CaptchaLa Blog

Appearance

Quantum-Secure Physical Unclonable Function enabled by Silicon Photonics Integrated Circuits

Source: arXiv:2605.14959 · Published 2026-05-14 · By G. Sarantoglou, N. Tzekas, G. Moustakas, G. A. Karydis, V. Kaminski, E. Protsenko et al.

TL;DR

This paper addresses the integration of physical unclonable functions (PUFs) with quantum security principles using silicon photonic integrated circuits (PICs). PUFs exploit uncontrollable fabrication variations to generate unique device fingerprints for secure authentication. The authors experimentally demonstrate a strong photonic PUF based on a silicon nitride (SiN) Mach-Zehnder interferometer (MZI) mesh that implements an approximately unitary transformation defined by random phase offsets. They characterize the physical sources of randomness, showing sidewall roughness-induced phase variations are dominant and produce a robust and random response space. Building on these measurements, the authors develop a quantum readout protocol that employs single-photon states and maximally mixed state (MMS) encoding to conceal challenge-response pairs (CRPs) from passive eavesdroppers. Through extensive Monte Carlo analysis using experimentally derived parameters, they evaluate authentication performance under side-channel and cloning attacks, modeling the false acceptance rate (FAR) and false rejection rate (FRR) as a function of detected photon events and error tolerance. Results demonstrate an exceptionally low equal error rate (EER) approaching 10^-14, indicating strong quantum security and robustness despite fabrication similarities and environmental noise. This is the first systematic demonstration and evaluation of a quantum-secure silicon photonic PUF, advancing integrated quantum hardware security towards scalable, CMOS-compatible systems.

Key findings

  • The fabricated 6x6 SiN photonic mesh has a fractional inter-Hamming distance mean of 46.25% (±3.5%) indicating strong randomness.
  • The fractional intra-Hamming distance (robustness) mean is 2.6% (±2.03%) over 66 samples within 30 minutes under stable temperature control.
  • Sidewall roughness variations (~0.5–3 nm amplitude, correlation length 50–150 nm) explain effective refractive index variation of ~10^-3 consistent with experimental phase offsets.
  • Propagation losses within the PIC sum to approximately 11 dB, including grating coupler and MZI insertion losses.
  • Monte Carlo simulations with 5000 trials model FAR and FRR versus detected clicks (N) and accepted error thresholds (N_B), showing EER as low as ~10^-14 for N_B=6 at ~28 clicks.
  • Increasing number of clicks beyond the EER point reduces FAR exponentially to <10^-30 at 100 clicks while slightly increasing FRR (~10^-7), trading latency for security.
  • Utilization of maximally mixed input quantum states prevents passive eavesdroppers from gaining information about the PUF's unitary signature.
  • Fabrication variations between PICs on the same wafer are sufficient to differentiate unitary transformations and detect cloning attempts with negligible false acceptance.

Threat model

The adversary (Eve) is considered in two major threat scenarios: (a) passive side-channel attacker who attempts to gain knowledge by eavesdropping on the quantum channel but cannot distinguish or clone quantum states due to the no-cloning theorem and the use of maximally mixed input states; (b) cloning adversary who possesses a PIC fabricated under similar wafer conditions and attempts to authenticate by exploiting manufacturing similarity. Eve cannot perform measurement without disturbing states in a detectable way nor perfectly clone the quantum states nor replicate the exact unitary transformation of the legitimate device.

Methodology — deep read

The authors start with a threat model involving three adversary scenarios: (a) passive side-channel eavesdropping, (b) cloning attacks via manufacturing replicas from the same wafer, and (c) man-in-the-middle (MITM) attacks (discussed but not fully evaluated).

For the experimental classical PUF characterization, they fabricate a silicon nitride (SiN) 6×6 rectangular mesh of 15 balanced Mach-Zehnder interferometers (MZIs) and 13 external thermo-optic phase shifters (TOPs). The mesh is controlled via voltage inputs that set phase differences to implement an approximately unitary transformation U. The key physical fingerprint arises from static phase offsets due to fabrication variations, primarily sidewall roughness. By sweeping voltages and monitoring output powers, they extract the voltage nullification points for each MZI, which translate to phase offsets. Statistical analysis confirms a uniform distribution of these offsets between 7V–8.6V with a nominal π-voltage of 7.5V.

Environmental noise sources, including TOP resistivity variations and thermal crosstalk, are measured and found minimal compared to phase offset variations from fabrication. A thermo-electric closed-loop controller stabilizes chip temperature within ±0.1°C.

For PUF evaluation, optical power outputs under 30 randomly chosen voltage challenge vectors are collected and converted into 256-bit digital keys via Gaussian random projections (32 dimensions × 8 bits each). Inter- and intra-Hamming distances are computed over collected keys to assess randomness and robustness.

In the quantum protocol, a trusted verifier (Alice) prepares single-photon Fock states |i⟩ using sources such as parametric down-conversion or quantum dots. The photon's spatial mode i is randomly selected uniformly (maximally mixed state) and injected into the quantum channel toward the user (Bob), who applies his device-specific unitary transformation U_B (the physical PUF). The output quantum state is returned to Alice, who applies U_A = U_B† (enrollment knowledge of device's offsets) and measures in temporal modes with single-photon avalanche diodes (SPADs). Successful authentication corresponds to photon detections in expected temporal bins matching input states.

Security against passive eavesdropping follows from information-theoretic protection by the maximally mixed input states and the quantum no-cloning theorem, preventing an adversary from extracting sufficient CRP information.

To quantify cloning resistance, they model an adversary possessing a distinct PIC fabricated on the same wafer with a similar but different transformation U_E ≠ U_B. The resulting fidelity matrix F = |U_A U_E|² quantifies similarity. Monte Carlo simulations sample voltage-induced phase offsets from uniform distributions to generate random unitary matrices for legitimate and attacker devices.

Authentication sessions are modeled as sequences of N photon detection events (clicks). The number of tolerated errors (misaligned clicks) N_B acts as a fuzzy acceptance threshold. Binomial cumulative distribution functions compute the false acceptance rate (FAR) and false rejection rate (FRR) given the error probabilities. The equal error rate (EER) is the point where FAR = FRR, defining optimal operating parameters.

Noise sources are incorporated via Gaussian sampling of detection probability matrices with variance derived from measured environmental fluctuations (approx. 2.4×10^-3 standard deviation). Total channel loss is modeled as 22 dB (two PIC traversals), and SPAD characteristics include 25% quantum efficiency and dark count probability 10^-7 per gating window.

The system is evaluated over varying numbers of clicks (1 to 500) and error thresholds, with 5000 Monte Carlo trials per configuration to statistically characterize FAR, FRR, and EER. From these simulations, the paper provides performance tradeoffs between security, robustness, and authentication latency.

Code and exact replication details are not provided; the data is derived from measurements on a custom-fabricated SiN photonic chip through an AN800 multi-project wafer run by LIGENTEC. Analysis is based on numerical simulations parameterized by empirical physical measurements.

Technical innovations

  • Demonstration of a programmable silicon nitride photonic MZI mesh physical unclonable function leveraging fabrication-induced phase offsets as unique fingerprints.
  • Introduction of a quantum authentication protocol combining single-photon spatial qudit states, maximally mixed states, and unitary transformations to conceal challenge-response pairs from passive eavesdropping.
  • Quantification of cloning attack resistance via Monte Carlo modeling of fabrication variation-induced differences between same-wafer PICs, expressed through a fidelity matrix framework.
  • Application of a fuzzy threshold error parameter within a multi-photon authentication framework with rigorous statistical evaluation of false acceptance/rejection rates leading to experimentally grounded equal error rate performance metrics.

Datasets

  • SiN photonic mesh device characterization dataset — 30 challenge vectors × repeated measures — Proprietary experimental measurements from fabricated test chip by LIGENTEC

Baselines vs proposed

  • n/a: No explicit baseline comparison with other PUF implementations presented; evaluations are relative to fabricated devices from the same wafer and classical PUF metrics.

Figures from the paper

Figures are reproduced from the source paper for academic discussion. Original copyright: the paper authors. See arXiv:2605.14959.

Fig 1

Fig 1: (a) Schematic of the unitary MZI-based mesh. (b) The

Fig 2

Fig 2: (a) Power output of a MZI with respect to applied voltage

Fig 3

Fig 3: Normalized Inter-Hamming and Intra-Hamming distributions

Fig 4

Fig 4: The setup of the quantum-secure SP-PUF. Alice communicates

Fig 5

Fig 5 (page 4).

Fig 6

Fig 6 (page 5).

Fig 5

Fig 5: a-c collectively reveal the fundamental

Fig 8

Fig 8 (page 9).

Limitations

  • Analysis of man-in-the-middle (MITM) attack scenarios is discussed but not fully explored or experimentally evaluated.
  • Authentication latency tradeoffs require managing large numbers of detected photons (tens to hundreds) to achieve extremely low EER, which may limit real-time applications.
  • The experimental data focuses on a 6x6 SiN photonic mesh; scalability to larger meshes and higher-dimensional qudit states remains to be demonstrated.
  • Environmental noise effects mostly limited to temperature stabilization and polarization drift; other noise or adversarial tampering conditions not extensively tested.
  • Full information-theoretic security proofs and rigorous cryptanalysis are deferred, with the current security analysis based primarily on physical principles and statistical modeling.

Open questions / follow-ons

  • How resilient is the proposed quantum-secure SP-PUF protocol under active man-in-the-middle attacks with adaptive measurement strategies?
  • What are the practical limits on scaling the mesh size and qudit dimension in terms of loss, complexity, and security?
  • Can error correction or machine learning techniques further reduce authentication latency and improve robustness without compromising security?
  • How will real-world deployment environments, including device aging and environmental fluctuations beyond temperature control, affect long-term performance?

Why it matters for bot defense

This work presents a fundamentally hardware-rooted mechanism for secure authentication that resists cloning and side-channel attacks by leveraging intrinsic fabrication randomness hybridized with quantum security properties. For bot-defense and CAPTCHA practitioners, such quantum-secure physical unclonable functions offer an alternative to classical challenge-response schemes that are vulnerable to software emulation or key extraction. The extremely low false acceptance rates demonstrated suggest that embedding or pairing photonic quantum PUFs could strongly enhance anti-fraud guarantees, especially in high-value or high-assurance scenarios. However, current requirements of single-photon sources/detectors and photonic mesh hardware impose significant complexity and cost limits, thus near-term practical adoption in CAPTCHA systems remains constrained. Future advances in scalable silicon photonics and integrated quantum components may enable practical hybrid cryptographic-PUF tokens that augment conventional bot detection frameworks with unclonable physical hardware roots resistant to machine learning emulation or spoofing.

Cite

bibtex
@article{arxiv2605_14959,
  title={ Quantum-Secure Physical Unclonable Function enabled by Silicon Photonics Integrated Circuits },
  author={ G. Sarantoglou and N. Tzekas and G. Moustakas and G. A. Karydis and V. Kaminski and E. Protsenko and K. Gradkowski and A. Bazin and C. Vigliar and A. Bogris and C. Mesaritakis },
  journal={arXiv preprint arXiv:2605.14959},
  year={ 2026 },
  url={https://arxiv.org/abs/2605.14959}
}

Read the full paper

Articles are CC BY 4.0 — feel free to quote with attribution

© 2026 CaptchaLa