Quantum Vault: Secure Token Authentication Without Classical State Information Benchmarked on IBMQ

TL;DR

This paper introduces a quantum vault protocol for secure token authentication that removes classical side information, is benchmarked on IBMQ hardware, and offers unforgeability, traceability, and public verifiability.

Contribution

It proposes a quantum vault scheme that enhances security by eliminating classical side information and demonstrates its effectiveness on cloud-based quantum hardware.

Findings

Achieves false-negative error probabilities below 10^{-4}

Attains attack success probabilities below 10^{-18} with 200 tokens

Protocol is hardware-agnostic and applicable to various quantum platforms

Abstract

Quantum tokens are underlying primitives for quantum money and network proposals, which leverage the no-cloning theorem to realize unforgeable authentication. A relevant but overlooked type of attack to such architectures is a hacker that steals the classical side information of the token states from the issuing agent (e.g. a bank), allowing the forgery of fake tokens without violating no-cloning theorem. Our proposal avoids this threat by removing classical side information about the token states, where instead a copy of the token is stored at the bank, i.e. a quantum vault. This copy can be accessed by anyone to perform authentication, consuming the token pair in the process. Our protocol is benchmarked and quality parameters are identified within a hardware agnostic framework employing three cloud-based IBM quantum (IBMQ) processors, such that the protocol is applicable to arbitrary quantum platforms. By comparing the efficiency with which genuine tokens are produced and authenticated with a possible query attack scenario, we demonstrate the security of the protocol. Where we achieve probabilities lower than $10^{-4}$ for false-negative errors and $10^{-18}$ for successful attacks when considering quantum bills composed of 200 tokens, even in the worst performing hardware. The quantum vault not only symmetrically protects both user and bank with the same quantum principles, but provides a step towards public key authentication, since any untrusted party can have authentication access granted from the bank to the tokens without being able to clone them, assuming they have a quantum channel with the vault. Besides public accessible verifiability, our proposal naturally achieves standard unforgeability, traceability and revocability.