QR-PUFs: Unclonable Quantum Authentication

Updated 15 August 2025

QR-PUFs are security primitives that exploit quantum phenomena, such as resonant tunneling and boson sampling, to create inherently unique and unclonable device fingerprints.
They combine quantum measurement with classical post-processing, generating robust challenge–response pairs that balance experimental feasibility and high security against cloning attacks.
QR-PUFs are pivotal for device authentication and secure key generation, addressing practical challenges like environmental sensitivity, scalability, and noise management.

Quantum Readout Physical Unclonable Functions (QR-PUFs) are a class of authentication primitives and device fingerprinting systems that exploit quantum mechanical phenomena—either in condensed matter, photonic, or circuit-based platforms—to produce challenge–response pairs (CRPs) where the irrevocable unpredictability and unclonability of the physical system is amplified by quantum effects. Distinguished from fully quantum PUFs (QPUFs) which operate exclusively with quantum challenge and quantum response maps, QR-PUFs utilize quantum aspects in the physical readout but the response is often rendered in a classical form, facilitating practical deployment while retaining strong unclonability guarantees. The models, implementations, and theoretical guarantees for QR-PUFs have evolved through condensed matter nanoelectronic platforms, quantum photonic systems, and advanced quantum circuit approaches, each presenting distinct trade-offs in terms of unclonability, implementation complexity, and robustness against quantum-enabled adversaries.

1. Quantum Mechanisms for Unclonability in QR-PUFs

QR-PUFs operate by binding the response unpredictability to microscopic quantum properties inaccessible via classical characterization or replication. Early exemplars are solid-state devices where quantum confinement effects—such as in resonant tunneling diodes (RTDs)—define device-unique spectroscopic features. The current–voltage (I–V) characteristic of an RTD is governed by resonant tunneling when the electron energy matches discrete confined levels in the quantum well. The quantized energy spectrum, defined by $E_n = n^2\pi^2\hbar^2/(2m^*L^2)$ for an ideal well, is perturbed by atomic-scale, stochastic fabrication variations, resulting in a spectrum $I(V)$ for each device that is exponentially sensitive to well width, barrier height, and interface roughness—parameters which are physically impossible to replicate with current nanofabrication capabilities (Roberts et al., 2015).

In photonic platforms, QR-PUFs are realized by leveraging the exponential complexity of many-body quantum interference, such as in boson sampling devices (Garcia-Escartin, 2019). The probability $P(S)$ for observing output configuration $S$ is given by $P(S) = \frac{1}{s_1!\cdots s_m!} |\mathrm{Per}(U_S)|^2$ , where $\mathrm{Per}(\cdot)$ denotes the permanent over submatrices of the device unitary $U$ . As this is a #P-hard problem for classical computers as $n$ and $m$ increase, the photonic device output forms a physically unclonable signature that cannot be simulated or predicted by any efficient algorithm, assuming adequate fabrication-induced uniqueness of the device unitary $U$ .

2. Formal Frameworks, Protocol Layers, and Security Notions

Recent theoretical advances define QR-PUFs within a general two-layer authentication protocol (Gianfelici et al., 2019): the physical layer where quantum or classical challenge states are injected and physical CRPs generated, and the mathematical layer where extracted responses are post-processed (e.g., using fuzzy extractors) into digital representations suitable for verification. A QR-PUF is then a (λ, ρ, δ)-secure device with:

Robustness ( $\rho$ ): The probability that the response to a registered challenge during verification matches the enroLLMent response, quantifying the tolerated noise and guiding selection of error-correction thresholds.
Unclonability ( $\delta$ ): The probability that any physically or mathematically constructed clone can correctly reproduce the authentic response, which is made negligible by the quantum origins of the unpredictability.
Structural Mapping: Each challenge (binary string) ${\bf x}$ is mapped via a (possibly noisy and complex) quantum physical process to an outcome string ${\bf y}$ , with subsequent fuzzy extraction generating a stable key or token.

In QR-PUF authentication, the shifter operation homogenizes outcomes by converting variable quantum measurement outputs into a reference state, allowing for a standard measurement basis and facilitating robust and repeatable extraction of the response string.

3. Attack Models and Information-Theoretic Security Parameters

Security analysis of QR-PUFs includes both classical attacks and advanced quantum attacks:

Quantum Cloning Attacks: QR-PUFs employing quantum challenge states (e.g., weak coherent pulses or spatial-mode encoded photons) are subject to optimal universal quantum cloning attacks (Yao et al., 2016). The false-accept probability under optimal $N\rightarrow M$ universal quantum cloning is upper-bounded by

$\mathcal{P}_{\mathrm{accept}} \leq \frac{M - N + N(M + d)}{M(N + d)}$

where $d$ is the Hilbert space dimension. This bound is strictly higher than the best possible estimation-based (measurement/reconstruction) attack for finite $M$ and collapses to estimation in the asymptotic limit $M\to\infty$ . Security thus depends crucially on maximizing $d$ and minimizing permissible $N$ .

Classical Modeling Attacks: When the output response is reduced to statistical averages (the Statistical Query (SQ) model), as in CR-QPUFs based on single-qubit rotations, the device's mapping can, in principle, be learned efficiently by regression techniques. The vulnerability is exacerbated when the challenge–response mapping lacks circuit-depth or inter-qubit entanglement, allowing accurate model inversion, even on real hardware (Pirnay et al., 2021).
Information-Theoretic Robustness: By formalizing the PUFs as noisy channels or memoryless sources, one can derive information-theoretic bounds on the extractable secret entropy and analyze false accept/reject probabilities. The robustness to both physical and model-based attacks must be established asymptotically as the number of independent CRPs increases and noise levels are constrained (Farré et al., 12 Aug 2025).

4. Quantum Measurement and Readout: From Quantum States to Classical Fingerprints

The readout process in QR-PUFs often collapses quantum states to classical measurement outcomes, translating the quantum-origin uniqueness into classical fingerprints accessible for practical authentication. Examples include:

RTDs and Nanoscale Devices: I–V curve features (e.g., voltage peak positions, widths) for each device are recorded as a digital fingerprint at enroLLMent; subsequent measurements must reproduce this curve within allowable tolerances (Roberts et al., 2015).
Boson Sampling: Output photon detection patterns are mapped to canonical digital tokens representing the device (Garcia-Escartin, 2019).
Optical QR-PUFs: Complex Mach–Zehnder interferometer (MZI) arrays manipulate input states through device-specific unitaries, yielding intensity histograms or bitstrings after photodetection (Jacinto et al., 2020).
Quantum Hardware Fingerprinting: Device-specific physics, such as the resonant frequencies of transmon qubits, constitute invariant digital identifiers. These can be post-processed through fuzzy extractors to yield cryptographic keys tolerant of calibration-induced measurement noise (Smith et al., 2023).

The interface between quantum-origin randomness/unclonability and its classical extraction is the primary axis on which both uniqueness and practical reproducibility must be balanced.

5. Implementation Strategies, Challenges, and Limitations

QR-PUFs are designed for experimental feasibility, yet several architectural and technological obstacles must be addressed:

Device Uniqueness Source: The structure of the physical system—atomic-level disorder, optical path-length variations, or quantum hardware imperfections—must be unpredictably unique and infeasible to replicate at scale. This necessitates careful material and process control, particularly in photonic or solid-state systems.
Environmental Sensitivity: Physical quantum designs, such as RTDs, may exhibit temperature or bias-dependence that affects reproducibility and necessitates calibration or error-correction mechanisms (Roberts et al., 2015).
Scalability: Protocols requiring a large number of independent CRPs—"strong PUFs"—may demand either arrays of quantum elements or concatenated systems. In single-device approaches, the entropy per challenge is limited by the available Hilbert space or number of unique challenge settings achievable in practice.
Measurement Precision: Sufficiently low-noise and stable measurement setups are required to repeatably extract responses over device lifetimes, and for quantum photonic QR-PUFs, reliable photonic detection and mode preparation are essential.

Hybrid approaches, including the use of reconfigurable hardware (e.g., adjustable MZI arrays (Jacinto et al., 2020)), further extend the practical CRP set without requiring physically distinct devices.

6. Comparison with Other PUF Paradigms and Evolution

QR-PUFs represent an intermediate class between fully classical PUFs (e.g., SRAM, delay-based) and rigorous quantum PUFs (QPUFs) that rely on uniform Haar-random unitaries. While QPUFs offer theoretically maximal security guarantees against quantum polynomial-time adversaries (assuming challenging requirements such as quantum memories and Haar randomness (Farré et al., 12 Aug 2025)), QR-PUFs are significantly more accessible for near-term experimental deployment but are more susceptible to sophisticated adversarial strategies and, in some settings, rely on side assumptions or trusted party enroLLMent (Galetsky et al., 2022).

Recent theoretical models (Gianfelici et al., 2019, Galetsky et al., 2022) have provided common frameworks encompassing both classical and quantum PUFs, quantifying robustness, unclonability, and collision resistance, while facilitating the systematic exploration of new protocol variants (including entity authentication, secure key extraction, and device attestation) and hybrid classical–quantum designs.

7. Applications and Future Directions

QR-PUFs are central to a range of cryptographic and authentication mechanisms:

Device Authentication: Small-form-factor, low-power hardware objects with physically unclonable fingerprints for secure supply chain and IoT deployments.
Key Generation and Distribution: Intrinsic device randomness utilized to generate reproducible shared secrets, enabling hardware-tied cryptographic primitives (Smith et al., 2023).
Quantum-Enhanced Security Protocols: Boson sampling QR-PUFs and optical implementations enable entity authentication protocols with quantum advantage, in which computational intractability of quantum dynamics underpins security (Garcia-Escartin, 2019).

Emerging directions include the integration of information-theoretic secret-key capacity analyses, hybridization with classical error-correction protocols, and the development of truly measurement-based and nonunitary quantum channels that realize existential unforgeability without excessive overhead or external randomness (Ghosh et al., 17 Apr 2024). Advances in scalable quantum hardware will dictate the ultimate practicality and robustness of QR-PUFs in operational cryptographic infrastructures.

In summary, Quantum Readout PUFs (QR-PUFs) implement unclonable authentication mechanisms by harnessing quantum confinement, interference complexity, and measurement-induced randomness within a practical, often classically verifiable, challenge–response structure. Their progression demonstrates the interplay between quantum physical effects, classical protocol design, and the ever-present need to balance maximal security with experimental and engineering constraints (Roberts et al., 2015, Yao et al., 2016, Gianfelici et al., 2019, Garcia-Escartin, 2019, Jacinto et al., 2020, Smith et al., 2023, Ghosh et al., 17 Apr 2024, Farré et al., 12 Aug 2025).