Faking photon number on a transition-edge sensor

We study potential security vulnerabilities of a single-photon detector based on superconducting transition-edge sensor. In one experiment, we show that an adversary could fake a photon number result at a certain wavelength by sending a larger number of photons at a longer wavelength, which is an expected and known behaviour. In another experiment, we unexpectedly find that the detector can be blinded by bright continuous-wave light and then, a controlled response simulating single-photon detection can be produced by applying a bright light pulse. We model an intercept-and-resend attack on a quantum key distribution system that exploits the latter vulnerability and, under certain assumptions, able to steal the key.

such as loophole-free Bell test 20 .Its photon number resolving capability could also be used to monitor against attacks on a quantum key distribution (QKD) system 21 .As one of the potential detectors in quantum communication where the reliability of detection result affects overall security, the TES photon detector should be investigated for its robustness and possible flaws.In this study, we experimentally demonstrate two potential vulnerabilities of TES, namely, a wavelength attack where the photon number result could be controlled by changing signal's wavelength and a faked-state attack where the adversary increases the temperature of TES with an appropriate bright continuous-wave (CW) laser then forces an arbitrary photon number detection result using a bright pulsed laser.
A transition-edge sensor is a sensitive microcalorimeter whose sensing element consists of an absorber and a superconductive thermometer with a positive temperature coefficient of resistance (dR / dT > 0) 22 .During the operation, the sensing element's temperature is kept near the transition temperature via voltage-biasing 23 .This voltage-biasing is provided by an external total bias current flowing through a shunt resistor R s connected in parallel with the TES [Fig.1(a)].In our setup R s = 16.1 mΩ, which is much smaller than the TES normal-conductivity resistance of 3 Ω.
The current passing through the TES I TES flows through an inductive coil L in .The latter couples its magnetic flux via a mutual inductance (M in ) to a directcurrent superconducting quantum interference device (DC-SQUID).The SQUID serves as a low-noise amplifier of I TES .A feedback coil L FB inside the ADR, together with a room-temperature amplifier G and feedback resistor R FB are used to transform the signal from the TES into a measurable voltage V out 24 .I TES is obtained by dividing V out by the current-to-voltage gain of the DC-SQUID and amplifier G (0.375 V/µA in this experiment), while the voltage across TES V TES is calculated by multiplying R s by the current through it (total bias current with I TES subtracted).
When a photon from the input optical fiber hits the detector, the photon's energy is absorbed, raising the TES' temperature and resistance.This change of resistance reduces I TES and proportionally reduces V out .From the relation of TES temperature and I TES , it can be seen that the change of V out during the detection is proportional to the absorbed energy of the photon(s), enabling photon-number discrimination.
In our setup, the TES and SQUID are attached on a copper block attached in turn to the cold plate of the ADR.Under normal operating conditions, both the TES and SQUID are at 100 mK temperature.Their bias currents are provided by specialised electronic circuits (commercially available from Magnicon GmbH).
To measure the response of the TES to various optical signals, we use a setup shown in Fig. 1(b).The TES is a fiber-coupled 10 × 10 µm Ti device in a multilayer optical resonator designed to maximise coupling at 1550 nm wavelength and is similar to devices reported in 18,25 .The photon coupling efficiency in our TES sample under test is ≈ 1% owing to a misaligned fiber end to the TES effective area.However, this should not affect the results of our study in a qualitative way, because the misalignment merely introduces additional optical attenuation and can be compensated by applying a brighter test signal.Our light source consists of a CW blinding laser and a pulsed laser (with about 16 ns pulse width), combined on a fiberoptic beamsplitter (BS).The energy of laser pulse can be adjusted by the variable attenuator (OZ Optics DA-100).A power meter is used for monitoring the laser output power.A function generator produces trigger pulses to synchronize the laser source and signal recordings.The signal from the TES is digitized by a data acquisition module (DAQ) and analyzed on a computer (PC).The DAQ is a 16-bit, 125 MHz sampling rate analog-to-digital converter (AlazarTech ATS660) mounted on a peripheral component interconnect (PCI) bus of the PC.This DAQ allows measuring signals of millivolt level.Typical single-photon responses are shown in Fig. 2(a).The peak voltage value during 5 µs following the application of the optical pulse is assumed to be the amplitude of the detector response V max .
Next, we investigate two potentially exploitable vulnerabilities of the TES detector.
Wavelength-dependent response.TES amplitude output voltage V max is inherently proportional to the energy of photons absorbed, and sensitive to a wide range of wavelengths.In principle, N photons with a wavelength N λ arriving simultaneously have the same combined energy E as one photon with the wavelength λ.This can be seen from the relation E = N hc/λ, where h is Planck's constant and c is the speed of light in vacuum.Thus TES would produce the same output in these two cases [26][27][28] .
We illustrate this fact with a simple experiment that shows how an attacker Eve could fake a single-photon detection result by sending multiple photons with proportionally lower photon energy.We send weak-coherent signals from several lasers of different wavelengths through the input fiber of the TES.We then record the voltage response's amplitude V max from the TES.The histogram in Fig. 3 shows that the response signal of single-photon detection from a 450 nm photon is overlapped with twophotons detection from 780 nm and three-photons detection from 1550 nm photons.This shows that an expected photon number readout from the TES could be faked by multiple photons with a proportionally longer wavelength.It shows that the photon number measurement results from the TES alone cannot be used to characterize the photon number distribution of photon signal through an untrusted channel, such as the quantum channel, where the adversary could intercept and replace the signal with photons of arbitrary wavelength.Thus, any QKD scheme using photon number distribution from TES to monitor Eve's activity in the quantum channel is vulnerable to this wavelength-dependent attack 21 .A narrow-band wavelength filter should prevent this attack.However, the characterization of the filter's performance against exploitable wavelengths is needed.
Blinding attack.In a blinding attack on QKD receiver, Eve turns the QKD detectors insensitive to single photons (blinded), but able to produce the expected detection output results when experiencing a bright-light pulse.This type of attack has been demonstrated in various single-photon detectors 4,[6][7][8][9]12 .
In the ideal condition, the TES operates at the transition edge between superconductivity and normal resistive state.In this region, a small change of energy such as single-photon absorption could induce a measurable change in the output voltage proportional to the energy absorbed.By setting a voltage threshold level for each input photon energy, one could discriminate the number of absorbed photons.From the known characteristic of TES 22 at a slightly higher temperature than the operational regime, it could produce the same voltage output level when absorbing much higher energy that can be delivered by a bright laser pulse.In this section, we experimentally demonstrate this behavior.We first investigate the behavior of TES when its temperature is increased beyond the designed transition-edge region.We set the TES to the operating temperature of 100 mK.We record the current-voltage (I-V) characteristic curves of the TES at different temperatures 18 .These characteristic curves, shown in Fig. 4(a), will be used as a reference for the following experiments.At low temperature (100 mK), I TES is roughly inverse proportional on V TES .As the temperature increases, I TES becomes lower.Once the device reaches its critical temperature of ≈ 180 mK, I TES becomes directly proportional on V TES as the TES becomes a normal resistor.
We now demonstrate the ability of Eve to control the temperature using bright light.A CW laser at 1550 nm is coupled through the input fiber of TES.Fig. 4(b) shows that the I-V characteristics at different temperature of the device under test can be replicated.This shows that an adversary could arbitrarily control the temperature of TES using bright CW laser.
For the faked-state attack, the appropriate blinding laser power is one that puts the response at the threshold between the transition-edge regime and the normal resistor regime.In this region, the TES is 'blinded' from single-photon input as the change of voltage produced by an additional absorption is minimal.At the same time, the system in this condition could produce the same voltage level as the system at normal operating temperature when absorbing a bright laser pulse.The histogram of faked-state results with different peak power is shown in Fig. 5(a) and typical oscillograms in Fig. 2(b).Here, the fake signals are laser pulses with 16 ns width and 100 kHz repetition rate.The detector response exhibits a strong superlinearity 29 between Eve's pulse energies of 1.2 to 9.6 × 10 −18 J, which is a potential security loophole.I.e., the voltage response of TES can be controlled by Eve who has access to the input channel.She can choose a bright laser power such that the voltage output represents a 'photon number' of her choice.The physics of the detector in this regime is not clear to us and needs to be investigated further.Attack model.To emphasize the threat of vulnerability found in the previous section, we model a faked-state attack 4 on a Bennett-Brassard 1984 (BB84) 30 QKD system, assuming it uses the TES under test as its detec- tors.We assume here that the wavelength of the signal used by Alice and Bob is 780 nm.In this attack model, the adversary Eve intercepts each signal from Alice and measures it in a random basis.She then reproduces a bright fake signal identical to her detection result and sends it to Bob.Here, she also sends a CW blinding laser power set to 0.25 nW and sets her fake pulsed signal at 2.4 × 10 −18 J pulse energy, both at 1550 nm.In case of Bob's measurement basis choice being different from that of Eve, the power of the fake signal would be split equally between Bob's detectors (we assumed here Bob's basis choice modulator is wavelength-independent).As shown in Fig. 5(b), most of the response signal from TES would fall below the single-photon detection threshold, thus remain unregistered.However, if their basis choices matched, sometimes the signal will be registered.This attack condition causes extra detection loss in Bob.Eve could hide this loss from Alice and Bob if the original quantum channel loss between Alice and Bob is lower than the detection loss induced by Eve's attack.When the basis of measurement between Eve and Bob are dif-ferent, half of the registered detection events would cause an error in the key.This can be seen in the portion of the blue histogram to the right of the single-photon threshold (green line) in Fig. 5(b).With this estimated detection probability and error rate, the quantum bit error rate of the attack could be calculated.Our calculation shows that this attack on a QKD system with the TES under test and the specific parameters assumed above would induce 7.4% quantum bit error rate (QBER).This QBER is lower than the 11% abort threshold of the BB84 protocol 31 , thus the security of the key could be compromised.This shows a possible vulnerability of a QKD system with TES as a single photon threshold detector.A more general attack on a QKD scheme with TES as a photon number resolving detector, as well as attack on other QKD protocols such as coherent-one-way (COW) 7 can also be considered.
In conclusion, we have experimentally demonstrated two possible security vulnerabilities of TES as a photon detector.In this study, we have illustrated the ability of Eve to fake photon-number results in TES using different wavelengths.We have also shown that the characteristics of TES could be altered by a bright CW laser, and photon-number detection results could be faked uslaser pulses with appropriate peak power.Using this result, we model an attack on a BB84-QKD system with TES as a detector and show that Eve could perform the intercept-and-resend attack while inducing as low as 7.4% error rate, under certain specific assumptions.Since the TES under test has a misalignment of its input coupling, which limits its detection efficiency, we speculate that an attack on a higher-efficiency TES with better energy resolution might yield a better result for Eve.Understanding a physical model of the TES under attack can be a topic of a future study.Countermeasures to such attacks will need to be considered in the future when TESes begin getting employed in secure quantum communication schemes.

FIG. 1 .
FIG.1.Experimental setup.(a) Internal circuit diagram of the TES system, consisting of the TES photon detector and its DC-SQUID readout.The TES photon detector is mounted on a 100-mK cold stage chilled by an adiabatic demagnetization refrigerator (ADR).The TES current ITES is readout by DC-SQUID electronics and transferred proportionally to a voltage output Vout.(b) Blinding and fake signal power is controlled by variable attenuators (Att), combined at a 50 : 50 fiberoptic beam splitter (BS), measured by an optical power meter (PM), and applied to the TES system under test.Its output voltage Vout is recorded and analyzed by a data acquisition module (DAQ) connected to a computer (PC).

FIG. 3 .
FIG.3.Histogram of TES output voltage under weakcoherent laser illumination at 1550 nm (red), 780 nm (black), and 450 nm (blue).The leftmost peak represents zero-photon detection.Subsequent peaks to the right represent higher photon number detections.These peaks appear at the voltage level proportional to the energy of the photons.

FIG. 4 .
FIG. 4. I-V curves of the TES.(b)The characteristics of the system at 100 mK under bright laser illumination closely resemble (a) the characteristics at different heat-bath temperatures.This confirms Eve's ability to control TES's temperature using bright light through the input fiber.Dots are measurement results while a solid line is their bin-averaging.

FIG. 5 .
FIG.5.Detector response to the faked-state attack.For comparison, the black curve shows the normal response to a weak coherent pulse (WCP) attenuated to a single-photon level, containing the zero-photon response (left peak) and the onephoton response (right peak).(a) Fake histogram of output voltage at different faked-state pulse energies.The detector is blinded with 0.25 nW CW light.(b) An attack model on a BB84 QKD system with TES as a detector.The threshold (green vertical dashed line) marks the minimum TES voltage output that the system in our model would register as a detection.The fake response is shown for two cases where Bob and Eve pick the same (red) and different (blue) measurement bases under fake pulsed signal of 2.4 × 10 −18 J pulse energy.