Password authentication schemes on a quantum computer (2201.12512v1)

Abstract: In a post-quantum world, where attackers may have access to full-scale quantum computers, all classical password-based authentication schemes will be compromised. Quantum copy-protection prevents adversaries from making copies of existing quantum software; we suggest this as a possible approach for designing post-quantum-secure password authentication systems. In this paper, we show an implementation of quantum copy-protection for password verification on IBM quantum computers. We also share our quantum computation results and analyses, as well as lessons learned.

• The paper proposes quantum copy-protection using the no-cloning theorem to secure password authentication against quantum attacks.
• The paper implements and tests the scheme on IBM quantum computers with Python, Qiskit, and liboqs-python, rigorously evaluating error rates and noise.
• The paper outlines a quantum secure communication protocol leveraging quantum-resistant algorithms, paving the way for post-quantum enhancements.

Quantum Copy-Protection in Password Authentication Systems

The paper "Password Authentication Schemes on a Quantum Computer" by Sherry Wang, Carlisle Adams, and Anne Broadbent investigates post-quantum secure authentication mechanisms that leverage the unique capabilities of quantum computing, particularly focusing on quantum copy-protection techniques. This work is motivated by the vulnerabilities classical password-based systems face in the advent of quantum computing, notably due to Grover's algorithm, which exponentially reduces the time required for brute-force attacks.

Key Contributions and Findings

1. Quantum Copy-Protection for Passwords: The authors propose using quantum copy-protection, specifically implemented on IBM quantum computers, to safeguard password-based authentication systems. The no-cloning theorem underpins this strategy, as it ensures quantum information cannot be duplicated, providing a security advantage over classical systems.
2. Implementation on Quantum Computers: An essential contribution is the practical implementation of these authentication schemes using Python, Qiskit, and liboqs-python. The quantum authentication leverages point functions to verify passwords, translating naturally from classical password models where the ‘point’ represents the password. This is implemented and tested within IBM’s quantum environment.
3. Security Model and Experimentation: The paper employs the Honest-Malicious security model to test the implementation, simulating scenarios where challenge inputs match or differ from the encoded password (point function). Correctness and error rates of these systems were measured through various tests on IBM's quantum devices, revealing the inherent noise challenges present in current quantum hardware.
4. Quantum Secure Communication: The research outlines a communication protocol using quantum secure SSL, leveraging FrodoKEM-1344 and AES-256, which are considered quantum-resistant, ensuring secure exchanges between users and servers in a post-quantum scenario.

Implications and Future Directions

The implications of this research extend both theoretically and practically within the domain of quantum cryptography and secure communications:

• Theoretical Implications:

By showcasing a working prototype of a quantum-enhanced password authentication system, the paper highlights potential pathways for post-quantum cryptographic protocols. This work is an early step towards realizing practical applications where quantum cryptography can safely replace classical counterparts vulnerable to quantum attacks.

• Noise and Fault Tolerance:

The authors discuss extensive noise in executable quantum programs, a challenge that pervades current quantum computing experiments. Their methods involving quantum-classical hybrid approaches and error mitigation signify potential best practices in designing robust quantum circuits.

• Potential for Broader Applications:

Beyond password verification, quantum copy-protection could transform other security-critical applications, such as digital rights management and secure software distribution, by leveraging its ability to impede unauthorized reproductions.

• Future Development:

As quantum computing hardware advances, specifically toward fault-tolerant designs, the methods proposed could evolve to become not only feasible but optimal. Future works may explore reducing circuit complexity further, improving error rates, and expanding the scope of application.

In conclusion, the paper provides a substantive exploration of post-quantum password authentication systems, innovatively tackling classical vulnerabilities by introducing quantum copy-protection techniques. This research broadens the dialogue around practical and theoretical aspects of quantum cryptographic implementations, paving the way for future advancements in secure computing against the backdrop of quantum computational capabilities.