Papers
Topics
Authors
Recent
Search
2000 character limit reached

Quantum Vault: Secure Token Authentication Without Classical State Information Benchmarked on IBMQ

Published 5 May 2026 in quant-ph | (2605.03564v1)

Abstract: Quantum tokens are underlying primitives for quantum money and network proposals, which leverage the no-cloning theorem to realize unforgeable authentication. A relevant but overlooked type of attack to such architectures is a hacker that steals the classical side information of the token states from the issuing agent (e.g. a bank), allowing the forgery of fake tokens without violating no-cloning theorem. Our proposal avoids this threat by removing classical side information about the token states, where instead a copy of the token is stored at the bank, i.e. a quantum vault. This copy can be accessed by anyone to perform authentication, consuming the token pair in the process. Our protocol is benchmarked and quality parameters are identified within a hardware agnostic framework employing three cloud-based IBM quantum (IBMQ) processors, such that the protocol is applicable to arbitrary quantum platforms. By comparing the efficiency with which genuine tokens are produced and authenticated with a possible query attack scenario, we demonstrate the security of the protocol. Where we achieve probabilities lower than $10{-4}$ for false-negative errors and $10{-18}$ for successful attacks when considering quantum bills composed of 200 tokens, even in the worst performing hardware. The quantum vault not only symmetrically protects both user and bank with the same quantum principles, but provides a step towards public key authentication, since any untrusted party can have authentication access granted from the bank to the tokens without being able to clone them, assuming they have a quantum channel with the vault. Besides public accessible verifiability, our proposal naturally achieves standard unforgeability, traceability and revocability.

Authors (2)

Summary

  • The paper introduces a quantum vault protocol that eliminates classical side-information by using identical quantum state copies for secure token authentication.
  • It benchmarks token authentication on IBMQ via the SWAP test, achieving >99.99% acceptance for genuine tokens and suppressing forgery probabilities below 10⁻¹⁸ for quantum bills.
  • The methodology provides symmetric security, traceability, and revocability, paving the way for secure quantum financial systems and network applications.

Quantum Vault Protocol: Eliminating Classical Side-Information for Secure Quantum Authentication

Overview

The paper "Quantum Vault: Secure Token Authentication Without Classical State Information Benchmarked on IBMQ" (2605.03564) addresses a fundamental vulnerability in quantum money and quantum token schemes: the reliance on classical side information for authentication. By introducing a protocol in which the bank stores an identical quantum state (the quantum vault) instead of classical state parameters, the scheme symmetrically protects both the issuing agent and the user from attacks that leverage stolen classical data, while maintaining no-cloning-based security. Benchmarking on three IBMQ processors demonstrates both technical feasibility and sharply quantified security bounds for this architecture.

Classical Side-Information Vulnerability and Proposed Quantum Vault Architecture

Most quantum token proposals assume the security of classical side information (typically Bloch sphere angles θ,ϕ\theta,\phi), which, if compromised, enables an attacker to clone tokens undetectably. Recent high-profile breaches of financial databases highlight this as a practical concern. The quantum vault protocol resolves this by eliminating classical recording of token states; instead, the bank retains an identical quantum copy. Authentication proceeds via quantum state comparison, thereby removing dependence on classical data security.

The protocol operates as follows:

  • The issuer generates two Haar-random quantum states, ψ1|\psi_1\rangle, ψ2|\psi_2\rangle, and distributes one to the user, retaining the other in a quantum vault.
  • Authentication is performed via direct quantum comparison, specifically utilizing the SWAP test, with no recourse to classical angles (apart from the token serial number).
  • This approach enables both private and "public" verification architectures: in the latter, untrusted parties can authenticate tokens via the bank's quantum channel, while retaining unforgeability.

Optimal Quantum Authentication and SWAP Test Implementation

Authentication in this protocol leverages the SWAP test, which compares two unknown quantum states and outputs a statistic CNC_N. When both states are identical (ψ1=ψ2|\psi_1\rangle = |\psi_2\rangle), CN0C_N \approx 0; when they are orthogonal, CN0.5C_N \approx 0.5. Due to the statistical nature and unavoidable experimental errors, the bank defines a threshold τ\tau to accept genuine tokens with probability pbp_b, calibrated empirically on IBMQ hardware.

The SWAP test does not immediately destroy the token states, but repeated tests in NISQ hardware induce back-action and degrade fidelity, effectively consuming the tokens during authentication. Practical deployment thus relies on improved quantum memory longevity and the prospect of non-destructive tests as hardware matures.

Calibration on IBMQ Kingston, Fez, and Marrakesh provided empirical quality parameters (Qa,Qo)(Q_a, Q_o) measuring SWAP test amplitude and offset, which directly influence security bounds. For single tokens, there is a nonzero probability of accepting forged tokens, but "quantum bills" composed of multiple tokens suppress this probability exponentially.

Security Analysis: Query Attacks and Statistical Bounds

The protocol was subjected to a realistic query attack scenario wherein an attacker uses the SWAP test to infer token parameters. Under optimal attack strategies (assume access to ψ1|\psi_1\rangle0 and SWAP test circuits), it was shown that—while single token forgery probabilities remain appreciable—the probability of forging a quantum bill of ψ1|\psi_1\rangle1 tokens is bounded below ψ1|\psi_1\rangle2 on the worst-performing IBMQ hardware. The authentication threshold ensures genuine bills are accepted with ψ1|\psi_1\rangle3 probability.

Furthermore, benchmarking demonstrates that hardware improvements (even minor reductions in readout or gate errors) realize substantial gains in security, underscoring the compatibility of the protocol with ongoing device evolution. Security is maintained even when authentication is made "publicly accessible" via the quantum vault, as no trusted agent is necessary and the underlying quantum no-cloning principle prevails.

Governance, Traceability, and Revocability

The protocol naturally supports traceability and revocability, as the issuing agent retains quantum vault copies and serial numbers. Unlike anonymous quantum money, this enables governance functions essential for financial and identity management systems. The architecture is currently non-anonymous, but proposals for ensemble-based tokens and optimal SWAP test variants may support broader application domains.

Practical and Theoretical Implications

Practically, the quantum vault scheme represents a significant evolution in quantum cryptographic primitives, shifting authentication dependency entirely to quantum principles, and directly addressing vulnerabilities inherent to classical information leakage. Unlike prior protocols, it robustly enables symmetric security, traceability, and revocability, and paves the way for public-key quantum authentication architectures subject to quantum hardware constraints.

Technologically, immediate deployment is limited by quantum memory lifetimes and the destructive nature of authentication on current superconducting platforms. Color center defects in solids, particularly NV centers in diamond, offer promising avenues for room-temperature, mobile quantum token platforms, though interface development remains a challenge. The protocol also fits within quantum internet and network proposals, requiring quantum channels for authentication exchange.

Theoretically, the protocol sharpens security analysis by providing a hardware-agnostic benchmarking methodology, identifying measurable quality parameters. Extensions to ensembles of qubits and non-destructive authentication could further mitigate error rates and practical constraints. Side-channel and advanced attacks remain an ongoing area for theoretical development.

Conclusion

The quantum vault protocol demonstrates a robust, hardware-agnostic solution to symmetric authentication security for quantum tokens and money schemes by eliminating classical side information and leveraging direct quantum state comparison. Empirical benchmarking on IBMQ platforms establishes tight quantitative bounds on authentication and forgery probabilities. The protocol is adaptable to both private and public verification architectures, supports governance features, and is positioned for future integration with quantum network infrastructures and next-generation quantum hardware. Ongoing work in improving quantum memories and further theoretical analysis will enable broader deployment and secure, scalable quantum authentication paradigms.

Paper to Video (Beta)

No one has generated a video about this paper yet.

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Collections

Sign up for free to add this paper to one or more collections.

Tweets

Sign up for free to view the 1 tweet with 4 likes about this paper.