Experimental demonstration of phase-remapping attack in a practical quantum key distribution system

Unconditional security proofs of various quantum key distribution (QKD) protocols are built on idealized assumptions. One key assumption is: the sender (Alice) can prepare the required quantum states without errors. However, such an assumption may be violated in a practical QKD system. In this paper, we experimentally demonstrate a technically feasible "intercept-and-resend" attack that exploits such a security loophole in a commercial "plug & play" QKD system. The resulting quantum bit error rate is 19.7%, which is below the proven secure bound of 20.0% for the BB84 protocol. The attack we utilize is the phase-remapping attack (C.-H. F. Fung, et al., Phys. Rev. A, 75, 32314, 2007) proposed by our group.