Quantum Physical Unclonable Functions

• Quantum Physical Unclonable Functions (QPUFs) are quantum channels that map specially prepared quantum challenge states to unique, unclonable responses, ensuring information-theoretic security.
• They exploit fundamental quantum mechanics principles, such as the no-cloning theorem and fidelity bounds measured by metrics like the diamond norm, to secure authentication and secret-key generation.
• Practical implementation of QPUFs faces challenges including reliable quantum memory, efficient randomness generation via t-designs, and error resilience, prompting research into hybrid and scalable architectures.

Quantum Physical Unclonable Functions (QPUFs) are mathematically and physically unique quantum channels or devices that map quantum challenges to quantum responses, providing information-theoretic security rooted in the laws of quantum mechanics. Distinguished from classical and readout-based PUFs by their intrinsic unclonability, QPUFs have been proposed as robust cryptographic primitives for secure authentication and secret-key establishment, with theoretical definitions emphasizing uniqueness, robustness, and resistance to cloning even by quantum-capable adversaries. Despite significant progress in their conceptual frameworks and architectural evolution, deploying practically robust QPUF-based authentication remains constrained by substantial experimental and architectural challenges.

1. Theoretical Foundations and Definitions

A QPUF is defined as a quantum channel—typically modeled as either a unitary or a completely positive trace preserving (CPTP) map—that transforms quantum input states (challenges) into output quantum states (responses). The function

$$\Lambda^{(\delta_r, \delta_u, \delta_c)}_{\{\lambda_i\}-QPUF}$$

is parameterized by security tolerances: response robustness $\delta_r$, uniqueness $\delta_u$ (typically measured by the diamond norm), and collision resistance %%%%2%%%% (the distinction between responses to different challenges or devices) (Farré et al., 12 Aug 2025).

Security requirements are formalized as:

• Robustness: Similar challenges map to similar responses, quantified via fidelity bounds such as

$\Pr\left\{F(\text{resp}_1, \text{resp}_2) \geq 1 - \delta_r\right\} \geq 1 - \negl(\lambda)$

• Uniqueness: Distinct QPUF instances produce responses that are nearly orthogonal; mathematically, for distinct devices $i\neq j$,

$$\Pr\left[\|\Lambda_i - \Lambda_j\|_{\diamond} \geq \delta_u \right] \geq 1-\epsilon(\lambda)$$

where the diamond norm distance is typically close to the maximal value of 2 (Doosti et al., 2021).

• Collision Resistance: Distinct challenges for the same device yield almost orthogonal responses.

QPUFs are often assumed to be nearly unitary channels ($\Lambda$ negligibly non-unitary) so that unclonability arises both from the unpredictable unitary evolution and the fundamental no-cloning theorem. Information-theoretic guarantees are provided in the form of exponentially small acceptance probabilities for adversarial forgeries: $$\left( \frac{2-\mu}{2} \right)^{M} \leq p_{fa} \leq \left( \frac{2-\epsilon}{2} \right)^{M}$$ where $M$ is the number of independent responses tested, and $\mu,\epsilon$ the deviation/noise tolerances (Farré et al., 12 Aug 2025).

2. Implementation Challenges: Quantum Memories and Haar-Randomness

The realization of QPUFs requires quantum memories capable of storing and interfacing quantum states with high fidelity and long coherence times, which is currently feasible only in niche systems such as noble-gas ensembles and color centers (Farré et al., 12 Aug 2025). Interfacing between flying qubits (photons) and stationary qubits (memories) often involves complex, error-prone quantum transduction.

The security model of QPUFs frequently assumes the ability to sample Haar–random unitaries or channels. However, exactly generating Haar–random unitaries on $n$ qubits scales exponentially in $n$, requiring quantum circuits of exponential depth. This limitation imposes a significant bottleneck for scalable QPUF deployment. Efficient approximations via unitary $t$–designs have been proposed to emulate Haar randomness within feasible resource bounds, at the cost of slightly looser security bounds (Kumar et al., 2021). These $t$–designs substantially reduce the circuit depth while maintaining indistinguishability properties required for most adversarial models.

3. Distinction from Quantum Readout PUFs (QR–PUFs) and Related Models

Quantum Readout PUFs (QR–PUFs) represent an experimentally more accessible, but less theoretically robust model. In QR–PUFs, challenge–response pairs are mapped onto classical data by a "certifier" who observes measurements on the device. Security relies on the use of non-orthogonal quantum states and classical post-processing (often via fuzzy extractors and error correction) (Gianfelici et al., 2019), with challenge–response authenticity tested through classical means.

True QPUFs, in contrast, maintain the quantum nature of both challenge and response throughout the protocol. They exploit the full quantum state space for both, making them provably more robust: a quantum adversary cannot copy, learn, or simulate the response map, as quantum measurements irreversibly disturb the states and the transformation is either unknown or sufficiently random to defy efficient simulation (Farré et al., 12 Aug 2025). However, QR–PUFs can be attacked by process tomography or learning attacks because the challenge–response table is ultimately a classical object (Galetsky et al., 2022).

4. Architectural Evolution: From QR–PUFs to Hybrid and t–Design QPUFs

The co-citation review traces the evolution from early QR–PUFs—which relied on trusted parties, classical post-processing, and did not fully exploit quantum non-clonability—to more advanced architectures:

• Swap–Test and gswap–Test QPUFs: Protocols employing the swap–test or its generalization for quantum response comparison, allowing noise–robust authentication. These approaches generally require honest parties to possess quantum memories for storing multiple copies of challenges and responses (Doosti et al., 2020).
• t–Design QPUFs: Avoiding exponential Haar sampling via efficient, randomly generated circuits that form an approximate unitary $t$–design, offering polylogarithmic–in–security–parameter runtime while preserving exponential security against an adversary limited to $t$ queries (Kumar et al., 2021).
• Hybrid PUFs (HPUFs): Recent proposals integrate classical PUF hardware with quantum-layer encoding—such as BB84–like non-orthogonal quantum state mapping and a "quantum lock" mechanism—thereby enabling challenge reusability while maintaining exponential security reduction for quantum adversaries (Chakraborty et al., 2021). These hybrids do not require perfect quantum memories or full Haar randomness, striking a balance between theoretical unclonability and experimental practicality.

5. Information-Theoretic Security and Secret-Key Extraction

Information–theoretic analysis is employed to precisely quantify QPUF security, by modeling the system as a stochastic source or channel and calculating secrecy and error rates (Farré et al., 12 Aug 2025). Achievability and converse bounds for secret-key rates and authentication error probabilities (i.e., False Acceptance Rate and False Rejection Rate) are established using concepts adapted from classical biometric authentication and quantum entropy theory.

Given inevitable inconsistencies in QPUF responses due to quantum noise, information–theoretic privacy amplification and error correction (for instance, through privacy-amplifying fuzzy extractors) are necessary for reliable key extraction (Gianfelici et al., 2019Smith et al., 2023). Even if the physical response $\rho$ to a challenge drifts within bounded noise periods, secret–key agreement and authentication can be maintained as long as the effective entropy is sufficiently high and the helper data reveals negligible information about the extracted key.

This framework not only underpins security guarantees for secret-key generation, but also enables practical mitigation of quantum noise—allowing authentication protocols to maintain robustness in the presence of errors, provided the error rate is below critical information–theoretic thresholds.

6. Practical Limitations and Outstanding Challenges

Despite information-theoretic guarantees, several technical bottlenecks remain:

• Quantum memories: Transporting and storing quantum states for arbitrary times and in portable form is not currently achievable for the scale and fidelity required in deployed cryptographic systems.
• Efficient randomness implementation: Generating truly unique QPUF channels via high-dimensional Haar–random or t–design processes still necessitates large, error-prone quantum circuits, limiting near-term adoption (Kumar et al., 2021).
• Noise and error resilience: Even small deviations in quantum response—due to decoherence, gate or measurement error—can significantly decrease swap–test verification probability, leading to unacceptable false rejection in practice unless tailored error mitigation is introduced.
• Scalability: Interfacing QPUF hardware with networks (photonic interconnects, distributed entanglement infrastructure) and scaling up challenge and response dimensions for exponential keyspace coverage are unresolved issues (Farré et al., 12 Aug 2025).

A plausible implication is that hybrid architectures—which partition the quantum and classical roles for storage, verification, and randomness—may dominate practical QPUF implementations until scalable, fault-tolerant quantum memories and operations become widely available.

7. Future Directions and Open Problems

Research is progressing toward several promising directions:

• Efficient Pseudorandomness: Development of resource-efficient t–designs and quantum pseudorandom state/unitary constructions that balance provable security with practical circuit depth (Doosti et al., 2021).
• Robust Hybrid Models: Exploration of hybrid PUF protocols that combine classical challenge–response with quantum encodings to achieve secure, reusable authentication and key extraction without full quantum memory reliance (Chakraborty et al., 2021, Farré et al., 12 Aug 2025).
• Error Mitigation: Advancement of error correction and error mitigation customized for QPUF authentication, including adaptive security thresholds that compensate for expected noise.
• Deployment Frameworks: The use of co-simulation and statistical modeling tools (e.g., QTOKSim (Galetsky et al., 2022)) to optimize and test quantum token-based multi-factor authentication protocols at system scale.
• Bridging the Theory-Practice Gap: Systematic comparison of theoretically optimal QPUF frameworks with actual device behavior, and refinement of implementation assumptions to close the gap between rigorous security and real-world engineering constraints.

Overcoming limitations in quantum memories, error resilience, and scalable randomness generation will be essential for the practical realization of QPUF-based authentication systems for quantum networks.

---

Summary Table: QPUF and Related PUF Models

Model	Quantum Channel/State	Challenge–Response Pair Type	Security Features
QPUF	Unitary or CPTP	Quantum–Quantum	Robust to quantum attacks, no trusted party, full unclonability (Farré et al., 12 Aug 2025)
QR–PUF	(Often unitary)	Quantum–Classical	More practical, less robust, relies on certifier (Gianfelici et al., 2019Galetsky et al., 2022)
HPUF	Hybrid Classical–Quantum	Classical–Quantum	Reuses challenge–response, locks with quantum no-cloning (Chakraborty et al., 2021)

Key references: (Gianfelici et al., 2019, Kumar et al., 2021, Doosti et al., 2021, Chakraborty et al., 2021, Galetsky et al., 2022, Farré et al., 12 Aug 2025).