## Abstract

In this work, the novel usage of a physically unclonable function composed of a network of Mach-Zehnder interferometers for authentication tasks is described. The physically unclonable function hardware is completely reconfigurable, allowing for a large number of seemingly independent devices to be utilized, thus imitating a large array of single-response physically unclonable functions. It is proposed that any reconfigurable array of Mach-Zehnder interferometers can be used as an authentication mechanism, not only for physical objects, but for information transmitted both classically and quantumly. The proposed use-case for a fully-optical physically unclonable function, designed with reconfigurable hardware, is to authenticate messages between a trusted and possibly untrusted party; verifying that the messages received are generated by the holder of the authentic device.

© 2021 Optical Society of America under the terms of the OSA Open Access Publishing Agreement

## 1. Introduction

Authentication is an important part of any communication protocol, as it provides a method of guaranteeing the trustworthiness of users and other components in a network, such as keys and messages. Identity authentication is generally the first method considered, as this primitive provides protection against an eavesdropper, Eve, pretending to be a legitimate user [1]. It is important to make any protocol resistant to an eavesdropper, such that the transmitted messages are known to be from authenticated users. In any authentication scheme the receiver verifies the creator and sender of information, where in two-party identity authentication specifically, a communicating party tries to prove (*i.e.* the *prover*) their identity and the other verifies (*i.e.* the *verifier*) the provided identity before trusting the data.

An identity authentication scheme works where a sender pre-registers confidential information regarding his or her identity, often in a form a key or per-user string, in a database held by the receiver, prior to any communication occurring. When communication is initiated, an identity authentication event happens where the receiver can receive a set of confidential information from the sender and verify it against the previously-registered information in the database.

Other versions of authentication, specifically message authentication, work where the sender and receiver have a secure channel that may be in an untrusted environment. Within the untrusted environment there is the potential for an eavesdropper to intercept and manipulate messages, or pose as either the sender or receiver, in what is commonly known as a ‘man-in-the-middle’ (MITM) attack. The message authentication techniques help to overcome the falsification of identity when sending messages by appending, or applying, hardware-specific user information to the message between a prover and verifier. The proposed work here represents a model for a quantum-enhanced message authentication scheme built around an integrated optical-hardware-based physically unclonable function (PUF).

The integrated photonic hardware used in this work is known as a quantum photonic processor (QPP) and was developed in collaboration between the Air Force Research Lab (AFRL) and the Quantum Photonics Laboratory at MIT under the direction of D. Englund [2–4]. The form of optical PUF utilized differs from previous optical PUFs, such as that of Grubel [5] or Tarik [6], in that our device is a mesh-network of Mach-Zehnder interferometers (MZIs) rather than a single chaotic resonator. Other optical PUFs, including those based on bulk materials, have been developed such as multi-mode fibers and other scatting media, along with authentication methods [7–9]. A detailed study of the theory of classical and quantum PUFs is available in [10].

## 2. Previous work

In previous work by A. Smith and H. Jacinto, a quantum photonics processor, implemented as a photonic integrated circuit (PIC), was employed as a physically unclonable function [11]. The fully-optical PUF is designed as a silicon-on-insulator (SOI) integrated optical chip with electronic control. The optical interferometric device consists of 88 2x2 MZIs, schematically shown in Fig. 1.

The MZIs are connected in a triangular nearest-neighbor configuration, as shown in Fig. 2. Each MZI is thermally tuned by integrated resistive heating elements on the upper waveguide, with the MZI applying an ideal $2\times 2$ unitary transformation shown in Eq. (1).

Each MZI consists of two integrated phase shifters: One phase shifter between the two beam splitters, and a second phase shifter on one output leg. These four components are the four $2\times 2$ unitary matrices multiplied in sequence in Eq. (1).The unitary transformation equation includes two variables, $\theta$ and $\phi$, which map to the internal phase setting and output phase offset, respectively, for each MZI.

In this architecture’s foundational application as a PUF [11], the distinguishablility and uniqueness of the optical design were demonstrated under classical inputs. The metrics chosen by [11,12] were the Euclidean distance and $\ell ^{2}$-norm of the $N$ number of outputs, from a single laser-light input, depicted as $N=8$ in Fig. 3. In addition, the inter- and intra-device Hamming distances, ${HD}_{inter}$ and ${HD}_{intra}$, modified as the loose Hamming distance, were used as a measure of relative distinguishability between groups of PUF settings [11]. The work in [11] defines the quality of the PUF and gives an estimate of the number of reconfigurable settings based on the physical architecture of the device; a value of $6.85 \times 10^{35}$ challenge-response pairs (CRPs) for the full device. The same work defines a uniqueness constraint to determine the number of fully-independent CRPs that can be utilized. Different architectures will change the number of viable CRPs. This work assumes that the large device from [11] is being used for all authentication described.

Alternate forms of optical PUFs often require non-trivial bulk optical components, and alignment, to observe optical patterns originating from things such as micro-structured tokens generating speckle patterns [9] and imperfections in multi-mode fibers [12]. Our proposed solution utilizes a PUF which avoids hard-to-scale elements, can be tightly integrated with standard CMOS components and processes, and effortlessly operates with devices from the growing field of integrated quantum optics. Of special note is our PUF’s additional operating mode; where rapid reconfigurability and repeatability aspects allow for our device to operate as multiple PUFs. Many of the operating aspects of our PUF, which this work relies on, may be seen in greater detail in [11].

#### 2.1 Security of proposed architecture against numerical modeling attacks

Compared with traditional CMOS-based PUFs and other optical PUFs, the device utilized in [11] is unique in its resistance to numerical model-based attacks. The resistance comes from the numerical complexity present in the device to be used in this work, where the state-space for a CMOS-based PUF is comparatively small. From [11] Section IV.A, it can be seen that for a device similar to Fig. 2 with 10 MZIs, there exists $1.19 \times 10^{5}$ CRPs. While, for this small example device, a model-based attack may be possible, a more realistic device for application with respect to this work would be comparable in size to that shown in [11]; generating at least $6.85 \times 10^{35}$ CRPs, far beyond a number feasibly tractable in numerical model-based attacks.

## 3. Optical PUF authentication

PUFs have been suggested as a means to securely authenticate a networked device or remote user [13]. Current state-of-the-art means of authentication begins with the usage of a classical encryption key or token stored within a read-only memory (ROM) [14,15]. A PUF is of particular interest since they often form the basis of hardware primitives necessary to replace these cloneable shared encryption keys with a non-reproducible physical object or device.

The general operation of a PUF authentication system can be summarised by the image shown in Fig. 4, where the device containing the optical PUF is characterized with a set of challenges and the measured responses are captured by the verifier; these are called challenge-response pairs (CRPs). When the device is manufactured it is characterized with all, or a subset of, possible challenges and the responses are recorded. The CRPs are then securely stored and delivered to the purchaser of the device, often called the enrollment data. The CRPs in this protocol are not publicly released.

Due to aging of the device as discussed in [11,16] the responses to a challenge may change with time. For initial ageing of the device, allowing the verifier a threshold to compensate for the error is the easiest solution but, since this is a cumulative physical process, it is extremely hard to predict how each device will respond over longer periods of time and unfortunately would require a rebuild of the CRP tables by the manufacturer. This would be akin to a standard periodic recalibration procedure.

Once the device is in use away from the manufacturing facility and/or connected via an untrusted channel, one of the challenges can be applied to verify that the expected response is generated. If the verification is successful, the authenticity of the device can be assumed.

#### 3.1 Implementation

To utilize the optical PUF in a practical application, a more subtle approach is necessary. The challenge applied to the optical PUF is in the form of electrical settings sent through a control-module, while classical light, or single photons are present at the input ports. When the challenge applied is in the form of classical light, the MZIs will configure the light to a certain output profile, depicted by Fig. 3. The output profile is in terms of normalized relative intensity across the measured photodiodes, where a distinct histogram is formed for each provided set of challenges to the MZIs.

Similarly, the purely-quantum variant of utilizing the optical PUF will result in a set of MZI phase modulation settings being sent to the device as a challenge via the same control-module mentioned previously. The result will be an arbitrary state output from the device where the PUF has applied an arbitrary unitary transformation, $U^{arb}$, to the photons entering the device. The mathematical representation of a PUF authenticator with $N$ input and output modes and $q$-many unentangled photons will be:

Where $q_i$ is each input qubit, the $\vert {01}\rangle$ and $\vert {10}\rangle$ are Fock states encoded in the $i$ and $i+1$ wave-guide input modes. Here we assume a separable qubit input state for clarity, however more complicated states such as entangled states and non-qubit states such as NOON states ($\vert {20}\rangle +\vert {02}\rangle$) can be applied.

#### 3.2 Classical PUF readout

The operation of a fully optical PUF in a quantum system has not been studied before but, something similar was approached by B. Škorić, whereby a quantum readout protocol was developed to interface with a classical PUF [17]. The readout protocol is modified, described below, with key notational differences to fit this work and to allow for a reconfigurable, optical, PUF.

The quantum readout of the optical PUF is straightforward, where the challenge space of the device is a $d$-dimensional Hilbert space, $\mathcal {H}$, representing any state with $q$-qubits in $N$ input modes; with a projective mapping to the response Hilbert space. Our device, being electronically reconfigurable, facilitates the mapping of an optical input combined with input phase settings into a ‘challenge’ Hilbert space with the response from the device being a ‘response’ Hilbert space. An arbitrary input challenge $\vert {\psi ^{challenge}}\rangle \in \mathcal {H}$ is mapped through the optical PUF, with statistical response $\hat {R}$, such that $\hat {R}\vert {\psi ^{challenge}}\rangle \in \mathcal {H}$. The response will be unique, up to the limit of uniqueness from [11] where all nominal values of unique CRPs are above 50%, for each challenge applied. In general, uniqueness should be approximately 50%; this value is based on a binary PUF delivering results from $GF(2^{n})$, where the reconfigurable optical device in question will show many more possibilities up to $CRP_{max}$ depending on the initial challenge, thus more unique and semi-unique CRPs exist. $\hat {R}$ may not necessarily be unitary, but can be decomposed into a response coefficient matrix $R$ and response unitary $U^{arb}$ such that $\hat {R}=R\,U^{arb}$. Here we note that our proposed protocol is a simple protective operation and does not require full state tomography; often prohibitively slow and difficult to accomplish.

The authentication between two parties, Alice and Bob, works where the verifier (Alice) wants to check if Bob still possesses the optical PUF. Alice first retrieves the original shared enrollment data, then picks a random state, $\psi$, and prepares the state $\psi ^{challenge} \in \mathcal {H}$ and sends to Bob. Bob then lets the prepared particle interact with the optical PUF, resulting in the final response state $\psi ^{response}=\hat {R}\psi ^{challenge}$ that is then sent back to Alice. Since the result of the PUF response is in the density matrix, Alice then computes $\rho _{\psi ^{response}}$ according to Eq. (4). Alice is then able to repeat this process multiple times to be sure that Bob’s PUF is the correct PUF being used.

#### 3.3 Thresholding of responses and proportional weights

From Section 3.1, a series of weights can be seen affecting the final output response. What the verifier sees as a response may vary with the weights based on the physical attributes of the underlying PUF. Ultimately a threshold on response would change the window of proportionality of the response such that the input selection weight constant for the device $\omega _n$ and the chosen PUFs CRP weight $\omega _p$ work together to make the overall weight of response. Since the device proposed to be used in this work is computer-controlled and interference-based, a threshold on response is required to get the verifier’s window of acceptability. The probabilistic processes that influence the device’s response necessitate an acceptability window on the response; used to make a determination on the response and whether to accept or reject the data.

The form of the response from the readout will be a state composed of challenge-specific probabilities that can be verified against the original PUF being used for the message authentication. The constant on a single-response state can be represented by the general form $c\hat {R} U^{arb} \pm \epsilon$ where $c$ is a constant probability scalar and $\epsilon$ is the limiting threshold placed by the verifier when matching against the originally published CRPs.

#### 3.4 General security measure of optical PUF authentication

The security of the protocol described is based on the no-cloning theorem, or in this work, the unclonability of the unknown quantum state by an eavesdropper [18,19]. For each round of the optical PUF quantum authentication protocol described: A standard challenge-estimation attack, where an adversary who attempts to determine the challenge applied using measurement techniques, will only have a maximum probability of $\tfrac {2}{(1+d)}$ to cause a ‘true’ response from the PUF. The overall probability of a false positive decreases exponentially with the number of verification challenges that Alice sends to Bob. Since the protocol can be generalized to be $q$ qubits (photons), the state-space becomes $\vert {\psi ^{challenge}}\rangle ^{\otimes q}$, where the attacker’s per-qubit success probability is upper-bounded by $\frac {q+1}{q+d}$ [20].

## 4. Authentication of classical and quantum information with fully-optical PUF

Traditionally, PUFs are only used for device authentication and not for message authentication. Our device is fully optical and can accept quantum states ‘at-once’ unlike the original readout protocol [17]. The modified protocol described also has the additional benefit of being reconfigurable, or the ability to act as many PUFs within a single device due to the tunability of the MZI’s relative phases. The major difference is in the density matrix and projected measurements showing the additional $\omega _p$ parameter. The value for $\omega _p$ changes with each distinct challenge possible within the device such that the solution space increases not only by $\vert {\psi ^{challenge}}\rangle ^{\otimes q}$ but, by an additional factor of:

where the value for $CRP_{max}$ can be determined by a maximal upper bound by following the Catalan numbers shown in previous work [11].Following the modified quantum readout, a simple extension can be made where authentication of classical data, and quantum messages can be completed. In the classical case, Bob receives the optical PUF used in this work that acts as set of several distinct devices labeled $\{1,\ldots ,CRP_{max}\}$. Bob wants to send an authenticated classical random variable $X:\Omega \to \mathbb {R}$ or message vector $\mathbf {X}=(x_1,\ldots ,x_n)^{T} \in \mathbb {R}$ to Alice. Bob’s message vector of length $n$ is decomposed into $k_i=\{1,\ldots ,n\} \mapsto \mathbf {X}$, where $\mathbf {k} = (p_j)^{N}_{j=1} |_{p_j \in \{1,\ldots ,CRP_{max}\}}$, for some PUF $p_j$ with selected CRP, $j$, and is subsequently sent to Alice. Effectively each element of a message vector, or random variable, maps to a specific PUF within the reconfigurable PUF, with a probability based on the message.

Alice and Bob perform the following:

- 1. Bob sends $k_i$ to Alice over a public and non-authenticated channel.
- 2. For $j\in \{1,\ldots ,CRP_{max}\}$ Alice and Bob both perform the modified quantum readout protocol using the PUF’s CRP number $p_j$.

During each of the CRP tests in $p_j$, Alice slowly gains confidence that Bob’s PUF is returning the responses to her issued challenges. Since there is a response to the challenges it can be assumed that the holder of Bob’s PUF agrees with the individual variable $k_i$ sent over the non-authenticated channel.

The quantum message authentication variant of the modified quantum readout protocol operates significantly differently with respect to the initial design. Consider a PUF design where $CRP_{max}=3$. Alice sends a random challenge state $\vert {\psi ^{challenge}}\rangle$ to Bob. Bob then routes the challenge to $CRP_1$ with probability amplitude $\alpha$, $CRP_2$ with probability amplitude $\beta$, and $CRP_3$ with probability amplitude $\gamma$. The probability amplitudes are sent to satisfy $\vert {\alpha }\vert ^{2} + \vert {\beta }\vert ^{2} + \vert {\gamma }\vert ^{2} = 1$ since the total probabilities cannot sum to be greater than one. Similarly, for more complex messages, a probability vector $\mathbf {P} = (p_i,\ldots ,n)$, the probabilities must adhere to $\sum _{k=1}^{n} p_k^{2} = 1$. This also assumes that ${\vert \vert \mathbf {X}}\vert \vert _n = \vert \vert {\mathbf {P}}\vert \vert _n$. Bob’s response state sent back would then be:

*has*to be holding Bob’s PUF; thus achieving an optical, reconfigurable, PUF-based authentication of a quantum state.

#### 4.1 Secrecy of modified readout for reconfigurable PUF

From a security standpoint of the quantum message authentication using an all-optical PUF with reconfigurable CRPs, the data could still be considered confidential. Assuming a challenge-estimation attack on a $q$-qubit system where $q < d$, an initial state $\psi ^{challenge}$ would be chosen uniformly at random. An attacker could know $\psi ^{response}$ but would not posses the PUF. Additionally assuming the attacker does not have access to a quantum machine, or any device that can compute arbitrary unitary transformations losslessly, only a generic measurement could be completed with a biased estimator. The adversary would then only be able to compute an estimation of a response $\hat {\mathbb {E}}_{\vert {\psi ^{response}}\rangle } = \hat {R}\hat {\mathbb {E}}_{\vert {\psi ^{challenge}}\rangle }$.

If an adversary challenged Bob’s PUF, the response would not necessarily reveal the probability amplitudes $(\alpha ,\beta ,\gamma )$ of the proper CRP because, to an adversary, this information could plausibly be from a different reconfigurable PUF or could relate to a different reconfiguration setting. In addition, an adversary that could determine the probability amplitudes sent for different CRPs would not know the original registered parameter, $\omega _p$, that contains the true suggested probability amplitudes for each of the CRPs within the reconfigurable PUF.

Thus, the modified quantum readout scheme for a reconfigurable all optical PUF verifies the authenticity of the PUF and can be used to authenticate both classical messages and quantum states.

## 5. Conclusion

In this work we described the usage of a reconfigurable all-optical PUF as a hardware authentication mechanism. The usage of the optical PUF as an authentication mechanism is carried out by a modified quantum readout protocol. The readout protocol makes the PUF able to authenticate classical and quantum information through the usage of classical light or single-photon-level manipulations. Additionally, the usage of the hardware optical PUF enables one to authenticate that the receiver of information is not adversarial in nature. This work represents the first application of an all-optical reconfigurable PUF for tasks other than object and direct-access user authentication.

## Acknowledgements

H S. Jacinto would like to thank AFRL for fellowship support. The authors would like to thank J. E. Schneeloch for helpful insight and discussions. Any opinions, findings, conclusions, or recommendations expressed in this material are those of the authors and do not necessarily reflect the views or endorsement of the Air Force Research Lab.

## Disclosures

The authors declare no conflicts of interest.

## References

**1. **M. Bellare and P. Rogaway, “Entity authentication and key distribution,” in Proceedings of the 13th Annual International Cryptology Conference on Advances in Cryptology (Springer-Verlag, Berlin, Heidelberg, 1993), CRYPTO ’93 pp. 232–249.

**2. **N. C. Harris, G. R. Steinbrecher, M. Prabhu, Y. Lahini, J. Mower, D. Bunandar, C. Chen, F. N. C. Wong, T. Baehr-Jones, M. Hochberg, S. Lloyd, and D. Englund, “Quantum transport simulations in a programmable nanophotonic processor,” Nat. Photonics **11**(7), 447–452 (2017). [CrossRef]

**3. **N. C. Harris, J. Carolan, D. Bunandar, M. Prabhu, M. Hochberg, T. Baehr-Jones, M. L. Fanto, A. M. Smith, C. C. Tison, P. M. Alsing, and D. Englund, “Linear programmable nanophotonic processors,” Optica **5**(12), 1623–1631 (2018). [CrossRef]

**4. **J. Carolan, C. Harrold, C. Sparrow, E. Martín-López, N. J. Russell, J. W. Silverstone, P. J. Shadbolt, N. Matsuda, M. Oguma, M. Itoh, G. D. Marshall, M. G. Thompson, J. C. F. Matthews, T. Hashimoto, J. L. O’Brien, and A. Laing, “Universal linear optics,” Science **349**(6249), 711–716 (2015). [CrossRef]

**5. **B. C. Grubel, B. T. Bosworth, M. R. Kossey, H. Sun, A. B. Cooper, M. A. Foster, and A. C. Foster, “Silicon photonic physical unclonable function,” Opt. Express **25**(11), 12710–12721 (2017). [CrossRef]

**6. **F. B. Tarik, A. Famili, Y. Lao, and J. D. Ryckman, “Robust optical physical unclonable function using disordered photonic integrated circuits,” Nanophotonics **9**(9), 2817–2828 (2020). [CrossRef]

**7. **S. A. Goorden, M. Horstmann, A. P. Mosk, B. Škorić, and P. W. H. Pinkse, “Quantum-secure authentication of a physical unclonable key,” Optica **1**(6), 421–424 (2014). [CrossRef]

**8. **Z. Yao, Z. Xu, T. Mauldin, G. Hefferman, and T. Wei, “A reconfigurable architecture for continuous double-sided swept-laser linearization,” J. Lightwave Technol. **38**(18), 5170–5176 (2020). [CrossRef]

**9. **R. Pappu, B. Recht, J. Taylor, and N. Gershenfeld, “Physical one-way functions,” Science **297**(5589), 2026–2030 (2002). [CrossRef]

**10. **G. Gianfelici, H. Kampermann, and D. Bruß, “Theoretical framework for physical unclonable functions, including quantum readout,” Phys. Rev. A **101**(4), 042337 (2020). [CrossRef]

**11. **A. M. Smith and H. S. Jacinto, “Reconfigurable integrated optical interferometer network-based physically unclonable function,” J. Lightwave Technol. **38**(17), 4599–4606 (2020). [CrossRef]

**12. **C. Mesaritakis, M. Akriotou, A. Kapsalis, E. Grivas, C. Chaintoutis, T. Nikas, and D. Syvridis, “Physical unclonable function based on a multi-mode optical waveguide,” Sci. Rep. **8**(1), 9653 (2018). [CrossRef]

**13. **B. Gassend, D. Clarke, M. van Dijk, and S. Devadas, “Controlled physical random functions,” in 18th Annual Computer Security Applications Conference, 2002. Proceedings. (2002), pp. 149–160.

**14. **J. Kim, T. Ahmed, H. Nili, J. Yang, D. S. Jeong, P. Beckett, S. Sriram, D. C. Ranasinghe, and O. Kavehei, “A physical unclonable function with redox-based nanoionic resistive memory,” IEEE Transactions on Inf. Forensics Secur. **13**(2), 437–448 (2018). [CrossRef]

**15. **Y. Pang, H. Wu, B. Gao, N. Deng, D. Wu, R. Liu, S. Yu, A. Chen, and H. Qian, “Optimization of rram-based physical unclonable function with a novel differential read-out method,” IEEE Electron Device Lett. **38**(2), 168–171 (2017). [CrossRef]

**16. **W. Ahmed and A. Afzal, “Rapid thermal annealing of in situ p-doped polycrystalline silicon thin-films,” J. Mater. Sci. **34**(20), 4955–4958 (1999). [CrossRef]

**17. **B. Škorić, “Quantum readout of physical unclonable functions,” Int. J. Quantum Inf. **10**(01), 1250001 (2012). [CrossRef]

**18. **D. Dieks, “Communication by epr devices,” Phys. Lett. A **92**(6), 271–272 (1982). [CrossRef]

**19. **D. Bruß and C. Macchiavello, “Optimal state estimation for d-dimensional quantum systems,” Phys. Lett. A **253**(5-6), 249–251 (1999). [CrossRef]

**20. **B. Škorić, “Security analysis of quantum-readout pufs in the case of challenge-estimation attacks,” Quantum Information and Computation **16**, 50–60 (2016). [CrossRef]