An approach for security evaluation and certification of a complete quantum communication system

Although quantum communication systems are being deployed on a global scale, their realistic security certification is not yet available. Here we present a security evaluation and improvement protocol for complete quantum communication systems. The protocol subdivides a system by defining seven system implementation sub-layers based on a hierarchical order of information flow; then it categorises the known system implementation imperfections by hardness of protection and practical risk. Next, an initial analysis report lists all potential loopholes in its quantum-optical part. It is followed by interactions with the system manufacturer, testing and patching most loopholes, and re-assessing their status. Our protocol has been applied on multiple commercial quantum key distribution systems to improve their security. A detailed description of our methodology is presented with the example of a subcarrier-wave system. Our protocol is a step towards future security evaluation and security certification standards.

(THA) 25,26 .By treating the attack as an information leakage problem, the secure key rate becomes a function of the specifications of the installed optical components.The latter can be characterised when necessary.A similar approach has been suggested for other individual imperfections 12,[27][28][29][30] .A methodology to characterise and secure the source against several imperfections is under development 31 .Attention to several imperfections and attacks is being paid when designing QKD equipment 32 .
Although these studies have addressed several individual vulnerabilities, no complete system analysis has yet been reported.This is what we do in this work.We lay out a methodology for security evaluation and certification of a complete quantum communication system against all known implementation imperfections in its quantum optical part.To exemplify how our security evaluation methodology works, we present the results of our initial security evaluation performed at ITMO University and Quantum Communication Ltd.(St.Petersburg, Russia) in 2017.They are therefore the first commercial QKD manufacturer to openly publish the security assessment of their system.We also present the results of follow-up (performed by the manufacturer) to exemplify the follow-up step of our methodology.It consists of theoretical and experimental studies that have allowed the manufacturer to quickly improve implementation security of their product by patching its most prominent loopholes.We hope that our methodology will pave the way for developing security evaluation and certification standards for complete quantum communication systems.
The security evaluation team has performed a very similar initial security evaluation in 2016 on the QKD system Clavis3 from ID Quantique (Switzerland) and on 40 MHz QKD system from QuantumCTek (China).The follow-up step with the latter is currently in progress.We stress that these two industry projects are highly similar in their methodology, character of results and outcomes to the one reported in this Article.I.e., the methodology we report here is applicable to different commercial systems.However details of vulnerabilities found in the two above-mentioned systems remain confidential at the request of the manufacturers.At the same time, in the case of ITMO's system, the complete security analysis results along with all the vulnerabilities and follow-up tasks have been presented here and no information has been kept hidden.
The Article is organised as follows.Our proposed layered architecture of the complete quantum communication system is presented in "System implementation layers" and our severity rating scheme for the implementation imperfections in "Quantifying hardness against implementation imperfections".We describe the system under test in "Security evaluation of ITMO's subcarrier-wave quantum key distribution system".Our initial security evaluation results are presented in "Potential vulnerabilities" and the follow-up from the manufacturer is presented in "Follow-up stage".We conclude in "Conclusion".

Security evaluation and certification methodology
Our methodology requires an iterative interaction between the manufacturer and the certifiers.The certifying agency needs to have an in-depth knowledge of and physical access to the system in order to perform its security evaluation and certification.Thus, the issue of trust has to be implicit in all the security certification tasks.The first stage in our methodology is the security evaluation stage by the testing team; then the follow-up stage by the manufacturer; then again the security evaluation stage, and so on.Through this iterative process, the system security is gradually expected to reach a level that can be trusted and widely accepted.
The security evaluation stage consists of: (a) subdivision of the complete system into seven layers based on the definitions provided in Table 1; (b) scrutinising the system for implementation vulnerabilities that may make it vulnerable against known attacks, as well as trying to find any new unknown attacks that may apply; and (c) categorising each discovered vulnerability according to the hardness level defined in Table 2.When the evaluation stage ends, the follow-up stage starts.In this stage, the security evaluation results are provided to the Table 1.Implementation layers in a quantum communication system.

Q7. Installation and maintenance
Manual management procedures done by the manufacturer, network operator, and end users

Q6. Application interface
Handles the communication between the quantum communication protocol and the (classical) application that has asked for the service.For example, for QKD this layer may transfer the generated key to an encryption device or key distribution network.For quantum secure direct communication this layer transfers secret messages from/to an external unit that sends and receives them Q5.Post-processing Handles the post-processing of the raw data.For QKD it involves preparation and storage of raw key data, sifting, error correction, privacy amplification, authentication, and the communication over a classical public channel involved in these steps Q4.Operation cycle State machine that decides when to run subsystems in different regimes, at any given time, alternating between qubit transmission, calibration and other service procedures, and possibly idling Q3.Driver and calibration algorithms Firmware/software routines that control low-level operation of analog electronics and electrooptical devices in different regimes

Q2. Analog electronics interface
Electronic signal processing and conditioning between firmware/software and electro-optical devices.This includes for example current-to-voltage conversion, signal amplification, mixing, frequency filtering, limiting, sampling, timing-to-digital and analog-to-digital conversions Q1.Optics Generation, modulation, transmission and detection of optical signals, implemented with optical and electro-optical components.This includes both quantum states and service optical signals for synchronization and calibration.For example, in a decoy-state BB84 QKD protocol this layer may include generation of weak coherent pulses with different polarization and intensity, their transmission, polarization splitting and detection, but also optical pointing-and-tracking for telescopes System implementation layers.Security analysis of a complete quantum communication system is a complex procedure that requires different areas of expertise.To simplify the job and ensure that people with specific expertise can tackle the right problems, it is necessary to subdivide the implementation complexity into layers.As a first step of our security evaluation methodology, we have subdivided the system implementation into seven layers based on a hierarchical order of information flow and control as presented in Table 1.Our layer structure is conceptually similar to the open systems interconnection (OSI) model for telecommunication systems 33 .Just like OSI layers, a layer in our system serves the layer above it and is served by the layer below; however, unlike OSI, all our layers are inside one system, and most of them are not abstraction layers.When a generic system is installed, it starts with the top layer: Q7 installation and maintenance; then operation and processing is subsequently initiated in each underlying layer until it gets down to handling quantum states in Q1 optics layer.Once the optics layer generates photon detections, they are again processed in each layer above in sequence until the top layers: either Q6 interfacing the output of the quantum protocol with the application that has requested it, or all the way up to Q7. Below we explain the functioning of each layer with examples.The lowest layer Q1 handles the photonic signals that carry the quantum states and service functions.The next layer Q2 interfaces the optical components with digital processing and possibly performs some analog signal processing.It contains analog electronics and digital-analog converters.Q3 comprises digital and software algorithms that immediately control the electronics and optics, including its calibration aspects.It might contain, for example, a set of algorithms to maintain avalanche photodiode (APD) temperature, bias voltage, and gating.The next layer Q4 is software that decides which Q3 layer subroutine to run.For example, it decides when APDs need to be cooled, or when gating control should be initiated.The next layer Q5 processes the raw data generated by the hardware to distill the final data in the protocol, for example generate secret keys in QKD.The layer above Q6 handles the communication between the quantum protocol and the classical application that asks for the service of the protocol.Finally, the topmost layer Q7 handles issues in any underlying layer that require human intervention, even if the human follows a checklist.We have found that the system evaluated in this Article, as well as several other QKD systems, allow a clear division into this layer structure.An example is given in "Methods".
We admit that the definition of the layers may not be complete and there could be cases when the functionality of a particular hardware component may span across several layers.In that case, the component accommodates more than one layer.For example, signal processing and algorithms belonging to the layers Q2 through Q5 can be implemented in a single physical field-programmable gate array (FPGA) chip.Also, the ordering of the layers may not be absolute.For example, in some systems, the layer Q5 post-processing may run in parallel with the layers below it while in other systems it may start after the end of Q4 operation cycle.In any case, improvisations have to be made when cutting each system into the layers.
If the system contains a separate physical random number generator (RNG), it is considered to be a separate quantum device and therefore not included into our layer classification.Its output would of course interface somewhere with the system, e.g., at layer Q5.Being a separate device it may have an implementation structure of its own, which we do not consider here.
We remark that an initial theoretical proposal of a quantum communication protocol (such as Refs. 1,37) covers a part of the single layer Q5, while being mostly ignorant of the other layers except their few selected aspects.However practical security loopholes can be present anywhere in the complete implementation and be Table 2. Hardness against implementation imperfections.Here we propose a classification scheme quantifying how robust a given system or countermeasure is against a given imperfection.The hardness level is assigned to each particular imperfection and the same imperfection at different systems may be assigned different levels.For each imperfection the hardness level reflects current knowledge, and may change over time.

Hardness level Description Examples
C3. Solution secure Imperfection is either not applicable or has been addressed with proven security The threat of a photon-number-splitting attack on multiphoton pulses is eliminated by the decoy-state protocol 13,14  Laser damage attack on the pulse-energy-monitoring detector in Alice in Clavis2 9 and on optical attenuators in several systems 34 ; photon emission caused by detection events in single-photon detectors 12,35 CX.Not tested Imperfection is suspected to exist and be security-critical, but has not been tested Patch for channel-calibration in Clavis2 36 ; imperfections reported in Ref. 8  Quantifying hardness against implementation imperfections.When an implementation imperfection is suspected to be security-critical, it is necessary to evaluate the security risks.The first step is testing.If it is found to be compromising the security then the next step is to design a countermeasure solution, and the last step is checking the robustness of that solution.This procedure is often a loop, because most countermeasures in turn need to be tested.In order to quantify implementation imperfections-existing inside the system-in terms of solutions implemented, we have categorised them as shown in Table 2.The lowest state CX indicates that the imperfection is suspected to be a potential security issue, and needs to be further analysed or tested before a conclusion can be made.After an imperfection is found to be security-critical, its state becomes C0, i.e., insecure.Next, a solution needs to be developed that provides security against the original attack model.At this state the solution is expected to be robust and the imperfection is considered to be state C2.After it has been integrated into a security proof, the state can be shifted to C3: solution secure.However, often it may be the case that newer attack models are found that bypass the countermeasure; then the state moves to C1, which means the solution is robust only against a specific attack model but not against others or a combination of the original and some other attacks.For example, in ID Quantique Clavis2 QKD system, the imperfection that the detectors were vulnerable to bright-light detector control attack became C0 upon its discovery in 2009 3 , was reclassified C2 after being patched in 2015, then downgraded to C1 next year after the patch was demonstrated to be inadequate against a modified attack 10 .A similar development can be traced for another imperfection: variation of detector efficiency with angle of the incoming light 7 .It was suspected to be a security vulnerability (CX) up to 2015, then proven to be so (C0) in 2015 7,38 , then moved to C2 by the use of a pinhole and later brought down to C1 after the results presented in Refs. 9,39.
We emphasize that the categorisation of a specific vulnerability reflects only the existing knowledge about them which can change with time as seen from the above discussion.Also the categorisation of each existing imperfection depends on the specific system and the specific solution implemented.For example, an imperfection in the single-photon detectors may be classified as insecure (C0) but the same imperfection might be irrelevant (C3) for a system running a measurement-device-independent (MDI) QKD protocol.
Eventually, the objective of the security evaluation process should be to upgrade the system such that all imperfections are on the level C3.Level C3 should be considered good for a commercial product, while levels C1, C0 and CX should be deemed inadequate and need to be remedied by a security update or new product development.Level C2 lies in the gray zone and while it may be considered secure for practical purposes, i.e., adequate for a commercial product, one should remember that it has no theoretical security proof based on quantum mechanics.However, the development of security proofs taking into account imperfections can-in some cases-be a slow process, and we expect many of them to attain C2 earlier than C3.

Security evaluation of ITMO's subcarrier-wave quantum key distribution system.
In the rest of this Article we demonstrate how our proposed security evaluation and certification methodology can be applied to a specific system.As an example, we select the subcarrier-wave quantum key distribution (SCW QKD) system manufactured by ITMO University and its spin-off company Quantum Communications Ltd.During the initial security evaluation, the manufacturer has provided us with an overall design specification of the system along with further oral information and written notes on various aspects of design and manufacturing process.We had physical access to the hardware but did not perform any experiments on the setup during that stage.Following the methodology from "System implementation layers" and Table 1, we have performed a complete security analysis of the bottom four layers (Q1-Q4) that correspond to optics, analog electronics, driver and calibration algorithms, and operation cycle of the system.For these layers, we have examined all suspected implementation security issues according to the current knowledge.For higher layers Q5 and up (from QKD protocol postprocessing and up), we cannot perform a complete security evaluation as they lay outside our expertise area; they should be analysed by a team with expertise in classical information technology security.Nevertheless, we have pointed out a few issues in the layer Q5.
The results of this initial security evaluation have initially been delivered to ITMO in a confidential report in February 2018 (prepared by those authors not affiliated with ITMO).A summary of that report is presented in "Potential vulnerabilities", after we briefly introduce the system to the reader.
The subcarrier-wave QKD principle was proposed in 1999 40 and experimentally demonstrated later the same year 41 .It was initially conceived as a practical fiber-optic system offering an alternative to then-dominant polarization and time-bin encoding schemes that would require a precise alignment during operation 40 , as well as to "plug-and-play" systems developed a year earlier 42 that limited QKD source repetition rate due to an intrinsic two-pass architecture.More recently, SCW QKD has been demonstrated as being robust against external conditions affecting the telecom fiber 43 , allowing increased spectral density 44,45 , and being invariant to telescope rotation in open-air links 46 .Its viability has been experimentally demonstrated for metropolitan area telecommunication lines 47 , multi-user 48,49 and software-defined 50 networks.
A basic design of the SCW QKD system is shown in Fig. 1.In Alice module, a continuous narrow linewidth laser acts as a light source.This radiation with frequency ω is usually referred as carrier wave, or simply a car- rier.It passes through an electro-optical phase modulator, to which an electrical driving signal with frequency is applied.As a result, two subcarriers (or sidebands) with frequencies ω − � and ω + � appear in the opti- cal frequency spectrum, as shown on the plot in Fig. 1 www.nature.com/scientificreports/ between the carrier and the subcarriers, which is induced by phase modulation of the electrical driving signal 43 .Four phase states (0, π/2 , π , 3π/2 ) are used in both Alice and Bob modules.After modulation the signal passes to the quantum channel through an attenuator.Carrier power, modulation index and attenuation value are chosen so that the mean photon number µ sb (on two sidebands combined) meets the protocol requirements.On Bob side a similar modulator introduces phase shift ϕ B resulting in single-photon interference on the sidebands.An optical filter separates the carrier from the sidebands, and the latter are detected on a single-photon detector.The registered optical power depends on the difference |ϕ A − ϕ B | .If Alice and Bob introduce equal phase shifts, constructive interference is observed, and the optical signal power at the sidebands differs from zero.In the opposite case, when the difference equals π , destructive interference occurs and the registered counts cor- respond to dark noise of the detector.Instances when the difference is π/2 are discarded during sifting.Key bits are obtained from the registered counts using algorithms similar to a phase-encoded BB84 protocol 43,51 .A full quantum description of the system and the implemented protocols can be found in Refs. 51,52.

Potential vulnerabilities.
Based on the received information about the system, we have identified a number of potential security issues that might be exploitable by an adversary Eve.A summary of these results is given in Table 3.For each imperfection, we specify the corresponding Q-layers (see "System implementation layers"), hardness level C init (see "Quantifying hardness against implementation imperfections") and an estimate of the risk.Almost all the identified issues require further detailed analysis, and in many cases, in-depth experimental testing in a laboratory.For many issues, the hardness level is CX, meaning the issue's applicability to the system implementation needs to be studied and tested.We specify in which system implementation Q-layers each issue is located, according to the classification introduced in "System implementation layers".The risk evaluation listed in Table 3 is based on a guessed likelihood of the vulnerability, expected fraction of the secret key leakage, and estimated feasibility of exploit technology.It is essential for manufacturers with limited resources to prioritize the problems.Vulnerabilities that can be exploited using today's technology and compromise full secret key are a more immediate threat.They should be addressed before those that require future technology or provide only partial key information (thus requiring of Eve an additional classical cryptanalytic task).We have followed this strategy and tested the two highest risk issues during the follow-up stage (see "Follow-up stage").The security proof and implementation of post-processing have also been completed after the report.
We remark that more security issues may be discovered in the future once the system design and operation are examined in greater detail.We now explain the identified issues.
Controllable detectors.Two types of detectors are used in the present implementation: ID Quantique (IDQ) ID210 gated APD and Scontel TCORPS-CCR-001 superconducting nanowire single-photon detector (SNSPD).Among them, Scontel SNSPD is at least partially controllable by bright light [57][58][59] .Whether the same was true for ID210, required experimental testing.From our previous measurements on ID Quantique Clavis2 QKD system, we know that it is possible to blind its detectors by sending a continuous-wave (c.w.) light of power P blind = 0.3 mW 10 .Then by choosing a trigger pulse power P tr greater than the threshold power P th = 0.15 mW , it is possible to force a click when Bob-Eve phases match.If we assume ID210 behaves similarly to the detectors in Clavis2 system, then Eve could send c.w. power to blind it and perform the faked-state attack 3 detailed in "Methods".
However, sending a trigger power P tr at the subcarrier frequency will not work as the photons will be shifted to another frequency due to Bob's modulation.Instead, Eve needs to inject extra photons in the reference signal frequency so that they are shifted to the subcarrier after the modulation and trigger a click in the blinded detector.Due to the small m in the present system, the reference power required by Eve is P ref ≈ P tr /m .For example, for m = 0.05 , a 1 ns trigger pulse at the subcarriers with peak power P tr > 0.15 mW 10 just before the detectors would require a 1 ns wide reference pulse with peak power of P ref > 3 mW at Bob's input.This is an easily gener- ated and transmitted optical power.
Laser damage.Whether the current system is vulnerable to laser damage attack (LDA) 9,60 , can be ascertained only after experimental testing.Since one of attenuating components, a variable optical attenuator (VOA; FOD 5418) in Alice is the closest to the channel (see Fig. 2), it will be the first target for Eve's LDA.Eve can send high Table 3. Summary of potential security issues in ITMO's subcarrier-wave QKD system.C init , hardness of the initial implementation (analysed in 2017) against this security issue; C curr , hardness of the current implementation (patched as of early 2020) against this security issue.C curr reflects the current knowledge about the security issue, and may change in the future (see "Quantifying hardness against implementation imperfections").Q, system implementation layers involved (see "System implementation layers").Was a known issue.
Has been covered by the manufacturer after receiving the report, see Ref. 52 .The privacy amplification procedure has been updated in the software.

No Low C3
Was a known issue.
Has been covered by the manufacturer after receiving the report, see Ref. 52 .The system software has been updated taking the finite-sized effects into account.
Non www.nature.com/scientificreports/power laser to damage the optical attenuator to reduce its attenuation.If successful, lights coming out of Alice will have higher mean photon numbers than permitted by the security proofs, thus compromising the security.It will also be interesting to experimentally check the effect of laser damage on the optical PSMs to see whether LDA can affect m.If it can, then further studies need to be conducted to check whether it leads to a denial of service or a security compromise.Finally, if LDA can reduce the insertion loss of either the PSM1, linear polarizer (LP) or fixed optical attenuator (FOA) in Alice, it may facilitate other attacks, e.g., Trojan-horse attack.Hence, these components must be characterized meticulously against LDA.
Trojan-horse attack.In SCW QKD protocol, after sifting, Alice and Bob keep only the outcomes for which they both used the same phase, i.e., ϕ A = ϕ B .Thus if Eve can extract information on either ϕ A or ϕ B by performing a Trojan-horse attack (THA) 25,26,61 , the security will be compromised.With current technology, Eve needs a mean photon number µ B→E ∼ 4 to perform homodyne detection 61 .
The secure key rate in the presence of THA-under reasonable assumptions-is available for both singlephoton and decoy-state Bennett-Brassard 1984 (BB84) protocol 24 .It is based on Alice's ability to upper-bound the outgoing mean photon number µ out .A similar theoretical analysis under assumptions appropriate for the present scheme is not available, and needs to be performed.Moreover, wavelength can also be an attack variable 11,62 .It is thus important to measure experimentally the actual values of the insertion loss and reflection coefficients of several components such as LP, FOA, OI, connectors, etc. in a large range of wavelengths that can propagate through the optical fiber (from < 400 to > 2500 nm ).Since a laboratory with wideband characterisation equip- ment is not readily available to us, we have limited our analysis to Eve using a single 1550 nm wavelength.With these two shortcomings, our security evaluation of the system against the THA is detailed below.
Alice: In the present scheme (Fig. 2), possible sources of reflection are the LP (Thorlabs ILP1550PM-APC), FOA (Fibertool FC-FC 15 dB), optical isolator (OI; AC Photonics PMIU15P22B11), all the standard optical connectors placed after PSM1 (i.e., at its side facing away from the quantum channel), and that facet of PSM1.We identify that one of the strongest sources of reflection is the LP with 45 dB return loss (according to its data sheet).Assuming the VOA is set to 70 dB (which is a typical attenuation value required by the SCW QKD proto- col), the insertion loss of the PSM1 is 3 dB and that of each connector is 0.3 dB , the total round-trip attenuation experienced by a Trojan photon is 193.4 dB .For the other protocols, an appreciable decline of performance begins at µ out ∼ 10 −624 .For that, an eavesdropper would need to send 2.2 × 10 13 photons per pulse into the system, which-considering a phase change frequency of f = 100 MHz-corresponds to injecting c.w. power of 280 W .This is somewhat above present-day technology capability, may be around the physical limit of how much power the standard fibers can carry, and will certainly trigger laser damage of Alice's components.Most fiber-optic components get damaged at less than 10 W 9,34,63,64 .While this suggests the risk of THA at Alice's side is relatively low, it is important to check the reflection from the OI and FOA, which requires experimental testing.Finally, this analysis should be repeated for lower attenuation settings of the VOA that may be used by the system and the risk should be evaluated accordingly.
Bob: The risk of THA on Bob seems to be comparatively higher than that at Alice since there is no attenuator or isolator in Bob's module (Fig. 3).The reflection coefficient of the polarization beam combiner (PBC; AC  www.nature.com/scientificreports/Photonics PBS15P12S11-2m) just after PSM2 is 50 dB (according to its data sheet) while the insertion loss of the polarization beam splitter (PBS; same as PBC), PSM2, and each of the four connectors is 0.48, 1.7, and 0.3 dB , respectively.Assuming the point of reflection is the PBC just after the phase modulator, the total loss experienced by a Trojan photon will be l = 56.8dB .This means that in order to get a single photon out, Eve needs to inject a c.w. power of only 6 µW , which is easy.Note that ID210 runs in gated mode with afterpulsing.So, Eve can send the Trojan photons just after the gate but still inside the phase modulation window.However, this may cause a high level of afterpulsing in Bob's single-photon detectors 61 .Scontel TCORPS-CCR-001 has no afterpulsing but it runs in continuous mode, thus making it difficult for Eve to send Trojan photons.Eve can resort to a longer wavelength (such as 1924 nm ) to reduce both the afterpulsing side-effect 11 and also the probability of the Trojan photons to be detected.As a result, wavelength filters are necessary in Bob.Nevertheless, afterpulsing characterization of detectors along with characterization of the wavelength filter at longer wavelengths are necessary in order to prevent the THA.
Lack of general security proof.An apparent requirement of the SCW QKD protocol (to prevent photon number splitting (PNS) 37,65 and unambiguous state discrimination (USD) attack 6,66 ) is to monitor the carrier signal as highlighted in 41,67 .However, based on our discussions with ITMO's engineers, we learned that the monitoring of the reference signal might not be implemented partly due to implementation complexity and partly because they do not deem it necessary for security, because Ref. 51 shows that the system is secure against a collective beam splitting (CBS) attack over a large distance.Here, we emphasize that being secure against the CBS attack mentioned in Ref. 51 does not guarantee security against more general attacks.As an example, we outline a more powerful attack in "Methods".
Manipulation of reference pulse.Here we assume that the reference pulse monitoring is implemented in the system and analyse the consequences.If care is not taken during the implementation, there might still be ways for Eve to perform the USD attack as the following.
First, Eve intercepts Alice's signal just outside Alice's lab and performs a USD measurement 68 .For any conclusive measurement, she prepares the same state with a higher mean photon number and sends it to Bob via a lossless channel, in order to maximize his detection probability.For any inconclusive measurement, she still needs to send the reference signal to Bob and wants it to be detected.However, sending only the reference signal while suppressing the sidebands does not work as it will introduce errors.Instead, Eve wishes the subcarrier signal detection probability to be as low as possible while still keeping the reference signal detection probability as high as possible.The number of photons in the subcarrier and reference signal-after Bob's modulation-is given in Ref. 51

as
Here, µ 0 is the mean photon number of the reference pulse, η(L) is channel transmission, η B is transmission in Bob module, and α is additional loss induced by Eve.|d s 00 (β ′ )| is the Wigner d-function that decides the number of photons to be shifted from reference to side-bands based on its argument β ′ , which itself is a function of the modulation index and the phase difference between Alice and Bob.
We assume APDs are used for the detection of both the reference and subcarrier signals.As a result, it might be possible for Eve to reduce subcarrier signal detection rate without affecting the reference detection rate considerably.The small reduction in P ref det can be compensated by adjusting the power of the pulses sent during the conclusive measurement cases.The only limitation on α is that P ref det should not be lowered significantly for Alice and Bob to notice.A countermeasure to this attack can be to monitor the reference and subcarrier detection rates.However, a further study is required to find the optimal strategy to monitor the reference and subcarriers and also to design the monitoring detector, determine µ 0 , monitoring threshold, and m.Time-shift attack.In order to achieve time synchronization, Alice sends to Bob a continuous 10 MHz sinusoidal optical signal, which is further modulated by a signal of a special shape with 60 ms period.The position of bit slots of 10 ns period 43 and other time intervals are defined with respect to this signal.We suspect that it might be possible for Eve to control the time delay of the reference and side-band signals relative to this synchronization signal to shift their arrival times into a specific moment inside or outside the phase modulation window.This might make the system vulnerable against time-shift attacks (TSA) 69 .A time-shift attack can be performed on the SCW QKD system as follows.For ease of understanding, let us first assume that there is a time gap between successive phase modulation windows (i.e., they are narrower than the bit slot), and in between the modulation windows the phase is 0. We assume a faked-state attack in which Eve stays outside of Alice's module and performs USD of Alice's states.Whenever she obtains a conclusive outcome, she sends the same state ϕ E to Bob in the correct time window (i.e., she does not alter the arrival time).When Bob measures in the same basis, and ϕ E = ϕ B ( ϕ E = ϕ B ), he gets a click (no click).However, when Eve obtains an inconclusive outcome, she gener- ( 1) Vol www.nature.com/scientificreports/ates a ϕ E = π state and sends it in-between the phase modulation windows.Since in between the modulation window the phase applied is 0, this ensures no detection by Bob's detector.
In our discussion with the developers, we learned that in the current SCW QKD implementation, there is no gap between successive phase modulation windows.However, at the transition region from one window to the next, there is a fast fluctuation.Thus, it will be interesting to know what effective phase shift is experienced by a pulse if it is sent at the time interval corresponding to the fluctuations.For example, if the effective phase shift is ϕ 0 , then it might still be possible for Eve to remain inconspicuous during the inconclusive measurement slots by sending a state ϕ E = π + ϕ 0 .However, the feasibility of this attack can only be ascertained by experimental test- ing.For that, one needs to characterize Bob's phase modulation windows-including the transition regions-in the time domain for all phase values.Click processing by Bob will also need to be checked for detection times in the transition regions.
Privacy amplification method.In the composability framework of QKD 70 , to achieve ǫ-security, it is required that Alice and Bob estimate the upper bound of Eve's information on their key up to the end of error correction step, and apply a proper universal-2 hash function.This is done to generate a shorter secret key such that the probability that the key is not perfect and the protocol did not abort is bounded by ǫ .However, the present sys- tem does privacy amplification by first calculating secret key size and then randomly discarding bits in the errorcorrected key to match that calculated secret key size.The disadvantage of this random key removal procedure compared to hashing is that Eve can listen to the classical communication between Alice and Bob and follow the exact procedure to discard bits from her own set.At the end, ǫ-security cannot be guaranteed.To make the secret key ǫ-secure according to the composability framework, the proper implementation of privacy amplifica- tion using the hash function is advised.
Finite-key-size analysis.In the present system, the size of the raw key is limited by the size of Alice's memory (1  Mbit).According to the developers, this leads to a sifted key size of ≈ 20 kbit for a distance of 12 km.For a larger distance of 200 km , the size becomes as low as ≈ 10 kbit 43 .10% of this sifted key is used for parameter estimation.This small sample size has a high probability to lead to discrepancies between the estimated and actual parameter values due to finite-size-effects 71 .Since the present security proof used by the developers does not consider the finite-key-size effects, the system might be vulnerable to them.
Based on our previous analysis on a different system 72 , we know that the finite-size effects become significant when the sifted key size is lower than 200 kbit .At that size of the sifted key, the system-without finite-size- analysis-generated a larger secret key than the upper-bound set by the finite-key-size analysis.Thus, security of the generated key was not guaranteed.Since the sifted-key size of 20 kbit in the present system is much lower than 200 kbit , we strongly suspect that finite-size effects are significant.Thus, we advise to develop a thorough finite-key analysis.To do this, any deviation of parameters due to finite-size-effect needs to be analysed.An example of this effect is the collision probability, i.e., the probability of a hash function mapping two different input keys to the same output key.4][75] .
Non-quantum random number generator.In the present system, three types of RNGs can be used in an interchangeable manner.One is a pseudorandom number generation software drand48_r from Linux operating sys- tem.The second is a commercial product manufactured by the developers of this QKD system.The third one is the internal RNG of Altera Cyclone IV FPGA chip.Using a pseudorandom generator (or randomness expansion) does not satisfy the randomness assumption of the security proof.For the other two generators, care should be taken to verify the quantum origin of the random numbers and the quality of implementation.
Intersymbol interference.Owing to the limited bandwidth of the driving electronics, high speed systems might exhibit intensity correlation among the neighboring pulses-an effect known as the intersymbol interference or the pattern effect 76,77 .The electronic signal applied to the modulator might be dependent on the preceding pulse, which violates the assumption of security proof.This may lead to vulnerability.Testing should be done in order to assess the risk of the intersymbol interference in the present system.
Follow-up stage.After the initial security evaluation report had been delivered in 2017, the follow-up process ensued.Till now, laboratory testing of the two issues controllable detectors and laser damage has been carried out.In both cases, the testing has confirmed the vulnerability's presence and the manufacturer has designed countermeasures and implemented them in the current version of the SCW QKD system.Most other issues (Trojan-horse attack, lack of general security proof, manipulation of reference pulse, privacy amplification, finite key size effects, non-quantum RNG) have also been addressed as outlined below.Two lower-risk issues, time-shift attack and intersymbol interference, remain to be studied in the future.
Controllable detectors: Both detector units mentioned in "Lack of general security proof " have been tested.It has been found that ID210 is fully controllable by bright light 54 , while Scontel SNSPD with a built-in electronic countermeasure (recently developed by Scontel) is partially controllable and the countermeasure in it needs to be improved 59 .The optical power required to control ID210 can easily be generated and transmitted through Bob's optical scheme 54 , confirming our original risk assessment.Technical countermeasures against this attack are currently under consideration.We remark that this vulnerability remains unsolved in most existing QKD systems 78 .
Laser damage attack: as suggested in "Laser damage", we have performed laboratory testing of the VOA unit (FOD 5418).We have found it to be severely vulnerable to the LDA 34 .A brief application of ∼ 2.8 W c.w. laser power damages a metal film layer inside this component and reliably reduces its attenuation by ∼ 10 dB , which renders the key insecure.A countermeasure currently under consideration is to insert another component www.nature.com/scientificreports/ between the line and the VOA, in order to prevent the latter from being exposed to high power.Candidates for this other component are being tested 63,64 .Protocol-related issues: A proof of security for a general attack-the lack of which has been highlighted in "Lack of general security proof "-has been developed in Ref. 52 .It is summarised in "Methods".The issues discussed in "Lack of general security proof " and "Manipulation of reference pulse* have been closed by an analysis of advanced attack and appropriate countermeasures 79,80 .We recap these results in "Methods".Finally, a correct privacy amplification method ("Privacy amplification method") and finite-key ("Finite-key-size analysis") have been included in Ref. 52 .The finite-key analysis is recapped in "Methods".Since all these issues appear to have been addressed by this recently published theoretical work, we have updated their current hardness level in Table 3 to C3.
Two more issues have also been analysed and patched by the manufacturer.For the Trojan-horse attack ("Trojan-horse attack"), additional components have been added to the optical scheme in order to detect the attack (patent pending).Also, possible Eve's information acquired by Trojan-horse attack has been quantified and considered in the security model.The non-quantum RNG ("Non-quantum random number generator") will be replaced in the next version of the system by a quantum one developed by the ITMO team.
Overall, our joint work has allowed ITMO University and Quantum Communications Ltd. to quickly patch most of the loopholes by introducing countermeasures.The implementation hardness levels have been raised from C init of CX and C0 at the time of the initial report to the current state C curr of mostly C2 or even C3.Coun- termeasures marked C2 may eventually become C3, after additional experimental testing and improvement.The two groups also continue to jointly verify the protocol security proof.

Conclusion
The lack of security certification methodology for quantum cryptography is ironic, since security is the main concern behind the shift from classical to quantum cryptography.In this work we have presented a methodology for security evaluation of a complete quantum communication system.Our methodology works in an iterative interaction between the certifiers' evaluation stage and the manufacturer's follow-up stage.At the evaluation stage, the complete system implementation is subdivided into seven layers, a set of layers (in our case the bottom four) are exhaustively searched for vulnerabilities, and finally each discovered imperfection is categorised based on the hardness of the realised solution and practical risk.At the follow-up stage, work is performed to eliminate these vulnerabilities.
We have applied this methodology to three different QKD systems and presented here the results for the SCW QKD system from ITMO University and Quantum Communications Ltd.In this system, we have found a number of potential security issues-which we expose here without omissions-that need a careful investigation by the manufacturer.Experimental tests, countermeasure and theory development have followed.As the result, most of the issues have been addressed, increasing the hardness rating of this implementation.Projects of a very similar character are going on with the two other systems (by ID Quantique and QuantumCTek) that we earlier analysed.I.e., our protocol is applicable beyond the system detailed in this Article.We hope it will pave the way towards development of a security certification methodology for existing and future quantum communication systems.
Our security certification methodology is developed with only point-to-point QKD protocols in mind and we are not sure how applicable it will be for a network scenario.We hope that making the point-to-point systems secure would eventually make the resultant network secure.
One important but sometimes overlooked aspect should be emphasised.When someone is engaged in designing a system, his mindset tends to become biased, and he may not be able to think from a different point of view and see security problems with his own design.This is the very reason the task of security certification should be done in collaboration with third-party experts whose main goal is to find problems.This helps a responsible QKD manufacturer to quickly assess and resolve the security issues, as has clearly happened in the case of ITMO.Furthermore, the third-party analysis should ideally begin during initial design considerations, rather than after the commercial implementation has been completed (as has been the case here).

Methods
Another example of layer subdivision.To give another example, let's consider commercial QKD system Clavis3 81 .Its operation can be divided into our proposed layer structure as follows.When a customer receives the system, the first steps involve a manual installation procedure that is done according to the instruction from the manufacturer.For example, the user needs to connect Alice and Bob QKD stations with a fiber, setup two control PCs (running Linux OS) to install the 'Clavis3 Cockpit' software, configure an Ethernet network with specific IP addresses to establish communication between control PC and Alice-Bob QKD stations, and connect fibers in Bob QKD station in a specific way depending on whether internal or external single-photon detectors are used.During the course of operation, manual interventions may be needed from time to time for maintenance: for instance, if the control software hangs, a manual restart is required.All these fall under layer Q7.Next, the system should interact with some external key management system or encryption engine.These tasks are handled in layer Q6.Next, layer Q5 specifies the post-processing rules: for example, coherent-one-way (COW) QKD protocol with LDPC error correction (with a code rate 2/3) and security parameter of ǫ = 4 × 10 −9 .Next layer Q4 decides which subroutine to initiate: for instance, whether to adjust synchronization between the Alice and Bob QKD stations, optimise modulator voltages in order to maximize the interference visibility, or send qubits from Alice to Bob.The control is then transferred to layer Q3, which executes the chosen subroutines with help from Q2 and Q1.For example, when Q3 initiates the raw key exchange subroutine, the field-programmable gate array (FPGA) chip in Alice-at layer Q2-outputs a stream of 1.25 Gbps digital pulses with adjustable amplitude and width to drive an intensity modulator that prepares the quantum signals.The latter are then sent Here, the intensity modulators, fiber, and detectors all belong to layer Q1 that-together with components from layer Q2-executes a subroutine initiated by layer Q3.
Faked-state attack strategy.Let's assume first that there is no reference monitoring implemented in the system.Let's assume Alice encodes phase ϕ A .We further assume that Eve-sitting outside Alice's module- measures the signal (using similar measurement setup as Bob) by randomly applying ϕ E ∈ {0, π/2, π, 3π/2} .Another part of her-sitting near Bob-sends bright c.w. light of power P blind to blind Bob's side-band detec- tor.When ϕ E = ϕ A , she gets a detection.In this case, she recreates the reference-subcarrier pulse pairs scaling their powers up to make P ref = 3 mW .When Bob also measures in the same basis as Alice-Eve and ϕ E = ϕ B ( ϕ E = ϕ B ± π ), this results in constructive (destructive) interference and will (will not) trigger a click in the blinded sideband detector.If Bob and Eve select different bases, Bob should not register any detection.For the slots when Eve gets no detection due to ϕ E = ϕ A or low detection efficiency, she simply does nothing owing to the absence of reference pulse monitoring, and these events will appear as loss to Bob.
In order to successfully perform this attack in practice, the blinded detector should be characterized to know P never and P always , which are the thresholds of the trigger pulse power making the detector never click and always click.The trigger pulse power P tr in the successful attack needs to satisfy the conditions However, if the reference monitoring is implemented, both the reference and sideband monitoring detectors would be blinded and Eve will need to modify her strategy.When she has a conclusive outcome, she proceeds as before.However, when her measurement outcome is inconclusive, i.e., ϕ E = ϕ A , Eve needs to tailor the power of the reference signal in such a way that it is enough to force a click on the blinded reference detector but not on the subcarrier detector.
Note that, sometimes Eve gets a detection when measuring in the opposite basis to that of Alice and has no way to know if her measurement result coincides with Alice's bit.However, these states are either not detected at Bob due to Eve-Bob basis mismatch or detected and then discarded during sifting due to Alice-Bob basis mismatch.
A more general attack than CBS attack mentioned in Ref. 51 .
• For each quantum signal going from Alice to Bob, Eve splits off a tiny fraction x of each signal in the channel.
• Eve performs a quantum non-demolition measurement on the split signal 66 .
• If no photons are found, she splits off another fraction x.She does this until her induced loss equals the line loss.
• When photons are found, she keeps them in her quantum memory and sends the rest of the radiation to Bob via a lossless channel.The state of each photon in her possession is where a † and b † are the creation operators on the carrier and subcarrier modes respectively, m is the modula- tion index and ϕ A is Alice's phase encoding.This attack is more powerful because, in Ref. 51 , for a line loss η Eve uses a (1 − η) : η beam splitter and the attack only succeeds when both Eve and Bob receive a photon.This becomes less likely as the line loss increases.However, in the present case Eve is not restricted to split in the (1 − η) : η ratio for the line loss η , which gives her more power.Thus, the security proof should be updated to include more (and ideally the most) general attacks than the collective beam splitting attacks.
Asymptotic security.We assume here, that the family of protocols considering in this paper belongs to the class of one-way QKD protocols with independent and identically-distributed (i.i.d.) information carriers and (2) P tr ≥ P always , 1 2 P tr ≤ P never .
( where ν S is the repetition rate; P B is the probability of successful decoding and accepting a bit in a single trans- mission window; Q is the quantum bit error rate (QBER), the probability that a bit accepted by Bob is erroneous; code EC (Q) is the amount of information revealed by Alice through the public channel for the sake of error correction, which depends on QBER and is limited by the Shannon bound: is the binary Shannon entropy.Quantity χ(A : E) in Eq. ( 7)) is the Holevo capacity, giving an upper bound for amount of information accessible to eavesdropper Eve in a given collective attack (quantum channel).It is well-known that coherent attacks in i.i.d.case can be bounded with collective attacks.So one usually considers coherent attacks as general collective attacks 85 in terms of arbitrary unitary operations on purified states in enlarged Hilbert space (described in terms of isometry) provided by Eve.In Reference 52 , the result of arbitrary isometry is considered in order to estimate Holevo capacity in complementary channel.Eve performs unitary operation (described by isometry) between states in the channel and Eve's ancillas to make them (in general case) entangled in some way 86 .It has been shown that Holevo capacity of complementary channel is maximized when states become untangled (but interacted).Further considering the property of isometry, i.e., preserving the overlap between the states, it has been shown that highest mutual information between Alice and Eve is bounded by the Holevo bound.This statement eliminates the necessity to consider particular kinds of isometries.
In case of subcarrier-wave quantum key distribution Holevo bound can be found considering reduced unconditioned channel density operator, i.e., considering only two states since Eve can wait to measure her states after reconciliation.Therefore the obtained Holevo bound using binary Shannon entropy function h(x) = −x log 2 x − (1 − x) log 2 (1 − x) of the unconditioned channel density operator eigenvalues is as follows: where µ 0 is the amplitude of the coherent state on the of carrier wave determined by the average number of photons in a transmission window provided with coherent monochromatic light beam with optical frequency ω , d S 00 (β) is the Wigner d-function from the quantum theory of angular momentum 87 , and β is determined by the modulation index m 51 .
Advanced unambiguous-state-discrimination attack.The collective attack that considers a mutual information between Alice and Eve might not be the most general attack.There might be attacks that decrease conditional mutual information I(A; B|E) to zero.An example of such attack has been introduced in Ref. 80 where Eve performs an errorless USD measurement 88,89 then blocks inconclusive results and alters (amplifies and adds errors) the distinguished states.The latter is necessary to maintain both detection and error rates.In Reference 80 the condition of revealing Eve's actions 90 is generalised as where P det is an expected detection probability and P USD is the probability of unambiguous state discrimina- tion.Obviously there are two main strategies to increase the performance of the system.The first is to increase P det and the second is to decrease P USD .We refer to Refs. 79,80for a further discussion of proposed approaches against the USD attack.
Finite-key security.Since the resources such as time and memory are finite, it is not sufficient to consider asymptotic security.Therefore, in Ref. 52 a finite-key analysis has been performed.To estimate appropriate bound on secure key rate we consider the notation of Renyi entropies H α (X) = 1 1−α log n i=1 p α i , because they describe the worst case and not the average one.In the paper we consider that α → ∞ since we use min- entropy H ∞ (X) = H min = − log max i p i .Thereby a quantum asymptotic equipartition property (QAEP) 91 is considered in order to bound ε-smooth min-entropy by von Neumann entropy.It means that for a large number of rounds, the operationally relevant total uncertainty can be well approximated by the sum over all i.i.d.rounds.In SCW QKD, conditional von Neumann entropy, or more precisely an entropy of Alice's bit conditioned on Eve's side-information in a single round, is bound as H(A|E) ≥ 1 − χ(ρ).
To provide the key extraction one should carry out the following steps.
(i) Parameter estimation.One should estimate the error rate (Bob publicly sends a random subset of k bits to Alice, and she estimates the QBER Q est in that subset) and detection rate at Bob's side.(ii) Error correction.At this step both legitimate parties should check and correct the errors in their bit strings.It can be done using any error correction code.(iii) Privacy amplification.In Reference 52 , the privacy amplification has been studied using the bound from Ref. 92 , which tells us that the trace distance d between the protocol's output and an ideal output (where the key is uniform and independent from Eve, even after Eve knows the matrix used for the hashing) is bound above by www.nature.com/scientificreports/where in the last step the quantity ε sec is introduced as an upper bound on d.Reference 52 gives the final result that the protocol is ε corr -correct with ε corr = ε EC and ε sec -secure with ε sec = ε s + ε PA , hence ε QKD -secure-and-correct, with ε QKD = ε EC + ε s + ε PA providing secure bit string with length (10) . Quantum information is encoded in the phase shift ϕ A Vol.:(0123456789) Scientific Reports | (2021) 11:5110 | https://doi.org/10.1038/s41598-021-84139-3

Figure 1 .
Figure 1.Basic subcarrier-wave QKD scheme.Plots show optical spectra at different points in the setup.ATT optical attenuator, PSM electro-optical phase shift modulator, SF notch spectral filter, SPD single-photon detector.

Figure 3 .
Figure 3.Bob's optical scheme in detail.Bob's phase shift modulator PSM2 is polarization-insensitive and is implemented as two identical modulators acting on orthogonal components of input polarization.PBS fiberoptic polarization beam splitter, PBC fiber-optic polarization beam combiner, C circulator, FBG fiber Bragg grating. https://doi.org/10.1038/s41598-021-84139-3 https://doi.org/10.1038/s41598-021-84139-3www.nature.com/scientificreports/over the fiber to Bob.Another FPGA at Bob-a layer Q2 device-outputs another stream of 1.25 Gbps pulses to provide the gating signals to the single-photon detectors and receives detection signals from these detectors.

•
For different values of ϕ A ∈ {0, π/2, π, 3π/2} , Eve's states are not orthogonal.To make them orthogonal to each other, Eve needs to apply a filtering operation When the bases are revealed during sifting, Eve simply measures |ψ ′ � e in the correct basis to extract ϕ A .