pith. sign in

arxiv: 2605.22580 · v1 · pith:CF77DHFHnew · submitted 2026-05-21 · 🪐 quant-ph

Practical Countermeasure Against Attacks Exploiting Detection Efficiency Mismatch in Quantum Key Distribution

Ben J. Taylor , Peter R. Smith , James F. Dynes , Robert I. Woodward , Marco Lucamarini , R. Mark Stevenson , Andrew J. Shields This is my paper

Pith reviewed 2026-05-22 05:27 UTC · model grok-4.3

classification 🪐 quant-ph
keywords quantum key distributiondetection efficiency mismatchtime-shift attackfour-state countermeasureside-channel attackspractical QKDGHz prototype
0
0 comments X

The pith

Implementing the four-state countermeasure recovers nearly the full ideal secret key rate in QKD systems facing detection efficiency mismatch attacks.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper demonstrates a practical implementation of the four-state countermeasure on a real GHz-clocked QKD prototype to defend against attacks that exploit uneven responses of detectors to incoming photons across degrees of freedom. This class of attacks includes the time-shift attack, which uses arrival time as a side channel to extract information. Their experiments show that adding this countermeasure allows the system to regain almost its full ideal secret key rate. A sympathetic reader would care because it converts a previously theoretical protection into a working component that keeps QKD performance high while blocking a broad set of quantum hacking strategies.

Core claim

The four-state countermeasure, when implemented on a GHz-clocked QKD prototype, enables almost complete recovery of the system's ideal secret key rate against attacks exploiting detection efficiency mismatch.

What carries the argument

The four-state countermeasure, which sends photons in four states to remove side-channel information arising from detector efficiency variations.

If this is right

  • Future QKD systems can incorporate the four-state countermeasure as a standard feature for protection against detection efficiency mismatch.
  • The approach maintains high secret key rates in high-speed GHz-clocked setups while adding security.
  • Experimental results justify using the countermeasure in scalable and practical QKD deployments.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Hardware designs for QKD receivers could tolerate more variation in detector efficiency if this countermeasure is used.
  • The same state-selection principle might be adapted to counter other side channels in quantum communication devices.
  • Widespread use could lower the cost of achieving secure QKD by reducing the need for perfectly matched detectors.

Load-bearing premise

The four-state countermeasure in the prototype behaves exactly as the prior theoretical security proof assumes, without introducing new side channels or deviations from the modeled detection statistics.

What would settle it

Measure the secret key rate of the prototype under a controlled time-shift attack both with and without the four-state countermeasure active, and check whether the rate approaches the ideal value only when the countermeasure is present.

Figures

Figures reproduced from arXiv: 2605.22580 by Andrew J. Shields, Ben J. Taylor, James F. Dynes, Marco Lucamarini, Peter R. Smith, R. Mark Stevenson, Robert I. Woodward.

Figure 1
Figure 1. Figure 1: FIG. 1. Conceptual schematic of a time-shift attack. HOS: [PITH_FULL_IMAGE:figures/full_fig_p002_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: FIG. 2. Key components for experimental characterisation of a fibre-based, GHz-clocked, phase-encoding QKD system’s [PITH_FULL_IMAGE:figures/full_fig_p003_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: FIG. 3. Normalized detection efficiency of APD 0 and APD 1 [PITH_FULL_IMAGE:figures/full_fig_p003_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: FIG. 4. Bit-0 normalised detection bias across a 495 ps window, [PITH_FULL_IMAGE:figures/full_fig_p004_4.png] view at source ↗
Figure 5
Figure 5. Figure 5: FIG. 5. Asymptotic secret key rates (SKR) in bits per single [PITH_FULL_IMAGE:figures/full_fig_p004_5.png] view at source ↗
read the original abstract

We demonstrate a practical countermeasure against a well-known class of attacks on quantum key distribution (QKD) systems that exploit detection efficiency mismatch, where the receiver's detectors do not exhibit identical responses to incoming photons across all degrees of freedom. This class of quantum hacking strategies is broad and significantly includes the time-shift attack, which targets an arrival-time-dependent side channel at the receiver. The four-state countermeasure, previously only proven to be secure in theory, is implemented here on a GHz-clocked prototype QKD system and evaluated for its security and performance. We show that its presence enables almost complete recovery of the system's ideal secret key rate. Our results provide strong justification for adopting this countermeasure as a standard component in future scalable and practical QKD systems.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. The manuscript demonstrates an experimental implementation of the four-state countermeasure against detection-efficiency-mismatch attacks (including time-shift attacks) on a GHz-clocked QKD prototype. The authors report that the countermeasure restores nearly the ideal secret key rate and conclude that it should become a standard component in practical QKD systems.

Significance. If the experimental controls and model fidelity are verified, the work supplies a concrete hardware demonstration of a previously theoretical countermeasure, strengthening the case for its adoption in high-speed QKD deployments. The GHz prototype implementation itself is a positive contribution to bridging theory and experiment.

major comments (2)
  1. [Abstract / Results] Abstract and Results: the central claim of 'almost complete recovery' of the ideal secret key rate is presented without quantitative error bars, baseline comparisons to the uncountermeasured case, or details on how the attack conditions were emulated, leaving the quantitative performance assertion unsupported by the reported data.
  2. [Security analysis / Experimental validation] Security analysis / Experimental validation: no quantitative comparison of pre- and post-countermeasure detection-efficiency curves or side-channel audit is provided to confirm that the implemented four-state protocol produces statistics matching the assumptions of the prior theoretical proof (identical response to the four states, no new side-channels, mismatch parameters within proven bounds).
minor comments (2)
  1. Clarify the exact definition of 'ideal secret key rate' used for the recovery comparison and state whether it is computed from the same raw data or from a separate reference run.
  2. Add explicit statements on the finite-key analysis and the statistical confidence intervals attached to the reported key rates.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the careful reading and constructive comments on our manuscript. We address each major comment below and will revise the manuscript accordingly to strengthen the quantitative support and security validation.

read point-by-point responses

  1. Referee: [Abstract / Results] Abstract and Results: the central claim of 'almost complete recovery' of the ideal secret key rate is presented without quantitative error bars, baseline comparisons to the uncountermeasured case, or details on how the attack conditions were emulated, leaving the quantitative performance assertion unsupported by the reported data.

    Authors: We agree that the abstract and results section would benefit from more explicit quantitative details. While the full manuscript reports experimental secret key rates under the implemented countermeasure, we acknowledge that error bars, direct numerical comparisons to the uncountermeasured baseline, and a precise description of the attack emulation (including specific mismatch parameters and time-shift values) are not sufficiently detailed in the current presentation. In the revised version we will update the abstract with quantitative recovery figures including uncertainties, add a table or plot in the results section showing pre- and post-countermeasure key rates, and include a dedicated paragraph describing the experimental emulation of the detection-efficiency mismatch. revision: yes

  2. Referee: [Security analysis / Experimental validation] Security analysis / Experimental validation: no quantitative comparison of pre- and post-countermeasure detection-efficiency curves or side-channel audit is provided to confirm that the implemented four-state protocol produces statistics matching the assumptions of the prior theoretical proof (identical response to the four states, no new side-channels, mismatch parameters within proven bounds).

    Authors: We appreciate this observation on the link between experiment and theory. The manuscript demonstrates the performance recovery achieved by the four-state countermeasure on the GHz prototype, but we agree that an explicit quantitative comparison of detection-efficiency curves and a side-channel audit would better confirm consistency with the theoretical assumptions. In the revision we will add measured detection-efficiency data for each of the four states before and after countermeasure implementation, showing that the responses are identical within experimental precision. We will also include an audit verifying the absence of new side-channels and confirming that the observed mismatch parameters remain within the bounds required by the security proof. revision: yes

Circularity Check

0 steps flagged

No significant circularity in experimental QKD countermeasure implementation

full rationale

The paper reports an experimental demonstration of the four-state countermeasure on a GHz-clocked QKD prototype, with the central result of near-complete ideal secret key rate recovery obtained directly from hardware measurements and observed detection statistics. No derivation chain reduces a claimed prediction or first-principles result to its own inputs by construction, nor does any fitted parameter get relabeled as an independent prediction. The reference to prior theoretical security proofs functions as external support for the modeled behavior rather than a load-bearing self-citation or self-definitional loop within this work. The analysis remains self-contained against external benchmarks because the reported performance rests on empirical data rather than equations that equate outputs to the paper's own assumptions or fits.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The central claim rests on the assumption that the four-state countermeasure's security proof applies unchanged to the specific hardware implementation and that the prototype's detection statistics match the modeled mismatch without additional unaccounted side channels.

axioms (1)
  • domain assumption The four-state countermeasure provides security against detection-efficiency-mismatch attacks as previously proven in theory
    Abstract states the countermeasure was previously only proven secure in theory and now implemented; security therefore inherits from that prior proof.

pith-pipeline@v0.9.0 · 5679 in / 1095 out tokens · 31916 ms · 2026-05-22T05:27:03.809911+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

47 extracted references · 47 canonical work pages

  1. [1]

    Eve controls a high-speed optical switch inserted into the channel, allowing her to choose between a shorter and longer optical path than the original fibre link, and so perturb the time-of-flight of each optical pulse passing through the channel. Using tunable optical delay lines and low-loss fibre [29], Eve can optimize these two time-shifts such that t...

    work page

  2. [2]

    J. F. Dynes, A. Wonfor, W. W.-S. Tam, A. W. Sharpe, R. Takahashi, M. Lucamarini, A. Plews, Z. L. Yuan, A. R. Dixon, J. Cho, Y. Tanizawa, J.-P. Elbers, H. Greißer, I. H. White, R. V. Penty, and A. J. Shields, Cambridge quan- tum network, npj Quantum Information5, 101 (2019)

    work page 2019

  3. [3]

    Sasaki, M

    M. Sasaki, M. Fujiwara, H. Ishizuka, W. Klaus, K. Wakui, M. Takeoka, S. Miki, T. Yamashita, Z. Wang, A. Tanaka, K. Yoshino, Y. Nambu, S. Takahashi, A. Tajima, A. Tomita, T. Domeki, T. Hasegawa, Y. Sakai, H. Kobayashi, T. Asai, K. Shimizu, T. Tokura, T. Tsu- rumaru, M. Matsui, T. Honjo, K. Tamaki, H. Takesue, Y. Tokura, J. F. Dynes, A. R. Dixon, A. W. Shar...

    work page 2011

  4. [4]

    F. Xu, X. Ma, Q. Zhang, H.-K. Lo, and J.-W. Pan, Secure quantum key distribution with realistic devices, Reviews of Modern Physics92, 025002 (2020)

    work page 2020

  5. [5]

    Lütkenhaus and M

    N. Lütkenhaus and M. Jahma, Quantum key distribu- tion with realistic states: photon-number statistics in the photon-number splitting attack, New Journal of Physics 4, 44 (2002)

    work page 2002

  6. [6]

    J. F. Dynes, M. Lucamarini, K. A. Patel, A. W. Sharpe, M. B. Ward, Z. L. Yuan, and A. J. Shields, Testing the photon-number statistics of a quantum key distribution light source, Optics Express26, 22733 (2018)

    work page 2018

  7. [7]

    H.-K. Lo, M. Curty, and B. Qi, Measurement-Device- Independent Quantum Key Distribution, Physical Review Letters108, 130503 (2012)

    work page 2012

  8. [8]

    L. C. Comandar, M. Lucamarini, B. Fröhlich, J. F. Dynes, A. W. Sharpe, S. W.-B. Tam, Z. L. Yuan, R. V. Penty, and A. J. Shields, Quantum key distribution without de- tector vulnerabilities using optically seeded lasers, Nature Photonics10, 312 (2016)

    work page 2016

  9. [9]

    Lucamarini, Z

    M. Lucamarini, Z. L. Yuan, J. F. Dynes, and A. J. Shields, Overcoming the rate–distance limit of quantum key dis- tribution without quantum repeaters, Nature557, 400 (2018)

    work page 2018

  10. [10]

    Zapatero, T

    V. Zapatero, T. van Leent, R. Arnon-Friedman, W.-Z. Liu, Q. Zhang, H. Weinfurter, and M. Curty, Advances in device-independent quantum key distribution, npj Quan- tum Information9, 10 (2023)

    work page 2023

  11. [11]

    C. H. Bennett and G. Brassard, Quantum cryptogra- phy: Public key distribution and coin tossing, Theoretical Computer Science Theoretical Aspects of Quantum Cryp- tography – celebrating 30 years of BB84,560, 7 (2014)

    work page 2014

  12. [12]

    Lydersen, C

    L. Lydersen, C. Wiechers, C. Wittmann, D. Elser, J. Skaar, and V. Makarov, Thermal blinding of gated detectors in quantum cryptography, Optics Express18, 27938 (2010)

    work page 2010

  13. [13]

    Lydersen, C

    L. Lydersen, C. Wiechers, C. Wittmann, D. Elser, J. Skaar, and V. Makarov, Hacking commercial quan- tum cryptography systems by tailored bright illumination, Nature Photonics4, 686 (2010)

    work page 2010

  14. [14]

    B. Gao, Z. Wu, W. Shi, Y. Liu, D. Wang, C. Yu, A. Huang, and J. Wu, Ability of strong-pulse illumination to hack self-differencing avalanche photodiode detectors in a high- speed quantum-key-distribution system, Physical Review A106, 033713 (2022)

    work page 2022

  15. [15]

    Makarov and J

    V. Makarov and J. Skaar, Faked states attack using detec- tor efficiency mismatch on SARG04, phase-time, DPSK, 7 and Ekert protocols, Rinton Press, Incorporated8, 14 (2008)

    work page 2008

  16. [16]

    Gerhardt, Q

    I. Gerhardt, Q. Liu, A. Lamas-Linares, J. Skaar, C. Kurt- siefer, and V. Makarov, Full-field implementation of a perfect eavesdropper on a quantum cryptography system, Nature Communications2, 349 (2011)

    work page 2011

  17. [17]

    Gisin, S

    N. Gisin, S. Fasel, B. Kraus, H. Zbinden, and G. Ri- bordy, Trojan-horse attacks on quantum-key-distribution systems, Physical Review A73, 022320 (2006)

    work page 2006

  18. [18]

    I. S. Sushchev, D. S. Bulavkin, K. E. Bugai, A. S. Sidel- nikova, and D. A. Dvoretskiy, Trojan-horse attack on a real-world quantum key distribution system: Theoreti- cal and experimental security analysis, Physical Review Applied22, 034032 (2024)

    work page 2024

  19. [19]

    Zhao, C.-H

    Y. Zhao, C.-H. F. Fung, B. Qi, C. Chen, and H.-K. Lo, Quantum hacking: Experimental demonstration of time- shift attack against practical quantum-key-distribution systems, Physical Review A78, 042333 (2008)

    work page 2008

  20. [20]

    C.-H. F. Fung, K. Tamaki, B. Qi, H.-K. Lo, and X. Ma, Security proof of quantum key distribution with detection efficiency mismatch, Quantum Information and Compu- tation9, 131 (2009)

    work page 2009

  21. [21]

    V.Makarov, A.Anisimov,andJ.Skaar,Effectsofdetector efficiency mismatch on security of quantum cryptosystems, Physical Review A74, 022313 (2006)

    work page 2006

  22. [22]

    Lydersen and J

    L. Lydersen and J. Skaar, Security of quantum key dis- tribution with bit and basis dependent detector flaws, Quantum Info. Comput.10, 60 (2010)

    work page 2010

  23. [23]

    P. M. Nielsen, C. Schori, J. L. Sorensen, L. Salvail, I. Damgard, and E. Polzik, Experimental quantum key distribution with proven security against realistic attacks, Journal of Modern Optics48, 1921 (2001)

    work page 1921

  24. [24]

    S. Wang, W. Chen, Z.-Q. Yin, Y. Zhang, T. Zhang, H.-W. Li, F.-X. Xu, Z. Zhou, Y. Yang, D.-J. Huang, L.-J. Zhang, F.-Y. Li, D. Liu, Y.-G. Wang, G.-C. Guo, and Z.-F. Han, Field test of wavelength-saving quantum key distribution network, Optics Letters35, 2454 (2010)

    work page 2010

  25. [25]

    Lucamarini, Implementation Security of Quantum Cryptography - Introduction, challenges, solutions, ETSI White Paper No

    M. Lucamarini, Implementation Security of Quantum Cryptography - Introduction, challenges, solutions, ETSI White Paper No. 27 (2018)

    work page 2018

  26. [26]

    Ferreira da Silva, G

    T. Ferreira da Silva, G. C. do Amaral, G. B. Xavier, G. P. Temporão, and J. P. von der Weid, Safeguarding Quan- tum Key Distribution Through Detection Randomization, IEEE Journal of Selected Topics in Quantum Electronics 21, 159 (2015)

    work page 2015

  27. [27]

    M. A. Ruhul Fatin and S. Sajeed, Generalized efficiency mismatch attack to bypass the detection-scrambling coun- termeasure, Optics Express29, 16073 (2021)

    work page 2021

  28. [28]

    Makarov, A

    V. Makarov, A. Abrikosov, P. Chaiwongkhot, A. K. Fe- dorov, A. Huang, E. Kiktenko, M. Petrov, A. Ponosova, D. Ruzhitskaya, A. Tayduganov, D. Trefilov, and K. Za- itsev, Preparing a commercial quantum key distribution system for certification against implementation loopholes, Physical Review Applied22, 044076 (2024)

    work page 2024

  29. [29]

    Rusca and N

    D. Rusca and N. Gisin, Quantum Cryptography: an overview of Quantum Key Distribution (2024), arXiv:2411.04044 [quant-ph]

    work page arXiv 2024

  30. [30]

    N. Jain, B. Stiller, I. Khan, D. Elser, C. Mar- quardt, and G. Leuchs, Attacks on practical quan- tum key distribution systems (and how to prevent them), Contemporary Physics57, 366 (2016), _eprint: https://doi.org/10.1080/00107514.2016.1148333

    work page doi:10.1080/00107514.2016.1148333 2016

  31. [31]

    R. H. Hadfield, Single-photon detectors for optical quan- tum information applications, Nature Photonics3, 696 (2009)

    work page 2009

  32. [32]

    Trushechkin, Security of quantum key distribution with detection-efficiency mismatch in the multiphoton case, Quantum6, 771 (2022)

    A. Trushechkin, Security of quantum key distribution with detection-efficiency mismatch in the multiphoton case, Quantum6, 771 (2022)

    work page 2022

  33. [33]

    Zhang, M

    J. Zhang, M. A. Itzler, H. Zbinden, and J.-W. Pan, Ad- vances in InGaAs/InP single-photon detector systems for quantum communication, Light: Science & Applications 4, e286 (2015)

    work page 2015

  34. [34]

    Grasselli, G

    F. Grasselli, G. Chesi, N. Walk, H. Kampermann, A. Widomski, M. Ogrodnik, M. Karpiński, C. Macchi- avello, D. Bruß, and N. Wyderka, Quantum key distribu- tion with basis-dependent detection probability, Physical Review Applied23, 044011 (2025)

    work page 2025

  35. [35]

    Tupkary, S

    D. Tupkary, S. Nahar, P. Sinha, and N. Lütkenhaus, Phase error rate estimation in QKD with imperfect detectors (2025), arXiv:2408.17349 [quant-ph]

    work page arXiv 2025

  36. [36]

    LaGasse, Secure use of a single single-photon detector in a QKD system (2005)

    M. LaGasse, Secure use of a single single-photon detector in a QKD system (2005)

    work page 2005

  37. [37]

    Z. Yuan, A. Plews, R. Takahashi, K. Doi, W. Tam, A. W. Sharpe, A. R. Dixon, E. Lavelle, J. F. Dynes, A. Mu- rakami, M. Kujiraoka, M. Lucamarini, Y. Tanizawa, H. Sato, and A. J. Shields, 10-Mb/s Quantum Key Distri- bution, Journal of Lightwave Technology36, 3427 (2018), conference Name: Journal of Lightwave Technology

    work page 2018

  38. [38]

    P. W. Shor and J. Preskill, Simple Proof of Security of the BB84 Quantum Key Distribution Protocol, Physical Review Letters85, 441 (2000)

    work page 2000

  39. [39]

    Marcomini, A

    A. Marcomini, A. Mizutani, F. Grünenfelder, M. Curty, and K. Tamaki, Loss-tolerant quantum key distribution with detection efficiency mismatch, Quantum Science and Technology10, 035002 (2025)

    work page 2025

  40. [40]

    C. H. Bennett, H. J. Bernstein, S. Popescu, and B. Schu- macher, Concentrating partial entanglement by local op- erations, Physical Review A53, 2046 (1996)

    work page 2046

  41. [41]

    Skrzypczyk and D

    P. Skrzypczyk and D. Cavalcanti,Semidefinite Program- ming in Quantum Information Science(IOP Publishing, 2023)

    work page 2023

  42. [42]

    Zhang, P

    Y. Zhang, P. J. Coles, A. Winick, J. Lin, and N. Lütken- haus, Security proof of practical quantum key distribution with detection-efficiency mismatch, Physical Review Re- search3, 013076 (2021)

    work page 2021

  43. [43]

    BSI Implementation Attacks against QKD Systems, Tech. Rep. (2023)

    work page 2023

  44. [44]

    N. Jain, C. Wittmann, L. Lydersen, C. Wiechers, D. Elser, C. Marquardt, V. Makarov, and G. Leuchs, Device Cali- bration Impacts Security of Quantum Key Distribution, Physical Review Letters107, 110501 (2011)

    work page 2011

  45. [45]

    A. R. Dixon, J. F. Dynes, M. Lucamarini, B. Fröh- lich, A. W. Sharpe, A. Plews, W. Tam, Z. L. Yuan, Y. Tanizawa, H. Sato, S. Kawamura, M. Fujiwara, M. Sasaki, and A. J. Shields, Quantum key distribution with hacking countermeasures and long term field trial, Scientific Reports7, 1978 (2017)

    work page 1978

  46. [46]

    Lucamarini, I

    M. Lucamarini, I. Choi, M. Ward, J. Dynes, Z. Yuan, and A. Shields, Practical Security Bounds Against the Trojan- Horse Attack in Quantum Key Distribution, Physical Review X5, 031030 (2015)

    work page 2015

  47. [47]

    M. Rau, T. Vogl, G. Corrielli, G. Vest, L. Fuchs, S. Nauerth, and H. Weinfurter, Spatial Mode Side Chan- nels in Free-Space QKD Implementations, IEEE Journal of Selected Topics in Quantum Electronics21, 187 (2015)

    work page 2015