Abstract
Measurement-device-independent quantum key distribution (MDI-QKD) protocol has been demonstrated as a viable solution to detector side-channel attacks. Recently, to bridge the strong security of MDI-QKD with the high efficiency of conventional QKD, the detector-device-independent (DDI) QKD has been proposed. One crucial assumption made in DDI-QKD is that the untrusted Bell state measurement (BSM) located inside the receiver's laboratory cannot send any unwanted information to the outside. Here, we show that if the BSM is completely untrusted, a simple scheme would allow the BSM to send information to the outside. Combined with Trojan horse attacks, this scheme could allow an eavesdropper to gain information of the quantum key without being detected. To prevent the above attack, either countermeasures to Trojan horse attacks or some trustworthiness to the “untrusted” BSM device is required.