Quantum key distribution (QKD) is a promising technology for secure communication. Nevertheless, QKD is still treated with caution in certain contexts due to potential gaps between theoretical models and actual QKD implementations. A common assumption in security proofs is that the detection probability at the receiver, for a given input state, is independent of the measurement basis, which might not always be verified and could lead to security loopholes. This paper presents a security proof for QKD protocols that does not rely on the aforementioned assumption and is thus applicable in scenarios with detection probability mismatches, even when induced by the adversary. We demonstrate, through simulations, that our proof can extract positive key rates for setups vulnerable to large detection probability mismatches. This is achieved by one monitoring whether an adversary is actively exploiting such vulnerabilities, instead of considering the worst-case scenario as in previous proofs. Our work highlights the importance of accounting for basis-dependent detection probabilities and provides a concrete solution for improving the security of practical QKD systems.
