pith. sign in

arxiv: 2604.16071 · v1 · submitted 2026-04-17 · 🪐 quant-ph

Security Framework for Quantum Distance-Bounding

Kevin Bogner , Aysajan Abidin , Dave Singelee , Bart Preneel This is my paper

Pith reviewed 2026-05-10 08:57 UTC · model grok-4.3

classification 🪐 quant-ph
keywords frameworkdistance-boundingmodelnoiseprotocolprotocolsquantumsecurity
0
0 comments X

The pith

A new game-based security framework for quantum distance-bounding is defined with fraud experiments and noise, then used to bound an existing protocol's completeness and resistance to distance and mafia fraud while showing terrorist-fraud insecurity.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

Distance-bounding checks if two devices are physically close by timing fast challenge-response exchanges. Quantum versions promise better security but have been analyzed case-by-case. This work creates a common rule set: it fixes timing and system assumptions, models a quantum-capable cheater, and defines three cheating games—distance fraud (cheater pretends to be close), mafia fraud (cheater uses a helper), and terrorist fraud (helper is the real prover). It adds a simple noise model where each quantum bit flips with some probability independently. When applied to one existing protocol, the authors calculate how often honest parties succeed under noise and how often cheaters succeed in the fraud games, giving formulas that depend on number of rounds, acceptance threshold, and noise level. The framework keeps general rules separate from protocol-specific calculations so future protocols can be checked the same way.

Core claim

We contribute (i) a reusable security framework for QDB that fixes system and timing assumptions, specifies a quantum-capable adversary model, formalises distance-, mafia-, and terrorist-fraud experiments, and includes a simple i.i.d. depolarizing noise model; and (ii) an application of this framework to a published QDB protocol... The framework cleanly separates protocol-independent definitions from protocol-specific analysis and can be used to evaluate existing and future QDB protocols on a common basis.

Load-bearing premise

The framework relies on a simple i.i.d. depolarizing noise model together with fixed system and timing assumptions for the quantum channel; if real noise or timing deviates significantly, the derived completeness and soundness bounds may not hold.

Figures

Figures reproduced from arXiv: 2604.16071 by Aysajan Abidin, Bart Preneel, Dave Singelee, Kevin Bogner.

Figure 1
Figure 1. Figure 1: QDB Protocol [6], based on the classical DB protocol of Hancke-Kuhn [2]. [PITH_FULL_IMAGE:figures/full_fig_p012_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Performance trade-offs as a function of the threshold ratio [PITH_FULL_IMAGE:figures/full_fig_p018_2.png] view at source ↗
read the original abstract

Distance-bounding (DB) protocols let a verifier upper-bound a prover's physical distance by timing rapid challenge-response exchanges. Quantum communication promises simpler DB protocols with stronger security guarantees, yet existing quantum distance-bounding (QDB) proposals are analysed in ad-hoc models and, to the best of our knowledge, lack a common game-based treatment of standard fraud attacks. We contribute (i) a reusable security framework for QDB that fixes system and timing assumptions, specifies a quantum-capable adversary model, formalises distance-, mafia-, and terrorist-fraud experiments, and includes a simple i.i.d. depolarizing noise model; and (ii) an application of this framework to a published QDB protocol. For this protocol we characterise the honest per-round acceptance probability under noise and lift it to the multi-round setting, yielding explicit completeness guarantees as a function of the number of fast rounds, the acceptance threshold, and the noise parameter. For active adversaries we bound the per-round success probability of distance-fraud attacks and analyse the best known mafia-fraud strategy, deriving corresponding multi-round soundness bounds. We also show that the protocol is inherently insecure against terrorist-fraud in our model. The framework cleanly separates protocol-independent definitions from protocol-specific analysis and can be used to evaluate existing and future QDB protocols on a common basis.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 1 minor

Summary. The manuscript introduces a reusable game-based security framework for quantum distance-bounding (QDB) protocols. It fixes system and timing assumptions, specifies a quantum-capable adversary model, formalizes distance-, mafia-, and terrorist-fraud experiments, and incorporates a simple i.i.d. depolarizing noise model. The framework is applied to a published QDB protocol: the honest per-round acceptance probability is characterized under noise and lifted to multi-round completeness bounds (as a function of fast rounds, acceptance threshold, and noise parameter); per-round success probabilities are bounded for distance-fraud and the best-known mafia-fraud strategy is analyzed to obtain multi-round soundness bounds; the protocol is shown to be insecure against terrorist-fraud. The framework separates protocol-independent definitions from protocol-specific analysis.

Significance. A common, reusable framework for QDB security analysis would be valuable, as existing proposals rely on ad-hoc models. The clean separation of definitions from application, together with explicit completeness and soundness expressions for the example protocol, could enable consistent evaluation of current and future QDB protocols. The explicit multi-round lifting and the demonstration of terrorist-fraud insecurity are concrete contributions under the stated model. Significance is reduced, however, by the absence of robustness checks on the noise and timing assumptions.

major comments (2)
  1. [Application section] Application section: the per-round honest acceptance probability and the subsequent multi-round completeness bounds are derived exclusively under the i.i.d. depolarizing channel with fixed timing assumptions. No sensitivity analysis, alternative noise models (e.g., amplitude damping, correlated errors), or timing-jitter bounds are provided. Because the central claim is that the framework yields explicit, reusable completeness and soundness guarantees, the lack of justification for this modeling choice is load-bearing.
  2. [Framework definitions and noise model] Framework definitions and noise model: the upper bounds on distance-fraud and mafia-fraud success probabilities are obtained by applying the same i.i.d. depolarizing channel to the adversary. The manuscript does not derive or compare bounds under other physically plausible channels, so the claimed soundness guarantees and the reusability of the framework are conditional on an unverified modeling assumption.
minor comments (1)
  1. The abstract states that the mafia-fraud analysis uses 'the best known mafia-fraud strategy'; the full text should explicitly state whether this strategy is proven optimal within the model or merely the strongest strategy examined.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the careful reading and constructive feedback. We address each major comment below and outline targeted revisions to clarify modeling choices while preserving the framework's modular structure.

read point-by-point responses

  1. Referee: [Application section] Application section: the per-round honest acceptance probability and the subsequent multi-round completeness bounds are derived exclusively under the i.i.d. depolarizing channel with fixed timing assumptions. No sensitivity analysis, alternative noise models (e.g., amplitude damping, correlated errors), or timing-jitter bounds are provided. Because the central claim is that the framework yields explicit, reusable completeness and soundness guarantees, the lack of justification for this modeling choice is load-bearing.

    Authors: We agree that the application derives concrete bounds under the i.i.d. depolarizing channel and that explicit justification is needed to support reusability. This channel was chosen for its standard status in quantum cryptography and tractability in obtaining closed-form expressions. In revision we will add a dedicated paragraph in the framework section explaining the modularity (noise model is instantiated separately from the game definitions) and a justification subsection in the application that references its common use in QKD and DB literature. We will also include a brief qualitative discussion of timing jitter effects and note that quantitative sensitivity analysis under channels such as amplitude damping constitutes valuable future work. These changes make the assumptions transparent without expanding the paper's scope. revision: partial

  2. Referee: [Framework definitions and noise model] Framework definitions and noise model: the upper bounds on distance-fraud and mafia-fraud success probabilities are obtained by applying the same i.i.d. depolarizing channel to the adversary. The manuscript does not derive or compare bounds under other physically plausible channels, so the claimed soundness guarantees and the reusability of the framework are conditional on an unverified modeling assumption.

    Authors: The specific numerical bounds for distance- and mafia-fraud are indeed computed under the depolarizing channel. However, the fraud experiments, adversary model, and multi-round lifting technique are defined independently of any particular channel; the noise model appears only when instantiating the honest and adversarial success probabilities. We will revise the introduction and framework overview to state explicitly that all soundness guarantees are conditional on the chosen noise model, with the depolarizing case serving as an illustrative application. This clarification directly addresses the conditional nature of the reusability claim while leaving the separation of definitions intact. revision: partial

Circularity Check

0 steps flagged

No significant circularity; framework and bounds are model-derived but independent

full rationale

The paper first specifies a reusable framework that fixes timing/system assumptions, defines a quantum adversary, formalizes the three fraud experiments, and adopts an explicit i.i.d. depolarizing noise model. It then computes the honest per-round acceptance probability directly from the depolarizing channel action on the protocol's quantum states and lifts the result to multi-round completeness via standard concentration bounds; the same channel model supplies upper bounds on distance- and mafia-fraud success probabilities. These steps are ordinary consequences of the stated model rather than self-definitions, fitted parameters renamed as predictions, or load-bearing self-citations. The framework cleanly separates protocol-independent definitions from protocol-specific analysis, so the derivation chain remains self-contained against external benchmarks once the modeling assumptions are granted.

Axiom & Free-Parameter Ledger

2 free parameters · 2 axioms · 0 invented entities

The framework rests on standard quantum mechanics plus a specific noise model and timing assumptions; no new physical entities are postulated.

free parameters (2)
  • depolarizing noise parameter
    The i.i.d. depolarizing noise probability is introduced as part of the model and used to compute acceptance probabilities.
  • acceptance threshold
    The multi-round acceptance threshold is a parameter that determines completeness and soundness bounds.
axioms (2)
  • domain assumption i.i.d. depolarizing channel for each quantum round
    Invoked when characterising honest per-round acceptance probability under noise.
  • domain assumption fixed timing and system assumptions for distance bounding
    Stated as fixed in the framework definition.

pith-pipeline@v0.9.0 · 5536 in / 1544 out tokens · 38861 ms · 2026-05-10T08:57:41.678921+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

20 extracted references · 20 canonical work pages

  1. [1]

    Distance-Bounding Protocols

    Stefan Brands and David Chaum. Distance-Bounding Protocols. InWorkshop on the Theory and Application of Cryptographic Techniques, pages 344–359. Springer, 1993

    work page 1993

  2. [2]

    An RFID Distance Bounding protocol

    Gerhard P Hancke and Markus G Kuhn. An RFID Distance Bounding protocol. InFirst international conference on security and privacy for emerging areas in communications networks (SECURECOMM’05), pages 67–73. IEEE, 2005. 19

    work page 2005

  3. [3]

    Design of a Secure Distance-Bounding Channel for RFID.Journal of Network and Computer Applications, 34(3):877–887, 2011

    Gerhard P Hancke. Design of a Secure Distance-Bounding Channel for RFID.Journal of Network and Computer Applications, 34(3):877–887, 2011

    work page 2011

  4. [4]

    A Single Quantum Cannot be Cloned.Nature, 299(5886):802–803, 1982

    William K Wootters and Wojciech H Zurek. A Single Quantum Cannot be Cloned.Nature, 299(5886):802–803, 1982

    work page 1982

  5. [5]

    Towards Quantum Distance Bounding protocols

    Aysajan Abidin, Eduard Marin, Dave Singelée, and Bart Preneel. Towards Quantum Distance Bounding protocols. InInternational Workshop on Radio Frequency Identification: Security and Privacy Issues, pages 151–162. Springer, 2016

    work page 2016

  6. [6]

    Quantum Distance Bounding

    Aysajan Abidin. Quantum Distance Bounding. InProceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks, pages 233–238, 2019

    work page 2019

  7. [7]

    Entanglement-based Mutual Quantum Distance Bounding

    Aysajan Abidin, Karim Eldefrawy, and Dave Singelée. Entanglement-based Mutual Quantum Distance Bounding. InInternational Symposium on Cyber Security, Cryptology, and Machine Learning, pages 219–235. Springer, 2024

    work page 2024

  8. [8]

    Entangled States and Bell’s Inequality: A New Approach to Quantum Distance Bounding

    Kevin Bogner, Dave Singelée, and Aysajan Abidin. Entangled States and Bell’s Inequality: A New Approach to Quantum Distance Bounding. In2024 IEEE Symposium on Computers and Communications (ISCC), pages 1–6. IEEE, 2024

    work page 2024

  9. [9]

    Continuous Variable Quantum Distance Bounding

    Kevin Bogner, Aysajan Abidin, and Dave Singelée. Continuous Variable Quantum Distance Bounding. In IEEE INFOCOM 2025-IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pages 1–6. IEEE, 2025

    work page 2025

  10. [10]

    Practical and Provably Secure Distance-Bounding

    Ioana Boureanu, Aikaterini Mitrokotsa, and Serge Vaudenay. Practical and Provably Secure Distance-Bounding. Journal of Computer Security, 23(2):229–257, 2015

    work page 2015

  11. [11]

    PhD thesis, University of Waterloo, 2022

    Sebastian Reynaldo Verschoor.Quantum Information in Security Protocols. PhD thesis, University of Waterloo, 2022

    work page 2022

  12. [12]

    On Detecting Relay Attacks on RFID Systems using Qubits.Cryptography, 4(2):14, 2020

    Aysajan Abidin. On Detecting Relay Attacks on RFID Systems using Qubits.Cryptography, 4(2):14, 2020

    work page 2020

  13. [13]

    Position-based Quantum Cryptography: Impossibility and Constructions

    Harry Buhrman, Nishanth Chandran, Serge Fehr, Ran Gelles, Vipul Goyal, Rafail Ostro- vsky, and Christian Schaffner. Position-based Quantum Cryptography: Impossibility and Constructions. SIAM Journal on Computing, 43(1):150–178, 2014

    work page 2014

  14. [14]

    Bennett and Gilles Brassard

    Charles H. Bennett and Gilles Brassard. Quantum Cryptography: Public Key Distribution and Coin Tossing. InProceedings of IEEE International Conference on Computers, Systems and Signal Processing, pages 175–179, Bangalore, India, 1984. IEEE. Reprinted inTheoretical Computer Science560 (2014), 7–11

    work page 1984

  15. [15]

    Cambridge University Press, Cambridge, UK, 2017

    Michael Mitzenmacher and Eli Upfal.Probability and Computing: Randomization and Probabilistic Techniques in Algorithms and Data Analysis. Cambridge University Press, Cambridge, UK, 2017

    work page 2017

  16. [16]

    Nielsen and Isaac L

    Michael A. Nielsen and Isaac L. Chuang.Quantum Computation and Quantum Information: 10th Anniversary Edition. Cambridge University Press, Cambridge, UK, 2010

    work page 2010

  17. [17]

    How to Construct Quantum Random Functions.Journal of the ACM (JACM), 68(5):1–43, 2021

    Mark Zhandry. How to Construct Quantum Random Functions.Journal of the ACM (JACM), 68(5):1–43, 2021

    work page 2021

  18. [18]

    Distance-bounding Proof of Knowledge to Avoid Real-Time Attacks

    Laurent Bussard and Walid Bagga. Distance-bounding Proof of Knowledge to Avoid Real-Time Attacks. InIFIP international information security conference, pages 223–238. Springer, 2005. 20

    work page 2005

  19. [19]

    RFID Distance Bounding Multistate Enhancement

    Gildas Avoine, Christian Floerkemeier, and Benjamin Martin. RFID Distance Bounding Multistate Enhancement. InInternational conference on cryptology in India, pages 290–307. Springer, 2009

    work page 2009

  20. [20]

    Distance Bounding in Noisy Environments

    Dave Singelée and Bart Preneel. Distance Bounding in Noisy Environments. InEuropean workshop on security in ad-hoc and sensor networks, pages 101–115. Springer, 2007. 21

    work page 2007