submitted to IEEE Journal of selected topics in quantum electronics
In the last decade, efforts have been made to reconcile theoretical security with realistic imperfect implementations of quantum key distribution (QKD). However, in the process gaps have recently emerged between academic and industrial approaches to closing loopholes created by implementation imperfections. In academic research labs, many practical security problems appear to be reliably solved, in principle, by advanced schemes and protocols. Meanwhile the industry prefers practical and easier solutions, even without security verification in some cases. In this paper, we present a concrete example of ID Quantique's random-detector-efficiency countermeasure against detector blinding attacks. As a third-party tester, we have found that the first industrial implementation of this countermeasure is effective against the original blinding attack, but not immune to a modified blinding attack. Moreover, we show experimentally that the full countermeasure as in academic proposal [C. C. W. Lim et al., IEEE J. Sel. Top. Quantum Electron. 21, 6601305 (2015)] is still vulnerable against the modified blinding attack. Our testing results show several specific disparities between the industrial practical solution and the academic perfect solutions. Our work illustrates that forming an implementation-and-testing closed loop is necessary to bridge the gaps and improve the practical security of QKD systems.