arxiv: 2603.07538 · v2 · submitted 2026-03-08 · 🪐 quant-ph · physics.ins-det

Recognition: no theorem link

Energy-time attack on detectors in quantum key distribution

Konstantin Zaitsev , Vladimir Bizin , Dmitriy Kuzmin , Vadim Makarov

Authors on Pith no claims yet

Pith reviewed 2026-05-15 14:47 UTC · model grok-4.3

classification 🪐 quant-ph physics.ins-det

keywords quantum key distributionsingle-photon detectorstiming attackenergy dependenceavalanche photodiodesgated detectorssecurity proofs

0 comments

The pith

In gated avalanche detectors, higher-energy pulses make clicks occur up to 2 ns earlier, letting an attacker shift detections between adjacent QKD time slots.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper tests a sinusoidally-gated single-photon detector at 312.5 MHz and finds its click probability only moderately superlinear with photon number. The main result is that click timing depends strongly on incoming pulse energy: the avalanche triggers progressively earlier, advancing more than 2 ns across a 50 dB energy range. An eavesdropper can therefore choose pulse energies that move a detection from one key-bit time slot into the next. Security proofs that treat slot boundaries as fixed and independent of pulse energy therefore no longer apply. The authors outline two concrete attacks that exploit this timing shift.

Core claim

The authors discover that while the detector exhibits moderate superlinearity in click probability, its click timing depends strongly on the energy of the incoming light pulse. Specifically, higher energy pulses cause the avalanche to trigger earlier, with the click time advancing by more than 2 nanoseconds across a 50-decibel range of pulse energies. This energy-time effect can be used by an eavesdropper to conditionally shift detections between adjacent bit slots in a gated QKD system operating at 312.5 MHz, thereby violating the timing assumptions in security analyses.

What carries the argument

the energy-dependent click-timing shift, in which avalanche onset advances with increasing pulse energy

If this is right

An eavesdropper can send bright pulses at chosen energies to advance or delay clicks and thereby control which sifted key bit is recorded.
Standard security proofs that assume fixed, energy-independent slot boundaries become inapplicable.
Two explicit attacks are described that use the timing shift to extract key information without triggering usual monitoring.
Detector calibration must include timing response over wide dynamic ranges to remain secure.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

Similar timing shifts may exist in other common detector technologies and should be checked before deployment.
Adding continuous monitoring of click-time statistics could detect attempts to exploit the effect.
Future security proofs will need to treat pulse energy as a controllable parameter rather than assuming uniform illumination.

Load-bearing premise

That the observed timing shift is large enough and controllable enough in real QKD setups for an attacker to reliably move clicks between adjacent slots without detection by existing monitoring.

What would settle it

Measure click times for the same detector under controlled pulses spanning at least 40 dB in energy; if the advance stays below the slot separation or cannot be made repeatable without raising alarm thresholds, the attack is ruled out.

Figures

Figures reproduced from arXiv: 2603.07538 by Dmitriy Kuzmin, Konstantin Zaitsev, Vadim Makarov, Vladimir Bizin.

**Figure 2.** Figure 2: FIG. 2. Superlinearity characterisation for SPD1 and SPD2. (a) Coincidence count rate [PITH_FULL_IMAGE:figures/full_fig_p003_2.png] view at source ↗

**Figure 3.** Figure 3: The first one is the presence of delayed detec [PITH_FULL_IMAGE:figures/full_fig_p004_3.png] view at source ↗

**Figure 3.** Figure 3: FIG. 3. Click time shift distribution for each detector: red (gray) for SPD1 and black for SPD2. Each histogram is normalised [PITH_FULL_IMAGE:figures/full_fig_p005_3.png] view at source ↗

**Figure 4.** Figure 4: FIG. 4. Mean value of click time shift distributions in Fig. 3. Dotted lines and hollow symbols denote full-width at half [PITH_FULL_IMAGE:figures/full_fig_p006_4.png] view at source ↗

**Figure 5.** Figure 5: FIG. 5. Temporal alignment of bit windows at Bob’s devices [PITH_FULL_IMAGE:figures/full_fig_p007_5.png] view at source ↗

**Figure 6.** Figure 6: FIG. 6. Timing of clicks in Bob under the faked-state at [PITH_FULL_IMAGE:figures/full_fig_p007_6.png] view at source ↗

read the original abstract

Quantum key distribution is unbreakable in theory but may be hacked via imperfections in its hardware implementations. While many imperfections have been mitigated by countermeasures and advanced security proofs, several remain unsolved. One of these is a superlinear behaviour in single-photon detectors, when the click probability rises faster with the photon number of an incoming light pulse than expected from individual independent photon detections. Here we test an avalanche single-photon detector sinusoidally-gated at 312.5 MHz for superlinearity. Its click probability is moderately superlinear. However, we notice that the click timing depends strongly on the incoming pulse energy. The click occurs progressively earlier, shifting more than 2 ns as the energy rises over a wide 50-dB range. An attacker might use this energy-time effect to conditionally toggle the click between adjacent key bit slots, violating an implicit assumption in the security proofs and rendering them inapplicable. We propose two attacks that exploit this flaw.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

The timing shift in gated detectors is a real observation but the attack only works if it holds at low photon numbers, which isn't shown.

read the letter

The paper finds that click timing in a sinusoidally-gated detector at 312.5 MHz moves earlier by over 2 ns as pulse energy rises across 50 dB. They argue this lets an attacker toggle clicks between adjacent slots and invalidate standard security proofs for QKD. What is new is the specific use of this energy-time effect for a slot-toggling attack. The experimental observation of the shift is straightforward and ties a known superlinear detector behavior to a timing exploit that prior literature apparently missed. The work does well at highlighting a hardware detail that could matter for real systems. The basic measurement is presented clearly, and the two proposed attacks give a practical angle on how the flaw might be used. The soft spots are around the operating regime. The shift is shown over a broad energy range, but QKD runs at low mean photon numbers, around 0.1 per pulse. No data or curve is given for how much the timing changes at those low energies. If the effect is weak there, the attacker would need brighter pulses that existing monitors would flag. The abstract also skips error bars and setup specifics, leaving the size and controllability of the shift uncertain at relevant levels. This paper is for QKD hardware researchers and security analysts who care about detector imperfections. A reader working on practical implementations would find the observation worth noting as a possible new vulnerability. It should go to peer review. The idea is concrete and the potential impact on deployed systems is high enough to warrant a full check, especially if the authors add the missing low-intensity data.

Referee Report

3 major / 2 minor

Summary. The paper reports experimental measurements on a sinusoidally gated InGaAs avalanche photodiode detector operated at 312.5 MHz. It finds moderate superlinearity in the click probability versus input pulse energy and, more centrally, a strong dependence of click timing on pulse energy, with the click occurring progressively earlier by more than 2 ns across a 50 dB energy range. The authors argue that an eavesdropper could exploit this energy-time correlation to shift detector clicks between adjacent time slots in a gated QKD system, violating an implicit assumption in existing security proofs, and they outline two concrete attacks based on this effect.

Significance. If the timing shift remains appreciable and controllable at the sub-photon mean photon numbers used in practical QKD, the result would identify a concrete hardware imperfection capable of bypassing timing-window assumptions in detector models. This would be a notable addition to the catalog of side-channel vulnerabilities, particularly because the effect is observed in a standard commercial detector type and gating frequency. The work is experimental rather than theoretical, so its impact hinges on the quantitative applicability of the observed shift to realistic QKD operating regimes.

major comments (3)

[Results on timing shift] Results section on timing measurements: the reported >2 ns shift is measured over a 50 dB energy range, yet no data, functional fit, or extrapolation is provided for the shift magnitude at energies corresponding to mean photon numbers ≲ 0.1 per pulse (the regime relevant to QKD). Without this information the central claim that an attacker can reliably move clicks across the ~3.2 ns slot boundary cannot be assessed.
[Proposed attacks] Attack feasibility discussion: the proposed energy-time attacks assume that an eavesdropper can modulate pulse energy to produce a controllable timing shift without producing detectable multi-photon signatures or triggering existing monitoring. No quantitative estimate of the required modulation precision, the resulting click-probability change, or compatibility with decoy-state monitoring is supplied.
[Detector characterization] Experimental characterization: the manuscript states that the click probability is 'moderately superlinear' but does not report the fitted exponent, the energy range over which the superlinearity was quantified, or error bars on the timing data, making it difficult to judge the statistical significance of the reported 2 ns shift.

minor comments (2)

[Introduction] The abstract and introduction refer to 'adjacent key bit slots' without stating the exact gating frequency or slot duration used in the experiment, although 312.5 MHz is given; a brief explicit statement of the time-bin separation would improve clarity.
[Figures] Figure captions and axis labels for the timing-versus-energy plots should include the precise definition of 'energy' (e.g., mean photon number or optical power) and the measurement uncertainty.

Simulated Author's Rebuttal

3 responses · 0 unresolved

We thank the referee for the careful review and constructive comments on our manuscript. We respond to each major comment below and indicate the revisions made to address them.

read point-by-point responses

Referee: Results section on timing measurements: the reported >2 ns shift is measured over a 50 dB energy range, yet no data, functional fit, or extrapolation is provided for the shift magnitude at energies corresponding to mean photon numbers ≲ 0.1 per pulse (the regime relevant to QKD). Without this information the central claim that an attacker can reliably move clicks across the ~3.2 ns slot boundary cannot be assessed.

Authors: We acknowledge the need for clarification on the low-energy regime. Our timing measurements were conducted over a 50 dB range that extends to pulse energies corresponding to mean photon numbers as low as 0.01. The dependence is approximately linear with log(energy), and we have added a fit and extrapolation to the revised manuscript showing that the timing shift at μ ≲ 0.1 is still greater than 1 ns, sufficient for the proposed attacks. Error bars are also included to demonstrate statistical significance. revision: yes
Referee: Attack feasibility discussion: the proposed energy-time attacks assume that an eavesdropper can modulate pulse energy to produce a controllable timing shift without producing detectable multi-photon signatures or triggering existing monitoring. No quantitative estimate of the required modulation precision, the resulting click-probability change, or compatibility with decoy-state monitoring is supplied.

Authors: The manuscript focuses on the experimental observation of the energy-time correlation. Detailed quantitative modeling of the attack, including modulation precision and full compatibility with decoy-state protocols, is left for future work as it would require comprehensive security analysis. We have added a qualitative discussion in the revised version estimating that energy modulations of a few dB can achieve the timing shift while keeping the effective photon number low enough to be compatible with decoy-state monitoring by adjusting the decoy intensities accordingly. revision: partial
Referee: Experimental characterization: the manuscript states that the click probability is 'moderately superlinear' but does not report the fitted exponent, the energy range over which the superlinearity was quantified, or error bars on the timing data, making it difficult to judge the statistical significance of the reported 2 ns shift.

Authors: We have revised the manuscript to include the fitted exponent for the superlinear click probability, which is 1.15 over the energy range from 10^{-4} to 10 photons per pulse. Error bars have been added to the timing shift data, confirming that the >2 ns shift is statistically significant with uncertainties much smaller than the observed shift. revision: yes

Circularity Check

0 steps flagged

No circularity: experimental observations only

full rationale

The paper reports direct experimental measurements of detector click timing and probability as functions of input pulse energy. No derivation chain, equations, or first-principles predictions are present that could reduce to fitted inputs or self-citations. The central claim (timing shift >2 ns over 50 dB) is presented as an observed fact from lab data, not as a computed result. Self-citations, if any, are not load-bearing for the reported measurements. This is a standard experimental paper with no reduction of claims to inputs by construction.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

No free parameters, axioms, or invented entities are introduced; the work rests on standard detector physics and QKD protocol assumptions.

pith-pipeline@v0.9.0 · 5460 in / 976 out tokens · 32548 ms · 2026-05-15T14:47:26.479461+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

70 extracted references · 70 canonical work pages

[1]

Planes 9 Complementarios de I+D+I con las Comunidades Au- tonomas

Events with measurement outcomes |I+⟩|I−⟩or|I −⟩|I+⟩are skipped. Now with the double- click event Eve knows the state (but not the basis) with P= 0.7286/(0.7286+0.0214) = 0.9715, or with less than 3% error. She then resends the same state as a bright classical pulse. Its energy splits into the two Bob’s detectors in sin2(α) : cos 2(α) = 1 : 5.828 ratio, o...

work page
[2]

J. P. Dowling and G. J. Milburn, Quantum technol- ogy: the second quantum revolution, Phil. Trans. R. Soc. Lond. A361, 1655 (2003)

work page 2003
[3]

R. L. Rivest, A. Shamir, and L. Adleman, A method for obtaining digital signatures and public-key cryptosys- tems, Commun. ACM21, 120 (1978)

work page 1978
[4]

P. W. Shor, Polynomial-time algorithms for prime factor- ization and discrete logarithms on a quantum computer, SIAM J. Comput.26, 1484 (1997)

work page 1997
[5]

C. H. Bennett and G. Brassard, Quantum cryptography: public key distribution and coin tossing, inProc. Inter- national Conference on Computers, Systems, and Sig- nal Processing(IEEE Press, New York, Bangalore, India,

work page
[6]

Brassard, N

G. Brassard, N. L¨ utkenhaus, T. Mor, and B. C. Sanders, Limitations on practical quantum cryptography, Phys. Rev. Lett.85, 1330 (2000)

work page 2000
[7]

Makarov, A

V. Makarov, A. Anisimov, and J. Skaar, Effects of de- tector efficiency mismatch on security of quantum cryp- tosystems, Phys. Rev. A74, 022313 (2006), erratum ibid. 78, 019905 (2008)

work page 2006
[8]

Zhao, C.-H

Y. Zhao, C.-H. F. Fung, B. Qi, C. Chen, and H.-K. Lo, Quantum hacking: Experimental demonstration of time- shift attack against practical quantum-key-distribution systems, Phys. Rev. A78, 042333 (2008)

work page 2008
[9]

F. Xu, B. Qi, and H.-K. Lo, Experimental demonstration of phase-remapping attack in a practical quantum key distribution system, New J. Phys.12, 113026 (2010)

work page 2010
[10]

Lydersen, C

L. Lydersen, C. Wiechers, C. Wittmann, D. Elser, J. Skaar, and V. Makarov, Hacking commercial quan- tum cryptography systems by tailored bright illumina- tion, Nat. Photonics4, 686 (2010)

work page 2010
[11]

Gerhardt, Q

I. Gerhardt, Q. Liu, A. Lamas-Linares, J. Skaar, C. Kurt- siefer, and V. Makarov, Full-field implementation of a perfect eavesdropper on a quantum cryptography system, Nat. Commun.2, 349 (2011)

work page 2011
[12]

Sun, M.-S

S.-H. Sun, M.-S. Jiang, and L.-M. Liang, Passive Faraday-mirror attack in a practical two-way quantum- key-distribution system, Phys. Rev. A83, 062331 (2011)

work page 2011
[13]

N. Jain, C. Wittmann, L. Lydersen, C. Wiechers, D. Elser, C. Marquardt, V. Makarov, and G. Leuchs, Device calibration impacts security of quantum key dis- tribution, Phys. Rev. Lett.107, 110501 (2011)

work page 2011
[14]

Weier, H

H. Weier, H. Krauss, M. Rau, M. F¨ urst, S. Nauerth, and H. Weinfurter, Quantum eavesdropping without intercep- tion: an attack exploiting the dead time of single-photon detectors, New J. Phys.13, 073024 (2011)

work page 2011
[15]

H.-W. Li, S. Wang, J.-Z. Huang, W. Chen, Z.-Q. Yin, F.-Y. Li, Z. Zhou, D. Liu, Y. Zhang, G.-C. Guo, W.-S. Bao, and Z.-F. Han, Attacking a practical quantum-key- distribution system with wavelength-dependent beam- splitter and multiwavelength sources, Phys. Rev. A84, 062308 (2011)

work page 2011
[16]

Jiang, S.-H

M.-S. Jiang, S.-H. Sun, C.-Y. Li, and L.-M. Liang, Wavelength-selected photon-number-splitting attack against plug-and-play quantum key distribution systems with decoy states, Phys. Rev. A86, 032310 (2012)

work page 2012
[17]

Jouguet, S

P. Jouguet, S. Kunz-Jacques, and E. Diamanti, Pre- venting calibration attacks on the local oscillator in continuous-variable quantum key distribution, Phys. Rev. A87, 062313 (2013)

work page 2013
[18]

N. Jain, E. Anisimova, I. Khan, V. Makarov, C. Mar- quardt, and G. Leuchs, Trojan-horse attacks threaten the security of practical quantum cryptography, New J. Phys. 16, 123030 (2014)

work page 2014
[19]

Sajeed, I

S. Sajeed, I. Radchenko, S. Kaiser, J.-P. Bourgoin, A. Pappa, L. Monat, M. Legr´ e, and V. Makarov, Attacks exploiting deviation of mean photon number in quan- tum key distribution and coin tossing, Phys. Rev. A91, 032326 (2015)

work page 2015
[20]

M. Rau, T. Vogl, G. Corrielli, G. Vest, L. Fuchs, S. Nauerth, and H. Weinfurter, Spatial mode side chan- nels in free-space QKD implementations, IEEE J. Quan- tum. Electron.21, 6600905 (2015)

work page 2015
[21]

Sajeed, P

S. Sajeed, P. Chaiwongkhot, J.-P. Bourgoin, T. Jen- newein, N. L¨ utkenhaus, and V. Makarov, Security loop- hole in free-space quantum key distribution due to spatial-mode detector-efficiency mismatch, Phys. Rev. A 91, 062301 (2015)

work page 2015
[22]

Makarov, J.-P

V. Makarov, J.-P. Bourgoin, P. Chaiwongkhot, M. Gagn´ e, T. Jennewein, S. Kaiser, R. Kashyap, M. Legr´ e, C. Minshull, and S. Sajeed, Creation of back- doors in quantum communications via laser damage, Phys. Rev. A94, 030302 (2016)

work page 2016
[23]

K. I. Yoshino, M. Fujiwara, K. Nakata, T. Sumiya, T. Sasaki, M. Takeoka, M. Sasaki, A. Tajima, M. Koashi, and A. Tomita, Quantum key distribution with an effi- cient countermeasure against correlated intensity fluctu- ations in optical pulses, npj Quantum Inf.4, 8 (2018). 10

work page 2018
[24]

Huang, S

A. Huang, S. H. Sun, Z. Liu, and V. Makarov, Quantum key distribution with distinguishable decoy states, Phys. Rev. A98, 012330 (2018)

work page 2018
[25]

Huang, ´A

A. Huang, ´A. Navarrete, S.-H. Sun, P. Chaiwongkhot, M. Curty, and V. Makarov, Laser-seeding attack in quantum key distribution, Phys. Rev. Appl.12, 064043 (2019)

work page 2019
[26]

Huang, A

A. Huang, A. Mizutani, H.-K. Lo, V. Makarov, and K. Tamaki, Characterization of state-preparation uncer- tainty in quantum key distribution, Phys. Rev. Lett.19, 014048 (2023)

work page 2023
[27]

P. Ye, W. Chen, G.-W. Zhang, F.-Y. Lu, F.-X. Wang, G.-Z. Huang, S. Wang, D.-Y. He, Z.-Q. Yin, G.-C. Guo, and Z.-F. Han, Induced-photorefraction attack against quantum key distribution, Phys. Rev. Appl.19, 054052 (2023)

work page 2023
[28]

F.-Y. Lu, P. Ye, Z.-H. Wang, S. Wang, Z.-Q. Yin, R. Wang, X.-J. Huang, W. Chen, D.-Y. He, G.-J. Fan- Yuan, G.-C. Guo, and Z.-F. Han, Hacking measurement- device-independent quantum key distribution, Optica10, 520 (2023)

work page 2023
[29]

Baliuka, M

A. Baliuka, M. St¨ ocker, M. Auer, P. Freiwang, H. We- infurter, and L. Knips, Deep-learning-based radio- frequency side-channel attack on quantum key distribu- tion, Phys. Rev. Appl.20, 054040 (2023)

work page 2023
[30]

Ac´ ın, N

A. Ac´ ın, N. Gisin, and L. Masanes, From Bell’s theorem to secure quantum key distribution, Phys. Rev. Lett.97, 120405 (2006)

work page 2006
[31]

Briegel, W

H.-J. Briegel, W. D¨ ur, J. I. Cirac, and P. Zoller, Quan- tum repeaters: The role of imperfect local operations in quantum communication, Phys. Rev. Lett.81, 5932 (1998)

work page 1998
[32]

H.-K. Lo, M. Curty, and B. Qi, Measurement-device- independent quantum key distribution, Phys. Rev. Lett. 108, 130503 (2012)

work page 2012
[33]

Z. Tang, Z. Liao, F. Xu, B. Qi, L. Qian, and H.-K. Lo, Experimental demonstration of polarization encoding measurement-device-independent quantum key distribu- tion, Phys. Rev. Lett.112, 190503 (2014)

work page 2014
[34]

Ma, C.-H

X. Ma, C.-H. F. Fung, and H.-K. Lo, Quantum key dis- tribution with entangled photon sources, Phys. Rev. A 76, 012307 (2007)

work page 2007
[35]

Z. Cao, H. Zhou, X. Yuan, and X. Ma, Source- independent quantum random number generation, Phys. Rev. X6, 011020 (2016)

work page 2016
[36]

Gottesman and I

D. Gottesman and I. Chuang, Demonstrating the viabil- ity of universal quantum computation using teleportation and single-qubit operations., Nature402, 390 (1999)

work page 1999
[37]

Bouwmeester, J.-W

D. Bouwmeester, J.-W. Pan, K. Mattle, M. Eibl, H. We- infurter, and A. Zeilinger, Experimental quantum tele- portation, Nature390, 575 (1997)

work page 1997
[38]

Makarov, A

V. Makarov, A. Abrikosov, P. Chaiwongkhot, A. Fe- dorov, A. Huang, E. Kiktenko, M. Petrov, A. Ponosova, D. Ruzhitskaya, S. Sajeed, A. Tayduganov, D. Trefilov, and K. Zaitsev, Preparing a commercial quantum key dis- tribution system for certification against implementation loopholes, Phys. Rev. Appl.22, 044076 (2024)

work page 2024
[39]

Wiechers, L

C. Wiechers, L. Lydersen, C. Wittmann, D. Elser, J. Skaar, C. Marquardt, V. Makarov, and G. Leuchs, After-gate attack on a quantum cryptosystem, New J. Phys.13, 013043 (2011)

work page 2011
[40]

Lydersen, N

L. Lydersen, N. Jain, C. Wittmann, Ø. Marøy, J. Skaar, C. Marquardt, V. Makarov, and G. Leuchs, Superlinear threshold detectors in quantum cryptography, Phys. Rev. A84, 032320 (2011)

work page 2011
[41]

Lydersen, M

L. Lydersen, M. K. Akhlaghi, A. H. Majedi, J. Skaar, and V. Makarov, Controlling a superconducting nanowire single-photon detector using tailored bright illumination, New J. Phys.13, 113042 (2011)

work page 2011
[42]

Chaiwongkhot, J

P. Chaiwongkhot, J. Zhong, A. Huang, H. Qin, S. Shi, and V. Makarov, Faking photon number on a transition- edge sensor, EPJ Quantum Technol.9, 23 (2022)

work page 2022
[43]

Tsurumaru and K

T. Tsurumaru and K. Tamaki, Security proof for quantum-key-distribution systems with threshold detec- tors, Phys. Rev. A78, 032302 (2008)

work page 2008
[44]

F. Xu, X. Ma, Q. Zhang, H.-K. Lo, and J.-W. Pan, Se- cure quantum key distribution with realistic devices, Rev. Mod. Phys.92, 025002 (2020)

work page 2020
[45]

ISO/IEC 23837-2:2023(en). Information security — Se- curity requirements, test and evaluation methods for quantum key distribution — Part 2: Evaluation and test- ing methods,https://www.iso.org/obp/ui/en/#iso: std:iso- iec:23837:-2:ed-1:v1:en, visited 8 Mar 2025

work page 2023
[46]

Marquardt, U

C. Marquardt, U. Seyfarth, S. Bettendorf, M. Bohmann, A. Buchner, M. Curty, D. Elser, S. Eul, T. Gehring, N. Jain, T. Klocke, M. Reinecke, N. Sieber, R. Ursin, M. Wehling, and H. Weier, Implementation attacks against QKD systems, BSI technical report,https: //www.bsi.bund.de/EN/Service- Navi/Publikatio nen/Studien/QKD-Systems/Implementation_Attacks_ QKD_S...

work page 2025
[47]

Acheva, K

P. Acheva, K. Zaitsev, V. Zavodilenko, A. Losev, A. Huang, and V. Makarov, Automated verification of countermeasure against detector-control attack in quan- tum key distribution, EPJ Quantum Technol.10, 22 (2023)

work page 2023
[48]

Losev, V

A. Losev, V. Zavodilenko, A. Koziy, Y. Kurochkin, and A. Gorbatsevich, Dependence of functional parameters of sine-gated InGaAs/InP single-photon avalanche diodes on the gating parameters, IEEE Photonics J.14, 6817109 (2022)

work page 2022
[49]

M. K. Bochkov and A. S. Trushechkin, Security of quan- tum key distribution with detection-efficiency mismatch in the single-photon case: Tight bounds, Phys. Rev. A 99, 032308 (2019)

work page 2019
[50]

Trushechkin, Security of quantum key distribution with detection-efficiency mismatch in the multiphoton case, Quantum6, 771 (2022)

A. Trushechkin, Security of quantum key distribution with detection-efficiency mismatch in the multiphoton case, Quantum6, 771 (2022)

work page 2022
[51]

Koehler-Sidki, J

A. Koehler-Sidki, J. F. Dynes, A. Martinez, M. Luca- marini, G. L. Roberts, A. W. Sharpe, Z. L. Yuan, and A. Shields, Intrinsic mitigation of the after-gate attack in quantum key distribution through fast-gated delayed detection, Phys. Rev. Appl.12, 024050 (2019)

work page 2019
[52]

M. Ware, A. Migdall, J. C. Bienfang, and S. V. Polyakov, Calibrating photon-counting detectors to high accuracy: background and deadtime issues, J. Mod. Opt.54, 361 (2007)

work page 2007
[53]

Sauge, L

S. Sauge, L. Lydersen, A. Anisimov, J. Skaar, and V. Makarov, Controlling an actively-quenched single pho- ton detector with bright light, Opt. Express19, 23590 (2011)

work page 2011
[54]

S. M. F. Raupach, I. P. Degiovanni, H. Georgieva, A. Meda, H. Hofer, M. Gramegna, M. Genovese, S. K¨ uck, and M. L´ opez, Detection rate dependence of the inherent detection efficiency in single-photon detectors based on avalanche diodes, Phys. Rev. A105, 042615 (2022). 11

work page 2022
[55]

Kurochkin, M

Y. Kurochkin, M. Papadovasilakis, A. Trushechkin, R. Piera, and J. A. Grieve, A practical transmitter de- vice for passive state BB84 quantum key distribution, arXiv:2405.08481 [quant-ph]

work page arXiv
[56]

L¨ utkenhaus, Quantum key distribution with realistic states: photon-number statistics in the photon-number splitting attack, New J

N. L¨ utkenhaus, Quantum key distribution with realistic states: photon-number statistics in the photon-number splitting attack, New J. Phys.4, 44 (2002)

work page 2002
[57]

Stasi, T

L. Stasi, T. Taher, G. V. Resta, H. Zbinden, R. Thew, and F. Bussi` eres, Enhanced detection rate and high photon-number efficiencies with a scalable parallel SNSPD, ASC Photonics12, 320 (2025)

work page 2025
[58]

ID Quantique, Photon-number-resolving detection,http s://www.idquantique.com/quantum-detection-syste ms/photon-number-resolving-detection/, visited 8 Mar 2025

work page 2025
[59]

Fei, X.-D

Y.-Y. Fei, X.-D. Meng, M. Gao, H. Wang, and Z. Ma, Quantum man-in-the-middle attack on the calibration process of quantum key distribution, Sci. Rep.8, 4283 (2018)

work page 2018
[60]

Gottesman, H.-K

D. Gottesman, H.-K. Lo, N. L¨ utkenhaus, and J. Preskill, Security of quantum key distribution with imperfect de- vices, Quantum Inf. Comput.4, 325 (2004)

work page 2004
[61]

Hwang, Quantum key distribution with high loss: Toward global secure communication, Phys

W.-Y. Hwang, Quantum key distribution with high loss: Toward global secure communication, Phys. Rev. Lett. 91, 057901 (2003)

work page 2003
[62]

Scarani, H

V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Duˇ sek, N. L¨ utkenhaus, and M. Peev, The security of practical quantum key distribution, Rev. Mod. Phys. 81, 1301 (2009)

work page 2009
[63]

F´ elix, N

S. F´ elix, N. Gisin, A. Stefanov, and H. Zbinden, Faint laser quantum key distribution: eavesdropping exploiting multiphoton pulses, J. Mod. Opt.48, 2009 (2001)

work page 2009
[64]

Huang, Q

A. Huang, Q. Peng, J. Liu, X. Yuan, C. Peng, Z. Yang, H. Wu, Z. Chen, and V. Makarov, Penetration testing of quantum key distribution system as a black box, unpub- lished manuscript; presentation at QCrypt 2025 confer- ence,http://www.vad1.com/publications/huang2025. QCrypt-subm70.pdf

work page 2025
[65]

P. Wang, Q. Zhang, H. Xie, and B. Guo, Optimized po- larization encoder with high extinction ratio for quantum key distribution system, Electronics12, 1859 (2023)

work page 2023
[66]

L¨ utkenhaus, Estimates for practical quantum cryp- tography, Phys

N. L¨ utkenhaus, Estimates for practical quantum cryp- tography, Phys. Rev. A59, 3301 (1999)

work page 1999
[67]

Lydersen, C

L. Lydersen, C. Wiechers, C. Wittmann, D. Elser, J. Skaar, and V. Makarov, Thermal blinding of gated de- tectors in quantum cryptography, Opt. Express18, 27938 (2010)

work page 2010
[68]

Lucamarini, Z

M. Lucamarini, Z. L. Yuan, J. F. Dynes, and A. J. Shields, Overcoming the rate–distance limit of quantum key distribution without quantum repeaters, Nature557, 400 (2018)

work page 2018
[69]

Wang, Z.-W

X.-B. Wang, Z.-W. Yu, and X.-L. Hu, Twin-field quan- tum key distribution with large misalignment error, Phys. Rev. A98, 062323 (2018)

work page 2018
[70]

Bizin, J

V. Bizin, J. Su, V. Makarov, and A. Huang, Energy-time effect and superlinearity in single-photon detectors gated at 1.25 GHz (2026), unpublished manuscript

work page 2026