Authentication of persons and objects is a crucial aspect of security. We experimentally demonstrate quantum-secure authentication (QSA) of a classical multiple-scattering key. The key is authenticated by illuminating it with a light pulse containing fewer photons than spatial degrees of freedom and verifying the spatial shape of the reflected light. Quantum-physical principles forbid an attacker to fully characterize the incident light pulse. Therefore, he cannot emulate the key by digitally constructing the expected optical response, even if all information about the key is publicly known. QSA uses a key that cannot be copied due to technological limitations and is quantum-secure against digital emulation. Moreover, QSA does not depend on secrecy of stored data, does not depend on unproven mathematical assumptions, and is straightforward to implement with current technology.

Figures (3)

Fig. 1. Idea of QSA: (a) In classical authentication of an optical unclonable physical key, a challenge wavefront of sufficient complexity is sent to the key. The response wavefront is compared with those stored in a database (yellow pieces) to make a pass (green light) or fail (red light) decision. However, this verification can be spoofed by an emulation attack (b) in which the challenge wavefront is completely determined and the expected response is constructed by the adversary who knows the challenge–response behavior of the key. (c) In QSA, the challenge is a quantum state for which an emulation attack (d) fails because the adversary cannot actually determine the quantum state, and, hence, any attempt to generate the correct response wavefront fails. Download Full Size | PPT Slide | PDF

Fig. 2. Quantum-secure optical readout of a physical key. (a) Setup: a spatial light modulator (SLM1) creates the challenge by phase shaping a few-photon wavefront. In the experiment a 50 × 50 binary phase pattern is used with 0 and π phase delays. The challenge is sent to the ZnO key (scale bar is 4 μm) by a microscope objective (not shown). The response is coupled out by a polarizing beam splitter (PBS). The response is transformed back by SLM2 and then focused onto the analyzer plane. (b) Only if the key is the true unique key, the response has a bright spot in the center, holding ≈ 60 % of the power in the image and allowing that fraction to pass a pinhole and land on a detector where photodetection clicks authenticate the key. (c) In case of a false key, the response in the analyzer plane is a random speckle pattern. Download Full Size | PPT Slide | PDF