Quantum key distribution is often regarded as an unconditionally secure method to exchange a secret key by harnessing fundamental aspects of quantum mechanics. Despite the robustness of key exchange, classical post-processing reveals vulnerabilities that an eavesdropper could target. In particular, many reconciliation protocols correct errors by comparing the parities of subsets between both parties. These communications occur over insecure channels, leaking information that an eavesdropper could exploit. Currently there is no holistic threat model that addresses how parity-leakage during reconciliation might be actively manipulated. In this paper we introduce a new form of attack, namely the Manipulate-and-Observe attack in which the adversary (1) partially intercepts a fraction $ρ$ of the qubits during key exchange, injecting the maximally tolerated amount of errors up to the 11 percent error threshold whilst remaining undetected and (2) probes the maximum amount of parity-leakage during reconciliation, and exploits it using a vectorised, parallel brute force filter to shrink the search space from 2n down to as few as a single candidate, for an n-bit reconciled key. We perform simulations of the attack, deploying it on the most widely used protocol, BB84, andthe benchmark reconciliation protocol, Cascade. Our simulation results demonstrate that the attack can significantly reduce the security below the theoretical bound and, in the worst case, fully recover the reconciled key material. The principles of the attack could threaten other parity-based reconciliation schemes, like Low Density Parity Check, which underscores the need for urgent consideration of the combined security of key exchange and post-processing.

翻译：量子密钥分发常被视为利用量子力学基本原理实现无条件安全密钥交换的方法。尽管密钥交换过程具有鲁棒性，但经典后处理环节仍暴露出窃听者可利用的漏洞。具体而言，许多协调协议通过比较双方子集的奇偶性来纠正错误。这些通信通过不安全信道进行，会泄露窃听者可利用的信息。目前尚无全面的威胁模型能够说明协调过程中奇偶性泄露如何被主动操控。本文引入一种新型攻击手段——操控与观测攻击，其中敌手：(1) 在密钥交换期间部分拦截比例$ρ$的量子比特，注入最大容忍误差（不超过11%的误差阈值）仍能保持不可检测；(2) 在协调过程中探测最大奇偶性泄露量，并利用向量化并行暴力滤波将搜索空间从$2^n$压缩至单个候选值，从而实现$n$位协调密钥的完全恢复。我们对该攻击进行仿真，将其部署于最广泛使用的协议BB84及基准协调协议Cascade。仿真结果表明，该攻击可使安全性显著低于理论界限，最坏情况下可完全恢复协调密钥材料。该攻击原理可能威胁其他基于奇偶性的协调方案（如低密度奇偶校验码），凸显了亟需综合考量密钥交换与后处理环节安全性的必要性。