Security loophole in free-space quantum key distribution due to spatial-mode detector-efficiency mismatch

In free-space quantum key distribution (QKD), the sensitivity of the receiver's detector channels may depend differently on the spatial mode of incoming photons. Consequently, an attacker can control the spatial mode to break security. We experimentally investigate a standard polarization QKD receiver, and identify sources of efficiency mismatch in its optical scheme. We model a practical intercept-and-resend attack and show that it would break security in most situations. We show experimentally that adding an appropriately chosen spatial filter at the receiver's entrance is an effective countermeasure.