A commercial quantum key distribution (QKD) system needs to be formally
certified to enable its wide deployment. The certification should include the
system's robustness against known implementation loopholes and attacks that
exploit them. Here we ready a fiber-optic QKD system for this procedure. The
system has a prepare-and-measure scheme with decoy-state BB84 protocol,
polarisation encoding, qubit source rate of 312.5 MHz, and is manufactured by
QRate in Russia. We detail its hardware and post-processing. We analyse the
hardware for any possible implementation loopholes and discuss countermeasures.
We then amend the system design to address the highest-risk loopholes
identified. We also work out technical requirements on the certification lab
and outline its possible structure.Comment: 33 pages, 11 figures, 2 table