CaptchaLa Blog

Appearance

Unconditional Authentication in Quantum Key Distribution via Hybrid Entangled Physical Unclonable Functions

Source: arXiv:2605.04650 · Published 2026-05-06 · By Nicolas Laurent-Puig, Mina Doosti, Adriano Innocenzi, Eleni Diamanti

TL;DR

This paper tackles a long-standing bootstrapping problem in QKD: the classical channel must be authenticated, but standard information-theoretic authentication usually needs a pre-shared secret, which creates the very key bootstrap QKD is supposed to solve. The authors propose using a Hybrid Entangled Physical Unclonable Function (HEPUF) to generate the initial authentication key with information-theoretic security, then use that key to authenticate the classical post-processing in an entanglement-based QKD protocol. In other words, they replace the usual “seed key” assumption with a hardware-backed assumption that is intended to be minimal and explicit.

The main contribution is both theoretical and experimental. Theoretically, they integrate the HEPUF authentication subroutine with a finite-key entanglement-based QKD security analysis, including Wegman-Carter authentication, parameter estimation, error correction, and privacy amplification. Experimentally, they realize the scheme with a telecom-wavelength polarization-entangled photon source in a Sagnac interferometer and show secret-key distribution at total channel attenuations up to 50 dB. They report QBER below 0.6% in both operational scenarios and claim this is the first experimental realization of a QKD protocol authenticated via a hybrid hardware-based PUF primitive.

Key findings

  • The HEPUF authentication security condition is derived as ϵ_HEPUF ≤ ((1/2 + δ/2)·sqrt(1 + 4δ²/2))^m; in their experiment they set δ ≤ 0.1 and choose m = 44 error-free states per authentication round to meet ϵ_HEPUF < 2.5×10^-11.
  • In Scenario 1, the protocol distributes secret keys at total attenuation 30/40/50 dB with SKR = 0.381/0.310/0.270 bps and QBER = 0.56%/0.52%/0.55%, using K_QKD = 25094/30000/30000 bits and K_AUT = 237 bits.
  • In Scenario 2, the same attenuations yield SKR = 4.79/4.28/1.19 bps and QBER = 0.45%/0.51%/0.51%, with K_AUT = 270 bits; this is roughly an order-of-magnitude higher throughput than Scenario 1.
  • The source characterization reports Bell-state fidelity F = 99.17 ± 0.14%, which the authors use to explain the consistently low QBER across high-loss settings.
  • They state the raw photon-pair generation rate is about 300 kHz, but the proof-of-principle protocol is bottlenecked by active components: HEPUF wave-plate actuation limits the HEPUF subroutine to 1 Hz and the QKD optical-switch path gives an effective 13 Hz protocol rate in their setup.
  • In Scenario 1 they run 290, 351, and 351 rounds at 30, 40, and 50 dB total attenuation; the 30 dB case has fewer rounds due to a technical issue.
  • The authors report the system maintains QBER below 0.6% even at 50 dB total attenuation, supporting their claim that the scheme remains viable under high-loss fiber-like conditions.

Threat model

The adversary is assumed to be computationally unbounded for the HEPUF compromise problem and quantum-polynomial-time for the end-to-end QKD protocol, with full control of the public classical channel and access to the quantum channel for eavesdropping and man-in-the-middle attempts. The adversary cannot break the tamper-proof HEPUF construction, cannot clone the PUF’s physical disorder, and cannot read the secret internal state of the device; the verifier is assumed to create the initial database in Mode 0 before sending the locked device to the prover. The security goal is to authenticate the classical channel without any pre-shared secret key, then use that authenticated channel to run standard ITS QKD.

Methodology — deep read

The threat model is an information-theoretic QKD setting with an active adversary who can eavesdrop on the quantum channel and fully control or modify the classical channel unless it is authenticated. The central classical-channel threat is man-in-the-middle attack, which breaks QKD if the authentication layer is not secure. The authors assume quantum polynomial-time adversaries for the overall protocol analysis, but the HEPUF authentication security is framed against an unbounded adversary trying to compromise the device-derived authentication key. They also assume the HEPUF has explicit hardware trust boundaries: a tamper-proof box containing a weak classical PUF and internal encoding/measurement mechanisms, with Mode 0 accessible only to the verifier during setup and then locked before the device is sent to the prover. They do not assume any pre-shared secret key for the initial authentication seed; instead, the initial secret is generated by the HEPUF itself.

The data consists of experimentally generated entangled-photon measurement records from a telecom-wavelength Bell-state source based on type-II SPDC in a Sagnac interferometer. The source uses a ppKTP crystal and a Ti:Sapphire pump laser at 775 nm, 76 MHz repetition rate, and 3.4 W average power. They characterize the source via full quantum-state tomography and report Bell-state fidelity of 99.17 ± 0.14%. For the HEPUF side, they do not fabricate a physical HEPUF in the lab; instead, in Scenario 1 they emulate the challenge-response database using a Permutation PUF model. They fix a worst-case observed PUF bias of δ = 0.0016 for the experimental raw data in Scenario 1, while Scenario 2 uses δ = 0.011 because the smaller authentication key is more biased. The paper reports round counts (290, 351, 351 in Scenario 1) and final key/material lengths in Tables I and II, but the text is not fully explicit about the raw split mechanics beyond the finite-size analysis in End Matter II.

Architecturally, the protocol has two layers: HEPUF authentication and entanglement-based QKD. The HEPUF itself operates in three modes. Mode 0 is the verifier-only setup mode used to build a challenge-response database from the device; Mode 1 is the prover-facing authentication mode that maps a challenge x_i to a response y_i = y_i^1 || y_i^2; and Mode 2 is a verification mode that uses y_i^1 to choose a measurement basis inside the device. The second output bit y_i^2 chooses which Bell state is prepared, with |Φ+⟩ for 0 and |Ψ−⟩ for 1, while y_i^1 chooses the basis (Z or X) for the prover’s local projective measurement. The prover sends one half of each Bell pair to the verifier, measures the local half, and reveals the outcome; the verifier checks the observed correlations against the stored database. To improve throughput they batch challenges: one challenge can authenticate a block of m states, giving a 2m-bit response per round. Randomness extraction is then applied to the raw output to remove bias and produce a uniform initial key K_HEPUF. On the QKD side, they use the Tomamichel–Leverrier finite-key EB-QKD framework: Alice and Bob share n bipartite states, measure in chosen bases to obtain raw strings X and Y, estimate QBER from a disclosed subset, run LDPC-based reconciliation with reported efficiency f_EC = 1.06, verify with a hash, and then apply two-universal hashing for privacy amplification. The classical channel is authenticated with Wegman-Carter authentication using the HEPUF-derived key material.

The training regime is not a machine-learning training process; instead the relevant “optimization” is finite-key parameter selection. In End Matter II they define the finite-key objective as maximizing secret-key length ℓ subject to security constraints from parameter estimation, privacy amplification, and error correction. The key variables are ν, ξ, the syndrome size z, and the fraction of sifted bits allocated to parameter estimation. They solve for feasible values under the constraint ϵ_EC + ϵ_PE(ν, ξ) + ϵ_PA(ν) ≤ ϵ_QKD, with ϵ_QKD fixed to 10^-s. Their analysis also includes the authentication failure probability ϵ_A for Toeplitz-matrix Wegman-Carter hashing, with a per-message bound ϵ_A ≤ n^{2-t+1}. In the main experiment they target ϵ_HEPUF < 2.5×10^-11, ϵ_QKD < 2.5×10^-11, and ϵ_stat < 2.5×10^-11, and they choose m = 44 from the bias bound. The protocol speed is constrained by hardware: the HEPUF wave-plate sequence is mechanically controlled and the QKD path uses optical switches, so the reported rates are proof-of-principle rather than fundamental limits.

Evaluation is performed under two operational scenarios. Scenario 1 is the more general one: the HEPUF output is used both to authenticate the classical channel and to keep the measurement bases secret, making the construction compatible with broader protocols beyond EB-QKD. Scenario 2 is optimized for efficiency in EB-QKD: because security comes from non-local correlations, the bases can be public, so the HEPUF key is consumed only for Wegman-Carter authentication. They test each scenario at 30, 40, and 50 dB total attenuation (implemented via single-channel attenuations of 15, 20, and 25 dB per arm), and they track QBER versus raw-key length in Fig. 2. Table I reports Scenario 1 key sizes and rates; Table II reports Scenario 2. The main comparison is within-paper rather than against prior QKD systems: Scenario 2 is about an order of magnitude faster than Scenario 1 because it needs less initial secret material. The paper does not report statistical hypothesis tests or confidence intervals on the final SKR beyond the source fidelity error bar and the finite-key security analysis; the experimental evidence is primarily the observed QBER stability and the positive secret-key rates under the chosen security parameters.

For reproducibility, the paper gives a fairly detailed optical setup, including laser model, crystal length, poling period, filtering, detector type, and the use of variable optical attenuators and optical switches. It also gives the security equations used in the finite-size analysis, including the approximate bounds for ϵ_PA, ϵ_PE, ϵ_EC, and ϵ_QKD, and describes the HEPUF architecture in the end matter. However, the text provided does not mention public code, released raw data, or frozen experimental datasets, and the HEPUF challenge-response database is emulated with a PUF model rather than experimentally realized as a separate hardware artifact. A concrete end-to-end example in Scenario 2 is: the HEPUF yields a 270-bit authentication key at 30 dB total attenuation; Alice and Bob then publicly reveal measurement bases, use the 270 bits only for classical-channel authentication, measure their entangled photons, estimate QBER at 0.45%, reconcile with LDPC, and privacy-amplify to obtain a final shared key with SKR 4.79 bps.

Technical innovations

  • They integrate a hybrid entangled PUF authentication subroutine into an entanglement-based QKD protocol, removing the need for a pre-shared secret authentication key.
  • They use a two-bit HEPUF response where one bit chooses the Bell state and the other bit chooses the measurement basis, enabling both state preparation and verification inside the device.
  • They derive a finite-key security and key-length analysis that explicitly budgets HEPUF authentication cost, Wegman-Carter authentication cost, and QKD post-processing cost in one framework.
  • They experimentally demonstrate the combined protocol with a telecom-wavelength Bell-state source, showing authenticated key distribution under up to 50 dB total attenuation.

Datasets

  • Experimental entangled-photon measurement records — size not explicitly stated — generated in-house with a Sagnac SPDC setup
  • Permutation PUF model challenge-response database — size not explicitly stated — simulated/emulated for Scenario 1

Baselines vs proposed

  • Scenario 1 vs Scenario 2 in this paper: SKR = 0.381/0.310/0.270 bps vs 4.79/4.28/1.19 bps at 30/40/50 dB total attenuation
  • Scenario 1 vs Scenario 2 in this paper: QBER = 0.56%/0.52%/0.55% vs 0.45%/0.51%/0.51% at 30/40/50 dB total attenuation
  • Source characterization: Bell-state fidelity = 99.17 ± 0.14% vs ideal Bell state = 100%

Limitations

  • The HEPUF is not physically built and characterized in the experiment as a standalone hardware device; Scenario 1 uses an emulated Permutation PUF database.
  • Protocol throughput is dominated by slow mechanical/optical control elements, so the reported Hz-level rates do not reflect the intrinsic speed of the cryptographic construction.
  • The paper reports excellent QBER and positive SKR, but does not provide a broad adversarial robustness evaluation against device modeling, side channels, or physical tampering beyond the stated assumptions.
  • Finite-key analysis is detailed, but the text provided does not show a full independent sensitivity study over all security parameters and bias values.
  • The experimental evaluation is limited to a telecom Bell-state source and three attenuation points; there is no distribution-shift test beyond those settings.
  • Comparisons are mostly internal between Scenario 1 and Scenario 2 rather than against alternative authenticated QKD bootstrapping methods under the same hardware.

Open questions / follow-ons

  • How would a physically instantiated HEPUF behave under active side-channel, fault, or invasive tampering attacks, rather than the abstract security model used here?
  • Can the same HEPUF-authenticated bootstrap be integrated with prepare-and-measure QKD or quantum digital signature protocols and still retain finite-key security tightness?
  • What are the minimum hardware requirements and realistic throughput of a non-mechanical HEPUF implementation, and how much of the current rate loss disappears with electro-optic modulation?
  • How sensitive is the authentication-key length to PUF bias and how robust is randomness extraction under device drift over time?

Why it matters for bot defense

For bot-defense practitioners, the main relevance is conceptual rather than direct deployment: the paper shows a way to bootstrap an information-theoretic authentication layer from a hardware primitive without relying on computational public-key trust. That is analogous to trying to replace a brittle software trust anchor with a device-bound one, but the practical assumptions are much stronger than ordinary web anti-bot settings. The useful lesson is the protocol design pattern: separate the bootstrapping problem from the main secure channel, make the initial authenticator explicit and minimal, and account for its cost in the end-to-end security budget. If a bot-defense system adopted a similar idea, the engineering challenge would be whether the hardware primitive is stable, cheap, and hard to model at the same time; this paper argues that such a tradeoff can be managed in a quantum setting, but it does not directly solve classical CAPTCHA or online abuse problems.

Cite

bibtex
@article{arxiv2605_04650,
  title={ Unconditional Authentication in Quantum Key Distribution via Hybrid Entangled Physical Unclonable Functions },
  author={ Nicolas Laurent-Puig and Mina Doosti and Adriano Innocenzi and Eleni Diamanti },
  journal={arXiv preprint arXiv:2605.04650},
  year={ 2026 },
  url={https://arxiv.org/abs/2605.04650}
}

Read the full paper

Articles are CC BY 4.0 — feel free to quote with attribution

© 2026 CaptchaLa