Quantum readout
Quantum Readout is a method to verify the authenticity of an object. The method is secure provided that the object cannot be copied or physically emulated.
Hands-off versus hands-on authentication of objects
When authenticating an object, one can distinguish two cases.
- Hands-on athentication: The object is fully under the control of the verifier. The verifier can see if the object is of the correct type, size, weight etc.. E.g. he can see the difference between a real tooth and a hologram representing the tooth.
- Hands-off authentication: The verifier does not have full control. E.g. he has line-of-sight but cannot touch the object.
In the hands-on scenario, Physical Unclonable Functions (PUFs) of various types can serve as great authentication tokens. Their physical unclonability, combined with the verifier's ability to detect spoofing, makes it exceedingly hard for an attacker to create an object that will pass as a PUF clone. However, hands-on authentication requires that the holder of the PUF relinquishes control of it, which may not be acceptable, especially if there is the risk that the verifier is an impostor.
In the hands-off scenario, however, reliable authentication is much more difficult to achieve. It is prudent to assume that the challenge-response behavior of each PUF is known publicly. (An attacker may get hold of a genuine PUF for a while and perform a lot of measurements on it without being discovered.) This is a "worst case" assumption as customary in security research. It poses no problem in the hands-on case, but in the hands-off case it means that spoofing becomes a real danger. Imagine for instance authentication of an optical PUF through a glass fiber. The attacker does not have the PUF, but he knows everything about it. He receives the challenge (laser light) through the fiber. Instead of scattering the light off a physical object, he does the following: (i) measure the incoming wave front; (ii) look up the corresponding response in his database; (iii) prepare laser light in the correct response state and send it back to the verifier. This attack is known as "digital emulation".
For a long time spoofing in the hands-off scenario has seemed to be a fundamental problem that cannot be solved. The traditional approach to remote object authentication is to somehow enforce a hands-on environment, e.g. by having a tamper-proof trusted remote device probing the object. Drawbacks of this approach are (a) cost and (b) unknown degree of security in the face of ever more sophisticated attacks.
Quantum-physical readout of a PUF
The basic scheme
The problem of spoofing in the hands-off case can be solved using two fundamental information-theoretic properties of quantum physics: (1) A single quantum in an unknown state cannot be cloned.[1] (2) When a quantum state is measured most of the information it contains is destroyed.
Based on these principles, the following scheme was proposed.[2]
- Enrollment. The usual PUF enrollment. No quantum physics needed. The enrollment data is considered public.
- Challenge. A single quantum (e.g. a photon) is prepared in a random state. It is sent to the PUF.
- Response. The quantum interacts with the PUF (e.g. coherent scattering), resulting in a unitary transform of the state.
- Verification. The quantum is returned to the verifier. He knows exactly what the response state should be. This knowledge enables him to perform a "yes/no" verification measurement.
Steps 2-4 are repeated multiple times in order to exponentially lower the false accept probability.
The crucial point is that the attacker cannot determine what the actual challenge is, because that information is packaged in a "fragile" quantum state. If he tries to investigate the challenge state by measuring it, he destroys part of the information. Not knowing where exactly to look in his challenge-response database, the attacker cannot reliably produce correct responses.
Security assumptions
The scheme is secure only if the following conditions are met,
- Physical unclonability of the PUF.
- The attacker cannot perform arbitrary unitary transformations on the challenge quantum (i.e. physical emulation of the PUF is supposed to be infeasible).
In multiple-scattering optical systems the above requirements can be met in practice.
Quantum Readout of PUFs is unconditionally secure against digital emulation, but conditionally against physical cloning and physical emulation.
Special security properties
Quantum Readout of PUFs achieves
- Hands-off object authentication without trusted hardware at the side of the object.
- Authentication of a quantum communication channel without a priori shared secrets and without shared entangled particles. The authentication is based on public information.
Imagine Alice and Bob wish to engage in Quantum key distribution on an ad hoc basis, i.e. without ever having exchanged data or matter in the past. They both have an enrolled optical PUF. They look up each other's PUF enrollment data from a trusted source. They run quantum key distribution through both optical PUFs; with a slight modification of the protocol, they get quantum key distribution and two-way authentication. The security of their key distribution is unconditional, but the security of the authentication is conditional on the two assumptions mentioned above.
Experimental realization
Quantum Readout of speckle-based optical PUFs has been demonstrated in the lab.[3] [4] This realization is known under the name Quantum-Secure Authentication.
Security proofs
Security has been proven in the case of Challenge Estimation attacks, in which the attacker tries to determine the challenge as best as he can using measurements. There are proofs for n=1,[5] for quadrature measurements on coherent states [6] and for fixed number of quanta n>1. [7] The result for dimension K and n quanta is that the false acceptance probability in a single round cannot exceed (n+1)/(n+K).
References
- ^ W.K. Wootters and W.H. Zurek. "A single quantum cannot be cloned". Nature, 299: 802–803, 1982
- ^ B. Škorić, "Quantum Readout of Physical Unclonable Functions", International Journal of Quantum Information, 10(1):1250001–1 – 125001–31, 2012.
- ^ S.A. Goorden, M. Horstmann, A.P. Mosk, B. Škorić, P.W.H. Pinkse, "Quantum-Secure Authentication with a Classical Key", http://arxiv.org/abs/1303.0142
- ^ S.A. Goorden, M. Horstmann, A.P. Mosk, B. Škorić, P.W.H. Pinkse, "Quantum-secure authentication of a physical unclonable key", http://www.opticsinfobase.org/optica/abstract.cfm?uri=optica-1-6-421
- ^ B. Škorić, "Quantum Readout of Physical Unclonable Functions", http://eprint.iacr.org/2009/369
- ^ B. Škorić, A.P. Mosk, P.W.H. Pinkse, "Security of Quantum-Readout PUFs against quadrature based challenge estimation attacks", http://eprint.iacr.org/2013/084
- ^ B. Škorić, "Security analysis of Quantum-Readout PUFs in the case of challenge-estimation attacks", http://eprint.iacr.org/2013/479