Papers
Topics
Authors
Recent
Search
2000 character limit reached

Device-Independent Quantum Position Verification

Updated 5 July 2026
  • Device-independent quantum position verification is a cryptographic protocol that validates a prover’s location using untrusted quantum devices and observed nonlocal correlations.
  • It leverages Bell-inequality violations and strict relativistic timing constraints to secure spatial claims against classical and quantum collusion.
  • Research addresses overcoming challenges such as device memory effects, adversarial entanglement, and loss tolerance while extending DI-QPV to practical quantum networks.

Device-independent quantum position verification (DI-QPV) is a form of position-based cryptography in which a prover’s geographical location is the only credential, while the quantum devices used in the protocol are treated as black boxes whose internal functioning is unknown and potentially malicious. In this setting, security is inferred from observed input–output statistics—typically Bell-inequality-violating correlations—and from relativistic timing constraints, rather than from a trusted description of state preparation and measurement. The subject sits at the intersection of relativistic cryptography, Bell nonlocality, noisy- or bounded-storage models, and quantum network experiments. Its central difficulty is that both classical position verification and unrestricted quantum position verification are impossible against sufficiently powerful distributed adversaries, so every positive result is conditional on a specific physical or informational restriction (Ribeiro et al., 2016, Kavuri et al., 23 Jan 2026).

1. Position verification and the impossibility landscape

Position-based cryptography uses geographical location as the only credential: a prover wants to convince spatially separated verifiers that it is located at a claimed point in space. In the standard one-dimensional formulation, two verifiers send timed challenges toward a midpoint and accept only if the response content and arrival times are consistent with processing at that point. The relativistic premise is that no information propagates faster than light, so the causal structure of the protocol restricts where the required computation could have taken place (Ribeiro et al., 2016).

Classically, this program fails against multiple colluding adversaries. Distributed attackers can intercept challenges, exchange classical information, and emulate the honest response without occupying the claimed location. Quantum position verification was introduced to exploit non-clonability and measurement disturbance, but unrestricted quantum adversaries also destroy unconditional security. Buhrman et al. showed that no QPV protocol is secure if adversaries can share arbitrarily large entanglement and have unrestricted quantum communication; the attack uses instantaneous non-local quantum computation. Later refinements reduced the required entanglement from doubly exponential to singly exponential in the classical input size nn (Bluhm et al., 2021).

DI-QPV does not evade these no-go statements by itself. Rather, it changes what is trusted about the honest implementation and combines that with additional adversarial restrictions. Depending on the line of work, those restrictions include memoryless honest devices, bounded or noisy quantum storage, bounded or noisy entanglement, or adversaries that are weakly entangled before each trial (Ribeiro et al., 2016, Ribeiro et al., 2016, Kavuri et al., 23 Jan 2026).

2. What “device-independent” means in QPV

In device-dependent QPV, verifiers assume that their hardware prepares specific states and performs specified measurements. In DI-QPV, devices are treated as black boxes with classical inputs and outputs, and security is certified from observed correlations and spacetime constraints. This is the same conceptual shift that distinguishes DI-QKD from trusted-device QKD, but in QPV the task is harder because the adversary is spatially distributed and the protocol must certify location rather than key secrecy (Ribeiro et al., 2016).

The literature uses several distinct security models under the DI label. A useful taxonomy is the following.

Regime Core assumption Representative result
Memoryless DI-QPV Honest devices are i.i.d.; adversaries have bounded/noisy entanglement or storage Security for any CHSH violation (Ribeiro et al., 2016)
Fully general DI in noisy storage Devices may have arbitrary memory, states and measurements Security in the most general DI model using EAT (Ribeiro et al., 2016)
Remote untrusted devices Security from a loophole-free Bell test across a quantum network Experimental DI-QPV against weakly entangled adversaries (Kavuri et al., 23 Jan 2026)
Measurement-device-independent QPV Source devices trusted; measurement device untrusted Loss-tolerant QPV against LOCC adversaries (Lim et al., 2016)
Trusted-device bounded-quantum-storage QPV BB84 preparation/measurement and qubit dimension trusted Single-qubit QPV secure against multi-qubit attacks (Bluhm et al., 2021)

This taxonomy matters because “device-independent” does not mean “assumption-free.” The memoryless-device model assumes that the state generated in nn rounds is ρAB=σABn\rho_{AB}=\sigma_{AB}^{\otimes n} and that the measurement in round kk depends only on the current classical input (Ribeiro et al., 2016). The fully general noisy-storage result instead allows arbitrary device memory, arbitrary states, and arbitrary measurements, and uses the Entropy Accumulation Theorem; the published abstract states that security can be attained for any violation of the CHSH inequality, where a higher violation merely leads to a reduction in the amount of rounds required (Ribeiro et al., 2016). The 2026 remote-untrusted-device protocol removes trust in vulnerable hardware and derives security from observed correlations from a loophole-free Bell test across a quantum network, but only against adversaries who, before each instance of the test, are weakly entangled (Kavuri et al., 23 Jan 2026).

3. CHSH-based DI-QPV with memoryless devices

A foundational DI-QPV construction uses a CHSH test to certify the incompatibility of an untrusted measurement device and then converts that certification into a QPV guarantee for memoryless devices (Ribeiro et al., 2016). In the protocol, one verifier V1V_1 holds a main device and a testing device. The testing phase estimates a CHSH value

S=tr(WρAT),S=\operatorname{tr}(W\rho_{AT}),

with

W:=A0T0+A0T1+A1T0A1T1.W:=A_0\otimes T_0 + A_0\otimes T_1 + A_1\otimes T_0 - A_1\otimes T_1.

From SS, the analysis derives a bound on the absolute effective anti-commutator

ϵ+:=12tr({A0,A1}ρA),\epsilon_+ := \frac{1}{2}\operatorname{tr}\bigl(|\{A_0,A_1\}|\rho_A\bigr),

namely

ϵ+S48S2=:ζ.\epsilon_+ \le \frac{S}{4}\sqrt{8-S^2} =: \zeta.

Any CHSH value nn0 therefore implies nn1, which quantifies nonclassical measurement incompatibility (Ribeiro et al., 2016).

The position-verification phase then proceeds with nn2 preparing nn3, sending the nn4 subsystem toward the claimed position, and a second verifier nn5 sending a random basis string nn6 so that state and basis arrive simultaneously. nn7 measures his halves with input nn8 and obtains nn9. The honest prover measures in basis ρAB=σABn\rho_{AB}=\sigma_{AB}^{\otimes n}0, returns ρAB=σABn\rho_{AB}=\sigma_{AB}^{\otimes n}1, and the verifiers accept if ρAB=σABn\rho_{AB}=\sigma_{AB}^{\otimes n}2 and the round-trip time is below a fixed threshold ρAB=σABn\rho_{AB}=\sigma_{AB}^{\otimes n}3 (Ribeiro et al., 2016).

Security is reduced to a device-independent guessing game. For the imperfect guessing version, the adversarial success probability is bounded by

ρAB=σABn\rho_{AB}=\sigma_{AB}^{\otimes n}4

where ρAB=σABn\rho_{AB}=\sigma_{AB}^{\otimes n}5 bounds the adversary’s storage and ρAB=σABn\rho_{AB}=\sigma_{AB}^{\otimes n}6 is the binary entropy. A sufficient asymptotic condition for exponential decay is

ρAB=σABn\rho_{AB}=\sigma_{AB}^{\otimes n}7

The paper then imports a reduction from noisy-entanglement PV to weak string erasure and obtains

ρAB=σABn\rho_{AB}=\sigma_{AB}^{\otimes n}8

Thus the cheating probability decays exponentially in ρAB=σABn\rho_{AB}=\sigma_{AB}^{\otimes n}9 for any non-trivial CHSH violation and sufficiently small tolerated error rate (Ribeiro et al., 2016).

The significance of this framework is methodological. It showed that CHSH violation can calibrate black-box devices for QPV, and that the core technical object is not a trusted qubit description but an incompatibility parameter extracted from data. Its main limitation is equally clear: the honest devices are required to be memoryless.

4. Fully general device-independence and remote untrusted devices

A later line of work moved beyond the memoryless assumption. The abstract of a fully general DI result states that it introduced a new model for device-independence for two-party protocols and position verification in the noisy-storage model, and that such protocols are secure in the most general device-independent model in which the devices may have arbitrary memory, states and measurements. The analysis uses a slight modification of the Entropy Accumulation Theorem and claims that security can be attained for any violation of the CHSH inequality, with higher violation reducing the amount of rounds required (Ribeiro et al., 2016). Within the present evidence base, this marks the conceptual transition from i.i.d.-style DI-QPV to arbitrary-memory DI-QPV under noisy storage.

The most explicit remote-untrusted-device realization appears in “Quantum Position Verification with Remote Untrusted Devices” (Kavuri et al., 23 Jan 2026). There, DI-QPV is defined as certifying that some nontrivial quantum operation occurred in a small, specified spacetime region, without trusting the internal workings of the quantum devices—only the observed input–output correlations and light-cone structure are assumed. The protocol uses two verifiers kk0 and kk1, a verifier-side measurement station kk2, and a remote prover kk3. The prover’s basis choice is a function kk4; in the experiment,

kk5

A loophole-free Bell test is performed across the quantum network, and acceptance is based on a per-trial test factor kk6 whose product

kk7

satisfies kk8 for the adversarial class under consideration (Kavuri et al., 23 Jan 2026).

For soundness kk9, the protocol passes if V1V_10. The experimental implementation chose V1V_11 and a conservative completeness target V1V_12. The extended protocol quantifies adversarial prior entanglement by the robustness of entanglement and proves security when the average robustness satisfies

V1V_13

with V1V_14 in the experiment (Kavuri et al., 23 Jan 2026).

The experimental claim is unusually concrete. The paper reports an implementation that guarantees security with only observed correlations from a loophole-free Bell test across a quantum network, against adversaries who, before each instance of the test, are weakly entangled. It further reports a one-dimensional localization that is V1V_15 times smaller than the best, necessarily non-remote, classical localization protocol, and V1V_16 times smaller than such a classical protocol having identical latencies (Kavuri et al., 23 Jan 2026). This establishes DI-QPV as an experimental network primitive rather than only a theorem schema.

A recurrent source of confusion is the proximity between DI-QPV and several neighboring paradigms. They are technically related, but not interchangeable.

The single-qubit bounded-quantum-storage protocols of “A single-qubit position verification protocol that is secure against multi-qubit attacks” are explicitly not device-independent in the usual DI sense. The verifiers’ devices are assumed to prepare BB84 states correctly and perform the correct projective measurements; the qubits are assumed to be actual 2-level systems; and the security model is a trusted-device, bounded-quantum-storage model. The main random-function theorem proves security when each attacker holds at most

V1V_17

qubits, and the explicit inner-product theorem gives security for

V1V_18

The paper is nonetheless relevant to DI-QPV because it develops entanglement-vs-classical-communication tradeoffs, classical roundings, and uncertainty-with-quantum-memory techniques that may inspire semi-DI or fully DI constructions (Bluhm et al., 2021).

Measurement-device-independent QPV is also distinct from DI-QPV. The time-reversed entanglement-swapping protocol is source-trusted and measurement-device-independent rather than fully device-independent. Assuming ideal qubit sources, it is secure against LOCC adversaries for any quantum channel loss; with weak laser sources and linear optics, the security only degrades by an additive constant and the protocol is able to verify positions up to V1V_19 dB channel loss (Lim et al., 2016). This is a major implementability result, but it still trusts source devices.

The loss-tolerant single-qubit protocol of (Escolà-Farràs et al., 2022) is again not fully DI-QPV, yet it is DI-adjacent in method. By bounding winning probabilities of a variant of the monogamy-of-entanglement game using semidefinite programming, it derives tight loss-error tradeoffs for BB84-type and multi-basis QPV. It shows security against a linear amount of entanglement even in the presence of a moderate amount of photon loss, and notes that the SDP can also improve the analysis of one-sided device-independent QKD (Escolà-Farràs et al., 2022). This suggests a technical bridge between loss-aware QPV and DI-security proofs.

At the opposite end of the spectrum, “Towards practical quantum position verification” is explicit that it is not about device-independent QPV in the modern Bell-based sense. Its security relies on a secure-tag assumption: the tag can keep classical information secure within its laboratory, even if adversaries can move or destroy the laboratory. The position-verification phase uses no quantum communication or quantum information processing, and QKD is used only to replenish the classical key (Cowperthwaite et al., 2023). This is practical, but it is device-dependent by construction.

Finally, the GPS-oriented self-testing paper introduces a device-independent multipartite self-testing protocol tailored to the 5-qubit code and applies it to a quantum-secured, device-independent global positioning architecture. It certifies a genuinely entangled subspace via a Bell expression S=tr(WρAT),S=\operatorname{tr}(W\rho_{AT}),0, but the paper does not spell out a full cryptographic PV protocol with messages and timing constraints, and its own synthesis states that it is best seen as a real-world secure scheme under realistic constraints rather than a formal proof of unconditional security against arbitrarily powerful quantum adversaries (Kam et al., 11 Apr 2025).

6. Open problems

Several open problems recur across the literature.

A first problem is full device independence without i.i.d. assumptions. The memoryless-device analysis of (Ribeiro et al., 2016) identifies extension beyond i.i.d. behavior as an open and challenging direction, whereas the abstract of (Ribeiro et al., 2016) indicates that the noisy-storage model can handle arbitrary memory, states and measurements. This suggests that a central fault line in DI-QPV is no longer the Bell-test component itself, but the interaction between arbitrary device memory, relativistic scheduling, and storage assumptions.

A second problem is adversarial entanglement. The single-qubit trusted-device work asks whether one can prove that attackers must use exponential entanglement in S=tr(WρAT),S=\operatorname{tr}(W\rho_{AT}),1 to break such protocols, matching the known attack cost (Bluhm et al., 2021). The 2026 remote-untrusted-device experiment still assumes only weak prior entanglement, quantified by robustness. A plausible implication is that strengthening DI-QPV will require either sharper lower bounds on the entanglement cost of attacks or protocols whose challenge structure amplifies the required entanglement.

A third problem is loss and source assumptions. Measurement-device-independent QPV already overcomes the 3 dB loss limit against LOCC adversaries and reaches S=tr(WρAT),S=\operatorname{tr}(W\rho_{AT}),2 dB in a weak-laser model (Lim et al., 2016), while monogamy-game SDPs give stronger loss-tolerance for multi-basis single-qubit protocols (Escolà-Farràs et al., 2022). The unresolved step is to combine such loss tolerance with full device independence rather than source trust or bounded-dimension assumptions.

A fourth problem is architectural scope. The remote-untrusted-device experiment is essentially one-dimensional, though its spacetime analysis is fully relativistic. The same work identifies future directions such as placing both source and S=tr(WρAT),S=\operatorname{tr}(W\rho_{AT}),3 outside verifier labs, aiming for fully classical verifiers, and extending to multi-verifier, multidimensional position-based cryptographic tasks (Kavuri et al., 23 Jan 2026). The GPS-oriented self-testing literature indicates a possible route through multipartite Bell rigidity, but that route has not yet been integrated into a fully formal DI-QPV security theorem (Kam et al., 11 Apr 2025).

Taken together, these results show that DI-QPV is neither a single protocol family nor a settled model. It is a layered research program: CHSH-certified memoryless constructions, fully general noisy-storage theorems, loophole-free remote-untrusted-device experiments, and several adjacent trusted-device or MDI paradigms that supply techniques, contrast cases, and implementation lessons.

Topic to Video (Beta)

No one has generated a video about this topic yet.

Whiteboard

No one has generated a whiteboard explanation for this topic yet.

Follow Topic

Get notified by email when new papers are published related to Device-Independent Quantum Position Verification.