Quantum-secure authentication of a physical unclonable key
Authentication of persons and objects is a crucial aspect of security. We experimentally demonstrate quantum-secure authentication (QSA) of a classical multiple-scattering key. The key is authenticated by illuminating it with a light pulse containing fewer photons than spatial degrees of freedom and verifying the spatial shape of the reflected light. Quantum-physical principles forbid an attacker to fully characterize the incident light pulse. Therefore, he cannot emulate the key by digitally constructing the expected optical response, even if all information about the key is publicly known. QSA uses a key that cannot be copied due to technological limitations and is quantum-secure against digital emulation. Moreover, QSA does not depend on secrecy of stored data, does not depend on unproven mathematical assumptions, and is straightforward to implement with current technology.
Authentication of persons can be based on “something that you know,” e.g., digital keys, or “something that you have,” e.g., physical objects such as classical keys or official documents. A drawback of digital keys is that their theft can go unnoticed; a drawback of traditional physical keys is that they can be copied secretly. A physical unclonable function (PUF) is a physical object that cannot feasibly be copied because its manufacture inherently contains a large number of uncontrollable degrees of freedom. Making a sufficiently accurate clone or concocting a device that mimics its physical behavior is infeasible, though not theoretically impossible, given the properties of PUFs [1,2]. See also Supplement 1. A PUF is a function in the sense that it reacts to a stimulus (“challenge”) by giving a response. After manufacture there is a one-time characterization of the PUF in which its challenge–response behavior is stored in a database. The PUF (from this point referred to as the “key”) can later be authenticated by comparing its response behavior to the database; see Fig. 1(a).
Fig. 1. Idea of QSA: (a) In classical authentication of an optical unclonable physical key, a challenge wavefront of sufficient complexity is sent to the key. The response wavefront is compared with those stored in a database (yellow pieces) to make a pass (green light) or fail (red light) decision. However, this verification can be spoofed by an emulation attack (b) in which the challenge wavefront is completely determined and the expected response is constructed by the adversary who knows the challenge–response behavior of the key. © In QSA, the challenge is a quantum state for which an emulation attack (d) fails because the adversary cannot actually determine the quantum state, and, hence, any attempt to generate the correct response wavefront fails.