the detector control attack. This criteria would be a trace to find the detector control attack. And in the VA-SPD countermeasure model, we do not need open the SPD to monitor some specific parameters. Furthermore, the simulation results show that the fingerprint introduced by the detector control attack is pretty obvious.

A. Theoretical proof of the criteria
In all detector control attacks without blinding light, Eve first uses a random basis to measure the quantum state sent by Alice, then resends a trigger signal to Bob based on her measurement result. The power of the trigger signals is not in single-photon level, but in multiphoton level. And the power of the trigger signal stays the same, regardless of Eve's measurement result. If Eve and Bob select matching bases, the trigger signal would hit one detector with full optical power. If Eve and Bob select opposite bases, the trigger signal would be split into two half parts and hit two detectors. According to the optical power (full, half) hitting the detector and the attenuation value (0 dB, 3 dB) of the VA-SPD, P f,0 is defined as the detection probability with full optical power when the attenuation is 0 dB. P f,3 is likewise defined when the attenuation is 3 dB; similarly, with half power, P h,0 and P h,3 are defined as the detection probabilities when the attenuation are 0 dB and 3 dB, respectively. Suppose Eve select two measurement basis with equal probability, the detection rates of Bob's one VA-SPD with 0 dB and 3 dB attenuation are given by Here, "atk" means under the detector control attack.
As an acceptable assumption, both detectors in the same basis are identical here for simplicity. About the QBER of Bob's one VA-SPD, it involves the other or orthogonal detector in the same basis. If both detectors click simultaneously, Bob assigns a random bit value.
Since attenuation values of both VA-SPDs are changed independently, there are two circumstances: one is both VA-SPDs have the same attenuation value (0 dB or 3 dB), the other is the attenuation values are opposite (0 dB & 3 dB, or 3 dB & 0 dB). When both VA-SPDs have the same attenuation value, the QBER of Bob's one VA-SPD with 0 dB and 3 dB attenuation are given by For the detector control attack without blinding light, there are two equivalent situations -one is Eve and Bob select matching bases and the attenuation value of the corresponding VA-SPD is 3 dB, the other is Eve and Bob select opposite bases and the attenuation value of the VA-SPD is 0 dB. Then we have P h,0 = P f,3 . From Eqs. (2),(4) and (5), we get If the relationship of Eq. (3) is satisfied, we have By adding both sides of these inequalities, we get It's obvious that this inequality cannot be satisfied in condition that 0 ≤ {P h,0 , P h,3 } ≤ 1, 1 < α < 2, and e th < 11%. Therefore, it is impossible to satisfy the relationships (Eq. (2) and Eq. (3)) simultaneously under the detector control attack. Similarly, when the attenuation values of VA-SPDs are opposite, the QBER of Bob's one VA-SPD with 0 dB and 3 dB attenuation are given by .
We can also prove that the relationships (Eq. (2) and Eq.
(3)) cannot be satisfied simultaneously through a similar process.

B. Simulation results if one relationship is satisfied
According to the above proof, the relationships of Eq. (2) and Eq. (3) cannot be satisfied simultaneously under the detector control attack. Here, through the approach of numerical simulation, we show that the violation of one relationship would be pretty obvious if the other relationship is satisfied. Details of the calculation process is in Appendix. B.
In the case that the relationship of Eq. (3) is satisfied, both QBERs (e 0 and e 3 ) are less than e th . The bounds of the ratio between two detection rates are shown in Fig.  2. For the QKD system in normal operation, the ratio between two detection rates α = R0 R3 locates in the yellow region (1 < α < 2). While, if the system was under the detector control attack, the lower bounds of the ratio between two detection rates are depicted by the red line and blue dashed line respectively, the red line (

3(s)
) corresponds to the circumstance that both VA-SPDs in the same basis have the same attenuation value (denoted as same), and the blue dashed line ( ) corresponds to the situation that these two attenuation values are opposite (denote as opposite). The slight difference between the red line and the blue dashed line comes from the discrepancy of QBERs in two circumstance (Eqs. (6)- (7) and Eqs. (12)-(13)). Obviously, the ratio between two detection rates under the detector control attack is far from the secure region, and as a good fingerprint, the detector control attack would be detected easily. As the threshold of QBER e th was set smaller, the ratio between two detection rates would be greater, and farther from the secure region. Even when e th is 11%, the lower bounds of in two situation are more than 6.5, which would be easy to find the attack.
In the case that the relationship of Eq. (2) is satisfied, the ratio between two detection rates α locates in the secure region. Fig. 3 illustrates the scales of QBERs with 0 dB (e 0 ) and 3 dB (e 3 ) attenuation. For the system in normal operation, both e 0 and e 3 should be less than 11%, as shown in the yellow region. Under the detector control attack, though Eve could control transmittance and number of trigger pulses to guarantee the detection rates unchanged, QBERs would increase a lot. In Fig.  3, the lines and dashed lines correspond to the situation that two attenuation values are the same and opposite, respectively. And, the red ones correspond to α = 2 (upper bound of the ratio between two detection rates), the blue ones correspond to α = 1 (lower bound of the ratio). It is obvious that e 0 and e 3 cannot be in the secure region together. If one of {e 0 , e 3 } was less than 11%, the other one would be more than 25%. Hence, these values of QBER would be very easy to trigger the alarm.

III. EXPERIMENTAL DEMONSTRATION OF THE COUNTERMEASURE
To show the effectiveness of the countermeasure, we experimentally apply it against the faint after-gate attack [18], which is a typical detector control attack without blinding light. The experimental setup is similar to the schematic depiction in Fig. 1(b). In the normal operation, Alice is the sender, who sends a sequence of polarization states with a repetition rate of 5 MHz and a expected photon number µ = 0.1 of each pulse. At Bob's site, the random attenuation values of VA in VA-SPD are 0 dB and 3 dB, and the insertion loss of VA is approximately 0.6 dB, which reduces the original detection efficiency of SPD 12.6% to a equivalent detection efficiency of VA-SPD 11.0% at 0 dB attenuation. To simplify the experiment, Bob only monitors the detection events in Z basis {H, V }, and always sets the same attenuation value (0 dB or 3 dB) in the corresponding two VA-SPDs (the VA-SPD of bit "0" is used to detect the H state, the VA-SPD of bit "1" is used to detect the V state.) Hence, for the QKD system in the normal operation, the ratio between two detection rates α = R0 R3 is approximately 1.994, and QBERs with 0 dB and 3 dB attenuation values are 1.82% and 1.91%, respectively. While, under the faint after-gate attack, Eve becomes the sender, here we skip the intercept and measurement process for simplicity. Different from Alice, Eve needs first measure the characteristic of each SPD, and then carefully control the delay and incident flux of her encoded pulses, the delay makes these pulses arrive after the gate, and the incident flux (a few hundreds photons per pulse) offers superlinearity of the detection probability with full and half optical powers.
In order to keep the QBERs below the threshold, Eve chooses the attack positions at the falling edge of 0.74 ns and 0.88 ns for the VA-SPDs of bit "0" and bit "1", respectively, and the incident flux of 108 photons per pulse. After measuring Eve's encoded pulses in Z basis, the detection probabilities of Bob's two VA-SPDs are listed in TABLE I. Taking the VA-SPD of bit "0" for example, the detection probabilities with full and half incident flux are P f,0 = 0.10675 and P h,0 = 0.0142, respectively, when the attenuation value is 0 dB, and are P f,3 = 0.01415 and P h,3 = 0.00182 when the attenuation value is 3 dB. Now the QBERs with two attenuation values are e atk 0(s) = 10.45% and e atk 3(s) = 10.22%, respectively. Both QBERs are below the threshold 11%, but the ratio between two detection rates is The other attacking strategy is to keep the detection rates around the values in normal operation. This time Eve chooses the attack positions at the falling edge of 0.68 ns and 0.84 ns for the VA-SPDs of bit "0" and bit "1", respectively, and the incident flux of 300 photons per pulse. After measuring Eve's encoded pulses in Z basis, the detection probabilities of Bob's two VA-SPDs are listed in TABLE II. Still taking the VA-SPD of bit "0" for example, P f,0 = 0.9999, P h,0 = 0.5016, and P f,3 = 0.5015, P h,3 = 0.2421. Now the ratio between two detection rates is Compared with normal QKD systems, the insertion loss of VA and the setting attenuation value would introduce extra attenuation and reduce the key rate. Nevertheless, these impacts can be weakened by choosing proper device and controlling the probability of setting attenuation. About the insertion loss of VA, there is no need to use high-speed intensity modulator since VA is controlled by Bob. In the experiment, the insertion loss of VA is only 0.6 dB. About the impact of setting attenuation, the probability of setting 3 dB could be very low in practice, and we can also reduce the impact of statistical fluctuation by accumulating longer time.

IV. EFFECTIVENESS AGAINST THE ATTACK WITH BLINDING LIGHT
In the proof of the criteria of our countermeasure, there is an assumption that P h,0 = P f,3 , which holds in the detector control attack without blinding light, but might fail in the attacks with blinding light. Hence the criteria of our countermeasure might not be deduced. However, in addition to high photocurrent [44], a new fingerprint would be introduced by the attack with blinding light in our countermeasure. So the proposed countermeasure is still effective against the attack with blinding light.
When the continuous-wave (CW) blinding light enters the VA-SPD, it is first modulated by the VA into full power or half power as the attenuation value is randomly set to 0 dB or 3 dB. In order to always blind the SPD, the modulated half power should be above the blinding power of the SPD, which is typically about dozens of microwatt [51]. After the modulated blinding light hits the avalanche photodiode (APD), it will create a modulated train of photocurrent. Every time when the attenuation value of VA changes, a negative (3 dB → 0 dB) or positive (0 dB → 3 dB) signal will be generated at the output of the APD. This is the fingerprint left by the blinding light in the VA-SPD. And due to the relatively strong optical power of the blinding light, this fingerprint is fairly obvious and easy to be detected. Furthermore, superimposed with the capacitive noise of the gated APD, this fingerprint would exceed the discrimination voltage, and  Although the detector is treated as a blackbox in the countermeasure model, as shown in Fig. 4, we open a detector and measure the output voltage to experimentally demonstrate the reason why Eve's attack with blinding light would also be found. The CW laser modulated by the VA is splitted into two parts, one part enters a highspeed photodiode (PD) to show the characteristic of the modulated blinding light, the other part is first attenu- ated by an optical attenuator (ATT) to proper power, and then enters the APD, whose corresponding electrical signals are recorded by an oscilloscope to show the characteristic of the fingerprint left by the blinding light. The attenuation value of the VA is set to 0 dB or 3 dB, and the response time of VA is approximately 120 ns. The SPD is operated at a frequency of 5 MHz, and can be blinded by a CW light at 1550 nm with a power from 11 µW to 50 µW. The results observed by the oscilloscope are shown in Fig. 5, the blue lines correspond to the modulated blinding light, and the fuchsine ones correspond to the electrical signals at the output of the APD. Here, the modulated blinding light that enters the APD has the power of 30 µW (15 µW) when the attenuation value of VA is 0 dB (3 dB). In Fig. 5(a), the deadtime of SPD is 4.5 µs, so we can observe the fingerprint left by the modulated blinding light clearly. Outside the modulated window, the blinding light is CW, there are only capacitive noises corresponding to the gating pulses. When the intensity changes from 15 µW to 30 µW, a negative signal is generated, and then decays during the unchanged intensity; when the intensity changes from 30 µW to 15 µW, a positive signal is generated, and also then decays during the unchanged intensity. Superimposed with the capacitive noises, the negative signal exceeds the discrimination voltage of -838.2 mV , and produces one click. In Fig. 5(b), the deadtime of SPD is set to bypass, the negative part superimposed with the capacitive noises produce about 9 clicks (fuchsine curve). These abnormal clicks can be easily detected by the VA-SPD, and trigger the alarm of the QKD system.

V. CONCLUSION
In this paper, we have proposed an effective countermeasure against the detector control attacks. After introducing a VA in front of the SPD, the VA-SPD model can detect the detector control attacks easily through analysis of the detection rates and QBERs corresponding to different attenuation values. We first focus on the detector control attacks without blinding light, which are more concealed and threatening to QKD systems. The criteria is proved that the relationships of the detection rate and QBER between 0 dB and 3 dB attenuation cannot be satisfied simultaneously once the system is hacked. In this countermeasure model against the detector control attack, the SPD is treated as a blackbox, we don't need open it to monitor some specific parameters. By numerical simulations and the experimental application against the faint after-gate attack, we not only demonstrate the effectiveness of the VA-SPD model, but also show the obviousness of the fingerprint introduced by Eve. Furthermore, for the detector control attack with blinding light, we analyse and experimentally test the effectiveness of the VA-SPD model, in which a new fingerprint would be introduced in addition to high photocurrent. The countermeasure can be easily applied to the existing QKD system, and would provide a perfect balance between security and practicality.
In this section, we explain the reason why the VA's value should differ 3 dB. Assume that the attenuation value of VA in each VA-SPD is randomly set to x dB and y dB (x < y). As mentioned above in Sec. II, after the announcement of basis choices, {R x , R y } and {e x , e y } denotes the detection rates and QBERs with x dB and y dB, respectively. For the QKD system in normal operation, the ratio between detection rates of one VA-SPD with x dB and y dB attenuation satisfies similarly, the QBERs with x dB and y dB attenuation should be less than the threshold. We get In detector control attack without blinding light, P f,x is defined as the detection probability with full optical power when the attenuation is x dB. P f,y is likewise defined when the attenuation is y dB; similarly, with half power, P h,x and P h,y are defined as the detection probabilities when the attenuation are x dB and y dB, respectively. Suppose Eve select two measurement basis with equal probability. Then the detection rates with two attenuation values can be given by For simplicity, we analyse the case that both VA-SPDs have the same attenuation value (x dB or y dB). Then the QBERs of Bob's one VA-SPD with x dB and y dB attenuation values are given by α * (2P h,y − P 2 h,y ) < 2α * e th (P f,y + 2P h,y − P 2 h,y ). (21) By adding both sides of these inequalities, we deduce that As e th < 11%, 0 ≤ {P f,x , P h,x , P f,y , P h,y } ≤ 1 and α * > 1, we know that (2P h,x − P 2 h,x ) + α * (2 − P h,y − 8e th )P h,y + 2e th P 2 h,x + 2α * e th P 2 h,y ≥ 0, −4α * e th P f,y ≤ 0. To make an effective countermeasure criteria, It should be guaranteed that Eq. (22) can not be satisfied for all the values of α * , there are two following cases: If P h,x = P f,y , whether the Eq. (22) can be satisfied depends on the value of P h,x , P f,y , α * and P h,y , which means that the countermeasure criteria is not general.
If P h,x = P f,y , then (2P h,x − P 2 h,x ) − 4α * e th P f,y ≥ 0, all the factors on the left of Eq. (22) is greater than 0, which is contradictory to the right result of Eq. (22). It means the two sub-cases: The one is the optical power before entering SPDs are equal, then half power with x dB is equal to the full power with y dB, so the difference of VA's value between y and x is 3 dB. It meets the requirement of generalization of criteria; The other one is the optical power before entering SPDs are different, but their detection probabilities are equal. Therefore, the countermeasure is influenced by the specific detector probabilities and is not general.   (7) can be converted into With 0 ≤ P f,0 ≤ 1 and P h,0 = P f,3 we get Then is given by We can simulate the lower bound of R atk 0(s) R atk

3(s)
, the result is shown with the red line in Fig. 2. Similarly, when both VA-SPDs in the same basis have the opposite attenuation value, and both QBERs (e atk 0(opp) and e atk 3(opp) ) are less than e th , let Then we get the range of P h,3 We simulate the lower bound of R atk 0(opp) R atk

3(opp)
, the result is shown with the blue dashed line in Fig. 2.
Under the detector control attack, since Eve could control transmittance and number of trigger pulses to guarantee the detection rates unchanged, t is the attack transmission parameter which satisfies t ≥ 1, then we have In the case that the relationship of Eq. 2 is satisfied, (4) and (5) can be converted into As 0 ≤ {P f,0 , P h,0 , P f,3 , P h,3 } ≤ 1, by using Eqs. (35) and (36), we have 0 ≤ tR 0 ≤ 0.75.
When both VA-SPDs in the same basis have the same attenuation value, then e atk 0(s) , e atk 3(s) can be converted into thus we substitute Eq. (40) to Eq. (38). We can simulate the relationship of the QBERs with 0 dB (e atk 0(s) ) and 3 dB (e atk 3(s) ), we set tR 0 = 0.75 for Eq. (37), because e atk 0(s) and e atk 3(s) are increasing with decreasing tR 0 . If Eq. (40) is larger than 1 (smaller than 0), we take 1(0) for P f,3 . The result is shown with red and blue lines in Fig. 3.