Utilizing a Fully Optical and Reconfigurable PUF as a Quantum Authentication Mechanism

In this work the novel usage of a physically unclonable function composed of a network of Mach-Zehnder interferometers for authentication tasks is described. The physically unclonable function hardware is completely reconfigurable, allowing for a large number of seemingly independent devices to be utilized, thus imitating a large array of single-response physically unclonable functions. It is proposed that any reconfigurable array of Mach-Zehnder interferometers can be used as an authentication mechanism, not only for physical objects, but for information transmitted both classically and quantumly. The proposed use-case for a fully-optical physically unclonable function, designed with reconfigurable hardware, is to authenticate messages between a trusted and possibly untrusted party; verifying that the messages received are generated by the holder of the authentic device.


Introduction
Authentication is an important part of any communication protocol, as it provides a method of guaranteeing the trustworthiness of users and other components in a network, such as keys and messages.Identity authentication is generally the first method considered, as this primitive provides protection against an eavesdropper, Eve, pretending to be a legitimate user [1].It is important to make any protocol resistant to an eavesdropper, such that the transmitted messages are known to be from authenticated users.In any authentication scheme the receiver verifies the creator and sender of information, where in two-party identity authentication specifically, a communicating party tries to prove (i.e. the prover) their identity and the other verifies (i.e. the verifier) the provided identity before trusting the data.
An identity authentication scheme works where a sender pre-registers confidential information regarding his or her identity, often in a form a key or per-user string, in a database held by the receiver, prior to any communication occurring.When communication is initiated, an identity authentication event happens where the receiver can receive a set of confidential information from the sender and verify it against the previously-registered information in the database.
Other versions of authentication, specifically message authentication, work where the sender and receiver have a secure channel that may be in an untrusted environment.Within the untrusted environment there is the potential for an eavesdropper to intercept and manipulate messages, or pose as either the sender or receiver, in what is commonly known as a 'man-in-the-middle' (MITM) attack.The message authentication techniques help to overcome the falsification of identity when sending messages by appending, or applying, hardware-specific user information to the message between a prover and verifier.The proposed work here represents a model for a quantum-enhanced message authentication scheme built around an integrated optical-hardwarebased physically unclonable function (PUF).
The integrated photonic hardware used in this work is known as a quantum photonic processor (QPP) and was developed in collaboration between the Air Force Research Lab (AFRL) and the Quantum Photonics Laboratory at MIT under the direction of D. Englund [2][3][4].The form of optical PUF utilized differs from previous optical PUFs, such as that of Grubel [5] or Tarik [6], in that our device is a mesh-network of Mach-Zehnder interferometers (MZIs) rather than a single chaotic resonator.Other optical PUFs, including those based on bulk materials, have been developed such as multi-mode fibers and other scatting media, along with authentication methods [7][8][9].A detailed study of the theory of classical and quantum PUFs is available in [10].

Previous Work
In previous work by A. Smith and H. Jacinto, a quantum photonics processor, implemented as a photonic integrated circuit (PIC), was employed as a physically unclonable function [11].The fully-optical PUF is designed as a silicon-on-insulator (SOI) integrated optical chip with electronic control.The optical interferometric device consists of 88 2x2 MZIs, schematically shown in Figure 1.The MZIs are connected in a triangular nearest-neighbor configuration, as shown in Figure 2.Each MZI is thermally tuned by integrated resistive heating elements on the upper waveguide, with the MZI applying an ideal 2 × 2 unitary transformation shown in Equation 1.
Each MZI consists of two integrated phase shifters: One phase shifter between the two beam splitters, and a second phase shifter on one output leg.These four components are the four 2 × 2 unitary matrices multiplied in sequence in Equation 1.The unitary transformation equation includes two variables, and , which map to the internal phase setting and output phase offset, respectively, for each MZI.
In this architecture's foundational application as a PUF [11], the distinguishablility and uniqueness of the optical design were demonstrated under classical inputs.The metrics chosen by [11,12] were the Euclidean distance and ℓ 2 -norm of the number of outputs, from a single Fig. 2. Simplified MZI architecture depicting the possible inputs that can be used and output readout via photodetectors.Advanced pumping schemes can be realized, utilizing external feedback, or where multiple inputs are being pumped by laser-light simultaneously.The MZI symbol at top is represented by a 'cross' where each MZI is composed similarly to the one shown in Figure 1.laser-light input, depicted as = 8 in Figure 3.In addition, the inter-and intra-device Hamming distances, and , modified as the loose Hamming distance, were used as a measure of relative distinguishability between groups of PUF settings [11].The work in [11] defines the quality of the PUF and gives an estimate of the number of reconfigurable settings based on the physical architecture of the device; a value of 6.85 × 10 35 challenge-response pairs (CRPs) for the full device.The same work defines a uniqueness constraint to determine the number of fully-independent CRPs that can be utilized.Different architectures will change the number of viable CRPs.This work assumes that the large device from [11] is being used for all authentication described.
Alternate forms of optical PUFs often require non-trivial bulk optical components, and alignment, to observe optical patterns originating from things such as micro-structured tokens generating speckle patterns [9] and imperfections in multi-mode fibers [12].Our proposed solution utilizes a PUF which avoids hard-to-scale elements, can be tightly integrated with standard CMOS components and processes, and effortlessly operates with devices from the growing field of integrated quantum optics.Of special note is our PUF's additional operating mode; where rapid reconfigurability and repeatability aspects allow for our device to operate as multiple PUFs.Many of the operating aspects of our PUF, which this work relies on, may be seen in greater detail in [11].

Security of Proposed Architecture Against Numerical Modeling Attacks
Compared with traditional CMOS-based PUFs and other optical PUFs, the device utilized in [11] is unique in its resistance to numerical model-based attacks.The resistance comes from the numerical complexity present in the device to be used in this work, where the state-space for a CMOS-based PUF is comparatively small.From [11] Section IV.A, it can be seen that for a device similar to Figure 2 with 10 MZIs, there exists 1.19 × 10 5 CRPs.While, for this small example device, a model-based attack may be possible, a more realistic device for application with respect to this work would be comparable in size to that shown in [11]; generating at least 6.85 × 10 35 CRPs, far beyond a number feasibly tractable in numerical model-based attacks.

Optical PUF Authentication
PUFs have been suggested as a means to securely authenticate a networked device or remote user [13].Current state-of-the-art means of authentication begins with the usage of a classical encryption key or token stored within a read-only memory (ROM) [14,15].A PUF is of particular interest since they often form the basis of hardware primitives necessary to replace these cloneable shared encryption keys with a non-reproducible physical object or device.
The general operation of a PUF authentication system can be summarised by the image shown in Figure 4, where the device containing the optical PUF is characterized with a set of challenges and the measured responses are captured by the verifier; these are called challenge-response pairs (CRPs).When the device is manufactured it is characterized with all, or a subset of, possible challenges and the responses are recorded.The CRPs are then securely stored and delivered to the purchaser of the device, often called the enrollment data.The CRPs in this protocol are not publicly released.
Due to aging of the device as discussed in [11,16] the responses to a challenge may change with time.For initial ageing of the device, allowing the verifier a threshold to compensate for the error is the easiest solution but, since this is a cumulative physical process, it is extremely hard to predict how each device will respond over longer periods of time and unfortunately would require a rebuild of the CRP tables by the manufacturer.This would be akin to a standard periodic recalibration procedure.
Once the device is in use away from the manufacturing facility and/or connected via an untrusted channel, one of the challenges can be applied to verify that the expected response is generated.If the verification is successful, the authenticity of the device can be assumed.

Implementation
To utilize the optical PUF in a practical application, a more subtle approach is necessary.The challenge applied to the optical PUF is in the form of electrical settings sent through a controlmodule, while classical light, or single photons are present at the input ports.When the challenge applied is in the form of classical light, the MZIs will configure the light to a certain output profile, depicted by Figure 3.The output profile is in terms of normalized relative intensity across the measured photodiodes, where a distinct histogram is formed for each provided set of challenges to the MZIs.
Similarly, the purely-quantum variant of utilizing the optical PUF will result in a set of MZI phase modulation settings being sent to the device as a challenge via the same control-module mentioned previously.The result will be an arbitrary state output from the device where the PUF has applied an arbitrary unitary transformation, , to the photons entering the device.The mathematical representation of a PUF authenticator with input and output modes and -many photons will be: where for a -many qubit (photon) input state with indexable qubits at position .The response will be in a superposition state with some coefficients , on output modes | due to the natural structure of the PUF device [11].Since a single or multi-photon input, of an unknown state will enter the device, the resulting output density matrix, , will have an additional weight constants and PUF weight constants , described further in Section 4, where each weight constant affects the separate logical |0 and |1 components of a qubit.The output response (histogram) from the PUF will then be projected from a measurement (actually repeated measurements) of: Where is each input qubit, the |01 and |10 are Fock states encoded in the and + 1 wave-guide input modes.Here we assume a separable qubit input state for clarity, however more complicated states such as entangled states and non-qubit states such as NOON states (|20 + |02 ) can be applied.

Classical PUF Readout
The operation of a fully optical PUF in a quantum system has not been studied before but, something similar was approached by B. Škorić, whereby a quantum readout protocol was developed to interface with a classical PUF [17].The readout protocol is modified, described below, with key notational differences to fit this work and to allow for a reconfigurable, optical, PUF.
The quantum readout of the optical PUF is straightforward, where the challenge space of the device is a -dimensional Hilbert space, H , representing any state with -qubits in input modes; with a projective mapping to the response Hilbert space.Our device, being electronically reconfigurable, facilitates the mapping of an optical input combined with input phase settings into a 'challenge' Hilbert space with the response from the device being a 'response' Hilbert space.An arbitrary input challenge | ℎ ∈ H is mapped through the optical PUF, with statistical response ˆ , such that ˆ | ℎ ∈ H .The response will be unique, up to the limit of uniqueness from [11] where all nominal values of unique CRPs are above 50%, for each challenge applied.In general, uniqueness should be approximately 50%; this value is based on a binary PUF delivering results (2 ), where the reconfigurable optical device in question will show many more possibilities up to depending on the initial challenge, thus more unique and semi-unique CRPs exist.ˆ may not necessarily be unitary, but can be decomposed into a response coefficient matrix and response unitary such that ˆ = .Here we note that our proposed protocol is a simple protective operation and does not require full state tomography; often prohibitively slow and difficult to accomplish.
The authentication between two parties, Alice and Bob, works where the verifier (Alice) wants to check if Bob still possesses the optical PUF.Alice first retrieves the original shared enrollment data, then picks a random state, , and prepares the state ℎ ∈ H and sends to Bob. Bob then lets the prepared particle interact with the optical PUF, resulting in the final response state = ˆ ℎ that is then sent back to Alice.Since the result of the PUF response is in the density matrix, Alice then computes according to Equation 4. Alice is then able to repeat this process multiple times to be sure that Bob's PUF is the correct PUF being used.

Thresholding of Responses and Proportional Weights
From Section 3.1, a series of weights can be seen affecting the final output response.What the verifier sees as a response may vary with the weights based on the physical attributes of the underlying PUF.Ultimately a threshold on response would change the window of proportionality of the response such that the input selection weight constant for the device and the chosen PUFs CRP weight work together to make the overall weight of response.Since the device proposed to be used in this work is computer-controlled and interference-based, a threshold on response is required to get the verifier's window of acceptability.The probabilistic processes that influence the device's response necessitate an acceptability window on the response; used to make a determination on the response and whether to accept or reject the data.
The form of the response from the readout will be a state composed of challenge-specific probabilities that can be verified against the original PUF being used for the message authentication.The constant on a single-response state can be represented by the general form ˆ ± where is a constant probability scalar and is the limiting threshold placed by the verifier when matching against the originally published CRPs.

General Security Measure of Optical PUF Authentication
The security of the protocol described is based on the no-cloning theorem, or in this work, the unclonability of the unknown quantum state by an eavesdropper [18,19].For each round of the optical PUF quantum authentication protocol described: A standard challenge-estimation attack, where an adversary who attempts to determine the challenge applied using measurement techniques, will only have a maximum probability of 2 (1+ ) to cause a 'true' response from the PUF.The overall probability of a false positive decreases exponentially with the number of verification challenges that Alice sends to Bob.Since the protocol can be generalized to be qubits (photons), the state-space becomes | ℎ ⊗ , where the attacker's per-qubit success probability is upper-bounded by +1 + [20].

Authentication of Classical and Quantum Information with Fully-Optical PUF
Traditionally, PUFs are only used for device authentication and not for message authentication.Our device is fully optical and can accept quantum states 'at-once' unlike the original readout protocol [17].The modified protocol described also has the additional benefit of being reconfigurable, or the ability to act as many PUFs within a single device due to the tunability of the MZI's relative phases.The major difference is in the density matrix and projected measurements showing the additional parameter.The value for changes with each distinct challenge possible within the device such that the solution space increases not only by | ℎ ⊗ but, by an additional factor of: where the value for can be determined by a maximal upper bound by following the Catalan numbers shown in previous work [11].
Following the modified quantum readout,a simple extension can be made where authentication of classical data, and quantum messages can be completed.In the classical case, Bob receives the optical PUF used in this work that acts as set of several distinct devices labeled {1, . . ., }. Bob wants to send an authenticated classical random variable : Ω → R or message vector X = ( 1 , . . ., ) ∈ R to Alice.Bob's message vector of length is decomposed into = {1, . . ., } ↦ → X, where k = ( ) =1 | ∈{1,..., } , for some PUF with selected CRP, , and is subsequently sent to Alice.Effectively each element of a message vector, or random variable, maps to a specific PUF within the reconfigurable PUF, with a probability based on the message.
Alice and Bob perform the following: 1. Bob sends to Alice over a public and non-authenticated channel.
During each of the CRP tests in , Alice slowly gains confidence that Bob's PUF is returning the responses to her issued challenges.Since there is a response to the challenges it can be assumed that the holder of Bob's PUF agrees with the individual variable sent over the non-authenticated channel.
The quantum message authentication variant of the modified quantum readout protocol operates significantly differently with respect to the initial design.Consider a PUF design where = 3. Alice sends a random challenge state | ℎ to Bob. Bob then routes the challenge to 1 with probability amplitude , 2 with probability amplitude , and 3 with probability amplitude .The probability amplitudes are sent to satisfy since the total probabilities cannot sum to be greater than one.Similarly, for more complex messages, a probability vector P = ( , . . ., ), the probabilities must adhere to =1 2 = 1.This also assumes that X = P .Bob's response state sent back would then be: which is subsequently sent to Alice.Alice is then able to verify, even though she doesn't know the probability amplitudes ( , , ), since she does know the components of ˆ from the initial registration of the optical PUF.This means that when Alice verifies Bob's response, that she will need to rely on the initial PUF weight constant, , to have a 'best guess' of what the probability assignment for the PUF's CRPs would be when assigned by Bob.Alice then knows that: where she will then be able to determine that the responses and probabilities match those that were originally registered from the PUF -assumed to be -held by Bob.Alice also knows from receiving the modified state that the sender has to be holding Bob's PUF; thus achieving an optical, reconfigurable, PUF-based authentication of a quantum state.

Secrecy of Modified Readout for Reconfigurable PUF
From a security standpoint of the quantum message authentication using an all-optical PUF with reconfigurable CRPs, the data could still be considered confidential.Assuming a challengeestimation attack on a -qubit system where < , an initial state ℎ would be chosen uniformly at random.An attacker could know but would not posses the PUF.Additionally assuming the attacker does not have access to a quantum machine, or any device that can compute arbitrary unitary transformations losslessly, only a generic measurement could be completed with a biased estimator.The adversary would then only be able to compute an estimation of a response Ê| = ˆ Ê| ℎ .If an adversary challenged Bob's PUF, the response would not necessarily reveal the probability amplitudes ( , , ) of the proper CRP because, to an adversary, this information could plausibly be from a different reconfigurable PUF or could relate to a different reconfiguration setting.In addition, an adversary that could determine the probability amplitudes sent for different CRPs would not know the original registered parameter, , that contains the true suggested probability amplitudes for each of the CRPs within the reconfigurable PUF.
Thus, the modified quantum readout scheme for a reconfigurable all optical PUF verifies the authenticity of the PUF and can be used to authenticate both classical messages and quantum states.

Conclusion
In this work we described the usage of a reconfigurable all-optical PUF as a hardware authentication mechanism.The usage of the optical PUF as an authentication mechanism is carried out by a modified quantum readout protocol.The readout protocol makes the PUF able to authenticate classical and quantum information through the usage of classical light or single-photon-level manipulations.Additionally, the usage of the hardware optical PUF enables one to authenticate that the receiver of information is not adversarial in nature.This work represents the first application of an all-optical reconfigurable PUF for tasks other than object and direct-access user authentication.

Fig. 1 .
Fig. 1.Integrated design of the Mach-Zehnder interferometers used in the quantum photonic processor showing the waveguides being acted on by computer-controlled phase modulators.The phase modulators adjust the internal ( ) and external ( ) phases seen at the output ports of the device with two 50:50 beamsplitters implemented as directional couplers, DC1 and DC2.

Fig. 3 .
Fig. 3. Optical PUF output profile from two example challenges applied to the (simplified) device in the form of MZI settings, with the right graph showing the resulting profile from the photodetector's response in terms of relative intensity.The blue and orange bars represent possible responses to a predefined set of two challenges.

Fig. 4 .
Fig. 4. Generic PUF application detailing the operation of a PUF within a network or device communicating through an untrusted environment where the final value can be queried by a third-party to verify that the communication taking place is genuine.Once verified, communication can continue in an untrusted channel.