Hacking single-photon avalanche detector in quantum key distribution via pulse illumination

Quantum key distribution (QKD) has been proved to be information-theoretically secure in theory. Unfortunately, the imperfect devices in practice compromise its security. Thus, to improve the security property of practical QKD systems, a commonly used method is to patch the loopholes in the existing QKD systems. However, in this work, we first time show an adversary's capability of exploiting the new feature of the originally flawed component to bypass a patch. Specifically, we experimentally demonstrate that the patch of photocurrent monitor against the detector blinding attack can be defeated by the pulse illumination attack proposed in this paper. We also analyze the secret key rate under the pulse illumination attack, which theoretically confirmed that Eve can conduct the attack to learn the secret key. This work indicates the importance of inspecting the security loopholes in a detection unit to further understand their impacts on a QKD system. The method of pulse illumination attack can be a general testing item in the security evaluation standard of QKD.