Abstract

The decoy-state protocol has been considered to be one of the most important methods to protect the security of quantum key distribution (QKD) with a weak coherent source. Here we test two experimental approaches to generating the decoy states with different intensities: modulation of the pump current of a semiconductor laser diode, and external modulation by an optical intensity modulator. The former approach shows a side channel in the time domain that allows an attacker to distinguish s signal state from a decoy state, breaking a basic assumption in the protocol. We model a photon-number-splitting attack based on our experimental data, and show that it compromises the system's security. Then, based on the work of Tamaki et al. [New J. Phys. 18, 065008 (2016)], we obtain two analytical formulas to estimate the yield and error rate of single-photon pulses when the signal and decoy states are distinguishable. The distinguishability reduces the secure key rate below that of a perfect decoy-state protocol. To mitigate this reduction, we propose to calibrate the transmittance of the receiver (Bob's) unit. We apply our method to three QKD systems and estimate their secure key rates.