Wavelength-selected photon-number-splitting attack against plug-and-play quantum key distribution systems with decoy states

Any imperfections in a practical quantum key distribution (QKD) system may be exploited by an eavesdropper (Eve) to collect information about the key without being discovered. For example, without the decoy-state method, Eve can perform the photon-number-splitting (PNS) attack and get full information without introducing any perturbation, since weak laser pulses are widely used in practical systems instead of single-photon sources. However, the decoy-state method against PNS attack itself may introduce another loophole while closing the loophole of multiphoton pulses. In this paper, a fatal loophole of practical decoy-state plug-and-play QKD systems has been exploited and a wavelength-selected photon-number-splitting (WSPNS) attack scheme against plug-and-play QKD systems with the decoy-state method is proposed. Theoretical analysis shows that the eavesdropper can get full information about the key generated between the legitimate parties just like the PNS attack was performed in plug-and-play QKD systems without the decoy-state method.