pith. sign in

arxiv: 2606.30636 · v1 · pith:XKANQIE7new · submitted 2026-06-29 · 🪐 quant-ph · cs.CR

Authentication in Quantum Networks

Christopher Battarbee , Suchetana Goswami , Elham Kashefi , Mina Doosti This is my paper

Pith reviewed 2026-06-30 05:37 UTC · model grok-4.3

classification 🪐 quant-ph cs.CR
keywords authenticationquantum networksquantum key distributioncomposabilitysecurity assumptionsquantum communicationentity authentication
0
0 comments X

The pith

Authentication is not an intrinsic limitation of quantum networks but requires explicit matching of resources to protocols.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper surveys authentication in quantum communication by separating three distinct flavours: authentication of classical messages, authentication of quantum messages, and entity authentication. It evaluates representative protocols from each flavour using the criteria of security assumptions, set-up requirements, composability, and scalability in large or dynamic networks. The central claim is that authentication needs are not a built-in barrier for quantum networks; instead, each protocol's security claim holds only when its chosen authentication resource and deployment assumptions are stated clearly. Existing classical and quantum schemes already provide options that can be matched to different applications, including a detailed case study with quantum key distribution. This framing shows how quantum networks can support secure communication by treating authentication as a selectable component rather than an unavoidable obstacle.

Core claim

Authentication is not an intrinsic limitation of quantum networks: as with all secure communication, each protocol relies on a particular authentication resource, and the security claim of that protocol is meaningful only once the authentication resource and its deployment assumptions are made explicit. The review covers three flavours of authentication along with hardware-assisted approaches, compares representative protocols on security assumptions, set-up requirements, composability, and scalability, identifies suitable candidates, and examines applications including a case study of authentication with quantum key distribution and protocols beyond QKD.

What carries the argument

The three flavours of authentication (classical messages, quantum messages, entity authentication) together with the evaluation criteria of security assumptions, set-up requirements, composability, and scalability.

If this is right

  • Protocols achieve composable security when their authentication resource is chosen to match the required functionality.
  • Scalability in large or dynamic networks follows from selecting schemes whose set-up requirements fit the network size and change rate.
  • Applications such as quantum key distribution can integrate authentication without altering the core security guarantees once assumptions are explicit.
  • Protocols beyond quantum key distribution can handle more complex authentication roles by applying the same matching process.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Designers of quantum networks may benefit from treating authentication planning as an early step in protocol selection rather than a later addition.
  • The criteria used here could apply to evaluating security in mixed classical-quantum communication settings.
  • Real-world tests of the recommended protocols under stated assumptions would provide direct checks on their composability claims.

Load-bearing premise

The three flavours of authentication and the selected representative protocols are representative enough to support general recommendations on security assumptions, composability, and scalability for quantum networks.

What would settle it

A concrete quantum communication protocol whose claimed security cannot be achieved by any existing authentication scheme without violating the protocol's own assumptions or scalability requirements.

Figures

Figures reproduced from arXiv: 2606.30636 by Christopher Battarbee, Elham Kashefi, Mina Doosti, Suchetana Goswami.

Figure 1
Figure 1. Figure 1: Deciding the appropriate mechanism for classical message authentication. Start at the top and pro [PITH_FULL_IMAGE:figures/full_fig_p003_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: The known relations between notions of quantum authentication and the related notion of quantum non-malleable encryption. A dashed line between two notions and a “+ tag” label indicate that an authentication scheme can be constructed from the former QNME scheme by adding a tag reg￾ister 5,6 . A non-dashed, non-crossed arrow between two notions means that the former implies the lat￾ter; a non-dashed, crosse… view at source ↗
read the original abstract

In this review, we survey the cryptographic task of authentication from the perspective of quantum communication. We review three main flavours of authentication that are often conflated in the literature: authentication of classical messages, authentication of quantum messages, and entity authentication, also covering recent hardware-assisted approaches. We compare representative protocols for each functionality in terms of their security assumptions, set-up requirements, composability, and scalability in large or dynamic networks, and use these criteria to identify and recommend suitable candidates. Finally, applications are surveyed: we provide a detailed case study of authentication and quantum key distribution (QKD), then extend the discussion to protocols beyond QKD, where the role of authentication is more complex. Our take-home message is that an authentication requirement is not an intrinsic limitation of quantum networks: as with all secure communication, each protocol relies on a particular authentication resource, and the security claim of that protocol is meaningful only once the authentication resource and its deployment assumptions are made explicit. At the same time, the existing classical and quantum literature already offers a range of quantum-secure authentication schemes, which can support different applications when carefully matched to the required functionality, assumptions, and security guarantees.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

1 major / 1 minor

Summary. The paper is a literature survey on authentication in quantum networks. It distinguishes three flavours of authentication (classical messages, quantum messages, and entity authentication), reviews representative protocols for each including hardware-assisted methods, and compares them on security assumptions, setup requirements, composability, and scalability in large/dynamic networks. The survey recommends suitable candidates, provides a detailed case study with QKD, and extends the discussion to protocols beyond QKD. The central claim is that an authentication requirement is not an intrinsic limitation of quantum networks; each protocol's security claim is meaningful only once the authentication resource and its deployment assumptions are made explicit.

Significance. If the comparisons hold, the survey provides a clear framework for matching authentication schemes to quantum applications by making explicit the required resources and assumptions. The QKD case study and extension to other protocols offer practical guidance for network designers, and the overall message helps avoid conflating authentication flavours in the literature. This could support more precise security analyses in quantum communication without introducing new technical results.

major comments (1)
  1. [comparison section (following the review of the three flavours)] The central claim that authentication is not intrinsic and that suitable schemes exist relies on the comparison of representative protocols supporting general recommendations on composability and scalability. However, no explicit selection criteria or coverage argument is given for why the chosen protocols adequately represent the space (including omitted post-quantum or hardware-specific hybrids), which is load-bearing for extending the recommendations beyond the surveyed examples.
minor comments (1)
  1. [Abstract] The abstract states that protocols are compared 'in terms of their security assumptions, set-up requirements, composability, and scalability' but does not preview the number of protocols per flavour or the structure of the comparison; adding this would improve readability.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for the constructive feedback and positive assessment of the survey. We address the single major comment below.

read point-by-point responses

  1. Referee: [comparison section (following the review of the three flavours)] The central claim that authentication is not intrinsic and that suitable schemes exist relies on the comparison of representative protocols supporting general recommendations on composability and scalability. However, no explicit selection criteria or coverage argument is given for why the chosen protocols adequately represent the space (including omitted post-quantum or hardware-specific hybrids), which is load-bearing for extending the recommendations beyond the surveyed examples.

    Authors: We agree that the manuscript would benefit from an explicit statement of selection criteria for the representative protocols. The surveyed protocols were chosen to illustrate the three distinct authentication flavours while spanning classical, quantum, and hardware-assisted approaches with varying assumptions on setup, composability, and scalability; however, this rationale is not stated upfront. In revision we will insert a short paragraph at the start of the comparison section that (i) lists the selection criteria (coverage of the three flavours, inclusion of both information-theoretic and computational security models, and relevance to network-scale deployment), (ii) notes that the set is representative rather than exhaustive, and (iii) explicitly flags the omission of certain post-quantum hybrids and additional hardware-specific constructions as outside the paper’s scope. This addition will make the basis for the general recommendations transparent without altering the central claim. revision: yes

Circularity Check

0 steps flagged

No circularity: literature survey without derivations or fitted predictions

full rationale

The paper is explicitly a review surveying three flavours of authentication and representative protocols from existing literature. It compares protocols on security assumptions, composability and scalability but contains no equations, parameter fitting, or derivation chain that reduces a claimed result to its own inputs. The take-home message follows directly from the surveyed material rather than from any self-referential construction. No load-bearing self-citations or ansatzes are used to justify internal claims.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

As a review paper, it introduces no new free parameters, axioms, or invented entities and relies entirely on the body of prior work on quantum authentication.

pith-pipeline@v0.9.1-grok · 5735 in / 972 out tokens · 31000 ms · 2026-06-30T05:37:59.073924+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

191 extracted references · 73 canonical work pages · 16 internal anchors

  1. [1]

    Bennett, C. H. & Brassard, G. Quantum cryptography: Public key distribution and coin tossing.Theor. Comput. Sci.560, 7– 11 (2014). URLhttps://doi.org/10.1016/ j.tcs.2014.05.025

    2014

  2. [2]

    Quan- tum Key Distribution (QKD) and Quantum Cryptography (QC)

    National Security Agency. Quan- tum Key Distribution (QKD) and Quantum Cryptography (QC). URL https://www.nsa.gov/Cybersecurity/ Quantum-Key-Distribution-QKD-and- Quantum-Cryptography-QC/. Accessed: 2026

    2026

  3. [3]

    Singh, S.et al.Towards a unified quan- tum protocol framework: Classification, im- plementation, and use cases.arXiv preprint arXiv:2310.12780(2023)

    work page arXiv 2023

  4. [4]

    Barnum, H., Cr´ epeau, C., Gottesman, D., Smith, A. D. & Tapp, A. Authentication of Quantum Messages. In43rd Symposium on Foundations of Computer Science, FOCS 2002, Vancouver, BC, Canada, November 16- 19, 2002, Proceedings, 449–458 (2002)

    2002

  5. [5]

    & Winter, A

    Ambainis, A., Bouda, J. & Winter, A. Non- malleable encryption of quantum information. J. Math. Phys.50, 042106 (2009). 26

    2009

  6. [6]

    & Majenz, C

    Alagic, G. & Majenz, C. Quantum non- malleability and authentication. In Katz, J. & Shacham, H. (eds.)Advances in Cryptology - CRYPTO 2017 - 37th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 20-24, 2017, Proceedings, Part II, vol. 10402 ofLecture Notes in Computer Sci- ence, 310–341 (Springer, 2017). URLhttps: //doi.org/10.10...

    work page doi:10.1007/978-3-319-63715-0 2017

  7. [7]

    A personal view of average- case complexity

    Impagliazzo, R. A personal view of average- case complexity. InProceedings of the Tenth Annual Structure in Complexity Theory Con- ference, Minneapolis, Minnesota, USA, June 19-22, 1995, 134–147 (IEEE Computer Soci- ety, 1995). URLhttps://doi.org/10.1109/ SCT.1995.514853

    work page arXiv 1995

  8. [8]

    Grover, L. K. A fast quantum mechanical al- gorithm for database search. In Miller, G. L. (ed.)Proceedings of the Twenty-Eighth Annual ACM Symposium on the Theory of Comput- ing, Philadelphia, Pennsylvania, USA, May 22- 24, 1996, 212–219 (ACM, 1996). URLhttps: //doi.org/10.1145/237814.237866

    work page doi:10.1145/237814.237866 1996

  9. [9]

    Shor, P. W. Algorithms for quantum computa- tion: Discrete logarithms and factoring. In35th Annual Symposium on Foundations of Com- puter Science, Santa Fe, New Mexico, USA, November 20-22, 1994, 124–134 (IEEE Com- puter Society, 1994). URLhttps://doi.org/ 10.1109/SFCS.1994.365700

    work page doi:10.1109/sfcs.1994.365700 1994

  10. [10]

    How to factor 2048 bit RSA integers with less than a million noisy qubits

    Gidney, C. How to factor 2048 bit RSA in- tegers with less than a million noisy qubits. arXiv preprint arXiv:2505.15917(2025). URL https://arxiv.org/abs/2505.15917

    work page internal anchor Pith review Pith/arXiv arXiv 2048

  11. [11]

    Report on Post-Quantum Cryp- tography

    Chen, L.et al.“Report on Post-Quantum Cryp- tography”. Tech. Rep. NISTIR 8105, National Institute of Standards and Technology (2016)

    2016

  12. [12]

    Module-Lattice-Based Key-Encapsulation Mechanism Standard (ML-KEM)

    National Institute of Standards and Technol- ogy. Module-Lattice-Based Key-Encapsulation Mechanism Standard (ML-KEM). Federal In- formation Processing Standard FIPS 203, Na- tional Institute of Standards and Technology (2024)

    2024

  13. [13]

    Module-Lattice-Based Digital Signature Standard (ML-DSA)

    National Institute of Standards and Technol- ogy. Module-Lattice-Based Digital Signature Standard (ML-DSA). Federal Information Pro- cessing Standard FIPS 204, National Institute of Standards and Technology (2024)

    2024

  14. [14]

    Stateless Hash-Based Digital Signature Standard (SLH-DSA)

    National Institute of Standards and Technol- ogy. Stateless Hash-Based Digital Signature Standard (SLH-DSA). Federal Information Processing Standard FIPS 205, National Insti- tute of Standards and Technology (2024)

    2024

  15. [15]

    All´ eaume, R.et al.Using quantum key distri- bution for cryptographic purposes: A survey. Theor. Comput. Sci.560, 62–81 (2014). URL https://doi.org/10.1016/j.tcs.2014.09.018

    work page doi:10.1016/j.tcs.2014.09.018 2014

  16. [16]

    G., Piper, F

    Paterson, K. G., Piper, F. & Schack, R. Quan- tum cryptography: a practical information se- curity perspective.Nato Security Through Sci- ence Series D-Information and Communication Security11, 175 (2007)

    2007

  17. [17]

    & L¨ utkenhaus, N

    Stebila, D., Mosca, M. & L¨ utkenhaus, N. The case for quantum key distribution. In Sergienko, A. V., Pascazio, S. & Villoresi, P. (eds.)Quantum Communication and Quan- tum Networking, First International Confer- ence, QuantumComm 2009, Naples, Italy, October 26-30, 2009, Revised Selected Pa- pers, vol. 36 ofLecture Notes of the Insti- tute for Computer S...

    work page doi:10.1007/978-3-642-11731-2 2009

  18. [18]

    Universally composable security: A new paradigm for cryptographic protocols

    Canetti, R. Universally composable security: A new paradigm for cryptographic protocols. In42nd Annual Symposium on Foundations of Computer Science, FOCS 2001, Las Vegas, Nevada, USA, October 14-17, 2001, 136–145 (IEEE Computer Society, 2001). URLhttps: //doi.org/10.1109/SFCS.2001.959888

    work page doi:10.1109/sfcs.2001.959888 2001

  19. [19]

    Constructive cryptography - A new paradigm for security definitions and proofs

    Maurer, U. Constructive cryptography - A new paradigm for security definitions and proofs. In M¨ odersheim, S. & Palamidessi, C. (eds.)The- ory of Security and Applications - Joint Work- shop, TOSCA 2011, Saarbr¨ ucken, Germany, March 31 - April 1, 2011, Revised Selected Pa- pers, vol. 6993 ofLecture Notes in Computer Science, 33–56 (Springer, 2011). URLh...

    work page doi:10.1007/978-3-642-27375-9 2011

  20. [20]

    A Constructive Treatment of Au- thentication.IACR preprint 2026/702(2026)

    Battarbee, C. A Constructive Treatment of Au- thentication.IACR preprint 2026/702(2026). URLhttps://eprint.iacr.org/2026/702

    2026

  21. [21]

    Needham, R. M. & Schroeder, M. D. Us- ing encryption for authentication in large net- works of computers.Commun. ACM21, 993– 999 (1978). URLhttps://doi.org/10.1145/ 359657.359659. 27

    work page arXiv 1978

  22. [22]

    & Wolf, R

    Renner, R. & Wolf, R. The debate over QKD: A rebuttal to the NSA’s objections.arXiv preprint arXiv:2307.15116(2023)

    work page arXiv 2023

  23. [23]

    & Wegman, M

    Carter, L. & Wegman, M. N. Universal classes of hash functions.J. Comput. Syst. Sci. 18, 143–154 (1979). URLhttps://doi.org/ 10.1016/0022-0000(79)90044-8

    work page doi:10.1016/0022-0000(79)90044-8 1979

  24. [24]

    Wegman, M. N. & Carter, L. New hash func- tions and their use in authentication and set equality.J. Comput. Syst. Sci.22, 265–279 (1981). URLhttps://doi.org/10.1016/0022- 0000(81)90033-7

    work page doi:10.1016/0022- 1981

  25. [25]

    Stinson, D. R. Universal hashing and authen- tication codes.Des. Codes Cryptogr.4, 369– 380 (1994). URLhttps://doi.org/10.1007/ BF01388651

    1994

  26. [26]

    Key recycling in authentica- tion.IEEE Trans

    Portmann, C. Key recycling in authentica- tion.IEEE Trans. Inf. Theory60, 4383– 4396 (2014). URLhttps://doi.org/10.1109/ TIT.2014.2317312

    work page arXiv 2014

  27. [27]

    A simple and key-economical un- conditional authentication scheme.J

    den Boer, B. A simple and key-economical un- conditional authentication scheme.J. Comput. Secur.2, 65–72 (1993)

    1993

  28. [29]

    & Smeets, B

    Bierbrauer, J., Johansson, T., Kabatianskii, G. & Smeets, B. J. M. On families of hash functions via geometric codes and concatena- tion. In Stinson, D. R. (ed.)Advances in Cryp- tology - CRYPTO ’93, 13th Annual Interna- tional Cryptology Conference, Santa Barbara, California, USA, August 22-26, 1993, Proceed- ings, vol. 773 ofLecture Notes in Computer Sc...

    work page doi:10.1007/3-540-48329-2 1993

  29. [30]

    & Rogaway, P

    Black, J., Halevi, S., Krawczyk, H., Krovetz, T. & Rogaway, P. UMAC: fast and secure message authentication. In Wiener, M. J. (ed.)Advances in Cryptology - CRYPTO ’99, 19th Annual International Cryptology Confer- ence, Santa Barbara, California, USA, Au- gust 15-19, 1999, Proceedings, vol. 1666 of Lecture Notes in Computer Science, 216–233 (Springer, 1999...

    work page doi:10.1007/3-540-48405-1 1999

  30. [31]

    Bernstein, D. J. The poly1305-aes message- authentication code. In Gilbert, H. & Hand- schuh, H. (eds.)Fast Software Encryption: 12th International Workshop, FSE 2005, Paris, France, February 21-23, 2005, Revised Selected Papers, vol. 3557 ofLecture Notes in Com- puter Science, 32–49 (Springer, 2005). URL https://doi.org/10.1007/11502760 3

    work page doi:10.1007/11502760 2005

  31. [32]

    & Lindell, Y.Introduc- tion to Modern Cryptography, Sec- ond Edition(CRC Press, 2014)

    Katz, J. & Lindell, Y.Introduc- tion to Modern Cryptography, Sec- ond Edition(CRC Press, 2014). URL https://www.crcpress.com/Introduction- to-Modern-Cryptography-Second-Edition/ Katz-Lindell/p/book/9781466570269

    work page arXiv 2014

  32. [33]

    & Rivest, R

    Goldwasser, S., Micali, S. & Rivest, R. L. A digital signature scheme secure against adap- tive chosen-message attacks.SIAM J. Comput. 17, 281–308 (1988). URLhttps://doi.org/ 10.1137/0217017

    work page doi:10.1137/0217017 1988

  33. [34]

    & Rogaway, P

    Bellare, M. & Rogaway, P. Introduction to modern cryptography (2005). Lecture notes, available from authors’ course materials

    2005

  34. [35]

    The Keyed-Hash Message Authentication Code (HMAC)

    National Institute of Standards and Technol- ogy. The Keyed-Hash Message Authentication Code (HMAC). Federal Information Process- ing Standard FIPS 198-1, National Institute of Standards and Technology (2008)

    2008

  35. [37]

    & Rogaway, P

    Bellare, M., Kilian, J. & Rogaway, P. The security of the cipher block chaining message authentication code.J. Comput. Syst. Sci. 61, 362–399 (2000). URLhttps://doi.org/ 10.1006/jcss.1999.1694

    work page doi:10.1006/jcss.1999.1694 2000

  36. [38]

    Cryptographic security of quantum key distribution

    Portmann, C. & Renner, R. Cryptographic security of quantum key distribution.arXiv preprint arXiv:1409.3525(2014)

    work page internal anchor Pith review Pith/arXiv arXiv 2014

  37. [39]

    New Directions in Cryptography,

    Diffie, W. & Hellman, M. E. New directions in cryptography.IEEE Trans. Inf. Theory 28 22, 644–654 (1976). URLhttps://doi.org/ 10.1109/TIT.1976.1055638

    work page doi:10.1109/tit.1976.1055638 1976

  38. [40]

    L., Shamir, A

    Rivest, R. L., Shamir, A. & Adleman, L. M. A method for obtaining digital signatures and public-key cryptosystems.Commun. ACM 21, 120–126 (1978). URLhttps://doi.org/ 10.1145/359340.359342

    work page doi:10.1145/359340.359342 1978

  39. [41]

    Universally composable sig- nature, certification, and authentication

    Canetti, R. Universally composable sig- nature, certification, and authentication. In17th IEEE Computer Security Founda- tions Workshop, (CSFW-17 2004), 28-30 June 2004, Pacific Grove, CA, USA, 219 (IEEE Computer Society, 2004). URL https://doi.ieeecomputersociety.org/ 10.1109/CSFW.2004.24

    work page doi:10.1109/csfw.2004.24 2004

  40. [42]

    & Coretti, S

    Maurer, U., Tackmann, B. & Coretti, S. Key exchange with unilateral authentication: Com- posable security definition and modular proto- col design.Cryptology ePrint Archive(2013)

    2013

  41. [43]

    & Tackmann, B

    Badertscher, C., Maurer, U. & Tackmann, B. On composable security for digital signatures. In Abdalla, M. & Dahab, R. (eds.)Public-Key Cryptography - PKC 2018 - 21st IACR Inter- national Conference on Practice and Theory of Public-Key Cryptography, Rio de Janeiro, Brazil, March 25-29, 2018, Proceedings, Part I, vol. 10769 ofLecture Notes in Computer Sci- e...

    work page doi:10.1007/978-3-319-76578-5 2018

  42. [44]

    Constructing digital signatures from a one way function

    Lamport, L. Constructing digital signatures from a one way function. Technical Report CSL-98, SRI International Computer Science Laboratory (1979)

    1979

  43. [45]

    & Snetkov, N

    Dufka, A., Kravtsenko, S., Laud, P. & Snetkov, N. Trilithium: Efficient and universally com- posable distributed ML-DSA signing.IACR Cryptol. ePrint Arch.2025, 675 (2025). URL https://eprint.iacr.org/2025/675

    2025

  44. [46]

    & Fehr, S

    Abe, M. & Fehr, S. Adaptively secure feldman VSS and applications to universally- composable threshold cryptography. In Franklin, M. K. (ed.)Advances in Cryptology - CRYPTO 2004, 24th Annual International CryptologyConference, Santa Barbara, Califor- nia, USA, August 15-19, 2004, Proceedings, vol. 3152 ofLecture Notes in Computer Sci- ence, 317–334 (Sprin...

    work page doi:10.1007/978-3-540-28628-8 2004

  45. [47]

    & Ohta, K

    Yoneyama, K. & Ohta, K. Ring signatures: Universally composable definitions and con- structions.Inf. Media Technol.2, 1038– 1051 (2007). URLhttps://doi.org/10.11185/ imt.2.1038

    2007

  46. [48]

    & Wohnig, S

    Branco, P., D¨ ottling, N. & Wohnig, S. Univer- sal ring signatures in the standard model. In Agrawal, S. & Lin, D. (eds.)Advances in Cryp- tology - ASIACRYPT 2022 - 28th International Conference on the Theory and Application of Cryptology and Information Security, Taipei, Taiwan, December 5-9, 2022, Proceedings, Part IV, vol. 13794 ofLecture Notes in Com...

    work page doi:10.1007/978-3-031-22972-5 2022

  47. [49]

    & Ohkubo, M

    Abe, M. & Ohkubo, M. A framework for universally composable non-committing blind signatures.Int. J. Appl. Cryptogr.2, 229– 249 (2012). URLhttps://doi.org/10.1504/ IJACT.2012.045581

    work page arXiv 2012

  48. [50]

    Round-optimal composable blind signatures in the common reference string model

    Fischlin, M. Round-optimal composable blind signatures in the common reference string model. In Dwork, C. (ed.)Advances in Cryp- tology - CRYPTO 2006, 26th Annual Interna- tional Cryptology Conference, Santa Barbara, California, USA, August 20-24, 2006, Proceed- ings, vol. 4117 ofLecture Notes in Computer Science, 60–77 (Springer, 2006). URLhttps: //doi.o...

    work page doi:10.1007/11818175 2006

  49. [53]

    & Schwabe, P

    Gajland, P., de Kock, B., Quaresma, M., Malavolta, G. & Schwabe, P. SWOOSH: efficient lattice-based non-interactive key ex- change. In Balzarotti, D. & Xu, W. (eds.) 33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, PA, USA, Au- gust 14-16, 2024(USENIX Association, 2024). URLhttps://www.usenix.org/conference/ usenixsecurity24/presentatio...

    2024

  50. [54]

    & Wee, H

    Krawczyk, H. & Wee, H. The OPTLS proto- col and TLS 1.3. InIEEE European Sympo- sium on Security and Privacy, EuroS&P 2016, Saarbr¨ ucken, Germany, March 21-24, 2016, 81–96 (IEEE, 2016). URLhttps://doi.org/ 10.1109/EuroSP.2016.18

    work page doi:10.1109/eurosp.2016.18 2016

  51. [55]

    SKEME: a versatile secure key exchange mechanism for internet

    Krawczyk, H. SKEME: a versatile secure key exchange mechanism for internet. In Ellis, J. T., Neuman, B. C. & Balenson, D. M. (eds.)1996 Symposium on Network and Distributed System Security, (S)NDSS ’96, San Diego, CA, USA, February 22-23, 1996, 114–127 (IEEE Com- puter Society, 1996). URLhttps://doi.org/ 10.1109/NDSS.1996.492418

    work page doi:10.1109/ndss.1996.492418 1996

  52. [56]

    & Yoneyama, K

    Fujioka, A., Suzuki, K., Xagawa, K. & Yoneyama, K. Strongly secure authenticated key exchange from factoring, codes, and lat- tices.Designs, Codes and Cryptography76, 469–504 (2015)

    2015

  53. [58]

    Choquette - Choo, Hengrui Jia, Adelin Travers, Baiwu Zhang, David Lie, and Nicolas Papernot

    H¨ ulsing, A., Ning, K., Schwabe, P., Weber, F. & Zimmermann, P. R. Post-quantum wireguard. In42nd IEEE Symposium on Security and Pri- vacy, SP 2021, San Francisco, CA, USA, 24-27 May 2021, 304–321 (IEEE, 2021). URLhttps: //doi.org/10.1109/SP40001.2021.00030

    work page doi:10.1109/sp40001.2021.00030 2021

  54. [59]

    & Krawczyk, H

    Bellare, M., Canetti, R. & Krawczyk, H. A modular approach to the design and analy- sis of authentication and key exchange pro- tocols (extended abstract). In Vitter, J. S. (ed.)Proceedings of the Thirtieth Annual ACM Symposium on the Theory of Computing, Dal- las, Texas, USA, May 23-26, 1998, 419– 428 (ACM, 1998). URLhttps://doi.org/ 10.1145/276698.276854

    work page doi:10.1145/276698.276854 1998

  55. [60]

    & Wiggers, T

    Schwabe, P., Stebila, D. & Wiggers, T. Post- quantum TLS without handshake signatures. In Ligatti, J., Ou, X., Katz, J. & Vigna, G. (eds.)CCS ’20: 2020 ACM SIGSAC Confer- ence on Computer and Communications Se- curity, Virtual Event, USA, November 9-13, 2020, 1461–1480 (ACM, 2020). URLhttps: //doi.org/10.1145/3372297.3423350

    work page doi:10.1145/3372297.3423350 2020

  56. [61]

    & Doosti, M

    Arapinis, M., Battarbee, C. & Doosti, M. Have Your CKAKE and Eat it, Too: Efficient, Com- posable KEM-Authenticated Key Exchange (2026). URLhttps://eprint.iacr.org/2026/ 249.2026/249

    2026

  57. [62]

    & Chuang, I

    Gottesman, D. & Chuang, I. L. Quantum digital signatures.arXiv preprintquant- ph/0105032(2001).quant-ph/0105032

    work page arXiv 2001

  58. [63]

    & Majenz, C

    Alagic, G., Gagliardoni, T. & Majenz, C. Can you sign a quantum state?Quantum5, 603 (2021). URLhttps://doi.org/10.22331/q- 2021-12-16-603

    work page doi:10.22331/q- 2021

  59. [65]

    & Andersson, E

    Dunjko, V., Wallden, P. & Andersson, E. Quan- tum digital signatures without quantum mem- ory.Phys. Rev. Lett.112, 040502 (2014)

    2014

  60. [66]

    & Andersson, E

    Wallden, P. & Andersson, E. Secure quan- tum signatures using insecure quantum chan- nels.Phys. Rev. Lett.111, 130501 (2013)

    2013

  61. [67]

    & Roijakkers, S

    Chaum, D. & Roijakkers, S. Uncondition- ally secure digital signatures. In Menezes, A. & Vanstone, S. A. (eds.)Advances in Cryp- tology - CRYPTO ’90, 10th Annual Interna- tional Cryptology Conference, Santa Barbara, California, USA, August 11-15, 1990, Proceed- ings, vol. 537 ofLecture Notes in Computer Sci- ence, 206–214 (Springer, 1990). URLhttps: //doi...

    work page doi:10.1007/3-540-38424-3 1990

  62. [69]

    & Imai, H

    Hanaoka, G., Shikata, J., Zheng, Y. & Imai, H. Efficient unconditionally secure digital signatures.IEICE Trans. Fundam. Elec- tron. Commun. Comput. Sci.87-A, 120–130 (2004). URLhttp://search.ieice.org/ bin/summary.php?id=e87-a 1 120&category= D&year=2004&lang=E&abst=

    2004

  63. [71]

    & de Wolf, R

    Ambainis, A., Mosca, M., Tapp, A. & de Wolf, R. Private quantum channels. In41st An- nual Symposium on Foundations of Computer Science, FOCS 2000, Redondo Beach, Cali- fornia, USA, November 12-14, 2000, 547–553 (IEEE Computer Society, 2000). URLhttps: //doi.org/10.1109/SFCS.2000.892142

    work page doi:10.1109/sfcs.2000.892142 2000

  64. [72]

    Dupuis, F., Nielsen, J. B. & Salvail, L. Actively secure two-party evaluation of any quantum op- eration. In Safavi-Naini, R. & Canetti, R. (eds.) Advances in Cryptology - CRYPTO 2012 - 32nd Annual Cryptology Conference, Santa Barbara, CA, USA, August 19-23, 2012. Proceedings, vol. 7417 ofLecture Notes in Computer Sci- ence, 794–811 (Springer, 2012). URLh...

    work page doi:10.1007/978-3-642-32009-5 2012

  65. [73]

    The Bayesian approach to inverse problems

    Garg, S., Yuen, H. & Zhandry, M. New security notions and feasibility results for authentication of quantum data. In Katz, J. & Shacham, H. (eds.)Advances in Cryptology - CRYPTO 2017 - 37th Annual International Cryptology Confer- ence, Santa Barbara, CA, USA, August 20-24, 2017, Proceedings, Part II, vol. 10402 ofLecture Notes in Computer Science, 342–371...

    work page doi:10.1007/978- 2017

  66. [74]

    & Rogaway, P

    Bellare, M. & Rogaway, P. Entity authentica- tion and key distribution. In Stinson, D. R. (ed.)Advances in Cryptology - CRYPTO ’93, 13th Annual International Cryptology Confer- ence, Santa Barbara, California, USA, August 22-26, 1993, Proceedings, vol. 773 ofLecture Notes in Computer Science, 232–249 (Springer, 1993). URLhttps://doi.org/10.1007/3- 540-48329-2 21

    work page doi:10.1007/3- 1993

  67. [75]

    Menezes, A., van Oorschot, P. C. & Van- stone, S. A.Handbook of Applied Cryptog- raphy(CRC Press, 1996). URLhttp:// cacr.uwaterloo.ca/hac/

    1996

  68. [76]

    & Shamir, A

    Fiat, A. & Shamir, A. How to prove your- self: Practical solutions to identification and signature problems. In Odlyzko, A. M. (ed.) Advances in Cryptology - CRYPTO ’86, Santa Barbara, California, USA, 1986, Proceedings, vol. 263 ofLecture Notes in Computer Sci- ence, 186–194 (Springer, 1986). URLhttps: //doi.org/10.1007/3-540-47721-7 12

    work page doi:10.1007/3-540-47721-7 1986

  69. [77]

    & Gershen- feld, N

    Pappu, R., Recht, B., Taylor, J. & Gershen- feld, N. Physical one-way functions.Science 297, 2026–2030 (2002)

    2026

  70. [78]

    & De- vadas, S

    Gassend, B., Clarke, D., van Dijk, M. & De- vadas, S. Silicon Physical Random Functions. InProceedings of the 9th ACM Conference on Computer and Communications Security, 148– 160 (ACM, 2002)

    2002

  71. [79]

    & De- vadas, S

    Herder, C., Yu, M.-D., Koushanfar, F. & De- vadas, S. Physical Unclonable Functions and Applications: A Tutorial.Proceedings of the IEEE102, 1126–1141 (2014)

    2014

  72. [80]

    Gao, Y., Al-Sarawi, S. F. & Abbott, D. Phys- ical Unclonable Functions.Nature Electronics 3, 81–91 (2020)

    2020

  73. [81]

    InProceedings of the 17th ACM Conference on Computer and Com- munications Security, 237–249 (ACM, 2010)

    R¨ uhrmair, U.et al.Modeling Attacks on Physi- cal Unclonable Functions. InProceedings of the 17th ACM Conference on Computer and Com- munications Security, 237–249 (ACM, 2010)

    2010

  74. [82]

    R¨ uhrmair, U.et al.PUF Modeling Attacks on Simulated and Silicon Data.IEEE Transactions on Information Forensics and Security8, 1876– 1891 (2013)

    2013

  75. [83]

    Quantum Readout of Physical Un- clonable Functions.Int

    ˇSkori´ c, B. Quantum Readout of Physical Un- clonable Functions.Int. J. Quantum Inf.10, 1250001 (2012)

    2012

  76. [84]

    A., Horstmann, M., Mosk, A

    Goorden, S. A., Horstmann, M., Mosk, A. P., ˇSkori´ c, B. & Pinkse, P. W. H. Quantum-Secure Authentication of a Physical Unclonable Key. Optica1, 421–424 (2014). 31

    2014

  77. [85]

    Nikolopoulos, G. M. Remote Quantum-Safe Authentication of Entities with Physical Un- clonable Functions.Photonics8, 289 (2021)

    2021

  78. [86]

    & Kashefi, E

    Arapinis, M., Delavar, M., Doosti, M. & Kashefi, E. Quantum Physical Unclonable Functions: Possibilities and Impossibilities. Quantum5, 475 (2021).1910.02126

    work page arXiv 2021

  79. [87]

    & Kashefi, E

    Doosti, M., Kumar, N., Delavar, M. & Kashefi, E. Client-server identification protocols with quantum PUF.ACM Transactions on Quan- tum Computing2, 1–40 (2021).2006.04522

    work page arXiv 2021

  80. [88]

    URL https://quantum-journal.org/papers/q- 2023-05-23-1014/pdf/

    Chakraborty, K.et al.Quantum Lock: A Provable Quantum Communication Ad- vantage.Quantum7, 1014 (2023). URL https://quantum-journal.org/papers/q- 2023-05-23-1014/pdf/

    2023

Showing first 80 references.