https://doi.org/10.1140/epjqt/s40507-022-00141-2
Research
Faking photon number on a transition-edge sensor
1
Institute for Quantum Computing, University of Waterloo, N2L 3G1, Waterloo, ON, Canada
2
Department of Physics and Astronomy, University of Waterloo, N2L 3G1, Waterloo, ON, Canada
3
Department of Physics, Faculty of Science, Mahidol University, 10400, Bangkok, Thailand
4
Quantum Technology Foundation (Thailand), 10110, Bangkok, Thailand
5
Purple Mountain Observatory and Key Laboratory of Radio Astronomy, Chinese Academy of Sciences, 10 Yuanhua road, 210033, Nanjing, People’s Republic of China
6
Institute for Quantum Information & State Key Laboratory of High Performance Computing, College of Computer Science and Technology, National University of Defense Technology, 410073, Changsha, People’s Republic of China
7
Centre for Quantum Technologies, National University of Singapore, 3 Science Drive 2, 117543, Singapore, Singapore
8
Russian Quantum Center, Skolkovo, 121205, Moscow, Russia
9
Shanghai Branch, National Laboratory for Physical Sciences at Microscale and CAS Center for Excellence in Quantum Information, University of Science and Technology of China, 201315, Shanghai, People’s Republic of China
10
NTI Center for Quantum Communications, National University of Science and Technology MISiS, 119049, Moscow, Russia
a
poompong.ch@gmail.com
c
angelhuang.hn@gmail.com
Received:
14
January
2022
Accepted:
8
August
2022
Published online:
5
September
2022
We study potential security vulnerabilities of a single-photon detector based on superconducting transition-edge sensor. In one experiment, we show that an adversary could fake a photon number result at a certain wavelength by sending a larger number of photons at a longer wavelength, which is an expected and known behaviour. In another experiment, we unexpectedly find that the detector can be blinded by bright continuous-wave light and then, a controlled response simulating single-photon detection can be produced by applying a bright light pulse. We model an intercept-and-resend attack on a quantum key distribution system that exploits the latter vulnerability and, under certain assumptions, able to steal the key.
© The Author(s) 2022
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.