## Abstract

In real-life implementations of quantum key distribution (QKD), the physical systems with unwanted imperfections would be exploited by an eavesdropper. Based on imperfections in the detectors, detector-control attacks have been successfully launched on several QKD systems and attracted widespread concerns. Here, we propose a robust countermeasure against these attacks just by introducing a variable attenuator in front of the detector. This countermeasure is not only effective against attacks with blinding light, but it is also robust against attacks without blinding light, which are more concealed and threatening. Different from previous technical improvements, the single-photon detector in our countermeasure model is treated as a black box, and the eavesdropper can be detected by statistics of the detection and error rates of the QKD system. Besides theoretical proof, the countermeasure is also supported by an experimental demonstration. Our countermeasure is general in the sense that it is independent of the technical details of the detector, and can be easily applied to existing QKD systems.

© 2019 Optical Society of America under the terms of the OSA Open Access Publishing Agreement

## 1. INTRODUCTION

Quantum key distribution (QKD) is one of the most promising applications of quantum information. It enables two parties, Alice and Bob, to exchange key bits whose security has been theoretically proved [1–4]. Unfortunately, real-life QKD systems still can be hacked due to the imperfection of the devices. Several kinds of attacks have been reported, such as the photon-number-splitting (PNS) attack [5,6], phase-remapping attack [7,8], Trojan-horse attack [9], time-shift attack [10,11], wavelength-dependent attack [12], and detector-control attack [13–23]. In order to defend against these attacks, many countermeasures have also been proposed, some of which are very effective and can even perfectly defend against the corresponding attack; for example, the decoy-state method is a perfect solution against a PNS attack [24–27].

Recently, most attacks have focused on the measurement equipment, especially on single-photon detectors (SPDs), among which a detector-control attack is the most fatal one and has attracted much attention [13–23]. To implement a detector-control attack, Eve randomly chooses bases to measure the quantum states sent from Alice, then resends the results using trigger light with specific optical power. Due to the control effect of trigger pulses, the outputs of Bob’s detectors are nearly identical to Eve’s. This will cause zero or few extra error bits, and Eve can obtain a copy of raw keys without being revealed by legitimate users. Note that not all detector-related attacks belong to the detector-control attack, such as the detector dead-time attack [28] and time-shift attack [10,11] are not within the scope of the detector-control attack. In one of the most typical experiments [13], Eve first uses bright continuous-wave illumination to blind the SPDs and converts them into linear detectors that are not sensitive to a single photon. Then Eve can fully control the SPDs by sending trigger pulses that superimposed with the blinding light. There are a series of experiments using both blinding light and trigger light, such as continuous-wave blinding attack [13,14], thermal blinding attack [15,20], and sinkhole blinding attack [15]. Furthermore, Eve need only send trigger light pulses to directly control SPDs, such as after-gate attack [16], faint-after-gate attack [17], and detector-control attack under specific laser damage [18]. These detector-control attacks without blinding light are more concealed and threatening to QKD systems than the ones with blinding light. In this sense, more attention should be paid to detector-control attacks without blinding light.

There are various countermeasures to defend against the detector-control attack. The most ideal one is a device-independent scheme [29,30] that excludes all the imperfections of the devices but is still impractical for applications of real-world use under current techniques. The most effective one is the measurement-device-independent scheme [31], but it requires a Bell-state measurement of two independent remote laser sources, which is experimentally challenging. The other methods mainly focus on the technical improvements in SPDs [32–35], or measurement devices [36–39], or passively monitoring parameters [40–46]. However, these countermeasures may not be provably secure because the characteristics of actual devices and implementations are not under consideration in the security proofs [41,47]. Furthermore, some countermeasures may be available to a kind of SPD [48] or effective to one specific attack, but not all types of detector-control attacks. For example, the method of monitoring the photocurrent of the avalanche photodiode (APD) is effective in finding the detector-control attack with blinding light, but will fail to detect the recent avalanche-transition region attack [23]. Another lately proposed countermeasure is to randomly remove gates and check the clicks in the absence of the gates [33], while Eve can still implement traceless control of SPDs [49], since the method causes changes of both the gate signal leakage and gain factor in SPD circuits.

To defend against a detector-control attack, we propose a robust countermeasure model by introducing a variable attenuator (VA) in front of the SPD. With the random change of attenuation of the VA and the analysis of the corresponding detection events and errors, the countermeasure criteria are proven effective against the detector-control attack without blinding light. An experiment also demonstrates the effectiveness of the VA-SPD countermeasure. If Eve implements the detector-control attack with blinding light, she would introduce new fingerprints in addition to high photocurrent, and these would trigger the alarm of the QKD system.

## 2. COUNTERMEASURE MODEL

The implementation procedure of our countermeasure model is shown in Fig. 1(a). A VA is placed in front of the SPD, and its attenuation can be randomly changed among several values. Note that the number of attenuation values is at least two, and the value difference is 3 dB (see Supplement for an explanation of the necessity of 3 dB). In this paper, the number of attenuation values is two, 0 dB and 3 dB, respectively. The countermeasure model is named VA-SPD, which is suitable for different kinds of SPDs, such as photomultiplier tubes (PMTs), superconducting single-photon detectors (SSPDs) and semiconductor detectors (Si SPDs, InGaAs/InP SPDs). In the model, SPD is treated as a black box that has only two ports: an optical signal input and a detection output. It is not necessary to modify the internal circuits or monitor the technical parameters in the SPD. So, our countermeasure model is applicable for prepare-and-measure QKD systems, just by directly replacing the original SPD with a VA-SPD.

In order to explicitly illustrate the procedure of the proposed countermeasure model, we apply the VA-SPD to a typical polarization-encoding BB84 system with passive measurement bases selection that has been hacked by several attacks [12,14,28,50–53]. As shown in Fig. 1(b), Alice prepares and sends Bob a sequence of polarization states. Each is randomly chosen from four polarization states $\{H,V,+,-\}$; $H$ and $V$ are horizontal and vertical polarization states, respectively. $+$ and $-$ denote $+45\xb0$ and $-45\xb0$ linear polarization states, respectively. For each state, Bob passively and randomly chooses one of the two measurement bases—Z (or rectilinear) basis and X (or diagonal) basis—to project the input photon into one of these four polarization states. At Bob’s site, each VA-SPD corresponds to one polarization state, and the attenuation value of VA in each VA-SPD is randomly set to 0 dB or 3 dB. After the announcement of basis choices, we can get the detection rate and quantum bit-error rate (QBER) for each detector. Different from the original system, two kinds of results could be obtained for two values of VA in the VA-SPD. Here, for each VA-SPD, $\{{R}_{0},{R}_{3}\}$ and $\{{e}_{0},{e}_{3}\}$ denote the detection rates and QBERs with 0 dB and 3 dB attenuation value, respectively.

In almost all BB84 QKD systems, weak coherent states sources are widely used. The photon number of each pulse prepared by Alice follows a Poisson distribution [27]. Suppose the expected photon number of each pulse is $\mu $, the overall transmission and detection efficiency between Alice and Bob is $\eta $, and the background rate is ${Y}_{0}$; then the detection rate is given by

which means the probability that Bob gets one detection count when Alice sends one pulse. For each detector, we can get similar expressions. The only differences are the meaning of $\eta $ and ${Y}_{0}$. Thus, the ratio between detection rates of one VA-SPD with 0 dB and 3 dB attenuation certainly satisfies Additionally, the QBERs with 0 dB and 3 dB attenuation should be less than the threshold to generate secure keys. We have where ${e}_{\mathrm{th}}$ is the threshold of QBER and is 11% for the four-state BB84 system [54–56].In the BB84 QKD system-employed VA-SPDs, the relationships of the detection rate [Eq. (2)] and QBER [Eq. (3)] between 0 dB and 3 dB attenuation should be held simultaneously. Here, we prove that the relationships of Eqs. (2) and (3) cannot be satisfied simultaneously if the system was hacked by the detector-control attack. This criterion would be a trace to find the detector-control attack. And in the VA-SPD countermeasure model, we do not need to open the SPD to monitor some specific parameters. Furthermore, the simulation results show that the fingerprint introduced by the detector-control attack is pretty obvious.

#### A. Theoretical Proof of the Criteria

In all detector-control attacks without blinding light, Eve first uses a random basis to measure the quantum state sent by Alice, then resends a trigger signal to Bob based on her measurement result. The power of the trigger signals is not at a single-photon level, but at a multiphoton level. And the power of the trigger signal stays the same, regardless of Eve’s measurement result. If Eve and Bob select matching bases, the trigger signal would hit one detector with full optical power. If Eve and Bob select opposite bases, the trigger signal would be split into two half parts and hit two detectors. According to the optical power (full, half) hitting the detector and the attenuation value (0 dB, 3 dB) of the VA-SPD, ${P}_{f,0}$ is defined as the detection probability with full optical power when the attenuation is 0 dB. ${P}_{f,3}$ is likewise defined when the attenuation is 3 dB; similarly, with half power, ${P}_{h,0}$ and ${P}_{h,3}$ are defined as the detection probabilities when the attenuation is 0 dB and 3 dB, respectively. Suppose Eve selects two measurement bases with equal probability. The detection rates of Bob’s one VA-SPD with 0 dB and 3 dB attenuation are given by

Here, “atk” means under the detector-control attack.As an acceptable assumption, both detectors of the same basis are identical here for simplicity. About the QBER of Bob’s one VA-SPD, it involves the other or orthogonal detector in the same basis. If both detectors click simultaneously, Bob assigns a random bit value. Since attenuation values of both VA-SPDs are changed independently, there are two circumstances: one is that both VA-SPDs have the same attenuation value (0 dB or 3 dB); the other is that the attenuation values are opposite (0 dB and 3 dB, or 3 dB and 0 dB). When both VA-SPDs have the same attenuation value, the QBER of Bob’s one VA-SPD with 0 dB and 3 dB attenuation is given by

Similarly, when the attenuation values of VA-SPDs are opposite, the QBER of Bob’s one VA-SPD with 0 dB and 3 dB attenuation is given by

#### B. Simulation Results If One Relationship Is Satisfied

According to the above proof, the relationships of Eqs. (2) and (3) cannot be satisfied simultaneously under the detector-control attack. Here, through the approach of numerical simulation, we show that the violation of one relationship would be pretty obvious if the other relationship is satisfied. Details of the calculation process are in Supplement 1.

In the case that the relationship of Eq. (3) is satisfied, both QBERs (${e}_{0}$ and ${e}_{3}$) are less than ${e}_{\mathrm{th}}$. The bounds of the ratio between two detection rates are shown in Fig. 2. For the QKD system in normal operation, the ratio between two detection rates $\alpha =\frac{{R}_{0}}{{R}_{3}}$ locates in the yellow region ($1<\alpha <2$), while if the system were under the detector-control attack, the lower bounds of the ratio between two detection rates would be depicted by the red line and blue dashed line, respectively. The red line $(\frac{{R}_{0(s)}^{\mathrm{atk}}}{{R}_{3(s)}^{\mathrm{atk}}})$ corresponds to the circumstance in which both VA-SPDs with the same basis have the same attenuation value (denoted as same), and the blue dashed line $(\frac{{R}_{0(\mathrm{opp})}^{\mathrm{atk}}}{{R}_{3(\mathrm{opp})}^{\mathrm{atk}}})$ corresponds to the situation in which these two attenuation values are opposite (denoted as opposite). The slight difference between the red line and the blue dashed line comes from the discrepancy of QBERs in two circumstance [Eqs. (6), (7) and Eqs. (12), (13)]. Obviously, the ratio between two detection rates under the detector-control attack is far from the secure region, and as a good fingerprint, the detector-control attack would be detected easily. As the threshold of QBER ${e}_{\mathrm{th}}$ was set smaller, the ratio between two detection rates would be greater, and farther from the secure region. Even when ${e}_{\mathrm{th}}$ is 11%, the lower bounds in two situations are more than 6.5, which would make it easy to find the attack.

In the case that the relationship of Eq. (2) is satisfied, the ratio between two detection rates $\alpha $ locates in the secure region. Figure 3 illustrates the scales of QBERs with 0 dB (${e}_{0}$) and 3 dB (${e}_{3}$) attenuation. For the system in normal operation, both ${e}_{0}$ and ${e}_{3}$ should be less than 11%, as shown in the yellow region. Under the detector-control attack, though Eve could control transmittance and the number of trigger pulses to guarantee the detection rates are unchanged, QBERs would increase a lot. In Fig. 3, the lines and dashed lines correspond to the situation that two attenuation values are the same and opposite, respectively. And, the red ones correspond to $\alpha =2$ (upper bound of the ratio between two detection rates); the blue ones correspond to $\alpha =1$ (lower bound of the ratio). It is obvious that ${e}_{0}$ and ${e}_{3}$ cannot be in the secure region together. If one of {${e}_{0}$, ${e}_{3}$} were less than 11%, the other one would be more than 25%. Hence, these values of QBER would be very easy to trigger the alarm.

## 3. EXPERIMENTAL DEMONSTRATION OF THE COUNTERMEASURE

To show the effectiveness of the countermeasure, we experimentally apply it against the faint after-gate attack [17], which is a typical detector-control attack without blinding light. The experimental setup is similar to the schematic depiction in Fig. 1(b). In the normal operation, Alice is the sender, who sends a sequence of polarization states with a repetition rate of 5 MHz and an expected photon number $\mu =0.1$ of each pulse. At Bob’s site, the random attenuation values of VA in VA-SPD are 0 dB and 3 dB, and the insertion loss of VA is approximately 0.6 dB, which reduces the original detection efficiency of SPD 12.6% to an equivalent detection efficiency of VA-SPD 11.0% at 0 dB attenuation. To simplify the experiment, Bob only monitors the detection events in $Z$ basis $\{H,V\}$ and always sets the same attenuation value (0 dB or 3 dB) in the corresponding two VA-SPDs (the VA-SPD of bit “0” is used to detect the $H$ state; the VA-SPD of bit “1” is used to detect the $V$ state.) Hence, for the QKD system in the normal operation, the ratio between two detection rates $\alpha =\frac{{R}_{0}}{{R}_{3}}$ is approximately 1.994, and QBERs with 0 dB and 3 dB attenuation values are 1.82% and 1.91%, respectively. While under the faint after-gate attack, Eve becomes the sender, here we skip the intercept and measurement process for simplicity. Different from Alice, Eve needs to first measure the characteristic of each SPD and then carefully control the delay and incident flux of her encoded pulses. The delay makes these pulses arrive after the gate, and the incident flux (a few hundreds photons per pulse) offers superlinearity of the detection probability with full and half optical powers.

In order to keep the QBERs below the threshold, Eve chooses the attack positions at the falling edge of 0.74 and 0.88 ns for the VA-SPDs of bit “0” and bit “1,” respectively, and the incident flux of 108 photons per pulse. Eve’s encoded pulses are measured in the $Z$ basis; the detection probabilities of Bob’s two VA-SPDs are listed in Table 1. Taking the VA-SPD of bit “0,” for example, the detection probabilities with full and half incident flux are ${P}_{f,0}=0.10675$ and ${P}_{h,0}=0.0142$, respectively, when the attenuation value is 0 dB, and are ${P}_{f,3}=0.01415$ and ${P}_{h,3}=0.00182$ when the attenuation value is 3 dB. Now the QBERs with two attenuation values are ${e}_{0(s)}^{\mathrm{atk}}=10.45\%$ and ${e}_{3(s)}^{\mathrm{atk}}=10.22\%$, respectively. Both QBERs are below the threshold of 11%, but the ratio between two detection rates is $\frac{{R}_{0(s)}^{\mathrm{atk}}}{{R}_{3(s)}^{\mathrm{atk}}}=7.60$, far beyond the value in the normal operation. Thus, this large ratio between two detection rates would make Bob detect the faint after-gate attack easily.

The other attacking strategy is to keep the detection rates around the values in normal operation. This time Eve chooses the attack positions at the falling edge of 0.68 and 0.84 ns for the VA-SPDs of bit “0” and bit “1,” respectively, and the incident flux of 300 photons per pulse. Eve’s encoded pulses in the Z basis are measured; the detection probabilities of Bob’s two VA-SPDs are listed in Table 2. Still taking the VA-SPD of bit “0,” for example, ${P}_{f,0}=0.9999$, ${P}_{h,0}=0.5016$, and ${P}_{f,3}=0.5015$, ${P}_{h,3}=0.2421$. Now the ratio between the two detection rates is $\frac{{R}_{0(s)}^{\mathrm{atk}}}{{R}_{3(s)}^{\mathrm{atk}}}=2.03$, close to the value in normal operation. But the QBERs with two attenuation values are ${e}_{0(s)}^{\mathrm{atk}}=21.46\%$, ${e}_{3(s)}^{\mathrm{atk}}=22.95\%$. Both QBERs are more than 10 times the ones in normal operation. Hence, this high QBER would be pretty obvious in order to find the trace of Eve.

Compared with normal QKD systems, the insertion loss of VA and the setting attenuation value would introduce extra attenuation and reduce the key rate. Nevertheless, these impacts can be weakened by choosing proper devices and controlling the probability of setting attenuation. About the insertion loss of VA, there is no need to use a high-speed intensity modulator, since VA is controlled by Bob. In the experiment, the insertion loss of VA is only 0.6 dB. About the impact of setting attenuation, the probability of setting 3 dB could be very low in practice, and we can also reduce the impact of statistical fluctuation by accumulating data a longer time.

## 4. EFFECTIVENESS AGAINST THE ATTACK WITH BLINDING LIGHT

In the proof of the criteria of our countermeasure, there is an assumption that ${P}_{h,0}={P}_{f,3}$, which holds in the detector-control attack without blinding light, but might fail in the attacks with blinding light. Hence the criteria of our countermeasure might not be deduced. However, in addition to high photocurrent [42], a new fingerprint would be introduced by the attack with blinding light in our countermeasure. So the proposed countermeasure is still effective against the attack with blinding light.

When the continuous-wave (CW) blinding light enters the VA-SPD, it is first modulated by the VA into full power or half power as the attenuation value is randomly set to 0 dB or 3 dB. In order to always blind the SPD, the modulated half power should be above the blinding power of the SPD, which is typically about dozens of microwatts [49]. After the modulated blinding light hits the APD, it will create a modulated train of photocurrent. Every time the attenuation value of VA changes, a negative ($3\text{\hspace{0.17em}}\text{\hspace{0.17em}}\mathrm{dB}\to 0\text{\hspace{0.17em}}\text{\hspace{0.17em}}\mathrm{dB}$) or positive ($0\text{\hspace{0.17em}}\text{\hspace{0.17em}}\mathrm{dB}\to 3\text{\hspace{0.17em}}\text{\hspace{0.17em}}\mathrm{dB}$) signal will be generated at the output of the APD. This is the fingerprint left by the blinding light in the VA-SPD. And due to the relatively strong optical power of the blinding light, this fingerprint is fairly obvious and easy to be detected. Furthermore, superimposed with the capacitive noise of the gated APD, this fingerprint would exceed the discrimination voltage and produce one click (or a few clicks), which has a 50% probability to generate an error bit. Thus, even if we do not monitor the negative or positive signal at the output of the APD, the additional clicks introduced by the blinding light would increase the QBER and yield of the QKD system.

Although the detector is treated as a black box in the countermeasure model, as shown in Fig. 4, we open a detector and measure the output voltage to experimentally demonstrate the reason why Eve’s attack with blinding light would also be found. The CW laser modulated by the VA is split into two parts. One part enters a high-speed photodiode (PD) to show the characteristic of the modulated blinding light; the other part is first attenuated by an optical attenuator to proper power, and then enters the APD, whose corresponding electrical signals are recorded by an oscilloscope to show the characteristic of the fingerprint left by the blinding light. The attenuation value of the VA is set to 0 dB or 3 dB, and the response time of the VA is approximately 120 ns. The SPD is operated at a frequency of 5 MHz and can be blinded by a CW light at 1550 nm with a power from 11 to 50 μW. The results observed by the oscilloscope are shown in Fig. 5. The blue lines correspond to the modulated blinding light, and the fuchsine ones correspond to the electrical signals at the output of the APD. Here, the modulated blinding light that enters the APD has the power of 30 μW (15 μW) when the attenuation value of VA is 0 dB (3 dB). In Fig. 5(a), the dead time of the SPD is 4.5 μs, so we can observe the fingerprint left by the modulated blinding light clearly. Outside the modulated window, the blinding light is CW; there are only capacitive noises corresponding to the gating pulses. When the intensity changes from 15 to 30 μW, a negative signal is generated and then decays during the unchanged intensity; when the intensity changes from 30 to 15 μW, a positive signal is generated, and also then decays during the unchanged intensity. Superimposed with the capacitive noises, the negative signal exceeds the discrimination voltage of $-838.2\text{\hspace{0.17em}}\text{\hspace{0.17em}}\mathrm{mV}$ and produces one click. In Fig. 5(b), the dead time of SPD is set to bypass; the negative part superimposed with the capacitive noises produce about nine clicks (fuchsine curve). These abnormal clicks can be easily detected by the VA-SPD and trigger the alarm of the QKD system.

## 5. CONCLUSION

In this paper, we have proposed an effective countermeasure against detector-control attacks. After introducing a VA in front of the SPD, the VA-SPD model can detect the detector-control attacks easily through analysis of the detection rates and QBERs corresponding to different attenuation values. We first focus on the detector-control attacks without blinding light, which are more concealed and threatening to QKD systems. The criteria proved that the relationships of the detection rate and QBER between 0 dB and 3 dB attenuation cannot be satisfied simultaneously once the system is hacked. In this countermeasure model against the detector-control attack, the SPD is treated as a black box; we do not need to open it to monitor some specific parameters. By numerical simulations and the experimental application against the faint after-gate attack, we not only demonstrate the effectiveness of the VA-SPD model, but also show the obviousness of the fingerprint introduced by Eve. Furthermore, for the detector-control attack with blinding light, we analyze and experimentally test the effectiveness of the VA-SPD model, in which a new fingerprint, in addition to high photocurrent, would be introduced. The countermeasure can be easily applied to the existing QKD system and would provide a perfect balance between security and practicality.

## Funding

National Key Research and Development Program of China (2018YFA0306400); National Natural Science Foundation of China (61622506, 61575183, 61822115, 61775207, 61627820); Anhui Initiative in Quantum Information Technologies.

See Supplement 1 for supporting content.

## REFERENCES

**1. **N. Gisin, G. Ribordy, W. Tittel, and H. Zbinden, “Quantum cryptography,” Rev. Mod. Phys. **74**, 145 (2002). [CrossRef]

**2. **H.-K. Lo and H. F. Chau, “Unconditional security of quantum key distribution over arbitrarily long distances,” Science **283**, 2050–2056 (1999). [CrossRef]

**3. **V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dušek, N. Lütkenhaus, and M. Peev, “The security of practical quantum key distribution,” Rev. Mod. Phys. **81**, 1301 (2009). [CrossRef]

**4. **D. Gottesman, H.-K. Lo, N. Lütkenhaus, and J. Preskill, “Security of quantum key distribution with imperfect devices,” Quantum Inf. Comput. **4**, 325–360 (2004). [CrossRef]

**5. **B. Huttner, N. Imoto, N. Gisin, and T. Mor, “Quantum cryptography with coherent states,” Phys. Rev. A **51**, 1863 (1995). [CrossRef]

**6. **N. Lütkenhaus and M. Jahma, “Quantum key distribution with realistic states: photon-number statistics in the photon-number splitting attack,” New J. Phys. **4**, 44 (2002). [CrossRef]

**7. **C.-H. F. Fung, B. Qi, K. Tamaki, and H.-K. Lo, “Phase-remapping attack in practical quantum-key-distribution systems,” Phys. Rev. A **75**, 032314 (2007). [CrossRef]

**8. **F. Xu, B. Qi, and H.-K. Lo, “Experimental demonstration of phase-remapping attack in a practical quantum key distribution system,” New J. Phys. **12**, 113026 (2010). [CrossRef]

**9. **N. Gisin, S. Fasel, B. Kraus, H. Zbinden, and G. Ribordy, “Trojan-horse attacks on quantum-key-distribution systems,” Phys. Rev. A **73**, 022320 (2006). [CrossRef]

**10. **B. Qi, C.-H. F. Fung, H.-K. Lo, and X. Ma, “Time-shift attack in practical quantum cryptosystems,” Quantum Inf. Comput. **7**, 73–82 (2007).

**11. **Y. Zhao, C.-H. F. Fung, B. Qi, C. Chen, and H.-K. Lo, “Quantum hacking: experimental demonstration of time-shift attack against practical quantum-key-distribution systems,” Phys. Rev. A **78**, 042333 (2008). [CrossRef]

**12. **H. W. Li, S. Wang, J. Z. Huang, W. Chen, Z. Q. Yin, F. Y. Li, Z. Zhou, D. Liu, Y. Zhang, G. C. Guo, W. S. Bao, and Z. F. Han, “Attacking a practical quantum-key-distribution system with wavelength-dependent beam-splitter and multiwavelength sources,” Phys. Rev. A **84**, 062308 (2011). [CrossRef]

**13. **L. Lydersen, C. Wiechers, C. Wittmann, D. Elser, J. Skaar, and V. Makarov, “Hacking commercial quantum cryptography systems by tailored bright illumination,” Nat. Photonics **4**, 686–689 (2010). [CrossRef]

**14. **I. Gerhardt, Q. Liu, A. Lamas-Linares, J. Skaar, C. Kurtsiefer, and V. Makarov, “Full-field implementation of a perfect eavesdropper on a quantum cryptography system,” Nat. Commun. **2**, 349 (2011). [CrossRef]

**15. **L. Lydersen, C. Wiechers, C. Wittmann, D. Elser, J. Skaar, and V. Makarov, “Thermal blinding of gated detectors in quantum cryptography,” Opt. Express **18**, 27938 (2010). [CrossRef]

**16. **C. Wiechers, L. Lydersen, C. Wittmann, D. Elser, J. Skaar, C. Marquardt, V. Makarov, and G. Leuchs, “After-gate attack on a quantum cryptosystem,” New J. Phys. **13**, 013043 (2011). [CrossRef]

**17. **L. Lydersen, N. Jain, C. Wittmann, Ø. Marøy, J. Skaar, C. Marquardt, V. Makarov, and G. Leuchs, “Superlinear threshold detectors in quantum cryptography,” Phys. Rev. A **84**, 032320 (2011). [CrossRef]

**18. **A. N. Bugge, S. Sauge, A. M. M. Ghazali, J. Skaar, L. Lydersen, and V. Makarov, “Laser damage helps the eavesdropper in quantum cryptography,” Phys. Rev. Lett. **112**, 070503 (2014). [CrossRef]

**19. **V. Makarov, “Controlling passively quenched single photon detectors by bright light,” New J. Phys. **11**, 065003 (2009). [CrossRef]

**20. **S. Sauge, L. Lydersen, A. Anisimov, J. Skaar, and V. Makarov, “Controlling an actively-quenched single photon detector with bright light,” Opt. Express **19**, 23590–23600 (2011). [CrossRef]

**21. **L. Lydersen, M. K. Akhlaghi, A. H. Majedi, J. Skaar, and V. Makarov, “Controlling a superconducting nanowire single-photon detector using tailored bright illumination,” New J. Phys. **13**, 113042 (2011). [CrossRef]

**22. **M.-S. Jiang, S.-H. Sun, G.-Z. Tang, X.-C. Ma, C.-Y. Li, and L.-M. Liang, “Intrinsic imperfection of self-differencing single-photon detectors harms the security of high-speed quantum cryptography systems,” Phys. Rev. A **88**, 062335 (2013). [CrossRef]

**23. **Y.-J. Qian, D.-Y. He, S. Wang, W. Chen, Z.-Q. Yin, G.-C. Guo, and Z.-F. Han, “Hacking the quantum key distribution system by exploiting the avalanche-transition region of single-photon detectors,” Phys. Rev. Appl **10**, 064062 (2018). [CrossRef]

**24. **W.-Y. Hwang, “Quantum key distribution with high loss: toward global secure communication,” Phys. Rev. Lett. **91**, 057901 (2003). [CrossRef]

**25. **H.-K. Lo, X. Ma, and K. Chen, “Decoy state quantum key distribution,” Phys. Rev. Lett. **94**, 230504 (2005). [CrossRef]

**26. **X.-B. Wang, “Beating the photon-number-splitting attack in practical quantum cryptography,” Phys. Rev. Lett. **94**, 230503 (2005). [CrossRef]

**27. **X. Ma, B. Qi, Y. Zhao, and H.-K. Lo, “Practical decoy state for quantum key distribution,” Phys. Rev. A **72**, 012326 (2005). [CrossRef]

**28. **H. Weier, H. Krauss, M. Rau, M. Fürst, S. Nauerth, and H. Weinfurter, “Quantum eavesdropping without interception: an attack exploiting the dead time of single-photon detectors,” New J. Phys. **13**, 073024 (2011). [CrossRef]

**29. **A. Acín, N. Brunner, N. Gisin, S. Massar, S. Pironio, and V. Scarani, “Device-independent security of quantum cryptography against collective attacks,” Phys. Rev. Lett. **98**, 230501 (2007). [CrossRef]

**30. **L. Masanes, S. Pironio, and A. Acín, “Secure device-independent quantum key distribution with causally independent measurement devices,” Nat. Commun. **2**, 238 (2011). [CrossRef]

**31. **H.-K. Lo, M. Curty, and B. Qi, “Measurement-device-independent quantum key distribution,” Phys. Rev. Lett. **108**, 130503 (2012). [CrossRef]

**32. **L. Lydersen, V. Makarov, and J. Skaar, “Secure gated detection scheme for quantum cryptography,” Phys. Rev. A **83**, 032306 (2011). [CrossRef]

**33. **C. C. W. Lim, N. Walenta, M. Legré, N. Gisin, and H. Zbinden, “Random variation of detector efficiency: a countermeasure against detector blinding attacks for quantum key distribution,” IEEE J. Sel. Top. Quantum Electron. **21**, 192–196 (2015). [CrossRef]

**34. **M. Elezov, R. Ozhegov, Y. Kurochkin, G. Goltsman, and V. Makarov, “Countermeasures against blinding attack on superconducting nanowire detectors for QKD,” Eur. Phys. J. Conf. **103**, 10002 (2015). [CrossRef]

**35. **M. S. Lee, B. K. Park, M. K. Woo, C. H. Park, Y.-S. Kim, S.-W. Han, and S. Moon, “Countermeasure against blinding attacks on low-noise detectors with a background-noise-cancellation scheme,” Phys. Rev. A **94**, 062321 (2016). [CrossRef]

**36. **T. Honjo, M. Fujiwara, K. Shimizu, K. Tamaki, S. Miki, T. Yamashita, H. Terai, Z. Wang, and M. Sasaki, “Countermeasure against tailored bright illumination attack for DPS-QKD,” Opt. Express **21**, 2667–2673 (2013). [CrossRef]

**37. **J. Wang, H. Wang, X. Qin, Z. Wei, and Z. Zhang, “The countermeasures against the blinding attack in quantum key distribution,” Eur. Phys. J. D **70**, 5 (2016). [CrossRef]

**38. **T. F. da Silva, G. C. do Amaral, G. B. Xavier, G. P. Temporão, and J. P. von der Weid, “Safeguarding quantum key distribution through detection randomization,” IEEE J. Sel. Top. Quantum Electron **21**, 159–167 (2015). [CrossRef]

**39. **Ø. Marøy, V. Makarov, and J. Skaar, “Secure detection in quantum key distribution by real-time calibration of receiver,” Quantum Sci. Technol. **2**, 044013 (2017). [CrossRef]

**40. **Z. L. Yuan, J. Dynes, and A. Shields, “Resilience of gated avalanche photodiodes against bright illumination attacks in quantum cryptography,” Appl. Phys. Lett. **98**, 231104 (2011). [CrossRef]

**41. **L. Lydersen, V. Makarov, and J. Skaar, “Comment on ‘Resilience of gated avalanche photodiodes against bright illumination attacks in quantum cryptography,” Appl. Phys. Lett. **99**, 196101 (2011). [CrossRef]

**42. **Z. L. Yuan, J. Dynes, and A. Shields, “Response to ‘Comment on ‘Resilience of gated avalanche photodiodes against bright illumination attacks in quantum cryptography,” Appl. Phys. Lett. **99**, 196102 (2011). [CrossRef]

**43. **T. F. da Silva, G. B. Xavier, G. P. Temporão, and J. P. von der Weid, “Real-time monitoring of single-photon detectors against eavesdropping in quantum key distribution systems,” Opt. Express **20**, 18911–18924 (2012). [CrossRef]

**44. **S. Wang, W. Chen, Z.-Q. Yin, H.-W. Li, D.-Y. He, Y.-H. Li, Z. Zhou, X.-T. Song, F.-Y. Li, D. Wang, H. Chen, Y.-G. Han, J.-Z. Huang, J.-F. Guo, P.-L. Hao, M. Li, C.-M. Zhang, D. Liu, W.-Y. Liang, C.-H. Miao, P. Wu, G.-C. Guo, and Z.-F. Han, “Field and long-term demonstration of a wide area quantum key distribution network,” Opt. Express **22**, 21739–21756 (2014). [CrossRef]

**45. **M. Fujiwara, T. Honjo, K. Shimizu, K. Tamaki, and M. Sasaki, “Characteristics of superconducting single photon detector in DPS-QKD system under bright illumination blinding attack,” Opt. Express **21**, 6304–6312 (2013). [CrossRef]

**46. **A. Meda, I. P. Degiovanni, A. Tosi, Z. L. Yuan, G. Brida, and M. Genovese, “Quantifying backflash radiation to prevent zero-error attacks in quantum key distribution,” Light Sci. Appl. **6**, e16261 (2017). [CrossRef]

**47. **H.-K. Lo, M. Curty, and K. Tamaki, “Secure quantum key distribution,” Nat. Photonics **8**, 595–604 (2014). [CrossRef]

**48. **A. Koehler-Sidki, M. Lucamarini, J. Dynes, G. Roberts, A. Sharpe, Z. L. Yuan, and A. Shields, “Intensity modulation as a preemptive measure against blinding of single-photon detectors based on self-differencing cancellation,” Phys. Rev. A **98**, 022327 (2018). [CrossRef]

**49. **A. Huang, S. Sajeed, P. Chaiwongkhot, M. Soucarros, M. Legré, and V. Makarov, “Testing random-detector-efficiency countermeasure in a commercial system reveals a breakable unrealistic assumption,” IEEE J. Quantum Electron. **52**, 1 (2016). [CrossRef]

**50. **Q. Liu, A. Lamas-Linares, C. Kurtsiefer, J. Skaar, V. Makarov, and I. Gerhardt, “A universal setup for active control of a single-photon detector,” Rev. Sci. Instrum. **85**, 013108 (2014). [CrossRef]

**51. **A. Lamas-Linares and C. Kurtsiefer, “Breaking a quantum key distribution system through a timing side channel,” Opt. Express **15**, 9388–9393 (2007). [CrossRef]

**52. **S. Nauerth, M. Fürst, T. Schmitt-Manderbach, H. Weier, and H. Weinfurter, “Information leakage via side channels in freespace BB84 quantum cryptography,” New J. Phys. **11**, 065001 (2009). [CrossRef]

**53. **S. Sajeed, P. Chaiwongkhot, J.-P. Bourgoin, T. Jennewein, N. Lütkenhaus, and V. Makarov, “Security loophole in free-space quantum key distribution due to spatial-mode detector-efficiency mismatch,” Phys. Rev. A **91**, 062301 (2015). [CrossRef]

**54. **H.-K. Lo, H. F. Chau, and M. Ardehali, “Efficient quantum key distribution scheme and a proof of its unconditional security,” J. Cryptology **18**, 133–165 (2005). [CrossRef]

**55. **B. Kraus, N. Gisin, and R. Renner, “Lower and upper bounds on the secret-key rate for quantum key distribution protocols using one-way classical communication,” Phys. Rev. Lett. **95**, 080501 (2005). [CrossRef]

**56. **R. Renner, N. Gisin, and B. Kraus, “Information-theoretic security proof for quantum-key-distribution protocols,” Phys. Rev. A **72**, 012332 (2005). [CrossRef]