Quantum Secure Authentication could prevent forged credit cards and IDs

A team of scientists from the Netherlands is proposing a security system for credit cards and passports that would leverage the power of quantum physics. Dubbed quantum-secure authentication (QSA), the technology uses a strip of nanoparticles on the card that would be virtually impossible to hack. The same tech could be used for ID cards, passports and other cards that might have embedded data strips to prevent forgeries.

With the quantum security system, the credit card’s nanoparticle strip would be zapped with a laser in such a way as to create a unique pattern that’s impossible to crack. That’s because the system harnesses the qualities of light in the quantum state, in which photons can exist in multiple places at the same time. The event that created the pattern could never be duplicated or observed.

The process works by transmitting a small, specific number of photons onto a specially prepared surface on a credit card and then observing the tell-tale pattern they make. Since — in the quantum world — a single photon can exist in multiple locations, it becomes possible to create a complex pattern with a few photons, or even just one.

Due to the quantum properties of light, any attempt by a hacker to observe the Q and A exchange would, as physicists say, collapse the quantum nature of the light and destroy the information being transmitted. This makes Quantum-Secure Authentication unbreakable regardless of any future developments in technology.

Optics Infobase – Quantum-secure authentication of a physical unclonable key

Making Cards Quantum Secure

To provide security in the real world, a credit card — for example — would be equipped with a paper-thin section of white paint containing millions of nanoparticles. Using a laser, individual photons of light are projected into the paint where they bounce around the nanoparticles like metal balls in a pinball machine until they escape back to the surface, creating the pattern used to authenticate the card.

If “normal” light is projected onto the area, an attacker could measure the entering pattern and return the correct response pattern. A bank would therefore not be able to see a difference between the real card and the counterfeit signal projected by the attacker.

However, if a bank sends a pattern of single “quantum” photons into the paint, the reflected pattern would appear to have more information – or points of light – than the number of photons projected. An attacker attempting to intercept the “question” would destroy the quantum properties of the light and capture only a fraction of the information needed to authenticate the transaction.

“It would be like dropping 10 bowling balls onto the ground and creating 200 separate impacts,” said Pinkse. “It’s impossible to know precisely what information was sent (what pattern was created on the floor) just by collecting the 10 bowling balls. If you tried to observe them falling, it would disrupt the entire system.”

Abstract

Authentication of persons and objects is a crucial aspect of security. We experimentally demonstrate quantum-secure authentication (QSA) of a classical multiple-scattering key. The key is authenticated by illuminating it with a light pulse containing fewer photons than spatial degrees of freedom and verifying the spatial shape of the reflected light. Quantum-physical principles forbid an attacker to fully characterize the incident light pulse. Therefore, he cannot emulate the key by digitally constructing the expected optical response, even if all information about the key is publicly known. QSA uses a key that cannot be copied due to technological limitations and is quantum-secure against digital emulation. Moreover, QSA does not depend on secrecy of stored data, does not depend on unproven mathematical assumptions, and is straightforward to implement with current technology.

5 pages of supplemental information