Аннотация:This paper presents a theoretical and experimental demonstration of a security analysis of a Trojan-horse attack (THA) on a real-world quantum key distribution (QKD) system. We show that the upper bound on the information leakage depends solely on the fidelity between the states of the adversary. We find the lower bound for fidelity between THA states in both the polarization- and phase-coding BB84 protocols, considering both pure and mixed states. Our bounds depend only on the mean photon number per pulse available to an adversary. We also present an experimental analysis of a QKD system, including optical time-domain reflectometry measurements with centimeter resolution and spectral transmittance measurements for optical defense elements ranging from 1100 to 1800 nm with a noise floor lower than −100 dB. Finally, by considering the optimal attack, we obtain the value of the mean photon number per pulse available to an adversary and calculate the key leakage that needs to be eliminated during the privacy amplification procedure.