In the practical continuous-variable source-independent quantum random number generator, it is usually necessary to introduce a local oscillator to amplify the received quantum signal due to its weak intensity. However, the intensity fluctuation of the local oscillator itself will lead to a deviation in evaluating the randomness without monitoring the local oscillator in real time and calibrating each output measurement, which will inevitably open a loophole for the eavesdropper to intercept the information of generated random numbers. Here, we present an eavesdropping attack utilizing this loophole. The results of numerical simulation indicate that when the proposed eavesdropping attack is performed, the evaluated extractable randomness value will be compromised severely, which will impact the communication security under the practical conditions. Meanwhile, we analyze the effects of practical imperfections in the presence of local oscillator fluctuation. Taking this as a reference, we may consider how to perfect the experimental system in practice and how to deal with this kind of eavesdropping attack.

中文翻译：

---

对具有波动本地振荡器的连续变量源无关量子随机数发生器的窃听攻击

在实际的连续变量源无关量子随机数发生器中，由于其强度较弱，通常需要引入本地振荡器来放大接收到的量子信号。然而，本振本身的强度波动会导致随机性的评估出现偏差，而没有实时监测本振并对每次输出测量进行校准，这将不可避免地为窃听者截取生成的随机数信息提供漏洞. 在这里，我们提出了利用此漏洞的窃听攻击。数值仿真结果表明，当进行所提出的窃听攻击时，评估的可提取随机性值将受到严重损害，这将影响实际条件下的通信安全。同时，我们分析了存在本地振荡器波动时实际缺陷的影响。以此为参考，我们可以考虑在实践中如何完善实验系统，如何应对这种窃听攻击。