Practical Side-Channel Attack on Free-Space QKD Systems With Misaligned Sources and Countermeasures

Practical implementations of quantum key distribution (QKD) protocols can introduce additional degrees of freedom in the quantum states that may render them distinguishable to an eavesdropper. This is the case of QKD systems using a different laser source to generate each quantum state, which can lead to temporal, spectral and/or spatial differences among them that can be exploited by a malicious party to extract information of the key. In this work we characterize, and experimentally verify, a side-channel attack on spatially distinguishable states against free-space QKD systems with misaligned laser sources. Specifically, for those emitting Gaussian beams, which is the most common case in free-space QKD. The attack makes theoretically unsafe any QKD system with any angular misalignment between the laser sources. Finally, we propose two countermeasures to eliminate the spatial distinguishability and secure the key exchange.


I. INTRODUCTION
Quantum key distribution (QKD) is an application of quantum information theory that allows two authenticated distant parties to exchange a cryptographic key with unconditional security [1], [2]. The security of most QKD protocols is based on the fact that non-orthogonal quantum states are not distinguishable [3], [4], or at least not without a loss of information [5]. Thus, encoding the information of the key using non-orthogonal quantum states, it is possible to guarantee the secrecy of the key transmission in different QKD protocols [6], [7]. Nevertheless, in the physical implementation of these protocols, additional degrees of freedom not considered in theory may appear, making the states distinguishable, and jeopardizing the security of the key exchange [8]. Attacks that take advantage of these additional degrees of The associate editor coordinating the review of this manuscript and approving it for publication was Luca Barletta. freedom are called side-channel attacks. There is a wide variety of possible side-channel attacks to QKD systems at device level, such as attacks to the sources and detectors [9]- [13], and attacks to the physical implementation of some post-processing steps [14]. Further, there are side-channel attacks to the signals traveling between the QKD terminals, which will be addressed in this work. There are two different approaches to protect QKD against side-channel attacks. The first approach is to use protocols in which the security does not depend on the implementation, such as device independent (DI) QKD [15]. The second approach is to detect and close all the possible security loopholes caused by sidechannels. In order to do that, we must take into account all possible side-channel attacks and either characterize the information leakage they may cause and consider it in the privacy amplification step, or design countermeasures by hardware or software modifications to remove the side-channel. The best approach depends on the application, the users' security needs, and budget restrictions. On the receiving station, both approaches have been used: detecting and closing security loopholes due to side-channels [10], [16]- [20], and shielding the receiver from any side-channel attack with measurement-device independent (MDI) QKD [21], [22]. Different QKD protocols based on the principles of quantum interference, such as the original MDI [21], [22], twin-field (TF) [23], and sending-or-not-sending (SNS) [24] protocols have been proposed and experimentally demonstrated [25]- [32], achieving side-channel-free receiving terminals. However, protecting the transmitting station is a more challenging task, since the implementation of DI-QKD has shown some practical limitations. Thus, to protect QKD against side-channel attacks to the transmitter terminal and the transmitted signals, the most extended approach is to detect and close all the possible security loopholes caused by side-channels [9], [16], [20], [33]- [36]. Therefore, we chose the latter approach to characterize a possible side-channel attack that can be targeted to many free-space QKD transmitters implemented to date, and propose countermeasures to protect them.
The polarization of light is one of the most extended physical observables used to encode the information of the keys in prepare-and-measure QKD with free-space or atmospheric transmission channels. To generate the states of polarization in protocols such as B92 [37] and BB84 [38], it is widespread to use a different laser source for each quantum state [39]- [46]. This design with multiple lasers in the transmitter, Alice, has the advantage of being able to obtain very stable states of polarization over long periods of time. Specifically, those using free-space polarizers and not any other fiber-optic component after the states are polarized, since optical fibers may induce polarization variations in the states dependent on temperature and pressure, making them unstable over time. Furthermore, the use of passive elements for the codification of the information of the key avoids some Trojan-horse attacks [10] and simplify the electronics to control the sources. However, the use of multiple lasers introduces different degrees of freedom that could be used to distinguish the sources. For these cases, side-channel attacks that take advantage of the spectral, temporal and/or spatial distinguishability of the states generated by the different lasers have been proposed [9], [33], [35], [36], [47]. Since each quantum state is generated with a different laser source, it is possible to distinguish the states by their wavelength spectrum, by disparity in emission times, or by the possibility of spatially separating the states to identify them. For the aforementioned attacks, some countermeasures have been proposed too [9], and secure QKD systems against them have been demonstrated [33], [43].
In this work, we will focus on a practical attack that takes advantage of the spatial distinguishability of quantum states due to angular misalignment between the laser sources, as this topic is not fully covered in the references mentioned above. More specifically, we analyze an attack that uses an optical system to discriminate beams with different angles of arrival, exploiting the fact that each one of them is focused in a different area of the focal plane. With this strategy, the attacker can distinguish the states depending on the area of the focal plane they are focused. The description of the attack is extended in the methods section (II). In [33] they propose a similar attack considering point sources, spherical waves, and a transmitter that truncates the beams introducing diffraction effects. However, this is not the most general or optimal design, since spherical waves are unusual in QKD systems, and the transmitter usually does not truncate the beams since it increases diffraction losses, which is a critical parameter that should be minimized in long distance QKD links. Further, truncating the beam is not an effective countermeasure against an attacker with infinite capabilities, which is generally considered in QKD security proofs. We thus consider that the transmitter emits Gaussian beams, which is the most common case in free-space QKD systems, and that its exit aperture does not introduce truncation effects on the Gaussian beams to reduce diffraction losses. We first assume free-space as the transmission channel without atmospheric turbulence and no pointing error. Nevertheless, the results could be applied to the case of atmospheric transmission with wavefront distortion and pointing errors considering that the attacker corrects those effects with adaptive optics and beam stabilization technologies. With these assumptions, the attack makes theoretically unsafe any QKD system that generates the different states with angularly misaligned laser sources, which could be the case of many experimental QKD transmitters like the Micius satellite [42]. We analytically characterize the maximum information that an attacker can extract depending on the angular misalignment between the optical beams, the wavelength of the quantum signal, and the beams' radii (sections II-A and III). Further, we experimentally verify the possibility of performing the attack (sections II-C and III). Finally, we propose two countermeasures to protect the system and discuss their advantages and disadvantages (section III-A).

A. ATTACK MODELLING
Beams with different angles of arrival upon reception on an optical system are focused on different points at its focal plane. From this idea, we propose a practical side-channel attack in which the eavesdropper, Eve, uses an optical system to discriminate the source generating each quantum state, and thus, determine the codification of the key. For the attack characterization, we assume two beams with the same wavelength and beam radius, and an angular divergence between them of θ. To spatially distinguish the beams at the focal plane, Eve can use an array of single-photon detectors. We will assume a simpler design (see figure 1) in which she divides her focal plane into two areas, and that she measures all the photons that fall in each area with a different measurement base. In the case of the BB84 protocol, these bases would be the Z (rectilinear) and the X (diagonal) one. This can be done by placing a wedge-shaped mirror that splits the beam in two portions, deflecting each towards a measurement base. We will consider the most beneficial case for the attacker in which the states of each base are aligned, and those of different bases have an angular divergence θ. In other cases, the same procedure could be used, taking into account the divergence between each state and the two states of other base. Under certain circumstances that we will now analyze, the spatial separation of the beams at the focal plane, x, could be greater than twice their radius at the focal plane, w f , such that most of the photons from each beam are measured by the attacker with the basis on which they were prepared. Measuring the states with the base in which they were prepared allows an unambiguous discrimination of the states. After measuring, the attacker generates the measured states and resends them to the original receiver of the QKD link.
To separate two optical beams with a certain angular divergence, θ = θ 2 − θ 1 , we can use an optical system with an effective focal length, f . As each beam reaches the system with a different angle of incidence, θ 1 and θ 2 , each one will focus on a different point at the focal plane. The position of the centroid of each beam at the focal plane will be x i = f · tan(θ i ), being i = 1,2 [48]. The centroids of the beams will be separated by a distance We will consider that collimated Gaussian beams are emitted with wavelength λ at the output of the QKD transmitter. Furthermore, at a certain distance z from the transmitter, the beams will have a radius w z . We use the beam radius definition as the distance to the center of the beam at which the optical intensity drops by exp(−2). If an attacker focuses these beams using an optical system with an effective focal length f , the radius of the beams at the focal plane will be at least Equation (2) defines the radius of a focused Gaussian beam at the focal plane, assuming that the aperture of the attacker's optical system is infinitely large [49], that is to say, neglecting the effects of truncation. In practice, this does not vary significantly if the radius of the aperture is at least twice the radius of the beam [50]. Using equations (1) and (2), and dividing one by the other, we obtain The quotient between the radius of the beams, w f , and the distance between them, x, at the focal plane does not depend directly on the focal length of the optical system, but on w z , θ and λ. As we can see in figure 1, and we will show more rigorously below, this quotient is what determines the amount of information that an attacker can obtain. We can calculate the information that the attacker obtains by considering the irradiance pattern of a Gaussian beam, and calculating the total power that is measured in the correct base. For a Gaussian beam, the irradiance distribution at the focal plane is Gaussian too [51]: being I 0 the maximum irradiance. In the considered case in which we try to split the beams, we would have that the pattern is I 1 = I (x + x/2, y) for the beam displaced to the negative x values, and I 2 = I (x − x/2, y) for the beam displaced to the positive x values. The total power is whereas the power that falls on the correct half of the focal plane, in which its measurement base is located, is which, by symmetry is With these powers, the probability that the attacker measures the photons with the correct base is Using equations (4), (5), (7) and (8), and making the variable changes: x + x/2 = x , x = n x w f and y = n y w f we obtain Solving the integral (9) we get that We can see how the probability that the attacker measures with the correct base depends on the quotient of x/w f . Using equation (3), we can calculate x/w f as a function of w z , θ and λ, and substitute it into (10) to calculate p c , so In addition to measurements with the correct base, half of the measurements with the wrong base give correct measurement results. Thus, the probability of a correct measurement result is Finally, considering that the attacker measures all the photons, the probability that the attacker uses the wrong base and that the resent state generates an error in Bob is VOLUME 10, 2022 FIGURE 1. Alice transmits two beams with some divergence θ, Eve intercepts the signal and uses an optical system to separate the beams at her focal plane. The demarcated areas within Eve's focal plane mark the division for each measurement base (Z and X). The parameters w f and x are the beam radius and the distance between the beam centroids at the focal plane, respectively.

B. REALISTIC CHANNEL AND POINTING ERROR MODELLING
We have modelled the attack described in this work for the case of Gaussian beams, which is the case for a transmission channel without the presence of atmospheric turbulence and without considering pointing errors generated by the transmitter of the QKD system. Considering both effects, they will produce a broadening and a random movement of the beams at the focal plane, thus affecting the probability of obtaining correct and incorrect measurements. However, in QKD security proofs, an attacker with unlimited resources (compatible with the laws of Physics) is commonly assumed to guarantee unconditional security. This means that we must assume that the attacker has access to ideally perfect correction systems. The attacker can thus use both adaptive optics and beam stabilization systems to correct the wavefront distortion and stabilize the positions of the beams at the focal plane, respectively. Therefore, with these assumptions, the developed model here is still valid for a realistic channel. Additionally, we must consider that, in the case of a transmission channel with atmospheric turbulence, the attacker must use a larger aperture for the optical system to distinguish the states, since the long-term beam irradiance distribution at the aperture is broadened by atmospheric turbulence and pointing errors. We can model the long-term irradiance profile of a gaussian beam that has been propagated through atmospheric turbulence according to [52]. Assuming small pointing errors, we can approximate the results to those of [53]. This approximation assumes a Gaussian profile with radius: being w LT the long-term beam radius due to atmospheric turbulence, σ θ the standard deviation of the angular pointing error, and z the distance from the transmitter. Finally, we can also model w LT according to [54] depending on the atmospheric turbulence conditions. In brief, if we consider a realistic channel with atmospheric turbulence and pointing errors, the attacker must use an optical system with an aperture of radius at least twice of w S , which is larger than the radius of the beam in the case of ideal free-space propagation. However, if we assume the attacker is capable of correcting the wavefront and compensating the pointing errors, this does not change the information obtained by the attack, since it is determined by the radius of the corrected beam, w z , and not w S according to our model.

C. EXPERIMENTAL VERIFICATION OF THE ATTACK
To demonstrate a proof-of-principle of the attack, we have used the experimental setup shown in figure 2. We have measured the power of a focused beam by a lens, and we have varied the angle of incidence of the beam to the lens with a voice-coil-driven steering mirror. We used different angular deviations of the beam to simulate the values of angular divergence in the attack. We have used a photodetector with a round surface and covered half of it with a piece of metal, so the effective surface exposed to the light beam has a straight edge. The measured power with the photodetector corresponds to the measurements in the correct base, and the blocked power by the metal piece corresponds to the wrong base. We only measure the power of one beam and assume that the other one is symmetric. The diameter of the surface of the photodetector is more than ten times greater than that of the focused beam, which makes the power that falls outside the detector negligible, and therefore, the integration to infinity in equation (7) is a good approximation. The diameter of the lens was 70 mm, the focal length of the lens was 300 mm, the radius of the collimated beam was 3 mm, and the wavelength of the laser was 850 nm. The reason why we chose 850 nm as the wavelength is because it is widely used in free-space QKD systems. To assess the experimental verification, we measured the power on the exposed surface of the photodetector for each angle of deviation set by the steering mirror. Dividing each measured power by the total power of the beam as in equation (8), we obtained the probability of measuring with the correct base, p c , as a function of θ. The steering mirror has an internal optical sensor that we have used to obtain the angle of deviation of the beam. The deviation of the beam generated by the steering mirror is equivalent to half the angular divergence, θ, in the proposed attack (see figure 2).

III. RESULTS AND DISCUSSION
In order to show the probability that Eve measures with the correct bases using the proposed attack, in figure 3 we show this probability calculated as a function of the quotient x/w f with equation (10). It can be seen that if the separation between the beams at the focal plane is x = 0, the probability is 50%, which agrees with that obtained in a conventional intercept-and-resend attack in which a measurement base is randomly chosen each time. As x increases with respect to the beams' radii at the focal plane, w f , the beams get further and further apart and the probability of measuring with the correct base increases. For x/w f > 3 the probability p c is practically 100%.
Assuming a wavelength λ = 850nm, figure 4 represents p c calculated with equation (11) as a function of θ for the different cases of w z indicated in the legend. Note that the horizontal axis is in logarithmic scale so all the traces can be shown clearly, but the behavior in arithmetic scale is the same as the results in figure 3. With these results, we can get an idea of the information that Eve obtains with this attack, and the diameter of the telescope she needs, 4w z , as a function of θ. We can see how the attack obtains more information for the case of larger beam sizes and larger angular divergences.
Finally, we e have experimentally verified the attack. In figure 5, the probability that Eve measures in the correct base, p c , is represented versus the angular divergence between the beams, θ. The dots are the experimental results, and the dashed line is the simulation calculated with equation (11).
The behavior of the experimental results of p c represented in figure 5 agrees with the theoretical predictions, although some values are slightly lower than those of the simulation. This could be due to some imperfections in the experimental setup. Placing the photodetector at the exact focal plane with high precision is not always easy. For instance, if the photodetector is placed slightly out of focus, we obtain results with less probability of a correct measurement. This is due to x/w f being maximum at the focal plane. In addition, if the displacement of the beam is not perpendicular to the vertical axis defined by the edge between the metal piece and the active area of the photodetector, the irradiance obtained with each displacement is less than the expected one. Furthermore, the lens can introduce optical aberrations that increase the size of the beam at the focal plane, also reducing p c . Thus, we find different practical aspects that could reduce the theoretical probability of distinguishing the states in a physical implementation of the attack. However, despite the fact that the implementation can be improved, the results still show high values of p c that compromise the security of QKD systems.
According to equation (11), if there were some methods of increasing the product w z · θ, this would allow an attacker to obtain more information of the key. This is the case of Gaussian beam propagation, in which diffraction increases the beam size without varying θ, thus increasing w z · θ. That is to say, the attack is more effective in long distance links, and thus, we need to be specially careful in applications, such as satellite QKD. In fact, an attacker could modify the optical path of the beams between Alice and Bob and transmit them longer distances to arbitrarily increase their sizes before focusing them, thus extracting all the information of the key. Therefore, in theory, the information that Eve can obtain is not limited. Although we have considered for the analysis a simple case in which states of the same base are aligned and states of different bases are misaligned, in a general case with any other set of misalignments between states, the protocol is no longer secure since the attacker can arbitrarily modify VOLUME 10, 2022 the beam size and obtain the required angular resolution. However, in practice, this attack might not be so easy to implement since Eve must propagate the beams over long distances. For example, for the case of a collimated beam with a 10cm beam radius at the output of the transmitter, a transmission of more than 360km is needed to obtain w z ≥ 1 m. In addition, Eve must use an optical system to detect the sates with a large aperture, even tens or hundreds of meters in the case of θ ≤ 1 nrad (see figure 4). On the other hand, for θ ≥ 0.1µrad, the beam size magnitudes obtained in figure 4 are close to the sizes of telescope apertures that we can obtain in practice, less than 10m. For these cases, the attack could be carried out successfully with current technology. To get an idea of the possible impact of the attack with current technology, let us consider a QKD transmission between a LEO satellite and a ground station, specifically we assume the Micius satellite [42]. The wavelength of the quantum signal is 850nm. Assuming the near-diffractionlimited far-field divergence of the beam obtained in [42], 10µrad, we estimate that the collimated beam radius at the aperture of the QKD transmitter should be around 0.025 m, which we will use in our calculations. We consider that the attacker is capable of deviating the beam from the QKD transmitter to its own receiver, which could be another space telescope in a nearby orbit, measure, generate and resend the states to the original receiver. The attack could be performed before the propagation of the beam trough the lower layers of the atmosphere, thus requiring a smaller telescope aperture. We can consider a representative case for the attacker's space telescope aperture diameter using that of the Hubble telescope (2.4 m). Considering a distance between the QKD transmitter and the space telescope of the attacker of 55km, the beam radius of the quantum signal at the aperture of the attacker's telescope is slightly smaller than 0.6 m. With the considered aperture of 2.4 m, the truncation effects on the beam are low. We do not know the angular misalignment θ between the different beams in the case of the Micius satellite, therefore, we will assume different values of θ. Assuming an angular misalignment θ = 1µrad, we obtain a probability of correct measurement p c = 0.986 and therefore a probability of generating an error in Bob p err = 0.007. With an analogous procedure, in the case of an angular misalignment θ = 0.5µrad, the attacker obtains a probability of correct measurement p c = 0.865 and causes an error with probability p err = 0.068. In the case of θ = 0.25µrad, p c = 0.709 and p err = 0.146. Finally, considering an angular misalignment θ = 0.1µrad, the attacker obtains a probability of correct measurement p c = 0.587 and causes an error with probability p err = 0.206. Thus, with current space telescope sizes, QKD systems using different sources with an angular misalignment greater than 1µrad are totally insecure, and lower values of angular misalignment they are still highly insecure but obtaining less information leakage. We can consider conditional security if we assume a limited technological power on the part of the attackers, and design safe systems under these assumptions. For example, we can consider a limit in the size of the optical telescopes of the attackers, which is reasonable due to the difficulty of constructing large mirrors. With this limit in the size of the apertures of the optical systems, we can align the beams with sufficient precision to obtain secure QKD. In the case of atmospheric transmission, our model assumes attackers with ideally perfect adaptive optics and beam stabilization systems. For attackers with limited technological power our result serves as an upper bound of the information that could be gained by an eavesdropper, but a more complex model to calculate more accurate probabilities of correct and incorrect measurements is required. However, QKD was potentially able to guarantee the security versus an attacker with infinite capabilities. If we do not want to assume technological limitations, increasing the precision of the alignment between the laser sources is not enough. Thus, we must design countermeasures that prevent the attack altogether.

A. COUNTERMEASURES
We propose two countermeasures to make the states spatially indistinguishable. The first one involves coupling all states into the same single-mode optical fiber before launching them into the free-space channel. In this way, by confining them in the fiber, a single spatial mode of propagation is achieved that makes them almost spatially indistinguishable [35], obtaining low information leakage. Considering the corresponding information leakage, the privacy amplification could be sufficient to protect the key exchange. This is the case of QKD systems such as those of [40] and [41], whereby the states are propagated through the same fiber before transmitting them into free-space. However, this design is still susceptible to attacks that take advantage of spectral and temporal distinguishability. It is possible though, to protect the system against those side-channel attacks as they do in [43], by making the temporal and spectral profiles of the different sources as indistinguishable as possible, but it may limit the secure key rate. Alternatively, other systems such as those of [55] and [56] generate the optical pulses using a single laser and select the polarization state with a polarization modulator, thus eliminating the possibility of side-channel attacks that take advantage of the spectral, spatial, and temporal distinguishability of the different sources. Since only one source is used, there are no differences in the wavelength spectrum, spatial mode, propagation direction, or temporal profile among the different states. Even in the case of a polarization modulator that introduces information leakage, it could be quantified and considered in the privacy amplification step. The disadvantage of a single laser design is that the polarization modulator can expose the system to Trojan horse attacks [10]. However, this can be solved by the techniques proposed in [10], [19] and [20], which guarantee the security of the key exchange against these attacks.
The existing QKD systems mentioned in the introduction [39], [42]- [46] are no longer unconditionally secure against the described attack. Thus, the proposed countermeasures could be applied to these QKD systems in order to secure them without drastically changing the QKD protocol.

IV. CONCLUSION
We have proposed and modelled a side-channel attack that takes advantage of the spatial distinguishability of the generated states by a QKD system with different misaligned laser sources, obtaining an analytical expression for the probability of discriminating the quantum states. We have also carried out an experimental proof-of-principle of the attack, validating the analytical result of the probability that the attacker discriminates the states. The described attack makes theoretically unsafe any system with any angular misalignment between the sources considering an attacker with infinite technological power. There are two possible ways of facing this problem: assuming limitations in the technological power of the attacker guaranteeing ''only'' conditional security for the QKD systems, or changing the design of the QKD systems to completely secure them against the described attack. For the second option we have proposed two countermeasures that protect QKD systems against the described attack: the use of single mode optical fiber to generate a unique spatial mode of propagation, and the use of a single laser to avoid spatial distinguishability of the different sources. Finally, we have pointed out the security considerations that must be taken into account with each countermeasure to guarantee secure key exchange. As possible future work, the attack could be performed in a more realistic situation. In addition, following the path of conditional security with limited technological power on the part of attackers, developing new beam alignment techniques and more realistic models with atmospheric transmission channels would be useful. On the other hand, following the path of unconditional security, work on the development and practical implementation of countermeasures that completely eliminate spatial distinguishability should be addressed.