Fundamental Insecurity of Multi-Photon Sources Under Photon-Number Splitting Attacks in Quantum Key Distribution

A simple photon-number splitting attack is described which works on any lossy quantum key distribution system with a multi-photon source independently of the mean source photon number, and with no induced error rate. In particular, it cannot be detected by decoy states. The quantitative loss of security is similar when the user employs photon-number resolving detectors or threshold detectors. Numerical values indicate that existing implementations of concrete QKD systems are fundamentally insecure against this attack because a large portion of leaked sifted key bits is not accounted for. The possibility of other damaging photon-number splitting attacks is discussed. Some morals will be drawn.