# Quantum Key Distribution with Post-Processing Driven by Physical Unclonable Functions

^{1}

^{2}

^{3}

^{*}

## Abstract

**:**

## 1. Introduction

## 2. Results and Discussion

#### 2.1. Integration of PUFs in Point-to-Point QKD Links

#### 2.2. Large QKD Networks

#### 2.3. QKD Device Authentication

#### 2.4. Security Considerations

- (C1)
- The numerical keys produced by the PUFs under consideration are close to truly random.
- (C2)
- The legitimate users never make their PUF tokens/tags available to other parties.
- (C3)
- Each entry in the database of challenge–response pairs is used only once.
- (C4)
- The MAC that is used for the distribution of the key in Figure 7 is ITS.

## 3. Conclusions

## Author Contributions

## Funding

## Institutional Review Board Statement

## Informed Consent Statement

## Data Availability Statement

## Acknowledgments

## Conflicts of Interest

## Abbreviations

QKD | Quantum key distribution |

PUF | Physical unclonable function |

KDC | Key distribution center |

MAC | Message authentication code |

CRP | Challenge-response pair |

ITS | Information-theoretically secure |

OTP | One-time pad |

WCA | Wegman-Carter authentication |

DoS | Denial of Service |

## Appendix A. The Size of the Pre-Shared Key

#### Appendix A.1. Error Reconciliation

#### Appendix A.2. Message Authentication

**Definition**

**A1.**

**Theorem**

**A1.**

## References

- Gisin, N.; Ribordy, G.; Tittel, W.; Zbinden, H. Quantum cryptography. Rev. Mod. Phys.
**2002**, 74, 145–195. [Google Scholar] [CrossRef] - Scarani, V.; Bechmann-Pasquinucci, H.; Cerf, N.J.; Dušek, M.; Lütkenhaus, N.; Peev, M. The security of practical quantum key distribution. Rev. Mod. Phys.
**2009**, 81, 1301–1350. [Google Scholar] [CrossRef] - Lo, H.-K.; Curty, M.; Tamaki, K. Secure quantum key distribution. Nat. Photon.
**2014**, 8, 595–604. [Google Scholar] [CrossRef] - Diamanti, E.; Lo, H.K.; Qi, B.; Yuan, Z. Practical challenges in quantum key distribution. npj Quantum Inf.
**2016**, 2, 16025. [Google Scholar] [CrossRef] - Pirandola, S.; Andersen, U.L.; Banchi, L.; Berta, M.; Bunandar, D.; Colbeck, R.; Englund, D.; Gehring, T.; Lupo, C.; Ottaviani, C.; et al. Advances in quantum cryptography. Adv. Opt. Photonics
**2020**, 12, 1012–1236. [Google Scholar] [CrossRef] - Mehic, M.; Niemiec, M.; Rass, S.; Ma, J.; Peev, M.; Aguado, A.; Martin, V.; Schauer, S.; Poppe, A.; Pacher, C.; et al. Quantum Key Distribution: A Networking Perspective. ACM Comput. Surv.
**2020**, 53, 1–41. [Google Scholar] [CrossRef] - Xu, F.; Ma, X.; Zhang, Q.; Lo, H.-K.; Pan, J.-W. Quantum cryptography with realistic devices. Rev. Mod. Phys.
**2020**, 92, 025002. [Google Scholar] [CrossRef] - Paraïso, T.K.; Woodward, R.I.; Marangon, D.G.; Lovic, V.; Yuan, Z.; Shields, A.J. Advanced Laser Technology for Quantum Communications. Adv. Quantum Technol.
**2021**, 4, 2100062. [Google Scholar] [CrossRef] - Bennett, C.H.; Brassard, G.; Crepeau, C.; Maurer, U. Generalized privacy amplification. IEEE. Trans. Inf. Theory
**1995**, 41, 1915–1923. [Google Scholar] [CrossRef] - Lütkenhaus, N. Estimates for practical quantum cryptography. Phys. Rev. A
**1999**, 59, 3301–3319. [Google Scholar] [CrossRef] - Fung, C.H.F.; Ma, X.; Chau, H.F. Practical issues in quantum-key-distribution postprocessing. Phys. Rev. A
**2010**, 81, 012318. [Google Scholar] [CrossRef] - Menezes, A.; van Oorschot, P.; Vanstone, S. Handbook of Applied Cryptography; CRC Press: Boca Raton, FL, USA, 1996. [Google Scholar]
- Martin, K.M. Everyday Cryptography: Fundamental Principles and Applications; Oxford University Press: New York, NY, USA, 2012. [Google Scholar]
- Stinson, D.R.; Paterson, M.B. Cryptography: Theory and Practice; CRC Press: Boca Raton, FL, USA, 2019. [Google Scholar]
- Katz, J.; Lindell, Y. Introduction to Modern Cryptography; CRC Press: Boca Raton, FL, USA, 2015. [Google Scholar]
- Abidin, A. Authentication in Quantum Key Distribution: Security Proof and Universal Hash Functions. Ph.D. Thesis, Linköping University, Linköping, Sweden, 2013. [Google Scholar]
- Wegman, M.N.; Carter, J.L. New Hash Functions and Their Use in Authentication and Set Equality. J. Comput. Syst. Sci.
**1981**, 22, 265–279. [Google Scholar] [CrossRef] - Krawczyk, H. Adances in Cryptology—CRYPTO ’94, Lecture Notes in Computer Science; Springer: New York, NY, USA, 1994; Volume 839, p. 129. [Google Scholar]
- Peev, M.; Nölle, M.; Maurhardt, O.; Lorünser, T.; Suda, M.; Poppe, A.; Ursin, R.; Fedrizzi, A.; Zeilinger, A. A novel protocol-authentication algorithm ruling out a man-in-the middle attack in quantum cryptography. Int. J. Quantum Inf.
**2005**, 3, 225–231. [Google Scholar] [CrossRef] - Abidin, A.; Larsson, J.-Å. Vulnerability of “A novel protocol-authentication algorithm ruling out a man-in-the-middle attack in quantum cryptography. Int. J. Quantum Inf.
**2009**, 7, 1047–1052. [Google Scholar] [CrossRef] - Pacher, C.; Abidin, A.; Lorünser, T.; Peev, M.; Ursin, R.; Zeilinger, A.; Larsson, J.-Å. Attacks on quantum key distribution protocols that employ non-ITS authentication. Quantum Inf. Process.
**2016**, 15, 327–362. [Google Scholar] [CrossRef] - Wang, L.-J.; Zhang, K.-Y.; Wang, J.-Y.; Cheng, J.; Yang, Y.-H.; Tang, S.-B.; Yan, D.; Tang, Y.-L.; Liu, Z.; Yu, Y.; et al. Experimental authentication of quantum key distribution with post-quantum cryptography. npj Quant. Inf.
**2021**, 7, 67. [Google Scholar] [CrossRef] - Yang, Y.-H.; Li, P.-Y.; Ma, S.-Z.; Qian, X.-C.; Zhang, K.-Y.; Wang, L.-J.; Zhang, W.-L.; Zhou, F.; Tang, S.-B.; Wang, J.-Y.; et al. All optical metropolitan quantum key distribution network with post-quantum cryptography authentication. Opt. Express
**2021**, 29, 25859. [Google Scholar] [CrossRef] [PubMed] - Mosca, M.; Stebila, D.; Ustaoǧlu, B. Quantum key distribution in the classical authenticated key exchange framework. In Post-Quantum Cryptography; Springer: Berlin/Heidelberg, Germany, 2013; pp. 136–154. [Google Scholar]
- Pappu, R.; Recht, B.; Taylor, J.; Gershenfeld, N. Physical One-way Functions. Science
**2002**, 297, 2026–2030. [Google Scholar] [CrossRef] - McGrath, T.; Bagci, I.E.; Wang, Y.M.; Roedig, U.; Young, R.J. A PUF taxonomy. Appl. Phys. Rev.
**2019**, 6, 011303. [Google Scholar] [CrossRef] - Gao, Y.; Al-Sarawi, S.F.; Abbott, D. Physical unclonable functions. Nat. Electron.
**2020**, 3, 81–91. [Google Scholar] [CrossRef] - Covic, A.; Chowdhury, S.; Acharya, R.Y.; Ganji, F.; Forte, D. Post-Quantum Hardware Security. In Emerging Topics in Hardware Security; Springer: Berlin/Heidelberg, Germany, 2021. [Google Scholar]
- Chowdhury, S.; Covic, A.; Acharya, R.Y.; Dupee, S.; Ganji, F.; Forte, D. Physical security in the post-quantum era. J. Crypt. Eng.
**2022**, 12, 267–303. [Google Scholar] [CrossRef] - Arppe, R.; Just Sørensen, T. Physical unclonable functions generated through chemical methods for anti-counterfeiting. Nat. Rev. Chem.
**2017**, 1, 0031. [Google Scholar] [CrossRef] - Herder, C.; Yu, M.D.; Koushanfar, F.; Devadas, S. Physical unclonable functions and applications: A tutorial. Proc. IEEE
**2014**, 102, 1126–1141. [Google Scholar] [CrossRef] - Shamsoshoara, A.; Korenda, A.; Afghah, F.; Zeadally, S. A survey on physical unclonable function (PUF)-based security solutions for Internet of Things. Comput. Netw.
**2020**, 183, 107593. [Google Scholar] [CrossRef] - Rührmair, U.; Devadas, S.; Koushanfar, F. Introduction to Hardware Security and Trust; Springer: Berlin/Heidelberg, Germany, 2012; Chapter 4. [Google Scholar]
- Nikolopoulos, G.M. Remote Quantum-Safe Authentication of Entities with Physical Unclonable Functions. Photonics
**2021**, 8, 289. [Google Scholar] [CrossRef] - Horstmayer, R.; Judkewitz, B.; Vellekoop, I.M.; Assawaworrarit, S.; Yang, C. Physical key-protected one-time pad. Sci. Rep.
**2013**, 3, 3543. [Google Scholar] [CrossRef] [PubMed] - Bernstein, D.J.; Buchmann, J.; Dahmen, J. Post-Quantum Cryptography; Springer: Berlin/Heidelberg, Germany, 2009. [Google Scholar]
- Bernstein, D.J.; Lange, T. Post-quantum cryptography. Nature
**2017**, 549, 188–194. [Google Scholar] [CrossRef] [PubMed] - Nikolopoulos, G.M. Applications of single-qubit rotations in quantum public-key cryptography. Phys. Rev. A
**2008**, 77, 032348. [Google Scholar] [CrossRef] - Kawachi, A.; Koshiba, T.; Nishimura, H.; Yamakami, T. Computational Indistinguishability Between Quantum States and Its Cryptographic Application. J. Cryptol.
**2012**, 25, 528–555. [Google Scholar] [CrossRef] - Kabashima, Y.; Murayama, T.; Saad, D. Cryptographical Properties of Ising Spin Systems. Phys. Rev. Lett.
**2000**, 84, 2030–2033. [Google Scholar] [CrossRef] - Abidin, A.; Larsson, J.-Å. Direct proof of security of Wegman–Carter authentication with partially known key. Quantum Inf. Process.
**2014**, 13, 2155–2170. [Google Scholar] [CrossRef] - Mesaritakis, C.; Akriotou, M.; Kapsalis, A.; Grivas, E.; Chaintoutis, C.; Nikas, T.; Syvridis, D. Physical Unclonable Function based on a Multi-Mode Optical Waveguide. Sci. Rep.
**2018**, 8, 9653. [Google Scholar] [CrossRef] [PubMed] - Nikolopoulos, G.M.; Fischlin, M. Information-Theoretically Secure Data Origin Authentication with Quantum and Classical Resources. Cryptography
**2020**, 4, 31. [Google Scholar] [CrossRef] - Bellare, M.; Kilian, J.; Rogaway, P. The Security of the Cipher Block Chaining Message Authentication Code. J. Comput. Syst. Sci.
**2000**, 61, 362–399. [Google Scholar] [CrossRef] - Marakis, E.; Rührmair, U.; Lachner, M.; Uppu, R.; Škorić, B.; Pinkse, P.W.H. Clones of the Unclonable: Nanoduplicating Optical PUFs and Applications. arXiv
**2022**, arXiv:2212.12495. [Google Scholar] [CrossRef] - Škorić, B. Quantum readout of physical unclonable functions. Int. J. Quantum. Inform.
**2012**, 10, 1250001. [Google Scholar] [CrossRef] - Goorden, S.A.; Horstmann, M.; Mosk, A.P.; Škorić, B.; Pinkse, P.W.H. Quantum-secure authentication of a physical unclonable key. Optica
**2014**, 1, 421–424. [Google Scholar] [CrossRef] - Nikolopoulos, G.M.; Diamanti, E. Continuous-variable quantum authentication of physical unclonable keys. Sci. Rep.
**2017**, 7, 46047. [Google Scholar] [CrossRef] - Nikolopoulos, G.M. Continuous-variable quantum authentication of physical unclonable keys: Security against an emulation attack. Phys. Rev. A
**2018**, 97, 012324. [Google Scholar] [CrossRef]

**Figure 2.**Schematic representations of a point-to-point QKD link (

**a**) and of the man-in-the-middle attack (

**b**).

**Figure 3.**Schematic representation of a physical unclonable function (PUF). The token (sometimes also referred to as PUF tag), is a device with internal physical disorder. The internal disorder of the token is imprinted into its response to a physical challenge. The raw response is processed classically in order to yield a nearly perfect and robust random key.

**Figure 4.**Integration of PUFs in a point-to-point QKD link. (

**a**) Each pair of QKD boxes is associated with two PUFs namely, PUF${}_{\mathrm{A}}$ and PUF${}_{\mathrm{B}}$. A PUF generates a random key as a response to a challenge. The manufacturer creates a database of challenge–response pairs (CRPs), where only the joint keys are stored. (

**b**) With the purchase of the QKD boxes, the users also have access to the corresponding PUFs. Moreover, one of them (say Alice), receives a copy of the database. For the generation of a common random key, which will seed the first QKD session, Alice and Bob interrogate their PUFs independently with the same randomly chosen challenge. The corresponding entry is permanently removed from the database, while Bob also keeps track of the used challenges. This procedure can be performed again, e.g., if the first QKD session aborts, and a new QKD session is necessary.

**Figure 5.**Full-mesh QKD network involving n users. (

**a**) In the absence of a key distribution centre (KDC), the total number of pre-shared keys is $n(n-1)/2$, while each new user has to share n keys with each one of the other existing users. (

**b**) In the presence of a KDC, each user shares a key with the KDC only.

**Figure 6.**Integration of PUFs in a large QKD network. (

**a**) Each QKD device (sender or receiver) is associated with a PUF. The PUF generates a random key as a response to a challenge. The KDC has its own PUFs, and it is controlled by the manufacturer, who creates a database of challenge–response pairs for each QKD device. The KDC has access to the databases of CRPs for all of the QKD devices that have been or will be connected to it, while a different PUF is used for the encryption of the entries in each database. (

**b**) Each time that fresh key material is needed for a user, the user can generate a common random key with the KDC by running the protocol in the shaded box. Note that the presence of the QKD link between the KDC and the user is not necessary, as keys can be generated from the PUFs. In practice, the addition of such a QKD link will limit the distance between the user and the KDC, but it can make the network self sustainable in terms of key generation and consumption.

**Figure 7.**Schematic representation of the procedure through which Alice and Charlie can establish a common secret key, with a third party acting as a relay.

**Figure 8.**Schematic representation of an entity authentication session. In order for the KDC to confirm the identity of the newly connected QKD device of Charlie, they run the protocol in the shaded region to obtain a common secret key through their PUFs. The key manager also chooses a random binary string $\mathit{s}$, and they send it to the user. The user runs a publicly known MAC to obtain a tag $\tau $ for the concatenated message involving their unique identity (in binary format) ID${}_{\mathrm{C}}$ and the received random binary string. The tag is sent to the KDC, where it is compared to the tag produced locally by the key manager, and the identity of the QKD device is accepted only if the two tags agree. If a secret key is already shared between the user and the KDC, then the steps in the shaded box can be omitted.

Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |

© 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).

## Share and Cite

**MDPI and ACS Style**

Nikolopoulos, G.M.; Fischlin, M.
Quantum Key Distribution with Post-Processing Driven by Physical Unclonable Functions. *Appl. Sci.* **2024**, *14*, 464.
https://doi.org/10.3390/app14010464

**AMA Style**

Nikolopoulos GM, Fischlin M.
Quantum Key Distribution with Post-Processing Driven by Physical Unclonable Functions. *Applied Sciences*. 2024; 14(1):464.
https://doi.org/10.3390/app14010464

**Chicago/Turabian Style**

Nikolopoulos, Georgios M., and Marc Fischlin.
2024. "Quantum Key Distribution with Post-Processing Driven by Physical Unclonable Functions" *Applied Sciences* 14, no. 1: 464.
https://doi.org/10.3390/app14010464