# Intercept-Resend Emulation Attacks against a Continuous-Variable Quantum Authentication Protocol with Physical Unclonable Keys

^{1}

^{2}

^{3}

^{*}

## Abstract

**:**

## 1. Introduction

## 2. Authentication Scheme

## 3. Intercept–Resend Emulation Attacks

#### 3.1. Dual Homodyne–Detection Attack

#### 3.2. Unambiguous State-Discrimination Attack

#### 3.3. Minimum-Error State Discrimination Attack

## 4. Numerical Results and Discussion

## 5. Concluding Remarks

## Author Contributions

## Funding

## Acknowledgments

## Conflicts of Interest

## Abbreviations

PUK | Physical unclonable key |

EAP | Entity authentication protocol |

HD | Homodyne detection |

LO | Local oscillator |

SMF | Single mode fiber |

SLM | Spatial light modulator |

CRP | Challenge response pair |

DHA | Dual-homodyne–detection attack |

UDA | Unambiguous-state-discrimination attack |

SRA | Square-root-measurement attack |

## References

- Menezes, A.; van Oorschot, P.; Vanstone, S. Handbook of Applied Cryptography; CRC Press: Boca Raton, FL, USA, 1996. [Google Scholar]
- Martin, K.M. Everyday Cryptography: Fundamental Principles and Applications; Oxford University Press: Oxford, UK, 2012. [Google Scholar]
- Herder, C.; Yu, M.D.; Koushanfar, F.; Devadas, S. Physical Unclonable Functions and Applications: A Tutorial. Proc. IEEE
**2014**, 102, 1126–1141. [Google Scholar] [CrossRef] - Rührmair, U.; Holcomb, D.E. PUFs at a Glance. In Proceedings of the Conference on Design, Automation and Test in Europe (DATE’14), Dresden, Germany, 24–28 March 2014. [Google Scholar]
- Daihyun, L.; Lee, J.W.; Gassend, B.; Suh, G.E.; van Dijk, M.; Devadas, S. Extracting secret keys from integrated circuits. IEEE Trans. Very Large Scale Integr. Syst.
**2005**, 13, 1200–1205. [Google Scholar] [CrossRef] - Pappu, R.; Recht, B.; Taylor, J.; Gershenfeld, N. Physical one-way functions. Science
**2002**, 297, 2026–2030. [Google Scholar] [CrossRef] [PubMed] - Maes, R. Physically Unclonable Functions: Constructions, Properties and Applications; Springer: New York, NY, USA, 2013. [Google Scholar]
- McGrath, T.; Bagci, I.E.; Wang, Z.M.; Roedig, U.; Young, R.J. A PUF taxonomy. Appl. Phys. Rev.
**2019**, 6, 011303. [Google Scholar] [CrossRef][Green Version] - Santikellur, P.; Bhattacharyay, A.; Chakraborty, R.S. Deep Learning Based Model Building Attacks on Arbiter PUF Compositions. Cryptology ePrint Archive, Report 2019/566. 2019. Available online: https://eprint.iacr.org/2019/566 (accessed on 24 October 2019).
- Khalafalla, M.; Gebotys, C. PUFs Deep Attacks: Enhanced modeling attacks using deep learning techniques to break the security of double arbiter PUFs. In Proceedings of the 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE), Florence, Italy, 25–29 March 2019; pp. 204–209. [Google Scholar]
- Ganji, F.; Forte, D.; Seifert, J.P. PUFmeter a Property Testing Tool for Assessing the Robustness of Physically Unclonable Functions to Machine Learning Attacks. IEEE Access
**2019**, 7, 122513–122521. [Google Scholar] [CrossRef] - Delvaux, J. Machine-Learning Attacks on PolyPUFs, OB-PUFs, RPUFs, LHS-PUFs, and PUF–FSMs. IEEE Trans. Inf. Forensics Secur.
**2019**, 14, 2043–2058. [Google Scholar] [CrossRef] - Rührmair, U.; Hilgers, C.; Urban, S.; Weiershäuser, A.; Dinter, E.; Forster, B.; Jirauschek, C. Optical PUFs Reloaded. Cryptology ePrint Archive, Report 2013/215. 2013. Available online: https://eprint.iacr.org/2013/215 (accessed on 24 October 2019).
- Goorden, S.A.; Horstmann, M.; Mosk, A.P.; Škorić, B.; Pinkse, P.W.H. Quantum-secure authentication of a physical unclonable key. Optica
**2014**, 1, 421–424. [Google Scholar] [CrossRef][Green Version] - Nikolopoulos, G.M.; Diamanti, E. Continuous-variable quantum authentication of physical unclonable keys. Sci. Rep.
**2017**, 7, 46047. [Google Scholar] [CrossRef] - Nikolopoulos, G.M. Continuous-variable quantum authentication of physical unclonable keys: Security against an emulation attack. Phys. Rev. A
**2018**, 97, 012324. [Google Scholar] [CrossRef][Green Version] - Vellekoop, I.M. Feedback-based wavefront shaping. Opt. Express
**2015**, 23, 12189–12206. [Google Scholar] [CrossRef] - Mosk, A.P.; Lagendijk, A.; Lerosey, G.; Fink, M. Controlling waves in space and time for imaging and focusing in complex media. Nat. Photonics
**2012**, 6, 283. [Google Scholar] [CrossRef] - Poppoff, S.K.; Lerosey, G.; Fink, M.; Boccara, A.C.; Gigan, S. Controlling light through optical disordered media: transmission matrix approach. New J. Phys.
**2011**, 13, 123021. [Google Scholar] [CrossRef] - Defienne, H.; Barbieri, M.; Chalopin, B.; Chatel, B.; Walmsley, I.; Smith, B.; Gigan, S. Nonclassical light manipulation in a multiple-scattering medium. Opt. Lett.
**2014**, 39, 6090–6093. [Google Scholar] [CrossRef] [PubMed][Green Version] - Huisman, T.J.; Huisman, S.R.; Mosk, A.P.; Pinkse, P.W. Controlling single-photon Fock-state propagation through opaque scattering media. Appl. Phys. B
**2014**, 116, 603–607. [Google Scholar] [CrossRef] - Huisman, S.R.; Huisman, T.J.; Wolterink, T.A.W.; Mosk, A.P.; Pinkse, P.W.H. Programmable multiport optical circuits in opaque scattering materials. Opt. Express
**2015**, 23, 3102–3116. [Google Scholar] [CrossRef] - Leonhardt, U.; Böhmer, B.; Paul, H. Uncertainty relations for realistic joint measurements of position and momentum in quantum optics. Opt. Commun.
**1995**, 119, 296–300. [Google Scholar] [CrossRef] - Schleich, W.P. Quantum Optics in Phase Space; John Wiley & Sons: Hoboken, NJ, USA, 2011. [Google Scholar]
- Chefles, A.; Barnett, S.M. Optimum unambiguous discrimination between linearly independent symmetric states. Phys. Lett. A
**1998**, 250, 223–229. [Google Scholar] [CrossRef][Green Version] - Ivanovic, I.D. How to differentiate between non-orthogonal states. Phys. Lett. A
**1987**, 123, 257–259. [Google Scholar] [CrossRef] - Peres, A. How to differentiate between non-orthogonal states. Phys. Lett. A
**1988**, 128, 19. [Google Scholar] [CrossRef] - Dieks, D. Overlap and distinguishability of quantum states. Phys. Lett. A
**1988**, 126, 303–306. [Google Scholar] [CrossRef] - Barnett, S.M.; Croke, S. Quantum state discrimination. Adv. Opt. Photonics
**2009**, 1, 238–278. [Google Scholar] [CrossRef] - Weir, G. Optimal Discrimination of Quantum States. Ph.D. Thesis, University of Glasgow, Glasgow, UK, 2018. [Google Scholar]
- Izumi, S.; Takeoka, M.; Wakui, K.; Fujiwara, M.; Ema, K.; Sasaki, M. Optical phase estimation via the coherent state and displaced-photon counting. Phys. Rev. A
**2016**, 94, 033842. [Google Scholar] [CrossRef][Green Version] - Croal, C.; Peuntinger, C.; Heim, B.; Khan, I.; Marquardt, C.; Leuchs, G.; Wallden, P.; Andersson, E.; Korolkova, N. Free-Space Quantum Signatures Using Heterodyne Measurements. Phys. Rev. Lett.
**2016**, 117, 100503. [Google Scholar] [CrossRef] [PubMed] - Van Enk, S. Unambiguous state discrimination of coherent states with linear optics: Application to quantum cryptography. Phys. Rev. A
**2002**, 66, 042313. [Google Scholar] [CrossRef][Green Version] - Horstmayer, R.; Judkewitz, B.; Vellekoop, I.M.; Assawaworrarit, S.; Yan, C. Physical key-protected one-time pad. Sci. Rep.
**2013**, 3, 3543. [Google Scholar] [CrossRef] - Nikolopoulos, G.M. Optical scheme for cryptographic commitments with physical unclonable keys. Opt. Express
**2019**, 27, 29367–29379. [Google Scholar] [CrossRef]

**Figure 1.**General schematic representation of the main stages and the typical operations of an entity authentication protocol (EAP) with quantum readout of a physical unclonable key (PUK). The enrollment stage is performed before the PUK is given to the user, and aims at the generation of a set of numerical challenge-response pairs (CRPs). In the verification stage, $M\gg 1$ numerical challenges are chosen at random and independently from the available set of CRPs for the particular PUK. Each numerical challenge is encoded independently in the quantum state of a laser pulse, which is scattered from the PUK. The scattered light is measured and the outcome (response) is returned to the server. The PUK is accepted or rejected based on a publicly known function, which quantifies the deviations of the recorded responses from the expected ones.

**Figure 2.**Schematic representation of the set-up for the EAP under consideration [15].

**Figure 3.**Schematic representation of the attack under consideration [16]. The adversary has a copy of the set of the numerical CRPs, from which the challenges are chosen at random. He intercepts each one of the M incoming probe states, and measures it in order to deduce the value of k (see Table 1). Based on the outcome of his measurement the adversary makes an educated guess about k, say $\tilde{k}$, and he looks $\tilde{k}$ up in the set of CRPs, in order to find the corresponding expected response ${R}_{\tilde{k}}$. Finally, the adversary prepares and sends to the homodyne detection (HD) set-up of the verifier a quantum state that will induce statistics consistent with ${R}_{\tilde{k}}$.

**Figure 4.**The lower bound ${D}_{\mathrm{low}}$, as a function of the number of different probe states N, for various values of ${\mu}_{P}$ but fixed ratio ${\mu}_{\mathrm{R}}/{\mu}_{\mathrm{P}}$ (

**a**); and various values of ${\mu}_{R}$ for fixed ${\mu}_{\mathrm{P}}$ (

**b**). The vertical dashed line mark the security threshold $2\epsilon =15\times {10}^{-4}$, and the protocol is secure against any intercept–resend attack for ${D}_{\mathrm{low}}>2\epsilon $.

**Figure 5.**Discretization of the phase space for $n=8$. The segment for the actual probe state $k=0$ (green) and all other possible probe states (blue) are shown. The coloring displays the probabilities ${P}^{\mathrm{DH}}(\tilde{k}|k=0)$ for $\tilde{k}=0,1,\dots ,n-1$ (dark: high probability).

**Figure 6.**(

**a**) Probability for the adversary to deduce the wrong probe state in the case of dual-homodyne–detection attack (red curve, DHA), square-root-measurement attack (green curve, SRA) and unambiguous-state-discrimination attack (gray curve, UDA), as a function of the number of different probe states N. The lower bound is also shown (blue curve); (

**b**) conditional probability $P(\mathrm{in}|\mathrm{error})$ for the verifier to obtain a result inside the expected bin given that the adversary inferred the wrong probe state, as function of N and for different attacks. The maximum value ${P}_{max}(\mathrm{in}|\mathrm{error})$ is also shown (blue curve), and all of the probabilities are compared to the probability ${P}_{\mathrm{in}}^{0}$ in the absence of an attack (dashed vertical line).

**Figure 7.**Difference of probabilities $D={P}_{\mathrm{in}}^{0}-{P}_{\mathrm{in}}$ as a function of the total number of different probe states N, for the dual-homodyne–detection attack (

**a**,

**b**); the unambiguous-state-discrimination attack (

**c**,

**d**); and the square-root-measurement attack (

**e**,

**f**). The horizontal dashed lines mark the security threshold $2\epsilon =15\times {10}^{-4}$ (l.h.s) and $2\epsilon =4\times {10}^{-4}$ (r.h.s). The protocol is secure against a specific type of intercept–resend attack when the corresponding value of D exceeds $2\epsilon $.

**Table 1.**Illustration of a set of CRPs used for authentication of a PUK. The set is identified by a unique identification number (see discussion in Section 5). The angles $\theta =0$ and $\pi /2$ refer to the quadratures $\widehat{X}$ and $\widehat{Y}$ of the field in SMF B at the entrance of the homodyne detection (HD) set-up, respectively (see Figure 2).

Identification Number | |||
---|---|---|---|

Challenge | Response | ||

k | Phase mask | $\theta =0$ | $\theta =\pi /2$ |

0 | ${\mathsf{\Phi}}_{0}$ | ${\langle \widehat{X}\rangle}_{0}$ | ${\langle \widehat{Y}\rangle}_{0}$ |

1 | ${\mathsf{\Phi}}_{1}$ | ${\langle \widehat{X}\rangle}_{1}$ | ${\langle \widehat{Y}\rangle}_{1}$ |

2 | ${\mathsf{\Phi}}_{2}$ | ${\langle \widehat{X}\rangle}_{2}$ | ${\langle \widehat{Y}\rangle}_{2}$ |

⋮ | ⋮ | ⋮ | |

$N-1$ | ${\mathsf{\Phi}}_{N-1}$ | ${\langle \widehat{X}\rangle}_{N-1}$ | ${\langle \widehat{Y}\rangle}_{N-1}$ |

© 2019 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).

## Share and Cite

**MDPI and ACS Style**

Fladung, L.; Nikolopoulos, G.M.; Alber, G.; Fischlin, M. Intercept-Resend Emulation Attacks against a Continuous-Variable Quantum Authentication Protocol with Physical Unclonable Keys. *Cryptography* **2019**, *3*, 25.
https://doi.org/10.3390/cryptography3040025

**AMA Style**

Fladung L, Nikolopoulos GM, Alber G, Fischlin M. Intercept-Resend Emulation Attacks against a Continuous-Variable Quantum Authentication Protocol with Physical Unclonable Keys. *Cryptography*. 2019; 3(4):25.
https://doi.org/10.3390/cryptography3040025

**Chicago/Turabian Style**

Fladung, Lukas, Georgios M. Nikolopoulos, Gernot Alber, and Marc Fischlin. 2019. "Intercept-Resend Emulation Attacks against a Continuous-Variable Quantum Authentication Protocol with Physical Unclonable Keys" *Cryptography* 3, no. 4: 25.
https://doi.org/10.3390/cryptography3040025