Differential-phase-shift quantum key distribution (DPSQKD) protocol, which encodes a bit value onto the 0/180 phase shifts between adjacent pulses in the laser pulse train, attracts much attention due to its simplicity in the implementation. In contrast to conventional 'photon-based' protocols such as the BB84 protocol, the DPSQKD is expected to be inherently robust against so-called photon-number splitting (PNS) attacks even if a conventional light source (laser) is used. Despite the simplicity of the protocol itself, its security is quite hard to analyze because many pulses are chained together and cannot be separated in the theoretical treatment. Here we present a proof of its security against any attack by an eavesdropper by considering a virtual protocol that is complementary to the original protocol. In the virtual protocol, the sender tries to guess the position of the photon received by the receiver, which is complementary to the information on the phase shift used in the original protocol. Then the feasibility of the virtual protocol and the security of the original protocol are shown to be connected via the law of quantum mechanics.