pith. sign in

arxiv: 2506.03718 · v4 · submitted 2025-06-04 · 🪐 quant-ph

Security analysis of orthogonal state attack on a high-speed quantum key distribution system

Jialei Su , Qingquan Peng , Jia-lin Chen , Feng-yu Lu , Zihao Chen , Junxuan Liu , De-Yong He , Shuang Wang
show 1 more author
Anqi Huang
This is my paper

Pith reviewed 2026-05-19 11:51 UTC · model grok-4.3

classification 🪐 quant-ph
keywords quantum key distributionsecurity analysisorthogonal state attackmuted attacksingle-photon avalanche diodehigh-speed QKDdetector control
0
0 comments X

The pith

An eavesdropper can mute the detectors in a gigahertz-rate QKD system by sending hundreds of photons and thereby obtain nearly all the secret key.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper develops a security model for orthogonal state attacks that bypass the need for intercept-and-resend operations. Within this model the authors introduce and experimentally demonstrate a muted attack: Eve fires hundreds of photons at Bob’s 1 GHz SPADs to suppress their response and dictate which detection events occur. Because the attack succeeds inside the narrow time windows of high-repetition-rate systems, it allows Eve to learn almost the entire key while the legitimate users still believe their channel is secure. The work also simulates how the resulting key-rate estimates become grossly inflated when these attacks are ignored.

Core claim

The paper claims that a muted attack, implemented by illuminating the receiver’s SPADs with hundreds of photons per pulse, reliably suppresses detector response and lets Eve control the overall detection pattern, thereby extracting nearly all the secret bits without any intercept-resend step. The feasibility of the attack is shown experimentally at 1 GHz; the same security model is then used to compute the overestimated key rates that result when the system is subjected to either the muted attack or a dead-time attack.

What carries the argument

The muted attack, in which Eve sends a burst of hundreds of photons to suppress the avalanche response of Bob’s SPADs and thereby dictate the receiver’s detection statistics.

If this is right

  • The secret key rate extracted from a high-speed QKD system is substantially overestimated when orthogonal-state attacks are not included in the security analysis.
  • Eve can obtain nearly the entire key by controlling detector response rather than by measuring and resending photons.
  • The attack remains effective at repetition rates of 1 GHz because the multi-photon mute occurs inside the short coincidence window.
  • Both the muted attack and the related dead-time attack produce similar overestimates of the achievable key rate.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Detector designs for future gigahertz QKD links will need explicit protection against sustained multi-photon illumination.
  • The same control mechanism could be tested on other single-photon detectors such as superconducting nanowire devices to check generality.
  • Security proofs for high-speed QKD must now incorporate the possibility that detection efficiency can be externally modulated on a pulse-by-pulse basis.

Load-bearing premise

Multi-photon illumination can mute or steer the SPAD response inside the brief detection windows of a 1 GHz system without activating any existing security countermeasures.

What would settle it

An experiment in which hundreds of photons are sent to a 1 GHz SPAD during the system’s active time window and the detector efficiency remains unchanged or the output statistics stay random would falsify the attack’s effectiveness.

Figures

Figures reproduced from arXiv: 2506.03718 by Anqi Huang, De-Yong He, Feng-yu Lu, Jialei Su, Jia-lin Chen, Junxuan Liu, Qingquan Peng, Shuang Wang, Zihao Chen.

Figure 1
Figure 1. Figure 1: FIG. 1. (color online). (a) Schematic diagram of muted attack on a passive basis selection BB84 QKD system. The avalanche [PITH_FULL_IMAGE:figures/full_fig_p003_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: FIG. 2. The simulation of the key rate of the QKD system [PITH_FULL_IMAGE:figures/full_fig_p004_2.png] view at source ↗
read the original abstract

High-speed quantum key distribution (QKD) systems have achieved repetition frequencies above gigahertz through advanced technologies and devices, laying an important foundation for the deployment of high-key-rate QKD system. Although these advanced systems may introduce potential loopholes, an eavesdropper Eve is challenging to exploit them by performing the intercept-resend attacks due to the limited time window under high repetition frequency. However, here, we propose a security analysis model of orthogonal state attacks that do not require intercept-resend operation on the key rate of a QKD system. Under this framework, we propose a muted attack and experimentally verify the feasibility of the attack using a 1 GHz single-photon avalanche detector (SPAD). By sending hundreds of photons each time, Eve can mute Bob's SPADs to control the overall detection response of the QKD receiver, allowing her to learn nearly all the keys. Furthermore, we use this security model to simulate the overestimated key rates of the QKD system under orthogonal state attacks, including both the muted attack and the dead-time attack. This work theoretically and experimentally shows a timely case of the security vulnerability in the high-speed QKD system.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

3 major / 2 minor

Summary. The manuscript proposes a security analysis model for orthogonal state attacks on high-speed QKD systems that avoids intercept-resend operations. It introduces a muted attack in which Eve sends hundreds of photons per time slot to mute Bob's SPADs and thereby control the detection response, experimentally verifies the attack feasibility with a standalone 1 GHz SPAD, and simulates the resulting overestimation of secret key rates under both the muted attack and a dead-time attack.

Significance. If the experimental demonstration of controllable SPAD muting translates to a full synchronized dual-basis receiver without activating monitoring, the work identifies a concrete vulnerability in gigahertz-rate QKD implementations and supplies a quantitative security model that can be used to bound key-rate overestimation. The combination of a new attack framework, direct SPAD measurements, and rate simulations is a positive contribution to practical QKD security analysis.

major comments (3)
  1. [Experimental verification section] Experimental verification section: the manuscript reports that sending hundreds of photons mutes the 1 GHz SPAD and controls the overall detection response, yet provides no statistics on the achieved bias, no error bars, no raw count data, and no description of how the 1 ns detection window is synchronized with the QKD clock; these omissions are load-bearing for the central claim that the muted attack succeeds in a real system.
  2. [Security model and simulation section] Security model and simulation section: the assumption that the detection bias produced by the muted attack survives sifting, error correction, and privacy amplification without triggering photon-flux or dead-time monitoring is stated but not supported by any quantitative analysis of count-rate anomalies or existing countermeasures; this is required to establish that the attack yields nearly all keys.
  3. [Simulation results] Simulation results: the reported overestimation of key rates under the muted attack depends on specific bias parameters extracted from the SPAD experiment, but the manuscript does not show how these parameters enter the key-rate formula or provide sensitivity analysis, preventing independent verification of the quantitative claims.
minor comments (2)
  1. [Introduction] The introduction of the term 'orthogonal state attack' would benefit from an explicit comparison to existing detector-side attacks (e.g., blinding or dead-time attacks) and a clear statement of what is new versus what is a variant.
  2. [Figures] Figure captions for the SPAD response curves should include the exact photon number per pulse, repetition rate, and measurement duration to allow reproducibility.

Simulated Author's Rebuttal

3 responses · 0 unresolved

We thank the referee for the constructive and detailed comments on our manuscript. We have carefully reviewed each major point and provide point-by-point responses below. Where the comments identify omissions that affect clarity or verifiability, we agree to incorporate the requested material in the revised version.

read point-by-point responses

  1. Referee: [Experimental verification section] Experimental verification section: the manuscript reports that sending hundreds of photons mutes the 1 GHz SPAD and controls the overall detection response, yet provides no statistics on the achieved bias, no error bars, no raw count data, and no description of how the 1 ns detection window is synchronized with the QKD clock; these omissions are load-bearing for the central claim that the muted attack succeeds in a real system.

    Authors: We agree that the experimental section would be strengthened by these details. In the revised manuscript we will add the measured bias statistics (mean detection control probability and standard deviation over repeated trials), include error bars on the relevant plots, supply raw count data as supplementary material, and describe the synchronization of the 1 ns window to the QKD clock via a shared reference signal. These additions will make the experimental demonstration of SPAD muting more transparent while preserving the central feasibility result. revision: yes

  2. Referee: [Security model and simulation section] Security model and simulation section: the assumption that the detection bias produced by the muted attack survives sifting, error correction, and privacy amplification without triggering photon-flux or dead-time monitoring is stated but not supported by any quantitative analysis of count-rate anomalies or existing countermeasures; this is required to establish that the attack yields nearly all keys.

    Authors: We acknowledge that a quantitative discussion of monitoring thresholds is needed. The revised manuscript will include an explicit comparison of the count-rate behavior under the muted attack against typical photon-flux and dead-time monitoring thresholds used in gigahertz QKD systems. We will also note the parameter regimes in which the bias can persist through sifting and post-processing without activating standard countermeasures, thereby supporting the claim that the attack can yield a large fraction of the key. revision: yes

  3. Referee: [Simulation results] Simulation results: the reported overestimation of key rates under the muted attack depends on specific bias parameters extracted from the SPAD experiment, but the manuscript does not show how these parameters enter the key-rate formula or provide sensitivity analysis, preventing independent verification of the quantitative claims.

    Authors: We agree that explicit substitution and sensitivity analysis will improve verifiability. In the revision we will present the secret-key-rate expression with the experimental bias parameters inserted, and we will add a sensitivity plot showing how the overestimation varies when the bias is changed within the experimentally observed range. This will allow readers to reproduce and assess the quantitative results. revision: yes

Circularity Check

0 steps flagged

No circularity: security model and muted attack rest on experimental verification of SPAD behavior

full rationale

The paper constructs a security analysis model for orthogonal state attacks on high-speed QKD systems and proposes the muted attack within that framework. Central claims are supported by direct experimental demonstration using a 1 GHz SPAD, where multi-photon illumination is shown to mute detectors and bias detection response. No load-bearing derivation reduces to fitted parameters, self-referential equations, or self-citation chains; the simulation of overestimated key rates follows from applying the proposed attack model to standard QKD rate formulas without circular reduction. The analysis is self-contained against external benchmarks via the reported experiment, yielding no significant circularity.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 2 invented entities

The central claim depends on domain assumptions about SPAD physics under multi-photon input and introduces new attack concepts without cited independent evidence for their feasibility in high-speed regimes.

axioms (1)
  • domain assumption Single-photon avalanche diodes exhibit controllable muted response under illumination by hundreds of photons within high-repetition-rate time windows
    This premise underpins the feasibility of the muted attack as described in the abstract.
invented entities (2)
  • muted attack no independent evidence
    purpose: Control overall detection response of QKD receiver to learn nearly all keys
    New attack variant proposed and experimentally tested in the work.
  • orthogonal state attack model no independent evidence
    purpose: Security analysis framework that does not require intercept-resend operation
    New framework introduced to analyze high-speed QKD vulnerabilities.

pith-pipeline@v0.9.0 · 5763 in / 1507 out tokens · 69125 ms · 2026-05-19T11:51:58.683361+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

37 extracted references · 37 canonical work pages

  1. [1]

    Zbinden, N

    H. Zbinden, N. Gisin, G. Ribordy, D. Stucki, and W. Tit- tel, Experimental quantum communication, in Exper- imental Quantum Computation and Information (IOS Press, 2002) pp. 217–232

    work page 2002

  2. [2]

    Scarani, H

    V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Duˇ sek, N. L¨ utkenhaus, and M. Peev, The security of practical quantum key distribution, Rev. Mod. Phys. 81, 1301 (2009)

    work page 2009

  3. [3]

    H.-K. Lo, M. Curty, and K. Tamaki, Secure quantum key distribution, Nat. Photonics 8, 595 (2014)

    work page 2014

  4. [4]

    C. H. Bennett and G. Brassard, Quantum cryptography: Public key distribution and coin tossing, Theor. Comput. Sci 560, 7 (2014)

    work page 2014

  5. [5]

    A. K. Ekert, Quantum cryptography based on bell’s the- orem, Phys. Rev. Lett. 67, 661 (1991)

    work page 1991

  6. [6]

    Y.-A. Chen, Q. Zhang, T.-Y. Chen, W.-Q. Cai, S.-K. Liao, J. Zhang, K. Chen, J. Yin, J.-G. Ren, Z. Chen, S.-L. Han, Q. Yu, K. Liang, F. Zhou, X. Yuan, M.-S. Zhao, T.-Y. Wang, X. Jiang, L. Zhang, W.-Y. Liu, Y. Li, Q. Shen, Y. Cao, C.-Y. Lu, R. Shu, J.-Y. Wang, L. Li, N.- L. Liu, F. Xu, X.-B. Wang, C.-Z. Peng, and J.-W. Pan, An integrated space-to-ground qua...

    work page 2021

  7. [7]

    Diamanti, H.-K

    E. Diamanti, H.-K. Lo, B. Qi, and Z. Yuan, Practical challenges in quantum key distribution, npj Quantum Inf 2, 16025 (2016)

    work page 2016

  8. [8]

    Sasaki, Quantum networks: where should we be head- ing?, Quantum Science and Technology2, 020501 (2017)

    M. Sasaki, Quantum networks: where should we be head- ing?, Quantum Science and Technology2, 020501 (2017)

    work page 2017

  9. [9]

    Z. Yuan, A. Plews, R. Takahashi, K. Doi, W. Tam, A. Sharpe, A. Dixon, E. Lavelle, J. Dynes, A. Murakami, M. Kujiraoka, M. Lucamarini, Y. Tanizawa, H. Sato, and A. J. Shields, 10-mb/s quantum key distribution, J. Lightwave Technol. 36, 3427 (2018)

    work page 2018

  10. [10]

    N. T. Islam, C. C. W. Lim, C. Cahall, J. Kim, and D. J. Gauthier, Provably secure and high-rate quantum key distribution with time-bin qudits, Sci. Adv 3, e1701491 (2017)

    work page 2017

  11. [11]

    Boaron, G

    A. Boaron, G. Boso, D. Rusca, C. Vulliez, C. Autebert, M. Caloz, M. Perrenoud, G. Gras, F. Bussi` eres, M.-J. Li, D. Nolan, A. Martin, and H. Zbinden, Secure quantum key distribution over 421 km of optical fiber, Phys. Rev. Lett. 121, 190502 (2018)

    work page 2018

  12. [12]

    W. Li, L. Zhang, H. Tan, Y. Lu, S.-K. Liao, J. Huang, H. Li, Z. Wang, H.-K. Mao, B. Yan, Q. Li, Y. Liu, Q. Zhang, C.-Z. Peng, L. You, F. Xu, and J.-W. Pan, High-rate quantum key distribution exceeding 110 mb s– 1, Nat. Photonics 17, 416 (2023)

    work page 2023

  13. [13]

    Y. Du, X. Zhu, X. Hua, Z. Zhao, X. Hu, Y. Qian, X. Xiao, and K. Wei, Silicon-based decoder for polarization- encoding quantum key distribution, in Chip 2, 100039 (2023)

    work page 2023

  14. [14]

    Gr¨ unenfelder, A

    F. Gr¨ unenfelder, A. Boaron, G. V. Resta, M. Perrenoud, D. Rusca, C. Barreiro, R. Houlmann, R. Sax, L. Stasi, S. El-Khoury, E. H¨ anggi, N. Bosshard, F. Bussi` eres, and H. Zbinden, Fast single-photon detectors and real-time key distillation enable high secret-key-rate quantum key distribution systems, in Nat. Photonics 17, 422 (2023)

    work page 2023

  15. [15]

    A. R. Dixon, Z. L. Yuan, J. F. Dynes, A. W. Sharpe, and A. J. Shields, Gigahertz decoy quantum key distribution with 1 mbit/s secure key rate, Opt. Express 16, 18790 (2008)

    work page 2008

  16. [16]

    Sibson, C

    P. Sibson, C. Erven, M. Godfrey, S. Miki, T. Yamashita, M. Fujiwara, M. Sasaki, H. Terai, M. G. Tanner, C. M. Natarajan, R. H. Hadfield, J. L. O’Brien, and M. G. Thompson, Gigahertz decoy quantum key distribution with 1 mbit/s secure key rate, Nat. Commun.8(1), 13984 (2017)

    work page 2017

  17. [17]

    S. Wang, W. Chen, Z.-Q. Yin, D.-Y. He, C. Hui, P.-L. Hao, G.-J. Fan-Yuan, C. Wang, L.-J. Zhang, J. Kuang, S.-F. Liu, Z. Zhou, Y.-G. Wang, G.-C. Guo, and Z.-F. Han, Practical gigahertz quantum key distribution robust against channel disturbance, Opt. Lett. 43, 2030 (2018)

    work page 2030

  18. [18]

    X.-B. An, H. Zhang, C.-M. Zhang, W. Chen, S. Wang, Z.-Q. Yin, Q. Wang, D.-Y. He, P.-L. Hao, S.-F. Liu, X.- Y. Zhou, G.-C. Guo, and Z.-F. Han, Practical quantum digital signature with a gigahertz bb84 quantum key dis- tribution system, Opt. Lett. 44, 139 (2019)

    work page 2019

  19. [19]

    Namekata, S

    N. Namekata, S. Sasamori, and S. Inoue, 800 mhz single-photon detection at 1550-nm using an ingaas/inp avalanche photodiode operated with a sine wave gating, Opt. Express 14, 10043 (2006)

    work page 2006

  20. [20]

    Walenta, T

    N. Walenta, T. Lunghi, O. Guinnard, R. Houlmann, H. Zbinden, and N. Gisin, Sine gating detector with sim- ple filtering for low-noise infra-red single photon detec- 6 tion at room temperature, J. Appl. Phys. 112, 063106 (2012)

    work page 2012

  21. [21]

    Z. L. Yuan, B. E. Kardynal, A. W. Sharpe, and A. J. Shields, High speed single photon detection in the near infrared, Appl. Phys. Lett. 91, 041114 (2007)

    work page 2007

  22. [22]

    Restelli, J

    A. Restelli, J. C. Bienfang, and A. L. Migdall, Single- photon detection efficiency up to 50% at 1310-nm with an InGaAs/InP avalanche diode gated at 1.25-GHz, Appl. Phys. Lett. 102, 141104 (2013)

    work page 2013

  23. [23]

    D.-Y. He, S. Wang, W. Chen, Z.-Q. Yin, Y.-J. Qian, Z. Zhou, G.-C. Guo, and Z.-F. Han, Sine-wave gating InGaAs/InP single photon detector with ultralow after- pulse, Appl. Phys. Lett. 110, 111104 (2017)

    work page 2017

  24. [24]

    D.-Y. He, S. Wang, J.-L. Chen, W. Chen, Z.-Q. Yin, G.- J. Fan-Yuan, Z. Zhou, G.-C. Guo, and Z.-F. Han, 2.5 ghz gated ingaas/inp single-photon avalanche diode with 44 ps time jitter, Adv. devices instrum 4, 0020 (2023)

    work page 2023

  25. [25]

    Lydersen, C

    L. Lydersen, C. Wiechers, C. Wittmann, D. Elser, J. Skaar, and V. Makarov, Hacking commercial quantum cryptography systems by tailored bright illumination, in Nat. Photonics 4, 686 (2010)

    work page 2010

  26. [26]

    Zhao, C.-H

    Y. Zhao, C.-H. F. Fung, B. Qi, C. Chen, and H.-K. Lo, Quantum hacking: Experimental demonstration of time- shift attack against practical quantum-key-distribution systems, in Phys. Rev. A 78 (2008)

    work page 2008

  27. [27]

    Weier, H

    H. Weier, H. Krauss, M. Rau, M. F¨ urst, S. Nauerth, and H. Weinfurter, Quantum eavesdropping without intercep- tion: an attack exploiting the dead time of single-photon detectors, in New J. Phys. 13 (2011)

    work page 2011

  28. [28]

    Lydersen, N

    L. Lydersen, N. Jain, C. Wittmann, O. Marøy, J. Skaar, C. Marquardt, V. Makarov, and G. Leuchs, Superlinear threshold detectors in quantum cryptography, Phys. Rev. A 84, 032320 (2011)

    work page 2011

  29. [29]

    Qian, D.-Y

    Y.-J. Qian, D.-Y. He, S. Wang, W. Chen, Z.-Q. Yin, G.- C. Guo, and Z.-F. Han, Robust countermeasure against detector control attack in a practical quantum key dis- tribution system, in Optica 6, 1178 (2019)

    work page 2019

  30. [30]

    Huang, S

    A. Huang, S. Sajeed, P. Chaiwongkhot, M. Soucarros, M. Legr´ e, and V. Makarov, Testing Random-Detector- Efficiency Countermeasure in a Commercial System Re- veals a Breakable Unrealistic Assumption, in IEEE J. Quantum Electron. 52, 1 (2016)

    work page 2016

  31. [31]

    Z. Wu, A. Huang, H. Chen, S.-H. Sun, J. Ding, X. Qiang, X. Fu, P. Xu, and J. Wu, Hacking single- photon avalanche detectors in quantum key distribution via pulse illumination, in Opt. Express 28, 25574 (2020)

    work page 2020

  32. [32]

    B. Gao, Z. Wu, W. Shi, Y. Liu, D. Wang, C. Yu, A. Huang, and J. Wu, Ability of strong-pulse illumina- tion to hack self-differencing avalanche photodiode detec- tors in a high-speed quantum-key-distribution system, in Phys. Rev. A 106, 033713 (2022)

    work page 2022

  33. [33]

    Wang, Beating the photon-number-splitting attack in practical quantum cryptography, Phys

    X.-B. Wang, Beating the photon-number-splitting attack in practical quantum cryptography, Phys. Rev. Lett. 94, 230503 (2005)

    work page 2005

  34. [34]

    H.-K. Lo, X. Ma, and K. Chen, Decoy state quantum key distribution, Phys. Rev. Lett. 94, 230504 (2005)

    work page 2005

  35. [35]

    X. Ma, B. Qi, Y. Zhao, and H.-K. Lo, Practical decoy state for quantum key distribution, Phys. Rev. A 72, 012326 (2005)

    work page 2005

  36. [36]

    Wang, C.-Z

    X.-B. Wang, C.-Z. Peng, J. Zhang, L. Yang, and J.-W. Pan, General theory of decoy-state quantum cryptogra- phy with source errors, Phys. Rev. A 77, 042311 (2008)

    work page 2008

  37. [37]

    Gottesman, H.-K

    D. Gottesman, H.-K. Lo, N. Lutkenhaus, and J. Preskill, Security of quantum key distribution with imperfect de- vices, in International Symposium onInformation The- ory, 2004. ISIT 2004. Proceedings. (2004) pp. 136–

    work page 2004