## Abstract

Here, we investigate the security of the practical one-way CVQKD and CV-MDI-QKD systems under laser seeding attack. In particular, Eve can inject a suitable light into the laser diodes of the light source modules in the two kinds of practical CVQKD systems, which results in the increased intensity of the generated optical signal. The parameter estimation under laser seeding attack shows that the secret key rates of these two schemes may be overestimated, which indicates that this attack can open a security loophole for Eve to successfully obtain information about secret key in these practical CVQKD systems. To close this loophole, we propose a real-time monitoring scheme to precisely evaluate the secret key rates of these schemes. The analysis results indicate the implementation of the proposed monitoring scheme can effectively resist this potential attack.

© 2019 Optical Society of America under the terms of the OSA Open Access Publishing Agreement

## 1. Introduction

Quantum key distribution (QKD) is a promising technology, which enables two authorized communication parties Alice and Bob to share a string of secret keys through an insecure quantum channel in the presence of a potential eavesdropper Eve [1–4]. In theory, the basic laws of quantum physics guarantee the unconditional security of this technology [5–7]. At present, QKD technology can be implemented by two kinds of different means, i.e., discrete-variable quantum key distribution (DVQKD) and continuous-variable quantum key distribution (CVQKD). Different from DVQKD systems, CVQKD systems rely on continuous modulation of the light field quadratures, which can be measured by utilizing the mature coherent detection technique instead of single-photon detection [3, 4]. Therefore, CVQKD systems can be well compatible with the classical optical communication systems. In particular, CVQKD with the Gaussian-modulated coherent states (GMCS) is one well-known protocol, which has been proven to be secure against the collective and coherent attacks [7]. What’s more, the composable security of the system has been fully proven [8]. Over the past years, the GMCS CVQKD scheme has been experimentally implemented by many research groups in laboratories and in field environments [9–12]. Recently, Zhang $et\text{}al$. have extended the distribution distance of the system to 50 km over commercial fiber and obtained higher secret key rates than previous field test results, which promotes the practical application of CVQKD in metropolitan settings [13]. In this work, we also focus on the investigation of the GMCS CVQKD schemes.

As we all known that the implemented devices (e.g., laser, modulators, detetors) of the GMCS CVQKD schemes are assumed to be secure and perfect in the security proofs [7]. In fact, however, there are some direct or indirect imperfections in practical GMCS CVQKD systems [14]. These imperfections can be divided into two categories. First, some imperfections may open several security loopholes. In particular, Eve can exploit these loopholes to steal key information without being detected, which seriously threatens the practical security of the systems. This is an effective quantum hacking strategy, such as the local oscillator (LO) fluctuation attack [15], the LO calibration attack [16], the wavelength attack [17,18,19], the saturation attack [20], finite sampling bandwidth effects [21], homodyne detector blinding attack [22], jitter in clock synchronization [23], and the polarization attack [24]. Second, the other imperfections can simply deteriorate the performance of the systems, such as imperfect phase compensation [25], finite-size effects [26], and the noisy coherent states [27–31]. All of these above imperfections hinder the commercial application of CVQKD.

Subsequently, several strategies have been designed to remove these imperfections. For the first imperfections that can open security loopholes, countermeasures are proposed to improve existing systems. For example, a real-time shot-noise measurement (RTSNM) scheme is used to resist the attacks originating from the local oscillator (LO) signal [16, 32]. Then, a local LO (LLO) CVQKD scheme is designed and implemented experimentally, which can fundamentally close the security loophole originating from LO [33–37]. Another attractive approach is to improve GMCS CVQKD protocol directly, i.e., continuous-variable measurement-device-independent quantum key distribution with the Gaussian-modulated coherent states (GMCS CV-MDI-QKD) protocol, which is immune to all detector side-channel attacks [38–40]. Subsequently, the research of GMCS CV-MDI-QKD in theory has been made more fruitful results [38–46]. In particular, its composable security has also been fully proven [47, 48]. To remove the second imperfections, the reasonable noise models are needed to precisely evaluate the performance of the system. It is important to note that the above countermeasures do not close all potential loopholes, and new proposed attacks may break the security of the practical CVQKD system. Therefore, the discoveries and preventions of the concealed security loopholes are vital to the commercial application of CVQKD.

Light source is one of key devices for the implementation of QKD systems, which is assumed to be trusted in previous research. For instance, in CVQKD, the noisy Gaussian source is well studied and modeled [30, 31]. However, the parameters of the light source may be actively tampered by Eve [49–51]. In particular, based on the framework of GMCS CV-MDI-QKD, the sources become the final battlefield between the authorized communication parties and Eve. Therefore, the effects of the tampered source should be considered for the security analysis of practical CVQKD systems, which has not been well studied.

More recently, Huang $et\text{}al$. proposed an efficient quantum hacking strategy related with light source to attack the DVQKD systems, which is called as laser seeding attack [49]. In this quantum hacking scheme, Eve can inject bright light into the laser diode of the systems to actively open a loophole. In this paper, inspired by this quantum hacking attack in DVQKD, we study the security of practical CVQKD systems under the laser seeding attack. Here, we focus on several well-known CVQKD protocols, i.e., the standard one-way GMCS CVQKD and GMCS CV-MDI-QKD schemes. More specifically, we first reveal that Eve can exploit the laser seeding attack to make the intensity of the transmitted Gaussian-modulated coherent states increased. Then, we find that the laser seeding attack makes the quantum channel excess noises of these two systems underestimated. Subsequently, we show that the secret key rates of these two systems are overestimated by Alice and Bob under the attack. These imperfect evaluative results are coincident with the security analysis results of CVQKD under the effects of the reduced optical attenuation caused by the laser damage attack [52–54], which indicates that the laser seeding attack can also open a security loophole for Eve to perform an intercept-resend attack on these two kinds of CVQKD systems without being detected. In particular, although the CV-MDI-QKD protocols can remove all side channels originating from measurement unit, we observe that it is more vulnerable than the one-way CVQKD schemes to the laser seeding attack. Finally, we design a countermeasure to resist the laser seeding attack, where the intensity of optical signal generated by light source is monitored by the authorized communication parties in real time. The analysis result indicates that the legitimate communication parties can precisely evaluate the channel parameters to accurately calculate the secret key rate of these two systems through this monitoring scheme.

This paper is organized as follows. In Sec. 2, the laser seeding attack is described and modeled. Then, the practical security of various CVQKD systems under the laser seeding attack is studied in Sec. 3. In Sec. 4, we investigate the countermeasure to resist the laser seeding attack. Finally, conclusions are presented in Sec. 5.

## 2. Principle of the laser seeding attack

#### 2.1. Scheme of laser seeding attack

In [49], Huang $et\text{}al$. proposed the laser seeding attack and demonstrated that Eve may perform the attack in the light source of a practical DVQKD system to steal key information without being detected, which seriously destroys the practical security of the system. Figure 1 shows the scheme of the laser seeding attack clearly according to the experimental results in [49]. Specifically, Eve can utilize a tunable continuous-wave laser to inject a bright light with a proper wavelength into the semiconductor laser diode of a DVQKD system via quantum channel, where the semiconductor laser diode generates the optical signals driven by the electrical signals. In particular, a polarization controller is used for adjusting the polarization of the injected light signal to maximize the injection efficiency. According to the analyses in [49], we describe the two curves of power of the optical signal generated by the laser diode varying with time in the laser seeding attack case and ideal case, respectively. The laser seeding attack will cause two main effects on the ideal curve, which are shown in Fig. 1. The first impact is that the curve becomes wider with a much higher and longer tail. The other influence is that the peak of the curve shifts to earlier compared with the ideal situation. Here, we use $P\left(t\right)$ and ${P}^{\prime}\left(t\right)$ to represent the power of the output optical signal in ideal situation and with the attack, respectively. Then, the intensity of the optical signal prepared by light source without the laser seeding attack can be calculated as

where*T*is the period of the optical pulse emitted by laser diode,

*μ*is a certain coefficient related with detection. Here, we assume that the parameters

*T*and

*μ*are fixed and unaffected by the laser seeding attack. Correspondingly, the intensity

*I*

^{′}of the optical signal generated by the attacked light source can also be acquired by Eq. (1). It is obvious that the intensity of the optical signal prepared by the light source gets larger under the effects of the laser seeding attack. For simplicity, we assume that ${I}^{\prime}=gI(g>1)$ in the following analysis. Here,

*g*reflects the power of the laser seeding attack.

Similarly, in practical CVQKD systems, light source is also a key device, which can be used for generating information carrier signal and LO signal in the transmitter Alice. In particular, light source is also used in Bob’s side for a CV-MDI-QKD system. In implementations of CVQKD, the semiconductor laser diode is also widely used to generate the optical signals driven by the electrical signals. For example, 100 ns coherent light pulses can be prepared for CVQKD by using a 1550 nm laser diode at a repetition rate of 1 Mhz [11]. Therefore, Eve may perform the laser seeding attack in a CVQKD system. In the following sections, we will focus on the theoretical security research of various CVQKD systems under the laser seeding attack.

#### 2.2. The effects of the laser seeding attack in a CVQKD system

In the practical implementation of a standard one-way GMCS CVQKD system, Alice modulates the random key information to the pulse signal *A*, which can result in a series of Gaussian-modulated coherent states $|\alpha \u3009$ [3]. After optical attenuation, we use $|{\alpha}_{{A}_{0}}\u3009$ to indicate the transmitted coherent states. Based on the phase space, $|{\alpha}_{{A}_{0}}\u3009$ can be written as

*θ*indicate the amplitude and phase of the transmitted Gaussian-modulated optical signal

*A*

_{0}, respectively. In particular, ${x}_{{A}_{0}}$ and ${p}_{{A}_{0}}$ are two independent quadratures variables with identical variance ${V}_{{A}_{0}}$ and zero mean [3, 4].

However, the generated optical signal *A* can change under the laser seeding attack. Therefore, ${x}_{{A}_{0}}$, ${p}_{{A}_{0}}$, and ${V}_{{A}_{0}}$ may deviate from their ideal values due to the influences of the attack, which is revealed in Fig. 2 based on the phase space. Since $I\propto \left|{\alpha}_{{A}_{0}}\right|$, the changes of ${x}_{{A}_{0}}$, ${p}_{{A}_{0}}$, and ${V}_{{A}_{0}}$ are as follows:

In addition, it is important to note that the intensity of LO signal can also become large with the increase of the intensity of the generated optical signal *A*. In a practical CVQKD system, there are many reasons for the increase of the intensity of LO signal, such as the decrease of optical attenuation [52]. Although the origin of the change is ambiguous for Alice and Bob, the real-time shot-noise measurement technique can eliminate this impact. Therefore, we do not have to consider the influences of the increased intensity of the LO signal in the following analysis.

## 3. Security analysis

#### 3.1. Security of a one-way GMCS CVQKD system under the laser seeding attack

The analyses in Sec. 2 indicate that the laser seeding attack will lead to the increased intensity of the transmitted Gaussian-modulated coherent states, which is the same as the influences of the reduced optical attenuation caused by the laser damage attack [52–56]. Therefore, based on the analyses in [52], it is feasible that Eve can unconsciously steal key information shared by Alice and Bob in a one-way GMCS CVQKD system by using the laser seeding attack. The analysis result indicates that the enhancement of the transmitted Gaussian-modulated coherent states can open a security loophole for Eve to attack a one-way GMCS CVQKD system without trace.

Further, whatever the reason for the increased intensity of the transmitted Gaussian-modulated coherent states, we can use the analysis method presented in [52] to investigate the practical security of the system under this loophole. Thus, we no longer describe the calculation process of the secret key rate for the system under the laser seeding attack. Figure 3 depicts the relationship between the secret key rate and the transmission distance for the one-way GMCS CVQKD system under the laser seeding attack when $\epsilon =0.01,0.05$. The fixed parameters for the simulation are set as: ${V}_{{A}_{0}}=4,\eta =0.5,{\nu}_{\text{el}}=0.01,\beta =95\%,\overline{\u03f5}={\u03f5}_{PA}={10}^{-10},N={10}^{9},m=0.5\times N$, respectively.

It is clear that the evaluative secret key rate *K _{e}* under the laser seeding attack are overestimated compared with the practical secret key rate

*K*in the same situation. These results also demonstrate that the laser seeding attack can open a security loophole for Eve to perform an intercept-resend attack in a practical one-way CVQKD system. In particular, the gap between the estimated secret key rate and the corresponding practical secret key rate represents the key information that can be acquired by Eve with the help of the laser seeding attack. We find that the leaking of the secret key information ascends with the power of the laser seeding attack. In addition, Eve can acquire more secret key information in the case of a larger excess noise

_{p}*ε*under the same attack power of laser seeding attack.

#### 3.2. Security of GMCS CV-MDI-QKD systems under the laser seeding attack

In GMCS CV-MDI-QKD systems, the two sources become the only region that can be exploited by Eve. Here, these sources are the same as the source of one-way GMCS CVQKD systems. Therefore, it is possible that Eve attacks these sources actively. In the following analysis, we will investigate the practical security of CV-MDI-QKD systems under the laser seeding attack in detail.

### 3.2.1. The estimated channel parameters under the laser seeding attack

Although CV-MDI-QKD can remove all known or unknown side-channel attacks on detectors, Eve may perform the laser seeding attack on the two light source modules in a practical CV-MDI-QKD system. Therefore, it is essential that the practical security of a CV-MDI-QKD system under the laser seeding attack is investigated. In Fig. 4, we describe the equivalent entanglement-based (EB) model of the CV-MDI-QKD schemes. Specifically, Alice and Bob first generate one two-mode squeezed state with variance ${V}_{A}+1$ and ${V}_{B}+1$, respectively. Here, the mode *A*_{1} (*B*_{1}) is retained by Alice (Bob), the other mode *A*_{2} (*B*_{2}) is sent to an untrusted third party Charlie through the quantum channel with length *L _{AC}* (

*L*). The total transmission distance

_{BC}*L*is equal to ${L}_{AC}+{L}_{BC}$. Subsequently, Charlie interferes two modes

_{AB}*A*

^{′}and

*B*

^{′}at a beam splitter (BS) with two output modes

*C*and

*D*. Then, both the quadrature variable

*x*of mode

_{C}*C*and quadrature variable

*p*of mode

_{D}*D*are measured by Charlie through homodyne detection, and he announces the measurement results $\left\{{x}_{C},{p}_{D}\right\}$ through a public channel [38, 39]. Finally, Bob modifies mode

*B*

_{1}to ${{B}^{\prime}}_{1}$ by displacement operation $D\left(\beta \right)$, where $\beta ={g}_{m}\left({x}_{C}+i{p}_{D}\right)$, and

*g*represents the gain of the displacement operation. After through these procedures, mode

_{m}*A*

_{1}and ${{B}^{\prime}}_{1}$ become entangled. Accordingly, Alice and Bob will share a group correlated vectors $X=\left\{\left({x}_{{A}_{0}}{}_{i},{x}_{{B}_{0}}{}_{i}\right)|i=1,2,\dots ,N\right\}$ or $P=\left\{\left({p}_{{A}_{0}}{}_{i},{p}_{{B}_{0}}{}_{i}\right)|i=1,2,\dots ,N\right\}$ after the quadratures of mode ${{B}^{\prime}}_{1}$ and mod

*A*

_{1}are measured by employing heterodyne detection. It is notable that Alice and Bob implement information reconciliation and privacy amplification to obtain a string of secret keys.

It is obvious that there are two quantum channels which satisfy with linear model in a CV-MDI-QKD system. Here, the excess noise and transmittance of the quantum channel between Alice (Bob) and Charlie are expressed by ${\epsilon}_{AC}$ (${\epsilon}_{BC}$) and *T _{AC}* (

*T*), respectively. Since the transmission process of the Gaussian-modulated quantum coherent states before the interference in Charlie’s apparatus is the same with the one-way GMCS CVQKD systems, the involved two quantum channels can also be modeled as a normal linear model with the following relations:

_{BC}*A*

_{2},

*A*

^{′},

*B*

_{2}and

*B*

^{′}, respectively. Here, ${t}_{AC}=\sqrt{{T}_{AC}}$, ${t}_{BC}=\sqrt{{T}_{BC}}$,

*z*and

_{AC}*z*are the total noises in the two quantum channels that obeys two centered normal distribution with variance ${\sigma}_{AC}^{2}={T}_{AC}{\xi}_{AC}+{N}_{0}$ and ${\sigma}_{BC}^{2}={T}_{BC}{\xi}_{BC}+{N}_{0}$, respectively. The expressions of these variances include shot noise

_{BC}*N*

_{0}, the unnormalized channel excess noises ${\xi}_{AC}$ and ${\xi}_{BC}$.

Based on the above analyses, we can obtain the following relations [39–42]:

According to Eq. (5), we can further get

In particular, we here assume that these detectors located in Charlie’s side have identical detection efficiency *η* and electronic noise *V _{el}*. Moreover, in the evaluation of the secret key rate, the above parameters ${V}_{{x}_{{A}_{0}}}$, ${V}_{{x}_{{B}_{0}}}$, ${\xi}_{AC}$, ${\xi}_{BC}$ and

*V*must be calculated in shot-noise unit, i.e., ${V}_{A}{N}_{0}$, ${V}_{B}{N}_{0}$, ${\epsilon}_{AC}{N}_{0}$, ${\epsilon}_{BC}{N}_{0}$ and ${\nu}_{el}{N}_{0}$, respectively.

_{el}By using Eqs. (5) and (6), the channel parameters *T _{AC}*,

*T*, ${\epsilon}_{AC}$ and ${\epsilon}_{BC}$ can be estimated by

_{BC}It is important to note that the quadrature variable *p _{C}* of mode C or quadrature variable

*x*of mode D needs also to be measured for estimating these channel parameters. Therefore, we should use a heterodyne detector to replace one of the two homodyne detectors, where the heterodyne detector is only used to estimate these channel parameters. More importantly, the above investigations are based on the fact that the CV-MDI-QKD can remove all side-channel attacks on detectors. Therefore, we consider that the precision of the estimated parameters are not limited by the detectors in Charlie’s side.

_{D}However, the analyses of Sec. 2 indicate that the estimated values of these channel parameters may be affected by the laser seeding attack. In order to clearly show this influence, we here consider the worst case, which is that the two light source modules of the system are simultaneously attacked. For simplicity, we assume that the attack power is the same (i.e., ${g}_{1}={g}_{2}=g$), and we do not consider the other attack situations. Therefore, these quadrature variable ${x}_{{A}_{0}}$ (${p}_{{A}_{0}}$), ${x}_{{B}_{0}}$ (${p}_{{B}_{0}}$), *x _{C}* (

*p*) and

_{C}*x*(

_{D}*p*) will become

_{D}In a practical CV-MDI-QKD system, if Alice and Bob are not aware of the laser seeding attack, they still use ${x}_{{A}_{0}}$ and ${p}_{{B}_{0}}$ to estimate the channel parameters. Therefore, these relations in Eq. (7) kept by Alice, Bob and Charlie become

There are some obvious deviations caused by the laser seeding attack between Eqs. (7) and (9). It is obvious that these channel excess noises are underestimated under the laser seeding attack. Therefore, Eve may perform a classical intercept-resend attack to collect key information without trace under the shield of the laser seeding attack, which illustrates that a loophole will occurs in a practical CV-MDI-QKD system. In order to clearly show the loophole, we cite a specific partial intercept-resend (PIR) attack to analyze the security of a practical CV-MDI-QKD system in presence of the laser seeding attack in the next section.

### 3.2.2. A quantitative example

The intercept-resend attack plays an important role as one part of most quantum hacking strategies. In the quantum hacking scheme based on the laser seeding attack, Eve may also exploit the classical intercept-resend attack to collect key information. Therefore, we first investigate the PIR attack between Alice and Charlie under the laser seeding attack. In the PIR attack, the probability distribution of quadrature variable of mode *A*^{′} in Charlie’s apparatus is weighted sum of two Gaussian distributions, i.e., the distribution of the intercepted resend data with a weight of *u* and the distribution of the transmitted data with a weight of $1-u$ [16, 57]. Further, the extra excess noise caused by Eve in the implementation of the PIR attack can be expressed by $2u{N}_{0}$. In principle, the total excess noise estimated by Alice and Charlie under the PIR attack can be represented as

With loss of generality, we assign 0.1 to *u*. Correspondingly, the excess noise ${\epsilon}_{PIR,AC}$ estimated by Alice and Charlie can become ${\epsilon}_{t,AC}+0.2$. In this case, the estimated excess noise under the laser seeding attack should be rewritten as

In the practical implementation of a CV-MDI-QKD system, we assume that the technical excess noise ${\epsilon}_{t,AC}=0.1$. Therefore, when Eve performs the PIR attack, the estimated total excess noise under the laser seeding attack can be calculated as ${\epsilon}_{PIR,AC}^{\prime}=\frac{0.3}{g}$. Before the execution of the laser seeding attack, the noise value is 0.3, which obviously exceeds the ideal value. Accordingly, the process of key distribution is interrupted to guarantee the security of the system. However, we find that the estimated total excess noise can be reduced by Eve with the help of the laser seeding attack. When *g* = 3, the estimated total excess noise ${\epsilon}_{PIR,AC}^{\prime}=0.1$, i.e., the ideal noise value without attack. It has been experimentally demonstrated that *g* can equal 3 under the control of Eve [49]. The result indicates that Eve can perform the laser seeding attack to make the PIR attack hidden. In particular, Eve can perform a full intercept-resend (FIR) attack in the case of *u* = 1. Although the FIR attack is the most powerful, it can also be hidden when Eve makes *g* exceeds 21. These analysis results fully demonstrate that the extra excess noise induced by the intercept-resend attack can be completely concealed by Eve through the laser seeding attack. Similarly, the excess noise induced by the intercept-resend attack between Bob and Charlie can also be concealed by Eve with the help of the laser seeding attack. Therefore, the laser seeding attack will open a loophole for Eve to successfully hide her attacks, which seriously destroys the security of the practical CV-MDI-QKD system.

### 3.2.3. Secret key rate under the laser seeding attack

In this section, we mainly focus on the secret key rate of a CV-MDI-QKD scheme under one-mode collective Gaussian attack, where Bob performs reverse reconciliation. We here point out that this one-mode attack is not the optimal strategy. In particular, the two-mode attack is demonstrated to be the optimal attack [38]. More concretely, Eve performs correlated two-mode coherent Gaussian attack on two quantum channels by employing their interactions. However, in a practical CV-MDI-QKD system, the correlation of the two quantum channels can become very weak when they come from different directions. Therefore, the quantum channel of CV-MDI-QKD can be reduced to one-mode channel in this context. Here, Eve can efficiently perform the one-mode attack.

It has been demonstrated that the CV-MDI-QKD schemes is equivalent to the one-way CVQKD protocols using coherent states and heterodyne detection when the preparation of Bob’s EPR states and the displacement operation of Bob are assumed to be untrusted teli2014continuous-variable. Therefore, the calculation process of secret key rate of CV-MDI-QKD protocols is the same with the one-way GMCS CVQKD. In the following analysis, we assume that the heterodyne detection is perfect, and we do not consider the finite-size effect, which does not affect our analysis results. Here, the shannon mutual information between Alice and Bob becomes [41, 43, 58]

In order to minimize *ε _{m}*, we adopt $k=\sqrt{\frac{2{V}_{B}}{{T}_{BC}\left({V}_{B}+2\right)}}$; then

According to [26, 58], the Holevo bound can be obtained as

Here,

Eventually, the secret key rate against collective attacks for the CV-MDI-QKD schemes is calculated as

The analysis indicates that the secret key rate of the system can be expressed as ${K}_{m}=K\left({V}_{A},{V}_{B},{T}_{m},{\epsilon}_{m}\right)$. When Eve performs the laser seeding attack in a practical CV-MDI-QKD system, if Alice and Bob are not aware of this attack, the evaluative secret key rate is expressed as ${K}_{m,e}=K\left({V}_{A},{V}_{B},{T}_{m},{\epsilon}_{m}^{\prime}\right)$. However, the practical secret key rate of the system should be computed as ${K}_{m,p}=K\left({V}_{A}^{\prime},{V}_{B}^{\prime},{T}_{m}^{\prime},{\epsilon}_{m}\right)$. Here,

Next, we simulate the secret key rate versus transmission distance in the symmetric and extreme asymmetric case when Eve performs the laser seeding attack in the two light source modules of a practical CV-MDI-QKD system. Figure 5 shows the secret key rate versus transmission distance in the symmetric case under different excess noise environment when the attack power $g=1.02$. In the simulation analysis, the involved parameters are fixed as follows. ${V}_{A}={V}_{B}=40$, ${\epsilon}_{AC}={\epsilon}_{BC}=0.01,0.05$, $\beta =95\%$, respectively. We observe that there is an obvious gap between the secret key rate estimated by Alice and Bob and the practical secret key rate. The results indicate that Eve can perform the intercept-resend attack without trace to steal key information in a practical CV-MDI-QKD system.

Figure 6 reveals the secret key rate of the system as a function of the transmission distance from Alice to Bob in the extreme asymmetric case when the excess noise ${\epsilon}_{AC}$ and ${\epsilon}_{BC}$ are assumed to be 0.01 or 0.05. Here, the attack power $g=1.002$, and the other parameters for the simulation are fixed values that has been confirmed in the analysis of the symmetric case. It is obvious that the secret key rate calculated by Alice and Bob is overestimated compared with the practical secret key rate. In particular, we find that the CV-MDI-QKD systems are more sensitive to the laser seeding attack than the one-way GMCS CVQKD system. A slight attack power can have a major impact on the evaluative value of secret key rate of the CV-MDI-QKD systems, especially in the extreme asymmetric case.

The above investigations demonstrate that the laser seeding attack opens a security loophole for Eve to obtain information about secret key without trace in a practical CV-MDI-QKD system, which seriously destroys the practical security of the system.

## 4. Countermeasure against the laser seeding attack

The above investigations show that the laser seeding attack affects the parameter estimation and the evaluative secret key rate. To resist this attack, we can exploit an appropriate isolator to prevent the injected light. However, it is important to note that Eve might reduce the performance of the isolator by laser damage attack. Therefore, we here propose a real-time monitoring scheme for the intensity of output optical signal in light source module to prevent the incorrect estimation of channel parameters. According to the analysis in Sec. 2, we find that the intensity of the LO signal can simultaneously change under the effects of the laser seeding attack. Therefore, the attack can be directly found by monitoring the intensity of the LO signal in real time before attenuation.

Figure 7 shows the countermeasure against the laser seeding attack for the one-way CVQKD systems in Alice’s apparatus. Specifically, Alice first splits a fraction of the undiminished LO signal to measure its intensity by using a photodiode. Here, the practical value of the intensity of the undiminished LO signal is *I _{p}*, which can also be automatically predicted by using machine learning [59]. Then, Alice can calculate the value of

*g*by comparing the difference between the measured value and the preset value

*I*

_{0}of the separated LO signal, i.e., $g=\frac{{I}_{p}}{{I}_{o}}=\frac{{V}_{{A}_{0}}^{\prime}}{{V}_{{A}_{0}}}$. Eventually, according to [52], Alice and Bob can precisely evaluate the secret key rate of the system, i.e., ${K}_{m}=K\left(g{V}_{{A}_{0}},\frac{{T}^{\prime}}{g},g{\epsilon}^{\prime},{\nu}_{el}\right)={K}_{p}$. These analyses demonstrate that the real-time monitoring scheme can help Alice and Bob to precisely estimate the channel parameters of the system. Finally, the secret key rate of the CVQKD systems under the laser seeding attack can be precisely evaluated with the help of this scheme. The accurate evaluation of secret key rate can effectively close this security loophole. In particular, in a LLO CVQKD system, Alice can split a fraction of undiminished reference signal to monitor its intensity in real-time to close this loophole. In addition, the loss of the LO signal in the above scheme can be completely compensated by properly adjusting the preset value of the attenuation level of the VOA in the light path of LO.

It is important to note that this real-time monitoring scheme can equally remove the loophole induced by the laser seeding attack in a practical CV-MDI-QKD system. Here, the two light sources of the system should be simultaneously monitored by adding the monitoring module which is shown in Fig. 7. More concretely, the monitoring scheme also makes the secret key rate evaluated precisely to resist the laser seeding attack. For example, in the case of the same attack power, the parameter *g* can be acquired by $g={g}_{1}={g}_{2}=\frac{{I}_{{p}_{1}}}{{I}_{0}}=\frac{{I}_{{p}_{2}}}{{I}_{0}}$. Next, the secret key rate of the system can be evaluated as ${K}_{m,e}=K\left(g{V}_{A},g{V}_{B},{T}_{m}^{\prime},{\epsilon}_{m}\right)={K}_{m,p}$. The analysis result indicates that the proposed real-time monitoring scheme can effectively resist the laser seeding attack to close this security loophole.

## 5. Conclusion

In this work we have studied the security of several practical CVQKD systems under the laser seeding attack. More specifically, we have studied the standard one-way GMCS CVQKD protocols in reverse reconciliation, and GMCS CV-MDI-QKD schemes in the symmetric case and extreme asymmetric case. Here, we consider that Eve can carry out the laser seeding attack in the laser sources of the two kinds of CVQKD systems. We show that the intensity of the transmitted Gaussian-modulated quantum optical signals can become large with the increase of the intensity of optical signals prepared by the light source module under the attack.

For the practical one-way CVQKD systems, we observe that the effects of the laser seeding attack are similar with the influences of the reduced optical attenuation caused by laser damage attack. Therefore, the laser seeding attack opens a loophole for Evein the system. We further show that the laser seeding attack makes the secret key rate of the system overestimated, which also demonstrates the attack can help Eve to hide herself. In particular, Eve can obtain more key information for the case of a larger channel excess noise in the same attack power. In order to close this loophole, we propose a real-time monitoring scheme for the intensity of the optical signal generated by the light source module by measuring the intensity of the LO signal before attenuation. This scheme can make Alice and Bob precisely evaluate the channel parameters to accurately analyze the performance of the system.

Apart from this, we mainly investigate the laser seeding attack for the effects of the security of a practical CV-MDI-QKD system. We find that these channel excess noises of the system are underestimated under the laser seeding attack, which indicates that the attack can open a security loophole for Eve to successfully perform an intercept-resend attack. Although the CV-MDI-QKD system can remove all side channels from the measurement unit, Eve can also successfully perform the laser seeding attack in the two light source modules of the system to steal key information without being detected. We also find that the CV-MDI-QKD schemes are more sensitive to the laser seeding attack compared with the one-way CVQKD protocols. It is notable that the proposed real-time monitoring scheme can also close this loophole in a practical CV-MDI-QKD system.

## Funding

National Key Research and Development Program (2016YFA0302600); National Natural Science Foundation of China (61671287, 61971276, 61631014, 61332019, 61632021); Natural Science Basic Research Plan in Shaanxi Province of China (2019JM-591).

## References

**1. **A. K. Ekert, “Quantum Cryptography Based on Bell’s Theorem,” Phys. Rev. Lett. **67**, 661–663 (1991). [CrossRef] [PubMed]

**2. **N. Gisin, G. Ribordy, W. Tittel, and H. Zbinden, “Quantum cryptography,” Rev. Mod. Phys. **74**, 145–195 (2002). [CrossRef]

**3. **C. Weedbrook, S. Pirandola, R. García-Patrón, N. J. Cerf, T. C. Ralph, J. H. Shapiro, and S. Lloyd, “Gaussian quantum information,” Rev. Mod. Phys. **84**, 621–669 (2012). [CrossRef]

**4. **F. Grosshans, G. Van Assche, J. Wenger, R. Brouri, N. J. Cerf, and P. Grangier, “Quantum key distribution using gaussian-modulated coherent states,” Nature **421**, 238–241 (2003). [CrossRef] [PubMed]

**5. **P. W. Shor and J. Preskill, “Simple Proof of Security of the BB84 Quantum Key Distribution Protocol,” Phys. Rev. Lett. **85**, 441–444 (2000). [CrossRef] [PubMed]

**6. **H.-K. Lo and H. F. Chau, “Unconditional Security of Quantum Key Distribution over Arbitrarily Long Distances,” Science **283**, 2050–2056 (1999). [CrossRef] [PubMed]

**7. **A. Leverrier, R. García-Patrón, R. Renner, and N. J. Cerf, “Security of continuous-variable quantum key distribution against general attacks,” Phys. Rev. Lett. **110**, 030502 (2013). [CrossRef] [PubMed]

**8. **A. Leverrier, “Composable security proof for continuous-variable quantum key distribution with coherent states,” Phys. Rev. Lett. **114**, 070501 (2015). [CrossRef] [PubMed]

**9. **B. Qi, L.-L. Huang, L. Qian, and H.-K. Lo, “Experimental study on the gaussian-modulated coherent-state quantum key distribution over standard telecommunication fibers,” Phys. Rev. A **76**, 052323 (2007). [CrossRef]

**10. **S. Fossier, E. Diamanti, T. Debuisschert, A. Villing, R. Tualle-Brouri, and P. Grangier, “Field test of a continuous-variable quantum key distribution prototype,” New J. Phys. **11**, 045023 (2009). [CrossRef]

**11. **P. Jouguet, S. Kunz-Jacques, A. Leverrier, P. Grangier, and E. Diamanti, “Experimental demonstration of long-distance continuous-variable quantum key distribution,” Nat. Photon. **7**, 378–381 (2013). [CrossRef]

**12. **D. Huang, P. Huang, H. Li, T. Wang, Y. Zhou, and G. Zeng, “Field demonstration of a continuous-variable quantum key distribution network,” Opt. Lett. **41**, 3511–3514 (2016). [CrossRef] [PubMed]

**13. **Y. Zhang, Z. Li, Z. Chen, C. Weedbrook, Y. Zhao, X. Wang, Y. Huang, C. Xu, X. Zhang, Z. Wang, M. Li, X. Zhang, Z. Zheng, B. Chu, X. Gao, N. Meng, W. Cai, Z. Wang, G. Wang, S. Yu, and H. Guo, “Continuous-variable QKD over 50 km commercial fiber,”Quantum Sci. Technol. **4**, 035006 (2019). [CrossRef]

**14. **P. Jouguet, S. Kunz-Jacques, E. Diamanti, and A. Leverrier, “Analysis of imperfections in practical continuous-variable quantum key distribution,” Phys. Rev. A **86**, 032309 (2012). [CrossRef]

**15. **X.-C. Ma, S.-H. Sun, M.-S. Jiang, and L.-M. Liang, “Local oscillator fluctuation opens a loophole for eve in practical continuous-variable quantum-key-distribution systems,” Phys. Rev. A **88**, 022339 (2013). [CrossRef]

**16. **P. Jouguet, S. Kunz-Jacques, and E. Diamanti, “Preventing calibration attacks on the local oscillator in continuous-variable quantum key distribution,” Phys. Rev. A **87**, 062313 (2013). [CrossRef]

**17. **J.-Z. Huang, C. Weedbrook, Z.-Q. Yin, S. Wang, H.-W. Li, W. Chen, G.-C. Guo, and Z.-F. Han, “Quantum hacking of a continuous-variable quantum-key-distribution system using a wavelength attack,” Phys. Rev. A **87**, 062329 (2013). [CrossRef]

**18. **X.-C. Ma, S.-H. Sun, M.-S. Jiang, and L.-M. Liang, “Wavelength attack on practical continuous-variable quantum-key-distribution system with a heterodyne protocol,” Phys. Rev. A **87**, 052309 (2013). [CrossRef]

**19. **J.-Z. Huang, S. Kunz-Jacques, P. Jouguet, C. Weedbrook, Z.-Q. Yin, S. Wang, W. Chen, G.-C. Guo, and Z.-F. Han, “Quantum hacking on quantum key distribution using homodyne detection,” Phys. Rev. A **89**, 032304 (2014). [CrossRef]

**20. **H. Qin, R. Kumar, and R. Alléaume, “Quantum hacking: Saturation attack on practical continuous-variable quantum key distribution,” Phys. Rev. A **94**, 012325 (2016). [CrossRef]

**21. **C. Wang, P. Huang, D. Huang, D. Lin, and G. Zeng, “Practical security of continuous-variable quantum key distribution with finite sampling bandwidth effects,” Phys. Rev. A **93**, 022315 (2016). [CrossRef]

**22. **H. Qin, R. Kumar, V. Makarov, and R. Alléaume, “Homodyne-detector-blinding attack in continuous-variable quantum key distribution,” Phys. Rev. A **98**, 012312 (2018). [CrossRef]

**23. **C. Xie, Y. Guo, Q. Liao, W. Zhao, D. Huang, L. Zhang, and G. Zeng, “Practical security analysis of continuous-variable quantum key distribution with jitter in clock synchronization,” Phys. Lett. A **382**, 811–817 (2018). [CrossRef]

**24. **Y. Zhao, Y. Zhang, Y. Huang, B. Xu, S. Yu, and H. Guo, “Polarization attack on continuous-variable quantum key distribution,” J. Phys. B **52**, 015501 (2018). [CrossRef]

**25. **P. Huang, D.-k. Lin, D. Huang, and G.-H. Zeng, “Security of continuous-variable quantum key distribution with imperfect phase compensation,” Int. J. Theor. Phys. **54**, 2613–2622 (2015). [CrossRef]

**26. **A. Leverrier, F. Grosshans, and P. Grangier, “Finite-size analysis of a continuous-variable quantum key distribution,” Phys. Rev. A **81**, 062343 (2010). [CrossRef]

**27. **W. Liu, X. Wang, N. Wang, S. Du, and Y. Li, “Imperfect state preparation in continuous-variable quantum key distribution,” Phys. Rev. A **96**, 042312 (2017). [CrossRef]

**28. **R. Filip, “Continuous-variable quantum key distribution with noisy coherent states,” Phys. Rev. A **77**, 022310 (2008). [CrossRef]

**29. **V. C. Usenko and R. Filip, “Feasibility of continuous-variable quantum key distribution with noisy coherent states,” Phys. Rev. A **81**, 022318 (2010). [CrossRef]

**30. **Y. Shen, X. Peng, J. Yang, and H. Guo, “Continuous-variable quantum key distribution with gaussian source noise,” Phys. Rev. A **83**, 052304 (2011). [CrossRef]

**31. **J. Yang, B. Xu, and H. Guo, “Source monitoring for continuous-variable quantum key distribution,” Phys. Rev. A **86**, 042314 (2012). [CrossRef]

**32. **W. Liu, J. Peng, P. Huang, D. Huang, and G. Zeng, “Monitoring of continuous-variable quantum key distribution system in real environment,” Opt. Express **25**, 19429–19443 (2017). [CrossRef] [PubMed]

**33. **D. B. Soh, C. Brif, P. J. Coles, N. Lütkenhaus, R. M. Camacho, J. Urayama, and M. Sarovar, “Self-referenced continuous-variable quantum key distribution protocol,” Phys. Rev. X **5**, 041010 (2015).

**34. **B. Qi, P. Lougovski, R. Pooser, W. Grice, and M. Bobrek, “Generating the local oscillator “locally” in continuous-variable quantum key distribution based on coherent detection,” Phys. Rev. X **5**, 041009 (2015).

**35. **D. Huang, P. Huang, D. Lin, C. Wang, and G. Zeng, “High-speed continuous-variable quantum key distribution without sending a local oscillator,” Opt. Lett. **40**, 3695–3698 (2015). [CrossRef] [PubMed]

**36. **T. Wang, P. Huang, Y. Zhou, W. Liu, and G. Zeng, “Pilot-multiplexed continuous-variable quantum key distribution with a real local oscillator,” Phys. Rev. A **97**, 012310 (2018). [CrossRef]

**37. **T. Wang, P. Huang, Y. Zhou, W. Liu, H. Ma, S. Wang, and G. Zeng, “High key rate continuous-variable quantum key distribution with a real local oscillator,” Opt. Express **26**, 2794–2806 (2018). [CrossRef] [PubMed]

**38. **S. Pirandola, C. Ottaviani, G. Spedalieri, C. Weedbrook, S. L. Braunstein, S. Lloyd, T. Gehring, C. S. Jacobsen, and U. L. Andersen, “High-rate measurement-device-independent quantum cryptography,” Nat. Photon. **9**, 397–402 (2015). [CrossRef]

**39. **X.-C. Ma, S.-H. Sun, M.-S. Jiang, M. Gui, and L.-M. Liang, “Gaussian-modulated coherent-state measurement-device-independent quantum key distribution,” Phys. Rev. A **89**, 042335 (2014). [CrossRef]

**40. **Z. Li, Y.-C. Zhang, F. Xu, X. Peng, and H. Guo, “Continuous-variable measurement-device-independent quantum key distribution,” Phys. Rev. A **89**, 052301 (2014). [CrossRef]

**41. **X. Zhang, Y. Zhang, Y. Zhao, X. Wang, S. Yu, and H. Guo, “Finite-size analysis of continuous-variable measurement-device-independent quantum key distribution,” Phys. Rev. A **96**, 042334 (2017). [CrossRef]

**42. **P. Papanastasiou, C. Ottaviani, and S. Pirandola, “Finite-size analysis of measurement-device-independent quantum cryptography with continuous variables,” Phys. Rev. A **96**, 042332 (2017). [CrossRef]

**43. **H.-X. Ma, P. Huang, D.-Y. Bai, S.-Y. Wang, W.-S. Bao, and G.-H. Zeng, “Continuous-variable measurement-device-independent quantum key distribution with photon subtraction,” Phys. Rev. A **97**, 042329 (2018). [CrossRef]

**44. **Y.-C. Zhang, Z. Li, S. Yu, W. Gu, X. Peng, and H. Guo, “Continuous-variable measurement-device-independent quantum key distribution using squeezed states,” Phys. Rev. A **90**, 052325 (2014). [CrossRef]

**45. **H.-X. Ma, P. Huang, D.-Y. Bai, T. Wang, S.-Y. Wang, W.-S. Bao, and G.-H. Zeng, “Long-distance continuous-variable measurement-device-independent quantum key distribution with discrete modulation,” Phys. Rev. A **99**, 022322 (2019). [CrossRef]

**46. **P. Wang, X. Wang, and Y. Li, “Continuous-variable measurement-device-independent quantum key distribution using modulated squeezed states and optical amplifiers,” Phys. Rev. A **99**, 042309 (2019). [CrossRef]

**47. **C. Lupo, C. Ottaviani, P. Papanastasiou, and S. Pirandola, “Continuous-variable measurement-device-independent quantum key distribution: Composable security against coherent attacks,” Phys. Rev. A **97**, 052327 (2018). [CrossRef]

**48. **Z. Chen, Y. Zhang, G. Wang, Z. Li, and H. Guo, “Composable security analysis of continuous-variable measurement-device-independent quantum key distribution with squeezed states for coherent attacks,” Phys. Rev. A **98**, 012314 (2018). [CrossRef]

**49. **A. Huang, Á. Navarrete, S.-H. Sun, P. Chaiwongkhot, M. Curty, and V. Makarov, “Laser seeding attack in quantum key distribution,” arXiv preprint arXiv:1902.09792 [quant-ph] (2019).

**50. **S.-H. Sun, F. Xu, M.-S. Jiang, X.-C. Ma, H.-K. Lo, and L.-M. Liang, “Effect of source tampering in the security of quantum cryptography,” Phys. Rev. A **92**, 022304 (2015). [CrossRef]

**51. **X.-L. Pang, A.-L. Yang, C.-N. Zhang, J.-P. Dou, H. Li, J. Gao, and X.-M. Jin, “Hacking measurement-device-independent quantum key distribution via injection locking,” arXiv preprint arXiv:1902.10423 [quant-ph] (2019).

**52. **Y. Zheng, P. Huang, A. Huang, J. Peng, and G. Zeng, “Practical security of continuous-variable quantum key distribution with reduced optical attenuation,” Phys. Rev. A **100**, 012313 (2019). [CrossRef]

**53. **A. Huang, R. Li, V. Egorov, S. Tchouragoulov, K. Kumar, and V. Makarov, “Laser damage attack against optical attenuators in quantum key distribution,” arXiv preprint arXiv:1905.10795 [quant-ph] (2019).

**54. **A. N. Bugge, S. Sauge, A. M. M. Ghazali, J. Skaar, L. Lydersen, and V. Makarov, “Laser damage helps the eavesdropper in quantum cryptography,” Phys. Rev. Lett. **112**, 070503 (2014). [CrossRef] [PubMed]

**55. **V. Makarov, J.-P. Bourgoin, P. Chaiwongkhot, M. Gagné, T. Jennewein, S. Kaiser, R. Kashyap, M. Legré, C. Minshull, and S. Sajeed, “Creation of backdoors in quantum communications via laser damage,” Phys. Rev. A **94**, 030302 (2016). [CrossRef]

**56. **A. Huang, “Quantum hacking in the age of measurement-device-independent quantum cryptography,” Ph.D. thesis, University of Waterloo (2018).

**57. **J. Lodewyck, T. Debuisschert, R. García-Patrón, R. Tualle-Brouri, N. J. Cerf, and P. Grangier, “Experimental Implementation of Non-Gaussian Attacks on a Continuous-Variable Quantum-Key-Distribution System,” Phys. Rev. Lett. **98**, 030503 (2007). [CrossRef] [PubMed]

**58. **S. Fossier, E. Diamanti, T. Debuisschert, R. Tualle-Brouri, and P. Grangier, “Improvement of continuous-variable quantum key distribution systems by using optical preamplifiers,” J. Phys. B **42**, 114014 (2009). [CrossRef]

**59. **W. Liu, P. Huang, J. Peng, J. Fan, and G. Zeng, “Integrating machine learning to achieve an automatic parameter prediction for practical continuous-variable quantum key distribution,” Phys. Rev. A **97**, 022316 (2018). [CrossRef]