Quantum man-in-the-middle attack on the calibration process of quantum key distribution

Quantum key distribution (QKD) protocol has been proved to provide unconditionally secure key between two remote legitimate users in theory. Key distribution signals are transmitted in a quantum channel which is established by the calibration process to meet the requirement of high count rate and low error rate. All QKD security proofs implicitly assume that the quantum channel has been established securely. However, the eavesdropper may attack the calibration process to break the security assumption of QKD and provide precondition to steal information about the final key successfully. In this paper, we reveal the security risk of the calibration process of a passive-basis-choice BB84 QKD system by launching a quantum man-in-the-middle attack which intercepts all calibration signals and resends faked ones. Large temporal bit-dependent or basis-dependent detector efficiency mismatch can be induced. Then we propose a basis-dependent detector efficiency mismatch (BEM) based faked states attack on a single photon BB84 QKD to stress the threat of BEM. Moreover, the security of single photon QKD systems with BEM is studied simply and intuitively. Two effective countermeasures are suggested to remove the general security risk of the calibration process.