Curator's Take
This research exposes a critical vulnerability in quantum key distribution systems by demonstrating how pulsed laser attacks at non-standard wavelengths can compromise fiber-optic components in ways that continuous-wave attacks cannot. The finding that pulsed irradiation can lower the damage threshold for subsequent attacks by up to 7 dB reveals a sophisticated two-stage attack vector that could allow eavesdroppers to create hidden side-channels without detection. This work is particularly significant because it shows that current security assessments for QKD systems may be inadequate, as they typically focus on continuous-wave laser damage attacks rather than these more subtle pulsed approaches. The results underscore the ongoing cat-and-mouse game between quantum cryptographers and potential attackers, highlighting the need for more comprehensive physical security testing as QKD systems move toward real-world deployment.
— Mark Eatherly
Summary
The security of quantum key distribution (QKD) systems relies on the physical integrity of their components. While laser-damage attacks (LDAs) using high-power continuous-wave (cw) lasers have been well studied, the threat posed by pulsed lasers at alternative wavelengths remains underestimated. Here, we experimentally investigated the stability of four types of fiber-optic attenuators under exposure to sub-picosecond pulses at 1061 nm with average power reaching 1 W. Mechanical variable attenuators with blocking elements and fixed air-gap attenuators show resistance to this attack. MEMS-based variable attenuators exhibit increased attenuation or irreversible damage that causes a permanent reduction in attenuation of approximately 3.8 dB. For fixed attenuators with an absorption element, we demonstrate that initial pulsed irradiation significantly lowers the optical damage threshold of the components compared to direct cw attacks. The attenuation reduction achieved is up to 7 dB at a 1 W cw laser at 1550 nm. These results highlight the possibility of establishing a hidden side-channel for eavesdropping attacks and underscore the insufficiency of existing countermeasures against sophisticated LDA scenarios.