Quantum secure direct communication (QSDC) enables the direct transmission of confidential information without pre-shared keys. However, device imperfections in practical systems can lead to information leakage. The Trojan-horse attack (THA), a stealthy side-channel threat, steals information by injecting photons into encoding devices and analyzing the reflected light. This paper focuses on the single-photon-based (DL04) protocol, establishing for the first time a comprehensive THA model against it. By combining weak coherent pulse (WCP) sources with the decoy-state method, we systematically analyze the security under THA during both the first and second rounds of transmission, derive analytical expressions for the secrecy message capacity, and quantitatively evaluate the impact of attack strength on system performance through numerical simulations. Our results demonstrate that the system’s security is highly sensitive to the average number of reflected Trojan photons, μout. For a first-round attack, the secrecy message capacity remains nearly identical to the attack-free case when μout≤10−8, but drops to zero when μout increases to 10−3. In contrast, the second round of attacks had a weaker impact. Even at the strongest attack intensity (μout=10−2), the system could still maintain a certain level of secrecy message capacity. When THA simultaneously targets both the first and second rounds, the overall security of the system is predominantly governed by the more sensitive first-round attack, whose security boundary remains largely comparable to that observed in a single first-round attack scenario. Furthermore, We perform parameter optimization to achieve the optimal secrecy message capacity for each channel attenuation. Our study provides the first quantitative security bound for THA on DL04 protocol, offering practical guidance for encoder isolation requirements in future implementations.
Wang et al. (Thu,) studied this question.