In recent years, several hacking attacks have broken the security of quantum cryptography implementations by exploiting the presence of losses and the ability of the eavesdropper to tune detection efficiencies. We present a simple attack of this form that applies to any protocol in which the key is constructed from the results of untrusted measurements performed on particles coming from an insecure source or channel. Because of its generality, the attack applies to a large class of protocols, from standard prepare-and-measure to device-independent schemes. The derived critical detection efficiencies for security imply that the implementation of most partly device independent solutions is, from the point of view of detection efficiency, almost as demanding as fully device-independent ones. We also show how our attack implies the existence of a form of bound randomness, namely non-local correlations in which a non-signalling eavesdropper can find out a posteriori the result of any implemented measurement.

Over the past few decades the problem of bridging the gap between realistic implementation of Quantum Key Distribution (QKD) protocols and their theoretical security proofs has attracted a lot of attention. The security of standard QKD protocols [1, 2] relies on a very detailed modeling of the preparing and measuring devices. However, unavoidable imperfections of the devices or unnoticed failures lead in practice to deviations from the model used to prove security–deviations that can be taken advantage of by a potential eavesdropper. Indeed, standard QKD protocols, being dependent on the accuracy with which the devices are described, can typically suffer attacks, for instance on the detectors [3].