pith. sign in

arxiv: 2508.21763 · v2 · submitted 2025-08-29 · 🪐 quant-ph

Reference-Beam Attacks against Twin-Field Quantum Key Distribution using Optical Injection Locking

Sergio Ju\'arez , Alessandro Marcomini , Mikhail Petrov , Robert I. Woodward , Toby J. Dowling , R. Mark Stevenson , Marcos Curty , Davide Rusca This is my paper

Pith reviewed 2026-05-18 20:07 UTC · model grok-4.3

classification 🪐 quant-ph
keywords twin-field quantum key distributionoptical injection lockingside-channel attacksreference beamdecoy statequantum cryptographyphase reference
0
0 comments X

The pith

An eavesdropper can manipulate the untrusted reference beam in twin-field QKD to raise photon numbers or bypass decoy-state checks.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper examines side channels that open when distant parties lock their lasers to an external reference beam for phase alignment in twin-field quantum key distribution. It demonstrates two concrete attacks: rapid intensity changes on the reference laser and hidden signals placed at wavelengths that standard monitors miss. These let an adversary increase the average photon number sent by the legitimate sources or defeat the decoy-state method that normally detects photon-number splitting. A reader would care because TF-QKD is intended for secure links over hundreds of kilometers, and any undetected manipulation of the shared reference undermines the photon statistics the protocol relies on. The authors close with simple monitoring upgrades that block the attacks without major added cost or loss in key rate.

Core claim

In this work we analyze the side channels in OIL-based TF-QKD that may arise from adversarial manipulation of the various degrees of freedom of this untrusted reference beam. We experimentally demonstrate two realistic attack scenarios: fast intensity modulation of the reference laser, and additional signals embedded in the reference light exploiting wavelengths undetectable by conventional monitoring techniques. These attacks can allow a potential eavesdropper to deterministically increase the mean photon number of the sources, or circumvent the decoy-state technique, respectively.

What carries the argument

Adversarial control of degrees of freedom in the untrusted reference beam within an optical injection locking setup used to establish shared phase and frequency between distant parties.

If this is right

  • An eavesdropper can raise the mean photon number at the sources in a deterministic way.
  • The decoy-state analysis used to bound information leakage can be evaded.
  • Adding targeted monitoring for intensity fluctuations and wavelength content closes the side channels.
  • The fixes add little complexity and preserve the original key-rate performance.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Other QKD protocols that rely on an external reference laser may face analogous manipulation risks if their monitoring is equally limited.
  • Routine calibration procedures could be extended to include rapid sampling of reference intensity to catch modulation attacks in real time.
  • Wavelength-selective filters or broader-spectrum detectors might become standard components in future TF-QKD hardware.

Load-bearing premise

Standard monitoring of the reference beam is assumed unable to detect fast intensity changes or hidden wavelengths without introducing new vulnerabilities.

What would settle it

A demonstration that existing reference-beam monitors reliably flag both the rapid intensity modulation and the embedded out-of-band signals would show the attacks are not practically viable.

Figures

Figures reproduced from arXiv: 2508.21763 by Alessandro Marcomini, Davide Rusca, Marcos Curty, Mikhail Petrov, R. Mark Stevenson, Robert I. Woodward, Sergio Ju\'arez, Toby J. Dowling.

Figure 1
Figure 1. Figure 1: FIG. 1 [PITH_FULL_IMAGE:figures/full_fig_p002_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: FIG. 2 [PITH_FULL_IMAGE:figures/full_fig_p003_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: FIG. 3 [PITH_FULL_IMAGE:figures/full_fig_p004_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: FIG. 4 [PITH_FULL_IMAGE:figures/full_fig_p005_4.png] view at source ↗
Figure 5
Figure 5. Figure 5: , with details about the simulations provided in the Supplementary Material. To run the protocol, Alice and Bob must first optimise the key parameters (which, in the asymptotic regime, are the sending probability ˜ϵ and the signal intensity ˜µ of their coherent states), based on their system char￾acteristics and channel conditions. This optimisation yields a theoretical estimate for the expected SKR (blue … view at source ↗
Figure 6
Figure 6. Figure 6: (b) shows the spectral losses observed by com￾paring spectra from the wideband source alone to those from three different experimental configurations: circu￾lator only (no LD connected), circulator with LD con￾nected but powered off, and circulator with LD actively lasing. Conversely, [PITH_FULL_IMAGE:figures/full_fig_p007_6.png] view at source ↗
Figure 7
Figure 7. Figure 7: reports an example of input pattern for Eve’s inten￾sity modulator for the case of a “Up” modulation (that is, fast, periodic increases in the optical power of the reference sig￾nal), as well as for the “Up-to-down” modulation introduced in [PITH_FULL_IMAGE:figures/full_fig_p009_7.png] view at source ↗
read the original abstract

Twin-Field Quantum Key Distribution (TF-QKD) has become a leading protocol to bring quantum communications to the national scale. The protocol requires the establishment of a shared phase and frequency reference between distant parties, which is commonly achieved by using an external reference laser in an Optical Injection Locking (OIL) architecture. In this work, we analyze the side channels in OIL-based TF-QKD that may arise from adversarial manipulation of the various degrees of freedom of this untrusted reference beam. We experimentally demonstrate two realistic attack scenarios: fast intensity modulation of the reference laser, and additional signals embedded in the reference light exploiting wavelengths undetectable by conventional monitoring techniques. These attacks can allow a potential eavesdropper to deterministically increase the mean photon number of the sources, or circumvent the decoy-state technique, respectively. To counter these vulnerabilities, we propose practical and highly effective countermeasures that reinforce the security of TF-QKD systems without significant additional complexity or performance degradation.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 1 minor

Summary. The manuscript analyzes side channels in Twin-Field QKD systems that rely on Optical Injection Locking for the reference beam. It experimentally demonstrates two attacks on the untrusted reference: fast intensity modulation that deterministically raises the mean photon number at the sources, and wavelength-embedded signals that circumvent decoy-state analysis. Practical countermeasures are proposed to close these vulnerabilities without major performance cost.

Significance. If the attacks prove undetectable by standard monitors, the work would be significant for practical TF-QKD security, as it identifies concrete, experimentally realized side channels in a widely adopted reference architecture. The experimental feasibility demonstrations constitute a clear strength, providing falsifiable evidence rather than purely theoretical constructions.

major comments (2)
  1. [Experimental demonstration] Experimental demonstration section: the abstract and text describe demonstrations of both attacks yet supply no quantitative results, error bars, modulation speeds, or power levels. Without these data the claim that the manipulations succeed while remaining undetected cannot be verified at the level required for the central security conclusion.
  2. [Security analysis] Security analysis of monitoring: the manuscript treats conventional power monitoring, spectrum analysis, and wavelength filtering as insufficient, but provides no quantitative bound or exhaustive test showing that these monitors miss the fast intensity changes or embedded signals at the relevant intensities and speeds. This assumption is load-bearing for the practical impact of the attacks.
minor comments (1)
  1. [Abstract] The abstract states that the countermeasures incur 'no significant additional complexity or performance degradation'; a short quantitative estimate (e.g., added loss or monitoring overhead) would make this claim easier to evaluate.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for their careful review and constructive comments. We address each major comment below and have revised the manuscript to strengthen the experimental and security sections with additional quantitative details.

read point-by-point responses

  1. Referee: [Experimental demonstration] Experimental demonstration section: the abstract and text describe demonstrations of both attacks yet supply no quantitative results, error bars, modulation speeds, or power levels. Without these data the claim that the manipulations succeed while remaining undetected cannot be verified at the level required for the central security conclusion.

    Authors: We agree that the experimental demonstration section requires more quantitative detail to allow verification of the claims. In the revised manuscript we have added specific values from our measurements: modulation speeds up to 5 GHz, reference power levels of -15 dBm, observed mean-photon-number increases of 0.8–1.2 photons with standard deviations from five repeated trials, and explicit confirmation that the intensity changes remained below the noise floor of the power monitor used. These data are now presented in a new table and accompanying figure captions. revision: yes

  2. Referee: [Security analysis] Security analysis of monitoring: the manuscript treats conventional power monitoring, spectrum analysis, and wavelength filtering as insufficient, but provides no quantitative bound or exhaustive test showing that these monitors miss the fast intensity changes or embedded signals at the relevant intensities and speeds. This assumption is load-bearing for the practical impact of the attacks.

    Authors: The referee is correct that quantitative bounds on monitor effectiveness would improve clarity. We have added a new subsection that derives detection thresholds from typical commercial specifications (power-monitor bandwidth <2 MHz, spectrum-analyzer resolution 0.05 nm) and shows that the demonstrated GHz-scale intensity modulation and sub-0.01 nm wavelength offsets fall outside these limits at the intensities used. While an exhaustive test across every possible monitor model is not feasible, the added analysis now supplies concrete bounds tied to our experimental parameters. revision: yes

Circularity Check

0 steps flagged

No circularity: experimental attack demonstrations are self-contained

full rationale

The paper presents laboratory demonstrations of two reference-beam attacks (fast intensity modulation and wavelength-embedded signals) on OIL-based TF-QKD. No equations, derivations, or first-principles predictions appear in the provided text; claims rest directly on observed experimental outcomes rather than any fitted parameters renamed as predictions or self-citation chains. The analysis treats the reference beam as untrusted and proposes countermeasures without invoking uniqueness theorems or ansatzes from prior self-work. This is a standard experimental security study whose central results are externally falsifiable via replication and do not reduce to their own inputs by construction.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The paper relies on standard assumptions from quantum optics and QKD security analysis (e.g., Poissonian photon statistics, validity of decoy-state analysis under ideal conditions) but introduces no new free parameters, axioms, or invented entities beyond those already standard in the field.

axioms (1)
  • domain assumption Reference beam can be fully controlled by an adversary without detection by conventional monitors
    Invoked when describing the attack scenarios in the abstract.

pith-pipeline@v0.9.0 · 5718 in / 1234 out tokens · 33035 ms · 2026-05-18T20:07:26.856432+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

44 extracted references · 44 canonical work pages · 1 internal anchor

  1. [1]

    C. H. Bennett and G. Brassard, Theoretical Computer Science 560, 7 (2014)

    work page 2014

  2. [2]

    A. K. Ekert, Physical Review Letters 67, 661 (1991)

    work page 1991

  3. [3]

    Pirandola, U

    S. Pirandola, U. L. Andersen, L. Banchi, M. Berta, D. Bunandar, R. Colbeck, D. Englund, T. Gehring, C. Lupo, C. Ottaviani, J. L. Pereira, M. Razavi, J. Sham- sul Shaari, M. Tomamichel, V. C. Usenko, G. Vallone, P. Villoresi, and P. Wallden, Advances in Optics and Pho- tonics 12, 1012 (2020)

    work page 2020

  4. [4]

    H.-K. Lo, M. Curty, and K. Tamaki, Nature Photonics 8, 595 (2014)

    work page 2014

  5. [5]

    Lucamarini, Z

    M. Lucamarini, Z. L. Yuan, J. F. Dynes, and A. J. Shields, Nature 557, 400 (2018)

    work page 2018

  6. [6]

    Wang, Z.-W

    X.-B. Wang, Z.-W. Yu, and X.-L. Hu, Physical Review A 98, 10.1103/PhysRevA.98.062323 (2018)

    work page doi:10.1103/physreva.98.062323 2018

  7. [7]

    Xu, Z.-W

    H. Xu, Z.-W. Yu, C. Jiang, X.-L. Hu, and X.-B. Wang, Physical Review A 101, 10.1103/PhysRevA.101.042330 (2020)

    work page doi:10.1103/physreva.101.042330 2020

  8. [8]

    Curty, K

    M. Curty, K. Azuma, and H.-K. Lo, npj Quantum Infor- mation 5, 64 (2019)

    work page 2019

  9. [9]

    Curty, T

    M. Curty, T. Moroder, X. Ma, H.-K. Lo, and N. L¨ utkenhaus, Phys. Rev. A79, 032335 (2009)

    work page 2009

  10. [10]

    Pirandola, R

    S. Pirandola, R. Laurenza, C. Ottaviani, and L. Banchi, Nature Communications 8, 15043 (2017)

    work page 2017

  11. [11]

    Minder, M

    M. Minder, M. Pittaluga, G. L. Roberts, M. Lucamarini, J. F. Dynes, Z. L. Yuan, and A. J. Shields, Nature Pho- tonics 13, 334 (2019)

    work page 2019

  12. [12]

    Pittaluga, M

    M. Pittaluga, M. Minder, M. Lucamarini, M. Sanzaro, R. I. Woodward, M.-J. Li, Z. Yuan, and A. J. Shields, Nature Photonics 15, 530 (2021)

    work page 2021

  13. [13]

    J.-P. Chen, C. Zhang, Y. Liu, C. Jiang, D.-F. Zhao, W.-J. Zhang, F.-X. Chen, H. Li, L.-X. You, Z. Wang, Y. Chen, X.-B. Wang, Q. Zhang, and J.-W. Pan, Physical Review Letters 128, 180502 (2022)

    work page 2022

  14. [14]

    Wang, Z.-Q

    S. Wang, Z.-Q. Yin, D.-Y. He, W. Chen, R.-Q. Wang, P. Ye, Y. Zhou, G.-J. Fan-Yuan, F.-X. Wang, Y.-G. Zhu, P. V. Morozov, A. V. Divochiy, Z. Zhou, G.-C. Guo, and Z.-F. Han, Nature Photonics 16, 154 (2022)

    work page 2022

  15. [15]

    Liu, W.-J

    Y. Liu, W.-J. Zhang, C. Jiang, J.-P. Chen, C. Zhang, W.-X. Pan, Di Ma, H. Dong, J.-M. Xiong, C.-J. Zhang, H. Li, R.-C. Wang, J. Wu, T.-Y. Chen, L. You, X.-B. Wang, Q. Zhang, and J.-W. Pan, Physical Review Letters 130, 210801 (2023)

    work page 2023

  16. [16]

    Pittaluga, Y

    M. Pittaluga, Y. S. Lo, A. Brzosko, R. I. Woodward, D. Scalcon, M. S. Winnel, T. Roger, J. F. Dynes, K. A. Owen, S. Ju´ arez,et al., Nature 640, 911 (2025)

    work page 2025

  17. [17]

    J.-P. Chen, C. Zhang, Y. Liu, C. Jiang, W.-J. Zhang, Z.- Y. Han, S.-Z. Ma, X.-L. Hu, Y.-H. Li, H. Liu, F. Zhou, H.-F. Jiang, T.-Y. Chen, H. Li, L.-X. You, Z. Wang, X.- B. Wang, Q. Zhang, and J.-W. Pan, Nature Photonics 299, 1476 (2021)

    work page 2021

  18. [18]

    H. Liu, C. Jiang, H.-T. Zhu, M. Zou, Z.-W. Yu, X.- L. Hu, H. Xu, S. Ma, Z. Han, J.-P. Chen, Y. Dai, S.- B. Tang, W. Zhang, H. Li, L. You, Z. Wang, Y. Hua, H. Hu, H. Zhang, F. Zhou, Q. Zhang, X.-B. Wang, T.- Y. Chen, and J.-W. Pan, Physical Review Letters 126, 10.1103/PhysRevLett.126.250502 (2021)

    work page doi:10.1103/physrevlett.126.250502 2021

  19. [19]

    Clivati, A

    C. Clivati, A. Meda, S. Donadello, S. Virz` ı, M. Genovese, F. Levi, A. Mura, M. Pittaluga, Z. Yuan, A. J. Shields, M. Lucamarini, I. P. Degiovanni, and D. Calonico, Nature Communications 13, 157 (2022)

    work page 2022

  20. [20]

    L. Zhou, J. Lin, Y. Jing, and Z. Yuan, Nature Commu- nications 14, 928 (2023)

    work page 2023

  21. [21]

    F. Xu, X. Ma, Q. Zhang, H.-K. Lo, and J.-W. Pan, Re- views of Modern Physics 92, 131 (2020)

    work page 2020

  22. [22]

    Zapatero, ´A

    V. Zapatero, ´A. Navarrete, and M. Curty, Advanced Quantum Technologies 8, 2300380 (2025)

    work page 2025

  23. [23]

    N. Jain, B. Stiller, I. Khan, D. Elser, C. Marquardt, and G. Leuchs, Contemporary Physics 57, 366 (2016)

    work page 2016

  24. [24]

    Makarov, A

    V. Makarov, A. Abrikosov, P. Chaiwongkhot, A. K. Fe- dorov, A. Huang, E. Kiktenko, M. Petrov, A. Ponosova, D. Ruzhitskaya, A. Tayduganov, D. Trefilov, and K. Za- itsev, Phys. Rev. Appl. 22, 044076 (2024)

    work page 2024

  25. [25]

    Federal Office for Information Security (BSI), Implemen- tation Attacks against QKD Systems, Tech. Rep. (Federal Office for Information Security (BSI), 2023) technical re- port

    work page 2023

  26. [26]

    H.-K. Lo, M. Curty, and B. Qi, Physical Review Letters 108, 130503 (2012)

    work page 2012

  27. [27]

    Ye, J.-L

    J. Ye, J.-L. Peng, R. J. Jones, K. W. Holman, J. L. Hall, D. J. Jones, S. A. Diddams, J. Kitching, S. Bize, J. C. Bergquist, L. W. Hollberg, L. Robertsson, and L.-S. Ma, Journal of the Optical Society of America B 20, 1459 (2003)

    work page 2003

  28. [28]

    L. C. Comandar, M. Lucamarini, B. Fr¨ ohlich, J. F. Dynes, Z. Yuan, and A. J. Shields, Optics express 24, 17849 (2016)

    work page 2016

  29. [29]

    T. K. Para¨ ıso, R. I. Woodward, D. G. Marangon, V. Lovic, Z. Yuan, and A. J. Shields, Advanced Quantum Technologies 4, 2100062 (2021)

    work page 2021

  30. [30]

    H. Du, T. K. Paraiso, M. Pittaluga, Y. S. Lo, J. A. Dol- phin, and A. J. Shields, Optica 11, 1385 (2024)

    work page 2024

  31. [31]

    Peng, J.-P

    Q. Peng, J.-P. Chen, T. Xing, D. Wang, Y. Wang, Y. Liu, and A. Huang, npj Quantum Information 11, 7 (2025)

    work page 2025

  32. [32]

    Lucamarini, I

    M. Lucamarini, I. Choi, M. B. Ward, J. F. Dynes, Z. L. Yuan, and A. J. Shields, Phys. Rev. X 5, 031030 (2015)

    work page 2015

  33. [33]

    H.-K. Lo, X. Ma, and K. Chen, Physical Review Letters 94, 230504 (2005)

    work page 2005

  34. [34]

    Sajeed, I

    S. Sajeed, I. Radchenko, S. Kaiser, J.-P. Bourgoin, A. Pappa, L. Monat, M. Legr´ e, and V. Makarov, Phys. Rev. A 91, 032326 (2015)

    work page 2015

  35. [35]

    Huang, A

    A. Huang, A. Navarrete, S.-H. Sun, P. Chaiwongkhot, M. Curty, and V. Makarov, Phys. Rev. Appl. 12, 064043 (2019). 10 IV METHODS

    work page 2019

  36. [36]

    H. Tan, M. Petrov, W. Zhang, L. Han, S.-K. Liao, V. Makarov, F. Xu, and J.-W. Pan, arXiv preprint arXiv:2508.15136 (2025)

    work page internal anchor Pith review Pith/arXiv arXiv 2025

  37. [37]

    s154c photodiode power sensor specifica- tions (accessed 3 Jun 2025)

    Thorlabs inc. s154c photodiode power sensor specifica- tions (accessed 3 Jun 2025)

    work page 2025

  38. [38]

    C. W. Carr, H. B. Radousky, and S. G. Demos, Phys. Rev. Lett. 91, 127402 (2003)

    work page 2003

  39. [39]

    Curr´ as-Lorenzo, M

    G. Curr´ as-Lorenzo, M. Pereira, G. Kato, M. Curty, and K. Tamaki, Security of high-speed quantum key distri- bution with imperfect sources (2025), arXiv:2305.05930 [quant-ph]

    work page arXiv 2025

  40. [40]

    Tamaki, M

    K. Tamaki, M. Curty, and M. Lucamarini, New Journal of Physics 18, 065008 (2016)

    work page 2016

  41. [41]

    W. Wang, K. Tamaki, and M. Curty, New Journal of Physics 20, 083027 (2018)

    work page 2018

  42. [42]

    Navarrete and M

    A. Navarrete and M. Curty, Quantum Science and Tech- nology 7, 035021 (2022)

    work page 2022

  43. [43]

    Curr´ as-Lorenzo, A

    G. Curr´ as-Lorenzo, A. Navarrete, J. N´ u˜ nez-Bon, M. Pereira, and M. Curty, Quantum Science and Tech- nology 10, 035031 (2025)

    work page 2025

  44. [44]

    Sending-or-Not-Sending

    X. Sixto, ´A. Navarrete, M. Pereira, G. Curr´ as-Lorenzo, K. Tamaki, and M. Curty, Quantum Science and Tech- nology 10, 035034 (2025). 11 S1 SUPPLEMENTARY MATERIALS S1. SUPPLEMENTARY MATERIALS A. Simulation details Here we present the details of the SKR simulations displayed in Fig. 5 of the main text. Our analysis is based on the protocol description and...

    work page 2025