Practical quantum communication (QC) protocols are assumed to be secure provided implemented devices are properly characterized and all known side channels are closed. We show that this is not always true. We demonstrate a laser-damage attack capable of modifying device behaviour ondemand. We test it on two practical QC systems for key distribution and coin-tossing, and show that newly created deviations lead to side channels. This reveals that laser damage is a potential security risk to existing QC systems, and necessitates their testing to guarantee security.Cryptography, an art of secure communication, has traditionally relied on either algorithmic or computational complexity [1]. Even the most state-of-the-art classical cryptographic schemes do not have a strict mathematical proof to ascertain their security. With the advance of quantum computing, it may be a matter of time before the security of the most widely used public-key cryptography protocols is broken [2]. Quantum communication (QC) protocols, on the other hand, have theoretical proofs of being unconditionally secure [3][4][5][6][7][8][9]. In theory, their security is based on the assumption of modeled behaviour of implemented equipment. In practice, the actual behaviour often deviates from the modeled one, leading to a compromise of security as has been seen so far in case of quantum key distribution (QKD) [10][11][12][13][14][15][16]. However, it is widely assumed that as long as these deviations are properly characterized and security proofs are updated accordingly [5,17], implementations are unconditionally secure. In this work we show that satisfying this during the initial installation only is not enough to guarantee security. Even if a system is perfectly characterized and deviations are included into the security proofs, an adversary can still create a new deviation ondemand and make the system insecure.Before going into details on how the adversary may do it, let's consider a few examples of deviations and their consequences. For example, a calibrated optical attenuator is required to set a precise value of the outgoing mean photon number µ in the implementations of ordinary QKD [18, 19] [9] protocols. An unexpected increase of this * makarov@vad1.com optical component's attenuation may cause a denial-ofservice. However, a reduction in attenuation will increase µ, leading to a compromise of security via attacks that rely on measurement of multi-photon pulses [25,26]. E.g., in QKD and secret-sharing this will allow eavesdropping of the key, and in bit commitment cheating the committed bit value. Some implementations use a detector for time synchronization [8,9,18, 19,[21][22][23][24]. Desensitizing it may result in the denial-of-service. However, several implementations require a calibrated monitoring detector for security purposes [8,9,18, 19,21,23,24]. A reduction in its sensitivity may lead to security vulnerabilities such as a Trojan-horse attack that reads the state preparation [27]. This leaks the key in QKD, increases the cheating p...
